2011-10-07 19:47:50 +00:00
# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
# vi: set ft=python sts=4 ts=4 sw=4 noet :
2006-11-12 21:58:47 +00:00
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Fail2Ban is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
2011-11-21 12:20:20 +00:00
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
2006-11-12 21:58:47 +00:00
# Author: Cyril Jaquier
#
__author__ = " Cyril Jaquier "
__copyright__ = " Copyright (c) 2004 Cyril Jaquier "
__license__ = " GPL "
import textwrap
2016-02-11 16:57:23 +00:00
def output ( s ) :
2016-07-11 11:22:58 +00:00
""" Default output handler for printing protocol.
Used to ease mocking in the test cases .
"""
2016-02-11 16:57:23 +00:00
print ( s )
2006-11-12 21:58:47 +00:00
##
# Describes the protocol used to communicate with the server.
2015-07-06 15:37:12 +00:00
class dotdict ( dict ) :
def __getattr__ ( self , name ) :
return self [ name ]
CSPROTO = dotdict ( {
" EMPTY " : b " " ,
" END " : b " <F2B_END_COMMAND> " ,
" CLOSE " : b " <F2B_CLOSE_COMMAND> "
} )
2006-11-12 21:58:47 +00:00
protocol = [
2007-01-29 20:27:51 +00:00
[ ' ' , " BASIC " , " " ] ,
2006-11-13 22:17:20 +00:00
[ " start " , " starts the server and the jails " ] ,
2016-02-11 07:56:12 +00:00
[ " restart " , " restarts the server " ] ,
2016-09-06 21:54:19 +00:00
[ " restart [--unban] [--if-exists] <JAIL> " , " restarts the jail <JAIL> (alias for ' reload --restart ... <JAIL> ' ) " ] ,
2016-09-08 16:29:45 +00:00
[ " reload [--restart] [--unban] [--all] " , " reloads the configuration without restarting of the server, the option ' --restart ' activates completely restarting of affected jails, thereby can unban IP addresses (if option ' --unban ' specified) " ] ,
2016-09-06 21:54:19 +00:00
[ " reload [--restart] [--unban] [--if-exists] <JAIL> " , " reloads the jail <JAIL>, or restarts it (if option ' --restart ' specified) " ] ,
2006-11-13 22:17:20 +00:00
[ " stop " , " stops all jails and terminate the server " ] ,
2016-09-07 20:06:11 +00:00
[ " unban --all " , " unbans all IP addresses (in all jails and database) " ] ,
[ " unban <IP> ... <IP> " , " unbans <IP> (in all jails and database) " ] ,
2006-11-13 22:17:20 +00:00
[ " status " , " gets the current status of the server " ] ,
2016-02-11 07:56:12 +00:00
[ " ping " , " tests if the server is alive " ] ,
[ " echo " , " for internal usage, returns back and outputs a given string " ] ,
2013-02-07 09:25:59 +00:00
[ " help " , " return this output " ] ,
2014-07-11 05:08:36 +00:00
[ " version " , " return the server version " ] ,
2007-01-29 20:27:51 +00:00
[ ' ' , " LOGGING " , " " ] ,
2016-09-22 18:16:28 +00:00
[ " set loglevel <LEVEL> " , " sets logging level to <LEVEL>. Levels: CRITICAL, ERROR, WARNING, NOTICE, INFO, "
" DEBUG, TRACEDEBUG, HEAVYDEBUG or corresponding numeric value (50-5) " ] ,
2006-11-13 22:17:20 +00:00
[ " get loglevel " , " gets the logging level " ] ,
2006-11-16 22:30:48 +00:00
[ " set logtarget <TARGET> " , " sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file " ] ,
2006-11-13 22:17:20 +00:00
[ " get logtarget " , " gets logging target " ] ,
2015-02-07 00:14:09 +00:00
[ " set syslogsocket auto|<SOCKET> " , " sets the syslog socket path to auto or <SOCKET>. Only used if logtarget is SYSLOG " ] ,
2015-02-06 04:44:57 +00:00
[ " get syslogsocket " , " gets syslog socket path " ] ,
