2007-01-29 20:31:04 +00:00
|
|
|
#!/usr/bin/python
|
2012-12-24 16:05:44 +00:00
|
|
|
# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
|
|
|
|
# vi: set ft=python sts=4 ts=4 sw=4 noet :
|
|
|
|
#
|
2006-09-06 18:25:11 +00:00
|
|
|
# This file is part of Fail2Ban.
|
|
|
|
#
|
|
|
|
# Fail2Ban is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# Fail2Ban is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with Fail2Ban; if not, write to the Free Software
|
2011-11-21 12:20:20 +00:00
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
2013-06-14 02:19:10 +00:00
|
|
|
"""
|
|
|
|
Fail2Ban reads log file that contains password failure report
|
|
|
|
and bans the corresponding IP addresses using firewall rules.
|
|
|
|
|
|
|
|
This tools can test regular expressions for "fail2ban".
|
|
|
|
|
|
|
|
Report bugs to https://github.com/fail2ban/fail2ban/issues
|
|
|
|
"""
|
2006-09-06 18:25:11 +00:00
|
|
|
|
2012-11-09 13:58:19 +00:00
|
|
|
__author__ = "Cyril Jaquier, Yaroslav Halchenko"
|
2013-06-14 02:19:10 +00:00
|
|
|
__copyright__ = "Copyright (c) 2004-2008 Cyril Jaquier, 2012-2013 Yaroslav Halchenko"
|
2006-09-06 18:25:11 +00:00
|
|
|
__license__ = "GPL"
|
|
|
|
|
2007-01-21 22:21:13 +00:00
|
|
|
import getopt, sys, time, logging, os
|
2006-09-06 18:25:11 +00:00
|
|
|
|
|
|
|
# Inserts our own modules path first in the list
|
|
|
|
# fix for bug #343821
|
2013-01-28 14:54:08 +00:00
|
|
|
try:
|
|
|
|
from common.version import version
|
|
|
|
except ImportError, e:
|
|
|
|
sys.path.insert(1, "/usr/share/fail2ban")
|
|
|
|
from common.version import version
|
2006-09-06 18:25:11 +00:00
|
|
|
|
2013-06-14 03:01:35 +00:00
|
|
|
from optparse import OptionParser, Option
|
|
|
|
|
2007-09-12 21:38:51 +00:00
|
|
|
from client.configparserinc import SafeConfigParserWithIncludes
|
2007-01-21 22:21:13 +00:00
|
|
|
from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
|
2006-09-06 18:25:11 +00:00
|
|
|
from server.filter import Filter
|
2007-12-16 21:38:04 +00:00
|
|
|
from server.failregex import RegexException
|
2006-09-06 18:25:11 +00:00
|
|
|
|
2013-06-14 03:01:35 +00:00
|
|
|
from testcases.utils import FormatterWithTraceBack
|
2006-10-31 22:25:26 +00:00
|
|
|
# Gets the instance of the logger.
|
2013-06-14 03:01:35 +00:00
|
|
|
logSys = logging.getLogger("fail2ban")
|
2006-10-31 22:25:26 +00:00
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
def shortstr(s, l=53):
|
|
|
|
"""Return shortened string
|
|
|
|
"""
|
|
|
|
if len(s) > l:
|
|
|
|
return s[:l-3] + '...'
|
|
|
|
return s
|
|
|
|
|
|
|
|
def pprint_list(l, header=None):
|
|
|
|
if not len(l):
|
|
|
|
return
|
|
|
|
if header:
|
|
|
|
s = "|- %s\n" % header
|
|
|
|
else:
|
|
|
|
s = ''
|
|
|
|
print s + "| " + "\n| ".join(l) + '\n`-'
|
|
|
|
|
|
|
|
def get_opt_parser():
|
|
|
|
# use module docstring for help output
|
|
|
|
p = OptionParser(
|
|
|
|
usage="%s [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]\n" % sys.argv[0] + __doc__
|
|
|
|
+ """
|
|
|
|
LOG:
|
|
|
|
string a string representing a log line
|
|
|
|
filename path to a log file (/var/log/auth.log)
|
|
|
|
|
|
|
|
REGEX:
|
|
|
|
string a string representing a 'failregex'
|
|
|
|
filename path to a filter file (filter.d/sshd.conf)
|
|
|
|
|
|
|
|
IGNOREREGEX:
|
|
|
|
string a string representing an 'ignoreregex'
|
|
|
|
filename path to a filter file (filter.d/sshd.conf)
|
|
|
|
""",
|
|
|
|
version="%prog " + version)
|
|
|
|
|
|
|
|
p.add_options([
|
|
|
|
Option('-l', "--log-level", type="choice",
|
|
|
|
dest="log_level",
|
2013-06-14 03:01:35 +00:00
|
|
|
choices=('heavydebug', 'debug', 'info', 'warning', 'error', 'fatal'),
|
2013-06-14 02:19:10 +00:00
|
|
|
default=None,
|
|
|
|
help="Log level for the Fail2Ban logger to use"),
|
|
|
|
Option("-v", "--verbose", action='store_true',
|
|
|
|
help="Be verbose in output"),
|
|
|
|
Option("--print-all-missed", action='store_true',
|
|
|
|
help="Either to print all missed lines"),
|
|
|
|
Option("--print-all-ignored", action='store_true',
|
|
|
|
help="Either to print all ignored lines"),
|
2013-06-14 03:01:35 +00:00
|
|
|
Option("-t", "--log-traceback", action='store_true',
|
|
|
|
help="Enrich log-messages with compressed tracebacks"),
|
|
|
|
Option("--full-traceback", action='store_true',
|
|
|
|
help="Either to make the tracebacks full, not compressed (as by default)"),
|
2013-06-14 02:19:10 +00:00
|
|
|
|
|
|
|
])
|
|
|
|
|
|
|
|
return p
|
|
|
|
|
|
|
|
|
|
|
|
class RegexStat(object):
|
2007-01-21 22:21:13 +00:00
|
|
|
|
|
|
|
def __init__(self, failregex):
|
2013-06-14 02:19:10 +00:00
|
|
|
self._stats = 0
|
|
|
|
self._failregex = failregex
|
|
|
|
self._ipList = list()
|
2012-12-24 16:05:44 +00:00
|
|
|
|
|
|
|
def __str__(self):
|
|
|
|
return "%s(%r) %d failed: %s" \
|
2013-06-14 02:19:10 +00:00
|
|
|
% (self.__class__, self._failregex, self._stats, self._ipList)
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2007-01-21 22:21:13 +00:00
|
|
|
def inc(self):
|
2013-06-14 02:19:10 +00:00
|
|
|
self._stats += 1
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2007-01-21 22:21:13 +00:00
|
|
|
def getStats(self):
|
2013-06-14 02:19:10 +00:00
|
|
|
return self._stats
|
2007-01-21 22:21:13 +00:00
|
|
|
|
|
|
|
def getFailRegex(self):
|
2013-06-14 02:19:10 +00:00
|
|
|
return self._failregex
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2007-01-21 22:21:13 +00:00
|
|
|
def appendIP(self, value):
|
2013-07-15 21:16:40 +00:00
|
|
|
self._ipList.append(value)
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2007-01-21 22:21:13 +00:00
|
|
|
def getIPList(self):
|
2013-06-14 02:19:10 +00:00
|
|
|
return self._ipList
|
|
|
|
|
|
|
|
|
|
|
|
class LineStats(object):
|
|
|
|
"""Just a convenience container for stats
|
|
|
|
"""
|
|
|
|
def __init__(self):
|
|
|
|
self.tested = self.matched = 0
|
|
|
|
self.missed_lines = []
|
|
|
|
self.ignored_lines = []
|
|
|
|
|
|
|
|
