blockauth/README.md

# blockauth

`Tool that blocks IPs that make ssh connection attempts by reading the auth.log file (rsyslog).`

## Install dependencies (Ubuntu/Debian):

```
sudo apt install iptables ipset rsyslog grep sed
```

## How to install blockauth:

```
git clone https://git.q3aql.dev/q3aql/blockauth.git
cd blockauth
sudo ./install.sh
```

## How to unninstall blockauth:

```
git clone https://git.q3aql.dev/q3aql/blockauth.git
cd blockauth
sudo ./unninstall.sh
```

## How to run service:

  * First, edit the file `/etc/blockauth/blockauth.conf`:

    ```shell
    # Blockauth configuration file
    valid_users="test1 test2"
    always_ip_allowed="192.168.0.1 192.168.0.2"
    blocklist="/etc/blockauth/blocklist.list"
    filelog="/etc/blockauth/blockauth.log"
    max_ip_blocklist="5000"
    block_ports="22,80,443"
    ````

  * Add the service to the system startup and start it:
    
  ```shell
  systemctl enable blockauth
  systemctl start blockauth
  ````

  * IPs using one of the users in `valid_users` variable will never be blocked.
  * IPs of `always_ip_allowed` variable will never be blocked.
  * Variable `max_ip_blocklist` set maximum IPs on blocklist. The blocklist will be reset when the maximum is reached.

## External links:

* [iptables](https://www.netfilter.org/projects/iptables/index.html)
* [rsyslog](https://www.rsyslog.com/)
* [ipset](https://ipset.netfilter.org/)
Initial commit 2024-03-28 12:15:57 +01:00			`# blockauth`

README.md 2024-04-05 20:14:01 +02:00			`Tool that blocks IPs that make ssh connection attempts by reading the auth.log file (rsyslog).`
README.md 2024-04-05 20:09:56 +02:00
README.md 2024-04-05 20:14:01 +02:00			`## Install dependencies (Ubuntu/Debian):`
README.md 2024-04-05 20:09:56 +02:00
			```
Update README.md 2024-04-19 11:07:25 +02:00			`sudo apt install iptables ipset rsyslog grep sed`
README.md 2024-04-05 20:09:56 +02:00			```

			`## How to install blockauth:`
Initial commit 2024-03-28 12:15:57 +01:00
			```
README.md 2024-05-01 11:28:53 +02:00			`git clone https://git.q3aql.dev/q3aql/blockauth.git`
README.md 2024-03-28 12:51:08 +01:00			`cd blockauth`
			`sudo ./install.sh`
Initial commit 2024-03-28 12:15:57 +01:00			```

README.md 2024-04-05 20:09:56 +02:00			`## How to unninstall blockauth:`
Initial commit 2024-03-28 12:15:57 +01:00
README.md 2024-03-28 12:51:08 +01:00			```
README.md 2024-05-01 11:28:53 +02:00			`git clone https://git.q3aql.dev/q3aql/blockauth.git`
README.md 2024-03-28 12:51:08 +01:00			`cd blockauth`
			`sudo ./unninstall.sh`
			```
README.md 2024-04-05 20:09:56 +02:00
			`## How to run service:`

README.md 2024-04-05 20:13:06 +02:00			* First, edit the file `/etc/blockauth/blockauth.conf`:
README.md 2024-04-05 20:09:56 +02:00
			```shell
README.md 2024-04-05 20:13:06 +02:00			`# Blockauth configuration file`
			`valid_users="test1 test2"`
			`always_ip_allowed="192.168.0.1 192.168.0.2"`
			`blocklist="/etc/blockauth/blocklist.list"`
			`filelog="/etc/blockauth/blockauth.log"`
README.md 2024-04-16 23:08:04 +02:00			`max_ip_blocklist="5000"`
README.md 2024-04-16 19:13:46 +02:00			`block_ports="22,80,443"`
README.md 2024-04-05 20:09:56 +02:00			````

README.md 2024-04-05 20:13:06 +02:00			`* Add the service to the system startup and start it:`

			```shell
			`systemctl enable blockauth`
			`systemctl start blockauth`
			````

			* IPs using one of the users in `valid_users` variable will never be blocked.
			* IPs of `always_ip_allowed` variable will never be blocked.
README.md 2024-04-14 20:45:39 +02:00			* Variable `max_ip_blocklist` set maximum IPs on blocklist. The blocklist will be reset when the maximum is reached.
README.md 2024-04-05 20:09:56 +02:00
			`## External links:`

			`* [iptables](https://www.netfilter.org/projects/iptables/index.html)`
			`* [rsyslog](https://www.rsyslog.com/)`
Update README.md 2024-04-19 11:07:25 +02:00			`* [ipset](https://ipset.netfilter.org/)`