github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

DOC: Add documentation for badips.py action

pull/1015/head
Steven Hiscocks 2014-03-13 19:58:32 +00:00
parent dfb46cfda6
commit 0c63d0061a
3 changed files with 47 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -62,6 +62,8 @@ configuration before relying on it.
Close gh-347 Close gh-347
* Filter for squirrelmail. Close gh-261 * Filter for squirrelmail. Close gh-261
* Filter for tine20. Close gh-583 * Filter for tine20. Close gh-583
* Added action to use badips.com reporting and blacklist
- Requires Python 2.7+
- Enhancements - Enhancements
* Jail names increased to 26 characters and iptables prefix reduced * Jail names increased to 26 characters and iptables prefix reduced

79
config/action.d/badips.py
View File

@ -39,46 +39,45 @@ class BadIPsAction(ActionBase):
"""Fail2Ban action which resports bans to badips.com, and also """Fail2Ban action which resports bans to badips.com, and also
blacklist bad IPs listed on badips.com by using another action's blacklist bad IPs listed on badips.com by using another action's
ban method. ban method.
Parameters
----------
jail : Jail
The jail which the action belongs to.
name : str
Name assigned to the action.
category : str
Valid badips.com category for reporting failures.
score : int, optional
Minimum score for bad IPs. Default 5.
age : str, optional
Age of last report for bad IPs, per badips.com syntax.
Default "24h" (24 hours)
banaction : str, optional
Name of banaction to use for blacklisting bad IPs. If `None`,
no blacklist of IPs will take place.
Default `None`.
bancategory : str, optional
Name of category to use for blacklisting, which can differ
from category used for reporting. e.g. may want to report
"postfix", but want to use whole "mail" category for blacklist.
Default `category`.
updateperiod : int, optional
Time in seconds between updating bad IPs blacklist.
Default 900 (15 minutes)
Raises
------
ValueError
If invalid `category`, `score`, `banaction` or `updateperiod`.
""" """
badips = "http://www.badips.com"
Request = partial( _badips = "http://www.badips.com"
_Request = partial(
Request, headers={'User-Agent': "Fail2Ban %s" % f2bVersion}) Request, headers={'User-Agent': "Fail2Ban %s" % f2bVersion})
def __init__(self, jail, name, category, score=5, age="24h", def __init__(self, jail, name, category, score=5, age="24h",
banaction=None, bancategory=None, updateperiod=900): banaction=None, bancategory=None, updateperiod=900):
"""Initialise action.
Parameters
----------
jail : Jail
The jail which the action belongs to.
name : str
Name assigned to the action.
category : str
Valid badips.com category for reporting failures.
score : int, optional
Minimum score for bad IPs. Default 5.
age : str, optional
Age of last report for bad IPs, per badips.com syntax.
Default "24h" (24 hours)
banaction : str, optional
Name of banaction to use for blacklisting bad IPs. If `None`,
no blacklist of IPs will take place.
Default `None`.
bancategory : str, optional
Name of category to use for blacklisting, which can differ
from category used for reporting. e.g. may want to report
"postfix", but want to use whole "mail" category for blacklist.
Default `category`.
updateperiod : int, optional
Time in seconds between updating bad IPs blacklist.
Default 900 (15 minutes)
Raises
------
ValueError
If invalid `category`, `score`, `banaction` or `updateperiod`.
"""
super(BadIPsAction, self).__init__(jail, name) super(BadIPsAction, self).__init__(jail, name)
self.category = category self.category = category
@ -108,7 +107,7 @@ class BadIPsAction(ActionBase):
""" """
try: try:
response = urlopen( response = urlopen(
cls.Request("/".join([cls.badips, "get", "categories"]))) cls._Request("/".join([cls._badips, "get", "categories"])))
except HTTPError as response: except HTTPError as response:
messages = json.loads(response.read().decode('utf-8')) messages = json.loads(response.read().decode('utf-8'))
self._logSys.error( self._logSys.error(
@ -149,8 +148,8 @@ class BadIPsAction(ActionBase):
Any issues with badips.com request. Any issues with badips.com request.
""" """
try: try:
response = urlopen(cls.Request("?".join([ response = urlopen(cls._Request("?".join([
"/".join([cls.badips, "get", "list", category, str(score)]), "/".join([cls._badips, "get", "list", category, str(score)]),
urlencode({'age': age})]))) urlencode({'age': age})])))
except HTTPError as response: except HTTPError as response:
messages = json.loads(response.read().decode('utf-8')) messages = json.loads(response.read().decode('utf-8'))
@ -332,8 +331,8 @@ class BadIPsAction(ActionBase):
Any issues with badips.com request. Any issues with badips.com request.
""" """
try: try:
response = urlopen(self.Request( response = urlopen(self._Request(
"/".join([self.badips, "add", self.category, aInfo['ip']]))) "/".join([self._badips, "add", self.category, aInfo['ip']])))
except HTTPError as response: except HTTPError as response:
messages = json.loads(response.read().decode('utf-8')) messages = json.loads(response.read().decode('utf-8'))
self._logSys.error( self._logSys.error(

6
config/jail.conf
View File

@ -174,6 +174,12 @@ action_xarf = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(prot
# #
action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"] action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"]
# Report ban via badips.com, and use as blacklist
#
# See BadIPsAction docstring in config/action.d/badips.py for
# documentation for this action.
#
action_badips = badips.py[category="%(name)s", banaction="%(banaction)s"]
# Choose default action. To change, just override value of 'action' with the # Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local