- Merged "maxtime" with "findtime"

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@470 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.x
Cyril Jaquier 2006-11-18 15:15:58 +00:00
parent 3a63321bc8
commit 911b2b15fc
8 changed files with 56 additions and 98 deletions

View File

@ -19,6 +19,7 @@ ver. 0.7.5 (2006/??/??) - ???
- Fixed a bug in user defined time regex/pattern - Fixed a bug in user defined time regex/pattern
- Improved documentation - Improved documentation
- Moved version.py and protocol.py to common/ - Moved version.py and protocol.py to common/
- Merged "maxtime" option with "findtime"
ver. 0.7.4 (2006/11/01) - beta ver. 0.7.4 (2006/11/01) - beta
---------- ----------

View File

@ -60,7 +60,7 @@ class JailReader(ConfigReader):
["string", "logpath", "/var/log/messages"], ["string", "logpath", "/var/log/messages"],
["string", "backend", "auto"], ["string", "backend", "auto"],
["int", "maxretry", 3], ["int", "maxretry", 3],
["int", "maxtime", 600], ["int", "findtime", 600],
["int", "bantime", 600], ["int", "bantime", 600],
["string", "failregex", None], ["string", "failregex", None],
["string", "ignoreregex", None], ["string", "ignoreregex", None],
@ -113,8 +113,8 @@ class JailReader(ConfigReader):
elif opt == "ignoreip": elif opt == "ignoreip":
for ip in self.__opts[opt].split(): for ip in self.__opts[opt].split():
stream.append(["set", self.__name, "addignoreip", ip]) stream.append(["set", self.__name, "addignoreip", ip])
elif opt == "maxtime": elif opt == "findtime":
stream.append(["set", self.__name, "maxtime", self.__opts[opt]]) stream.append(["set", self.__name, "findtime", self.__opts[opt]])
elif opt == "bantime": elif opt == "bantime":
stream.append(["set", self.__name, "bantime", self.__opts[opt]]) stream.append(["set", self.__name, "bantime", self.__opts[opt]])
elif opt == "failregex": elif opt == "failregex":

View File

@ -52,7 +52,6 @@ protocol = [
["set <JAIL> timepattern <PATTERN>", "sets the pattern <PATTERN> to match the date format for <JAIL>. This will disable the autodetection feature."], ["set <JAIL> timepattern <PATTERN>", "sets the pattern <PATTERN> to match the date format for <JAIL>. This will disable the autodetection feature."],
["set <JAIL> failregex <REGEX>", "sets the regular expression <REGEX> which must match failures for <JAIL>"], ["set <JAIL> failregex <REGEX>", "sets the regular expression <REGEX> which must match failures for <JAIL>"],
["set <JAIL> ignoreregex <REGEX>", "sets the regular expression <REGEX> which should match pattern to exclude for <JAIL>"], ["set <JAIL> ignoreregex <REGEX>", "sets the regular expression <REGEX> which should match pattern to exclude for <JAIL>"],
["set <JAIL> maxtime <TIME>", "sets the number of seconds <TIME> a failure stay in the list for <JAIL>"],
["set <JAIL> findtime <TIME>", "sets the number of seconds <TIME> for which the filter will look back for <JAIL>"], ["set <JAIL> findtime <TIME>", "sets the number of seconds <TIME> for which the filter will look back for <JAIL>"],
["set <JAIL> bantime <TIME>", "sets the number of seconds <TIME> a host will be banned for <JAIL>"], ["set <JAIL> bantime <TIME>", "sets the number of seconds <TIME> a host will be banned for <JAIL>"],
["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"], ["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"],
@ -66,14 +65,12 @@ protocol = [
["set <JAIL> actionban <ACT> <CMD>", "sets the ban command <CMD> of the action <ACT> for <JAIL>"], ["set <JAIL> actionban <ACT> <CMD>", "sets the ban command <CMD> of the action <ACT> for <JAIL>"],
["set <JAIL> actionunban <ACT> <CMD>", "sets the unban command <CMD> of the action <ACT> for <JAIL>"], ["set <JAIL> actionunban <ACT> <CMD>", "sets the unban command <CMD> of the action <ACT> for <JAIL>"],
['', ''], ['', ''],
["get <JAIL> <CMD>", "gets the <CMD> value for <JAIL>"],
["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"], ["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"],
["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"], ["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"],
["get <JAIL> timeregex", "gets the regular expression used for the time detection for <JAIL>"], ["get <JAIL> timeregex", "gets the regular expression used for the time detection for <JAIL>"],
["get <JAIL> timepattern", "gets the pattern used for the time detection for <JAIL>"], ["get <JAIL> timepattern", "gets the pattern used for the time detection for <JAIL>"],
["get <JAIL> failregex", "gets the regular expression which matches the failures for <JAIL>"], ["get <JAIL> failregex", "gets the regular expression which matches the failures for <JAIL>"],
["get <JAIL> ignoreregex", "gets the regular expression which matches patterns to ignore for <JAIL>"], ["get <JAIL> ignoreregex", "gets the regular expression which matches patterns to ignore for <JAIL>"],
["get <JAIL> maxtime", "gets the time a failure stays in the list for <JAIL>"],
["get <JAIL> findtime", "gets the time for which the filter will look back for failures for <JAIL>"], ["get <JAIL> findtime", "gets the time for which the filter will look back for failures for <JAIL>"],
["get <JAIL> bantime", "gets the time a host is banned for <JAIL>"], ["get <JAIL> bantime", "gets the time a host is banned for <JAIL>"],
["get <JAIL> maxretry", "gets the number of failures allowed for <JAIL>"], ["get <JAIL> maxretry", "gets the number of failures allowed for <JAIL>"],

