fail2ban/client/jailreader.py

# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Fail2Ban is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

# Author: Cyril Jaquier
# 
# $Revision$

__author__ = "Cyril Jaquier"
__version__ = "$Revision$"
__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"

import logging, re, glob

from configreader import ConfigReader
from filterreader import FilterReader
from actionreader import ActionReader

# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban.client.config")

class JailReader(ConfigReader):
	
	actionCRE = re.compile("^((?:\w|-|_|\.)+)(?:\[(.*)\])?$")
	
	def __init__(self, name):
		ConfigReader.__init__(self)
		self.__name = name
		self.__filter = None
		self.__actions = list()
	
	def setName(self, value):
		self.__name = value
	
	def getName(self):
		return self.__name
	
	def read(self):
		ConfigReader.read(self, "jail")
	
	def isEnabled(self):
		return self.__opts["enabled"]
	
	def getOptions(self):
		opts = [["bool", "enabled", "false"],
				["string", "logpath", "/var/log/messages"],
				["string", "backend", "auto"],
				["int", "maxretry", 3],
				["int", "findtime", 600],
				["int", "bantime", 600],
				["string", "failregex", None],
				["string", "ignoreregex", None],
				["string", "ignoreip", None],
				["string", "filter", ""],
				["string", "action", ""]]
		self.__opts = ConfigReader.getOptions(self, self.__name, opts)
		
		if self.isEnabled():
			# Read filter
			self.__filter = FilterReader(self.__opts["filter"], self.__name)
			ret = self.__filter.read()
			if ret:
				self.__filter.getOptions(self.__opts)
			else:
				logSys.error("Unable to read the filter")
				return False
			
			# Read action
			for act in self.__opts["action"].split('\n'):
				try:
					splitAct = JailReader.splitAction(act)
					action = ActionReader(splitAct, self.__name)
					ret = action.read()
					if ret:
						action.getOptions(self.__opts)
						self.__actions.append(action)
					else:
						raise AttributeError("Unable to read action")
				except AttributeError, e:
					logSys.error("Error in action definition " + act)
					logSys.debug(e)
					return False
		return True
	
	def convert(self):
		stream = []
		for opt in self.__opts:
			if opt == "logpath":
				for path in self.__opts[opt].split("\n"):
					pathList = glob.glob(path)
					if len(pathList) == 0:
						logSys.error("No file found for " + path)
					for p in pathList:
						stream.append(["set", self.__name, "addlogpath", p])
			elif opt == "backend":
				backend = self.__opts[opt]
			elif opt == "maxretry":
				stream.append(["set", self.__name, "maxretry", self.__opts[opt]])
			elif opt == "ignoreip":
				for ip in self.__opts[opt].split():
					stream.append(["set", self.__name, "addignoreip", ip])
			elif opt == "findtime":
				stream.append(["set", self.__name, "findtime", self.__opts[opt]])
			elif opt == "bantime":
				stream.append(["set", self.__name, "bantime", self.__opts[opt]])
			elif opt == "failregex":
				stream.append(["set", self.__name, "failregex", self.__opts[opt]])
			elif opt == "ignoreregex":
				stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])
		stream.extend(self.__filter.convert())
		for action in self.__actions:
			stream.extend(action.convert())
		stream.insert(0, ["add", self.__name, backend])
		return stream
	
	@staticmethod
	def splitAction(action):
		m = JailReader.actionCRE.match(action)
		d = dict()
		if not m.group(2) == None:
			for param in m.group(2).split(','):
				p = param.split('=')
				try:
					d[p[0].strip()] = p[1].strip()
				except IndexError:
					logSys.error("Invalid argument %s in '%s'" % (p, m.group(2)))
		return [m.group(1), d]
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`# This file is part of Fail2Ban.`
			`#`
			`# Fail2Ban is free software; you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation; either version 2 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# Fail2Ban is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with Fail2Ban; if not, write to the Free Software`
			`# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA`

			`# Author: Cyril Jaquier`
			`#`
- Added property 'svn:keywords' git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@253 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`# $Revision$`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago
			`__author__ = "Cyril Jaquier"`
- Added property 'svn:keywords' git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@253 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`__version__ = "$Revision$"`
			`__date__ = "$Date$"`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`__copyright__ = "Copyright (c) 2004 Cyril Jaquier"`
			`__license__ = "GPL"`

- Added wildcards support for "logpath" - Added "set <jail> addlogpath <path>" and "set <jail> dellogpath <path>" - Adapted pyunit test git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@354 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`import logging, re, glob`

- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`from configreader import ConfigReader`
			`from filterreader import FilterReader`
			`from actionreader import ActionReader`

			`# Gets the instance of the logger.`
			`logSys = logging.getLogger("fail2ban.client.config")`

			`class JailReader(ConfigReader):`

- Fixed a bug with static class members git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@283 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`actionCRE = re.compile("^((?:\w\|-\|_\|\.)+)(?:\[(.*)\])?$")`

- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`def __init__(self, name):`
			`ConfigReader.__init__(self)`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`self.__name = name`
			`self.__filter = None`
			`self.__actions = list()`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago
			`def setName(self, value):`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`self.__name = value`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago
			`def getName(self):`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`return self.__name`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago
			`def read(self):`
			`ConfigReader.read(self, "jail")`