2013-12-04 09:51:30 +00:00
[ " flushlogs " , " flushes the logtarget if a file and reopens it. For log rotation. " ] ,
2013-12-07 23:23:28 +00:00
[ ' ' , " DATABASE " , " " ] ,
2013-12-10 21:16:36 +00:00
[ " set dbfile <FILE> " , " set the location of fail2ban persistent datastore. Set to \" None \" to disable " ] ,
2013-12-07 23:23:28 +00:00
[ " get dbfile " , " get the location of fail2ban persistent datastore " ] ,
[ " set dbpurgeage <SECONDS> " , " sets the max age in <SECONDS> that history of bans will be kept " ] ,
[ " get dbpurgeage " , " gets the max age in seconds that history of bans will be kept " ] ,
2007-01-29 20:27:51 +00:00
[ ' ' , " JAIL CONTROL " , " " ] ,
2006-11-13 22:17:20 +00:00
[ " add <JAIL> <BACKEND> " , " creates <JAIL> using <BACKEND> " ] ,
2006-12-15 23:02:12 +00:00
[ " start <JAIL> " , " starts the jail <JAIL> " ] ,
[ " stop <JAIL> " , " stops the jail <JAIL>. The jail is removed " ] ,
2015-01-27 01:11:53 +00:00
[ " status <JAIL> [FLAVOR] " , " gets the current status of <JAIL>, with optional flavor or extended info " ] ,
2007-01-29 20:27:51 +00:00
[ ' ' , " JAIL CONFIGURATION " , " " ] ,
2006-11-13 22:17:20 +00:00
[ " set <JAIL> idle on|off " , " sets the idle state of <JAIL> " ] ,
2017-03-23 14:52:31 +00:00
[ " set <JAIL> ignoreself true|false " , " allows the ignoring of own IP addresses " ] ,
2006-11-13 22:17:20 +00:00
[ " set <JAIL> addignoreip <IP> " , " adds <IP> to the ignore list of <JAIL> " ] ,
[ " set <JAIL> delignoreip <IP> " , " removes <IP> from the ignore list of <JAIL> " ] ,
2018-07-09 12:58:39 +00:00
[ " set <JAIL> ignorecommand <VALUE> " , " sets ignorecommand of <JAIL> " ] ,
[ " set <JAIL> ignorecache <VALUE> " , " sets ignorecache of <JAIL> " ] ,
2013-12-28 23:09:50 +00:00
[ " set <JAIL> addlogpath <FILE> [ ' tail ' ] " , " adds <FILE> to the monitoring list of <JAIL>, optionally starting at the ' tail ' of the file (default ' head ' ). " ] ,
2009-09-01 20:25:32 +00:00
[ " set <JAIL> dellogpath <FILE> " , " removes <FILE> from the monitoring list of <JAIL> " ] ,
2013-02-27 18:09:55 +00:00
[ " set <JAIL> logencoding <ENCODING> " , " sets the <ENCODING> of the log files for <JAIL> " ] ,
2013-05-09 23:15:07 +00:00
[ " set <JAIL> addjournalmatch <MATCH> " , " adds <MATCH> to the journal filter of <JAIL> " ] ,
[ " set <JAIL> deljournalmatch <MATCH> " , " removes <MATCH> from the journal filter of <JAIL> " ] ,
2006-12-23 16:31:00 +00:00
[ " set <JAIL> addfailregex <REGEX> " , " adds the regular expression <REGEX> which must match failures for <JAIL> " ] ,
[ " set <JAIL> delfailregex <INDEX> " , " removes the regular expression at <INDEX> for failregex " ] ,
[ " set <JAIL> addignoreregex <REGEX> " , " adds the regular expression <REGEX> which should match pattern to exclude for <JAIL> " ] ,
[ " set <JAIL> delignoreregex <INDEX> " , " removes the regular expression at <INDEX> for ignoreregex " ] ,
2006-11-16 22:30:48 +00:00
[ " set <JAIL> findtime <TIME> " , " sets the number of seconds <TIME> for which the filter will look back for <JAIL> " ] ,
[ " set <JAIL> bantime <TIME> " , " sets the number of seconds <TIME> a host will be banned for <JAIL> " ] ,
2013-05-04 15:59:01 +00:00
[ " set <JAIL> datepattern <PATTERN> " , " sets the <PATTERN> used to match date/times for <JAIL> " ] ,
2012-01-13 04:23:41 +00:00
[ " set <JAIL> usedns <VALUE> " , " sets the usedns mode for <JAIL> " ] ,
2009-08-30 18:26:15 +00:00
[ " set <JAIL> banip <IP> " , " manually Ban <IP> for <JAIL> " ] ,
2012-11-06 02:50:49 +00:00
[ " set <JAIL> unbanip <IP> " , " manually Unban <IP> in <JAIL> " ] ,
2006-11-16 22:30:48 +00:00
[ " set <JAIL> maxretry <RETRY> " , " sets the number of failures <RETRY> before banning the host for <JAIL> " ] ,
2013-01-22 20:54:14 +00:00
[ " set <JAIL> maxlines <LINES> " , " sets the number of <LINES> to buffer for regex search for <JAIL> " ] ,
2015-08-02 12:46:07 +00:00
[ " set <JAIL> addaction <ACT>[ <PYTHONFILE> <JSONKWARGS>] " , " adds a new action named <ACT> for <JAIL>. Optionally for a Python based action, a <PYTHONFILE> and <JSONKWARGS> can be specified, else will be a Command Action " ] ,
2014-01-03 17:04:49 +00:00
[ " set <JAIL> delaction <ACT> " , " removes the action <ACT> from <JAIL> " ] ,
[ " " , " COMMAND ACTION CONFIGURATION " , " " ] ,
[ " set <JAIL> action <ACT> actionstart <CMD> " , " sets the start command <CMD> of the action <ACT> for <JAIL> " ] ,
[ " set <JAIL> action <ACT> actionstop <CMD> " , " sets the stop command <CMD> of the action <ACT> for <JAIL> " ] ,
[ " set <JAIL> action <ACT> actioncheck <CMD> " , " sets the check command <CMD> of the action <ACT> for <JAIL> " ] ,
[ " set <JAIL> action <ACT> actionban <CMD> " , " sets the ban command <CMD> of the action <ACT> for <JAIL> " ] ,
[ " set <JAIL> action <ACT> actionunban <CMD> " , " sets the unban command <CMD> of the action <ACT> for <JAIL> " ] ,
[ " set <JAIL> action <ACT> timeout <TIMEOUT> " , " sets <TIMEOUT> as the command timeout in seconds for the action <ACT> for <JAIL> " ] ,
[ " " , " GENERAL ACTION CONFIGURATION " , " " ] ,
[ " set <JAIL> action <ACT> <PROPERTY> <VALUE> " , " sets the <VALUE> of <PROPERTY> for the action <ACT> for <JAIL> " ] ,
[ " set <JAIL> action <ACT> <METHOD>[ <JSONKWARGS>] " , " calls the <METHOD> with <JSONKWARGS> for the action <ACT> for <JAIL> " ] ,
2007-01-29 20:27:51 +00:00
[ ' ' , " JAIL INFORMATION " , " " ] ,
2006-11-16 22:30:48 +00:00
[ " get <JAIL> logpath " , " gets the list of the monitored files for <JAIL> " ] ,
2014-01-06 21:19:22 +00:00
[ " get <JAIL> logencoding " , " gets the encoding of the log files for <JAIL> " ] ,
2013-05-09 23:15:07 +00:00
[ " get <JAIL> journalmatch " , " gets the journal filter match for <JAIL> " ] ,
2017-03-23 14:52:31 +00:00
[ " get <JAIL> ignoreself " , " gets the current value of the ignoring the own IP addresses " ] ,
2006-11-16 22:30:48 +00:00
[ " get <JAIL> ignoreip " , " gets the list of ignored IP addresses for <JAIL> " ] ,
2013-12-29 05:29:59 +00:00
[ " get <JAIL> ignorecommand " , " gets ignorecommand of <JAIL> " ] ,
2006-12-23 16:31:00 +00:00
[ " get <JAIL> failregex " , " gets the list of regular expressions which matches the failures for <JAIL> " ] ,
[ " get <JAIL> ignoreregex " , " gets the list of regular expressions which matches patterns to ignore for <JAIL> " ] ,
2006-11-16 22:30:48 +00:00
[ " get <JAIL> findtime " , " gets the time for which the filter will look back for failures for <JAIL> " ] ,
[ " get <JAIL> bantime " , " gets the time a host is banned for <JAIL> " ] ,
2013-05-04 15:59:01 +00:00
[ " get <JAIL> datepattern " , " gets the patern used to match date/times for <JAIL> " ] ,
2012-01-13 04:23:41 +00:00
[ " get <JAIL> usedns " , " gets the usedns setting for <JAIL> " ] ,
