dummy action extended with more examples and test-covered now

2017-03-30 13:02:37 +02:00 · 2017-03-30 13:02:37 +02:00 · 97e8b42d34
parent 042a060a54
commit 97e8b42d34
3 changed files with 49 additions and 6 deletions
--- a/config/action.d/dummy.conf
+++ b/config/action.d/dummy.conf
@ -10,14 +10,23 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = touch /var/run/fail2ban/fail2ban.dummy
+actionstart = if [ ! -z '<target>' ]; then touch <target>; fi;
-              printf %%b "<init>\n" >> /var/run/fail2ban/fail2ban.dummy
+              printf %%b "<init>\n" <to_target>
              echo "%(debug)s started"
 # Option:  actionflush
 # Notes.:  command executed once to flush (clear) all IPS, by shutdown (resp. by stop of the jail or this action)
 # Values:  CMD
 #
 actionflush = printf %%b "-*\n" <to_target>
              echo "%(debug)s clear all"
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = rm -f /var/run/fail2ban/fail2ban.dummy
+actionstop = if [ ! -z '<target>' ]; then rm -f <target>; fi;
             echo "%(debug)s stopped"
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
@ -31,7 +40,8 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = printf %%b "+<ip>\n" >> /var/run/fail2ban/fail2ban.dummy
+actionban = printf %%b "+<ip>\n" <to_target>
            echo "%(debug)s banned <ip> (family: <family>)"
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@ -39,9 +49,15 @@ actionban = printf %%b "+<ip>\n" >> /var/run/fail2ban/fail2ban.dummy
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = printf %%b "-<ip>\n" >> /var/run/fail2ban/fail2ban.dummy
+actionunban = printf %%b "-<ip>\n" <to_target>
              echo "%(debug)s unbanned <ip> (family: <family>)"
 debug = [<name>] <actname> <target> --
 [Init]
 init = 123
 target = /var/run/fail2ban/fail2ban.dummy
 to_target = >> <target>
--- a/fail2ban/server/actions.py
+++ b/fail2ban/server/actions.py
@ -452,7 +452,7 @@ class Actions(JailThread, Mapping):
 			logSys.debug("Flush ban list")
 			lst = self.__banManager.flushBanList()
 		else:
-			log = False
+			log = False # don't log "[jail] Unban ..." if removing actions only.
 			lst = iter(self.__banManager)
 		cnt = 0
 		# first we'll execute flush for actions supporting this operation:
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@ -1182,6 +1182,33 @@ class ServerConfigReaderTests(LogCaptureTestCase):
 			#   'start', 'stop' - should be found (logged) on action start/stop,
 			#   etc.
 			testJailsActions = (
 				# dummy --
 				('j-dummy', 'dummy[name=%(__name__)s, init="==", target="/tmp/fail2ban.dummy"]', {
 					'ip4': ('family: inet4',), 'ip6': ('family: inet6',),
 					'start': (
 						'`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- started"`',
 					), 
 					'flush': (
 						'`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- clear all"`',
 					),
 					'stop': (
 						'`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- stopped"`',
 					),
 					'ip4-check': (),
 					'ip6-check': (),
 					'ip4-ban': (
 						'`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"`',
 					),
 					'ip4-unban': (
 						'`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"`',
 					),
 					'ip6-ban': (
 						'`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"`',
 					),
 					'ip6-unban': (
 						'`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"`',
 					),					
 				}),
 				# iptables-multiport --
 				('j-w-iptables-mp', 'iptables-multiport[name=%(__name__)s, bantime="10m", port="http,https", protocol="tcp", chain="INPUT"]', {
 					'ip4': ('`iptables ', 'icmp-port-unreachable'), 'ip6': ('`ip6tables ', 'icmp6-port-unreachable'),