deb/fail2ban-p2p
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import r143 from https://svn.physik.uni-augsburg.de/svn/fail2ban-p2p/trunk

Browse Source
This commit is contained in:
Manuel 'soma' Munz
2013-09-25 14:57:21 +02:00
commit 7d611c05fd
90 changed files with 5172 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
doc/BUGS Normal file
View File

@@ -0,0 +1 @@
Please report bugs at https://svn.physik.uni-augsburg.de/projects/fail2ban-p2p/

36
doc/CONFIG Normal file
View File

@@ -0,0 +1,36 @@
= fail2ban-p2p.conf =
Default location is /etc/fail2ban-p2p/fail2ban-p2p.conf.
This file holds the information for your node. Following things must be configured:
== Node ==
{{{
[Node]
name=mynodename
addresses=127.0.0.1,10.0.0.1
port=1337
ownermail=foo@bar.de
bantime=7200
threshold=80
}}}
* name: Name of your Node, this is only used fpr informational purposes. In the
mesh the node is identified by its uid (hash of public key)
* addresses: A comma seperated list of listen addresses
* port: Listening port
* ownermail: Your email address (not used for now)
* bantime: how long in seconds fail2ban-p2p keeps banned hosts in its internal database
* threshold: Minimum trustlevel a ban for a host needs to take action (block it)
== Logging ==
{{{
[Logging]
logfile=/var/log/fail2ban-p2p.log
loglevel=INFO
}}}
* logfile: The file where fail2ban-p2p logs to
* loglevel: How verbose log output is, can be:
DEBUG, INFO, WARN, ERROR, BAN

117
doc/INSTALL Normal file
View File

@@ -0,0 +1,117 @@
If packages for your distribution are available use them. If not use the
manual installation described below.
== Depencies ==
* python
* python-m2crypt
* python-argparse
== Installation on Debian based systems ==
* Download the latest deb package
* install depencies: apt-get install python-m2crypt python-argparse
* install fail2ban-p2p: dpkg -i fail2ban-p2p-<version>.deb
== Manual instalation ==
Download the latest tarball and extract it. After changing into the
fail2ban-p2p directory execute "python setup.py install", this will
install fail2ban-p2p.py and fail2ban-p2p-client.py to /usr/local/bin.
Modules will be installed to /usr/share/fail2ban-p2p/fail2ban-p2p.
== Configuration ==
The default configuration directory is /etc/fail2ban-p2p. You can specify
another directory with the -c command line option. See the CONFIG file in
this directory for a explanation of all config options.
== Setup ==
In order to use fail2ban-p2p you need to create a keypair for your node,
exchange public keys with at least one friend and setup fail2ban to work
with fail2ban-p2p.
1.) Creating a keypair for your node and exchange it with friend(s)
If no keypair is found in the configuration directory it will be created
at the first start of fail2ban-p2p.py or when using the -K command line
option. This needs to be done by a user who has write permissions in
the configuration directory.
Two files are created: private.pem and public.pem. private.pem is your
private key, keep this secret. public.pem needs to be shared with at least
one friend. But before you share it add something like this in public.pem
before the key:
address = 1.2.3.4
port = 1337
trustlevel = 80
This is the information how your node is reachable.
address Use your IP address or dns name here.
To listen on all addresses use 0.0.0.0
port The port your node listens ons (see fail2ban-p2p.conf)
trustlevel This is something your friend is allowed to edit
to give you more or less trust. Its a percentage, so use
something between 0 and 100.
Now send the edited public.pem to your friend(s). For every friend that you
want to add get his private.pem and place it in <config dir>/friends. Rename
the file to the name you want to use for this friend.
2.) Integration with fail2ban
To properly work and be able to exchange information with the fail2ban-daemon
you need to integrate fail2ban and fail2ban-p2p. Information about attackers
needs to be exchanged in two directions:
2.1.) From fail2ban-p2p to fail2ban
Fail2ban gets its information about attackers by watching the fail2ban-p2p
logfile. To setup fail2ban to watch the fail2ban-p2p log file do the following:
* Make fail2ban-p2p log into /var/log/fail2ban-p2p.log (this is the default)
* Add a jail for fail2ban-p2p like this in /etc/fail2ban/jails.conf:
[ssh-p2p]
enabled = true
port = ssh
filter = sshd-p2p
logpath = /var/log/fail2ban-p2p.log
bantime = 120
findtime = 120
maxretry = 1
See the fail2ban manual for explanation of these options. You probably
want to increase the bantime. It is important to leave maxretry at 1 (block
a host after 1 entry for it was found in /var/log/fail2ban-p2p.log).
* Add a filter sshd-p2p.conf in /etc/fail2ban/filter.d/sshd-p2p.conf
[Definition]
failregex = ^(.*)BAN(\t)<HOST>*$
2.2.) From fail2ban to fail2ban-p2p
* Setup an action to execute "fail2ban-p2p-client.py -b <ip>" to sent
the attacker IP from fail2ban to fail2ban-p2p.
For an example see doc/fail2ban/action.d/fail2ban-p2p.conf.
You might want to correct the path to client.py and also specify a
configuration directory for fail2ban-p2p with the -c option if you do
use a custom config directory.
* add this action to a jail, e.g. for the predefined ssh jail in jail.conf:
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
action = iptables[name=SSH, port=ssh, protocol=tcp]
fail2ban-p2p[name=SSH]
maxretry = 2
This will ban the offending ip with the iptables action and also send
a notice to fail2ban-p2p that fail2ban has blocked an ip.

