- Fixed fail2ban-regex. It support "includes" in configuration files.

- Modified "includes" to be more generic. We will probably support URL in the future. - Small refactoring. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@656 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 00:17:56 +00:00 · 2008-03-04 00:17:56 +00:00 · 174ce7027a
parent 6779814d91
commit 174ce7027a
6 changed files with 51 additions and 69 deletions
--- a/client/configparserinc.py
+++ b/client/configparserinc.py
@ -15,6 +15,7 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 # Author: Yaroslav Halchenko
 # Modified: Cyril Jaquier
 # $Revision$
 __author__ = 'Yaroslav Halhenko'
@ -23,8 +24,11 @@ __date__ = '$Date:  $'
 __copyright__ = 'Copyright (c) 2007 Yaroslav Halchenko'
 __license__ = 'GPL'
 import logging, os
 from ConfigParser import SafeConfigParser
-from ConfigParser import NoOptionError, NoSectionError
+
 # Gets the instance of the logger.
 logSys = logging.getLogger("fail2ban.client.config")
 class SafeConfigParserWithIncludes(SafeConfigParser):
 	"""
@ -38,10 +42,10 @@ class SafeConfigParserWithIncludes(SafeConfigParser):
 	Example:
 [INCLUDES]
-files_before = 1.conf
+before = 1.conf
 			   3.conf
-files_after = 1.conf
+after = 1.conf
 	It is a simple implementation, so just basic care is taken about
 	recursion. Includes preserve right order, ie new files are
@ -55,35 +59,42 @@ files_after = 1.conf
 	"""
 	SECTION_NAME = "INCLUDES"
 	#@staticmethod
-	def getIncludedFiles(filename, sectionName='INCLUDES',
+	def getIncludes(resource, seen = []):
 						 defaults={}, seen=[]):
 		"""
-		Given 1 config filename returns list of included files
+		Given 1 config resource returns list of included files
 		(recursively) with the original one as well
 		Simple loops are taken care about
 		"""
-		filenames = []
+		
-		#print "Opening file " + filename
+		# Use a short class name ;)
-		d = defaults.copy()		# so that we do not poison our defaults
+		SCPWI = SafeConfigParserWithIncludes
-		parser = SafeConfigParser(defaults = d)
+		
-		parser.read(filename)
+		parser = SafeConfigParser()
-		newFiles = [ ('files_before', []), ('files_after', []) ]
+		parser.read(resource)
-		if sectionName in parser.sections():
+		
 		resourceDir = os.path.dirname(resource)
 		newFiles = [ ('before', []), ('after', []) ]
 		if SCPWI.SECTION_NAME in parser.sections():
 			for option_name, option_list in newFiles:
-				if option_name in parser.options(sectionName):
+				if option_name in parser.options(SCPWI.SECTION_NAME):
-					newFileNames = parser.get(sectionName, option_name)
+					newResources = parser.get(SCPWI.SECTION_NAME, option_name)
-					for newFileName in newFileNames.split('\n'):
+					for newResource in newResources.split('\n'):
-						if newFileName in seen: continue
+						if os.path.isabs(newResource):
-						option_list += SafeConfigParserWithIncludes.\
+							r = newResource
-									   getIncludedFiles(newFileName,
+						else:
-														defaults=defaults,
+							r = "%s/%s" % (resourceDir, newResource)
-														seen=seen + [filename])
+						if r in seen:
 							continue
 						s = seen + [resource]
 						option_list += SCPWI.getIncludes(r, s)
 		# combine lists
-		filenames = newFiles[0][1] + [filename] + newFiles[1][1]
+		return newFiles[0][1] + [resource] + newFiles[1][1]
-		#print "Includes list for " + filename + " is " + `filenames`
+		#print "Includes list for " + resource + " is " + `resources`
-		return filenames
+	getIncludes = staticmethod(getIncludes)
 	getIncludedFiles = staticmethod(getIncludedFiles)
 	def read(self, filenames):
@ -91,8 +102,7 @@ files_after = 1.conf
 		if not isinstance(filenames, list):
 			filenames = [ filenames ]
 		for filename in filenames:
-			fileNamesFull += SafeConfigParserWithIncludes.\
+			fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename)
-							 getIncludedFiles(filename, defaults=self._defaults)