View File

@ -15,8 +15,8 @@ ignoreip = 127.0.0.1
# "bantime" is the number of seconds that a host is banned. # "bantime" is the number of seconds that a host is banned.
bantime = 600 bantime = 600
# A host is banned if it has generated "maxretry" during the # A host is banned if it has generated "maxretry" during the
# last "maxtime" seconds. # last "findtime" seconds.
maxtime = 3600 findtime = 600
# "maxretry" is the number of failures before a host get banned. # "maxretry" is the number of failures before a host get banned.
maxretry = 3 maxretry = 3

View File

@ -38,214 +38,202 @@ display this help message
print the version print the version
.SH COMMAND .SH COMMAND
.TP .TP
start \fBstart\fR
starts the server and the jails starts the server and the jails
.TP .TP
reload \fBreload\fR
reloads the configuration reloads the configuration
.TP .TP
stop \fBstop\fR
stops all jails and terminate the stops all jails and terminate the
server server
.TP .TP
status \fBstatus\fR
gets the current status of the gets the current status of the
server server
.TP .TP
ping \fBping\fR
tests if the server is alive tests if the server is alive
.TP .TP
set loglevel <LEVEL> \fBset loglevel <LEVEL>\fR
sets logging level to <LEVEL>. 0 sets logging level to <LEVEL>. 0
is minimal, 4 is debug is minimal, 4 is debug
.TP .TP
get loglevel \fBget loglevel\fR
gets the logging level gets the logging level
.TP .TP
set logtarget <TARGET> \fBset logtarget <TARGET>\fR
sets logging target to <TARGET>. sets logging target to <TARGET>.
Can be STDOUT, STDERR, SYSLOG or a Can be STDOUT, STDERR, SYSLOG or a
file file
.TP .TP
get logtarget \fBget logtarget\fR
gets logging target gets logging target
.TP .TP
add <JAIL> <BACKEND> \fBadd <JAIL> <BACKEND>\fR
creates <JAIL> using <BACKEND> creates <JAIL> using <BACKEND>
.TP .TP
set <JAIL> idle on|off \fBset <JAIL> idle on|off\fR
sets the idle state of <JAIL> sets the idle state of <JAIL>
.TP .TP
set <JAIL> addignoreip <IP> \fBset <JAIL> addignoreip <IP>\fR
adds <IP> to the ignore list of adds <IP> to the ignore list of
<JAIL> <JAIL>
.TP .TP
set <JAIL> delignoreip <IP> \fBset <JAIL> delignoreip <IP>\fR
removes <IP> from the ignore list removes <IP> from the ignore list
of <JAIL> of <JAIL>
.TP .TP
set <JAIL> addlogpath <FILE> \fBset <JAIL> addlogpath <FILE>\fR
adds <FILE> to the monitoring list adds <FILE> to the monitoring list
of <JAIL> of <JAIL>
.TP .TP
set <JAIL> dellogpath <FILE> \fBset <JAIL> dellogpath <FILE>\fR
removes <FILE> to the monitoring removes <FILE> to the monitoring
list of <JAIL> list of <JAIL>
.TP .TP
set <JAIL> timeregex <REGEX> \fBset <JAIL> timeregex <REGEX>\fR
sets the regular expression sets the regular expression
<REGEX> to match the date format <REGEX> to match the date format
for <JAIL>. This will disable the for <JAIL>. This will disable the
autodetection feature. autodetection feature.
.TP .TP
set <JAIL> timepattern <PATTERN> \fBset <JAIL> timepattern <PATTERN>\fR
sets the pattern <PATTERN> to sets the pattern <PATTERN> to
match the date format for <JAIL>. match the date format for <JAIL>.
