go
/
dentata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
A replacement for fail2ban that doesn't fuck around.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
103 KiB
 
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Zed A. Shaw cc3944eff2
Initial commit to get started. 		12 hours ago
.gitignore Initial commit to get started. 12 hours ago
README.md Initial commit to get started. 12 hours ago
go.mod Initial commit to get started. 12 hours ago

README.md

Dentata

This is a project to replace fail2ban with a modern, simpler alternative. It's written in Go, and will have the following design philosophy:

  1. Easy to manage from the command line. No more, "Uhh what jail is that IP in?"
  2. Sane configuration that can be managed or generated by external tools. No more weird .ini file with strange dual configurations where you have no idea where anything is. The philosophy will be similar to Caddy.
  3. Ruthless blocking. None of this, "But what if it's a legit uuuussserrr?!" Legit users don't poke around on random ports and send hack attempts. Fuck them. Blocked.
  4. Uses simpler tactics to catch scanners and hack attempts instead of (or in addition to) log parsing. For example, opening trap TCP/IP ports and then blocking anyone that touches them.
  5. Potentially detecting basic intrusions like a process becoming root and notifying you, or, like, telling you whenever there's a login on the server.
  6. Actually using a database you can access and analyze for reports and management. At first just a simple SQLite3 database where the data is stored, but then later whatever you want.
  7. A focus on individuals who run their own servers and just want a simple way to block most of the bad actors.

Non-Features

What Dentata will not be:

  1. A full blown intrusion detection system. At most it'll notify you whenever there's a login, but after that, if someone gets on your server you're fucked. Nothing will save you but your backups and shutting it down right away.
  2. Some trillion dollar corporation's servant. It will be aimed at the little operations and individuals, and not try to appease giant corporations who probably will only exploit it. You want Prometheus talking to an Elastic Search? Go write it yourself or go fuck yourself.
  3. Open source. Open source is dead people. It'll be free to use by everyone except businesses that make over $10 million. Even in that case, the tone of the project will probably turn them off and, honestly, who gives a fuck. They're leeches anyway.

Wanna Participate?

I may change my mind on all this if there's some interested beginners and junior developers who'd like to help. It could be a good project to learn about quite a few topics in devops and system security, and there's a need for projects aimed at beginners to learn how to work on software with other people. I'll let you know if the above changes and I'm looking for folks to contribute.