mirror of https://github.com/fail2ban/fail2ban
added -e (enabledsections) command line parameter
parent
ac5242815f
commit
d4ee4645ec
|
@ -1,4 +1,4 @@
|
||||||
fail2ban (0.5.4-5.11) unstable; urgency=low
|
fail2ban (0.5.4-5.12) unstable; urgency=low
|
||||||
|
|
||||||
* Added a notification regarding the importance of 0.5.4-5 change of
|
* Added a notification regarding the importance of 0.5.4-5 change of
|
||||||
failregex in the config file.
|
failregex in the config file.
|
||||||
|
@ -14,10 +14,12 @@ fail2ban (0.5.4-5.11) unstable; urgency=low
|
||||||
* Introduced fwcheck option to verify consistency of the
|
* Introduced fwcheck option to verify consistency of the
|
||||||
chains. Implemented automatic restart of fail2ban main function in
|
chains. Implemented automatic restart of fail2ban main function in
|
||||||
case if check of fwban or fwban command failed (closes: #329163, #331695).
|
case if check of fwban or fwban command failed (closes: #329163, #331695).
|
||||||
(Introduced patch was further adjusted by upstream author)
|
(Introduced patch was further adjusted by upstream author).
|
||||||
* Added -f command line parameter for [findtime]
|
* Added -f command line parameter for [findtime].
|
||||||
* Fixed the issue of not respecting command line parameters for parameters
|
* Fixed the issue of not respecting command line parameters for parameters
|
||||||
within sections
|
within sections.
|
||||||
|
* Added -e command line parameter to provide enabled sections from command
|
||||||
|
line.
|
||||||
|
|
||||||
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 3 Oct 2005 22:26:28 -1000
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 3 Oct 2005 22:26:28 -1000
|
||||||
|
|
||||||
|
|
22
fail2ban.py
22
fail2ban.py
|
@ -65,6 +65,7 @@ def dispUsage():
|
||||||
print " -r <VALUE> allow a max of VALUE password failure [maxfailures]"
|
print " -r <VALUE> allow a max of VALUE password failure [maxfailures]"
|
||||||
print " -t <TIME> ban IP for TIME seconds [bantime]"
|
print " -t <TIME> ban IP for TIME seconds [bantime]"
|
||||||
print " -f <TIME> lifetime in secods of failed entry [findtime]"
|
print " -f <TIME> lifetime in secods of failed entry [findtime]"
|
||||||
|
print " -e <NAMEs> enable sections listed in NAMEs (coma or colon separated)"
|
||||||
print " -v verbose. Use twice for greater effect"
|
print " -v verbose. Use twice for greater effect"
|
||||||
print " -V print software version"
|
print " -V print software version"
|
||||||
print
|
print
|
||||||
|
@ -138,6 +139,8 @@ def killApp():
|
||||||
def getCmdLineOptions(optList):
|
def getCmdLineOptions(optList):
|
||||||
""" Gets the command line options
|
""" Gets the command line options
|
||||||
"""
|
"""
|
||||||
|
# enabledsections can be defined just from the command line
|
||||||
|
conf["enabledsections"] = []
|
||||||
for opt in optList:
|
for opt in optList:
|
||||||
if opt[0] == "-v":
|
if opt[0] == "-v":
|
||||||
conf["verbose"] = conf["verbose"] + 1
|
conf["verbose"] = conf["verbose"] + 1
|
||||||
|
@ -165,6 +168,9 @@ def getCmdLineOptions(optList):
|
||||||
conf["pidlock"] = opt[1]
|
conf["pidlock"] = opt[1]
|
||||||
if opt[0] == "-k":
|
if opt[0] == "-k":
|
||||||
conf["kill"] = True
|
conf["kill"] = True
|
||||||
|
if opt[0] == "-e":
|
||||||
|
conf["enabledsections"] = map(lambda x: x.upper(),
|
||||||
|
re.split("[:, \t\n]", opt[1]))
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
""" Fail2Ban main function
|
""" Fail2Ban main function
|
||||||
|
@ -184,8 +190,8 @@ def main():
