github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Upgraded to fresh upstream 0.6.0

debian-releases/etch sdist/0.6.0
Yaroslav Halchenko 2007-10-16 17:01:19 -04:00
parent 7f0a3df4a4 840f6cd052
commit ad466ecb3c
22 changed files with 368 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CHANGELOG
View File

@ -4,9 +4,37 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
Fail2Ban (version 0.5.4) 2005/09/13
Fail2Ban (version 0.6.0) 2005/11/20
=============================================================
ver. 0.6.0 (2005/11/20) - stable
----------
- Propagated patches introduced by Debian maintainer
(Yaroslav Halchenko):
* Added an option to report local time (including timezone)
or GMT in mail notification.
ver. 0.5.5 (2005/10/26) - beta
----------
- Propagated patches introduced by Debian maintainer
(Yaroslav Halchenko):
* Introduced fwcheck option to verify consistency of the
chains. Implemented automatic restart of fail2ban main
function in case check of fwban or fwunban command failed
(closes: #329163, #331695). (Introduced patch was further
adjusted by upstream author).
* Added -f command line parameter for [findtime].
* Added a cleanup of firewall rules on emergency shutdown
when unknown exception is catched.
* Fail2ban should not crash now if a wrong file name is
specified in config.
* reordered code a bit so that log targets are setup right
after background and then only loglevel (verbose, debug)
is processed, so the warning could be seen in the logs
* Added a keyword <section> in parsing of the subject and
the body of an email sent out by fail2ban (closes:
#330311)
ver. 0.5.4 (2005/09/13) - beta
----------
- Fixed bug #1286222.

2
PKG-INFO
View File

@ -1,6 +1,6 @@
Metadata-Version: 1.0
Name: fail2ban
Version: 0.5.4
Version: 0.6.0
Summary: Ban IPs that make too many password failure
Home-page: http://fail2ban.sourceforge.net
Author: Cyril Jaquier

13
README
View File

@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
Fail2Ban (version 0.5.4) 2005/09/13
Fail2Ban (version 0.6.0) 2005/11/20
=============================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP
@ -54,12 +54,12 @@ firewalls.
Installation:
-------------
Require: python-2.3 (http://www.python.org)
Require: python-2.4 (http://www.python.org)
To install, just do:
> tar xvfj fail2ban-0.5.4.tar.bz2
> cd fail2ban-0.5.4
> tar xvfj fail2ban-0.6.0.tar.bz2
> cd fail2ban-0.6.0
> python setup.py install
This will install Fail2Ban into /usr/lib/fail2ban. The fail2ban
@ -102,8 +102,9 @@ options:
-h display this help message
-i <IP(s)> IP(s) to ignore
-k kill a currently running instance
-r <VALUE> allow a max of VALUE password failure
-t <TIME> ban IP for TIME seconds
-r <VALUE> allow a max of VALUE password failure [maxfailures]
-t <TIME> ban IP for TIME seconds [bantime]
-f <TIME> lifetime in seconds of failed entry [findtime]
-v verbose. Use twice for greater effect
-V print software version

11
TODO
View File

@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
ToDo
ToDo $Revision: 1.5 $
=============================================================
See Feature Request Tracking System at SourceForge.net
@ -12,3 +12,12 @@ See Feature Request Tracking System at SourceForge.net
- improve installation process (better prefix support)
- install Fail2ban into /usr/share
- better configuration files
- add a check to see if the time of the log messages is
correctly detected (valid regexp)
- split configuration files in /etc/fail2ban/services.d
Example: /etc/fail2ban/services.d/apache
- template for common services in /etc/fail2ban/scripts.d
Example: /etc/fail2ban/scripts.d/apache
- remove debug mode (root check)
- better return values in function
- use more email.Utils in mail.py

2
config/debian-initd
View File

@ -8,7 +8,7 @@
# Adjusted for Fail2Ban
# by Yaroslav Halchenko <debian@onerussian.com>.
#
# Version: $Id: debian-initd,v 1.1.2.2 2005/09/11 15:42:32 yarikoptic Exp $
# Version: $Id: debian-initd,v 1.2 2005/11/20 17:07:47 lostcontrol Exp $
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

53
config/fail2ban.conf.default
View File

@ -1,6 +1,6 @@
# Fail2Ban configuration file
#
# $Revision: 1.8.2.13 $
# $Revision: 1.9 $
#
# 2005.06.21 modified for readability Iain Lea iain@bricbrac.de
@ -85,6 +85,21 @@ cmdend =
#
polltime = 1
# Option: reinittime
# Notes.: minimal number of seconds between the re-initialization of
# firewalls due to external changes in their rules (see fwcheck)
# Values: NUM Default: 100
#
reinittime = 10
# Option: maxreinits
# Notes.: maximal number of re-initialization of firewalls due to external
# changes. -1 stays for infinite, so only reinittime is of importance
# Values: NUM Default: -1
#
maxreinits = -1
[MAIL]
# Option: enabled
# Notes.: enable mail notification when banning an IP address.
@ -117,18 +132,26 @@ from = fail2ban
#
to = root
# Option: localtime
# Notes.: report local time (including timezone) or GMT
# Values: [true | false] Default: false
#
localtime = true
# Option: subject
# Notes.: subject of the e-mail.
# Tags: <ip> IP address
# Tags: <section> active section (eg ssh, apache, etc)
# <ip> IP address
# <failures> number of failures
# <failtime> unix timestamp of the last failure
# Values: TEXT Default: [Fail2Ban] Banned <ip>
# Values: TEXT Default: [Fail2Ban] <section>: Banned <ip>
#
subject = [Fail2Ban] Banned <ip>
subject = [Fail2Ban] <section>: Banned <ip>
# Option: message
# Notes.: message of the e-mail.
# Tags: <ip> IP address
# Tags: <section> active section (eg ssh, apache, etc)
# <ip> IP address
# <failures> number of failures
# <failtime> unix timestamp of the last failure
# <br> new line
@ -136,7 +159,7 @@ subject = [Fail2Ban] Banned <ip>
#
message = Hi,<br>
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts.<br>
<failures> attempts against <section>.<br>
Regards,<br>
Fail2Ban
@ -145,6 +168,7 @@ message = Hi,<br>
# options: logfile, fwban, fwunban, timeregex, timepattern,
# failregex.
[Apache]
# Option: enabled
# Notes.: enable monitoring for this section.
@ -171,9 +195,15 @@ fwstart = iptables -N fail2ban-http
# Values: CMD Default:
#
fwend = iptables -D INPUT -p tcp --dport http -j fail2ban-http
iptables -D fail2ban-http -j RETURN
iptables -F fail2ban-http
iptables -X fail2ban-http
# Option: fwcheck
# Notes.: command executed once before each fwban command
# Values: CMD Default:
#
fwcheck = iptables -L INPUT | grep -q fail2ban-http
# Option: fwban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
@ -217,6 +247,7 @@ timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
#
failregex = authentication failure|user .* not found
[SSH]
# Option: enabled
# Notes.: enable monitoring for this section.
@ -243,9 +274,15 @@ fwstart = iptables -N fail2ban-ssh
# Values: CMD Default:
#
fwend = iptables -D INPUT -p tcp --dport ssh -j fail2ban-ssh
iptables -D fail2ban-ssh -j RETURN
iptables -F fail2ban-ssh
iptables -X fail2ban-ssh
# Option: fwcheck
# Notes.: command executed once before each fwban command
# Values: CMD Default:
#
fwcheck = iptables -L INPUT | grep -q fail2ban-ssh
# Option: fwbanrule
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.

2
config/gentoo-confd
View File

@ -16,7 +16,7 @@
#
# Author: Cyril Jaquier
#
# $Revision: 1.1.2.1 $
# $Revision: 1.2 $
# Command line options for Fail2Ban. Refer to "fail2ban -h" for
# valid options.

2
config/gentoo-initd
View File

@ -17,7 +17,7 @@
#
# Author: Sireyessire, Cyril Jaquier
#
# $Revision: 1.1.2.2 $
# $Revision: 1.2 $
opts="start stop restart showlog"

2
config/redhat-initd
View File

@ -9,7 +9,7 @@
#
# Author: Andrey G. Grozin
#
# $Revision: 1.1.2.2 $
# $Revision: 1.2 $
# Source function library.
. /etc/init.d/functions

6
confreader/configreader.py
View File

@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
# $Revision: 1.5.2.5 $
# $Revision: 1.6 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.5.2.5 $"
__date__ = "$Date: 2005/08/01 16:31:13 $"
__version__ = "$Revision: 1.6 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"

12
fail2ban
View File

@ -18,11 +18,11 @@
# Author: Cyril Jaquier
#
# $Revision: 1.4.2.5 $
# $Revision: 1.5 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.4.2.5 $"
__date__ = "$Date: 2005/08/04 20:51:14 $"
__version__ = "$Revision: 1.5 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@ -55,6 +55,12 @@ except Exception, e:
logSys.error("Type: " + `type.__name__` + "\n" +
"Value: " + `e.args` + "\n" +
"TB: " + `tbStack`)
# Try to clean up after ourselves
# just for extreme caution - wrapping with try
try:
fail2ban.restoreFwRules()
except Exception:
pass
# Remove the PID lock file. Should close #1239562
pidLock.remove()
logging.shutdown()

176
fail2ban.py
View File

@ -17,15 +17,15 @@
# Author: Cyril Jaquier
# Modified by: Yaroslav Halchenko (SYSLOG, findtime)
#
# $Revision: 1.20.2.18 $
# $Revision: 1.21 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.20.2.18 $"
__date__ = "$Date: 2005/09/13 20:42:33 $"
__version__ = "$Revision: 1.21 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
import time, sys, getopt, os, string, signal, logging, logging.handlers
import time, sys, getopt, os, string, signal, logging, logging.handlers, copy
from ConfigParser import *
from version import version
@ -62,8 +62,9 @@ def dispUsage():
print " -h display this help message"
print " -i <IP(s)> IP(s) to ignore"
print " -k kill a currently running instance"
print " -r <VALUE> allow a max of VALUE password failure"
print " -t <TIME> ban IP for TIME seconds"
print " -r <VALUE> allow a max of VALUE password failure [maxfailures]"
print " -t <TIME> ban IP for TIME seconds [bantime]"
print " -f <TIME> lifetime in seconds of failed entry [findtime]"
print " -v verbose. Use twice for greater effect"
print " -V print software version"
print
@ -92,19 +93,48 @@ def sigTERMhandler(signum, frame):
logSys.debug("Signal handler called with sig "+`signum`)
killApp()
def setFwMustCheck(value):
""" Set the mustCheck value of the firewalls (True/False)
"""
for element in logFwList:
element[2].setMustCheck(value)
def initializeFwRules():
""" Initializes firewalls by running cmdstart and then
fwstart for each section
"""
# Execute global start command
executeCmd(conf["cmdstart"], conf["debug"])
# Execute start command of each section
for element in logFwList:
element[2].initialize(conf["debug"])
def reBan():
""" For each section asks the Firewall to reban known IPs
"""
for element in logFwList:
element[2].reBan(conf["debug"])
def restoreFwRules():
""" Flush the ban list
"""
logSys.warn("Restoring firewall rules...")
try:
for element in logFwList:
# Execute end command of each section
element[2].restore(conf["debug"])
# Execute global end command
executeCmd(conf["cmdend"], conf["debug"])
except ExternalError:
# nothing bad really - we can survive :-)
pass
def killApp():
""" Flush the ban list, remove the PID lock file and exit
nicely.
"""
logSys.warn("Restoring firewall rules...")
for element in logFwList:
element[2].flushBanList(conf["debug"])
# Execute end command of each section
for element in logFwList:
l = element[4]
executeCmd(l["fwend"], conf["debug"])
# Execute global start command
executeCmd(conf["cmdend"], conf["debug"])
# Restore Fw rules
restoreFwRules()
# Remove the PID lock
pidLock.remove()
logSys.info("Exiting...")
@ -127,6 +157,12 @@ def getCmdLineOptions(optList):
except ValueError:
logSys.warn("banTime must be an integer")
logSys.warn("Using default value")
if opt[0] == "-f":
try:
conf["findtime"] = int(opt[1])
except ValueError:
logSys.warn("findTime must be an integer")
logSys.warn("Using default value")
if opt[0] == "-i":
conf["ignoreip"] = opt[1]
if opt[0] == "-r":
@ -149,6 +185,7 @@ def main():
formatter = logging.Formatter('%(asctime)s ' + formatterstring)
stdout.setFormatter(formatter)
conf["kill"] = False
conf["verbose"] = 0
conf["conffile"] = "/etc/fail2ban.conf"
@ -187,7 +224,9 @@ def main():
["str", "ignoreip", ""],
["int", "polltime", 1],
["str", "cmdstart", ""],
["str", "cmdend", ""])
["str", "cmdend", ""],
["int", "reinittime", 100],
["int", "maxreinits", 100])
# Gets global configuration options
conf.update(confReader.getLogOptions("DEFAULT", optionValues))
@ -199,8 +238,7 @@ def main():
pidLock.setPath(conf["pidlock"])
# Now we can kill properly a running instance if needed
try:
conf["kill"]
if conf["kill"]:
pid = pidLock.exists()
if pid:
killPID(int(pid))
@ -209,8 +247,6 @@ def main():
else:
logSys.error("No running Fail2Ban found")
sys.exit(-1)
except KeyError:
pass
# Start Fail2Ban in daemon mode
if conf["background"]:
@ -220,26 +256,8 @@ def main():
logSys.error("Unable to start daemon")
sys.exit(-1)
# Verbose level
if conf["verbose"]:
logSys.warn("Verbose level is "+`conf["verbose"]`)
if conf["verbose"] == 1:
logSys.setLevel(logging.INFO)
elif conf["verbose"] > 1:
logSys.setLevel(logging.DEBUG)
# Set debug log level
if conf["debug"]:
logSys.setLevel(logging.DEBUG)
formatterstring = ('%(levelname)s: [%(filename)s (%(lineno)d)] ' +
'%(message)s')
formatter = logging.Formatter("%(asctime)s " + formatterstring)
stdout.setFormatter(formatter)
logSys.warn("DEBUG MODE: FIREWALL COMMANDS ARE _NOT_ EXECUTED BUT " +
"ONLY DISPLAYED IN THE LOG MESSAGES")
# Process some options
# Log targets
# First setup Log targets
# Bug fix for #1234699
os.umask(0077)
for target in conf["logtargets"].split():
@ -290,6 +308,24 @@ def main():
hdlr.setFormatter(tformatter)
logSys.addHandler(hdlr)
# Verbose level
if conf["verbose"]:
logSys.warn("Verbose level is "+`conf["verbose"]`)
if conf["verbose"] == 1:
logSys.setLevel(logging.INFO)
elif conf["verbose"] > 1:
logSys.setLevel(logging.DEBUG)
# Set debug log level
if conf["debug"]:
logSys.setLevel(logging.DEBUG)
formatterstring = ('%(levelname)s: [%(filename)s (%(lineno)d)] ' +
'%(message)s')
formatter = logging.Formatter("%(asctime)s " + formatterstring)
stdout.setFormatter(formatter)
logSys.warn("DEBUG MODE: FIREWALL COMMANDS ARE _NOT_ EXECUTED BUT " +
"ONLY DISPLAYED IN THE LOG MESSAGES")
# Ignores IP list
ignoreIPList = conf["ignoreip"].split(' ')
@ -322,6 +358,7 @@ def main():
["int", "port", "25"],
["str", "from", "root"],
["str", "to", "root"],
["bool", "localtime", False],
["str", "subject", "[Fail2Ban] Banned <ip>"],
["str", "message", "Fail2Ban notification"])
@ -334,6 +371,7 @@ def main():
mail = Mail(mailConf["host"], mailConf["port"])
mail.setFromAddr(mailConf["from"])
mail.setToAddr(mailConf["to"])
mail.setLocalTimeFlag(mailConf["localtime"])
logSys.debug("to: " + mailConf["to"] + " from: " + mailConf["from"])
# Options
@ -348,8 +386,11 @@ def main():
["str", "fwstart", ""],
["str", "fwend", ""],
["str", "fwban", ""],
["str", "fwunban", ""])
["str", "fwunban", ""],
["str", "fwcheck", ""])
logSys.info("Fail2Ban v" + version + " is running")
# Gets the options of each sections
for t in confReader.getSections():
l = confReader.getLogOptions(t, optionValues)
@ -358,7 +399,10 @@ def main():
lObj = LogReader(l["logfile"], l["timeregex"], l["timepattern"],
l["failregex"], l["maxfailures"], l["findtime"])
# Creates a firewall object
fObj = Firewall(l["fwban"], l["fwunban"], l["bantime"])
fObj = Firewall(l["fwstart"], l["fwend"], l["fwban"], l["fwunban"],
l["fwcheck"], l["bantime"])
# "Name" the firewall
fObj.setSection(t)
# Links them into a list. I'm not really happy
# with this :/
logFwList.append([t, lObj, fObj, dict(), l])
@ -376,13 +420,10 @@ def main():
else:
logSys.warn(ip + " is not a valid IP address")
logSys.info("Fail2Ban v" + version + " is running")
# Execute global start command
executeCmd(conf["cmdstart"], conf["debug"])
# Execute start command of each section
for element in logFwList:
l = element[4]
executeCmd(l["fwstart"], conf["debug"])
initializeFwRules()
# try to reinit once if it fails immediately
lastReinitTime = time.time() - conf["reinittime"] - 1
reinits = 0
# Main loop
while True:
try:
@ -429,7 +470,8 @@ def main():
if failTime < unixTime - findTime:
del element[3][attempt]
elif fails[attempt][0] >= element[1].getMaxRetry():
aInfo = {"ip": attempt,
aInfo = {"section": element[0],
"ip": attempt,
"failures": element[3][attempt][0],
"failtime": failTime}
logSys.info(element[0] + ": " + aInfo["ip"] +
@ -441,7 +483,39 @@ def main():
mail.sendmail(mailConf["subject"],
mailConf["message"], aInfo)
del element[3][attempt]
except ExternalError, e:
# Something wrong while dealing with Iptables.
# May be chain got removed?
reinits += 1
logSys.error(e)
if ((unixTime - lastReinitTime > conf["reinittime"]) and
((conf["maxreinits"] < 0) or (reinits < conf["maxreinits"]))):
logSys.warn("#%d reinitialization of firewalls"%reinits)
lastReinitTime = unixTime
else:
logSys.error("Exiting: reinits follow too often, or too many " +
"reinit attempts")
killApp()
# We already failed runCheck so disable it until
# restoring a safe state
setFwMustCheck(False)
# save firewalls to keep a list of IPs for rebanning
logFwListCopy = copy.deepcopy(logFwList)
try:
# restore as much as possible
restoreFwRules()
# reinitialize all the chains
initializeFwRules()
# restore the lists of baned IPs
logFwList.__init__(logFwListCopy)
# reBan known IPs
reBan()
# Now we can enable the runCheck test again
setFwMustCheck(True)
except ExternalError:
raise ExternalError("Big Oops happened: situation is out of " +
"control. Something is wrong with your " +
"setup. Please check your settings")
except KeyboardInterrupt:
# When the user press <ctrl>+<c> we exit nicely.
killApp()

92
firewall/firewall.py
View File

@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
# $Revision: 1.8.2.6 $
# $Revision: 1.9 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.8.2.6 $"
__date__ = "$Date: 2005/08/01 16:31:42 $"
__version__ = "$Revision: 1.9 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@ -28,6 +28,10 @@ import time, os, logging, re
from utils.process import executeCmd
from utils.strings import replaceTag
# unfortunately but I have to bring ExternalError in especially for
# flushBanList: if one of IPs got flushed manually outside or something, we
# might endup with not "full" flush unless we handle exception within the loop
from utils.process import ExternalError
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban")
@ -37,41 +41,102 @@ class Firewall:
the IP.
"""
def __init__(self, banRule, unBanRule, banTime):
def __init__(self, startRule, endRule, banRule, unBanRule, checkRule,
banTime):
self.banRule = banRule
self.unBanRule = unBanRule
self.checkRule = checkRule
self.startRule = startRule
self.endRule = endRule
self.banTime = banTime
self.banList = dict()
self.section = ""
self.mustCheck = True
def setSection(self, section):
""" Set optional section name for clarify of logging
"""
self.section = section
def getMustCheck(self):
""" Return true if the runCheck test is executed
"""
return self.mustCheck
def setMustCheck(self, value):
""" Enable or disable the execution of runCheck test
"""
self.mustCheck = value
def initialize(self, debug):
logSys.debug("%s: Initialize firewall rules"%self.section)
executeCmd(self.startRule, debug)
def restore(self, debug):
logSys.debug("%s: Restore firewall rules"%self.section)
try:
self.flushBanList(debug)
executeCmd(self.endRule, debug)
except ExternalError:
pass
def addBanIP(self, aInfo, debug):
""" Bans an IP.
"""
ip = aInfo["ip"]
if not self.inBanList(ip):
crtTime = time.time()
logSys.warn("Ban " + ip)
logSys.warn("%s: Ban "%self.section + ip)
self.banList[ip] = crtTime
aInfo["bantime"] = crtTime
executeCmd(self.banIP(aInfo), debug)
self.runCheck(debug)
cmd = self.banIP(aInfo)
if executeCmd(cmd, debug):
raise ExternalError("Firewall: execution of fwban command " +
"'%s' failed"%cmd)
else:
logSys.error(ip+" already in ban list")
self.runCheck(debug)
logSys.error("%s: "%self.section+ip+" already in ban list")
def delBanIP(self, aInfo, debug):
""" Unban an IP.
"""
ip = aInfo["ip"]
if self.inBanList(ip):
logSys.warn("Unban "+ip)
logSys.warn("%s: Unban "%self.section + ip)
del self.banList[ip]
self.runCheck(debug)
executeCmd(self.unBanIP(aInfo), debug)
else:
logSys.error(ip+" not in ban list")
logSys.error("%s: "%self.section+ip+" not in ban list")
def reBan(self, debug):
""" Re-Bans known IPs.
TODO: implement "failures" and "failtime"
"""
for ip in self.banList:
aInfo = {"ip": ip,
"bantime":self.banList[ip]}
logSys.warn("%s: ReBan "%self.section + ip)
# next piece is similar to the on in addBanIp
# so might be one more function will not hurt
self.runCheck(debug)
executeCmd(self.banIP(aInfo), debug)
def inBanList(self, ip):
""" Checks if IP is in ban list.
"""
return self.banList.has_key(ip)
def runCheck(self, debug):
""" Runs fwcheck command and throws an exception if it returns non-0
result
"""
if self.mustCheck:
executeCmd(self.checkRule, debug)
else:
return None
def checkForUnBan(self, debug):
""" Check for IP to remove from ban list.
"""
@ -93,7 +158,12 @@ class Firewall:
aInfo = {"ip": element[0],
"bantime": element[1],
"unbantime": time.time()}
self.delBanIP(aInfo, debug)
try:
self.delBanIP(aInfo, debug)
except ExternalError:
# we must let it fail here in the loop, or we don't
# flush properly
pass
def banIP(self, aInfo):
""" Returns query to ban IP.

18
logreader/logreader.py
View File

@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
# $Revision: 1.13.2.8 $
# $Revision: 1.14 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.13.2.8 $"
__date__ = "$Date: 2005/09/05 21:06:15 $"
__version__ = "$Revision: 1.14 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@ -97,15 +97,15 @@ class LogReader:
"""
try:
self.logStats = os.stat(self.logPath)
if self.lastModTime == self.logStats.st_mtime:
return False
else:
logSys.debug(self.logPath+" has been modified")
self.lastModTime = self.logStats.st_mtime
return True
except OSError:
logSys.error("Unable to get stat on "+self.logPath)
if self.lastModTime == self.logStats.st_mtime:
return False
else:
logSys.debug(self.logPath+" has been modified")
self.lastModTime = self.logStats.st_mtime
return True
def setFilePos(self, file):
""" Sets the file position. We must take care of log file rotation

7
man/fail2ban.8
View File

@ -33,10 +33,13 @@ display this help message
kill a currently running Fail2Ban instance
.TP
\fB\-r\fR \fIVALUE\fR
allow a max of \fIVALUE\fR password failure
allow a max of \fIVALUE\fR password failure [maxfailures]
.TP
\fB\-t\fR \fITIME\fR
ban IP for \fITIME\fR seconds
ban IP for \fITIME\fR seconds [bantime]
.TP
\fB\-f\fR \fITIME\fR
lifetime in seconds of failed entry [findtime]
.TP
\fB\-v\fR
verbose. Use twice for greater effect

6
setup.py
View File

@ -18,11 +18,11 @@
# Author: Cyril Jaquier
#
# $Revision: 1.4.2.4 $
# $Revision: 1.5 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.4.2.4 $"
__date__ = "$Date: 2005/08/07 13:10:39 $"
__version__ = "$Revision: 1.5 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"

6
utils/dns.py
View File

@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
# $Revision: 1.7.2.3 $
# $Revision: 1.8 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.7.2.3 $"
__date__ = "$Date: 2005/08/17 19:26:49 $"
__version__ = "$Revision: 1.8 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"

19
utils/mail.py
View File

@ -16,18 +16,17 @@
# Author: Cyril Jaquier
#
# $Revision: 1.1.2.4 $
# $Revision: 1.2 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.1.2.4 $"
__date__ = "$Date: 2005/09/12 14:42:08 $"
__version__ = "$Revision: 1.2 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
import logging, smtplib
import logging, smtplib, email.Utils
from utils.strings import replaceTag
from time import strftime, gmtime
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban")
@ -39,6 +38,7 @@ class Mail:
def __init__(self, host, port = 25):
self.host = host
self.port = port
self.localTimeFlag = False
def setFromAddr(self, fromAddr):
""" Set from: address
@ -50,6 +50,11 @@ class Mail:
"""
self.toAddr = toAddr.split()
def setLocalTimeFlag(self, localTimeFlag):
""" Set to: address
"""
self.localTimeFlag = localTimeFlag
def sendmail(self, subject, message, aInfo):
""" Send an email using smtplib
"""
@ -58,7 +63,7 @@ class Mail:
mail = ("From: %s\r\nTo: %s\r\nDate: %s\r\nSubject: %s\r\n\r\n" %
(self.fromAddr, ", ".join(self.toAddr),
strftime("%a, %d %b %Y %H:%M:%S +0000", gmtime()),
email.Utils.formatdate(localtime = self.localTimeFlag),
subj)) + msg
try:
@ -71,4 +76,4 @@ class Mail:
logSys.error("Unable to send mail to " + self.host + ":" +
`self.port` + " from " + self.fromAddr + " to " +
`self.toAddr` + ": " + `e` + ": " + `e.args`)

9
utils/pidlock.py
View File

@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
# $Revision: 1.1.2.2 $
# $Revision: 1.2 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.1.2.2 $"
__date__ = "$Date: 2005/08/07 13:08:18 $"
__version__ = "$Revision: 1.2 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@ -70,6 +70,9 @@ class PIDLock:
logSys.debug("Removed PID lock " + self.path)
except OSError:
logSys.error("Unable to remove PID lock " + self.path)
except AttributeError:
# AttributeError if self.path wasn't specified yet
logSys.debug("PID lock not removed because not defined yet")
def exists(self):
""" Returns the current PID if Fail2Ban is running or False

12
utils/process.py
View File

@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
# $Revision: 1.1.2.4 $
# $Revision: 1.2 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.1.2.4 $"
__date__ = "$Date: 2005/08/04 20:48:30 $"
__version__ = "$Revision: 1.2 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@ -29,6 +29,11 @@ import os, logging, signal
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban")
class ExternalError(UserWarning):
""" Exception to warn about failed fwcheck or fwban command
"""
pass
def createDaemon():
""" Detach a process from the controlling terminal and run it in the
background as a daemon.
@ -126,6 +131,7 @@ def executeCmd(cmd, debug):
retval = os.system(cmd)
if not retval == 0:
logSys.error("'" + cmd + "' returned " + `retval`)
raise ExternalError("Execution of command '%s' failed" % cmd)
return retval
else:
return None

6
utils/strings.py
View File

@ -16,11 +16,11 @@
# Author: Cyril Jaquier
#
# $Revision: 1.1.2.2 $
# $Revision: 1.2 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.1.2.2 $"
__date__ = "$Date: 2005/08/01 16:35:18 $"
__version__ = "$Revision: 1.2 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"

8
version.py
View File

@ -16,12 +16,12 @@
# Author: Cyril Jaquier
#
# $Revision: 1.12.2.10 $
# $Revision: 1.13 $
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 1.12.2.10 $"
__date__ = "$Date: 2005/09/13 20:43:00 $"
__version__ = "$Revision: 1.13 $"
__date__ = "$Date: 2005/11/20 17:07:47 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
version = "0.5.4"
version = "0.6.0"