+		logSys.debug("Reading files: %s" % fileNamesFull)
 		#print "Opening config files " + `fileNamesFull`
 		return SafeConfigParser.read(self, fileNamesFull)
--- a/client/configreader.py
+++ b/client/configreader.py
@ -36,9 +36,7 @@ class ConfigReader(SafeConfigParserWithIncludes):
 	BASE_DIRECTORY = "/etc/fail2ban/"
 	def __init__(self):
-		SafeConfigParserWithIncludes.__init__(self,
+		SafeConfigParserWithIncludes.__init__(self)
 											  {'configpath' : \
 											   ConfigReader.BASE_DIRECTORY} )
 		self.__opts = None
 	#@staticmethod
--- a/config/filter.d/common.conf
+++ b/config/filter.d/common.conf
@ -9,7 +9,7 @@
 [INCLUDES]
 # Load customizations if any available
-files_after = %(configpath)s/filter.d/common.local
+after = common.local
 [DEFAULT]
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@ -9,7 +9,7 @@
 # Read common prefixes. If any customizations available -- read them from
 # common.local
-files_before = %(configpath)s/filter.d/common.conf
+before = common.conf
 [Definition]
--- a/2
+++ b/2
@ -222,7 +222,7 @@ class Fail2banRegex:
 			try:
 				self.__filter.addFailRegex(regex.getFailRegex())
 				try:
-					ret = self.__filter.findFailure(line)
+					ret = self.__filter.processLine(line)
 					if not len(ret) == 0:
 						if found == True:
 							ret[0].append(True)
--- a/server/filter.py
+++ b/server/filter.py
@ -235,9 +235,6 @@ class Filter(JailThread):
 	def processLine(self, line):
 		if not self._isActive():
 			# The jail has been stopped
 			return
 		try:
 			# Decode line to UTF-8
 			l = line.decode('utf-8')
@ -246,25 +243,27 @@ class Filter(JailThread):
 		timeMatch = self.dateDetector.matchTime(l)
 		if not timeMatch:
 			# There is no valid time in this line
-			return
+			return []
 		# Lets split into time part and log part of the line
 		timeLine = timeMatch.group()
 		# Lets leave the beginning in as well, so if there is no
 		# anchore at the beginning of the time regexp, we don't
 		# at least allow injection. Should be harmless otherwise
 		logLine  = l[:timeMatch.start()] + l[timeMatch.end():]
-		for element in self.findFailure(timeLine, logLine):
+		return self.findFailure(timeLine, logLine)
 	def processLineAndAdd(self, line):
 		for element in self.processLine(line):
 			ip = element[0]
 			unixTime = element[1]
-			if unixTime < MyTime.time() - self.__findTime:
+			if unixTime < MyTime.time() - self.getFindTime():
 				break
 			if self.inIgnoreIPList(ip):
-				logSys.debug("Ignore "+ip)
+				logSys.debug("Ignore %s" % ip)
 				continue
-			logSys.debug("Found "+ip)
+			logSys.debug("Found %s" % ip)
 			self.failManager.addFailure(FailTicket(ip, unixTime))
 	##
 	# Returns true if the line should be ignored.
 	#
@ -409,32 +408,7 @@ class FileFilter(Filter):
 			if not self._isActive():
 				# The jail has been stopped
 				break
-			try:
+			self.processLineAndAdd(line)
 				# Decode line to UTF-8
 				line = line.decode('utf-8')
 			except UnicodeDecodeError:
 				pass
 			timeMatch = self.dateDetector.matchTime(line)
 			if not timeMatch:
 				# There is no valid time in this line
 				line = container.readline()
 				continue
 			# Lets split into time part and log part of the line
 			timeLine = timeMatch.group()
 			# Lets leave the beginning in as well, so if there is no
 			# anchore at the beginning of the time regexp, we don't
 			# at least allow injection. Should be harmless otherwise
 			logLine  = line[:timeMatch.start()] + line[timeMatch.end():]
 			for element in self.findFailure(timeLine, logLine):
 				ip = element[0]
 				unixTime = element[1]
 				if unixTime < MyTime.time() - self.getFindTime():
 					break
 				if self.inIgnoreIPList(ip):
 					logSys.debug("Ignore "+ip)
 					continue
 				logSys.debug("Found "+ip)
 				self.failManager.addFailure(FailTicket(ip, unixTime))
 			# Read a new line.
 			line = container.readline()
 		container.close()