21
doc/fail2ban/action.d/fail2ban-p2p.conf Normal file
View File

@@ -0,0 +1,21 @@
# Fail2Ban configuration file
#
# Author: Manuel Munz (manu at somakoma dot de)
#
[Definition]
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
actionban = python /usr/bin/fail2ban-p2p-client.py -b <ip>
[Init]
# Defaut name of the chain
#
name = default

66
doc/messagetypes.txt Normal file
View File

@@ -0,0 +1,66 @@
= Message Types for fail2ban-p2p =
General: messages are sent as JSON
== Type 1: Attack message ==
Message that is send to notify friends about the IPs of attackers.
{
"msg": {
"hops": [
"hop1",
"hop2"
],
"msgType": 1,
"parameter": {
"AttackerIP": "1.2.3.4",
"Timestamp": "1363279754",
"Trustlevel": "80"
},
},
"protocolVersion": 2
"signature": "foo"
}
The parameters AttackerIP and Timestamp are MANDATORY!
== Type 2: Dumprequest / Direct output ==
Message send to neighbors to request a dump of all known attackmessages
for a given Timeframe. Will return a json encoded list of all banned ips.
{
"msg": {
"hops": [
"local"
],
"msgType": 2,
"parameter": {
"TimeFrame": "3600"
},
},
"protocolVersion": 2
"signature": "foo"
}
TimeFrame is mandatory.
== Type 3: Dumprequest / Send normal ban messages to sender of this message ==
Message send to friend to trigger sending ban messages for all ips in
banlist for a given Timeframe. This can be used to pull banlists when a node
is started up.
{
"msg": {
"hops": [
"local"
],
"msgType": 3,
"parameter": {
"TimeFrame": "3600"
},
},
"protocolVersion": 2
"signature": "foo"
}
TimeFrame is mandatory.

153
doc/system/Makefile Normal file
View File

@@ -0,0 +1,153 @@
# Makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
PAPER =
BUILDDIR = _build
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " dirhtml to make HTML files named index.html in directories"
@echo " singlehtml to make a single large HTML file"
@echo " pickle to make pickle files"
@echo " json to make JSON files"
@echo " htmlhelp to make HTML files and a HTML help project"
@echo " qthelp to make HTML files and a qthelp project"
@echo " devhelp to make HTML files and a Devhelp project"
@echo " epub to make an epub"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " latexpdf to make LaTeX files and run them through pdflatex"
@echo " text to make text files"
@echo " man to make manual pages"
@echo " texinfo to make Texinfo files"
@echo " info to make Texinfo files and run them through makeinfo"
@echo " gettext to make PO message catalogs"
@echo " changes to make an overview of all changed/added/deprecated items"
@echo " linkcheck to check all external links for integrity"
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
clean:
-rm -rf $(BUILDDIR)/*
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
dirhtml:
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
singlehtml:
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
pickle:
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
json:
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
htmlhelp:
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
qthelp:
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/fail2ban-p2p.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/fail2ban-p2p.qhc"
devhelp:
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@echo "To view the help file:"
@echo "# mkdir -p $$HOME/.local/share/devhelp/fail2ban-p2p"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/fail2ban-p2p"
@echo "# devhelp"
epub:
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
latexpdf:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
man:
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
texinfo:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
info:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
gettext:
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
changes:
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
linkcheck:
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
doctest:
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."

