Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge commit 'upstream/0.7.5' into maint/etch

  • Loading branch information...
commit 2bd7fb04d218b324dacc6e7cf1a6bb4ff2030436 2 parents 066cce1 + 3253660
@yarikoptic yarikoptic authored
Showing with 7,672 additions and 0 deletions.
  1. +284 −0 CHANGELOG
  2. +15 −0 PKG-INFO
  3. +95 −0 README
  4. +35 −0 TODO
  5. +25 −0 client/__init__.py
  6. +90 −0 client/actionreader.py
  7. +129 −0 client/beautifier.py
  8. +99 −0 client/configreader.py
  9. +76 −0 client/configurator.py
  10. +58 −0 client/csocket.py
  11. +58 −0 client/fail2banreader.py
  12. +74 −0 client/filterreader.py
  13. +141 −0 client/jailreader.py
  14. +71 −0 client/jailsreader.py
  15. +25 −0 common/__init__.py
  16. +107 −0 common/protocol.py
  17. +27 −0 common/version.py
  18. +64 −0 config/action.d/hostsdeny.conf
  19. +65 −0 config/action.d/ipfw.conf
  20. +69 −0 config/action.d/iptables.conf
  21. +69 −0 config/action.d/mail-whois.conf
  22. +67 −0 config/action.d/mail.conf
  23. +46 −0 config/action.d/shorewall.conf
  24. +32 −0 config/fail2ban.conf
  25. +22 −0 config/filter.d/apache-auth.conf
  26. +22 −0 config/filter.d/apache-noscript.conf
  27. +23 −0 config/filter.d/courierlogin.conf
  28. +22 −0 config/filter.d/couriersmtp.conf
  29. +22 −0 config/filter.d/postfix.conf
  30. +22 −0 config/filter.d/proftpd.conf
  31. +22 −0 config/filter.d/qmail.conf
  32. +22 −0 config/filter.d/sasl.conf
  33. +22 −0 config/filter.d/sshd.conf
  34. +22 −0 config/filter.d/vsftpd.conf
  35. +142 −0 config/jail.conf
  36. +336 −0 fail2ban-client
  37. +164 −0 fail2ban-regex
  38. +135 −0 fail2ban-server
  39. +79 −0 fail2ban-testcases
  40. +52 −0 files/gentoo-initd
  41. +89 −0 files/redhat-initd
  42. +252 −0 man/fail2ban-client.1
  43. +12 −0 man/fail2ban-client.h2m
  44. +27 −0 man/fail2ban-regex.1
  45. +10 −0 man/fail2ban-regex.h2m
  46. +46 −0 man/fail2ban-server.1
  47. +9 −0 man/fail2ban-server.h2m
  48. +43 −0 man/generate-man
  49. +25 −0 server/__init__.py
  50. +226 −0 server/action.py
  51. +194 −0 server/actions.py
  52. +205 −0 server/banmanager.py
  53. +50 −0 server/banticket.py
  54. +144 −0 server/datedetector.py
  55. +44 −0 server/dateepoch.py
  56. +84 −0 server/datestrptime.py
  57. +46 −0 server/datetai64n.py
  58. +71 −0 server/datetemplate.py
  59. +53 −0 server/faildata.py
  60. +132 −0 server/failmanager.py
  61. +37 −0 server/failticket.py
  62. +558 −0 server/filter.py
  63. +121 −0 server/filtergamin.py
  64. +141 −0 server/filterpoll.py
  65. +109 −0 server/jail.py
  66. +165 −0 server/jails.py
  67. +118 −0 server/jailthread.py
  68. +50 −0 server/mytime.py
  69. +413 −0 server/server.py
  70. +133 −0 server/ssocket.py
  71. +56 −0 server/ticket.py
  72. +265 −0 server/transmitter.py
  73. +5 −0 setup.cfg
  74. +121 −0 setup.py
  75. +25 −0 testcases/__init__.py
  76. +47 −0 testcases/actiontestcase.py
  77. +56 −0 testcases/banmanagertestcase.py
  78. +43 −0 testcases/clientreadertestcase.py
  79. +67 −0 testcases/datedetectortestcase.py
  80. +79 −0 testcases/failmanagertestcase.py
  81. +19 −0 testcases/files/testcase01.log
  82. +13 −0 testcases/files/testcase02.log
  83. +9 −0 testcases/files/testcase03.log
  84. +15 −0 testcases/files/testcase04.log
  85. +168 −0 testcases/filtertestcase.py
  86. +127 −0 testcases/servertestcase.py
View
284 CHANGELOG
@@ -0,0 +1,284 @@
+ __ _ _ ___ _
+ / _|__ _(_) |_ ) |__ __ _ _ _
+ | _/ _` | | |/ /| '_ \/ _` | ' \
+ |_| \__,_|_|_/___|_.__/\__,_|_||_|
+
+=============================================================
+Fail2Ban (version 0.7.5) 2006/12/07
+=============================================================
+
+ver. 0.7.5 (2006/12/07) - beta
+----------
+- Do not ban a host that is currently banned. Thanks to
+ Yaroslav Halchenko
+- The supported tags in "action(un)ban" are <ip>, <failures>
+ and <time>
+- Fixed refactoring bug (getLastcommand -> getLastAction)
+- Added option "ignoreregex" in filter scripts and jail.conf.
+ Feature Request #1283304
+- Fixed a bug in user defined time regex/pattern
+- Improved documentation
+- Moved version.py and protocol.py to common/
+- Merged "maxtime" option with "findtime"
+- Added "<HOST>" tag support in failregex which matches
+ default IP address/hostname. "(?P<host>\S)" is still valid
+ and supported
+- Fixed exception when calling fail2ban-server with unknown
+ option
+- Fixed Debian bug 400162. The "socket" option is now handled
+ correctly by fail2ban-client
+- Fixed RedHat init script. Thanks to Justin Shore
+- Changed timeout to 30 secondes before assuming the server
+ cannot be started. Thanks to Joël Bertrand
+
+ver. 0.7.4 (2006/11/01) - beta
+----------
+- Improved configuration files. Thanks to Yaroslav Halchenko
+- Added man page for "fail2ban-regex"
+- Moved ban/unban messages from "info" level to "warn"
+- Added "-s" option to specify the socket path and "socket"
+ option in "fail2ban.conf"
+- Added "backend" option in "jail.conf"
+- Added more filters/actions and jail samples. Thanks to Nick
+ Munger, Christoph Haas
+- Improved testing framework
+- Fixed a bug in the return code handling of the executed
+ commands. Thanks to Yaroslav Halchenko
+- Signal handling. There is a bug with join() and signal in
+ Python
+- Better debugging output for "fail2ban-regex"
+- Added support for more date format
+- cPickle does not work with Python 2.5. Use pickle instead
+ (performance is not a problem in our case)
+
+ver. 0.7.3 (2006/09/28) - beta
+----------
+- Added man pages. Thanks to Yaroslav Halchenko
+- Added wildcard support for "logpath"
+- Added Gamin (file and directory monitoring system) support
+- (Re)added "ignoreip" option
+- Added more concurrency protection
+- First attempt at solving bug #1457620 (locale issue)
+- Performance improvements
+- (Re)added permanent banning with banTime < 0
+- Added DNS support to "ignoreip". Feature Request #1285859
+
+ver. 0.7.2 (2006/09/10) - beta
+----------
+- Refactoring and code cleanup
+- Improved client output
+- Added more get/set commands
+- Added more configuration templates
+- Removed "logpath" and "maxretry" from filter templates.
+ They must be defined in jail.conf now
+- Added interactive mode. Use "-i"
+- Added a date detector. "timeregex" and "timepattern" are no
+ more needed
+- Added "fail2ban-regex". This is a tool to help finding
+ "failregex"
+- Improved server communication. Start a new thread for each
+ incoming request. Fail2ban is not really thread-safe yet
+
+ver. 0.7.1 (2006/08/23) - alpha
+----------
+- Fixed daemon mode bug
+- Added Gentoo init.d script
+- Fixed path bug when trying to start "fail2ban-server"
+- Fixed reload command
+
+ver. 0.7.0 (2006/08/23) - alpha
+----------
+- Almost a complete rewrite :) Fail2ban design is really
+ better (IMHO). There is a lot of new features
+- Client/Server architecture
+- Multithreading. Each jail has its own threads: one for the
+ log reading and another for the actions
+- Execute several actions
+- Split configuration files. They are more readable and easy
+ to use
+- failregex uses group (<host>) now. This feature was already
+ present in the Debian package
+- lots of things...
+
+ver. 0.6.1 (2006/03/16) - stable
+----------
+- Added permanent banning. Set banTime to a negative value to
+ enable this feature (-1 is perfect). Thanks to Mannone
+- Fixed locale bug. Thanks to Fernando José
+- Fixed crash when time format does not match data
+- Propagated patch from Debian to fix fail2ban search path
+ addition to the path search list: now it is added first.
+ Thanks to Nick Craig-Wood
+- Added SMTP authentification for mail notification. Thanks
+ to Markus Hoffmann
+- Removed debug mode as it is confusing for people
+- Added parsing of timestamp in TAI64N format (#1275325).
+ Thanks to Mark Edgington
+- Added patch #1382936 (Default formatted syslog logging).
+ Thanks to Patrick B�rjesson
+- Removed 192.168.0.0/16 from ignoreip. Attacks could also
+ come from the local network.
+- Robust startup: if iptables module does not get fully
+ initialized after startup of fail2ban, fail2ban will do
+ "maxreinit" attempts to initialize its own firewall. It
+ will sleep between attempts for "polltime" number of
+ seconds (closes Debian: #334272). Thanks to Yaroslav
+ Halchenko
+- Added "interpolations" in fail2ban.conf. This is provided
+ by the ConfigParser module. Old configuration files still
+ work. Thanks to Yaroslav Halchenko
+- Added initial support for hosts.deny and shorewall. Need
+ more testing. Please test. Thanks to kojiro from Gentoo
+ forum for hosts.deny support
+- Added support for vsftpd. Thanks to zugeschmiert
+
+ver. 0.6.0 (2005/11/20) - stable
+----------
+- Propagated patches introduced by Debian maintainer
+ (Yaroslav Halchenko):
+ * Added an option to report local time (including timezone)
+ or GMT in mail notification.
+
+ver. 0.5.5 (2005/10/26) - beta
+----------
+- Propagated patches introduced by Debian maintainer
+ (Yaroslav Halchenko):
+ * Introduced fwcheck option to verify consistency of the
+ chains. Implemented automatic restart of fail2ban main
+ function in case check of fwban or fwunban command failed
+ (closes: #329163, #331695). (Introduced patch was further
+ adjusted by upstream author).
+ * Added -f command line parameter for [findtime].
+ * Added a cleanup of firewall rules on emergency shutdown
+ when unknown exception is catched.
+ * Fail2ban should not crash now if a wrong file name is
+ specified in config.
+ * reordered code a bit so that log targets are setup right
+ after background and then only loglevel (verbose, debug)
+ is processed, so the warning could be seen in the logs
+ * Added a keyword <section> in parsing of the subject and
+ the body of an email sent out by fail2ban (closes:
+ #330311)
+
+ver. 0.5.4 (2005/09/13) - beta
+----------
+- Fixed bug #1286222.
+- Propagated patches introduced by Debian maintainer
+ (Yaroslav Halchenko):
+ * Fixed handling of SYSLOG logging target. Now it can log
+ to any SYSLOG target and facility as directed by the
+ config
+ * Format of SYSLOG entries fixed to look closer to standard
+ * Fixed errata in config/gentoo-confd
+ * Introduced findtime configuration variable to control the
+ lifetime of caught "failed" log entries
+
+ver. 0.5.3 (2005/09/08) - beta
+----------
+- Fixed a bug when overriding "maxfailures" or "bantime".
+ Thanks to Yaroslav Halchenko
+- Added more debug output if an error occurs when sending
+ mail. Thanks to Stephen Gildea
+- Renamed "maxretry" to "maxfailures" and changed default
+ value to 5. Thanks to Stephen Gildea
+- Hopefully fixed bug #1256075
+- Fixed bug #1262345
+- Fixed exception handling in PIDLock
+- Removed warning when using "-V" or "-h" with no config
+ file. Thanks to Yaroslav Halchenko
+- Removed "-i eth0" from config file. Thanks to Yaroslav
+ Halchenko
+
+ver. 0.5.2 (2005/08/06) - beta
+----------
+- Better PID lock file handling. Should close #1239562
+- Added man pages
+- Removed log4py dependency. Use logging module instead
+- "maxretry" and "bantime" can be overridden in each section
+- Fixed bug #1246278 (excessive memory usage)
+- Fixed crash on wrong option value in configuration file
+- Changed custom chains to lowercase
+
+ver. 0.5.1 (2005/07/23) - beta
+----------
+- Fixed bugs #1241756, #1239557
+- Added log targets in configuration file. Removed -l option
+- Changed iptables rules in order to create a separated chain
+ for each section
+- Fixed static banList in firewall.py
+- Added an initd script for Debian. Thanks to Yaroslav
+ Halchenko
+- Check for obsolete files after install
+
+ver. 0.5.0 (2005/07/12) - beta
+----------
+- Added support for CIDR mask in ignoreip
+- Added mail notification support
+- Fixed bug #1234699
+- Added tags replacement in rules definition. Should allow a
+ clean solution for Feature Request #1229479
+- Removed "interface" and "firewall" options
+- Added start and end commands in the configuration file.
