ess / citadel Goto Github PK

Currently, citadel treats email as its only logging mechanism. It would be cool if it were to log to a system log file as well so that an accounting/statistics system could be put in place.

Hey guys,

So I've been using citadel on my server for some tests and all was working perfectly fine using apache and X-Forwarded-For , the script was getting all the right ips this way .

However, once I moved to nginx with a reverse proxy setup, it s only showing the reverse proxy ip although the X forwarded is enabled in Nginx conf and I can see the ips in my nginx logs.

Any way around this ?

Thanks

i found that in the log

[ Sun Nov 29 21:06:02 2015 ] INFO: START_RUN; Ban_Period: [9999999] Allowed_Cons: [100]
[ Sun Nov 29 21:06:02 2015 ] INFO: END_RUN; Shutting down.
[ Sun Nov 29 21:12:08 2015 ] INFO: START_RUN; Ban_Period: [9999999] Allowed_Cons: [100]
[ Sun Nov 29 21:12:08 2015 ] INFO: START_RUN; Ban_Period: [9999999] Allowed_Cons: [100]
[ Sun Nov 29 21:12:08 2015 ] INFO: START_RUN; Ban_Period: [9999999] Allowed_Cons: [100]
[ Sun Nov 29 21:12:08 2015 ] INFO: START_RUN; Ban_Period: [9999999] Allowed_Cons: [100]
[ Sun Nov 29 21:12:08 2015 ] INFO: START_RUN; Ban_Period: [9999999] Allowed_Cons: [100]
[ Sun Nov 29 21:12:08 2015 ] CRIT: Refusing to run, non stale lock file [/var/lock/citadel.lock] present.
[ Sun Nov 29 21:12:08 2015 ] INFO: END_RUN; Shutting down.
[ Sun Nov 29 21:12:08 2015 ] INFO: END_RUN; Shutting down.
[ Sun Nov 29 21:12:08 2015 ] INFO: END_RUN; Shutting down.
[ Sun Nov 29 21:12:08 2015 ] INFO: END_RUN; Shutting down.
[ Sun Nov 29 21:12:08 2015 ] INFO: END_RUN; Shutting down.
[ Sun Nov 29 21:12:08 2015 ] INFO: END_RUN; Shutting down.
[ Sun Nov 29 21:13:01 2015 ] INFO: START_RUN; Ban_Period: [9999999] Allowed_Cons: [100]
[ Sun Nov 29 21:13:01 2015 ] INFO: END_RUN; Shutting down.

Hi,
I tried to add the IP like this in the whitelist:
allowed_ips = 127.0.0.1:0.0.0.0:173.245.48.0/20:103.21.244.0/22

And it's doesn't work:
WARN: Blocked [173.245.56.149]; [253] Connections

I absolutely need whitelist the range of IP like 173.245.48.0/20, it's very useful for proxies (Opera Mobile browser use it), cloud CDN etc.

Any way to fix this issue?

Thanks

djpretzel requests reporting features.

"I just wanted to be able to see which IPs, historically, were getting banned the most"

...

"and # bans per day, top hours of day, et cetera."

Dear sir,

I am very much interested in implementing your script .. Please let me know

How to install and setup citadel . i am using centos 6.5 . Please let me know instructions .

I hope this script is far better than deflate.medialayer .. If possible can you please recheck and revise the script once .. because you got this great idea 5 years back .. but now more advanced attacks are going on .. thats the reason why if any possibility please do revise the script once . i have a top rated website .. i will post this article .. please include setup instructions ..

@ess thank you .. hope you will respond soon

Hi, I just started using your software. So far I have found 2 bugs.

1. Email to a real email address does not work. To root does. mail command is working fine on my system, so I am not sure what is going wrong. Running latest CentOS with sendmail.
2. I have seen it a few times now that when an IP get's banned, it gets banned multiple times.

When I run iptables -L sometimes the same drop shows up 3 times. Yet in the ban file the IP only shows once.

Then when the ban expires, it only removes it 1x from the iptables rule, leaving the remaining versions of the IP banned forever (or until iptables restarts)

Hope you can fix them :)