2006-11-16 22:30:48 +00:00
[ " get <JAIL> maxretry " , " gets the number of failures allowed for <JAIL> " ] ,
2013-01-22 20:54:14 +00:00
[ " get <JAIL> maxlines " , " gets the number of lines to buffer for <JAIL> " ] ,
2013-04-28 12:23:06 +00:00
[ " get <JAIL> actions " , " gets a list of actions for <JAIL> " ] ,
2014-01-03 17:04:49 +00:00
[ " " , " COMMAND ACTION INFORMATION " , " " ] ,
[ " get <JAIL> action <ACT> actionstart " , " gets the start command for the action <ACT> for <JAIL> " ] ,
[ " get <JAIL> action <ACT> actionstop " , " gets the stop command for the action <ACT> for <JAIL> " ] ,
[ " get <JAIL> action <ACT> actioncheck " , " gets the check command for the action <ACT> for <JAIL> " ] ,
[ " get <JAIL> action <ACT> actionban " , " gets the ban command for the action <ACT> for <JAIL> " ] ,
[ " get <JAIL> action <ACT> actionunban " , " gets the unban command for the action <ACT> for <JAIL> " ] ,
[ " get <JAIL> action <ACT> timeout " , " gets the command timeout in seconds for the action <ACT> for <JAIL> " ] ,
[ " " , " GENERAL ACTION INFORMATION " , " " ] ,
[ " get <JAIL> actionproperties <ACT> " , " gets a list of properties for the action <ACT> for <JAIL> " ] ,
[ " get <JAIL> actionmethods <ACT> " , " gets a list of methods for the action <ACT> for <JAIL> " ] ,
[ " get <JAIL> action <ACT> <PROPERTY> " , " gets the value of <PROPERTY> for the action <ACT> for <JAIL> " ] ,
2006-11-12 21:58:47 +00:00
]
2015-07-04 17:47:40 +00:00
2006-11-12 21:58:47 +00:00
##
# Prints the protocol in a "man" format. This is used for the
# "-h" output of fail2ban-client.
def printFormatted ( ) :
INDENT = 4
2006-11-16 22:30:48 +00:00
MARGIN = 41
WIDTH = 34
2006-12-15 23:02:12 +00:00
firstHeading = False
2006-11-13 22:17:20 +00:00
for m in protocol :
2006-12-15 23:02:12 +00:00
if m [ 0 ] == ' ' and firstHeading :
2016-02-11 16:57:23 +00:00
output ( " " )
2006-12-15 23:02:12 +00:00
firstHeading = True
2006-11-13 22:17:20 +00:00
first = True
2014-01-03 17:04:49 +00:00
if len ( m [ 0 ] ) > = MARGIN :
2013-12-31 18:54:34 +00:00
m [ 1 ] = ' ' * WIDTH + m [ 1 ]
for n in textwrap . wrap ( m [ 1 ] , WIDTH , drop_whitespace = False ) :
2006-11-13 22:17:20 +00:00
if first :
2014-01-03 17:04:49 +00:00
line = ' ' * INDENT + m [ 0 ] + ' ' * ( MARGIN - len ( m [ 0 ] ) ) + n . strip ( )
2006-11-13 22:17:20 +00:00
first = False
else :
2014-01-03 17:04:49 +00:00
line = ' ' * ( INDENT + MARGIN ) + n . strip ( )
2016-02-11 16:57:23 +00:00
output ( line )
2006-12-15 23:02:12 +00:00
2015-07-04 17:47:40 +00:00
2006-12-15 23:02:12 +00:00
##
# Prints the protocol in a "mediawiki" format.
def printWiki ( ) :
firstHeading = False
for m in protocol :
if m [ 0 ] == ' ' :
if firstHeading :
2016-02-11 16:57:23 +00:00
output ( " |} " )
2006-12-15 23:02:12 +00:00
__printWikiHeader ( m [ 1 ] , m [ 2 ] )
firstHeading = True
else :
2016-02-11 16:57:23 +00:00
output ( " |- " )
output ( " | <span style= \" white-space:nowrap; \" ><tt> " + m [ 0 ] + " </tt></span> || || " + m [ 1 ] )
output ( " |} " )
2006-12-15 23:02:12 +00:00
2015-07-04 17:47:40 +00:00
2006-12-15 23:02:12 +00:00
def __printWikiHeader ( section , desc ) :
2016-02-11 16:57:23 +00:00
output ( " " )
output ( " === " + section + " === " )
output ( " " )
output ( desc )
output ( " " )
output ( " { | " )
output ( " | ' ' ' Command ' ' ' || || ' ' ' Description ' ' ' " )