|
||||||
|
|
||||||
# Reads the command line options.
|
# Reads the command line options.
|
||||||
try:
|
try:
|
||||||
cmdOpts = 'hvVbdkc:t:i:r:p:'
|
cmdOpts = 'hvVbdkc:t:f:i:r:p:e:'
|
||||||
cmdLongOpts = ['help','version']
|
cmdLongOpts = ['help', 'version']
|
||||||
optList, args = getopt.getopt(sys.argv[1:], cmdOpts, cmdLongOpts)
|
optList, args = getopt.getopt(sys.argv[1:], cmdOpts, cmdLongOpts)
|
||||||
except getopt.GetoptError:
|
except getopt.GetoptError:
|
||||||
dispUsage()
|
dispUsage()
|
||||||
|
@ -371,7 +377,7 @@ def main():
|
||||||
mailConf = confReader.getLogOptions("MAIL", optionValues)
|
mailConf = confReader.getLogOptions("MAIL", optionValues)
|
||||||
|
|
||||||
# Create mailer if enabled
|
# Create mailer if enabled
|
||||||
if mailConf["enabled"]:
|
if mailConf["enabled"] or ("MAIL" in conf["enabledsections"]):
|
||||||
logSys.debug("Mail enabled")
|
logSys.debug("Mail enabled")
|
||||||
mail = Mail(mailConf["host"], mailConf["port"])
|
mail = Mail(mailConf["host"], mailConf["port"])
|
||||||
mail.setFromAddr(mailConf["from"])
|
mail.setFromAddr(mailConf["from"])
|
||||||
|
@ -399,7 +405,7 @@ def main():
|
||||||
# Gets the options of each sections
|
# Gets the options of each sections
|
||||||
for t in confReader.getSections():
|
for t in confReader.getSections():
|
||||||
l = confReader.getLogOptions(t, optionValues)
|
l = confReader.getLogOptions(t, optionValues)
|
||||||
if l["enabled"]:
|
if l["enabled"] or ( t.upper() in conf["enabledsections"] ) :
|
||||||
# Creates a logreader object
|
# Creates a logreader object
|
||||||
enabledSections.append(t)
|
enabledSections.append(t)
|
||||||
lObj = LogReader(l["logfile"], l["timeregex"], l["timepattern"],
|
lObj = LogReader(l["logfile"], l["timeregex"], l["timepattern"],
|
||||||
|
@ -409,12 +415,20 @@ def main():
|
||||||
l["fwban"], l["fwunban"], l["fwcheck"], l["bantime"])
|
l["fwban"], l["fwunban"], l["fwcheck"], l["bantime"])
|
||||||
# "Name" the firewall
|
# "Name" the firewall
|
||||||
fObj.setSection(t)
|
fObj.setSection(t)
|
||||||
|
# Remove it if it was in conf["enabledsections"]
|
||||||
|
if t.upper() in conf["enabledsections"]:
|
||||||
|
conf["enabledsections"].remove(t.upper())
|
||||||
# Links them into a list. I'm not really happy
|
# Links them into a list. I'm not really happy
|
||||||
# with this :/
|
# with this :/
|
||||||
logFwList.append([t, lObj, fObj, dict()])
|
logFwList.append([t, lObj, fObj, dict()])
|
||||||
|
|
||||||
logSys.info("Enabled sections: %s"%enabledSections)
|
logSys.info("Enabled sections: %s"%enabledSections)
|
||||||
|
|
||||||
|
# Warn about such "bad" sections
|
||||||
|
if len(conf["enabledsections"])>0:
|
||||||
|
logSys.warn("Sections %s defined in command "%conf["enabledsections"] +
|
||||||
|
"line were not found in config, thus ignored")
|
||||||
|
|
||||||
# We add 127.0.0.1 to the ignore list has we do not want
|
# We add 127.0.0.1 to the ignore list has we do not want
|
||||||
# to be ban ourself.
|
# to be ban ourself.
|
||||||
for element in logFwList:
|
for element in logFwList:
|
||||||
|
|
Loading…
Reference in New Issue