o ;s*bq@sRdZdZdZddlZddlmZmZddlZddlZddlZddl Z ddl Z ddl m Z m Z ddlmZdd lmZmZdd lmZdd lmZmZd d lmZd dlmZmZmZmZmZm Z m!Z!ee"Z#dZ$dZ%dZ&zddl'm(Z(Wn e)ydZ(YnwddZ*ze+Wn e,ye-Z+YnwddZ.GdddZ/Gddde0Z1dS)z Cyril Jaquierz Copyright (c) 2004 Cyril JaquierGPLN)LockRLock) ObserversObserverThread)Jails) FileFilter JournalFilter) Transmitter) AsyncServerAsyncServerException)version) getLogger_as_boolextractOptions str2LogLevelgetVerbosityFormat excepthookprctl_set_th_nameautoINFOSTDOUT) Fail2BanDbcCs tjjSN) threadingcurrent_thread __class____name__r r 8/usr/lib/python3/dist-packages/fail2ban/server/server.py _thread_name: r"c Csdtj|}tj|r0zt|WdSttfy/}z |jdkr$WYd}~dSd}~wwdS)z0Creates path of file (last level only) on demandN)ospathdirnameisabsmkdirOSErrorFileExistsErrorerrno)nameer r r!_make_file_pathBs   r/c@seZdZdddZddZddZdd Zdd ifd d Zd dZddZ dddZ ddZ ddZ ddZ ddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zdd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Zd7d8Zd9d:Zd;d<Zd=d>Z d?d@Z!dAdBZ"dCdDZ#dEdFZ$dGdHZ%dIdJZ&dKdLZ'dMdNZ(dOdPZ)ddQdRZ*ddTdUZ+dVdWZ,ddXdYZ-dZd[Z.d\d]Z/d^d_Z0d`daZ1dbdcZ2dddeZ3dfdgZ4dhdiZ5djdkZ6dldmZ7dndoZ8dpdqZ9drdsZ:dtduZ;dvdwZdd|d}Z?dd~dZ@ddZAdddZBddZCddZDddZEdddZFddZGdddZHddZIddZJddZKddZLddZMddZNddZOddZPddZQddZRddZSddZTdSS)ServerFcCsjt|_t|_t|_d|_||_t||_ i|_ d|_ d|_ d|_ d|_d|_dddd|_i|_dS)Nz/var/run/syslogz /var/run/logz/dev/log)DarwinFreeBSDLinux)r_Server__loggingLockr _Server__lockr_Server__jails _Server__db_Server__daemonr _Server__transm_Server__reload_state_Server__asyncServer_Server__logLevel_Server__logTarget_Server__verbose_Server__syslogSocket_Server__autoSyslogSocketPaths_Server__prev_signals)selfdaemonr r r!__init__Qs"  zServer.__init__cCtd||dS)NzCaught signal %d. Exiting)logSysdebugquit)rBsignumframer r r!__sigTERMhandlerf  zServer.__sigTERMhandlercCrE)NzCaught signal %d. Flushing logs)rFrG flushLogs)rBrIfnamer r r!__sigUSR1handlerjrLzServer.__sigUSR1handlercCs t||j|<t||dS)z>Bind new signal handler while storing old one in _prev_signalsN)signal getsignalrA)rBsnewr r r! _rebindSignalnszServer._rebindSignalTc Cstd|jr,td|}|durdS|ds,d|ddf}t|t|t| dd| d d|_ | | d |j durH|j nt || d |jdurY|jnt|| d |jdurj|jnttd tdtj|jrtdtdkrtjtjfD] }|||jq|tj|jtt_ztd|t |t!|d} | "dt#| $Wnt%t&fy} z td| WYd} ~ nd} ~ ww|rt'j(durt)t'_(t'j(*tdzt |t+|j,|_-| d|j-_.|j-*||Wnt/y#} z td| WYd} ~ nd} ~ ww|0ztd|t1|WdSt%t&fyR} z td| WYd} ~ dSd} ~ ww)N?zStarting in daemon modeFrzCould not create daemon %srpnamezfail2ban-serververbose syslogsocketloglevel logtargetz2--------------------------------------------------zStarting Fail2ban v%szDaemon started _MainThreadzCreating PID file %swz%s zUnable to create PID file: %szStarting communicationonstartzCould not start server: %szRemove PID file %szUnable to remove PID file: %s)2r%umaskr8rFinfo_Server__createDaemonerrorServerInitializationErrorrgetr>setSyslogSocketr?DEF_SYSLOGSOCKET setLogLevelr< DEF_LOGLEVEL setLogTargetr= DEF_LOGTARGETrr"rPSIGTERMSIGINTrT_Server__sigTERMhandlerSIGUSR1_Server__sigUSR1handlerrsysrGr/openwritegetpidcloser*IOErrorrMainrstartr r9r;r]r rHremove) rBsockpidfileforceobserverconfreterrrRpidFiler.r r r!rvss|                 z Server.startcCsdd|_td|jdur|jtdkr)|jD] \}}t||qt j }|dur;|j ddr8d}dt _ | |durG| |j rR|j d|_ |jdur_|j d|_tddS)NcSsdS)NFr r r r r!szServer.quit..zShutdown in progress...r[F) forceQuitzExiting Fail2ban)rHrFr_r;stop_communicationr"rAitemsrPrrustop stopAllJailr7rs)rBrRshobsMainr r r!rHs,         z Server.quitcCsd}|j|r:|j|r:|j|}|j|kr&d}td|d|j|<ntd||j||j|dd|j|=|rE|j|||j |j durU|j |j|dSdS)NTFzReload jail %rz"Restart jail %r (reason: %r != %r)r) r:rcr6existsbackendrFr_delJailaddr7addJail)rBr-raddflgjailr r r!rs     zServer.addJailcCsN|j|}|s |r|j||d|r%|jdur|j||j|=dSdS)Nrjoin)r6isAliverr7r)rBr-rrrr r r!rs     zServer.delJailcCs|j4|j|}|s|n||jvr!td||j|=|jr/d|_WddSWddS1s:wYdS)NzJail %r reloadedF)r5r6rrvr:rFr_idle)rBr-rr r r! startJails    "zServer.startJailcCs:|j|j|ddWddS1swYdS)NTr)r5rrBr-r r r!stopJails"zServer.stopJailcCs~td|j-t|jD] }|j|dddqt|jD] }|j|dddq"WddS1s8wYdS)NzStopping all jailsTFr)rFr_r5listr6keysrrr r r!rs "zServer.stopAllJailcCs|r|jr|dks|j|rtdtd|dkrd|nd|jk|dkrPd}d|vs6|j|r;|j|}|rOd|vrF||d|vrO| |nd|vrX|d|vr`| |j D]"\}}|dksq||krd |_ ||j|<|j jd d |jjd d qeWddS1swYdS|j7g}|j D]\}}||jvr||q|j jd d |jjd d q|D]}||qWdn1swYi|_td dS) Nz--allzReload already in progresszReload zjail %sz all jailsz --if-existsz--unbanz --restartT)beginFzReload finished.)r:rc ValueErrorrFr_r5r6r setUnbanIPrrrrfilterreloadactionsappendr)rBr-optsrrjndeljailsr r r! reloadJails(sR    "    zServer.reloadJailscCs||j|_dS)NTr6rrBr-valuer r r! setIdleJail]s zServer.setIdleJailcC |j|jSrrrr r r! getIdleJailar#zServer.getIdleJailcCst||j|j_dSr)rr6r ignoreSelfrr r r! setIgnoreSelfezServer.setIgnoreSelfcC|j|jjSr)r6rrrr r r! getIgnoreSelfhzServer.getIgnoreSelfcC|j|j|dSr)r6r addIgnoreIPrBr-ipr r r!rkrzServer.addIgnoreIPcCrr)r6r delIgnoreIPrr r r!rnrzServer.delIgnoreIPcC|j|jSr)r6r getIgnoreIPrr r r!rqzServer.getIgnoreIPcCs*|j|j}t|tr|||dSdSr)r6r isinstancer addLogPath)rBr-fileNametailfilter_r r r!rts  zServer.addLogPathcC(|j|j}t|tr||dSdSr)r6rrr delLogPath)rBr-rrr r r!ry  zServer.delLogPathcC0|j|j}t|tr|Std|gS)Nz$Jail %s is not a FileFilter instance)r6rrr getLogPathsrFr_rBr-rr r r! getLogPath~  zServer.getLogPathcCrr)r6rrr addJournalMatchrBr-matchrr r r!rrzServer.addJournalMatchcCrr)r6rrr delJournalMatchrr r r!rrzServer.delJournalMatchcCr)Nz'Jail %s is not a JournalFilter instance)r6rrr getJournalMatchrFr_rr r r!rrzServer.getJournalMatchcCs|j|j}||dSr)r6rsetLogEncoding)rBr-encodingrr r r!rs zServer.setLogEncodingcCs|j|j}|Sr)r6rgetLogEncodingrr r r!rs zServer.getLogEncodingcCrr)r6r setFindTimerr r r!rrzServer.setFindTimecCrr)r6r getFindTimerr r r!rrzServer.getFindTimecCrr)r6rsetDatePattern)rBr-patternr r r!rrzServer.setDatePatterncCrr)r6rgetDatePatternrr r r!rrzServer.getDatePatterncCrr)r6rsetLogTimeZone)rBr-tzr r r!rrzServer.setLogTimeZonecCrr)r6rgetLogTimeZonerr r r!rrzServer.getLogTimeZonecCs||j|j_dSrr6r ignoreCommandrr r r!setIgnoreCommandzServer.setIgnoreCommandcCrrrrr r r!getIgnoreCommandrzServer.getIgnoreCommandcCs&td|d\}}||j|j_dS)Nzcache[])rr6r ignoreCache)rBr-roptionsr r r!setIgnoreCacheszServer.setIgnoreCachecCrr)r6rrrr r r!getIgnoreCacherzServer.getIgnoreCachecCs"|j|j}td|||_dS)Nz prefregex: %r)r6rrFrG prefRegex)rBr-rfltr r r! setPrefRegexs   zServer.setPrefRegexcCrr)r6rrrr r r! getPrefRegexrzServer.getPrefRegexcC:|j|j}|s |f}|D] }td|||q dS)Nz failregex: %r)r6rrFrG addFailRegexrBr-rmultiplerr r r!r    zServer.addFailRegexNcCrr)r6r delFailRegexrBr-indexr r r!rrzServer.delFailRegexcCrr)r6r getFailRegexrr r r!rrzServer.getFailRegexcCr)Nz ignoreregex: %r)r6rrFrGaddIgnoreRegexrr r r!rrzServer.addIgnoreRegexcCrr)r6rdelIgnoreRegexrr r r!rrzServer.delIgnoreRegexcCrr)r6rgetIgnoreRegexrr r r!rrzServer.getIgnoreRegexcCrr)r6r setUseDnsrr r r!rrzServer.setUseDnscCrr)r6r getUseDnsrr r r!rrzServer.getUseDnscCs||j|jj_dSrr6r failManager maxMatchesrr r r! setMaxMatcheszServer.setMaxMatchescCs|j|jjjSrrrr r r! getMaxMatchesrzServer.getMaxMatchescCrr)r6r setMaxRetryrr r r!rrzServer.setMaxRetrycCrr)r6r getMaxRetryrr r r!rrzServer.getMaxRetrycCrr)r6r setMaxLinesrr r r!rrzServer.setMaxLinescCrr)r6r getMaxLinesrr r r!rrzServer.getMaxLinescGs*|j|jj|g|Rd||jvidS)Nr)r6rrr:)rBr-rargsr r r! addActions zServer.addActioncCrrr6rrr r r! getActionsr#zServer.getActionscCs|j|j|=dSrrrr r r! delActionrzServer.delActioncCs|j|j|Srrrr r r! getActionrzServer.getActioncCrr)r6r setBanTimerr r r!rrzServer.setBanTimecGs|j|jj|Sr)r6r addAttempt)rBr-rr r r! addAttemptIP rzServer.addAttemptIPcC|j|j|Sr)r6r addBannedIPrr r r!setBanIPrzServer.setBanIPcCsV|dur |j|g}nt|j}d}||duO}|D] }||jj||d7}q|S)Nr)ifexists)r6rvaluesrremoveBannedIP)rBr-rrjailscntrr r r!rs zServer.setUnbanIPcCs|dur |j|g}nt|j}g}|dur:|r:|D]}g}|D]}|j|gr1||jq"||q|S|D]}|j|}|durL|S||j|iq<|Sr)r6rrr getBannedrr-)rBr-idsr resrr}rr r r!banneds&     z Server.bannedcCrr)r6r getBanTimerr r r!r9rzServer.getBanTimecCr)zReturns the list of banned IP addresses for a jail. Parameters ---------- name : str The name of a jail. Returns ------- list The list of banned IP addresses. )r6r getBanList)rBr-withTimer r r!r<s zServer.getBanListcCs|j|||dSr)r6setBanTimeExtra)rBr-optrr r r!rKrzServer.setBanTimeExtracCs|j||Sr)r6getBanTimeExtra)rBr-rr r r!rNrzServer.getBanTimeExtracCs|jduo |jSr)r;isActiverBr r r! isStartedQrzServer.isStartedcCs@|dur t|j|kr dSt|jD] }|sdSqdS)Nrr)lenr6rrr)rBjailnumrr r r!rTszServer.isAlivecCsZz&|jt|j}|d|}dt|jfd|fg}|W|jS|jw)Nz, zNumber of jailz Jail list)r5acquirerr6sortrrrelease)rBr jailListr}r r r!status]s    z Server.statusbasiccCs|j|j|dS)N)flavor)r6r)rBr-r!r r r! statusJailirzServer.statusJailcCs|}|j0|j|kr WddSt|}tdtdks'|tjkr)|nt ||_WddS1s:wYdS)Nfail2ban INHERITED) upperr4r<rrsetLevelriloggingDEBUGrg)rBrllr r r!rfys "zServer.setLogLevelcC0|j |jWdS1swYdSr)r4r<rr r r! getLogLevel$zServer.getLogLevelc Cst|\}}|}|j|j|kr WddS|dkr-||_ WddS|d}|dkr|dd}|durDd}z ttjjd|}Wnt yft d |dtjjj }Ynw|j d kryd dl}|j||_ |j durtj|j rtt|j jrtjj|j |d }nTt d |j  WddS|dvrttj}n8|dkrttj}n-zt|dtj|}Wntyt d|t d|jYWddSwt d}|jdddD]2} |!| z | "| Wqt#t$fy+dtj%kr!dks(ndtj%kr)Yqw|&tj'krD|j(durDtj'|&d|_(|d} | durSt)| } n|dv} |durat)|}nd}|dddkrr|d} nd } |j(dur|j(dkr|j(d} t*| | |d} |+t,| |-||jdurt d t.j.t d!|dkr|nd"||j ft.j.f||_ WddS1swYdS)#NTr$paddingSYSLOGfacilityDAEMON0LOG_z)Unable to set facility %r, using 'DAEMON'rr)r/z9Syslog socket file: %s does not exists or is not a socketF)rSYSOUTSTDERRazUnable to log to %rzLogging to previous target %rr#)r)r8)r8rrdatetime)r.r3formatr)addtimer-zStart Fail2ban v%sz-Changed logging target to %s for Fail2ban v%sz%s (%s))/rr%r4r=rcgetattrr'handlers SysLogHandlerAttributeErrorrFra LOG_DAEMONr?platformr@systemr%r&rstatS_ISSOCKst_mode StreamHandlerrostdoutstderrrprsRotatingFileHandlerrtr_r removeHandlerflushrKeyError version_infogetEffectiveLevelr(r>rr setFormatter Formatter addHandlerr) rBtarget logOptions systargetr-r/rBhdlrloggerhandlerr<fmtrWr r r!rhs         "  +              &zServer.setLogTargetcCs^|j|j|kr WddS||_Wdn1swY|jdkp.||jS)NTr.)r4r?r=rh)rBrXr r r!rds   zServer.setSyslogSocketcCr*r)r4r=rr r r! getLogTargetr,zServer.getLogTargetcCr*r)r4r?rr r r!getSyslogSocketr,zServer.getSyslogSocketc Cs|jdvr2tdjD]%}z|td|jWq ty/|td|jYq wdStdjD]}|td|jq7dS)N)r4rr.r#zrollover performed on %szflush performed on %sz rolled overflushed)r=rr> doRolloverrFr_r@rL)rBrXr r r!rMs  zServer.flushLogscCs<|D]\}}|dkrtt|dqtd|dS)N stacksizezunknown option %r)rr stack_sizeintrM)rBrovr r r!setThreadOptions&s  zServer.setThreadOptionscCsdtdiS)Nr^r_)rr`rr r r!getThreadOptions-rzServer.getThreadOptionscCs|jr |jj|kr dS|js|dkrdSt|jdkr!td|dkr+d|_ntdur>t|t||_|jnt dt j durQt j |jdSdS)Nnonerz3Cannot change database when there are jails presentzEUnable to import fail2ban database module as sqlite is not available.)r7filenamelowerrr6 RuntimeErrorrr/ delAllJailsrFrarrudb_set)rBrgr r r! setDatabase0s(    zServer.setDatabasecCs|jSr)r7rr r r! getDatabaseGszServer.getDatabasec Cs|tjtjzt}Wnty(}zd|j|jffWYd}~Sd}~ww|dkrbt zt}WntyQ}zd|j|jffWYd}~Sd}~ww|dkr\t dnt dndSzt d}Wn t tfyxd}Ynwtjdddkrtd tj}td|D]}ztj||st|WqtyYqwt|ntd|td tjtd tjtd tjd S) z Detach a process from the controlling terminal and run it in the background as a daemon. http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/278731 FNr/ SC_OPEN_MAXr8)r8rz /dev/urandomz /dev/null)T)rTrPSIGHUPSIG_IGNr%forkr*r,strerrorsetsidchdir_exitsysconfr@rrorNrpO_RDONLYranger& sameopenfilers closerangeO_RDWR)rBpidr.maxfd urandom_fdfdr r r!__createDaemonJsP          zServer.__createDaemon)F)TTr)NNT)NN)r )Ur __module__ __qualname__rDrlrnrTrvrHrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr"rfr+rhrdrZr[rMrdrerlrmr`r r r r!r0Os P/    5          q  r0c@s eZdZdS)rbN)rrrr r r r!rbsrb)2 __author__ __copyright__ __license__rrrr'r%rPrDror{rrr rrr r transmitterr asyncserverr r r;rhelpersrrrrrrrrrFrergridatabaser ImportErrorr"r+ NameErrorr*r/r0 Exceptionrbr r r r!sR   $   W