+ Thanks to Yaroslav Halchenko
+- Added firewall rules definition in the configuration file
+- Cleaned fail2ban.py
+- Added an initd script for RedHat/Fedora. Thanks to Andrey
+ G. Grozin
+
+ver. 0.4.1 (2005/06/30) - stable
+----------
+- Fixed textToDNS method which generated wrong matches for
+ "rhost=12-xyz...". Thanks to Tom Pike
+- fail2ban.conf modified for readability. Thanks to Iain Lea
+- Added an initd script for Gentoo
+- Changed default PID lock file location from /tmp to
+ /var/run
+
+ver. 0.4.0 (2005/04/24) - stable
+----------
+- Fixed textToDNS which did not recognize strings like
+ "12-345-67-890.abcd.mnopqr.xyz"
+
+ver. 0.3.1 (2005/03/31) - beta
+----------
+- Corrected level of messages
+- Added DNS lookup support
+- Improved parsing speed. Only parse the new log messages
+- Added a second verbose level (-vv)
+
+ver. 0.3.0 (2005/02/24) - beta
+----------
+- Re-writting of parts of the code in order to handle several
+ log files with different rules
+- Removed sshd.py because it is no more needed
+- Fixed a bug when exiting with IP in the ban list
+- Added PID lock file
+- Improved some parts of the code
+- Added ipfw-start-rule option (thanks to Robert Edeker)
+- Added -k option which kills a currently running Fail2Ban
+
+ver. 0.1.2 (2004/11/21) - beta
+----------
+- Add ipfw and ipfwadm support. The rules are taken from
+ BlockIt. Thanks to Robert Edeker
+- Add -e option which allows to set the interface. Thanks to
+ Robert Edeker who reminded me this
+- Small code cleaning
+
+ver. 0.1.1 (2004/10/23) - beta
+----------
+- Add SIGTERM handler in order to exit nicely when in daemon
+ mode
+- Add -r option which allows to set the maximum number of
+ login failures
+- Remove the Metalog class as the log file are not so syslog
+ daemon specific
+- Rewrite log reader to be service centered. Sshd support
+ added. Match "Failed password" and "Illegal user"
+- Add /etc/fail2ban.conf configuration support
+- Code documentation
+
+
+ver. 0.1.0 (2004/10/12) - alpha
+----------
+- Initial release
View
15 PKG-INFO
@@ -0,0 +1,15 @@
+Metadata-Version: 1.0
+Name: fail2ban
+Version: 0.7.5
+Summary: Ban IPs that make too many password failure
+Home-page: http://fail2ban.sourceforge.net
+Author: Cyril Jaquier
+Author-email: lostcontrol@users.sourceforge.net
+License: GPL
+Description:
+ Fail2Ban scans log files like /var/log/pwdfail or
+ /var/log/apache/error_log and bans IP that makes
+ too many password failures. It updates firewall rules
+ to reject the IP address or executes user defined
+ commands.
+Platform: Posix
View
95 README
@@ -0,0 +1,95 @@
+ __ _ _ ___ _
+ / _|__ _(_) |_ ) |__ __ _ _ _
+ | _/ _` | | |/ /| '_ \/ _` | ' \
+ |_| \__,_|_|_/___|_.__/\__,_|_||_|
+
+=============================================================
+Fail2Ban (version 0.7.5) 2006/12/07
+=============================================================
+
+Fail2Ban scans log files like /var/log/pwdfail and bans IP
+that makes too many password failures. It updates firewall
+rules to reject the IP address. These rules can be defined by
+the user. Fail2Ban can read multiple log files such as sshd
+or Apache web server ones.
+
+This README is a quick introduction to Fail2ban. More
+documentation, FAQ, HOWTOs are available on the project
+website: http://fail2ban.sourceforge.net
+
+Installation:
+-------------
+
+Required:
+ >=python-2.4 (http://www.python.org)
+
+Optional:
+ >=gamin-0.0.21 (http://www.gnome.org/~veillard/gamin)
+
+To install, just do:
+
+> tar xvfj fail2ban-0.7.5.tar.bz2
+> cd fail2ban-0.7.5
+> python setup.py install
+
+This will install Fail2Ban into /usr/lib/fail2ban. The
+executable scripts are placed into /usr/bin.
+
+Gentoo: ebuilds are available on the website.
+Debian: Fail2Ban is in Debian unstable.
+RedHat: packages are available on the website.
+
+Fail2Ban should be correctly installed now. Just type:
+
+> fail2ban-client -h
+
+to see if everything is alright. You should always use
+fail2ban-client and never call fail2ban-server directly.
+
+Configuration:
+--------------
+
+You can configure Fail2ban using the files in /etc/fail2ban.
+It is possible to configure the server using commands sent to
+it by fail2ban-client. The available commands are described
+in the man page of fail2ban-client. Please refer to it or to
+the website: http://fail2ban.sourceforge.net
+
+Contact:
+--------
+
+You need some new features, you found bugs or you just
+appreciate this program, you can contact me at:
+
+Website: http://fail2ban.sourceforge.net
+
+Cyril Jaquier: <lostcontrol@users.sourceforge.net>
+
+Thanks:
+-------
+
+Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
+Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
+Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
+Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
+Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand
+
+License:
+--------
+
+Fail2Ban is free software; you can redistribute it
+and/or modify it under the terms of the GNU General Public
+License as published by the Free Software Foundation; either
+version 2 of the License, or (at your option) any later
+version.
+
+Fail2Ban is distributed in the hope that it will be
+useful, but WITHOUT ANY WARRANTY; without even the implied
+warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE. See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public
+License along with Fail2Ban; if not, write to the Free
+Software Foundation, Inc., 59 Temple Place, Suite 330,
+Boston, MA 02111-1307 USA
View
35 TODO
@@ -0,0 +1,35 @@
+ __ _ _ ___ _
+ / _|__ _(_) |_ ) |__ __ _ _ _
+ | _/ _` | | |/ /| '_ \/ _` | ' \
+ |_| \__,_|_|_/___|_.__/\__,_|_||_|
+
+=============================================================
+ToDo $Revision: 468 $
+=============================================================
+
+Legend:
+- not yet done
+? maybe
+# partially done
+* done
+
+- Better handling of the protocol in transmitter.py
+
+- Add gettext support (I18N)
+
+- Fix the cPickle issue with Python 2.5
+
+- Multiline log reading
+
+- Improve communication. (asyncore, asynchat??)
+
+- Improve execution of action. Why does subprocess.call
+ deadlock with multi-jails?
+
+# see Feature Request Tracking System at SourceForge.net
+
+# improve documentation and website for user
+
+# better return values in function
+
+# refactoring in server.py, actions.py, filter.py
View
25 client/__init__.py
@@ -0,0 +1,25 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 433 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 433 $"
+__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
View
90 client/actionreader.py
@@ -0,0 +1,90 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 433 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 433 $"
+__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import logging
+from configreader import ConfigReader
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.client.config")
+
+class ActionReader(ConfigReader):
+
+ def __init__(self, action, name):
+ ConfigReader.__init__(self)
+ self.__file = action[0]
+ self.__cInfo = action[1]
+ self.__name = name
+
+ def setFile(self, fileName):
+ self.__file = fileName
+
+ def getFile(self):
+ return self.__file
+
+ def setName(self, name):
+ self.__name = name
+
+ def getName(self):
+ return self.__name
+
+ def read(self):
+ return ConfigReader.read(self, "action.d/" + self.__file)
+
+ def getOptions(self, pOpts):
+ opts = [["string", "actionstart", ""],
+ ["string", "actionstop", ""],
+ ["string", "actioncheck", ""],
+ ["string", "actionban", ""],
+ ["string", "actionunban", ""]]
+ self.__opts = ConfigReader.getOptions(self, "Definition", opts, pOpts)
+
+ if self.has_section("Init"):
+ for opt in self.options("Init"):
+ if not self.__cInfo.has_key(opt):
+ self.__cInfo[opt] = self.get("Init", opt)
+
+ def convert(self):
+ head = ["set", self.__name]
+ stream = list()
+ stream.append(head + ["addaction", self.__file])
+ for opt in self.__opts:
+ if opt == "actionstart":
+ stream.append(head + ["actionstart", self.__file, self.__opts[opt]])
+ elif opt == "actionstop":
+ stream.append(head + ["actionstop", self.__file, self.__opts[opt]])
+ elif opt == "actioncheck":
+ stream.append(head + ["actioncheck", self.__file, self.__opts[opt]])
+ elif opt == "actionban":
+ stream.append(head + ["actionban", self.__file, self.__opts[opt]])
+ elif opt == "actionunban":
+ stream.append(head + ["actionunban", self.__file, self.__opts[opt]])
+ # cInfo
+ if self.__cInfo:
+ for p in self.__cInfo:
+ stream.append(head + ["setcinfo", self.__file, p, self.__cInfo[p]])
+
+ return stream
+
View
129 client/beautifier.py
@@ -0,0 +1,129 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 288 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 288 $"
+__date__ = "$Date: 2006-08-22 23:59:51 +0200 (Tue, 22 Aug 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+from server.jails import UnknownJailException
+from server.jails import DuplicateJailException
+import logging
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.client.config")
+
+##
+# Beautify the output of the client.
+#
+# Fail2ban server only return unformatted return codes which need to be
+# converted into user readable messages.
+
+class Beautifier:
+
+ def __init__(self, cmd = None):
+ self.__inputCmd = cmd
+
+ def setInputCmd(self, cmd):
+ self.__inputCmd = cmd
+
+ def getInputCmd(self):
+ return self.__inputCmd
+
+ def beautify(self, response):
+ logSys.debug("Beautify " + `response` + " with " + `self.__inputCmd`)
+ inC = self.__inputCmd
+ msg = response
+ try:
+ if inC[0] == "ping":
+ msg = "Server replied: " + response
+ elif inC[0] == "start":
+ msg = "Jail started"
+ elif inC[0] == "stop":
+ if len(inC) == 1:
+ if response == None:
+ msg = "Shutdown successful"
+ else:
+ if response == None:
+ msg = "Jail stopped"
+ elif inC[0] == "add":
+ msg = "Added jail " + response
+ elif inC[0:1] == ['status']:
+ if len(inC) > 1:
+ msg = "Status for the jail: " + inC[1] + "\n"
+ msg = msg + "|- " + response[0][0] + "\n"
+ msg = msg + "| |- " + response[0][1][0][0] + ":\t\t" + `response[0][1][0][1]` + "\n"
+ msg = msg + "| `- " + response[0][1][1][0] + ":\t\t" + `response[0][1][1][1]` + "\n"
+ msg = msg + "`- " + response[1][0] + "\n"
+ msg = msg + " |- " + response[1][1][0][0] + ":\t\t" + `response[1][1][0][1]` + "\n"
+ msg = msg + " `- " + response[1][1][1][0] + ":\t\t" + `response[1][1][1][1]`
+ else:
+ msg = "Status\n"
+ msg = msg + "|- " + response[0][0] + ":\t" + `response[0][1]` + "\n"
+ msg = msg + "`- " + response[1][0] + ":\t\t" + response[1][1]
+ elif inC[1] == "logtarget":
+ msg = "Current logging target is:\n"
+ msg = msg + "`- " + response
+ elif inC[1:2] == ['loglevel']:
+ msg = "Current logging level is "
+ if response == 1:
+ msg = msg + "ERROR"
+ elif response == 2:
+ msg = msg + "WARN"
+ elif response == 3:
+ msg = msg + "INFO"
+ elif response == 4:
+ msg = msg + "DEBUG"
+ else:
+ msg = msg + `response`
+ elif inC[2] in ("logpath", "addlogpath", "dellogpath"):
+ if len(response) == 0:
+ msg = "No file is currently monitored"
+ else:
+ msg = "Current monitored log file(s):\n"
+ for path in response[:-1]:
+ msg = msg + "|- " + path + "\n"
+ msg = msg + "`- " + response[len(response)-1]
+ elif inC[2] in ("ignoreip", "addignoreip", "delignoreip"):
+ if len(response) == 0:
+ msg = "No IP address/network is ignored"
+ else:
+ msg = "These IP addresses/networks are ignored:\n"
+ for ip in response[:-1]:
+ msg = msg + "|- " + ip + "\n"
+ msg = msg + "`- " + response[len(response)-1]
+ except Exception:
+ logSys.warn("Beautifier error. Please report the error")
+ logSys.error("Beautify " + `response` + " with " + `self.__inputCmd` +
+ " failed")
+ msg = msg + `response`
+ return msg
+
+ def beautifyError(self, response):
+ logSys.debug("Beautify (error) " + `response` + " with " + `self.__inputCmd`)
+ msg = response
+ if isinstance(response, UnknownJailException):
+ msg = "Sorry but the jail '" + response[0] + "' does not exist"
+ elif isinstance(response, IndexError):
+ msg = "Sorry but the command is invalid"
+ elif isinstance(response, DuplicateJailException):
+ msg = "The jail '" + response[0] + "' already exists"
+ return msg
View
99 client/configreader.py
@@ -0,0 +1,99 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 458 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 458 $"
+__date__ = "$Date: 2006-11-12 15:52:36 +0100 (Sun, 12 Nov 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import logging, os
+from ConfigParser import SafeConfigParser
+from ConfigParser import NoOptionError, NoSectionError
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.client.config")
+
+class ConfigReader(SafeConfigParser):
+
+ BASE_DIRECTORY = "/etc/fail2ban/"
+
+ def __init__(self):
+ SafeConfigParser.__init__(self)
+ self.__opts = None
+
+ @staticmethod
+ def setBaseDir(folderName):
+ path = folderName.rstrip('/')
+ ConfigReader.BASE_DIRECTORY = path + '/'
+
+ @staticmethod
+ def getBaseDir():
+ return ConfigReader.BASE_DIRECTORY
+
+ def read(self, filename):
+ basename = ConfigReader.BASE_DIRECTORY + filename
+ logSys.debug("Reading " + basename)
+ bConf = basename + ".conf"
+ bLocal = basename + ".local"
+ if os.path.exists(bConf) or os.path.exists(bLocal):
+ SafeConfigParser.read(self, [bConf, bLocal])
+ return True
+ else:
+ logSys.error(bConf + " and " + bLocal + " do not exist")
+ return False
+
+ ##
+ # Read the options.
+ #
+ # Read the given option in the configuration file. Default values
+ # are used...
+ # Each optionValues entry is composed of an array with:
+ # 0 -> the type of the option
+ # 1 -> the name of the option
+ # 2 -> the default value for the option
+
+ def getOptions(self, sec, options, pOptions = None):
+ values = dict()
+ for option in options:
+ try:
+ if option[0] == "bool":
+ v = self.getboolean(sec, option[1])
+ elif option[0] == "int":
+ v = self.getint(sec, option[1])
+ else:
+ v = self.get(sec, option[1])
+ if not pOptions == None and option[1] in pOptions:
+ continue
+ values[option[1]] = v
+ except NoSectionError, e:
+ # No "Definition" section or wrong basedir
+ logSys.error(e)
+ values[option[1]] = option[2]
+ except NoOptionError:
+ if not option[2] == None:
+ logSys.warn("'%s' not defined in '%s'. Using default value"
+ % (option[1], sec))
+ values[option[1]] = option[2]
+ except ValueError:
+ logSys.warn("Wrong value for '" + option[1] + "' in '" + sec +
+ "'. Using default one: '" + `option[2]` + "'")
+ values[option[1]] = option[2]
+ return values
View
76 client/configurator.py
@@ -0,0 +1,76 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 433 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 433 $"
+__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import logging
+from configreader import ConfigReader
+from fail2banreader import Fail2banReader
+from jailsreader import JailsReader
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.client.config")
+
+class Configurator:
+
+ def __init__(self):
+ self.__settings = dict()
+ self.__streams = dict()
+ self.__fail2ban = Fail2banReader()
+ self.__jails = JailsReader()
+
+ @staticmethod
+ def setBaseDir(folderName):
+ ConfigReader.setBaseDir(folderName)
+
+ @staticmethod
+ def getBaseDir():
+ return ConfigReader.getBaseDir()
+
+ def readEarly(self):
+ self.__fail2ban.read()
+
+ def readAll(self):
+ self.readEarly()
+ self.__jails.read()
+
+ def getEarlyOptions(self):
+ return self.__fail2ban.getEarlyOptions()
+
+ def getAllOptions(self):
+ self.__fail2ban.getOptions()
+ self.__jails.getOptions()
+
+ def convertToProtocol(self):
+ self.__streams["general"] = self.__fail2ban.convert()
+ self.__streams["jails"] = self.__jails.convert()
+
+ def getConfigStream(self):
+ cmds = list()
+ for opt in self.__streams["general"]:
+ cmds.append(opt)
+ for opt in self.__streams["jails"]:
+ cmds.append(opt)
+ return cmds
+
View
58 client/csocket.py
@@ -0,0 +1,58 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 459 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 459 $"
+__date__ = "$Date: 2006-11-12 22:55:57 +0100 (Sun, 12 Nov 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+#from cPickle import dumps, loads, HIGHEST_PROTOCOL
+from pickle import dumps, loads, HIGHEST_PROTOCOL
+import socket
+
+class CSocket:
+
+ END_STRING = "<F2B_END_COMMAND>"
+
+ def __init__(self, sock = "/tmp/fail2ban.sock"):
+ # Create an INET, STREAMing socket
+ #self.csock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ self.__csock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+ #self.csock.connect(("localhost", 2222))
+ self.__csock.connect(sock)
+
+ def send(self, msg):
+ # Convert every list member to string
+ obj = dumps([str(m) for m in msg], HIGHEST_PROTOCOL)
+ self.__csock.send(obj + CSocket.END_STRING)
+ ret = self.receive(self.__csock)
+ self.__csock.close()
+ return ret
+
+ @staticmethod
+ def receive(sock):
+ msg = ''
+ while msg.rfind(CSocket.END_STRING) == -1:
+ chunk = sock.recv(6)
+ if chunk == '':
+ raise RuntimeError, "socket connection broken"
+ msg = msg + chunk
+ return loads(msg)
View
58 client/fail2banreader.py
@@ -0,0 +1,58 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 407 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 407 $"
+__date__ = "$Date: 2006-10-09 20:05:13 +0200 (Mon, 09 Oct 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import logging
+from configreader import ConfigReader
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.client.config")
+
+class Fail2banReader(ConfigReader):
+
+ def __init__(self):
+ ConfigReader.__init__(self)
+
+ def read(self):
+ ConfigReader.read(self, "fail2ban")
+
+ def getEarlyOptions(self):
+ opts = [["string", "socket", "/tmp/fail2ban.sock"]]
+ return ConfigReader.getOptions(self, "Definition", opts)
+
+ def getOptions(self):
+ opts = [["int", "loglevel", 1],
+ ["string", "logtarget", "STDERR"]]
+ self.__opts = ConfigReader.getOptions(self, "Definition", opts)
+
+ def convert(self):
+ stream = list()
+ for opt in self.__opts:
+ if opt == "loglevel":
+ stream.append(["set", "loglevel", self.__opts[opt]])
+ elif opt == "logtarget":
+ stream.append(["set", "logtarget", self.__opts[opt]])
+ return stream
+
View
74 client/filterreader.py
@@ -0,0 +1,74 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 458 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 458 $"
+__date__ = "$Date: 2006-11-12 15:52:36 +0100 (Sun, 12 Nov 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import logging
+from configreader import ConfigReader
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.client.config")
+
+class FilterReader(ConfigReader):
+
+ def __init__(self, fileName, name):
+ ConfigReader.__init__(self)
+ self.__file = fileName
+ self.__name = name
+
+ def setFile(self, fileName):
+ self.__file = fileName
+
+ def getFile(self):
+ return self.__file
+
+ def setName(self, name):
+ self.__name = name
+
+ def getName(self):
+ return self.__name
+
+ def read(self):
+ return ConfigReader.read(self, "filter.d/" + self.__file)
+
+ def getOptions(self, pOpts):
+ opts = [["string", "timeregex", None],
+ ["string", "timepattern", None],
+ ["string", "ignoreregex", ""],
+ ["string", "failregex", ""]]
+ self.__opts = ConfigReader.getOptions(self, "Definition", opts, pOpts)
+
+ def convert(self):
+ stream = list()
+ for opt in self.__opts:
+ if opt == "timeregex":
+ stream.append(["set", self.__name, "timeregex", self.__opts[opt]])
+ elif opt == "timepattern":
+ stream.append(["set", self.__name, "timepattern", self.__opts[opt]])
+ elif opt == "failregex":
+ stream.append(["set", self.__name, "failregex", self.__opts[opt]])
+ elif opt == "ignoreregex":
+ stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])
+ return stream
+
View
141 client/jailreader.py
@@ -0,0 +1,141 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 470 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 470 $"
+__date__ = "$Date: 2006-11-18 16:15:58 +0100 (Sat, 18 Nov 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import logging, re, glob
+
+from configreader import ConfigReader
+from filterreader import FilterReader
+from actionreader import ActionReader
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.client.config")
+
+class JailReader(ConfigReader):
+
+ actionCRE = re.compile("^((?:\w|-|_|\.)+)(?:\[(.*)\])?$")
+
+ def __init__(self, name):
+ ConfigReader.__init__(self)
+ self.__name = name
+ self.__filter = None
+ self.__actions = list()
+
+ def setName(self, value):
+ self.__name = value
+
+ def getName(self):
+ return self.__name
+
+ def read(self):
+ ConfigReader.read(self, "jail")
+
+ def isEnabled(self):
+ return self.__opts["enabled"]
+
+ def getOptions(self):
+ opts = [["bool", "enabled", "false"],
+ ["string", "logpath", "/var/log/messages"],
+ ["string", "backend", "auto"],
+ ["int", "maxretry", 3],
+ ["int", "findtime", 600],
+ ["int", "bantime", 600],
+ ["string", "failregex", None],
+ ["string", "ignoreregex", None],
+ ["string", "ignoreip", None],
+ ["string", "filter", ""],
+ ["string", "action", ""]]
+ self.__opts = ConfigReader.getOptions(self, self.__name, opts)
+
+ if self.isEnabled():
+ # Read filter
+ self.__filter = FilterReader(self.__opts["filter"], self.__name)
+ ret = self.__filter.read()
+ if ret:
+ self.__filter.getOptions(self.__opts)
+ else:
+ logSys.error("Unable to read the filter")
+ return False
+
+ # Read action
+ for act in self.__opts["action"].split('\n'):
+ try:
+ splitAct = JailReader.splitAction(act)
+ action = ActionReader(splitAct, self.__name)
+ ret = action.read()
+ if ret:
+ action.getOptions(self.__opts)
+ self.__actions.append(action)
+ else:
+ raise AttributeError("Unable to read action")
+ except AttributeError, e:
+ logSys.error("Error in action definition " + act)
+ logSys.debug(e)
+ return False
+ return True
+
+ def convert(self):
+ stream = []
+ for opt in self.__opts:
+ if opt == "logpath":
+ for path in self.__opts[opt].split("\n"):
+ pathList = glob.glob(path)
+ if len(pathList) == 0:
+ logSys.error("No file found for " + path)
+ for p in pathList:
+ stream.append(["set", self.__name, "addlogpath", p])
+ elif opt == "backend":
+ backend = self.__opts[opt]
+ elif opt == "maxretry":
+ stream.append(["set", self.__name, "maxretry", self.__opts[opt]])
+ elif opt == "ignoreip":
+ for ip in self.__opts[opt].split():
+ stream.append(["set", self.__name, "addignoreip", ip])
+ elif opt == "findtime":
+ stream.append(["set", self.__name, "findtime", self.__opts[opt]])
+ elif opt == "bantime":
+ stream.append(["set", self.__name, "bantime", self.__opts[opt]])
+ elif opt == "failregex":
+ stream.append(["set", self.__name, "failregex", self.__opts[opt]])
+ elif opt == "ignoreregex":
+ stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])
+ stream.extend(self.__filter.convert())
+ for action in self.__actions:
+ stream.extend(action.convert())
+ stream.insert(0, ["add", self.__name, backend])
+ return stream
+
+ @staticmethod
+ def splitAction(action):
+ m = JailReader.actionCRE.match(action)
+ d = dict()
+ if not m.group(2) == None:
+ for param in m.group(2).split(','):
+ p = param.split('=')
+ try:
+ d[p[0].strip()] = p[1].strip()
+ except IndexError:
+ logSys.error("Invalid argument %s in '%s'" % (p, m.group(2)))
+ return [m.group(1), d]
View
71 client/jailsreader.py
@@ -0,0 +1,71 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 433 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 433 $"
+__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import logging
+from configreader import ConfigReader
+from jailreader import JailReader
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.client.config")
+
+class JailsReader(ConfigReader):
+
+ def __init__(self):
+ ConfigReader.__init__(self)
+ self.__jails = list()
+
+ def read(self):
+ ConfigReader.read(self, "jail")
+
+ def getOptions(self):
+ opts = []
+ self.__opts = ConfigReader.getOptions(self, "Definition", opts)
+
+ for sec in self.sections():
+ jail = JailReader(sec)
+ jail.read()
+ ret = jail.getOptions()
+ if ret:
+ if jail.isEnabled():
+ # We only add enabled jails
+ self.__jails.append(jail)
+ else:
+ logSys.error("Errors in jail '" + sec + "'. Skipping...")
+
+ def convert(self):
+ stream = list()
+ for opt in self.__opts:
+ if opt == "":
+ stream.append([])
+ # Convert jails
+ for jail in self.__jails:
+ stream.extend(jail.convert())
+ # Start jails
+ for jail in self.__jails:
+ stream.append(["start", jail.getName()])
+
+ return stream
+
View
25 common/__init__.py
@@ -0,0 +1,25 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 433 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 433 $"
+__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
View
107 common/protocol.py
@@ -0,0 +1,107 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 456 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 456 $"
+__date__ = "$Date: 2006-11-12 11:56:40 +0100 (Sun, 12 Nov 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import textwrap
+
+##
+# Describes the protocol used to communicate with the server.
+
+protocol = [
+["start", "starts the server and the jails"],
+["reload", "reloads the configuration"],
+["stop", "stops all jails and terminate the server"],
+["status", "gets the current status of the server"],
+["ping", "tests if the server is alive"],
+['', ''],
+["set loglevel <LEVEL>", "sets logging level to <LEVEL>. 0 is minimal, 4 is debug"],
+["get loglevel", "gets the logging level"],
+["set logtarget <TARGET>", "sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file"],
+["get logtarget", "gets logging target"],
+['', ''],
+["add <JAIL> <BACKEND>", "creates <JAIL> using <BACKEND>"],
+['', ''],
+["set <JAIL> idle on|off", "sets the idle state of <JAIL>"],
+["set <JAIL> addignoreip <IP>", "adds <IP> to the ignore list of <JAIL>"],
+["set <JAIL> delignoreip <IP>", "removes <IP> from the ignore list of <JAIL>"],
+["set <JAIL> addlogpath <FILE>", "adds <FILE> to the monitoring list of <JAIL>"],
+["set <JAIL> dellogpath <FILE>", "removes <FILE> to the monitoring list of <JAIL>"],
+["set <JAIL> timeregex <REGEX>", "sets the regular expression <REGEX> to match the date format for <JAIL>. This will disable the autodetection feature."],
+["set <JAIL> timepattern <PATTERN>", "sets the pattern <PATTERN> to match the date format for <JAIL>. This will disable the autodetection feature."],
+["set <JAIL> failregex <REGEX>", "sets the regular expression <REGEX> which must match failures for <JAIL>"],
+["set <JAIL> ignoreregex <REGEX>", "sets the regular expression <REGEX> which should match pattern to exclude for <JAIL>"],
+["set <JAIL> findtime <TIME>", "sets the number of seconds <TIME> for which the filter will look back for <JAIL>"],
+["set <JAIL> bantime <TIME>", "sets the number of seconds <TIME> a host will be banned for <JAIL>"],
+["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"],
+["set <JAIL> addaction <ACT>", "adds a new action named <NAME> for <JAIL>"],
+["set <JAIL> delaction <ACT>", "removes the action <NAME> from <JAIL>"],
+["set <JAIL> setcinfo <ACT> <KEY> <VALUE>", "sets <VALUE> for <KEY> of the action <NAME> for <JAIL>"],
+["set <JAIL> delcinfo <ACT> <KEY>", "removes <KEY> for the action <NAME> for <JAIL>"],
+["set <JAIL> actionstart <ACT> <CMD>", "sets the start command <CMD> of the action <ACT> for <JAIL>"],
+["set <JAIL> actionstop <ACT> <CMD>", "sets the stop command <CMD> of the action <ACT> for <JAIL>"],
+["set <JAIL> actioncheck <ACT> <CMD>", "sets the check command <CMD> of the action <ACT> for <JAIL>"],
+["set <JAIL> actionban <ACT> <CMD>", "sets the ban command <CMD> of the action <ACT> for <JAIL>"],
+["set <JAIL> actionunban <ACT> <CMD>", "sets the unban command <CMD> of the action <ACT> for <JAIL>"],
+['', ''],
+["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"],
+["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"],
+["get <JAIL> timeregex", "gets the regular expression used for the time detection for <JAIL>"],
