github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

- "maxretry" and "bantime" can be overridden in each section 

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_5@157 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.5
Cyril Jaquier 2005-07-28 20:29:45 +00:00
parent 45426598dd
commit 84042dbd31
1 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
fail2ban.py
View File

@ -128,7 +128,7 @@ def getCmdLineOptions(optList):
if opt[0] == "-i": if opt[0] == "-i":
conf["ignoreip"] = opt[1] conf["ignoreip"] = opt[1]
if opt[0] == "-r": if opt[0] == "-r":
conf["retrymax"] = int(opt[1]) conf["maxretry"] = int(opt[1])
if opt[0] == "-p": if opt[0] == "-p":
conf["pidlock"] = opt[1] conf["pidlock"] = opt[1]
if opt[0] == "-k": if opt[0] == "-k":
@ -237,6 +237,12 @@ def main():
# Ignores IP list # Ignores IP list
ignoreIPList = conf["ignoreip"].split(' ') ignoreIPList = conf["ignoreip"].split(' ')
# maxretry option
maxRetry = conf["maxretry"]
# bantime option
banTime = conf["bantime"]
# Checks for root user. This is necessary because log files # Checks for root user. This is necessary because log files
# are owned by root and firewall needs root access. # are owned by root and firewall needs root access.
if not checkForRoot(): if not checkForRoot():
@ -277,8 +283,10 @@ def main():
logSys.debug("to: " + mailConf["to"] + " from: " + mailConf["from"]) logSys.debug("to: " + mailConf["to"] + " from: " + mailConf["from"])
# Options # Options
optionValues = (["bool", "enabled", True], optionValues = (["bool", "enabled", False],
["str", "logfile", "/dev/null"], ["str", "logfile", "/dev/null"],
["int", "maxretry", None],
["int", "bantime", None],
["str", "timeregex", ""], ["str", "timeregex", ""],
["str", "timepattern", ""], ["str", "timepattern", ""],
["str", "failregex", ""], ["str", "failregex", ""],
@ -291,11 +299,19 @@ def main():
for t in confReader.getSections(): for t in confReader.getSections():
l = confReader.getLogOptions(t, optionValues) l = confReader.getLogOptions(t, optionValues)
if l["enabled"]: if l["enabled"]:
# Override maxretry option
if not l["maxretry"] == None:
maxRetry = l["maxretry"]
# Override bantime option
if not l["bantime"] == None:
banTime = l["bantime"]
# Creates a logreader object # Creates a logreader object
lObj = LogReader(l["logfile"], l["timeregex"], l["timepattern"], lObj = LogReader(l["logfile"], l["timeregex"], l["timepattern"],
l["failregex"], conf["bantime"]) l["failregex"], maxRetry, banTime)
# Creates a firewall object # Creates a firewall object
fObj = Firewall(l["fwban"], l["fwunban"], conf["bantime"]) fObj = Firewall(l["fwban"], l["fwunban"], banTime)
# Links them into a list. I'm not really happy # Links them into a list. I'm not really happy
# with this :/ # with this :/
logFwList.append([t, lObj, fObj, dict(), l]) logFwList.append([t, lObj, fObj, dict(), l])
@ -363,7 +379,7 @@ def main():
failTime = fails[attempt][1] failTime = fails[attempt][1]
if failTime < unixTime - findTime: if failTime < unixTime - findTime:
del element[3][attempt] del element[3][attempt]
elif fails[attempt][0] >= conf["maxretry"]: elif fails[attempt][0] >= element[1].getMaxRetry():
aInfo = {"ip": attempt, aInfo = {"ip": attempt,
"failures": element[3][attempt][0], "failures": element[3][attempt][0],
"failtime": failTime} "failtime": failTime}