Lightweight replacement to both epylog and fail2ban.
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
Y 8aaa04389f ipset support; fixes #1 1 år sedan
doc ipset support; fixes #1 1 år sedan
extra ipset support; fixes #1 1 år sedan
pyruse ipset support; fixes #1 1 år sedan
tests ipset support; fixes #1 1 år sedan
.gitignore optionally store names taken from the configuration file to ease debugging 1 år sedan
Changelog.md ipset support; fixes #1 1 år sedan
LICENSE init 2 år sedan
README.md ipset support; fixes #1 1 år sedan
TODO.md daily report: see all, none, first, last, or first+last times 1 år sedan

README.md

Python peruser of systemd-journal

Summary

This program is intended to be used as a lightweight replacement for both epylog and fail2ban. Its purpose is to peruse the system log entries, warn of important situations, report daily on the latest events, and act on specific patterns (IP address bans…).

The benefits of Pyruse over products of the same kind are:

  • Optimization brought by systemd
    systemd-journal entries play an important role in Pyruse: instead of matching log entries against message patterns only, the whole range of systemd’s journal fields is available. This allows for the much faster integer comparisons (PRIORITY, _UID…), or even faster comparisons with short strings like the SYSLOG_IDENTIFIER, _SYSTEMD_UNIT, or _HOSTNAME, with the opportunity to test more often for equality, and less for regular expressions.

  • Optimization brought by context
    Programs that peruse the system logs usually apply a set of rules on each log entry, rule after rule, regardless of what can be deduced by the already-applied rules.
    In contrast, each fact learnt by applying a rule in Pyruse can be taken into account so that rules that do not apply are not even considered.
    For example, after matching the SYSLOG_IDENTIFIER of a journal entry to the value sshd, only SSH-related rules are applied, not Nginx-related rules, nor Prosody-related rules.

  • Modularity
    Each filter (ie. a matching step) or action (eg. a ban, an email, etc.) is a Python module with a very simple API. As soon as a new need arises, a module can be written for it.
    For example, to my knowledge, there is no equivalent in any tool of the same scale, for the DNAT-correcting actions now included with Pyruse.

Get Pyruse

Pyruse is packaged for Archlinux. For other distributions, please read the manual installation instructions.

Whenever your upgrade Pyruse, make sure to check the Changelog.

Configuration

The /etc/pyruse directory is where system-specific files are looked-for:

Instead of using /etc/pyruse, an alternate directory may be specified with the PYRUSE_EXTRA environment variable.

Documentation

For more in-depth documentation, please refer to these pages: