github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

BF: Add error handling in badips.py action

pull/641/head
Steven Hiscocks 2014-02-14 17:10:34 +00:00
parent dff8909473
commit cf81ddd8e2
1 changed files with 51 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
config/action.d/badips.py
View File

@ -20,6 +20,7 @@
import json import json
from functools import partial from functools import partial
import threading import threading
import logging
import sys import sys
if sys.version_info >= (3, ): if sys.version_info >= (3, ):
from urllib.request import Request, urlopen from urllib.request import Request, urlopen
@ -207,42 +208,52 @@ class BadIPsAction(ActionBase):
def _banIPs(self, ips): def _banIPs(self, ips):
for ip in ips: for ip in ips:
self._jail.actions[self.banaction].ban({ try:
'ip': ip, self._jail.actions[self.banaction].ban({
'failures': 0, 'ip': ip,
'matches': "", 'failures': 0,
'ipmatches': "", 'matches': "",
'ipjailmatches': "", 'ipmatches': "",
}) 'ipjailmatches': "",
self._bannedips.add(ip) })
self._logSys.info( except Exception as e:
"Banned IP %s for jail '%s' with action '%s'", self._logSys.error(
ip, self._jail.getName(), self.banaction) "Error banning IP %s for jail '%s' with action '%s': %s",
ip, self._jail.getName(), self.banaction, e,
exc_info=self._logSys.getEffectiveLevel<=logging.DEBUG)
else:
self._bannedips.add(ip)
self._logSys.info(
"Banned IP %s for jail '%s' with action '%s'",
ip, self._jail.getName(), self.banaction)
def _unbanIPs(self, ips): def _unbanIPs(self, ips):
for ip in ips: for ip in ips:
self._jail.actions[self.banaction].unban({ try:
'ip': ip, self._jail.actions[self.banaction].unban({
'failures': 0, 'ip': ip,
'matches': "", 'failures': 0,
'ipmatches': "", 'matches': "",
'ipjailmatches': "", 'ipmatches': "",
}) 'ipjailmatches': "",
self._bannedips.remove(ip) })
self._logSys.info( except Exception as e:
"Unbanned IP %s for jail '%s' with action '%s'", self._logSys.info(
ip, self._jail.getName(), self.banaction) "Error unbanning IP %s for jail '%s' with action '%s': %s",
ip, self._jail.getName(), self.banaction, e,
exc_info=self._logSys.getEffectiveLevel<=logging.DEBUG)
else:
self._logSys.info(
"Unbanned IP %s for jail '%s' with action '%s'",
ip, self._jail.getName(), self.banaction)
finally:
self._bannedips.remove(ip)
def start(self): def start(self):
"""If `banaction` set, blacklists bad IPs. """If `banaction` set, blacklists bad IPs.
""" """
if self.banaction is not None: if self.banaction is not None:
self._banIPs(self.getList(self.category, self.score, self.age)) self.update()
self._timer = threading.Timer(self.updateperiod, self.update)
self._timer.start()
self._logSys.info(
"Banned IPs for jail '%s'. Update in %i seconds",
self._jail.getName(), self.updateperiod)
def update(self): def update(self):
"""If `banaction` set, updates blacklisted IPs. """If `banaction` set, updates blacklisted IPs.
@ -256,17 +267,19 @@ class BadIPsAction(ActionBase):
self._timer.cancel() self._timer.cancel()
self._timer = None self._timer = None
ips = self.getList(self.category, self.score, self.age) try:
# Remove old IPs no longer listed ips = self.getList(self.category, self.score, self.age)
self._unbanIPs(self._bannedips - ips) # Remove old IPs no longer listed
# Add new IPs which are now listed self._unbanIPs(self._bannedips - ips)
self._banIPs(ips - self._bannedips) # Add new IPs which are now listed
self._banIPs(ips - self._bannedips)
self._timer = threading.Timer(self.updateperiod, self.update) self._logSys.info(
self._timer.start() "Updated IPs for jail '%s'. Update again in %i seconds",
self._logSys.info( self._jail.getName(), self.updateperiod)
"Updated IPs for jail '%s'. Update again in %i seconds", finally:
self._jail.getName(), self.updateperiod) self._timer = threading.Timer(self.updateperiod, self.update)
self._timer.start()
def stop(self): def stop(self):
"""If `banaction` set, clears blacklisted IPs. """If `banaction` set, clears blacklisted IPs.