github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

- Update help message 

- Add -i option: ignore ip list. Space separated ip list
- Add -t option: ban time in seconds. 600 to ban ip for 10 minutes
- Add a info message saying that fail2ban is running


git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@21 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.6
Cyril Jaquier 2004-10-12 21:44:09 +00:00
parent bb896fb391
commit 4eeb61c0e1
1 changed files with 39 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
fail2ban.py
View File

@ -29,11 +29,28 @@ __license__ = "GPL"
import posix, time, sys, getopt, os, signal import posix, time, sys, getopt, os, signal
import log4py import log4py
# Appends our own modules path
sys.path.append('/usr/lib/fail2ban')
from firewall.iptables import Iptables from firewall.iptables import Iptables
from logreader.metalog import Metalog from logreader.metalog import Metalog
from version import version
def usage(): def usage():
print "fail2ban [-h][-v][-b][-d][-f <pwdfail file>][-l <log file>]" print "Usage: fail2ban.py [OPTIONS]"
print
print "Fail2Ban v"+version+" reads log file that contains password failure report"
print "and bans the corresponding IP address using iptables."
print
print " -b start fail2ban in background"
print " -d start fail2ban in debug mode"
print " -f <FILE> read password failure from FILE"
print " -h display this help message"
print " -l <FILE> log message in FILE"
print " -t <TIME> ban IP for TIME seconds"
print " -v verbose"
print
print "Report bugs to <lostcontrol@users.sourceforge.net>"
sys.exit(0) sys.exit(0)
def checkForRoot(): def checkForRoot():
@ -127,12 +144,14 @@ if __name__ == "__main__":
logSys.set_formatstring("%T %L %M") logSys.set_formatstring("%T %L %M")
try: try:
optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:') optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:t:i:')
except getopt.GetoptError: except getopt.GetoptError:
usage() usage()
debug = False debug = False
logFilePath = "/var/log/pwdfail/current" logFilePath = "/var/log/pwdfail/current"
banTime = 600
ignoreIPList = {}
for opt in optList: for opt in optList:
if opt[0] == "-h": if opt[0] == "-h":
@ -157,18 +176,33 @@ if __name__ == "__main__":
logSys.set_target(opt[1]) logSys.set_target(opt[1])
except IOError: except IOError:
logSys.error("Unable to log to "+opt[1]) logSys.error("Unable to log to "+opt[1])
logSys.error("Use default output for logging") logSys.error("Using default output for logging")
if opt[0] == "-t":
try:
banTime = int(opt[1])
except ValueError:
logSys.error("banTime must be an integer")
logSys.error("Using default value")
if opt[0] == "-i":
ignoreIPList = opt[1].split(' ')
if not checkForRoot(): if not checkForRoot():
logSys.error("You must be root") logSys.error("You must be root")
if not debug: if not debug:
sys.exit(-1) sys.exit(-1)
fireWall = Iptables(600, logSys) logSys.debug("logFilePath is "+logFilePath)
logFile = Metalog(logFilePath, logSys, 600) logSys.debug("BanTime is "+`banTime`)
fireWall = Iptables(banTime, logSys)
logFile = Metalog(logFilePath, logSys, banTime)
logFile.addIgnoreIP("127.0.0.1") logFile.addIgnoreIP("127.0.0.1")
while len(ignoreIPList) > 0:
ip = ignoreIPList.pop()
logFile.addIgnoreIP(ip)
logSys.info("Fail2Ban v"+version+" is running")
while True: while True:
try: try:
sys.stdout.flush() sys.stdout.flush()