74
doc/system/code.rst Normal file
View File

@@ -0,0 +1,74 @@
Code Documentation
==================
command
-------
.. automodule:: command
:members:
config
-------
.. automodule:: config
:members:
crypto
------
.. automodule:: crypto
:members:
friend
------
.. automodule:: friend
:members:
log
---
.. automodule:: log
:members:
node
----
.. automodule:: node
:members:
odict
-----
.. automodule:: odict
:members:
parser
------
.. automodule:: parser
:members:
server
------
.. automodule:: server
:members:
util
----
.. automodule:: util
:members:
validators
----------
.. automodule:: validators
:members:
version
-------
.. automodule:: version
:members:

244
doc/system/conf.py Normal file
View File

@@ -0,0 +1,244 @@
# -*- coding: utf-8 -*-
#
# fail2ban-p2p documentation build configuration file, created by
# sphinx-quickstart2 on Thu Apr 18 16:48:25 2013.
#
# This file is execfile()d with the current directory set to its containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
import sys, os
sys.path.insert(0, os.path.abspath('../../fail2ban-p2p'))
from version import version
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#sys.path.insert(0, os.path.abspath('.'))
# -- General configuration -----------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
#needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = ['sphinx.ext.doctest','sphinx.ext.autodoc']
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
# The encoding of source files.
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = u'fail2ban-p2p'
copyright = u'2013, Manuel Munz, Johannes Fürmann'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = version
# The full version, including alpha/beta/rc tags.
release = version
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
#today = ''
# Else, today_fmt is used as the format for a strftime call.
#today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['_build']
# The reST default role (used for this markup: `text`) to use for all documents.
#default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
#add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
#add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
#show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
#modindex_common_prefix = []
# -- Options for HTML output ---------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'default'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
#html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
#html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
#html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
#html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
#html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
#html_last_updated_fmt = '%b %d, %Y'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
#html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
#html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
#html_additional_pages = {}
# If false, no module index is generated.
#html_domain_indices = True
# If false, no index is generated.
#html_use_index = True
# If true, the index is split into individual pages for each letter.
#html_split_index = False
# If true, links to the reST sources are added to the pages.
#html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
#html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
#html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
#html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
#html_file_suffix = None
# Output file base name for HTML help builder.
htmlhelp_basename = 'fail2ban-p2pdoc'
# -- Options for LaTeX output --------------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
#'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
#'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
#'preamble': '',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title, author, documentclass [howto/manual]).
latex_documents = [
('index', 'fail2ban-p2p.tex', u'fail2ban-p2p Documentation',
u'Manuel Munz, Johannes Fürmann', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
#latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#latex_use_parts = False
# If true, show page references after internal links.
#latex_show_pagerefs = False
# If true, show URL addresses after external links.
#latex_show_urls = False
# Documents to append as an appendix to all manuals.
#latex_appendices = []
# If false, no module index is generated.
#latex_domain_indices = True
# -- Options for manual page output --------------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
('index', 'fail2ban-p2p', u'fail2ban-p2p Documentation',
[u'Manuel Munz, Johannes Fürmann'], 1)
]
# If true, show URL addresses after external links.
#man_show_urls = False
# -- Options for Texinfo output ------------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
('index', 'fail2ban-p2p', u'fail2ban-p2p Documentation',
u'Manuel Munz, Johannes Fürmann', 'fail2ban-p2p', 'One line description of project.',
'Miscellaneous'),
]
# Documents to append as an appendix to all manuals.
#texinfo_appendices = []
# If false, no module index is generated.
#texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#texinfo_show_urls = 'footnote'

