From d22b2498d4dd2ba3f4ea45260335783648eb62cf Mon Sep 17 00:00:00 2001 From: sebres Date: Fri, 24 Oct 2014 01:32:04 +0200 Subject: [PATCH] normalizing time config entries: use time abbreviation (str2seconds) for all time options such 'dbpurgeage', 'bantime', 'findtime', ex.: default '1d' instead '86400'; code review and test case extended; --- config/fail2ban.conf | 2 +- config/jail.conf | 14 +++++++------- fail2ban/client/fail2banreader.py | 2 +- fail2ban/client/jailreader.py | 6 +++--- fail2ban/server/database.py | 2 +- fail2ban/server/mytime.py | 6 ++++-- fail2ban/server/transmitter.py | 4 ++-- fail2ban/tests/clientreadertestcase.py | 2 +- fail2ban/tests/databasetestcase.py | 9 +++++++++ fail2ban/tests/servertestcase.py | 2 ++ 10 files changed, 31 insertions(+), 18 deletions(-) diff --git a/config/fail2ban.conf b/config/fail2ban.conf index 89e2538e..7c001155 100644 --- a/config/fail2ban.conf +++ b/config/fail2ban.conf @@ -66,4 +66,4 @@ dbfile = /var/lib/fail2ban/fail2ban.sqlite3 # Options: dbpurgeage # Notes.: Sets age at which bans should be purged from the database # Values: [ SECONDS ] Default: 86400 (24hours) -dbpurgeage = 86400 +dbpurgeage = 1d diff --git a/config/jail.conf b/config/jail.conf index c8dc6d9c..21b97798 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -18,7 +18,7 @@ # See man 5 jail.conf for details. # # [DEFAULT] -# bantime = 3600 +# bantime = 1h # # [sshd] # enabled = true @@ -56,11 +56,11 @@ ignoreip = 127.0.0.1/8 ignorecommand = # "bantime" is the number of seconds that a host is banned. -bantime = 600 +bantime = 10m # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. -findtime = 600 +findtime = 10m # "maxretry" is the number of failures before a host get banned. maxretry = 5 @@ -258,7 +258,7 @@ logpath = %(apache_error_log)s # for email addresses. The mail outputs are buffered. port = http,https logpath = %(apache_access_log)s -bantime = 172800 +bantime = 48h maxretry = 1 @@ -738,8 +738,8 @@ maxretry = 5 logpath = /var/log/fail2ban.log banaction = %(banaction_allports)s -bantime = 604800 ; 1 week -findtime = 86400 ; 1 day +bantime = 1w +findtime = 1d maxretry = 5 @@ -818,7 +818,7 @@ filter = apache-pass logpath = %(apache_access_log)s blocktype = RETURN returntype = DROP -bantime = 3600 +bantime = 1h maxretry = 1 findtime = 1 diff --git a/fail2ban/client/fail2banreader.py b/fail2ban/client/fail2banreader.py index 709f4b5d..c55f65ea 100644 --- a/fail2ban/client/fail2banreader.py +++ b/fail2ban/client/fail2banreader.py @@ -49,7 +49,7 @@ class Fail2banReader(ConfigReader): ["string", "logtarget", "STDERR"], ["string", "syslogsocket", "auto"], ["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"], - ["int", "dbpurgeage", 86400]] + ["string", "dbpurgeage", "1d"]] self.__opts = ConfigReader.getOptions(self, "Definition", opts) def convert(self): diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py index 54ac59fa..46f910e3 100644 --- a/fail2ban/client/jailreader.py +++ b/fail2ban/client/jailreader.py @@ -97,9 +97,9 @@ class JailReader(ConfigReader): ["string", "logpath", None], ["string", "logencoding", None], ["string", "backend", "auto"], - ["int", "maxretry", None], - ["int", "findtime", None], - ["int", "bantime", None], + ["int", "maxretry", None], + ["string", "findtime", None], + ["string", "bantime", None], ["string", "usedns", None], ["string", "failregex", None], ["string", "ignoreregex", None], diff --git a/fail2ban/server/database.py b/fail2ban/server/database.py index fcc56f73..3cfaa5a6 100644 --- a/fail2ban/server/database.py +++ b/fail2ban/server/database.py @@ -218,7 +218,7 @@ class Fail2BanDb(object): @purgeage.setter def purgeage(self, value): - self._purgeAge = int(value) + self._purgeAge = MyTime.str2seconds(value) @commitandrollback def createDb(self, cur): diff --git a/fail2ban/server/mytime.py b/fail2ban/server/mytime.py index 0a7e6a79..47509f19 100644 --- a/fail2ban/server/mytime.py +++ b/fail2ban/server/mytime.py @@ -116,8 +116,11 @@ class MyTime: # # @returns number (calculated seconds from expression "val") - #@staticmethod + @staticmethod def str2seconds(val): + # replace together standing abbreviations, example '1d12h' -> '1d 12h': + val = re.sub(r"(?i)(?<=[a-z])(\d)", r" \1", val) + # replace abbreviation with expression: for rexp, rpl in ( (r"days?|da|dd?", 24*60*60), (r"week?|wee?|ww?", 7*24*60*60), (r"months?|mon?", (365*3+366)*24*60*60/4/12), (r"years?|yea?|yy?", (365*3+366)*24*60*60/4), (r"seconds?|sec?|ss?", 1), (r"minutes?|min?|mm?", 60), (r"hours?|ho|hh?", 60*60), @@ -125,4 +128,3 @@ class MyTime: val = re.sub(r"(?i)(?<=[\d\s])(%s)\b" % rexp, "*"+str(rpl), val) val = re.sub(r"(\d)\s+(\d)", r"\1+\2", val); return eval(val) - str2seconds = staticmethod(str2seconds) diff --git a/fail2ban/server/transmitter.py b/fail2ban/server/transmitter.py index 0d9f0fe4..eb5b7713 100644 --- a/fail2ban/server/transmitter.py +++ b/fail2ban/server/transmitter.py @@ -216,7 +216,7 @@ class Transmitter: return self.__server.getUseDns(name) elif command[1] == "findtime": value = command[2] - self.__server.setFindTime(name, int(value)) + self.__server.setFindTime(name, value) return self.__server.getFindTime(name) elif command[1] == "datepattern": value = command[2] @@ -233,7 +233,7 @@ class Transmitter: # command elif command[1] == "bantime": value = command[2] - self.__server.setBanTime(name, int(value)) + self.__server.setBanTime(name, value) return self.__server.getBanTime(name) elif command[1] == "banip": value = command[2] diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py index d19090be..d0c37a3e 100644 --- a/fail2ban/tests/clientreadertestcase.py +++ b/fail2ban/tests/clientreadertestcase.py @@ -668,7 +668,7 @@ class JailsReaderTest(LogCaptureTestCase): self.assertEqual(sorted(commands), [['set', 'dbfile', '/var/lib/fail2ban/fail2ban.sqlite3'], - ['set', 'dbpurgeage', 86400], + ['set', 'dbpurgeage', '1d'], ['set', 'loglevel', "INFO"], ['set', 'logtarget', '/var/log/fail2ban.log'], ['set', 'syslogsocket', 'auto']]) diff --git a/fail2ban/tests/databasetestcase.py b/fail2ban/tests/databasetestcase.py index 3d156eda..083be2b2 100644 --- a/fail2ban/tests/databasetestcase.py +++ b/fail2ban/tests/databasetestcase.py @@ -70,6 +70,15 @@ class DatabaseTest(LogCaptureTestCase): return self.assertEqual(self.dbFilename, self.db.filename) + def testPurgeAge(self): + if Fail2BanDb is None: # pragma: no cover + return + self.assertEqual(self.db.purgeage, 86400) + self.db.purgeage = '1y6mon15d5h30m' + self.assertEqual(self.db.purgeage, 48652200) + self.db.purgeage = '2y 12mon 30d 10h 60m' + self.assertEqual(self.db.purgeage, 48652200*2) + def testCreateInvalidPath(self): if Fail2BanDb is None: # pragma: no cover return diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py index 07e10c7d..a7d7adef 100644 --- a/fail2ban/tests/servertestcase.py +++ b/fail2ban/tests/servertestcase.py @@ -259,6 +259,7 @@ class Transmitter(TransmitterBase): def testJailFindTime(self): self.setGetTest("findtime", "120", 120, jail=self.jailName) self.setGetTest("findtime", "60", 60, jail=self.jailName) + self.setGetTest("findtime", "30m", 30*60, jail=self.jailName) self.setGetTest("findtime", "-60", -60, jail=self.jailName) self.setGetTestNOK("findtime", "Dog", jail=self.jailName) @@ -266,6 +267,7 @@ class Transmitter(TransmitterBase): self.setGetTest("bantime", "600", 600, jail=self.jailName) self.setGetTest("bantime", "50", 50, jail=self.jailName) self.setGetTest("bantime", "-50", -50, jail=self.jailName) + self.setGetTest("bantime", "15d 5h 30m", 1315800, jail=self.jailName) self.setGetTestNOK("bantime", "Cat", jail=self.jailName) def testDatePattern(self):