go
/
dentata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
A replacement for fail2ban that doesn't fuck around.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
188 KiB
 
 
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
dentata/README.md

40 lines
2.4 KiB
Raw Permalink Blame History

# Dentata
This is a project to replace fail2ban with a modern, simpler alternative. It's written in Go, and
will have the following design philosophy:
1. Easy to manage from the command line. No more, "Uhh what jail is that IP in?"
2. Sane configuration that can be managed or generated by external tools. No more weird .ini file
with strange dual configurations where you have no idea where anything is. The philosophy will
be similar to Caddy.
3. Ruthless blocking. None of this, "But what if it's a legit uuuussserrr?!" Legit users don't poke
around on random ports and send hack attempts. Fuck them. Blocked.
4. Uses simpler tactics to catch scanners and hack attempts instead of (or in addition to) log
parsing. For example, opening trap TCP/IP ports and then blocking anyone that touches them.
5. Potentially detecting basic intrusions like a process becoming root and notifying you, or, like,
telling you whenever there's a login on the server.
6. Actually using a database you can access and analyze for reports and management. At first just a
simple SQLite3 database where the data is stored, but then later whatever you want.
7. A focus on individuals who run their own servers and just want a simple way to block most of the
bad actors.
## Non-Features
What Dentata will not be:
1. A full blown intrusion detection system. At most it'll notify you whenever there's a login, but
after that, if someone gets on your server you're fucked. Nothing will save you but your backups
and shutting it down right away.
2. Some trillion dollar corporation's servant. It will be aimed at the little operations and
individuals, and not try to appease giant corporations who probably will only exploit it. You
want Prometheus talking to an Elastic Search? Go write it yourself or go fuck yourself.
3. Open source. Open source is dead people. It'll be free to use by everyone except businesses
that make over $10 million. Even in that case, the tone of the project will probably turn them
off and, honestly, who gives a fuck. They're leeches anyway.
## Wanna Participate?
I may change my mind on all this if there's some interested beginners and junior developers who'd
like to help. It could be a good project to learn about quite a few topics in devops and system
security, and there's a need for projects aimed at beginners to learn how to work on software with
other people. I'll let you know if the above changes and I'm looking for folks to contribute.