- Split Filter into Filter and FileFilter.

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@641 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-12-26 11:46:22 +00:00 · 2007-12-26 11:46:22 +00:00 · 65dcbed591
parent 9199e02853
commit 65dcbed591
5 changed files with 210 additions and 172 deletions
--- a/server/filter.py
+++ b/server/filter.py
@ -57,11 +57,6 @@ class Filter(JailThread):
 		self.jail = jail
 		## The failures manager.
 		self.failManager = FailManager()
-		## The log file handler.
-		self.__crtHandler = None
-		self.__crtFilename = None
-		## The log file path.
-		self.__logPath = []
 		## The regular expression list matching the failures.
 		self.__failRegex = list()
 		## The regular expression list with expressions to ignore.
@ -70,58 +65,12 @@ class Filter(JailThread):
 		self.__findTime = 6000
 		## The ignore IP list.
 		self.__ignoreIpList = []
-		## The last position of the file.
-		self.__lastPos = dict()
-		## The last date in tht log file.
-		self.__lastDate = dict()
 		
 		self.dateDetector = DateDetector()
 		self.dateDetector.addDefaultTemplate()
 		logSys.info("Created Filter")


-	##
-	# Add a log file path
-	#
-	# @param path log file path
-
-	def addLogPath(self, path):
-		self.getLogPath().append(path)
-		# Initialize default values
-		self.__lastDate[path] = 0
-		self.__lastPos[path] = 0
-	
-	##
-	# Delete a log path
-	#
-	# @param path the log file to delete
-	
-	def delLogPath(self, path):
-		self.getLogPath().remove(path)
-		del self.__lastDate[path]
-		del self.__lastPos[path]
-
-	##
-	# Get the log file path
-	#
-	# @return log file path
-		
-	def getLogPath(self):
-		return self.__logPath
-	
-	##
-	# Check whether path is already monitored.
-	#
-	# @param path The path
-	# @return True if the path is already monitored else False
-	
-	def containsLogPath(self, path):
-		try:
-			self.getLogPath().index(path)
-			return True
-		except ValueError:
-			return False
-	
 	##
 	# Add a regular expression which matches the failure.
 	#
@ -284,106 +233,37 @@ class Filter(JailThread):
 				return True
 		return False
 	
-	##
-	# Open the log file.
-	
-	def __openLogFile(self, filename):
-		""" Opens the log file specified on init.
-		"""
+
+	def processLine(self, line):
+		if not self._isActive():
+			# The jail has been stopped
+			return
 		try:
-			self.__crtFilename = filename
-			self.__crtHandler = open(filename)
-			logSys.debug("Opened " + filename)
-			return True
-		except OSError:
-			logSys.error("Unable to open " + filename)
-		except IOError:
-			logSys.error("Unable to read " + filename +
-						 ". Please check permissions")
-		return False
-	
-	##
-	# Close the log file.
-	
-	def __closeLogFile(self):
-		self.__crtFilename = None
-		self.__crtHandler.close()
-
-	##
-	# Set the file position.
-	#
-	# Sets the file position. We must take care of log file rotation
-	# and reset the position to 0 in that case. Use the log message
-	# timestamp in order to detect this.
-	
-	def __setFilePos(self):
-		line = self.__crtHandler.readline()
-		lastDate = self.__lastDate[self.__crtFilename]
-		lineDate = self.dateDetector.getUnixTime(line)
-		if lastDate < lineDate:
-			logSys.debug("Date " + `lastDate` + " is smaller than " + `lineDate`)
-			logSys.debug("Log rotation detected for " + self.__crtFilename)
-			self.__lastPos[self.__crtFilename] = 0
-		lastPos = self.__lastPos[self.__crtFilename]
-		logSys.debug("Setting file position to " + `lastPos` + " for " +
-					 self.__crtFilename)
-		self.__crtHandler.seek(lastPos)
-
-	##
-	# Get the file position.
-	
-	def __getFilePos(self):
-		return self.__crtHandler.tell()
-
-	##
-	# Gets all the failure in the log file.
-	#
-	# Gets all the failure in the log file which are newer than
-	# MyTime.time()-self.findTime. When a failure is detected, a FailTicket
-	# is created and is added to the FailManager.
-	
-	def getFailures(self, filename):
-		# Try to open log file.
-		if not self.__openLogFile(filename):
-			logSys.error("Unable to get failures in " + filename)
-			return False
-		self.__setFilePos()
-		lastTimeLine = None
-		for line in self.__crtHandler:
-			if not self._isActive():
-				# The jail has been stopped
+			# Decode line to UTF-8
+			l = line.decode('utf-8')
+		except UnicodeDecodeError:
+			pass
+		timeMatch = self.dateDetector.matchTime(line)
+		if not timeMatch:
+			# There is no valid time in this line
+			return
+		# Lets split into time part and log part of the line
+		timeLine = timeMatch.group()
+		# Lets leave the beginning in as well, so if there is no
+		# anchore at the beginning of the time regexp, we don't
+		# at least allow injection. Should be harmless otherwise
+		logLine  = l[:timeMatch.start()] + l[timeMatch.end():]
+		for element in self.findFailure(timeLine, logLine):
+			ip = element[0]
+			unixTime = element[1]
+			if unixTime < MyTime.time() - self.__findTime:
 				break
-			try:
-				# Decode line to UTF-8
-				line = line.decode('utf-8')
-			except UnicodeDecodeError:
-				pass
-			timeMatch = self.dateDetector.matchTime(line)
-			if not timeMatch:
-				# There is no valid time in this line
+			if self.inIgnoreIPList(ip):
+				logSys.debug("Ignore "+ip)
 				continue
-			# Lets split into time part and log part of the line
-			timeLine = timeMatch.group()
-			# Lets leave the beginning in as well, so if there is no
-			# anchore at the beginning of the time regexp, we don't
-			# at least allow injection. Should be harmless otherwise
-			logLine  = line[:timeMatch.start()] + line[timeMatch.end():]
-			lastTimeLine = timeLine
-			for element in self.findFailure(timeLine, logLine):
-				ip = element[0]
-				unixTime = element[1]
-				if unixTime < MyTime.time()-self.__findTime:
-					break
-				if self.inIgnoreIPList(ip):
-					logSys.debug("Ignore "+ip)
-					continue
-				logSys.debug("Found "+ip)
-				self.failManager.addFailure(FailTicket(ip, unixTime))
-		self.__lastPos[filename] = self.__getFilePos()
-		if lastTimeLine:
-			self.__lastDate[filename] = self.dateDetector.getUnixTime(lastTimeLine)
-		self.__closeLogFile()
-		return True
+			logSys.debug("Found "+ip)
+			self.failManager.addFailure(FailTicket(ip, unixTime))
+

 	##
 	# Returns true if the line should be ignored.
@ -451,6 +331,164 @@ class Filter(JailThread):
 		return ret


+class FileFilter(Filter):
+	
+	def __init__(self, jail):
+		Filter.__init__(self, jail)
+		## The log file handler.
+		self.__crtHandler = None
+		self.__crtFilename = None
+		## The log file path.
+		self.__logPath = []
+		## The last position of the file.
+		self.__lastPos = dict()
+		## The last date in tht log file.
+		self.__lastDate = dict()
+	
+	##
+	# Add a log file path
+	#
+	# @param path log file path
+
+	def addLogPath(self, path):
+		self.getLogPath().append(path)
+		# Initialize default values
+		self.__lastDate[path] = 0
+		self.__lastPos[path] = 0
+	
+	##
+	# Delete a log path
+	#
+	# @param path the log file to delete
+	
+	def delLogPath(self, path):
+		self.getLogPath().remove(path)
+		del self.__lastDate[path]
+		del self.__lastPos[path]
+
+	##
+	# Get the log file path
+	#
+	# @return log file path
+		
+	def getLogPath(self):
+		return self.__logPath
+	
+	##
+	# Check whether path is already monitored.
+	#
+	# @param path The path
+	# @return True if the path is already monitored else False
+	
+	def containsLogPath(self, path):
+		try:
+			self.getLogPath().index(path)
+			return True
+		except ValueError:
+			return False
+	
+	##
+	# Open the log file.
+	
+	def __openLogFile(self, filename):
+		""" Opens the log file specified on init.
+		"""
+		try:
+			self.__crtFilename = filename
+			self.__crtHandler = open(filename)
+			logSys.debug("Opened " + filename)
+			return True
+		except OSError:
+			logSys.error("Unable to open " + filename)
+		except IOError:
+			logSys.error("Unable to read " + filename +
+						 ". Please check permissions")
+		return False
+	
+	##
+	# Close the log file.
+	
+	def __closeLogFile(self):
+		self.__crtFilename = None
+		self.__crtHandler.close()
+
+	##
+	# Set the file position.
+	#
+	# Sets the file position. We must take care of log file rotation
+	# and reset the position to 0 in that case. Use the log message
+	# timestamp in order to detect this.
+	
+	def __setFilePos(self):
+		line = self.__crtHandler.readline()
+		lastDate = self.__lastDate[self.__crtFilename]
+		lineDate = self.dateDetector.getUnixTime(line)
+		if lastDate < lineDate:
+			logSys.debug("Date " + `lastDate` + " is smaller than " + `lineDate`)
+			logSys.debug("Log rotation detected for " + self.__crtFilename)
+			self.__lastPos[self.__crtFilename] = 0
+		lastPos = self.__lastPos[self.__crtFilename]
+		logSys.debug("Setting file position to " + `lastPos` + " for " +
+					 self.__crtFilename)
+		self.__crtHandler.seek(lastPos)
+
+	##
+	# Get the file position.
+	
+	def __getFilePos(self):
+		return self.__crtHandler.tell()
+	
+	##
+	# Gets all the failure in the log file.
+	#
+	# Gets all the failure in the log file which are newer than
+	# MyTime.time()-self.findTime. When a failure is detected, a FailTicket
+	# is created and is added to the FailManager.
+	
+	def getFailures(self, filename):
+		# Try to open log file.
+		if not self.__openLogFile(filename):
+			logSys.error("Unable to get failures in " + filename)
+			return False
+		self.__setFilePos()
+		lastTimeLine = None
+		for line in self.__crtHandler:
+			if not self._isActive():
+				# The jail has been stopped
+				break
+			try:
+				# Decode line to UTF-8
+				line = line.decode('utf-8')
+			except UnicodeDecodeError:
+				pass
+			timeMatch = self.dateDetector.matchTime(line)
+			if not timeMatch:
+				# There is no valid time in this line
+				continue
+			# Lets split into time part and log part of the line
+			timeLine = timeMatch.group()
+			# Lets leave the beginning in as well, so if there is no
+			# anchore at the beginning of the time regexp, we don't
+			# at least allow injection. Should be harmless otherwise
+			logLine  = line[:timeMatch.start()] + line[timeMatch.end():]
+			lastTimeLine = timeLine
+			for element in self.findFailure(timeLine, logLine):
+				ip = element[0]
+				unixTime = element[1]
+				if unixTime < MyTime.time() - self.getFindTime():
+					break
+				if self.inIgnoreIPList(ip):
+					logSys.debug("Ignore "+ip)
+					continue
+				logSys.debug("Found "+ip)
+				self.failManager.addFailure(FailTicket(ip, unixTime))
+		self.__lastPos[filename] = self.__getFilePos()
+		if lastTimeLine:
+			self.__lastDate[filename] = self.dateDetector.getUnixTime(lastTimeLine)
+		self.__closeLogFile()
+		return True
+
+
 ##
 # Utils class for DNS and IP handling.
 #
--- a/server/filtergamin.py
+++ b/server/filtergamin.py
@ -25,7 +25,7 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

 from failmanager import FailManagerEmpty
-from filter import Filter
+from filter import FileFilter
 from mytime import MyTime

 import time, logging, gamin
@ -40,7 +40,7 @@ logSys = logging.getLogger("fail2ban.filter")
 # that matches a given regular expression. This class is instanciated by
 # a Jail object.

-class FilterGamin(Filter):
+class FilterGamin(FileFilter):

 	##
 	# Constructor.
@ -49,7 +49,7 @@ class FilterGamin(Filter):
 	# @param jail the jail object
 	
 	def __init__(self, jail):
-		Filter.__init__(self, jail)
+		FileFilter.__init__(self, jail)
 		self.__modified = False
 		# Gamin monitor
 		self.monitor = gamin.WatchMonitor()
@ -74,7 +74,7 @@ class FilterGamin(Filter):
 			logSys.error(path + " already exists")
 		else:
 			self.monitor.watch_file(path, self.callback)
-			Filter.addLogPath(self, path)
+			FileFilter.addLogPath(self, path)
 			logSys.info("Added logfile = %s" % path)			
 	
 	##
@ -87,7 +87,7 @@ class FilterGamin(Filter):
 			logSys.error(path + " is not monitored")
 		else:
 			self.monitor.stop_watch(path)
-			Filter.delLogPath(self, path)
+			FileFilter.delLogPath(self, path)
 			logSys.info("Removed logfile = %s" % path)
 		
