Merge branch 'enh/fakegooglebot' of https://github.com/yarikoptic/fail2ban into yarikoptic-enh/fakegooglebot

Conflicts: config/filter.d/ignorecommands/apache-fakegooglebot
2015-02-02 13:01:23 -05:00 · 2015-02-02 13:01:23 -05:00 · 841c476045
parent 7e94ba6f0c 15b65c7ad2
commit 841c476045
2 changed files with 39 additions and 20 deletions
--- a/config/filter.d/ignorecommands/apache-fakegooglebot
+++ b/config/filter.d/ignorecommands/apache-fakegooglebot
@ -1,21 +1,32 @@
-#!/bin/sh
-# Based on: https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/
+#!/usr/bin/python
+# Inspired by https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/
+#
+# Written in Python to reuse built-in Python batteries and not depend on
+# presence of host and cut commands
+#
+import sys

-if [ "$#" -ne 1 ]; then
-    echo "Unexpected number of arguments: $#"
-    exit 1
-else
-    b="$1"
-    h=$(host ${b})
-    if echo ${h} | grep -e ' crawl-.*\.googlebot\.com\.$'; then
-      h=$(echo ${h} | cut -f5 -d' ')
-      n=$(host ${h} | cut -f4 -d' ')
-      if [ "${n}" = "${b}" ] ; then
-        exit 0
-      else
-        exit 1
-      fi
-    else
-      exit 1
-    fi
-fi
+def process_args(argv):
+    if len(argv) != 2:
+       sys.stderr.write("Please provide a single IP as an argument. Got: %s\n"
+                        % (argv[1:]))
+       sys.exit(2)
+
+    ip = argv[1]
+
+    from fail2ban.server.filter import DNSUtils
+    if not DNSUtils.isValidIP(ip):
+       sys.stderr.write("Argument must be a single valid IP. Got: %s\n"
+                        % ip)
+       sys.exit(3)
+    return ip
+
+def is_googlebot(ip):
+    import re
+    from fail2ban.server.filter import DNSUtils
+
+    host = DNSUtils.ipToName(ip)
+    sys.exit(0 if (host and re.match('crawl-.*\.googlebot\.com', host)) else 1)
+
+if __name__ == '__main__':
+    is_googlebot(process_args(sys.argv))
--- a/fail2ban/server/filter.py
+++ b/fail2ban/server/filter.py
@ -852,6 +852,14 @@ class DNSUtils:
 						% (dns, e))
 			return list()

+	@staticmethod
+	def ipToName(ip):
+		try:
+			return socket.gethostbyaddr(ip)[0]
+		except socket.error, e:
+			logSys.debug("Unable to find a name for the IP %s: %s" % (ip, e))
+			return None
+
 	@staticmethod
 	def searchIP(text):
 		""" Search if an IP address if directly available and return