2011-10-07 19:47:50 +00:00
|
|
|
# emacs: -*- mode: python; coding: utf-8; py-indent-offset: 4; indent-tabs-mode: t -*-
|
|
|
|
# vi: set ft=python sts=4 ts=4 sw=4 noet :
|
|
|
|
|
2006-09-05 21:17:35 +00:00
|
|
|
# This file is part of Fail2Ban.
|
|
|
|
#
|
|
|
|
# Fail2Ban is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# Fail2Ban is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with Fail2Ban; if not, write to the Free Software
|
2011-11-21 12:20:20 +00:00
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
2006-09-05 21:17:35 +00:00
|
|
|
|
|
|
|
# Author: Cyril Jaquier
|
|
|
|
#
|
|
|
|
|
|
|
|
__author__ = "Cyril Jaquier"
|
|
|
|
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
|
|
|
__license__ = "GPL"
|
|
|
|
|
2007-12-16 18:05:07 +00:00
|
|
|
import re, time
|
|
|
|
|
|
|
|
from mytime import MyTime
|
2008-05-18 19:53:18 +00:00
|
|
|
import iso8601
|
2006-09-05 21:17:35 +00:00
|
|
|
|
2011-10-07 19:14:54 +00:00
|
|
|
import logging
|
|
|
|
logSys = logging.getLogger("fail2ban.datetemplate")
|
|
|
|
|
|
|
|
|
2006-09-05 21:17:35 +00:00
|
|
|
class DateTemplate:
|
|
|
|
|
|
|
|
def __init__(self):
|
2006-09-19 20:38:32 +00:00
|
|
|
self.__name = ""
|
|
|
|
self.__regex = ""
|
|
|
|
self.__cRegex = None
|
|
|
|
self.__hits = 0
|
2006-09-05 21:17:35 +00:00
|
|
|
|
2006-09-10 20:43:13 +00:00
|
|
|
def setName(self, name):
|
2006-09-19 20:38:32 +00:00
|
|
|
self.__name = name
|
2006-09-10 20:43:13 +00:00
|
|
|
|
|
|
|
def getName(self):
|
2006-09-19 20:38:32 +00:00
|
|
|
return self.__name
|
2006-09-10 20:43:13 +00:00
|
|
|
|
2013-03-25 14:41:13 +00:00
|
|
|
def setRegex(self, regex, wordBegin=True):
|
2013-03-11 12:52:31 +00:00
|
|
|
regex = regex.strip()
|
|
|
|
if (wordBegin and not re.search(r'^\^', regex)):
|
|
|
|
regex = r'\b' + regex
|
|
|
|
self.__regex = regex
|
2006-09-19 20:38:32 +00:00
|
|
|
self.__cRegex = re.compile(regex)
|
2006-09-05 21:17:35 +00:00
|
|
|
|
|
|
|
def getRegex(self):
|
2006-09-19 20:38:32 +00:00
|
|
|
return self.__regex
|
2006-09-05 21:17:35 +00:00
|
|
|
|
|
|
|
def getHits(self):
|
2006-09-19 20:38:32 +00:00
|
|
|
return self.__hits
|
2013-07-15 21:16:40 +00:00
|
|
|
|
|
|
|
def incHits(self):
|
|
|
|
self.__hits += 1
|
2013-07-27 19:21:05 +00:00
|
|
|
|
|
|
|
def resetHits(self):
|
|
|
|
self.__hits = 0
|
2006-09-05 21:17:35 +00:00
|
|
|
|
|
|
|
def matchDate(self, line):
|
2006-09-19 20:38:32 +00:00
|
|
|
dateMatch = self.__cRegex.search(line)
|
2006-09-05 21:17:35 +00:00
|
|
|
return dateMatch
|
|
|
|
|
|
|
|
def getDate(self, line):
|
2006-09-10 20:43:13 +00:00
|
|
|
raise Exception("matchDate() is abstract")
|
2007-12-16 18:05:07 +00:00
|
|
|
|
|
|
|
|
|
|
|
class DateEpoch(DateTemplate):
|
|
|
|
|
|
|
|
def __init__(self):
|
|
|
|
DateTemplate.__init__(self)
|
2013-09-30 19:58:24 +00:00
|
|
|
self.setRegex("(?:^|(?P<selinux>(?<=audit\()))\d{10}(?:\.\d{3,6})?(?(selinux)(?=:\d+\)))")
|
2007-12-16 18:05:07 +00:00
|
|
|
|
|
|
|
def getDate(self, line):
|
|
|
|
date = None
|
|
|
|
dateMatch = self.matchDate(line)
|
|
|
|
if dateMatch:
|
|
|
|
# extract part of format which represents seconds since epoch
|
2011-10-07 19:14:54 +00:00
|
|
|
date = list(MyTime.localtime(float(dateMatch.group())))