			`def isEnabled(self):`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`return self.__opts["enabled"]`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago
			`def getOptions(self):`
			`opts = [["bool", "enabled", "false"],`
- Moved "logpath" and "maxtime" to "jail.conf" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@320 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`["string", "logpath", "/var/log/messages"],`
- Added "backend" option git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@409 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`["string", "backend", "auto"],`
- Moved "logpath" and "maxtime" to "jail.conf" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@320 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`["int", "maxretry", 3],`
- Merged "maxtime" with "findtime" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@470 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`["int", "findtime", 600],`
- One step forward to 0.7.0 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@250 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`["int", "bantime", 600],`
- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request #1283304 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@458 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`["string", "failregex", None],`
			`["string", "ignoreregex", None],`
- Added "ignoreip" feature git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@359 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`["string", "ignoreip", None],`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`["string", "filter", ""],`
			`["string", "action", ""]]`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`self.__opts = ConfigReader.getOptions(self, self.__name, opts)`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago
			`if self.isEnabled():`
			`# Read filter`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`self.__filter = FilterReader(self.__opts["filter"], self.__name)`
			`ret = self.__filter.read()`
- Improved checking when parsing the configuration git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@336 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`if ret:`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`self.__filter.getOptions(self.__opts)`
- Improved checking when parsing the configuration git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@336 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`else:`
			`logSys.error("Unable to read the filter")`
			`return False`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago
			`# Read action`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`for act in self.__opts["action"].split('\n'):`
- Improved "action" option handling git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@273 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`try:`
			`splitAct = JailReader.splitAction(act)`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`action = ActionReader(splitAct, self.__name)`
- Improved checking when parsing the configuration git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@336 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`ret = action.read()`
			`if ret:`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`action.getOptions(self.__opts)`
			`self.__actions.append(action)`
- Improved checking when parsing the configuration git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@336 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`else:`
			`raise AttributeError("Unable to read action")`
- Improved "action" option handling git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@273 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`except AttributeError, e:`
			`logSys.error("Error in action definition " + act)`
			`logSys.debug(e)`
- Improved checking when parsing the configuration git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@336 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`return False`
			`return True`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago
			`def convert(self):`
- Added "backend" option git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@409 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`stream = []`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`for opt in self.__opts:`
- Moved "logpath" and "maxtime" to "jail.conf" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@320 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`if opt == "logpath":`
- Allow multiple log paths git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@393 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`for path in self.__opts[opt].split("\n"):`
			`pathList = glob.glob(path)`
			`if len(pathList) == 0:`
			`logSys.error("No file found for " + path)`
			`for p in pathList:`
			`stream.append(["set", self.__name, "addlogpath", p])`
- Added "backend" option git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@409 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`elif opt == "backend":`
			`backend = self.__opts[opt]`
- Moved "logpath" and "maxtime" to "jail.conf" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@320 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`elif opt == "maxretry":`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`stream.append(["set", self.__name, "maxretry", self.__opts[opt]])`
- Added "ignoreip" feature git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@359 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`elif opt == "ignoreip":`
- Fixed multiple IP in "ignoreip". Thanks to Nick Munger git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@420 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`for ip in self.__opts[opt].split():`
			`stream.append(["set", self.__name, "addignoreip", ip])`
- Merged "maxtime" with "findtime" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@470 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`elif opt == "findtime":`
			`stream.append(["set", self.__name, "findtime", self.__opts[opt]])`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`elif opt == "bantime":`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`stream.append(["set", self.__name, "bantime", self.__opts[opt]])`
- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request #1283304 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@458 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`elif opt == "failregex":`
			`stream.append(["set", self.__name, "failregex", self.__opts[opt]])`
			`elif opt == "ignoreregex":`
			`stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])`
- Made private fields prefixed with "__" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@368 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`stream.extend(self.__filter.convert())`
			`for action in self.__actions:`
- One step forward to 0.7.0 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@250 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`stream.extend(action.convert())`
- Added "backend" option git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@409 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`stream.insert(0, ["add", self.__name, backend])`
- Initial commit of the new development release 0.7 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`return stream`
- 0.7.0 soon git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@251 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago
			`@staticmethod`
			`def splitAction(action):`
- Fixed a bug with static class members git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@283 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`m = JailReader.actionCRE.match(action)`
- 0.7.0 soon git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@251 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`d = dict()`
- Fixed some Pylint warnings/errors git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@433 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`if not m.group(2) == None:`
- 0.7.0 soon git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@251 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`for param in m.group(2).split(','):`
			`p = param.split('=')`
- Fixed exception if wrong use of ','. Thanks to Yaroslav Halchenko git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@438 a942ae1a-1317-0410-a47c-b1dcaea8d605 18 years ago			`try:`
			`d[p[0].strip()] = p[1].strip()`
			`except IndexError:`
			`logSys.error("Invalid argument %s in '%s'" % (p, m.group(2)))`
- 0.7.0 soon git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@251 a942ae1a-1317-0410-a47c-b1dcaea8d605 19 years ago			`return [m.group(1), d]`