This will disable the This will disable the
autodetection feature. autodetection feature.
.TP .TP
set <JAIL> failregex <REGEX> \fBset <JAIL> failregex <REGEX>\fR
sets the regular expression sets the regular expression
<REGEX> which must match failures <REGEX> which must match failures
for <JAIL> for <JAIL>
.TP .TP
set <JAIL> ignoreregex <REGEX> \fBset <JAIL> ignoreregex <REGEX>\fR
sets the regular expression sets the regular expression
<REGEX> which should match pattern <REGEX> which should match pattern
to exclude for <JAIL> to exclude for <JAIL>
.TP .TP
set <JAIL> maxtime <TIME> \fBset <JAIL> findtime <TIME>\fR
sets the number of seconds <TIME>
a failure stay in the list for
<JAIL>
.TP
set <JAIL> findtime <TIME>
sets the number of seconds <TIME> sets the number of seconds <TIME>
for which the filter will look for which the filter will look
back for <JAIL> back for <JAIL>
.TP .TP
set <JAIL> bantime <TIME> \fBset <JAIL> bantime <TIME>\fR
sets the number of seconds <TIME> sets the number of seconds <TIME>
a host will be banned for <JAIL> a host will be banned for <JAIL>
.TP .TP
set <JAIL> maxretry <RETRY> \fBset <JAIL> maxretry <RETRY>\fR
sets the number of failures sets the number of failures
<RETRY> before banning the host <RETRY> before banning the host
for <JAIL> for <JAIL>
.TP .TP
set <JAIL> addaction <ACT> \fBset <JAIL> addaction <ACT>\fR
adds a new action named <NAME> for adds a new action named <NAME> for
<JAIL> <JAIL>
.TP .TP
set <JAIL> delaction <ACT> \fBset <JAIL> delaction <ACT>\fR
removes the action <NAME> from removes the action <NAME> from
<JAIL> <JAIL>
.TP .TP
set <JAIL> setcinfo <ACT> <KEY> <VALUE> \fBset <JAIL> setcinfo <ACT> <KEY> <VALUE>\fR
sets <VALUE> for <KEY> of the sets <VALUE> for <KEY> of the
action <NAME> for <JAIL> action <NAME> for <JAIL>
.TP .TP
set <JAIL> delcinfo <ACT> <KEY> \fBset <JAIL> delcinfo <ACT> <KEY>\fR
removes <KEY> for the action removes <KEY> for the action
<NAME> for <JAIL> <NAME> for <JAIL>
.TP .TP
set <JAIL> actionstart <ACT> <CMD> \fBset <JAIL> actionstart <ACT> <CMD>\fR
sets the start command <CMD> of sets the start command <CMD> of
the action <ACT> for <JAIL> the action <ACT> for <JAIL>
.TP .TP
set <JAIL> actionstop <ACT> <CMD> \fBset <JAIL> actionstop <ACT> <CMD>\fR
sets the stop command <CMD> of the sets the stop command <CMD> of the
action <ACT> for <JAIL> action <ACT> for <JAIL>
.TP .TP
set <JAIL> actioncheck <ACT> <CMD> \fBset <JAIL> actioncheck <ACT> <CMD>\fR
sets the check command <CMD> of sets the check command <CMD> of
the action <ACT> for <JAIL> the action <ACT> for <JAIL>
.TP .TP
set <JAIL> actionban <ACT> <CMD> \fBset <JAIL> actionban <ACT> <CMD>\fR
sets the ban command <CMD> of the sets the ban command <CMD> of the
action <ACT> for <JAIL> action <ACT> for <JAIL>
.TP .TP
set <JAIL> actionunban <ACT> <CMD> \fBset <JAIL> actionunban <ACT> <CMD>\fR
sets the unban command <CMD> of sets the unban command <CMD> of
the action <ACT> for <JAIL> the action <ACT> for <JAIL>
.TP .TP
get <JAIL> <CMD> \fBget <JAIL> logpath\fR
