mirror of https://github.com/fail2ban/fail2ban
- Update help message
- Add -i option: ignore ip list. Space separated ip list - Add -t option: ban time in seconds. 600 to ban ip for 10 minutes - Add a info message saying that fail2ban is running git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@21 a942ae1a-1317-0410-a47c-b1dcaea8d6050.6
parent
bb896fb391
commit
4eeb61c0e1
44
fail2ban.py
44
fail2ban.py
|
@ -29,11 +29,28 @@ __license__ = "GPL"
|
||||||
import posix, time, sys, getopt, os, signal
|
import posix, time, sys, getopt, os, signal
|
||||||
import log4py
|
import log4py
|
||||||
|
|
||||||
|
# Appends our own modules path
|
||||||
|
sys.path.append('/usr/lib/fail2ban')
|
||||||
|
|
||||||
from firewall.iptables import Iptables
|
from firewall.iptables import Iptables
|
||||||
from logreader.metalog import Metalog
|
from logreader.metalog import Metalog
|
||||||
|
from version import version
|
||||||
|
|
||||||
def usage():
|
def usage():
|
||||||
print "fail2ban [-h][-v][-b][-d][-f <pwdfail file>][-l <log file>]"
|
print "Usage: fail2ban.py [OPTIONS]"
|
||||||
|
print
|
||||||
|
print "Fail2Ban v"+version+" reads log file that contains password failure report"
|
||||||
|
print "and bans the corresponding IP address using iptables."
|
||||||
|
print
|
||||||
|
print " -b start fail2ban in background"
|
||||||
|
print " -d start fail2ban in debug mode"
|
||||||
|
print " -f <FILE> read password failure from FILE"
|
||||||
|
print " -h display this help message"
|
||||||
|
print " -l <FILE> log message in FILE"
|
||||||
|
print " -t <TIME> ban IP for TIME seconds"
|
||||||
|
print " -v verbose"
|
||||||
|
print
|
||||||
|
print "Report bugs to <lostcontrol@users.sourceforge.net>"
|
||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
|
|
||||||
def checkForRoot():
|
def checkForRoot():
|
||||||
|
@ -127,12 +144,14 @@ if __name__ == "__main__":
|
||||||
logSys.set_formatstring("%T %L %M")
|
logSys.set_formatstring("%T %L %M")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:')
|
optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:t:i:')
|
||||||
except getopt.GetoptError:
|
except getopt.GetoptError:
|
||||||
usage()
|
usage()
|
||||||
|
|
||||||
debug = False
|
debug = False
|
||||||
logFilePath = "/var/log/pwdfail/current"
|
logFilePath = "/var/log/pwdfail/current"
|
||||||
|
banTime = 600
|
||||||
|
ignoreIPList = {}
|
||||||
|
|
||||||
for opt in optList:
|
for opt in optList:
|
||||||
if opt[0] == "-h":
|
if opt[0] == "-h":
|
||||||
|
@ -157,18 +176,33 @@ if __name__ == "__main__":
|
||||||
logSys.set_target(opt[1])
|
logSys.set_target(opt[1])
|
||||||
except IOError:
|
except IOError:
|
||||||
logSys.error("Unable to log to "+opt[1])
|
logSys.error("Unable to log to "+opt[1])
|
||||||
logSys.error("Use default output for logging")
|
logSys.error("Using default output for logging")
|
||||||
|
if opt[0] == "-t":
|
||||||
|
try:
|
||||||
|
banTime = int(opt[1])
|
||||||
|
except ValueError:
|
||||||
|
logSys.error("banTime must be an integer")
|
||||||
|
logSys.error("Using default value")
|
||||||
|
if opt[0] == "-i":
|
||||||
|
ignoreIPList = opt[1].split(' ')
|
||||||
|
|
||||||
if not checkForRoot():
|
if not checkForRoot():
|
||||||
logSys.error("You must be root")
|
logSys.error("You must be root")
|
||||||
if not debug:
|
if not debug:
|
||||||
sys.exit(-1)
|
sys.exit(-1)
|
||||||
|
|
||||||
fireWall = Iptables(600, logSys)
|
logSys.debug("logFilePath is "+logFilePath)
|
||||||
logFile = Metalog(logFilePath, logSys, 600)
|
logSys.debug("BanTime is "+`banTime`)
|
||||||
|
|
||||||
|
fireWall = Iptables(banTime, logSys)
|
||||||
|
logFile = Metalog(logFilePath, logSys, banTime)
|
||||||
|
|
||||||
logFile.addIgnoreIP("127.0.0.1")
|
logFile.addIgnoreIP("127.0.0.1")
|
||||||
|
while len(ignoreIPList) > 0:
|
||||||
|
ip = ignoreIPList.pop()
|
||||||
|
logFile.addIgnoreIP(ip)
|
||||||
|
|
||||||
|
logSys.info("Fail2Ban v"+version+" is running")
|
||||||
while True:
|
while True:
|
||||||
try:
|
try:
|
||||||
sys.stdout.flush()
|
sys.stdout.flush()
|
||||||
|
|
Loading…
Reference in New Issue