 	##
@ -126,6 +126,6 @@ class FilterGamin(Filter):
 	# Desallocates the resources used by Gamin.

 	def __cleanup(self):
-		for path in Filter.getLogPath(self):
+		for path in self.getLogPath(self):
 			self.monitor.stop_watch(path)
 		del self.monitor
--- a/server/filterpoll.py
+++ b/server/filterpoll.py
@ -25,7 +25,7 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

 from failmanager import FailManagerEmpty
-from filter import Filter
+from filter import FileFilter
 from mytime import MyTime

 import time, logging, os
@ -40,7 +40,7 @@ logSys = logging.getLogger("fail2ban.filter")
 # that matches a given regular expression. This class is instanciated by
 # a Jail object.

-class FilterPoll(Filter):
+class FilterPoll(FileFilter):

 	##
 	# Constructor.
@ -49,7 +49,7 @@ class FilterPoll(Filter):
 	# @param jail the jail object
 	
 	def __init__(self, jail):
-		Filter.__init__(self, jail)
+		FileFilter.__init__(self, jail)
 		self.__modified = False
 		## The time of the last modification of the file.
 		self.__lastModTime = dict()
@ -67,7 +67,7 @@ class FilterPoll(Filter):
 		else:
 			self.__lastModTime[path] = 0
 			self.__file404Cnt[path] = 0
-			Filter.addLogPath(self, path)
+			FileFilter.addLogPath(self, path)
 			logSys.info("Added logfile = %s" % path)	
 	
 	##
@ -81,7 +81,7 @@ class FilterPoll(Filter):
 		else:
 			del self.__lastModTime[path]
 			del self.__file404Cnt[path]
-			Filter.delLogPath(self, path)
+			FileFilter.delLogPath(self, path)
 			logSys.info("Removed logfile = %s" % path)
 	
 	##
--- a/testcases/datedetectortestcase.py
+++ b/testcases/datedetectortestcase.py
@ -54,14 +54,14 @@ class DateDetectorTest(unittest.TestCase):
 		self.assertEqual(self.__datedetector.getTime(log), date)
 		self.assertEqual(self.__datedetector.getUnixTime(log), dateUnix)

-	def testDefaultTempate(self):
-		self.__datedetector.setDefaultRegex("^\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
-		self.__datedetector.setDefaultPattern("%b %d %H:%M:%S")
-		
-		log = "Jan 23 21:59:59 [sshd] error: PAM: Authentication failure"
-		date = [2005, 1, 23, 21, 59, 59, 1, 23, -1]
-		dateUnix = 1106513999.0
-		
-		self.assertEqual(self.__datedetector.getTime(log), date)
-		self.assertEqual(self.__datedetector.getUnixTime(log), dateUnix)
+#	def testDefaultTempate(self):
+#		self.__datedetector.setDefaultRegex("^\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
+#		self.__datedetector.setDefaultPattern("%b %d %H:%M:%S")
+#		
+#		log = "Jan 23 21:59:59 [sshd] error: PAM: Authentication failure"
+#		date = [2005, 1, 23, 21, 59, 59, 1, 23, -1]
+#		dateUnix = 1106513999.0
+#		
+#		self.assertEqual(self.__datedetector.getTime(log), date)
+#		self.assertEqual(self.__datedetector.getUnixTime(log), dateUnix)
 	
--- a/testcases/filtertestcase.py
+++ b/testcases/filtertestcase.py
@ -26,7 +26,7 @@ __license__ = "GPL"

 import unittest
 from server.filterpoll import FilterPoll
-from server.filter import Filter
+from server.filter import FileFilter
 from server.failmanager import FailManager
 from server.failmanager import FailManagerEmpty

@ -34,7 +34,7 @@ class IgnoreIP(unittest.TestCase):

 	def setUp(self):
 		"""Call before every test case."""
-		self.__filter = Filter(None)
+		self.__filter = FileFilter(None)

 	def tearDown(self):
 		"""Call after every test case."""
@ -86,7 +86,7 @@ class GetFailures(unittest.TestCase):

 	def setUp(self):
 		"""Call before every test case."""
-		self.__filter = Filter(None)
+		self.__filter = FileFilter(None)
 		self.__filter.setActive(True)
 		# TODO Test this
 		#self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")