gets the <CMD> value for <JAIL>
.TP
get <JAIL> logpath
gets the list of the monitored gets the list of the monitored
files for <JAIL> files for <JAIL>
.TP .TP
get <JAIL> ignoreip \fBget <JAIL> ignoreip\fR
gets the list of ignored IP gets the list of ignored IP
addresses for <JAIL> addresses for <JAIL>
.TP .TP
get <JAIL> timeregex \fBget <JAIL> timeregex\fR
gets the regular expression used gets the regular expression used
for the time detection for <JAIL> for the time detection for <JAIL>
.TP .TP
get <JAIL> timepattern \fBget <JAIL> timepattern\fR
gets the pattern used for the time gets the pattern used for the time
detection for <JAIL> detection for <JAIL>
.TP .TP
get <JAIL> failregex \fBget <JAIL> failregex\fR
gets the regular expression which gets the regular expression which
matches the failures for <JAIL> matches the failures for <JAIL>
.TP .TP
get <JAIL> ignoreregex \fBget <JAIL> ignoreregex\fR
gets the regular expression which gets the regular expression which
matches patterns to ignore for matches patterns to ignore for
<JAIL> <JAIL>
.TP .TP
get <JAIL> maxtime \fBget <JAIL> findtime\fR
gets the time a failure stays in
the list for <JAIL>
.TP
get <JAIL> findtime
gets the time for which the filter gets the time for which the filter
will look back for failures for will look back for failures for
<JAIL> <JAIL>
.TP .TP
get <JAIL> bantime \fBget <JAIL> bantime\fR
gets the time a host is banned for gets the time a host is banned for
<JAIL> <JAIL>
.TP .TP
get <JAIL> maxretry \fBget <JAIL> maxretry\fR
gets the number of failures gets the number of failures
allowed for <JAIL> allowed for <JAIL>
.TP .TP
get <JAIL> addaction \fBget <JAIL> addaction\fR
gets the last action which has gets the last action which has
been added for <JAIL> been added for <JAIL>
.TP .TP
get <JAIL> actionstart <ACT> \fBget <JAIL> actionstart <ACT>\fR
gets the start command for the gets the start command for the
action <ACT> for <JAIL> action <ACT> for <JAIL>
.TP .TP
get <JAIL> actionstop <ACT> \fBget <JAIL> actionstop <ACT>\fR
gets the stop command for the gets the stop command for the
action <ACT> for <JAIL> action <ACT> for <JAIL>
.TP .TP
get <JAIL> actioncheck <ACT> \fBget <JAIL> actioncheck <ACT>\fR
gets the check command for the gets the check command for the
action <ACT> for <JAIL> action <ACT> for <JAIL>
.TP .TP
get <JAIL> actionban <ACT> \fBget <JAIL> actionban <ACT>\fR
gets the ban command for the gets the ban command for the
action <ACT> for <JAIL> action <ACT> for <JAIL>
.TP .TP
get <JAIL> actionunban <ACT> \fBget <JAIL> actionunban <ACT>\fR
gets the unban command for the gets the unban command for the
action <ACT> for <JAIL> action <ACT> for <JAIL>
.TP .TP
start <JAIL> \fBstart <JAIL>\fR
starts the jail <JAIL> starts the jail <JAIL>
.TP .TP
stop <JAIL> \fBstop <JAIL>\fR
stops the jail <JAIL>. The jail is stops the jail <JAIL>. The jail is
removed removed
.TP .TP
status <JAIL> \fBstatus <JAIL>\fR
gets the current status of <JAIL> gets the current status of <JAIL>
.SH FILES .SH FILES
\fI/etc/fail2ban/*\fR \fI/etc/fail2ban/*\fR

