From ec4c4b12c1f86769f021216482f4a380ca02d4bc Mon Sep 17 00:00:00 2001
From: Ben RUBSON <ben.rubson@gmail.com>
Date: Sun, 19 Aug 2018 22:35:09 +0200
Subject: [PATCH 1/5] Add yes/no log option to badips.py

---
 config/action.d/badips.py | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/config/action.d/badips.py b/config/action.d/badips.py
index 4e50890c..95bfbe14 100644
--- a/config/action.d/badips.py
+++ b/config/action.d/badips.py
@@ -70,6 +70,9 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 	updateperiod : int, optional
 		Time in seconds between updating bad IPs blacklist.
 		Default 900 (15 minutes)
+	log : str, optional
+		Whether or not to log when an IP id (un)banned.
+		Default `yes`.
 	agent : str, optional
 		User agent transmitted to server.
 		Default `Fail2Ban/ver.`
@@ -86,7 +89,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 		return Request(url, headers={'User-Agent': self.agent}, **argv)
 
 	def __init__(self, jail, name, category, score=3, age="24h", key=None,
-		banaction=None, bancategory=None, bankey=None, updateperiod=900, agent="Fail2Ban", 
+		banaction=None, bancategory=None, bankey=None, updateperiod=900, log="yes", agent="Fail2Ban", 
 		timeout=TIMEOUT):
 		super(BadIPsAction, self).__init__(jail, name)
 
@@ -99,6 +102,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 		self.banaction = banaction
 		self.bancategory = bancategory or category
 		self.bankey = bankey
+		self.log = log
 		self.updateperiod = updateperiod
 
 		self._bannedips = set()
@@ -289,9 +293,10 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 					exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
 			else:
 				self._bannedips.add(ip)
-				self._logSys.debug(
-					"Banned IP %s for jail '%s' with action '%s'",
-					ip, self._jail.name, self.banaction)
+				if self.log is "yes":
+					self._logSys.notice(
+						"Banned IP %s for jail '%s' with action '%s'",
+						ip, self._jail.name, self.banaction)
 
 	def _unbanIPs(self, ips):
 		for ip in ips:
@@ -304,14 +309,15 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 					'ipjailmatches': "",
 				})
 			except Exception as e:
-				self._logSys.info(
+				self._logSys.error(
 					"Error unbanning IP %s for jail '%s' with action '%s': %s",
 					ip, self._jail.name, self.banaction, e,
 					exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
 			else:
-				self._logSys.debug(
-					"Unbanned IP %s for jail '%s' with action '%s'",
-					ip, self._jail.name, self.banaction)
+				if self.log is "yes":
+					self._logSys.notice(
+						"Unbanned IP %s for jail '%s' with action '%s'",
+						ip, self._jail.name, self.banaction)
 			finally:
 				self._bannedips.remove(ip)
 

From 70e53b55c558e9ccdb1a59d86031385dcd3023b0 Mon Sep 17 00:00:00 2001
From: Ben RUBSON <ben.rubson@gmail.com>
Date: Sun, 19 Aug 2018 22:39:18 +0200
Subject: [PATCH 2/5] Typo

---
 config/action.d/badips.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/action.d/badips.py b/config/action.d/badips.py
index 95bfbe14..c1c46ae3 100644
--- a/config/action.d/badips.py
+++ b/config/action.d/badips.py
@@ -71,7 +71,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 		Time in seconds between updating bad IPs blacklist.
 		Default 900 (15 minutes)
 	log : str, optional
-		Whether or not to log when an IP id (un)banned.
+		Whether or not to log when an IP is (un)banned.
 		Default `yes`.
 	agent : str, optional
 		User agent transmitted to server.

From 9d7c0e00c132c04a4d77eb5d684116780300e207 Mon Sep 17 00:00:00 2001
From: Ben RUBSON <ben.rubson@gmail.com>
Date: Sat, 8 Sep 2018 09:28:42 +0200
Subject: [PATCH 3/5] Also log number of IPs removed/added

---
 config/action.d/badips.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/config/action.d/badips.py b/config/action.d/badips.py
index c1c46ae3..97b45fa8 100644
--- a/config/action.d/badips.py
+++ b/config/action.d/badips.py
@@ -343,13 +343,16 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 				ips = self.getList(
 					self.bancategory, self.score, self.age, self.bankey)
 				# Remove old IPs no longer listed
-				self._unbanIPs(self._bannedips - ips)
+				s = self._bannedips - ips
+				m = len(s)
+				self._unbanIPs(s)
 				# Add new IPs which are now listed
-				self._banIPs(ips - self._bannedips)
-
-				self._logSys.debug(
-					"Updated IPs for jail '%s'. Update again in %i seconds",
-					self._jail.name, self.updateperiod)
+				s = ips - self._bannedips
+				p = len(s)
+				self._banIPs(s)
+				self._logSys.info(
+					"Updated IPs for jail '%s' (-%d/+%d). Update again in %i seconds",
+					self._jail.name, m, p, self.updateperiod)
 			finally:
 				self._timer = threading.Timer(self.updateperiod, self.update)
 				self._timer.start()

From 4b751c84c353ac0254addad6bb89167df2dcdd25 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <serg.brester@sebres.de>
Date: Tue, 2 Oct 2018 12:32:15 +0200
Subject: [PATCH 4/5] badips.py: Rewrite new bool option "log" as "loglevel"
 and revert default to log-level (DEBUG).

