o ;s*b1-@sxdZdZdZddlZddlZddlZddlZddlmZddl m Z m Z m Z m Z dd lm Z e eZGd d d eZdS) z.Cyril Jaquier, Lee Clemens, Yaroslav HalchenkozPCopyright (c) 2004 Cyril Jaquier, 2011-2012 Lee Clemens, 2012 Yaroslav HalchenkoGPLN)Actions) getLogger_as_boolextractOptionsMyTime)r c@seZdZdZgdZd7ddZddZd d Zd d Zd dZ ddZ ddZ e ddZ e ddZejddZe ddZe ddZe ddZejddZd8d d!Ze d"d#Zd$d%Zd&d'Zd(d)Zd9d*d+Zd,d-Zd:d/d0Zd1d2Zd;d3d4Zd5d6ZdS)<JailagFail2Ban jail, which manages a filter and associated actions. The class handles the initialisation of a filter, and actions. It's role is then to act as an interface between the filter and actions, passing bans detected by the filter, for the actions to then act upon. Parameters ---------- name : str Name assigned to the jail. backend : str Backend to be used for filter. "auto" will attempt to pick the most preferred backend method. Default: "auto" db : Fail2BanDb Fail2Ban persistent database instance. Default: `None` Attributes ---------- name database filter actions idle status ) pyinotifygaminpollingsystemdautoNcCsh||_t|dkrtd|||_t|_d|_i|_ t d|j |dur/| |||_ dS)Nz]Jail name %r might be too long and some commands might not function correctly. Please shortenzCreating new jail '%s') _Jail__dblenlogSyswarning _Jail__namequeueQueue _Jail__queue _Jail__filter _banExtrainfoname _setBackendbackend)selfrrdbr!6/usr/lib/python3/dist-packages/fail2ban/server/jail.py__init__Gs    z Jail.__init__cCsd|jj|jfS)Nz%s(%r)) __class____name__rrr!r!r"__repr__Xsz Jail.__repr__c Cs4t|\}}|}|j}|dkr0||jvr'td||ftd||f|||d}|D]X}t|d|}z)|di||dkrW||krWt d||fnt d|t ||_ WdSt y}zt|dkrwtjntjd||fWYd}~q2d}~wwtd|jtd|j) Nrz.Unknown backend %s. Must be among %s or 'auto'z_init%sz9Could only initiated %r backend whenever %r was requestedzInitiated %r backendz)Backend %r failed to initialize due to %sz,Failed to initialize any backend for Jail %rr!)rlower _BACKENDSrerror ValueErrorindexgetattr capitalizerrr_Jail__actions ImportErrorlogloggingDEBUGERRORr RuntimeError)rrbeArgsbackendsb initmethoder!r!r"r[sH    zJail._setBackendcK6ddlm}td|j|f||fi||_dS)Nr) FilterPollzJail '%s' uses poller %r) filterpollr<rrrr)rkwargsr<r!r!r" _initPollings zJail._initPollingcKr;)Nr) FilterGaminzJail '%s' uses Gamin %r) filtergaminr@rrrr)rr>r@r!r!r" _initGamin zJail._initGamincKr;)Nr)FilterPyinotifyzJail '%s' uses pyinotify %r)filterpyinotifyrDrrrr)rr>rDr!r!r"_initPyinotifyrCzJail._initPyinotifycKr;)Nr) FilterSystemdzJail '%s' uses systemd %r) filtersystemdrGrrrr)rr>rGr!r!r" _initSystemdrCzJail._initSystemdcC|jS)zName of jail. )rr&r!r!r"rz Jail.namecCrJ)z;The database used to store persistent data for the jail. rr&r!r!r"databaserKz Jail.databasecCs ||_dSNrLrvaluer!r!r"rMs cCrJ)z;The filter which the jail is using to monitor log files. )rr&r!r!r"filterrKz Jail.filtercCrJ)z2Actions object used to manage actions for jail. )r/r&r!r!r"actionsrKz Jail.actionscCs|jjp|jjS)z-A boolean indicating whether jail is idle. rQidlerRr&r!r!r"rTsz Jail.idlecCs||j_||j_dSrNrSrOr!r!r"rTs basiccCs$d|jj|dfd|jj|dfgS)zThe status of the jail. Filter)flavorr)rQstatusrR)rrWr!r!r"rXsz Jail.statuscCs |j S)z-Retrieve whether queue has tickets to ban. )remptyr&r!r!r"hasFailTicketss zJail.hasFailTicketscCs|j|dS)zQAdd a fail ticket to the jail. Used by filter to add a failure for banning. N)rputrticketr!r!r" putFailTicketszJail.putFailTicketcCs*z |jd}|WStjyYdSw)zTGet a fail ticket from the jail. Used by actions to get a failure for banning. F)rgetrEmptyr\r!r!r" getFailTickets  zJail.getFailTicketcs|j}|dkr d}|dur|||<n||vr||=td|||dkr9t|||<||r9|jdur9td|dvrH|durHt|||<|dvsT|dddur|dkrnd d |durh|dkrh| d ngD|d <|d gt |d d}t r|ffdd }n|dd}t |dd}||fdd}|dddur|d|ffdd }|dddur|d|ffdd }||d<dSdS)NzSet banTime.%s = %s incrementzDban time increment is not available as long jail database is not set)maxtimerndtime)formulafactorrdre multipliers evformularhcSsg|]}t|qSr!)int).0ir!r!r" z(Jail.setBanTimeExtra.. evmultipliersrg1cs*|j||jtkr|jSdS)N)TimeCountr)ban banFactor)rhr!r"s*z&Jail.setBanTimeExtra..rfz?ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactorz~inline-conf-expr~evalcSst|jt|SrN)maxrsrx)rurvrfr!r!r"rwsrdcst||SrN)minruri)rdr!r"rwsrecs||tSrN)randomr{)rer!r"rw rn) rrrrr_rMrr str2secondssplitrxrcompile)roptrPbervrirfr!)rdrhrer"setBanTimeExtrasB   ,    zJail.setBanTimeExtracCs|dur |j|dS|jSrN)rr_)rrr!r!r"getBanTimeExtraszJail.getBanTimeExtracCs$|jdr |jddS|jS)z)Returns max possible ban-time of jail. rcrdrr)rr_rR getBanTimer&r!r!r" getMaxBanTimes zJail.getMaxBanTimeTc CsPz|jdur|jdrd}|r|}n|j}|jj||||jjj dD]]}z9|jj | ddr6Wq'd|_ ||}t |}|dkrR|dkrR||8}|dkr\|dkr\Wq'||Wq'ty}ztjd|ttjkd WYd}~q'd}~wwWdSWdSty}ztjd |ttjkd WYd}~dSd}~ww) z5Restore any previous valid bans from the database. Nrc)jail forbantimecorrectBanTime maxmatchesT) log_ignorerrrzRestore ticket failed: %sexc_infozRestore bans failed: %s)rMrr_rrRrgetCurrentBansrQ failManager maxMatchesinIgnoreIPListgetIPrestoredr timegetTimer^ Exceptionrr*getEffectiveLevelr2r3)rrrr]btmdiftmr:r!r!r"restoreCurrentBanssF         zJail.restoreCurrentBanscCs<td|j|j|j|td|jdS)zStart the jail, by starting filter and actions threads. Once stated, also queries the persistent database to reinstate any valid bans. zStarting jail %rzJail %r startedN)rdebugrrQstartrRrrr&r!r!r"r=s   z Jail.startc Cs|r td|j|j|jfD]2}z|r||r|WqtyA}ztjd||j|t t j kdWYd}~qd}~ww|rMt d|jdSdS)z9Stop the jail, by stopping filter and actions threads. zStopping jail %rzStop %r of jail %r failed: %srNzJail %r stopped) rrrrQrRstopjoinrr*rr2r3r)rrrobjr:r!r!r"rIs$ z Jail.stopcCs|jp |jS)z?Check jail "isAlive" by checking filter and actions threads. )rQisAliverRr&r!r!r"r\sz Jail.isAlive)rN)rUrN)T)TT)r% __module__ __qualname____doc__r)r#r'rr?rBrFrIpropertyrrMsetterrQrRrTrXrZr^rarrrrrrrr!r!r!r"r 'sH &           - $ r ) __author__ __copyright__ __license__r2mathr|rrRrhelpersrrrr mytimer%robjectr r!r!r!r"s