67 lines
1.6 KiB
Markdown
67 lines
1.6 KiB
Markdown
# Blocky
|
|
|
|
Blocky is a simple HTTP server that block IPs that Graylog detects as malicious.
|
|
|
|
## Warning
|
|
|
|
Blocky is a WIP and is not currenly configurable without changes in the code.
|
|
It works on my Graylog setup, but may not work on yours.
|
|
Don't run it on your servers without understanding what it does, as it may create unwanted UFW rules that could result in an outage.
|
|
If you still want to try, don't forget the `--dryrun` flag.
|
|
|
|
Todo: configuration file with log/request format.
|
|
|
|
## Requirements
|
|
|
|
- UFW
|
|
- Graylog with an HTTP custom notification configured like this:
|
|
```
|
|
Title: Blocky
|
|
Notification Type: http-notification-v2
|
|
Method: POST
|
|
Content Type: FORM_DATA
|
|
Body Template: message=${event.message},priority=${event.priority}
|
|
```
|
|
|
|
## Usage
|
|
|
|
```bash
|
|
Usage of blocky:
|
|
-clean
|
|
Cleanup the banlist
|
|
-dryrun
|
|
Dry run mode
|
|
-port string
|
|
Port to listen on (default "8080")
|
|
-sev1 int
|
|
Severity 1 ban time in seconds (default 60)
|
|
-sev2 int
|
|
Severity 2 ban time in seconds (default 300)
|
|
-sev3 int
|
|
Severity 3 ban time in seconds (default 3600)
|
|
```
|
|
|
|
## Installation
|
|
|
|
```bash
|
|
wget https://git.rznet.fr/tchivert/blocky/releases/download/latest/blocky -O /usr/local/bin/blocky
|
|
wget https://git.rznet.fr/tchivert/blocky/raw/branch/main/systemd/blocky.service -O /etc/systemd/system/blocky.service
|
|
systemctl enable --now blocky
|
|
```
|
|
|
|
## Cleanup cron
|
|
|
|
```
|
|
*/5 * * * * /usr/local/bin/blocky --clean >> /var/log/cron/blocky.log 2>&1
|
|
```
|
|
|
|
## Build
|
|
|
|
```bash
|
|
go build -o blocky
|
|
```
|
|
|
|
## License
|
|
|
|
This project is licensed under the MIT License. See the [LICENSE](https://git.rznet.fr/tchivert/blocky/src/branch/main/LICENSE) file for more information.
|