---
 config/action.d/badips.py | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/config/action.d/badips.py b/config/action.d/badips.py
index 97b45fa8..0d03f1d1 100644
--- a/config/action.d/badips.py
+++ b/config/action.d/badips.py
@@ -32,6 +32,8 @@ else: # pragma: 3.x no cover
 	from urllib import urlencode
 
 from fail2ban.server.actions import ActionBase
+from fail2ban.helpers import str2LogLevel
+
 
 
 class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
@@ -70,9 +72,9 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 	updateperiod : int, optional
 		Time in seconds between updating bad IPs blacklist.
 		Default 900 (15 minutes)
-	log : str, optional
-		Whether or not to log when an IP is (un)banned.
-		Default `yes`.
+	loglevel : int/str, optional
+		Log level of the message when an IP is (un)banned.
+		Default `DEBUG`.
 	agent : str, optional
 		User agent transmitted to server.
 		Default `Fail2Ban/ver.`
@@ -89,7 +91,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 		return Request(url, headers={'User-Agent': self.agent}, **argv)
 
 	def __init__(self, jail, name, category, score=3, age="24h", key=None,
-		banaction=None, bancategory=None, bankey=None, updateperiod=900, log="yes", agent="Fail2Ban", 
+		banaction=None, bancategory=None, bankey=None, updateperiod=900, loglevel='DEBUG', agent="Fail2Ban", 
 		timeout=TIMEOUT):
 		super(BadIPsAction, self).__init__(jail, name)
 
@@ -102,7 +104,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 		self.banaction = banaction
 		self.bancategory = bancategory or category
 		self.bankey = bankey
-		self.log = log
+		self.loglevel = str2LogLevel(loglevel) if isinstance(val, basestring) else loglevel
 		self.updateperiod = updateperiod
 
 		self._bannedips = set()
@@ -293,10 +295,9 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 					exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
 			else:
 				self._bannedips.add(ip)
-				if self.log is "yes":
-					self._logSys.notice(
-						"Banned IP %s for jail '%s' with action '%s'",
-						ip, self._jail.name, self.banaction)
+				self._logSys.log(self.loglevel,
+					"Banned IP %s for jail '%s' with action '%s'",
+					ip, self._jail.name, self.banaction)
 
 	def _unbanIPs(self, ips):
 		for ip in ips:
@@ -314,10 +315,9 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 					ip, self._jail.name, self.banaction, e,
 					exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
 			else:
-				if self.log is "yes":
-					self._logSys.notice(
-						"Unbanned IP %s for jail '%s' with action '%s'",
-						ip, self._jail.name, self.banaction)
+				self._logSys.log(self.loglevel,
+					"Unbanned IP %s for jail '%s' with action '%s'",
+					ip, self._jail.name, self.banaction)
 			finally:
 				self._bannedips.remove(ip)
 

From 65676baf8c5eb3917269f99e6f8fb2fb8e422291 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <github@sebres.de>
Date: Tue, 2 Oct 2018 12:38:29 +0200
Subject: [PATCH 5/5] fixed py3 incompatibility (for some reasons this file
 seems to be excluded from 2to3), anyway not needed, because int-type is
 already checked in str2LogLevel

---
 config/action.d/badips.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/action.d/badips.py b/config/action.d/badips.py
index 0d03f1d1..1ad711f4 100644
--- a/config/action.d/badips.py
+++ b/config/action.d/badips.py
@@ -104,7 +104,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 		self.banaction = banaction
 		self.bancategory = bancategory or category
 		self.bankey = bankey
-		self.loglevel = str2LogLevel(loglevel) if isinstance(val, basestring) else loglevel
+		self.loglevel = str2LogLevel(loglevel)
 		self.updateperiod = updateperiod
 
 		self._bannedips = set()
@@ -350,7 +350,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
 				s = ips - self._bannedips
 				p = len(s)
 				self._banIPs(s)
-				self._logSys.info(
+				self._logSys.log(self.loglevel,
 					"Updated IPs for jail '%s' (-%d/+%d). Update again in %i seconds",
 					self._jail.name, m, p, self.updateperiod)
 			finally: