github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

- Added more comments 

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@55 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.6
Cyril Jaquier 2005-02-18 21:51:32 +00:00
parent e339a48751
commit ff088ec333
2 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/fail2ban.conf.default
View File

@ -41,7 +41,8 @@ interface = eth0
polltime = 1 polltime = 1
# You can define a new section for each log file to check for # You can define a new section for each log file to check for
# password failure. # password failure. Each section has to define the following
# options: logfile, timeregex, timepattern, failregex.
[Apache] [Apache]
# logfile: file to monitor. # logfile: file to monitor.

39
logreader/logreader.py
View File

@ -80,6 +80,12 @@ class LogReader:
return True return True
def getFailures(self): def getFailures(self):
""" Gets all the failure in the log file which are
newer than time.time()-self.findTime.
Returns a dict with the IP, the number of failure
and the latest failure time.
"""
ipList = dict() ipList = dict()
logFile = self.openLogFile() logFile = self.openLogFile()
for line in logFile.readlines(): for line in logFile.readlines():
@ -101,33 +107,44 @@ class LogReader:
return ipList return ipList
def findFailure(self, line): def findFailure(self, line):
match = self.matchLine(line, self.failregex) """ Finds the failure in line. Uses the failregex pattern
to find it and timeregex in order to find the logging
time.
Returns a dict with IP and timestamp.
"""
match = self.matchLine(self.failregex, line)
if match: if match:
timeMatch = self.matchLine(match.string, self.timeregex) timeMatch = self.matchLine(self.timeregex, match.string)
if timeMatch: if timeMatch:
date = self.getUnixTime(timeMatch.group(), self.timepattern) date = self.getUnixTime(timeMatch.group())
ipMatch = self.matchAddress(match.string) ipMatch = self.matchAddress(match.string)
if ipMatch: if ipMatch:
ip = ipMatch.group() ip = ipMatch.group()
return [ip, date] return [ip, date]
return None return None
def getUnixTime(self, value, pattern): def getUnixTime(self, value):
date = list(time.strptime(value, pattern)) """ Returns the Unix timestamp of the given value.
Pattern should describe the date construction of
value.
"""
date = list(time.strptime(value, self.timepattern))
if date[0] < 2000: if date[0] < 2000:
date[0] = time.gmtime()[0] date[0] = time.gmtime()[0]
unixTime = time.mktime(date) unixTime = time.mktime(date)
return unixTime return unixTime
def matchLine(self, line, pattern): def matchLine(self, pattern, line):
""" Checks if the line contains a pattern. It does this for all """ Checks if the line contains a pattern.
classes specified in *parserList*. We use a singleton to avoid
creating/destroying objects too much.
Return a dict with the IP and number of retries. Return a match object.
""" """
return re.search(pattern, line) return re.search(pattern, line)
def matchAddress(self, line): def matchAddress(self, line):
return re.search("(?:\d{1,3}\.){3}\d{1,3}", line) """ Return a match on the IP address present in
line.
"""
return self.matchLine("(?:\d{1,3}\.){3}\d{1,3}", line)