github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Revert to upstream

Browse Source
pull/401/head
bes.internal 11 years ago
parent 3114fed8d1
commit 7bbfe5c67c
7 changed files with 157 additions and 203 deletions
Show Stats Download Patch File Download Diff File

4
client/filterreader.py
Unescape View File

@ -54,9 +54,7 @@ class FilterReader(ConfigReader):
def getOptions(self, pOpts): def getOptions(self, pOpts):
opts = [["string", "ignoreregex", ""], opts = [["string", "ignoreregex", ""],
["string", "failregex", ""], ["string", "failregex", ""]]
["string", "ignorecommand", ""]
]
self.__opts = ConfigReader.getOptions(self, "Definition", opts, pOpts) self.__opts = ConfigReader.getOptions(self, "Definition", opts, pOpts)
def convert(self): def convert(self):

3
client/jailreader.py
Unescape View File

@ -81,7 +81,6 @@ class JailReader(ConfigReader):
["int", "bantime", 600], ["int", "bantime", 600],
["string", "usedns", "warn"], ["string", "usedns", "warn"],
["string", "failregex", None], ["string", "failregex", None],
["string", "ignorecommand", None],
["string", "ignoreregex", None], ["string", "ignoreregex", None],
["string", "ignoreip", None], ["string", "ignoreip", None],
["string", "filter", ""], ["string", "filter", ""],
@ -161,8 +160,6 @@ class JailReader(ConfigReader):
stream.append(["set", self.__name, "usedns", self.__opts[opt]]) stream.append(["set", self.__name, "usedns", self.__opts[opt]])
elif opt == "failregex": elif opt == "failregex":
stream.append(["set", self.__name, "addfailregex", self.__opts[opt]]) stream.append(["set", self.__name, "addfailregex", self.__opts[opt]])
elif opt == "ignorecommand":
stream.append(["set", self.__name, "ignorecommand", self.__opts[opt]])
elif opt == "ignoreregex": elif opt == "ignoreregex":
for regex in self.__opts[opt].split('\n'): for regex in self.__opts[opt].split('\n'):
# Do not send a command if the rule is empty. # Do not send a command if the rule is empty.

2
common/protocol.py
Unescape View File

@ -49,7 +49,6 @@ protocol = [
["stop <JAIL>", "stops the jail <JAIL>. The jail is removed"], ["stop <JAIL>", "stops the jail <JAIL>. The jail is removed"],
["status <JAIL>", "gets the current status of <JAIL>"], ["status <JAIL>", "gets the current status of <JAIL>"],
['', "JAIL CONFIGURATION", ""], ['', "JAIL CONFIGURATION", ""],
["set <JAIL> ignorecommand <VALUE>", "sets ignorecommand of <JAIL>"],
["set <JAIL> idle on|off", "sets the idle state of <JAIL>"], ["set <JAIL> idle on|off", "sets the idle state of <JAIL>"],
["set <JAIL> addignoreip <IP>", "adds <IP> to the ignore list of <JAIL>"], ["set <JAIL> addignoreip <IP>", "adds <IP> to the ignore list of <JAIL>"],
["set <JAIL> delignoreip <IP>", "removes <IP> from the ignore list of <JAIL>"], ["set <JAIL> delignoreip <IP>", "removes <IP> from the ignore list of <JAIL>"],
@ -75,7 +74,6 @@ protocol = [
["set <JAIL> actionban <ACT> <CMD>", "sets the ban command <CMD> of the action <ACT> for <JAIL>"], ["set <JAIL> actionban <ACT> <CMD>", "sets the ban command <CMD> of the action <ACT> for <JAIL>"],
["set <JAIL> actionunban <ACT> <CMD>", "sets the unban command <CMD> of the action <ACT> for <JAIL>"], ["set <JAIL> actionunban <ACT> <CMD>", "sets the unban command <CMD> of the action <ACT> for <JAIL>"],
['', "JAIL INFORMATION", ""], ['', "JAIL INFORMATION", ""],
["get <JAIL> ignorecommand", "gets ignorecommand of <JAIL>"],
["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"], ["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"],
["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"], ["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"],
["get <JAIL> failregex", "gets the list of regular expressions which matches the failures for <JAIL>"], ["get <JAIL> failregex", "gets the list of regular expressions which matches the failures for <JAIL>"],

3
config/jail.conf
Unescape View File

@ -34,9 +34,6 @@ ignoreip = 127.0.0.1/8
# "bantime" is the number of seconds that a host is banned. # "bantime" is the number of seconds that a host is banned.
bantime = 600 bantime = 600
# External command with space separated output ips to ignore
# ignorecommand = /path/to/command
# A host is banned if it has generated "maxretry" during the last "findtime" # A host is banned if it has generated "maxretry" during the last "findtime"
# seconds. # seconds.
findtime = 600 findtime = 600

32
server/filter.py
Unescape View File

@ -21,7 +21,8 @@ __author__ = "Cyril Jaquier and Fail2Ban Contributors"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2013 Yaroslav Halchenko" __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2013 Yaroslav Halchenko"
__license__ = "GPL" __license__ = "GPL"
#import sys, os, getopt import sys
from failmanager import FailManagerEmpty from failmanager import FailManagerEmpty
from failmanager import FailManager from failmanager import FailManager
from ticket import FailTicket from ticket import FailTicket
@ -42,7 +43,6 @@ logSys = logging.getLogger("fail2ban.filter")
# that matches a given regular expression. This class is instantiated by # that matches a given regular expression. This class is instantiated by
# a Jail object. # a Jail object.
class Filter(JailThread): class Filter(JailThread):
## ##
@ -67,13 +67,12 @@ class Filter(JailThread):
self.__findTime = 6000 self.__findTime = 6000
## The ignore IP list. ## The ignore IP list.
self.__ignoreIpList = [] self.__ignoreIpList = []
## External command
self.__ignoreCommand = False
self.dateDetector = DateDetector() self.dateDetector = DateDetector()
self.dateDetector.addDefaultTemplate() self.dateDetector.addDefaultTemplate()
logSys.debug("Created %s" % self) logSys.debug("Created %s" % self)
def __repr__(self): def __repr__(self):
return "%s(%r)" % (self.__class__.__name__, self.jail) return "%s(%r)" % (self.__class__.__name__, self.jail)
@ -92,6 +91,7 @@ class Filter(JailThread):
logSys.error(e) logSys.error(e)
raise e raise e
def delFailRegex(self, index): def delFailRegex(self, index):
try: try:
del self.__failRegex[index] del self.__failRegex[index]
@ -212,21 +212,6 @@ class Filter(JailThread):
def run(self): # pragma: no cover def run(self): # pragma: no cover
raise Exception("run() is abstract") raise Exception("run() is abstract")
##
# Set external command, for ignoredips
#
def setIgnoreCommand(self, command):
self.__ignoreCommand = command
##
# Get external command, for ignoredips
#
def getIgnoreCommand(self):
return self.__ignoreCommand
## ##
# Ban an IP - http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html # Ban an IP - http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
# Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> # Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
@ -264,9 +249,6 @@ class Filter(JailThread):
self.__ignoreIpList.remove(ip) self.__ignoreIpList.remove(ip)
def getIgnoreIP(self): def getIgnoreIP(self):
if self.__ignoreCommand is not False:
return self.__ignoreIpList + os.popen(self.__ignoreCommand).read().split(" ")
else:
return self.__ignoreIpList return self.__ignoreIpList
## ##
@ -282,12 +264,6 @@ class Filter(JailThread):
# An empty string is always false # An empty string is always false
if i == "": if i == "":
continue continue
# External command with ips to ignore
if self.__ignoreCommand is not False:
ignored_ips = os.popen(self.__ignoreCommand).read().split(" ")
if ip in ignored_ips:
return True
s = i.split('/', 1) s = i.split('/', 1)
# IP address without CIDR mask # IP address without CIDR mask
if len(s) == 1: if len(s) == 1:

6
server/server.py
Unescape View File

@ -187,12 +187,6 @@ class Server:
def addFailRegex(self, name, value): def addFailRegex(self, name, value):
self.__jails.getFilter(name).addFailRegex(value) self.__jails.getFilter(name).addFailRegex(value)
def setIgnoreCommand(self, name, value):
self.__jails.getFilter(name).setIgnoreCommand(value)
def getIgnoreCommand(self, name):
self.__jails.getFilter(name).getIgnoreCommand()
def delFailRegex(self, name, index): def delFailRegex(self, name, index):
self.__jails.getFilter(name).delFailRegex(index) self.__jails.getFilter(name).delFailRegex(index)

6
server/transmitter.py
Unescape View File

@ -152,10 +152,6 @@ class Transmitter:
value = command[2] value = command[2]
self.__server.addIgnoreRegex(name, value) self.__server.addIgnoreRegex(name, value)
return self.__server.getIgnoreRegex(name) return self.__server.getIgnoreRegex(name)
elif command[1] == "ignorecommand":
value = command[2]
self.__server.setIgnoreCommand(name, value)
return self.__server.getIgnoreCommand(name)
elif command[1] == "delignoreregex": elif command[1] == "delignoreregex":
value = int(command[2]) value = int(command[2])
self.__server.delIgnoreRegex(name, value) self.__server.delIgnoreRegex(name, value)
@ -241,8 +237,6 @@ class Transmitter:
return self.__server.getLogPath(name) return self.__server.getLogPath(name)
elif command[1] == "ignoreip": elif command[1] == "ignoreip":
return self.__server.getIgnoreIP(name) return self.__server.getIgnoreIP(name)
elif command[1] == "ignorecommand":
return self.__server.getIgnoreCommand(name)
elif command[1] == "failregex": elif command[1] == "failregex":
return self.__server.getFailRegex(name) return self.__server.getFailRegex(name)
elif command[1] == "ignoreregex": elif command[1] == "ignoreregex":

Write Preview
Loading…
Cancel
Save