def __str__(self):
|
|
|
|
return "%(tested)d lines, %(ignored)d ignored, %(matched)d matched, %(missed)d missed" % self
|
2007-01-21 22:21:13 +00:00
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
@property
|
|
|
|
def ignored(self):
|
|
|
|
return len(self.ignored_lines)
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
@property
|
|
|
|
def missed(self):
|
|
|
|
return self.tested - (self.ignored + self.matched)
|
|
|
|
|
|
|
|
# just for convenient str
|
|
|
|
def __getitem__(self, key):
|
|
|
|
return getattr(self, key)
|
|
|
|
|
|
|
|
|
|
|
|
class Fail2banRegex(object):
|
|
|
|
|
2007-09-12 21:38:51 +00:00
|
|
|
CONFIG_DEFAULTS = {'configpath' : "/etc/fail2ban/"}
|
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
def __init__(self, opts):
|
|
|
|
self._verbose = opts.verbose
|
|
|
|
self._print_all_missed = opts.print_all_missed
|
|
|
|
self._print_all_ignored = opts.print_all_ignored
|
|
|
|
|
|
|
|
self._filter = Filter(None)
|
|
|
|
self._ignoreregex = list()
|
|
|
|
self._failregex = list()
|
|
|
|
self._line_stats = LineStats()
|
|
|
|
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
def readRegex(self, value, regextype):
|
|
|
|
assert(regextype in ('fail', 'ignore'))
|
|
|
|
regex = regextype + 'regex'
|
2007-07-10 19:54:01 +00:00
|
|
|
if os.path.isfile(value):
|
2007-09-12 21:38:51 +00:00
|
|
|
reader = SafeConfigParserWithIncludes(defaults=self.CONFIG_DEFAULTS)
|
2007-07-10 19:54:01 +00:00
|
|
|
try:
|
|
|
|
reader.read(value)
|
2013-06-14 02:19:10 +00:00
|
|
|
print "Use %11s file : %s" % (regex, value)
|
|
|
|
# TODO: reuse functionality in client
|
2013-06-29 18:17:22 +00:00
|
|
|
regex_values = [
|
|
|
|
RegexStat(m)
|
|
|
|
for m in reader.get("Definition", regex).split('\n')
|
|
|
|
if m != ""]
|
2007-07-10 19:54:01 +00:00
|
|
|
except NoSectionError:
|
2013-06-14 02:19:10 +00:00
|
|
|
print "No [Definition] section in %s" % value
|
2007-07-10 19:54:01 +00:00
|
|
|
return False
|
|
|
|
except NoOptionError:
|
2013-06-14 02:19:10 +00:00
|
|
|
print "No %s option in %s" % (regex, value)
|
2007-07-10 19:54:01 +00:00
|
|
|
return False
|
|
|
|
except MissingSectionHeaderError:
|
2013-06-14 02:19:10 +00:00
|
|
|
print "No section headers in %s" % value
|
2007-07-10 19:54:01 +00:00
|
|
|
return False
|
|
|
|
else:
|
2013-06-14 02:19:10 +00:00
|
|
|
print "Use %11s line : %s" % (regex, shortstr(value))
|
|
|
|
regex_values = [RegexStat(value)]
|
2007-07-10 19:54:01 +00:00
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
setattr(self, "_" + regex, regex_values)
|
2013-07-15 21:16:40 +00:00
|
|
|
for regex in regex_values:
|
|
|
|
getattr(
|
|
|
|
self._filter,
|
|
|
|
'add%sRegex' % regextype.title())(regex.getFailRegex())
|
2007-01-21 22:21:13 +00:00
|
|
|
return True
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2007-07-10 19:54:01 +00:00
|
|
|
def testIgnoreRegex(self, line):
|
|
|
|
found = False
|
2013-07-15 21:16:40 +00:00
|
|
|
try:
|
|
|
|
ret = self._filter.ignoreLine(line)
|
|
|
|
if ret is not None:
|
|
|
|
found = True
|
|
|
|
regex = self._ignoreregex[ret].inc()
|
|
|
|
except RegexException, e:
|
|
|
|
print e
|
|
|
|
return False
|
2013-06-14 02:19:10 +00:00
|
|
|
return found
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2007-01-21 22:21:13 +00:00
|
|
|
def testRegex(self, line):
|
2013-07-15 21:16:40 +00:00
|
|
|
try:
|
|
|
|
ret = self._filter.processLine(line, checkAllRegex=True)
|
|
|
|
for match in ret:
|
2013-07-16 19:58:44 +00:00
|
|
|
# Append True/False flag depending if line was matched by
|
|
|
|
# more than one regex
|
2013-07-15 21:16:40 +00:00
|
|
|
match.append(len(ret)>1)
|
|
|
|
regex = self._failregex[match[0]]
|
|
|
|
regex.inc()
|
|
|
|
regex.appendIP(match)
|
|
|
|
except RegexException, e:
|
|
|
|
print e
|
|
|
|
return False
|
|
|
|
except IndexError:
|
|
|
|
print "Sorry, but no <host> found in regex"
|
|
|
|
return False
|
|
|
|
return len(ret) > 0
|
2013-06-14 02:19:10 +00:00
|
|
|
|
|
|
|
|
|
|
|
def process(self, test_lines):
|
|
|
|
|
|
|
|
for line in test_lines:
|
2013-07-15 17:52:42 +00:00
|
|
|
if line.startswith('#') or not line.strip():
|
2013-06-14 02:19:10 +00:00
|
|
|
# skip comment and empty lines
|
|
|
|
continue
|
|
|
|
is_ignored = fail2banRegex.testIgnoreRegex(line)
|
|
|
|
if is_ignored:
|
|
|
|
self._line_stats.ignored_lines.append(line)
|
|
|
|
|
|
|
|
if fail2banRegex.testRegex(line):
|
|
|
|
assert(not is_ignored)
|
|
|
|
self._line_stats.matched += 1
|
|
|
|
else:
|
|
|
|
if not is_ignored:
|
|
|
|
self._line_stats.missed_lines.append(line)
|
|
|
|
self._line_stats.tested += 1
|
|
|
|
|
|
|
|
def printLines(self, ltype):
|
|
|
|
lstats = self._line_stats
|
|
|
|
assert(len(lstats.missed_lines) == lstats.tested - (lstats.matched + lstats.ignored))
|
|
|
|
l = lstats[ltype + '_lines']
|
|
|
|
if len(l):
|
|
|
|
header = "%s line(s):" % (ltype.capitalize(),)
|
|
|
|
if len(l) < 20 or getattr(self, '_print_all_' + ltype):
|
|
|
|
pprint_list([x.rstrip() for x in l], header)
|
|
|
|
else:
|
|
|
|
print "%s: too many to print. Use --print-all-%s " \
|
|
|
|
"to print all %d lines" % (header, ltype, len(l))
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2007-01-21 22:21:13 +00:00
|
|
|
def printStats(self):
|
|
|
|
print
|
|
|
|
print "Results"
|
|
|
|
print "======="
|
2012-02-11 03:19:44 +00:00
|
|
|
|
|
|
|
def print_failregexes(title, failregexes):
|
|
|
|
# Print title
|
2012-02-11 03:51:31 +00:00
|
|
|
total, out = 0, []
|
2012-02-11 03:19:44 +00:00
|
|
|
for cnt, failregex in enumerate(failregexes):
|
|
|
|
match = failregex.getStats()
|
|
|
|
total += match
|
2013-06-14 02:19:10 +00:00
|
|
|
if (match or self._verbose):
|
|
|
|
out.append("%2d) [%d] %s" % (cnt+1, match, failregex.getFailRegex()))
|
|
|
|
|
|
|
|
if self._verbose and len(failregex.getIPList()):
|
|
|
|
for ip in failregex.getIPList():
|
2013-07-15 21:16:40 +00:00
|
|
|
timeTuple = time.localtime(ip[2])
|
2013-06-14 02:19:10 +00:00
|
|
|
timeString = time.strftime("%a %b %d %H:%M:%S %Y", timeTuple)
|
2013-07-15 21:16:40 +00:00
|
|
|
out.append(
|
|
|
|
" %s %s%s" % (
|
|
|
|
ip[1],
|
|
|
|
timeString,
|
|
|
|
ip[3] and " (multiple regex matched)" or ""))
|
2013-06-14 02:19:10 +00:00
|
|
|
|
|
|
|
print "\n%s: %d total" % (title, total)
|
|
|
|
pprint_list(out, " #) [# of hits] regular expression")
|
2012-02-11 03:19:44 +00:00
|
|
|
return total
|
|
|
|
|
2007-07-10 19:54:01 +00:00
|
|
|
# Print title
|
2013-06-14 02:19:10 +00:00
|
|
|
total = print_failregexes("Failregex", self._failregex)
|
|
|
|
_ = print_failregexes("Ignoreregex", self._ignoreregex)
|
2012-02-11 03:51:31 +00:00
|
|
|
|
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
print "\nDate template hits:"
|
|
|
|
out = []
|
2013-07-15 21:16:40 +00:00
|
|
|
for template in self._filter.dateDetector.getTemplates():
|
2013-06-14 02:19:10 +00:00
|
|
|
if self._verbose or template.getHits():
|
|
|
|
out.append("[%d] %s" % (template.getHits(), template.getName()))
|
|
|
|
pprint_list(out, "[# of hits] date format")
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
print "\nLines: %s" % self._line_stats
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
self.printLines('ignored')
|
|
|
|
self.printLines('missed')
|
|
|
|
|
|
|
|
return True
|
2007-01-21 22:21:13 +00:00
|
|
|
|
2013-03-29 16:31:50 +00:00
|
|
|
|
2006-09-06 18:25:11 +00:00
|
|
|
if __name__ == "__main__":
|
2013-06-14 02:19:10 +00:00
|
|
|
|
|
|
|
parser = get_opt_parser()
|
|
|
|
(opts, args) = parser.parse_args()
|
|
|
|
|
|
|
|
fail2banRegex = Fail2banRegex(opts)
|
2012-02-11 03:51:31 +00:00
|
|
|
|
|
|
|
# We need 2 or 3 parameters
|
|
|
|
if not len(args) in (2, 3):
|
2013-06-14 02:19:10 +00:00
|
|
|
sys.stderr.write("ERROR: provide both <LOG> and <REGEX>.\n\n")
|
|
|
|
parser.print_help()
|
2006-09-06 18:25:11 +00:00
|
|
|
sys.exit(-1)
|
2007-01-21 22:21:13 +00:00
|
|
|
|
2013-06-14 03:01:35 +00:00
|
|
|
# TODO: taken from -testcases -- move common functionality somewhere
|
|
|
|
if opts.log_level is not None: # pragma: no cover
|
|
|
|
# so we had explicit settings
|
|
|
|
logSys.setLevel(getattr(logging, opts.log_level.upper()))
|
|
|
|
else: # pragma: no cover
|
|
|
|
# suppress the logging but it would leave unittests' progress dots
|
|
|
|
# ticking, unless like with '-l fatal' which would be silent
|
|
|
|
# unless error occurs
|
|
|
|
logSys.setLevel(getattr(logging, 'FATAL'))
|
|
|
|
|
|
|
|
# Add the default logging handler
|
|
|
|
stdout = logging.StreamHandler(sys.stdout)
|
|
|
|
|
|
|
|
fmt = 'D: %(message)s'
|
|
|
|
|
|
|
|
if opts.log_traceback:
|
|
|
|
Formatter = FormatterWithTraceBack
|
|
|
|
fmt = (opts.full_traceback and ' %(tb)s' or ' %(tbc)s') + fmt
|
|
|
|
else:
|
|
|
|
Formatter = logging.Formatter
|
|
|
|
|
|
|
|
# Custom log format for the verbose tests runs
|
|
|
|
if opts.verbose > 1: # pragma: no cover
|
|
|
|
stdout.setFormatter(Formatter(' %(asctime)-15s %(thread)s' + fmt))
|
|
|
|
else: # pragma: no cover
|
|
|
|
# just prefix with the space
|
|
|
|
stdout.setFormatter(Formatter(fmt))
|
|
|
|
logSys.addHandler(stdout)
|
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
print
|
|
|
|
print "Running tests"
|
|
|
|
print "============="
|
|
|
|
print
|
2007-07-10 19:54:01 +00:00
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
cmd_log, cmd_regex = args[:2]
|
2007-01-29 20:31:04 +00:00
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
if len(args) == 3:
|
|
|
|
fail2banRegex.readRegex(args[2], 'ignore') or sys.exit(-1)
|
2012-02-11 03:51:31 +00:00
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
fail2banRegex.readRegex(cmd_regex, 'fail') or sys.exit(-1)
|
|
|
|
|
|
|
|
if os.path.isfile(cmd_log):
|
|
|
|
try:
|
|
|
|
hdlr = open(cmd_log)
|
|
|
|
print "Use log file : %s" % cmd_log
|
|
|
|
test_lines = hdlr.readlines()
|
|
|
|
except IOError, e:
|
|
|
|
print e
|
|
|
|
sys.exit(-1)
|
|
|
|
else:
|
|
|
|
print "Use single line : %s" % shortstr(cmd_log)
|
|
|
|
test_lines = [ cmd_log ]
|
|
|
|
print
|
|
|
|
|
|
|
|
fail2banRegex.process(test_lines)
|
2012-02-11 03:51:31 +00:00
|
|
|
|
2013-06-14 02:19:10 +00:00
|
|
|
fail2banRegex.printStats() or sys.exit(-1)
|