diff --git a/config/action.d/badips.py b/config/action.d/badips.py index 4e50890c..1ad711f4 100644 --- a/config/action.d/badips.py +++ b/config/action.d/badips.py @@ -32,6 +32,8 @@ else: # pragma: 3.x no cover from urllib import urlencode from fail2ban.server.actions import ActionBase +from fail2ban.helpers import str2LogLevel + class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable @@ -70,6 +72,9 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable updateperiod : int, optional Time in seconds between updating bad IPs blacklist. Default 900 (15 minutes) + loglevel : int/str, optional + Log level of the message when an IP is (un)banned. + Default `DEBUG`. agent : str, optional User agent transmitted to server. Default `Fail2Ban/ver.` @@ -86,7 +91,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable return Request(url, headers={'User-Agent': self.agent}, **argv) def __init__(self, jail, name, category, score=3, age="24h", key=None, - banaction=None, bancategory=None, bankey=None, updateperiod=900, agent="Fail2Ban", + banaction=None, bancategory=None, bankey=None, updateperiod=900, loglevel='DEBUG', agent="Fail2Ban", timeout=TIMEOUT): super(BadIPsAction, self).__init__(jail, name) @@ -99,6 +104,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable self.banaction = banaction self.bancategory = bancategory or category self.bankey = bankey + self.loglevel = str2LogLevel(loglevel) self.updateperiod = updateperiod self._bannedips = set() @@ -289,7 +295,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG) else: self._bannedips.add(ip) - self._logSys.debug( + self._logSys.log(self.loglevel, "Banned IP %s for jail '%s' with action '%s'", ip, self._jail.name, self.banaction) @@ -304,12 +310,12 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable 'ipjailmatches': "", }) except Exception as e: - self._logSys.info( + self._logSys.error( "Error unbanning IP %s for jail '%s' with action '%s': %s", ip, self._jail.name, self.banaction, e, exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG) else: - self._logSys.debug( + self._logSys.log(self.loglevel, "Unbanned IP %s for jail '%s' with action '%s'", ip, self._jail.name, self.banaction) finally: @@ -337,13 +343,16 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable ips = self.getList( self.bancategory, self.score, self.age, self.bankey) # Remove old IPs no longer listed - self._unbanIPs(self._bannedips - ips) + s = self._bannedips - ips + m = len(s) + self._unbanIPs(s) # Add new IPs which are now listed - self._banIPs(ips - self._bannedips) - - self._logSys.debug( - "Updated IPs for jail '%s'. Update again in %i seconds", - self._jail.name, self.updateperiod) + s = ips - self._bannedips + p = len(s) + self._banIPs(s) + self._logSys.log(self.loglevel, + "Updated IPs for jail '%s' (-%d/+%d). Update again in %i seconds", + self._jail.name, m, p, self.updateperiod) finally: self._timer = threading.Timer(self.updateperiod, self.update) self._timer.start()