|
|
@ -32,6 +32,8 @@ else: # pragma: 3.x no cover
|
|
|
|
from urllib import urlencode
|
|
|
|
from urllib import urlencode
|
|
|
|
|
|
|
|
|
|
|
|
from fail2ban.server.actions import ActionBase
|
|
|
|
from fail2ban.server.actions import ActionBase
|
|
|
|
|
|
|
|
from fail2ban.helpers import str2LogLevel
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
|
|
|
|
class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
|
|
|
@ -70,9 +72,9 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
|
|
|
|
updateperiod : int, optional
|
|
|
|
updateperiod : int, optional
|
|
|
|
Time in seconds between updating bad IPs blacklist.
|
|
|
|
Time in seconds between updating bad IPs blacklist.
|
|
|
|
Default 900 (15 minutes)
|
|
|
|
Default 900 (15 minutes)
|
|
|
|
log : str, optional
|
|
|
|
loglevel : int/str, optional
|
|
|
|
Whether or not to log when an IP is (un)banned.
|
|
|
|
Log level of the message when an IP is (un)banned.
|
|
|
|
Default `yes`.
|
|
|
|
Default `DEBUG`.
|
|
|
|
agent : str, optional
|
|
|
|
agent : str, optional
|
|
|
|
User agent transmitted to server.
|
|
|
|
User agent transmitted to server.
|
|
|
|
Default `Fail2Ban/ver.`
|
|
|
|
Default `Fail2Ban/ver.`
|
|
|
@ -89,7 +91,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
|
|
|
|
return Request(url, headers={'User-Agent': self.agent}, **argv)
|
|
|
|
return Request(url, headers={'User-Agent': self.agent}, **argv)
|
|
|
|
|
|
|
|
|
|
|
|
def __init__(self, jail, name, category, score=3, age="24h", key=None,
|
|
|
|
def __init__(self, jail, name, category, score=3, age="24h", key=None,
|
|
|
|
banaction=None, bancategory=None, bankey=None, updateperiod=900, log="yes", agent="Fail2Ban",
|
|
|
|
banaction=None, bancategory=None, bankey=None, updateperiod=900, loglevel='DEBUG', agent="Fail2Ban",
|
|
|
|
timeout=TIMEOUT):
|
|
|
|
timeout=TIMEOUT):
|
|
|
|
super(BadIPsAction, self).__init__(jail, name)
|
|
|
|
super(BadIPsAction, self).__init__(jail, name)
|
|
|
|
|
|
|
|
|
|
|
@ -102,7 +104,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
|
|
|
|
self.banaction = banaction
|
|
|
|
self.banaction = banaction
|
|
|
|
self.bancategory = bancategory or category
|
|
|
|
self.bancategory = bancategory or category
|
|
|
|
self.bankey = bankey
|
|
|
|
self.bankey = bankey
|
|
|
|
self.log = log
|
|
|
|
self.loglevel = str2LogLevel(loglevel) if isinstance(val, basestring) else loglevel
|
|
|
|
self.updateperiod = updateperiod
|
|
|
|
self.updateperiod = updateperiod
|
|
|
|
|
|
|
|
|
|
|
|
self._bannedips = set()
|
|
|
|
self._bannedips = set()
|
|
|
@ -293,10 +295,9 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
|
|
|
|
exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
|
|
|
|
exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
self._bannedips.add(ip)
|
|
|
|
self._bannedips.add(ip)
|
|
|
|
if self.log is "yes":
|
|
|
|
self._logSys.log(self.loglevel,
|
|
|
|
self._logSys.notice(
|
|
|
|
"Banned IP %s for jail '%s' with action '%s'",
|
|
|
|
"Banned IP %s for jail '%s' with action '%s'",
|
|
|
|
ip, self._jail.name, self.banaction)
|
|
|
|
ip, self._jail.name, self.banaction)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _unbanIPs(self, ips):
|
|
|
|
def _unbanIPs(self, ips):
|
|
|
|
for ip in ips:
|
|
|
|
for ip in ips:
|
|
|
@ -314,10 +315,9 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
|
|
|
|
ip, self._jail.name, self.banaction, e,
|
|
|
|
ip, self._jail.name, self.banaction, e,
|
|
|
|
exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
|
|
|
|
exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
if self.log is "yes":
|
|
|
|
self._logSys.log(self.loglevel,
|
|
|
|
self._logSys.notice(
|
|
|
|
"Unbanned IP %s for jail '%s' with action '%s'",
|
|
|
|
"Unbanned IP %s for jail '%s' with action '%s'",
|
|
|
|
ip, self._jail.name, self.banaction)
|
|
|
|
ip, self._jail.name, self.banaction)
|
|
|
|
|
|
|
|
finally:
|
|
|
|
finally:
|
|
|
|
self._bannedips.remove(ip)
|
|
|
|
self._bannedips.remove(ip)
|
|
|
|
|
|
|
|
|
|
|
|