|
2007-12-16 18:05:07 +00:00
|
|
|
return date
|
|
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
# Use strptime() to parse a date. Our current locale is the 'C'
|
|
|
|
# one because we do not set the locale explicitly. This is POSIX
|
|
|
|
# standard.
|
|
|
|
|
|
|
|
class DateStrptime(DateTemplate):
|
2011-11-16 12:45:46 +00:00
|
|
|
|
|
|
|
TABLE = dict()
|
2011-11-10 17:51:29 +00:00
|
|
|
TABLE["Jan"] = ["Sty"]
|
|
|
|
TABLE["Feb"] = [u"Fév", "Lut"]
|
|
|
|
TABLE["Mar"] = [u"Mär", "Mar"]
|
|
|
|
TABLE["Apr"] = ["Avr", "Kwi"]
|
|
|
|
TABLE["May"] = ["Mai", "Maj"]
|
|
|
|
TABLE["Jun"] = ["Lip"]
|
|
|
|
TABLE["Jul"] = ["Sie"]
|
|
|
|
TABLE["Aug"] = ["Aou", "Wrz"]
|
|
|
|
TABLE["Sep"] = ["Sie"]
|
|
|
|
TABLE["Oct"] = [u"Paź"]
|
|
|
|
TABLE["Nov"] = ["Lis"]
|
|
|
|
TABLE["Dec"] = [u"Déc", "Dez", "Gru"]
|
2007-12-16 18:05:07 +00:00
|
|
|
|
|
|
|
def __init__(self):
|
|
|
|
DateTemplate.__init__(self)
|
2008-01-16 22:55:04 +00:00
|
|
|
self.__pattern = ""
|
|
|
|
|
|
|
|
def setPattern(self, pattern):
|
|
|
|
self.__pattern = pattern.strip()
|
|
|
|
|
|
|
|
def getPattern(self):
|
|
|
|
return self.__pattern
|
2007-12-16 18:05:07 +00:00
|
|
|
|
2007-12-16 21:38:04 +00:00
|
|
|
#@staticmethod
|
2007-12-16 18:05:07 +00:00
|
|
|
def convertLocale(date):
|
|
|
|
for t in DateStrptime.TABLE:
|
|
|
|
for m in DateStrptime.TABLE[t]:
|
|
|
|
if date.find(m) >= 0:
|
2011-10-07 19:14:54 +00:00
|
|
|
logSys.debug(u"Replacing %r with %r in %r" %
|
|
|
|
(m, t, date))
|
2007-12-16 18:05:07 +00:00
|
|
|
return date.replace(m, t)
|
|
|
|
return date
|
2007-12-16 21:38:04 +00:00
|
|
|
convertLocale = staticmethod(convertLocale)
|
2007-12-16 18:05:07 +00:00
|
|
|
|
|
|
|
def getDate(self, line):
|
|
|
|
date = None
|
|
|
|
dateMatch = self.matchDate(line)
|
|
|
|
if dateMatch:
|
|
|
|
try:
|
|
|
|
# Try first with 'C' locale
|
|
|
|
date = list(time.strptime(dateMatch.group(), self.getPattern()))
|
|
|
|
except ValueError:
|
|
|
|
# Try to convert date string to 'C' locale
|
|
|
|
conv = self.convertLocale(dateMatch.group())
|
2008-02-28 23:01:30 +00:00
|
|
|
try:
|
|
|
|
date = list(time.strptime(conv, self.getPattern()))
|
2012-01-28 17:35:39 +00:00
|
|
|
except (ValueError, re.error), e:
|
2008-02-28 23:01:30 +00:00
|
|
|
# Try to add the current year to the pattern. Should fix
|
|
|
|
# the "Feb 29" issue.
|
2012-01-28 17:35:39 +00:00
|
|
|
opattern = self.getPattern()
|
|
|
|
# makes sense only if %Y is not in already:
|
|
|
|
if not '%Y' in opattern:
|
|
|
|
pattern = "%s %%Y" % opattern
|
|
|
|
conv += " %s" % MyTime.gmtime()[0]
|
|
|
|
date = list(time.strptime(conv, pattern))
|
|
|
|
else:
|
|
|
|
# we are helpless here
|
|
|
|
raise ValueError(
|
|
|
|
"Given pattern %r does not match. Original "
|
|
|
|
"exception was %r and Feb 29 workaround could not "
|
|
|
|
"be tested due to already present year mark in the "
|
|
|
|
"pattern" % (opattern, e))
|
2007-12-16 18:05:07 +00:00
|
|
|
if date[0] < 2000:
|
|
|
|
# There is probably no year field in the logs
|
2013-03-16 17:55:22 +00:00
|
|
|
# NOTE: Possibly makes week/year day incorrect
|
2007-12-16 18:05:07 +00:00
|
|
|
date[0] = MyTime.gmtime()[0]
|
|
|
|
# Bug fix for #1241756
|
|
|
|
# If the date is greater than the current time, we suppose
|
|
|
|
# that the log is not from this year but from the year before
|
|
|
|
if time.mktime(date) > MyTime.time():
|
2011-10-07 19:14:54 +00:00
|
|
|
logSys.debug(
|
|
|
|
u"Correcting deduced year from %d to %d since %f > %f" %
|
|
|
|
(date[0], date[0]-1, time.mktime(date), MyTime.time()))
|
2013-03-16 17:55:22 +00:00
|
|
|
# NOTE: Possibly makes week/year day incorrect
|
2007-12-16 18:05:07 +00:00
|
|
|
date[0] -= 1
|
2008-08-12 20:51:55 +00:00
|
|
|
elif date[1] == 1 and date[2] == 1:
|
|
|
|
# If it is Jan 1st, it is either really Jan 1st or there
|
|
|
|
# is neither month nor day in the log.
|
2013-03-16 17:55:22 +00:00
|
|
|
# NOTE: Possibly makes week/year day incorrect
|
2008-08-12 20:51:55 +00:00
|
|
|
date[1] = MyTime.gmtime()[1]
|
|
|
|
date[2] = MyTime.gmtime()[2]
|
2007-12-16 18:05:07 +00:00
|
|
|
return date
|
|
|
|
|
|
|
|
|
|
|
|
class DateTai64n(DateTemplate):
|
|
|
|
|
|
|
|
def __init__(self):
|
|
|
|
DateTemplate.__init__(self)
|
|
|
|
# We already know the format for TAI64N
|
2013-03-25 14:41:13 +00:00
|
|
|
# yoh: we should not add an additional front anchor
|
|
|
|
self.setRegex("@[0-9a-f]{24}", wordBegin=False)
|
2007-12-16 18:05:07 +00:00
|
|
|
|
|
|
|
def getDate(self, line):
|
|
|
|
date = None
|
|
|
|
dateMatch = self.matchDate(line)
|
|
|
|
if dateMatch:
|
|
|
|
# extract part of format which represents seconds since epoch
|
|
|
|
value = dateMatch.group()
|
|
|
|
seconds_since_epoch = value[2:17]
|
2010-09-27 13:10:40 +00:00
|
|
|
# convert seconds from HEX into local time stamp
|
2011-10-07 19:14:54 +00:00
|
|
|
date = list(MyTime.localtime(int(seconds_since_epoch, 16)))
|
2008-05-18 19:53:18 +00:00
|
|
|
return date
|
|
|
|
|
|
|
|
|
|
|
|
class DateISO8601(DateTemplate):
|
|
|
|
|
|
|
|
def __init__(self):
|
|
|
|
DateTemplate.__init__(self)
|
|
|
|
date_re = "[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}" \
|
|
|
|
".[0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]+)?" \
|
|
|
|
"(Z|(([-+])([0-9]{2}):([0-9]{2})))?"
|
|
|
|
self.setRegex(date_re)
|
|
|
|
|
|
|
|
def getDate(self, line):
|
|
|
|
date = None
|
|
|
|
dateMatch = self.matchDate(line)
|
|
|
|
if dateMatch:
|
|
|
|
# Parses the date.
|
|
|
|
value = dateMatch.group()
|
2009-02-08 19:50:44 +00:00
|
|
|
date = list(iso8601.parse_date(value).timetuple())
|
2008-05-18 19:53:18 +00:00
|
|
|
return date
|
2013-04-28 08:44:31 +00:00
|
|
|
|