github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

BF: do not pass dangling symlinks to the server to be monitored 

This is more of a workaround I guess than a "solution".  Ideally server
should be more clever and allow adding symlinks which eventually might
point to existing file.  But that is probably would be too much complication
for a rare use case.  User on the mailing list informed that then server
does not monitor even other files, thus as a quick workaround -- do not even add dangling links
pull/369/head
Yaroslav Halchenko 2013-09-28 22:16:34 -04:00
parent cf76019cca
commit dcaacad7e3
2 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
client/jailreader.py
View File

@ -24,7 +24,7 @@ __author__ = "Cyril Jaquier"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier" __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL" __license__ = "GPL"
import logging, re, glob import logging, re, glob, os.path
from configreader import ConfigReader from configreader import ConfigReader
from filterreader import FilterReader from filterreader import FilterReader
@ -56,6 +56,22 @@ class JailReader(ConfigReader):
def isEnabled(self): def isEnabled(self):
return self.__force_enable or self.__opts["enabled"] return self.__force_enable or self.__opts["enabled"]
@staticmethod
def _glob(path):
"""Given a path for glob return list of files to be passed to server.
Dangling symlinks are warned about and not returned
"""
pathList = []
for p in glob.glob(path):
if not os.path.exists(p):
logSys.warning("File %s doesn't even exist, thus cannot be monitored" % p)
elif not os.path.lexists(p):
logSys.warning("File %s is a dangling link, thus cannot be monitored" % p)
else:
pathList.append(p)
return pathList
def getOptions(self): def getOptions(self):
opts = [["bool", "enabled", "false"], opts = [["bool", "enabled", "false"],
["string", "logpath", "/var/log/messages"], ["string", "logpath", "/var/log/messages"],
@ -118,7 +134,7 @@ class JailReader(ConfigReader):
if opt == "logpath": if opt == "logpath":
found_files = 0 found_files = 0
for path in self.__opts[opt].split("\n"): for path in self.__opts[opt].split("\n"):
pathList = glob.glob(path) pathList = JailReader._glob(path)
if len(pathList) == 0: if len(pathList) == 0:
logSys.error("No file(s) found for glob %s" % path) logSys.error("No file(s) found for glob %s" % path)
for p in pathList: for p in pathList:

14
testcases/clientreadertestcase.py
View File

@ -22,6 +22,7 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2013 Yaroslav Halchenko"
__license__ = "GPL" __license__ = "GPL"
import os, tempfile, shutil, unittest import os, tempfile, shutil, unittest
from client.configreader import ConfigReader from client.configreader import ConfigReader
from client.jailreader import JailReader from client.jailreader import JailReader
from client.jailsreader import JailsReader from client.jailsreader import JailsReader
@ -117,6 +118,19 @@ class JailReaderTest(unittest.TestCase):
result = JailReader.splitAction(action) result = JailReader.splitAction(action)
self.assertEqual(expected, result) self.assertEqual(expected, result)
def testGlob(self):
d = tempfile.mkdtemp(prefix="f2b-temp")
# Generate few files
# regular file
open(os.path.join(d, 'f1'), 'w').close()
# dangling link
os.symlink('nonexisting', os.path.join(d, 'f2'))
# must be only f1
self.assertEqual(JailReader._glob(os.path.join(d, '*')), [os.path.join(d, 'f1')])
# since f2 is dangling -- empty list
self.assertEqual(JailReader._glob(os.path.join(d, 'f2')), [])
class JailsReaderTest(unittest.TestCase): class JailsReaderTest(unittest.TestCase):
def testProvidingBadBasedir(self): def testProvidingBadBasedir(self):