ENH: check time before fail regexs (needs test cases rewrite)

fail2ban · Nov 26, 2013 · 40b7010 · 40b7010
1 parent d46c0ba
commit 40b7010
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 9 deletions.
diff --git a/fail2ban-regex b/fail2ban-regex
@@ -240,7 +240,7 @@ class Fail2banRegex(object):
 
 	def testRegex(self, line):
 		try:
-			line, ret = self._filter.processLine(line, checkAllRegex=True)
+			line, ret = self._filter.processLine(line, checkAllRegex=True, excludeOld=True )
 			for match in ret:
 				# Append True/False flag depending if line was matched by
 				# more than one regex

diff --git a/server/filter.py b/server/filter.py
@@ -284,7 +284,7 @@ def inIgnoreIPList(self, ip):
 		return False
 
 
-	def processLine(self, line, returnRawHost=False, checkAllRegex=False):
+	def processLine(self, line, returnRawHost=False, checkAllRegex=False, excludeOld=True):
 		"""Split the time portion from log msg and return findFailures on them
 		"""
 		try:
@@ -294,19 +294,27 @@ def processLine(self, line, returnRawHost=False, checkAllRegex=False):
 			l = line
 		l = l.rstrip('\r\n')
 
+		date = None
 		logSys.log(7, "Working on line %r", l)
 		timeMatch = self.dateDetector.matchTime(l)
 		if timeMatch:
 			# Lets split into time part and log part of the line
 			timeLine = timeMatch.group()
+			date = self.dateDetector.getUnixTime(timeLine)
+
 			# Lets leave the beginning in as well, so if there is no
 			# anchore at the beginning of the time regexp, we don't
 			# at least allow injection. Should be harmless otherwise
 			logLine  = l[:timeMatch.start()] + l[timeMatch.end():]
+
+			if excludeOld and date < MyTime.time() - self.getFindTime():
+				logSys.debug("Ignore line since time %s < %s - %s"
+							 % (date, MyTime.time(), self.getFindTime()))
+				return logLine, []
 		else:
 			timeLine = l
 			logLine = l
-		return logLine, self.findFailure(timeLine, logLine, returnRawHost, checkAllRegex)
+		return logLine, self.findFailure(timeLine, date, logLine, returnRawHost, checkAllRegex)
 
 	def processLineAndAdd(self, line):
 		"""Processes the line for failures and populates failManager
@@ -317,10 +325,6 @@ def processLineAndAdd(self, line):
 			unixTime = element[2]
 			logSys.debug("Processing line with time:%s and ip:%s"
 						 % (unixTime, ip))
-			if unixTime < MyTime.time() - self.getFindTime():
-				logSys.debug("Ignore line since time %s < %s - %s"
-							 % (unixTime, MyTime.time(), self.getFindTime()))
-				break
 			if self.inIgnoreIPList(ip):
 				logSys.debug("Ignore %s" % ip)
 				continue
@@ -349,7 +353,7 @@ def ignoreLine(self, line):
 	# to find the logging time.
 	# @return a dict with IP and timestamp.
 
-	def findFailure(self, timeLine, logLine,
+	def findFailure(self, timeLine, date, logLine,
 			returnRawHost=False, checkAllRegex=False):
 		logSys.log(5, "Date: %r, message: %r", timeLine, logLine)
 		failList = list()
@@ -358,7 +362,6 @@ def findFailure(self, timeLine, logLine,
 			# The ignoreregex matched. Return.
 			logSys.log(7, "Matched ignoreregex and was ignored")
 			return failList
-		date = self.dateDetector.getUnixTime(timeLine)
 		# Iterates over all the regular expressions.
 		for failRegexIndex, failRegex in enumerate(self.__failRegex):
 			failRegex.search(logLine)