187
doc/system/configuration.rst Normal file
View File

@@ -0,0 +1,187 @@
.. _configuration:
Configuration
*************
In order to use fail2ban-p2p you need to create a keypair for your node,
exchange public keys with at least one friend and setup fail2ban to work
with fail2ban-p2p.
The default configuration directory is /etc/fail2ban-p2p. You can specify
another directory with the -c command line option. See the CONFIG file in
this directory for a explanation of all config options.
The main configuration file is **fail2ban-p2p.conf**.
The private and public keys are found in this directory, too.
For every friend there is a file in **/etc/fail2ban-p2p/friends/**
with the friends name as filename
(in case you know `tinc <http://www.tinc-vpn.org>`_
you might find this kind of configuration files very familiar).
Configure your node in fail2ban-p2p.conf
========================================
The default location for the main configuration file is
/etc/fail2ban-p2p/fail2ban-p2p.conf. This file contains the configuration
for your node. Following things **must** be configured:
Node - Section
--------------
.. code-block:: python
[Node]
name=mynodename
addresses=127.0.0.1,10.0.0.1
port=1337
ownermail=foo@bar.de
bantime=7200
threshold=80
+-----------+----------------------------------------------------------+
| parameter | Explanation |
+===========+==========================================================+
| name | The name of your node. This is only used for |
| | informational purposes. In the network nodes are |
| | identified by uid (hash of the nodes public key) |
+-----------+----------------------------------------------------------+
| addresses | A comma seperated list of listen addresses |
+-----------+----------------------------------------------------------+
| port | Listening port |
+-----------+----------------------------------------------------------+
| ownermail | Your email address. |
| | (not used for now, but eventually in the future) |
+-----------+----------------------------------------------------------+
| bantime | How long fail2ban-p2p keeps banned hosts in its internal |
| | database (in seconds) |
+-----------+----------------------------------------------------------+
| treshold | Minimum trustlevel a received message needs to have to |
| | launch an action |
+-----------+----------------------------------------------------------+
Logging - Section
-----------------
.. code-block:: python
[Logging]
logfile=/var/log/fail2ban-p2p.log
loglevel=INFO
+-----------+----------------------------------------------------------+
| parameter | Explanation |
+===========+==========================================================+
| logfile | The file where logs are written to |
| | (default: /var/log/fail2ban-p2p.log) |
+-----------+----------------------------------------------------------+
| loglevel | Set verbosity level for log output. The following levels |
| | are defined: DEBUG, INFO, WARN, ERROR, BAN |
+-----------+----------------------------------------------------------+
Create a keypair for your node and exchange it with friend(s)
=============================================================
If no keypair is found in the configuration directory it will be created
at the first start of fail2ban-p2p.py or when using the -K command line
option. This needs to be done by a user who has write permissions in
the configuration directory.
Two files are created: private.pem and public.pem. private.pem is your
private key, keep this secret. public.pem needs to be shared with at least
one friend. But before you share it add something like this in public.pem
before the key:
.. code-block:: python
address = 1.2.3.4
port = 1337
trustlevel = 80
This is the information how your node is reachable.
+-----------+----------------------------------------------------------+
| parameter | Explanation |
+===========+==========================================================+
| address | Use your IP address or dns name here. |
| | To listen on all addresses use 0.0.0.0 |
+-----------+----------------------------------------------------------+
| port | The port your node listens ons (see fail2ban-p2p.conf) |
+-----------+----------------------------------------------------------+
| trustlevel| This is something your friend is allowed to editi |
| | to give you more or less trust. Its a percentage, so use |
| | something between 0 and 100. |
+-----------+----------------------------------------------------------+
Now send the edited public.pem to your friend(s). For every friend that you
want to add get his private.pem and place it in ``<config dir>/friends``. Rename
the file to the name you want to use for this friend.
Integration with fail2ban
=========================
To properly work and be able to exchange information with the fail2ban-daemon
you need to integrate fail2ban and fail2ban-p2p. Information about attackers
needs to be exchanged in two directions:
From fail2ban-p2p to fail2ban
-----------------------------
Fail2ban gets its information about attackers by watching the fail2ban-p2p
logfile. To setup fail2ban to watch the fail2ban-p2p log file do the following:
1. Make fail2ban-p2p log into /var/log/fail2ban-p2p.log (this is the default)
2. Add a jail for fail2ban-p2p like this in /etc/fail2ban/jails.conf:
.. code-block:: python
[ssh-p2p]
enabled = true
port = ssh
filter = sshd-p2p
logpath = /var/log/fail2ban-p2p.log
bantime = 120
findtime = 120
maxretry = 1
See the fail2ban manual for explanation of these options. You probably
want to increase the bantime. It is important to leave maxretry at 1 (block
a host after 1 entry for it was found in /var/log/fail2ban-p2p.log).
3. Add a filter sshd-p2p.conf in /etc/fail2ban/filter.d/sshd-p2p.conf
.. code-block:: python
[Definition]
failregex = ^(.*)BAN(\t)<HOST>*$
From fail2ban to fail2ban-p2p
-----------------------------
1. Setup an action to execute "fail2ban-p2p-client.py -b <ip>" to sent
the attacker IP from fail2ban to fail2ban-p2p.
For an example see doc/fail2ban/action.d/fail2ban-p2p.conf.
You might want to correct the path to client.py and also specify a
configuration directory for fail2ban-p2p with the -c option if you
use a custom config directory.
2. Add this action to a jail, e.g. for the predefined ssh jail in
/etc/fail2ban/jail.conf:
.. code-block:: python
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
action = iptables[name=SSH, port=ssh, protocol=tcp]
fail2ban-p2p[name=SSH]
maxretry = 2
This will ban the offending ip with the iptables action and also send a message
about this attacker to the locally running fail2ban-p2p.

