63 lines
1.7 KiB
Markdown
63 lines
1.7 KiB
Markdown
# ufwban
|
|
|
|
A little CLI tool (wrapping **ufw**) that read Nginx access logs and block ip based on simple rules.
|
|
**THIS IS NOT** a replacement of **fail2ban**, i just do it for fun and to have a simple tool to configure quickly banning undesired IP.
|
|
|
|
This a **RUDE** IP deny. It will ban the IP on all machine ports with no ban time, so be careful !
|
|
|
|
## Requirements
|
|
* ufw
|
|
* Nginx
|
|
* Python >= 3.10
|
|
|
|
## Configuration
|
|
Create a `conf.json` next to the script. Use the [conf.json.example](./conf.json.example) for sample.
|
|
|
|
```json
|
|
{
|
|
"rules": {
|
|
"codes": [],
|
|
"contents": [],
|
|
"agents": []
|
|
},
|
|
"whitelist": []
|
|
}
|
|
```
|
|
* **codes**: List of unauthorized HTTP codes
|
|
* **contents**: string parts that are not not allowed in the request URL (ex: /x00, .json, .php, .env.local, etc...)
|
|
* **agents**: string parts that are not not allowed in user-agent (ex: bot)
|
|
* **whitelist**: List of IP to whitelist (ex: 192.168.1.1)
|
|
|
|
## Run
|
|
```bash
|
|
usage: ufwban [-h] [--dry-run] [--refresh] [--reload] [--live]
|
|
|
|
Ban ip from Nginx access logs based on simple rules.
|
|
|
|
options:
|
|
-h, --help show this help message and exit
|
|
--dry-run
|
|
--refresh Drop all the deny ip in the UFW table and return
|
|
--reload Reload the UFW firewall
|
|
--live Read inputs from stdin
|
|
```
|
|
|
|
* Batch mode:
|
|
```bash
|
|
# read all access.log*, parse Nginx log and ban ip
|
|
python ufwban.py
|
|
|
|
# you can launch a --dry-run mode to see which ip is going to be denied
|
|
python ufwban.py --dry-run
|
|
|
|
# drop all "DENY IN" ufw rules (be careful)
|
|
python ufwban.py --refresh
|
|
```
|
|
|
|
* Live mode:
|
|
```bash
|
|
# Read and parse Nginx access logs on each new entry and ban ip
|
|
tail -f /var/log/nginx/access.log | python ufwban.py
|
|
```
|
|
|
|
For each modes, a log is available to show which ip has been banned: `ufwban.log`. |