mirror of https://github.com/fail2ban/fail2ban
Yaroslav Halchenko
10 years ago
1 changed files with 181 additions and 0 deletions
@ -0,0 +1,181 @@
|
||||
#!/usr/bin/perl |
||||
########################################################################## |
||||
# $Id: fail2ban 150 2013-06-18 22:19:38Z mtremaine $ |
||||
########################################################################## |
||||
# $Log: fail2ban,v $ |
||||
# Revision 1.5 2008/08/18 16:07:46 mike |
||||
# Patches from Paul Gear <paul at libertysys.com> -mgt |
||||
# |
||||
# Revision 1.4 2008/06/30 23:07:51 kirk |
||||
# fixed copyright holders for files where I know who they should be |
||||
# |
||||
# Revision 1.3 2008/03/24 23:31:26 kirk |
||||
# added copyright/license notice to each script |
||||
# |
||||
# Revision 1.2 2006/12/15 04:53:59 bjorn |
||||
# Additional filtering, by Willi Mann. |
||||
# |
||||
# Revision 1.1 2006/05/30 19:04:26 bjorn |
||||
# Added fail2ban service, written by Yaroslav Halchenko. |
||||
# |
||||
# Written by Yaroslav Halchenko <debian@onerussian.com> for fail2ban |
||||
# |
||||
########################################################################## |
||||
|
||||
######################################################## |
||||
## Copyright (c) 2008 Yaroslav Halchenko |
||||
## Covered under the included MIT/X-Consortium License: |
||||
## http://www.opensource.org/licenses/mit-license.php |
||||
## All modifications and contributions by other persons to |
||||
## this script are assumed to have been donated to the |
||||
## Logwatch project and thus assume the above copyright |
||||
## and licensing terms. If you want to make contributions |
||||
## under your own copyright or a different license this |
||||
## must be explicitly stated in the contribution an the |
||||
## Logwatch project reserves the right to not accept such |
||||
## contributions. If you have made significant |
||||
## contributions to this script and want to claim |
||||
## copyright please contact logwatch-devel@lists.sourceforge.net. |
||||
######################################################### |
||||
|
||||
use strict; |
||||
use Logwatch ':all'; |
||||
|
||||
my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; |
||||
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; |
||||
my $IgnoreHost = $ENV{'sshd_ignore_host'} || ""; |
||||
my $DebugCounter = 0; |
||||
my $ReInitializations = 0; |
||||
my @IptablesErrors = (); |
||||
my @ActionErrors = (); |
||||
my $NotValidIP = 0; # reported invalid IPs number |
||||
my @OtherList = (); |
||||
|
||||
my %ServicesBans = (); |
||||
|
||||
if ( $Debug >= 5 ) { |
||||
print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n"; |
||||
$DebugCounter = 1; |
||||
} |
||||
|
||||
while (defined(my $ThisLine = <STDIN>)) { |
||||
if ( $Debug >= 5 ) { |
||||
print STDERR "DEBUG($DebugCounter): $ThisLine"; |
||||
$DebugCounter++; |
||||
} |
||||
chomp($ThisLine); |
||||
if ( ($ThisLine =~ /..,... DEBUG: /) or |
||||
($ThisLine =~ /..,... \S*\s*: DEBUG /) or # syntax of 0.7.? fail2ban |
||||
($ThisLine =~ /..,... INFO: (Fail2Ban v.* is running|Exiting|Enabled sections:)/) or |
||||
($ThisLine =~ /INFO\s+Log rotation detected for/) or |
||||
($ThisLine =~ /INFO\s+Jail.+(?:stopped|started|uses poller)/) or |
||||
($ThisLine =~ /INFO\s+Changed logging target to/) or |
||||
($ThisLine =~ /INFO\s+Creating new jail/) or |
||||
($ThisLine =~ /..,... \S+\s*: INFO\s+(Set |Socket|Exiting|Gamin|Created|Added|Using)/) or # syntax of 0.7.? fail2ban |
||||
($ThisLine =~ /..,... WARNING: Verbose level is /) or |
||||
($ThisLine =~ /..,... WARNING: Restoring firewall rules/) |
||||
) |
||||
{ |
||||
if ( $Debug >= 6 ) { |
||||
print STDERR "DEBUG($DebugCounter): line ignored\n"; |
||||
} |
||||
} elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) { |
||||
if ( $Debug >= 6 ) { |
||||
