Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/bitflipp/gerberos
ipset/nftables-based banning utility
https://github.com/bitflipp/gerberos
ban-hosts ban-management banning-utility golang ipfilter ipset nft nftables regex security security-tools unix watcher
Last synced: about 1 month ago
JSON representation
ipset/nftables-based banning utility
- Host: GitHub
- URL: https://github.com/bitflipp/gerberos
- Owner: bitflipp
- License: mit
- Created: 2020-09-10T08:24:36.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2024-07-20T16:06:53.000Z (5 months ago)
- Last Synced: 2024-08-03T23:16:12.606Z (4 months ago)
- Topics: ban-hosts, ban-management, banning-utility, golang, ipfilter, ipset, nft, nftables, regex, security, security-tools, unix, watcher
- Language: Go
- Homepage:
- Size: 138 KB
- Stars: 10
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-tools - gerberos - ipset/nftables-based banning utility. (Security / Audit / Response)
README
# gerberos
gerberos scans sources for lines matching regular expressions and containing IPv4 or IPv6 addresses and performs actions on those addresses.
Possible sources are (not necessarily existant) non-directory files, systemd journals, kernel messages, and standard outputs of arbitrary processes.
Addresses can be logged or added to ipsets or nft rulesets that gerberos will manage autonomously.Minimal additional logic is applied. This is to adhere to the [Unix philosophy](https://en.wikipedia.org/wiki/Unix_philosophy), but impacts gerberos' out-of-the-box usefulness for specific use cases when compared to tools like [fail2ban](https://github.com/fail2ban/fail2ban).
## Requirements
### ipset backend
- ipset 6.34
- iptables 1.6.1### nft backend
- nftables v0.9.3 (tested on Ubuntu 20.04)
### Development only
- Go 1.18
- GNU Make 4.3 (optional)
- pgrep (system tests only, optional)## Build
`make build`
## Test
### Unit tests only
`make test`
### Unit and system tests
Requires ipset, iptables, and nftables to be installed.
`make test_system`
## Example configuration file (TOML)
See [gerberos.toml](gerberos.toml).
## Example systemd service file
See [gerberos.service](gerberos.service).