114
doc/system/design.rst Normal file
View File

@@ -0,0 +1,114 @@
Design
******
.. _design:
How messages are distributed
============================
.. image:: ./images/message-propagation.png
:align: left
**Legend**
* grey dotted: bidirectional connection between nodes (both can send messages to each other)
* red: Brute Force to Node A
* blue: Brute Force to Node B
**Explanation**
Every node in this Graph uses a Trustlevel of 80% (which is the default for fail2ban-p2p) and also uses a Treshold of 80%. That means: Only if we get a message with a Trustlevel which is equal or higher than the Treshold the attacker is blocked.
**First: Attacker brute forces Node A (red)**
Fail2ban on Node A detects that the attacker had to many failed logins. It now blocks the attackers IP (1.2.3.4) locally and also sends a message to the local fail2ban-p2p node. fail2ban-p2p now distributes this attacker information to its friends Node B and Node C, both accept it with a Trustlevel of 80%. Because this is equal to the Treshold value B and C now also block this attacker. Node C also sends this message to its two other friends D and E. But D and E give the message from C now only a Trustlevel of 64% (80%*80%), they don't block that attacker (yet), but would redistribute the message to their friends again and save the information about this attacker in their internal database.
**Second: Attacker now also brute forces Node B (blue)**
This time Fail2ban on Node B detects the brute force and blocks the attacker (in fact it is already blocked, but forget that for this example). It now sends this attacker information to Node A which already knows about the attacker and already blocked it. But it redistributes the message to its friend C again. Because the node which detected the attack (Node B) is 1 hop away Node C now gives this attacker information a Trustvalue of 64% and add this to the Trustvalue of 80% it already have. trust cannot be more than 100%, so node C now updates its internal database and stores 100% trustvalue for the attacker. It also retransmits the attacker info to Nodes D and E. Bot give this message a Trustvalue of 51,2% now (80%*80%*80%) which is again added to the Trustvalue of 64% it had before for that attacker IP and again it cuts it at 100%. Finally the attackers IP is now also blocked on Nodes D and E.
.. _message_types:
Message Types for fail2ban-p2p
==============================
All messages are exchanged in JSON formatted strings. The following message types are
definded:
Type 1: Attack message
----------------------
This message type is used to notify friends about the IP of an attacker.
**Mandatory parameters:** AttackerIP, Timestamp
.. code-block:: javascript
{
"msg": {
"hops": [
"hop1",
"hop2"
],
"msgType": 1,
"parameter": {
"AttackerIP": "1.2.3.4",
"Timestamp": "1363279754",
"Trustlevel": "80"
},
},
"protocolVersion": 2
"signature": "foo"
}
Type 2: Dumprequest / Direct output
-----------------------------------
Message send to neighbors to request a dump of all known attackmessages
for a given Timeframe. Will return a json encoded list of all banned ips.
**Mandatory parameters:** TimeFrame
.. code-block:: javascript
{
"msg": {
"hops": [
"local"
],
"msgType": 2,
"parameter": {
"TimeFrame": "3600"
},
},
"protocolVersion": 2
"signature": "foo"
}
Type 3: Dumprequest / Send normal ban messages to sender of this message
------------------------------------------------------------------------
Message send to friend to trigger sending ban messages for all ips in
banlist for a given Timeframe. This can be used to pull banlists when a node
is started up.
**Mandatory parameters:** TimeFrame
.. code-block:: javascript
{
"msg": {
"hops": [
"local"
],
"msgType": 3,
"parameter": {
"TimeFrame": "3600"
},
},
"protocolVersion": 2
"signature": "foo"
}

BIN
doc/system/images/message-propagation.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

29
doc/system/index.rst Normal file
View File

@@ -0,0 +1,29 @@
.. fail2ban-p2p documentation master file, created by
sphinx-quickstart2 on Thu Apr 18 16:48:25 2013.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
Welcome to fail2ban-p2p's documentation!
========================================
Contents:
.. toctree::
:maxdepth: 2
intro
installation
configuration
design
code
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`

46
doc/system/installation.rst Normal file
View File

@@ -0,0 +1,46 @@
.. _install:
Installation
************
If packages for your distribution are available use them. If not use the
manual installation described below.
Depencies
=========
fail2ban-p2p depends on the following packages:
* python
* python-m2crypt
* python-argparse
Installation from svn
=====================
To checkout the source code with svn use:
* trunk: svn co https://svn.physik.uni-augsburg.de/svn/fail2ban-p2p/trunk or
* tagged versions: https://svn.physik.uni-augsburg.de/svn/fail2ban-p2p/tags/$version
After the checkout change into the fail2ban directory and install fail2ban-p2p with
# python setup.py install
Installation from tarball
================================
Download the latest release tarball from
https://svn.physik.uni-augsburg.de/projects/fail2ban-p2p/wiki/releases
and extract it. After changing into the fail2ban-p2p directory execute
# python setup.py install
This will install fail2ban-p2p.py and fail2ban-p2p-client.py to /usr/local/bin.
Modules will be installed to /usr/share/fail2ban-p2p/fail2ban-p2p.
Installation on Debian based systems
====================================
* Download the latest deb package from https://svn.physik.uni-augsburg.de/projects/fail2ban-p2p/wiki/releases
* install depencies: apt-get install python-m2crypt python-argparse
* install fail2ban-p2p: dpkg -i fail2ban-p2p-<version>.deb

62
doc/system/intro.rst Normal file
View File

@@ -0,0 +1,62 @@
Introduction
************
About fail2ban-p2p
==================
fail2ban-p2p is a programm that can be used together with
`fail2ban <http://www.fail2ban.org>`_ to **distribute information about
attackers using a p2p/f2f network.** Like fail2ban it is written in
python. fail2ban-p2p is in an **early stage of development**, please be
prepared for bugs and if you find some, let us know (open a
`ticket <https://svn.physik.uni-augsburg.de/projects/fail2ban-p2p/newticket>`_).
Every node in a fail2ban-p2p network is connected to at least one other node
("friend"). When fail2ban detects an attacker it launches an action (e.g.
block the attackers IP with iptables). To work together with fail2ban-p2p
fail2ban is configured to launch another action once an attacker is identified:
fail2ban sends the attackers IP address to the locally running instance of
fail2ban-p2p. fail2ban-p2p then redistributes this information about the attacker
to all friends which are online. fail2ban-p2p on the friends nodes writes this
information to a logfile that is watched by fail2ban. Now Fail2ban on the friends
node itself can launch an action (e.g. block that attacker IP).
Fail2ban-p2p only handles the distribution of attacker IPs, while fail2ban is used
to detect attackers and launch actions (e.g. ban the attackers). Friends redistribute
received messages to their friends and so on, until the whole network is informed
about that attacker.
There is a configurable trustlevel value (a percentage, the default is 80%) that is
applied to forwarded messages. Trustlevel decreases the more hops the node that
initially detected the attacker is away. In other words:
**You trust your own direct "friends" more than their friends.**
To ensure fail2ban-p2p processes only messages that were received by direct friends,
all messages are signed with your private key and can be verified by the friend
who receives the message. That means when you configure a new friend you also
have to exchange public keys with him.
The following graphic may help to better understand how messages are distributed
in a fail2ban-p2p network:
.. image:: ./images/message-propagation.png
For an in-depth explanation of this graph see :ref:`design`
Installation
============
Fail2ban-p2p can be installed from source code (tarball or svn).
We also provide packages for **Debian**. See :ref:`install` for installation
instructions.
Configuration
=============
To be able to use fail2ban-p2p you need to configure your node and
exchange public keys with your friends. See :ref:`configuration` for
details how to do this.
Mailinglist
===========
For help/discussion please subscribe to the fail2ban-p2p mailing list at http://mailman.rz.uni-augsburg.de/mailman/listinfo/fail2ban-p2p

