github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

- Fixed rebanned bug 

- Clarified available tags

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@455 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.x
Cyril Jaquier 2006-11-12 10:56:21 +00:00
parent f8989581b4
commit d6e49f8480
8 changed files with 50 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
config/action.d/dummy.conf
View File

@ -18,7 +18,7 @@ actionstart = touch /tmp/fail2ban.dummy
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
# Values: CMD # Values: CMD
# #
actionstop = rm /tmp/fail2ban.dummy actionstop = rm -f /tmp/fail2ban.dummy
# Option: fwcheck # Option: fwcheck
# Notes.: command executed once before each fwban command # Notes.: command executed once before each fwban command
@ -31,8 +31,7 @@ actioncheck =
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <failures> number of failures # <failures> number of failures
# <failtime> unix timestamp of the last failure # <time> unix timestamp of the ban time
# <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionban = echo "+<ip>" >> /tmp/fail2ban.dummy actionban = echo "+<ip>" >> /tmp/fail2ban.dummy
@ -41,8 +40,8 @@ actionban = echo "+<ip>" >> /tmp/fail2ban.dummy
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <bantime> unix timestamp of the ban time # <failures> number of failures
# <unbantime> unix timestamp of the unban time # <time> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionunban = echo "-<ip>" >> /tmp/fail2ban.dummy actionunban = echo "-<ip>" >> /tmp/fail2ban.dummy

7
config/action.d/hostsdeny.conf
View File

@ -30,8 +30,7 @@ actioncheck =
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <failures> number of failures # <failures> number of failures
# <failtime> unix timestamp of the last failure # <time> unix timestamp of the ban time
# <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionban = IP=<ip> && actionban = IP=<ip> &&
@ -41,8 +40,8 @@ actionban = IP=<ip> &&
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <bantime> unix timestamp of the ban time # <failures> number of failures
# <unbantime> unix timestamp of the unban time # <time> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionunban = IP=<ip> && actionunban = IP=<ip> &&

7
config/action.d/ipfw.conf
View File

@ -34,8 +34,7 @@ actioncheck =
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <failures> number of failures # <failures> number of failures
# <failtime> unix timestamp of the last failure # <time> unix timestamp of the ban time
# <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionban = ipfw add deny tcp from <ip> to <localhost> <port> actionban = ipfw add deny tcp from <ip> to <localhost> <port>
@ -45,8 +44,8 @@ actionban = ipfw add deny tcp from <ip> to <localhost> <port>
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <bantime> unix timestamp of the ban time # <failures> number of failures
# <unbantime> unix timestamp of the unban time # <time> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'` actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'`

7
config/action.d/iptables.conf
View File

@ -34,8 +34,7 @@ actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <failures> number of failures # <failures> number of failures
# <failtime> unix timestamp of the last failure # <time> unix timestamp of the ban time
# <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
@ -44,8 +43,8 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <bantime> unix timestamp of the ban time # <failures> number of failures
# <unbantime> unix timestamp of the unban time # <time> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP

7
config/action.d/mail-whois.conf
View File

@ -36,8 +36,7 @@ actioncheck =
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <failures> number of failures # <failures> number of failures
# <failtime> unix timestamp of the last failure # <time> unix timestamp of the ban time
# <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionban = echo -en "Hi,\n actionban = echo -en "Hi,\n
@ -52,8 +51,8 @@ actionban = echo -en "Hi,\n
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <bantime> unix timestamp of the ban time # <failures> number of failures
# <unbantime> unix timestamp of the unban time # <time> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionunban = actionunban =

7
config/action.d/mail.conf
View File

@ -36,8 +36,7 @@ actioncheck =
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <failures> number of failures # <failures> number of failures
# <failtime> unix timestamp of the last failure # <time> unix timestamp of the ban time
# <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionban = echo -en "Hi,\n actionban = echo -en "Hi,\n
@ -50,8 +49,8 @@ actionban = echo -en "Hi,\n
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <bantime> unix timestamp of the ban time # <failures> number of failures
# <unbantime> unix timestamp of the unban time # <time> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionunban = actionunban =

7
config/action.d/shorewall.conf
View File

@ -30,8 +30,7 @@ actioncheck =
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <failures> number of failures # <failures> number of failures
# <failtime> unix timestamp of the last failure # <time> unix timestamp of the ban time
# <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionban = shorewall reject <ip> actionban = shorewall reject <ip>
@ -40,8 +39,8 @@ actionban = shorewall reject <ip>
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights. # command is executed with Fail2Ban user rights.
# Tags: <ip> IP address # Tags: <ip> IP address
# <bantime> unix timestamp of the ban time # <failures> number of failures
# <unbantime> unix timestamp of the unban time # <time> unix timestamp of the ban time
# Values: CMD # Values: CMD
# #
actionunban = shorewall allow <ip> actionunban = shorewall allow <ip>

24
server/actions.py
View File

@ -134,11 +134,15 @@ class Actions(JailThread):
bTicket = BanManager.createBanTicket(ticket) bTicket = BanManager.createBanTicket(ticket)
aInfo["ip"] = bTicket.getIP() aInfo["ip"] = bTicket.getIP()
aInfo["failures"] = bTicket.getAttempt() aInfo["failures"] = bTicket.getAttempt()
aInfo["time"] = bTicket.getTime()
if self.__banManager.addBanTicket(bTicket):
logSys.warn("[%s] Ban %s" % (self.jail.getName(), aInfo["ip"])) logSys.warn("[%s] Ban %s" % (self.jail.getName(), aInfo["ip"]))
for action in self.__actions: for action in self.__actions:
action.execActionBan(aInfo) action.execActionBan(aInfo)
self.__banManager.addBanTicket(bTicket)
return True return True
else:
logSys.warn("[%s] %s already banned" % (self.jail.getName(),
aInfo["ip"]))
return False return False
## ##
@ -148,11 +152,7 @@ class Actions(JailThread):
def __checkUnBan(self): def __checkUnBan(self):
for ticket in self.__banManager.unBanList(MyTime.time()): for ticket in self.__banManager.unBanList(MyTime.time()):
aInfo = dict() self.__unBan(ticket)
aInfo["ip"] = ticket.getIP()
logSys.warn("[%s] Unban %s" % (self.jail.getName(), aInfo["ip"]))
for action in self.__actions:
action.execActionUnban(aInfo)
## ##
# Flush the ban list. # Flush the ban list.
@ -162,12 +162,24 @@ class Actions(JailThread):
def __flushBan(self): def __flushBan(self):
logSys.debug("Flush ban list") logSys.debug("Flush ban list")
for ticket in self.__banManager.flushBanList(): for ticket in self.__banManager.flushBanList():
self.__unBan(ticket)
##
# Unbans host corresponding to the ticket.
#
# Executes the actions in order to unban the host given in the
# ticket.
def __unBan(self, ticket):
aInfo = dict() aInfo = dict()
aInfo["ip"] = ticket.getIP() aInfo["ip"] = ticket.getIP()
aInfo["failures"] = ticket.getAttempt()
aInfo["time"] = ticket.getTime()
logSys.warn("[%s] Unban %s" % (self.jail.getName(), aInfo["ip"])) logSys.warn("[%s] Unban %s" % (self.jail.getName(), aInfo["ip"]))
for action in self.__actions: for action in self.__actions:
action.execActionUnban(aInfo) action.execActionUnban(aInfo)
## ##
# Get the status of the filter. # Get the status of the filter.
# #