added -e (enabledsections) command line parameter

debian-releases/etch
Yaroslav Halchenko 2005-10-15 05:47:35 +00:00
parent ac5242815f
commit d4ee4645ec
2 changed files with 24 additions and 8 deletions

10
debian/changelog vendored
View File

@ -1,4 +1,4 @@
fail2ban (0.5.4-5.11) unstable; urgency=low fail2ban (0.5.4-5.12) unstable; urgency=low
* Added a notification regarding the importance of 0.5.4-5 change of * Added a notification regarding the importance of 0.5.4-5 change of
failregex in the config file. failregex in the config file.
@ -14,10 +14,12 @@ fail2ban (0.5.4-5.11) unstable; urgency=low
* Introduced fwcheck option to verify consistency of the * Introduced fwcheck option to verify consistency of the
chains. Implemented automatic restart of fail2ban main function in chains. Implemented automatic restart of fail2ban main function in
case if check of fwban or fwban command failed (closes: #329163, #331695). case if check of fwban or fwban command failed (closes: #329163, #331695).
(Introduced patch was further adjusted by upstream author) (Introduced patch was further adjusted by upstream author).
* Added -f command line parameter for [findtime] * Added -f command line parameter for [findtime].
* Fixed the issue of not respecting command line parameters for parameters * Fixed the issue of not respecting command line parameters for parameters
within sections within sections.
* Added -e command line parameter to provide enabled sections from command
line.
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 3 Oct 2005 22:26:28 -1000 -- Yaroslav Halchenko <debian@onerussian.com> Mon, 3 Oct 2005 22:26:28 -1000

View File

@ -65,6 +65,7 @@ def dispUsage():
print " -r <VALUE> allow a max of VALUE password failure [maxfailures]" print " -r <VALUE> allow a max of VALUE password failure [maxfailures]"
print " -t <TIME> ban IP for TIME seconds [bantime]" print " -t <TIME> ban IP for TIME seconds [bantime]"
print " -f <TIME> lifetime in secods of failed entry [findtime]" print " -f <TIME> lifetime in secods of failed entry [findtime]"
print " -e <NAMEs> enable sections listed in NAMEs (coma or colon separated)"
print " -v verbose. Use twice for greater effect" print " -v verbose. Use twice for greater effect"
print " -V print software version" print " -V print software version"
print print
@ -138,6 +139,8 @@ def killApp():
def getCmdLineOptions(optList): def getCmdLineOptions(optList):
""" Gets the command line options """ Gets the command line options
""" """
# enabledsections can be defined just from the command line
conf["enabledsections"] = []
for opt in optList: for opt in optList:
if opt[0] == "-v": if opt[0] == "-v":
conf["verbose"] = conf["verbose"] + 1 conf["verbose"] = conf["verbose"] + 1
@ -165,6 +168,9 @@ def getCmdLineOptions(optList):
conf["pidlock"] = opt[1] conf["pidlock"] = opt[1]
if opt[0] == "-k": if opt[0] == "-k":
conf["kill"] = True conf["kill"] = True
if opt[0] == "-e":
conf["enabledsections"] = map(lambda x: x.upper(),
re.split("[:, \t\n]", opt[1]))
def main(): def main():
""" Fail2Ban main function """ Fail2Ban main function
@ -184,8 +190,8 @@ def main():
# Reads the command line options. # Reads the command line options.
try: try:
cmdOpts = 'hvVbdkc:t:i:r:p:' cmdOpts = 'hvVbdkc:t:f:i:r:p:e:'
cmdLongOpts = ['help','version'] cmdLongOpts = ['help', 'version']
optList, args = getopt.getopt(sys.argv[1:], cmdOpts, cmdLongOpts) optList, args = getopt.getopt(sys.argv[1:], cmdOpts, cmdLongOpts)
except getopt.GetoptError: except getopt.GetoptError:
dispUsage() dispUsage()
@ -371,7 +377,7 @@ def main():
mailConf = confReader.getLogOptions("MAIL", optionValues) mailConf = confReader.getLogOptions("MAIL", optionValues)
# Create mailer if enabled # Create mailer if enabled
if mailConf["enabled"]: if mailConf["enabled"] or ("MAIL" in conf["enabledsections"]):
logSys.debug("Mail enabled") logSys.debug("Mail enabled")
mail = Mail(mailConf["host"], mailConf["port"]) mail = Mail(mailConf["host"], mailConf["port"])
mail.setFromAddr(mailConf["from"]) mail.setFromAddr(mailConf["from"])
@ -399,7 +405,7 @@ def main():
# Gets the options of each sections # Gets the options of each sections
for t in confReader.getSections(): for t in confReader.getSections():
l = confReader.getLogOptions(t, optionValues) l = confReader.getLogOptions(t, optionValues)
if l["enabled"]: if l["enabled"] or ( t.upper() in conf["enabledsections"] ) :
# Creates a logreader object # Creates a logreader object
enabledSections.append(t) enabledSections.append(t)
lObj = LogReader(l["logfile"], l["timeregex"], l["timepattern"], lObj = LogReader(l["logfile"], l["timeregex"], l["timepattern"],
@ -409,12 +415,20 @@ def main():
l["fwban"], l["fwunban"], l["fwcheck"], l["bantime"]) l["fwban"], l["fwunban"], l["fwcheck"], l["bantime"])
# "Name" the firewall # "Name" the firewall
fObj.setSection(t) fObj.setSection(t)
# Remove it if it was in conf["enabledsections"]
if t.upper() in conf["enabledsections"]:
conf["enabledsections"].remove(t.upper())
# Links them into a list. I'm not really happy # Links them into a list. I'm not really happy
# with this :/ # with this :/
logFwList.append([t, lObj, fObj, dict()]) logFwList.append([t, lObj, fObj, dict()])
logSys.info("Enabled sections: %s"%enabledSections) logSys.info("Enabled sections: %s"%enabledSections)
# Warn about such "bad" sections
if len(conf["enabledsections"])>0:
logSys.warn("Sections %s defined in command "%conf["enabledsections"] +
"line were not found in config, thus ignored")
# We add 127.0.0.1 to the ignore list has we do not want # We add 127.0.0.1 to the ignore list has we do not want
# to be ban ourself. # to be ban ourself.
for element in logFwList: for element in logFwList: