Skip to content

Visualising networked attacks using fail2ban, GeoIP and Mapnik. Demo at:

Notifications You must be signed in to change notification settings

Tie-fighter/banditvis

Repository files navigation

README for Banditvis
====================
Thomas Steinbrenner <[email protected]>
v0.3, August 2012
This software is licensed under the GNU Lesser General Public License.

== General

Hi!

Banditvis is an open source project to visualise the origin of networked attacks.
In detail it uses fail2ban to detect, GeoIP to locate and Mapnik to visualise.

== Requirements

* fail2ban (Debian: fail2ban, http://www.fail2ban.org/ )

* Python >= 2.6.6 (Debian: python, http://www.python.org/ )
* Python GeoIP >= 1.2.4 (Debian: python-geoip, http://www.maxmind.com/app/python/)
* Python Mapnik >= 0.7.1 (Debian: python-mapnik, http://mapnik.org/)
* Python Psycopg2 >= 2.2.1 (Debian: python-psycopg2, http://initd.org/psycopg/)
* Python Imaging Library >= 1.1.7 (Debian: python-imaging, http://www.pythonware.com/products/pil/)

* PostgreSQL >= 8.4.7 (Debian: postgresql, http://www.postgresql.org/)
* PostGIS >= 1.5.1 (Debian: postgresql-8.4-postgis, http://postgis.refractions.net/ )

== Installation

see INSTALL file
If you are having trouble, please don't hesitate to contact me!

== Configuration

* Customise config.ini

== Usage

* add_bandit.py ip_address [offence]: add an attack to the database.
* draw_pointmap.py: draw the visualisation.
* update_geoip.py: Try to download a new GeoIP database.
* write_to_kml.py: Write the current Databays to a .kml file.

== Disclaimer

This software is licensed under the GNU Lesser General Public License.
This project follows no commercial interests whatsoever and is purely done in the author's spare time.
The author cannot be held responsible for harm or damage done by using this software.
Also like the authors of third party tools used in this project, the author cannot guarantee the accuracy of produced outputs. (So please don't invade countries because of wrong border data e.g. ;) )

== Third-party tools
=== Redistributed

* (data/shapes/*) World Borders Shape file from http://thematicmapping.org/downloads/world_borders.php
* (fonts/LinLibertine_Bd-4.1.5) Linux Libertine Font from http://sourceforge.net/projects/linuxlibertine/

=== Used

* (data/GeoIP/*) Maxmind: This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/
* OpenLayers: http://openlayers.org/

About

Visualising networked attacks using fail2ban, GeoIP and Mapnik. Demo at:

Resources

Stars

Watchers

Forks

Packages

No packages published