From cc3944eff2b02250139f0f0bb502724aa29c707e Mon Sep 17 00:00:00 2001 From: "Zed A. Shaw" Date: Wed, 10 Dec 2025 01:15:46 -0500 Subject: [PATCH] Initial commit to get started. --- .gitignore | 34 ++++++++++++++++++++++++++++++++++ README.md | 40 ++++++++++++++++++++++++++++++++++++++++ go.mod | 3 +++ 3 files changed, 77 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 go.mod diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..efb550a --- /dev/null +++ b/.gitignore @@ -0,0 +1,34 @@ +# ---> Vim +# Swap +[._]*.s[a-v][a-z] +!*.svg # comment out if you don't need vector files +[._]*.sw[a-p] +[._]s[a-rt-v][a-z] +[._]ss[a-gi-z] +[._]sw[a-p] + +# Session +Session.vim +Sessionx.vim + +# Temporary +.netrwhist +*~ +# Auto-generated tag files +tags +# Persistent undo +[._]*.un~ + +backup +*.exe +*.dll +coverage +coverage/* +.venv +*.gz +public +*.mp4 +ffmpeg* +renders +vidcrunch +vidcrunch.exe diff --git a/README.md b/README.md new file mode 100644 index 0000000..3417032 --- /dev/null +++ b/README.md @@ -0,0 +1,40 @@ +# Dentata + +This is a project to replace fail2ban with a modern, simpler alternative. It's written in Go, and +will have the following design philosophy: + +1. Easy to manage from the command line. No more, "Uhh what jail is that IP in?" +2. Sane configuration that can be managed or generated by external tools. No more weird .ini file + with strange dual configurations where you have no idea where anything is. The philosophy will +be similar to Caddy. +3. Ruthless blocking. None of this, "But what if it's a legit uuuussserrr?!" Legit users don't poke + around on random ports and send hack attempts. Fuck them. Blocked. +4. Uses simpler tactics to catch scanners and hack attempts instead of (or in addition to) log + parsing. For example, opening trap TCP/IP ports and then blocking anyone that touches them. +5. Potentially detecting basic intrusions like a process becoming root and notifying you, or, like, + telling you whenever there's a login on the server. +6. Actually using a database you can access and analyze for reports and management. At first just a + simple SQLite3 database where the data is stored, but then later whatever you want. +7. A focus on individuals who run their own servers and just want a simple way to block most of the + bad actors. + +## Non-Features + +What Dentata will not be: + +1. A full blown intrusion detection system. At most it'll notify you whenever there's a login, but + after that, if someone gets on your server you're fucked. Nothing will save you but your backups +and shutting it down right away. +2. Some trillion dollar corporation's servant. It will be aimed at the little operations and + individuals, and not try to appease giant corporations who probably will only exploit it. You +want Prometheus talking to an Elastic Search? Go write it yourself or go fuck yourself. +3. Open source. Open source is dead people. It'll be free to use by everyone except businesses + that make over $10 million. Even in that case, the tone of the project will probably turn them +off and, honestly, who gives a fuck. They're leeches anyway. + +## Wanna Participate? + +I may change my mind on all this if there's some interested beginners and junior developers who'd +like to help. It could be a good project to learn about quite a few topics in devops and system +security, and there's a need for projects aimed at beginners to learn how to work on software with +other people. I'll let you know if the above changes and I'm looking for folks to contribute. diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..2c352f6 --- /dev/null +++ b/go.mod @@ -0,0 +1,3 @@ +module lcthw.dev/go/dentata + +go 1.25.3