print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n"; |
||||
} |
||||
$ServicesBans{$Service}{$Host}{$Action}++; |
||||
$ServicesBans{$Service}{"(all)"}{$Action}++; |
||||
} elsif ( my ($Service,$Host,$NumFailures) = ($ThisLine =~ m/INFO: (\S+): (.+) has (\d+) login failure\(s\). Banned./)) { |
||||
if ($Debug >= 4) { |
||||
print STDERR "DEBUG: Found host $Host trying to access $Service - failed $NumFailures times\n"; |
||||
} |
||||
push @{$ServicesBans{$Service}{$Host}{'Failures'}}, $NumFailures; |
||||
} elsif ( my ($Service,$Host) = ($ThisLine =~ m/ ERROR:\s(.*):\s(\S+)\salready in ban list/)) { |
||||
$ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++; |
||||
} elsif ( my ($Service,$Host) = ($ThisLine =~ m/WARNING\s*\[(.*)\]\s*(\S+)\s*already banned/)) { |
||||
$ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++; |
||||
} elsif ( my ($Service,$Host) = ($ThisLine =~ m/ WARNING:\s(.*):\sReBan (\S+)/)) { |
||||
$ServicesBans{$Service}{$Host}{'ReBan'}++; |
||||
} elsif ($ThisLine =~ / ERROR:?\s*(Execution of command )?\'?iptables/) { |
||||
push @IptablesErrors, "$ThisLine\n"; |
||||
} elsif ($ThisLine =~ /ERROR.*returned \d+$/) { |
||||
push @ActionErrors, "$ThisLine\n"; |
||||
} elsif (($ThisLine =~ /..,... WARNING: \#\S+ reinitialization of firewalls/) or |
||||
($ThisLine =~ / ERROR\s*Invariant check failed. Trying to restore a sane environment/)) { |
||||
$ReInitializations++; |
||||
} elsif ($ThisLine =~ /..,... WARNING: is not a valid IP address/) { |
||||
# just ignore - this will be fixed within fail2ban and is harmless warning |
||||
} |
||||
else |
||||
{ |
||||
# Report any unmatched entries... |
||||
push @OtherList, "$ThisLine\n"; |
||||
} |
||||
} |
||||
|
||||
########################################################### |
||||
|
||||
|
||||
if (keys %ServicesBans) { |
||||
printf("\nBanned services with Fail2Ban: Bans:Unbans\n"); |
||||
foreach my $service (sort {$a cmp $b} keys %ServicesBans) { |
||||
printf(" %-55s [%3d:%-3d]\n", "$service:", |
||||
$ServicesBans{$service}{'(all)'}{'Ban'}, |
||||
$ServicesBans{$service}{'(all)'}{'Unban'}); |
||||
delete $ServicesBans{$service}{'(all)'}; |
||||
my $totalSort = TotalCountOrder(%{$ServicesBans{$service}}, \&SortIP); |
||||
if ($Detail >= 5) { |
||||
foreach my $ip (sort $totalSort keys %{$ServicesBans{$service}}) { |
||||
my $name = LookupIP($ip); |
||||
printf(" %-53s %3d:%-3d\n", |
||||
$name, |
||||
$ServicesBans{$service}{$ip}{'Ban'}, |
||||
$ServicesBans{$service}{$ip}{'Unban'}); |
||||
if (($Detail >= 10) and ($ServicesBans{$service}{$ip}{'Failures'}>0)) { |
||||
print " Failed "; |
||||
foreach my $fails (@{$ServicesBans{$service}{$ip}{'Failures'}}) { |
||||
print " $fails"; |
||||
} |
||||
print " times"; |
||||
printf("\n %d Duplicate Ban attempts", $ServicesBans{$service}{$ip}{'AlreadyInTheList'}) ; |
||||
printf("\n %d ReBans due to rules reinitilizations", $ServicesBans{$service}{$ip}{'ReBan'}) ; |
||||
print "\n"; |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
|
||||
|
||||
if ($Detail>0) { |
||||
if ($#IptablesErrors > 0) { |
||||
printf("\n%d faulty iptables invocation(s)", $#IptablesErrors); |
||||
if ($Detail > 5) { |
||||
print ":\n"; |
||||
print @IptablesErrors ; |
||||
} |
||||
} |
||||
if ($#ActionErrors > 0) { |
||||
printf("\n%d error(s) returned from actions", $#ActionErrors); |
||||
if ($Detail > 5) { |
||||
print ":\n"; |
||||
print @ActionErrors ; |
||||
} |
||||
} |
||||
if ($ReInitializations > 0) { |
||||
printf("\n%d fail2ban rules reinitialization(s)", $ReInitializations); |
||||
} |
||||
if ($#OtherList >= 0) { |
||||
print "\n**Unmatched Entries**\n"; |
||||
print @OtherList; |
||||
} |
||||
} |
||||
|
||||
exit(0); |
||||
|
||||
# vi: shiftwidth=3 tabstop=3 syntax=perl et |
||||
# Local Variables: |
||||
# mode: perl |
||||
# perl-indent-level: 3 |
||||
# indent-tabs-mode: nil |
||||
# End: |
||||
Loading…
Reference in new issue