IP Blocking Monitor - realtime log monitor and IP blocking tool Copyright (C) 1994-2006 Jason Nicholls See the LICENSE file for a complete copy of the copyright license This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -------------------------------------------------------------------------- CONTENTS - contact details - documentation - contents - installation CONTACT DETAILS The project URL: http://jason.mindsocket.com.au/pages/linux/ipb-monitor/ The author can be contacted at: Jason Nicholls: jason(a)mindsocket.com.au DOCUMENTATION Supporting documentation is available on the project page (URL in the contact details section). CONTENTS ipb-monitor.pl main program, to be run as a daemon by root. ipb-sync.pl used as a command line interface to add/remove IPs from the ban list. Also used by ipb-monitor to synchronise the ban list between hosts. rh.init.ipb-monitor RedHat style init script. Copy to /etc/init.d/ and use chkconfig to enable/disable. debian.init.ipb-monitor Debian style init script. Copy to /etc/init.d/ipb-monitor and run "update-rc.d ipb-monitor defaults" to install. feed-logs.pl testing utility. Given an input (existing log) and output (new file to write) it will write entries at a defined rate. Configure ipb-monitor to monitor the output for testing purposes. sample-logs/*.sample directory containing sample logs for testing. logs/ empty directory where ipb-monitor stores it's log (if using init.ipb-monitor) and the sync.log INSTALLATION TIP: print this out and follow By default the scripts are configured to work out-of-the-box using a default install location (basedir) of "/root/ipb-monitor" and monitoring the sample log files provided in the "sample-logs/" directory. Debian install, SSH monitoring only: 1. untar distro and move to /root/ipb-monitor 2. configure ipb-monitor to run from init (on boot) $ cd /etc/init.d $ ln -s /root/ipb-monitor/debian.init.ipb-monitor ipb-monitor $ update-rc.d ipb-monitor defaults 3. edit /root/ipb-monitor/ipb-monitor.pl - remove the "apache" config block (lines 120-149) - uncomment the debian "ssh" config (lines 111-113) - remove the RedHat "ssh" config (lines 104-108) 4. (optional) turn off debug (set $debug = 0 on line 72) 5. start monitor $ /etc/init.d/ipb-monitor start RedHat install, SSH monitoring only: 1. untar distro and move to /root/ipb-monitor 2. configure ipb-monitor to run from init (on boot) $ cd /etc/init.d $ ln -s /root/ipb-monitor/redhat.init.ipb-monitor ipb-monitor $ chkconfig --add ipb-monitor 3. edit /root/ipb-monitor/ipb-monitor.pl - uncomment the real RedHat ssh log filename (line 105), and remove the other entry below it. 4. (optional) turn off debug (set $debug = 0 on line 72) 5. start monitor $ /etc/init.d/ipb-monitor start Additional notes: - configure white listed hosts by adding IPs to the $valid_IPs array. - update the "sync" config to list multiple hosts for multiple host sync. i.e. uncomment line 96 and add hosts to array. - use the out-of-the-box config and sample files if you intend to add additional monitors or use the apache monitor. -------------------------------------------------------------------------- CVS [$Id: README,v 1.8 2006-02-06 07:57:15 cvs Exp $]