190
doc/system/make.bat Normal file
View File

@@ -0,0 +1,190 @@
@ECHO OFF
REM Command file for Sphinx documentation
if "%SPHINXBUILD%" == "" (
set SPHINXBUILD=sphinx-build2
)
set BUILDDIR=_build
set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% .
set I18NSPHINXOPTS=%SPHINXOPTS% .
if NOT "%PAPER%" == "" (
set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS%
set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS%
)
if "%1" == "" goto help
if "%1" == "help" (
:help
echo.Please use `make ^<target^>` where ^<target^> is one of
echo. html to make standalone HTML files
echo. dirhtml to make HTML files named index.html in directories
echo. singlehtml to make a single large HTML file
echo. pickle to make pickle files
echo. json to make JSON files
echo. htmlhelp to make HTML files and a HTML help project
echo. qthelp to make HTML files and a qthelp project
echo. devhelp to make HTML files and a Devhelp project
echo. epub to make an epub
echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter
echo. text to make text files
echo. man to make manual pages
echo. texinfo to make Texinfo files
echo. gettext to make PO message catalogs
echo. changes to make an overview over all changed/added/deprecated items
echo. linkcheck to check all external links for integrity
echo. doctest to run all doctests embedded in the documentation if enabled
goto end
)
if "%1" == "clean" (
for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i
del /q /s %BUILDDIR%\*
goto end
)
if "%1" == "html" (
%SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The HTML pages are in %BUILDDIR%/html.
goto end
)
if "%1" == "dirhtml" (
%SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml.
goto end
)
if "%1" == "singlehtml" (
%SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml.
goto end
)
if "%1" == "pickle" (
%SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can process the pickle files.
goto end
)
if "%1" == "json" (
%SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can process the JSON files.
goto end
)
if "%1" == "htmlhelp" (
%SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can run HTML Help Workshop with the ^
.hhp project file in %BUILDDIR%/htmlhelp.
goto end
)
if "%1" == "qthelp" (
%SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can run "qcollectiongenerator" with the ^
.qhcp project file in %BUILDDIR%/qthelp, like this:
echo.^> qcollectiongenerator %BUILDDIR%\qthelp\fail2ban-p2p.qhcp
echo.To view the help file:
echo.^> assistant -collectionFile %BUILDDIR%\qthelp\fail2ban-p2p.ghc
goto end
)
if "%1" == "devhelp" (
%SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp
if errorlevel 1 exit /b 1
echo.
echo.Build finished.
goto end
)
if "%1" == "epub" (
%SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The epub file is in %BUILDDIR%/epub.
goto end
)
if "%1" == "latex" (
%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
if errorlevel 1 exit /b 1
echo.
echo.Build finished; the LaTeX files are in %BUILDDIR%/latex.
goto end
)
if "%1" == "text" (
%SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The text files are in %BUILDDIR%/text.
goto end
)
if "%1" == "man" (
%SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The manual pages are in %BUILDDIR%/man.
goto end
)
if "%1" == "texinfo" (
%SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo.
goto end
)
if "%1" == "gettext" (
%SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The message catalogs are in %BUILDDIR%/locale.
goto end
)
if "%1" == "changes" (
%SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes
if errorlevel 1 exit /b 1
echo.
echo.The overview file is in %BUILDDIR%/changes.
goto end
)
if "%1" == "linkcheck" (
%SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck
if errorlevel 1 exit /b 1
echo.
echo.Link check complete; look for any errors in the above output ^
or in %BUILDDIR%/linkcheck/output.txt.
goto end
)
if "%1" == "doctest" (
%SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest
if errorlevel 1 exit /b 1
echo.
echo.Testing of doctests in the sources finished, look at the ^
results in %BUILDDIR%/doctest/output.txt.
goto end
)
:end