+["get <JAIL> timepattern", "gets the pattern used for the time detection for <JAIL>"],
+["get <JAIL> failregex", "gets the regular expression which matches the failures for <JAIL>"],
+["get <JAIL> ignoreregex", "gets the regular expression which matches patterns to ignore for <JAIL>"],
+["get <JAIL> findtime", "gets the time for which the filter will look back for failures for <JAIL>"],
+["get <JAIL> bantime", "gets the time a host is banned for <JAIL>"],
+["get <JAIL> maxretry", "gets the number of failures allowed for <JAIL>"],
+["get <JAIL> addaction", "gets the last action which has been added for <JAIL>"],
+["get <JAIL> actionstart <ACT>", "gets the start command for the action <ACT> for <JAIL>"],
+["get <JAIL> actionstop <ACT>", "gets the stop command for the action <ACT> for <JAIL>"],
+["get <JAIL> actioncheck <ACT>", "gets the check command for the action <ACT> for <JAIL>"],
+["get <JAIL> actionban <ACT>", "gets the ban command for the action <ACT> for <JAIL>"],
+["get <JAIL> actionunban <ACT>", "gets the unban command for the action <ACT> for <JAIL>"],
+['', ''],
+["start <JAIL>", "starts the jail <JAIL>"],
+["stop <JAIL>", "stops the jail <JAIL>. The jail is removed"],
+["status <JAIL>", "gets the current status of <JAIL>"]
+]
+
+##
+# Prints the protocol in a "man" format. This is used for the
+# "-h" output of fail2ban-client.
+
+def printFormatted():
+ INDENT=4
+ MARGIN=41
+ WIDTH=34
+ for m in protocol:
+ if m[0] == '':
+ print
+ first = True
+ for n in textwrap.wrap(m[1], WIDTH):
+ if first:
+ n = ' ' * INDENT + m[0] + ' ' * (MARGIN - len(m[0])) + n
+ first = False
+ else:
+ n = ' ' * (INDENT + MARGIN) + n
+ print n
View
27 common/version.py
@@ -0,0 +1,27 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 480 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 480 $"
+__date__ = "$Date: 2006-12-07 22:47:53 +0100 (Thu, 07 Dec 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+version = "0.7.5"
View
64 config/action.d/hostsdeny.conf
@@ -0,0 +1,64 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 455 $
+#
+
+[Definition]
+
+# Option: fwstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = touch <tmpfile>
+
+# Option: fwend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = rm -f <tmpfile>
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: fwban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = IP=<ip> &&
+ echo "ALL: $IP" >> <file>
+
+# Option: fwunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban = IP=<ip> &&
+ grep -v "ALL: $IP" <file> > <tmpfile> &&
+ mv <tmpfile> <file>
+
+[Init]
+
+# Option: file
+# Notes.: hosts.deny file path.
+# Values: STR Default: /etc/hosts.deny
+#
+file = /etc/hosts.deny
+
+# Option: file
+# Notes.: hosts.deny temporary file path.
+# Values: STR Default: /etc/hostsdeny.failban
+#
+tmpfile = /tmp/hosts.deny.tmp
+
View
65 config/action.d/ipfw.conf
@@ -0,0 +1,65 @@
+# Fail2Ban configuration file
+#
+# Author: Nick Munger
+# Modified by: Cyril Jaquier
+#
+# $Revision: 254 $
+#
+
+[Definition]
+
+# Option: fwstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart =
+
+
+# Option: fwend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop =
+
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Values: CMD
+#
+actioncheck =
+
+
+# Option: fwban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = ipfw add deny tcp from <ip> to <localhost> <port>
+
+
+# Option: fwunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
+
+[Init]
+
+# Option: port
+# Notes.: specifies port to monitor
+# Values: [ NUM | STRING ]
+#
+port = ssh
+
+# Option: localhost
+# Notes.: the local IP address of the network interface
+# Values: IP
+#
+localhost = 127.0.0.1
View
69 config/action.d/iptables.conf
@@ -0,0 +1,69 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 455 $
+#
+
+[Definition]
+
+# Option: fwstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = iptables -N fail2ban-<name>
+ iptables -A fail2ban-<name> -j RETURN
+ iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
+
+# Option: fwend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
+ iptables -F fail2ban-<name>
+ iptables -X fail2ban-<name>
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Values: CMD
+#
+actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
+
+# Option: fwban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+
+# Option: fwunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option: port
+# Notes.: specifies port to monitor
+# Values: [ NUM | STRING ] Default:
+#
+port = ssh
+
+# Option: protocol
+# Notes.: internally used by config reader for interpolations.
+# Values: [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
View
69 config/action.d/mail-whois.conf
@@ -0,0 +1,69 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 254 $
+#
+
+[Definition]
+
+# Option: fwstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = echo -en "Hi,\n
+ The jail <name> has been started successfuly.\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
+
+# Option: fwend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = echo -en "Hi,\n
+ The jail <name> has been stopped.\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: fwban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = echo -en "Hi,\n
+ The IP <ip> has just been banned by Fail2Ban after
+ <failures> attempts against <name>.\n\n
+ Here are more information about <ip>:\n
+ `whois <ip>`\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
+
+# Option: fwunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban =
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
View
67 config/action.d/mail.conf
@@ -0,0 +1,67 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 254 $
+#
+
+[Definition]
+
+# Option: fwstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = echo -en "Hi,\n
+ The jail <name> has been started successfuly.\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
+
+# Option: fwend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = echo -en "Hi,\n
+ The jail <name> has been stopped.\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: fwban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = echo -en "Hi,\n
+ The IP <ip> has just been banned by Fail2Ban after
+ <failures> attempts against <name>.\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
+
+# Option: fwunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban =
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
View
46 config/action.d/shorewall.conf
@@ -0,0 +1,46 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 394 $
+#
+
+[Definition]
+
+# Option: fwstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart =
+
+# Option: fwend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop =
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: fwban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = shorewall reject <ip>
+
+# Option: fwunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban = shorewall allow <ip>
View
32 config/fail2ban.conf
@@ -0,0 +1,32 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 412 $
+#
+
+[Definition]
+
+# Option: loglevel
+# Notes.: Set the log level output.
+# 1 = ERROR
+# 2 = WARN
+# 3 = INFO
+# 4 = DEBUG
+# Values: NUM Default: 3
+#
+loglevel = 3
+
+# Option: logtarget
+# Notes.: Set the log target. This could be a file, SYSLOG, STDERR.
+# Values: STDERR SYSLOG file Default: /var/log/fail2ban.log
+#
+logtarget = /var/log/fail2ban.log
+
+# Option: socket
+# Notes.: Set the socket file. This is used to communication with the
+# daemon.
+# Values: FILE Default: /tmp/fail2ban.sock
+#
+socket = /tmp/fail2ban.sock
+
View
22 config/filter.d/apache-auth.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 471 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failure messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = [[]client <HOST>[]] user .*(?:: authentication failure|not found)
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
22 config/filter.d/apache-noscript.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 394 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failure messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = [[]client <HOST>[]] File does not exist: .*(\.php|\.asp)
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
23 config/filter.d/courierlogin.conf
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file
+#
+# Author: Christoph Haas
+# Modified by: Cyril Jaquier
+#
+# $Revision: 267 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = LOGIN FAILED, ip=\[<HOST>\]$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
22 config/filter.d/couriersmtp.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 267 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = error,relay=<HOST>,.*550 User unknown
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
22 config/filter.d/postfix.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 267 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = reject: RCPT from (.*)\[<HOST>\]: 554
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
22 config/filter.d/proftpd.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: 331 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
22 config/filter.d/qmail.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 267 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )<HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
22 config/filter.d/sasl.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: 331 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = : warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
22 config/filter.d/sshd.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 471 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
22 config/filter.d/vsftpd.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 471 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
View
142 config/jail.conf
@@ -0,0 +1,142 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 470 $
+#
+
+# The DEFAULT allows a global definition of the options. They can be override
+# in each jail afterwards.
+
+[DEFAULT]
+
+# "ignoreip" can be an IP address, a CIDR mask or a DNS host.
+ignoreip = 127.0.0.1
+# "bantime" is the number of seconds that a host is banned.
+bantime = 600
+# A host is banned if it has generated "maxretry" during the
+# last "findtime" seconds.
+findtime = 600
+# "maxretry" is the number of failures before a host get banned.
+maxretry = 3
+
+# "backend" specifies the backend used to get files modification. Available
+# options are "gamin", "polling" and "auto".
+backend = auto
+
+
+# This jail corresponds to the standard configuration in Fail2ban 0.6.
+# The mail-whois action send a notification e-mail with a whois request
+# in the body.
+
+[ssh-iptables]
+
+enabled = false
+filter = sshd
+action = iptables[name=SSH, port=ssh, protocol=tcp]
+ mail-whois[name=SSH, dest=yourmail@mail.com]
+logpath = /var/log/sshd.log
+maxretry = 5
+
+[proftpd-iptables]
+
+enabled = false
+filter = proftpd
+action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
+ mail-whois[name=ProFTPD, dest=yourmail@mail.com]
+logpath = /var/log/proftpd/proftpd.log
+maxretry = 6
+
+# This jail forces the backend to "polling".
+
+[sasl-iptables]
+
+enabled = false
+filter = sasl
+backend = polling
+action = iptables[name=sasl, port=smtp, protocol=tcp]
+ mail-whois[name=sasl, dest=yourmail@mail.com]
+logpath = /var/log/mail.log
+
+# This one behaves like the previous and sends a report when the jail
+# is stopped.
+
+[ssh-iptables-report]
+
+enabled = false
+filter = sshd
+action = iptables[name=SSH, port=ssh, protocol=tcp]
+ mail-whois[name=SSH, dest=yourmail@mail.com]
+ mail-report[dest=yourmail@mail.com]
+logpath = /var/log/sshd.log
+maxretry = 5
+
+# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
+# used to avoid banning the user "myuser".
+
+[ssh-tcpwrapper]
+
+enabled = false
+filter = sshd
+action = hostsdeny
+ mail-whois[name=SSH, dest=yourmail@mail.com]
+ignoreregex = for myuser from
+logpath = /var/log/sshd.log
+
+# This jail demonstrates the use of wildcards in "logpath".
+# Moreover, it is possible to give other files on a new line.
+
+[apache-tcpwrapper]
+
+enabled = false
+filter = apache-auth
+action = hostsdeny
+logpath = /var/log/apache*/*access.log
+ /home/www/myhomepage/access.log
+maxretry = 6
+
+# The hosts.deny path can be defined with the "file" argument if it is
+# not in /etc.
+
+[postfix-tcpwrapper]
+
+enabled = false
+filter = postfix
+action = hostsdeny[file=/not/a/standard/path/hosts.deny]
+ mail[name=Postfix, dest=yourmail@mail.com]
+logpath = /var/log/postfix.log
+bantime = 300
+
+# Do not ban anybody. Just report information about the remote host.
+# A notification is sent at most every 600 seconds (bantime).
+
+[vsftpd-notification]
+
+enabled = false
+filter = vsftpd
+action = mail-whois[name=VSFTPD, dest=yourmail@mail.com]
+logpath = /var/log/vsftpd.log
+maxretry = 5
+bantime = 1800
+
+# Use shorewall instead of iptables.
+
+[apache-shorewall]
+
+enabled = false
+filter = apache-noscript
+action = shorewall
+ mail[name=Postfix, dest=yourmail@mail.com]
+logpath = /var/log/apache2/error_log
+
+# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
+# option is overridden in this jail.
+
+[ssh-ipfw]
+
+enabled = false
+filter = sshd
+action = ipfw[localhost=192.168.0.1]
+ mail-whois[name=SSH, dest=yourmail@mail.com]
+logpath = /var/log/auth.log
+ignoreip = 168.192.0.1
View
336 fail2ban-client
@@ -0,0 +1,336 @@
+#!/usr/bin/env python
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+#
+# $Revision: 477 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 477 $"
+__date__ = "$Date: 2006-12-03 23:01:18 +0100 (Sun, 03 Dec 2006) $"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import sys, string, os, pickle, re, logging
+import getopt, time, readline, shlex, socket
+
+# Inserts our own modules path first in the list
+# fix for bug #343821
+sys.path.insert(1, "/usr/lib/fail2ban")
+
+# Now we can import our modules
+from common.version import version
+from common.protocol import printFormatted
+from client.csocket import CSocket
+from client.configurator import Configurator
+from client.beautifier import Beautifier
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.client")
+
+##
+#
+# @todo This class needs cleanup.
+
+class Fail2banClient:
+
+ prompt = "fail2ban> "
+
+ def __init__(self):
+ self.__argv = None
+ self.__stream = None
+ self.__configurator = Configurator()
+ self.__conf = dict()
+ self.__conf["conf"] = "/etc/fail2ban"
+ self.__conf["dump"] = False
+ self.__conf["force"] = False
+ self.__conf["verbose"] = 1
+ self.__conf["interactive"] = False
+ self.__conf["socket"] = None
+
+ def dispVersion(self):
+ print "Fail2Ban v" + version
+ print
+ print "Copyright (c) 2004-2006 Cyril Jaquier"
+ print "Copyright of modifications held by their respective authors."