View File

@ -218,6 +218,7 @@ class Filter(JailThread):
def setFindTime(self, value): def setFindTime(self, value):
self.__findTime = value self.__findTime = value
self.failManager.setMaxTime(value)
logSys.info("Set findtime = %s" % value) logSys.info("Set findtime = %s" % value)
## ##
@ -245,23 +246,6 @@ class Filter(JailThread):
def getMaxRetry(self): def getMaxRetry(self):
return self.failManager.getMaxRetry() return self.failManager.getMaxRetry()
##
# Set the maximum time a failure stays in the list.
#
# @param value the maximum time
def setMaxTime(self, value):
self.failManager.setMaxTime(value)
logSys.info("Set maxTime = %s" % value)
##
# Get the maximum time a failure stays in the list.
#
# @return the time value
def getMaxTime(self):
return self.failManager.getMaxTime()
## ##
# Main loop. # Main loop.
# #

View File

@ -183,12 +183,6 @@ class Server:
def getMaxRetry(self, name): def getMaxRetry(self, name):
return self.__jails.getFilter(name).getMaxRetry() return self.__jails.getFilter(name).getMaxRetry()
def setMaxTime(self, name, value):
self.__jails.getFilter(name).setMaxTime(value)
def getMaxTime(self, name):
return self.__jails.getFilter(name).getMaxTime()
# Action # Action
def addAction(self, name, value): def addAction(self, name, value):
self.__jails.getAction(name).addAction(value) self.__jails.getAction(name).addAction(value)

View File

@ -151,10 +151,6 @@ class Transmitter:
value = command[2] value = command[2]
self.__server.setIgnoreRegex(name, value) self.__server.setIgnoreRegex(name, value)
return self.__server.getIgnoreRegex(name) return self.__server.getIgnoreRegex(name)
elif command[1] == "maxtime":
value = command[2]
self.__server.setMaxTime(name, int(value))
return self.__server.getMaxTime(name)
elif command[1] == "findtime": elif command[1] == "findtime":
value = command[2] value = command[2]
self.__server.setFindTime(name, int(value)) self.__server.setFindTime(name, int(value))
@ -233,8 +229,6 @@ class Transmitter:
return self.__server.getFailRegex(name) return self.__server.getFailRegex(name)
elif command[1] == "ignoreregex": elif command[1] == "ignoreregex":
return self.__server.getIgnoreRegex(name) return self.__server.getIgnoreRegex(name)
elif command[1] == "maxtime":
return self.__server.getMaxTime(name)
elif command[1] == "findtime": elif command[1] == "findtime":
return self.__server.getFindTime(name) return self.__server.getFindTime(name)
elif command[1] == "maxretry": elif command[1] == "maxretry":