mirror of https://github.com/fail2ban/fail2ban
normalizing time config entries: use time abbreviation (str2seconds) for all time options such 'dbpurgeage', 'bantime', 'findtime', ex.: default '1d' instead '86400';
code review and test case extended;pull/716/head
sebres
parent
48cd1262fe
commit
293a5066d2
|
|
@ -60,4 +60,4 @@ dbfile = /var/lib/fail2ban/fail2ban.sqlite3
|
||||||
# Options: dbpurgeage
|
# Options: dbpurgeage
|
||||||
# Notes.: Sets age at which bans should be purged from the database
|
# Notes.: Sets age at which bans should be purged from the database
|
||||||
# Values: [ SECONDS ] Default: 86400 (24hours)
|
# Values: [ SECONDS ] Default: 86400 (24hours)
|
||||||
dbpurgeage = 86400
|
dbpurgeage = 1d
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@
|
||||||
# See man 5 jail.conf for details.
|
# See man 5 jail.conf for details.
|
||||||
#
|
#
|
||||||
# [DEFAULT]
|
# [DEFAULT]
|
||||||
# bantime = 3600
|
# bantime = 1h
|
||||||
#
|
#
|
||||||
# [sshd]
|
# [sshd]
|
||||||
# enabled = true
|
# enabled = true
|
||||||
|
|
@ -50,7 +50,7 @@ before = paths-debian.conf
|
||||||
|
|
||||||
# "bantime.rndtime" is the max number of seconds using for mixing with random time
|
# "bantime.rndtime" is the max number of seconds using for mixing with random time
|
||||||
# to prevent "clever" botnets calculate exact time IP can be unbanned again:
|
# to prevent "clever" botnets calculate exact time IP can be unbanned again:
|
||||||
#bantime.rndtime = 5*60
|
#bantime.rndtime =
|
||||||
|
|
||||||
# "bantime.maxtime" is the max number of seconds using the ban time can reach (don't grows further)
|
# "bantime.maxtime" is the max number of seconds using the ban time can reach (don't grows further)
|
||||||
#bantime.maxtime =
|
#bantime.maxtime =
|
||||||
|
|
@ -94,11 +94,11 @@ ignoreip = 127.0.0.1/8
|
||||||
ignorecommand =
|
ignorecommand =
|
||||||
|
|
||||||
# "bantime" is the number of seconds that a host is banned.
|
# "bantime" is the number of seconds that a host is banned.
|
||||||
bantime = 600
|
bantime = 10m
|
||||||
|
|
||||||
# A host is banned if it has generated "maxretry" during the last "findtime"
|
# A host is banned if it has generated "maxretry" during the last "findtime"
|
||||||
# seconds.
|
# seconds.
|
||||||
findtime = 600
|
findtime = 10m
|
||||||
|
|
||||||
# "maxretry" is the number of failures before a host get banned.
|
# "maxretry" is the number of failures before a host get banned.
|
||||||
maxretry = 5
|
maxretry = 5
|
||||||
|
|
@ -283,7 +283,7 @@ logpath = %(apache_error_log)s
|
||||||
# for email addresses. The mail outputs are buffered.
|
# for email addresses. The mail outputs are buffered.
|
||||||
port = http,https
|
port = http,https
|
||||||
logpath = %(apache_access_log)s
|
logpath = %(apache_access_log)s
|
||||||
bantime = 172800
|
bantime = 48h
|
||||||
maxretry = 1
|
maxretry = 1
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -695,8 +695,8 @@ maxretry = 5
|
||||||
logpath = /var/log/fail2ban.log
|
logpath = /var/log/fail2ban.log
|
||||||
port = all
|
port = all
|
||||||
protocol = all
|
protocol = all
|
||||||
bantime = 604800 ; 1 week
|
bantime = 1w
|
||||||
findtime = 86400 ; 1 day
|
findtime = 1d
|
||||||
maxretry = 5
|
maxretry = 5
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,7 @@ class Fail2banReader(ConfigReader):
|
||||||
opts = [["string", "loglevel", "INFO" ],
|
opts = [["string", "loglevel", "INFO" ],
|
||||||
["string", "logtarget", "STDERR"],
|
["string", "logtarget", "STDERR"],
|
||||||
["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"],
|
["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"],
|
||||||
["int", "dbpurgeage", 86400]]
|
["string", "dbpurgeage", "1d"]]
|
||||||
self.__opts = ConfigReader.getOptions(self, "Definition", opts)
|
self.__opts = ConfigReader.getOptions(self, "Definition", opts)
|
||||||
|
|
||||||
def convert(self):
|
def convert(self):
|
||||||
|
|
|
||||||
|
|
@ -193,7 +193,7 @@ class Fail2BanDb(object):
|
||||||
|
|
||||||
@purgeage.setter
|
@purgeage.setter
|
||||||
def purgeage(self, value):
|
def purgeage(self, value):
|
||||||
self._purgeAge = int(value)
|
self._purgeAge = MyTime.str2seconds(value)
|
||||||
|
|
||||||
@commitandrollback
|
@commitandrollback
|
||||||
def createDb(self, cur):
|
def createDb(self, cur):
|
||||||
|
|
|
||||||
|
|
@ -111,6 +111,9 @@ class MyTime:
|
||||||
def str2seconds(val):
|
def str2seconds(val):
|
||||||
if isinstance(val, (int, long, float, complex)):
|
if isinstance(val, (int, long, float, complex)):
|
||||||
return val
|
return val
|
||||||
|
# replace together standing abbreviations, example '1d12h' -> '1d 12h':
|
||||||
|
val = re.sub(r"(?i)(?<=[a-z])(\d)", r" \1", val)
|
||||||
|
# replace abbreviation with expression:
|
||||||
for rexp, rpl in (
|
for rexp, rpl in (
|
||||||
(r"days?|da|dd?", 24*60*60), (r"week?|wee?|ww?", 7*24*60*60), (r"months?|mon?", (365*3+366)*24*60*60/4/12),
|
(r"days?|da|dd?", 24*60*60), (r"week?|wee?|ww?", 7*24*60*60), (r"months?|mon?", (365*3+366)*24*60*60/4/12),
|
||||||
(r"years?|yea?|yy?", (365*3+366)*24*60*60/4),
|
(r"years?|yea?|yy?", (365*3+366)*24*60*60/4),
|
||||||
|
|
|
||||||
|
|
@ -576,7 +576,7 @@ class JailsReaderTest(LogCaptureTestCase):
|
||||||
self.assertEqual(sorted(commands),
|
self.assertEqual(sorted(commands),
|
||||||
[['set', 'dbfile',
|
[['set', 'dbfile',
|
||||||
'/var/lib/fail2ban/fail2ban.sqlite3'],
|
'/var/lib/fail2ban/fail2ban.sqlite3'],
|
||||||
['set', 'dbpurgeage', 86400],
|
['set', 'dbpurgeage', '1d'],
|
||||||
['set', 'loglevel', "INFO"],
|
['set', 'loglevel', "INFO"],
|
||||||
['set', 'logtarget', '/var/log/fail2ban.log']])
|
['set', 'logtarget', '/var/log/fail2ban.log']])
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -69,6 +69,15 @@ class DatabaseTest(LogCaptureTestCase):
|
||||||
return
|
return
|
||||||
self.assertEqual(self.dbFilename, self.db.filename)
|
self.assertEqual(self.dbFilename, self.db.filename)
|
||||||
|
|
||||||
|
def testPurgeAge(self):
|
||||||
|
if Fail2BanDb is None: # pragma: no cover
|
||||||
|
return
|
||||||
|
self.assertEqual(self.db.purgeage, 86400)
|
||||||
|
self.db.purgeage = '1y6mon15d5h30m'
|
||||||
|
self.assertEqual(self.db.purgeage, 48652200)
|
||||||
|
self.db.purgeage = '2y 12mon 30d 10h 60m'
|
||||||
|
self.assertEqual(self.db.purgeage, 48652200*2)
|
||||||
|
|
||||||
def testCreateInvalidPath(self):
|
def testCreateInvalidPath(self):
|
||||||
if Fail2BanDb is None: # pragma: no cover
|
if Fail2BanDb is None: # pragma: no cover
|
||||||
return
|
return
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue