ó Üœ^c@s;dZdZdZddlZddlZddlZddlZddlmZyddlm Z Wne k re Z nXddl m Z mZdd lmZdd lmZdd lmZmZmZdd lmZdd lmZddlmZddlmZeeƒZ deefd„ƒYZ!dS(s Cyril Jaquiers Copyright (c) 2004 Cyril JaquiertGPLiÿÿÿÿN(tMapping(t OrderedDicti(t BanManagert BanTicket(tIPAddr(t JailThread(t ActionBaset CommandActiont CallingMap(tMyTime(t Observers(tUtilsi(t getLoggertActionscBsPeZdZd„Zed„ƒZdded„Ze d„Z d„Z d„Z d„Z d„Zd „Zd „Zd „Zd „Zed „Zd„Zde ed„Zdd„Zd„Zdefd„ƒYZd„Zdd„Zdd„Zde d„Zd„Zdd„Zeded„Z de d„Z!dd„Z"RS( sŠHandles jail actions. This class handles the actions of the jail. Creation, deletion or to actions must be done through this class. This class is based on the Mapping type, and the `add` method must be used to add new actions. This class also starts and stops the actions, and fetches bans from the jail executing these bans via the actions. Parameters ---------- jail: Jail The jail of which the actions belongs to. Attributes ---------- daemon ident name status active : bool Control the state of the thread. idle : bool Control the idle state of the thread. sleeptime : int The time the thread sleeps for in the loop. cCsjtj|dd|jƒ||_tƒ|_tƒ|_d|_d|_ d|_ |j d|_ dS(Ntnamesf2b/a.ii i( Rt__init__Rt_jailRt_actionsRt_Actions__banManagertbanEpocht _Actions__lastConsistencyCheckTMt banPrecedencet unbanMaxCount(tselftjail((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRNs      cCsftj|ƒ}t|dƒs1td|ƒ‚n1t|jtƒsbtd||jjfƒ‚n|S(NtActions&%s module does not have 'Action' classs0%s module %s does not implement required methods(R tload_python_modulethasattrt RuntimeErrort issubclassRRt__name__(t pythonModuletmod((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt_load_python_module\scCsÍ||jkrt|s(td|ƒ‚n|j|}t|dƒrtt|dƒrm|jƒ||j|\}}|ˆjkr4ˆj|j|rh|niq4q4Wt‡fd†ˆjjƒDƒƒ}t|ƒrÖˆjdt d|dt ƒˆj d|ƒnt ˆdƒndS(s@ Begin or end of reloading resp. refreshing of all parameters R&c3s0|]&\}}|ˆjkr||fVqdS(N(R&(t.0RR)(R(s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pys £s tdbtactionststopN( tdictR&Rt iteritemsRR#Rtlent_Actions__flushBantFalsetTruet stopActionstdelattr(RtbeginRR(tdelacts((Rs;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR#—s'% cCs7y|j|SWn!tk r2td|ƒ‚nXdS(NsInvalid Action name: %s(RtKeyError(RR((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt __getitem__¬s cCs6y|j|=Wn!tk r1td|ƒ‚nXdS(NsInvalid Action name: %s(RR:(RR((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt __delitem__²s cCs t|jƒS(N(titerR(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__iter__¸scCs t|jƒS(N(R2R(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__len__»scCstS(N(R4(Rtother((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__eq__¾scCs t|ƒS(N(tid(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__hash__ÁscCs4tj|ƒ}|jj|ƒtjd|ƒdS(Ns banTime: %s(R t str2secondsRt setBanTimetlogSystinfo(Rtvalue((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyREÉscCs |jjƒS(N(Rt getBanTime(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRIÓscCs|jjdtd|ƒS(skReturns the list of banned IP addresses. Returns ------- list The list of banned IP addresses. torderedtwithTime(Rt getBanListR5(RRK((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRLÖscsStjƒ‰t|tƒr4‡fd†|Dƒ}nt|ˆƒf}|j|ƒS(sBan an IP or list of IPs.c3s|]}t|ˆƒVqdS(N(R(R,tip(tunixTime(s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pys æs(R ttimet isinstancetlistRt_Actions__checkBan(RRMttickets((RNs;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt addBannedIPàs  c CsB|dkr|j|ƒSt|tƒr©g}d}xU|D]M}y||j|||ƒ7}Wq;tk r‡|sˆ|j|ƒqˆq;Xq;W|r¥td|ƒ‚n|S|rÝ|jjdk rÝ|jjj |j|ƒn|j j |ƒ}|dk r |j |ƒn3d|}t jtj|ƒ|r2dSt|ƒ‚dS(sORemoves banned IP calling actions' unban method Remove a banned IP now, rather than waiting for it to expire, even if set to never expire. Parameters ---------- ip : list, str, IPAddr or None The IP address (or multiple IPs as list) to unban or all IPs if None Raises ------ ValueError If `ip` is not banned isnot banned: %rs%s is not bannediN(R'R3RPRQtremoveBannedIPR%tappendRtdatabasetdelBanRt getTicketByIDt_Actions__unBanRFtlogtloggingtMSG( RRMR-tifexiststmissedtcnttittickettmsg((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRUís2       c CsÁ|dkr|j}n|jƒ}|jƒxŒ|D]„\}}y|jƒWnDtk r•}tjd|jj ||dtj ƒt j kƒnX|j|=tj d|jj |ƒq5WdS(s>Stops the actions in reverse sequence (optionally filtered) s(Failed to stop jail '%s' action '%s': %stexc_infos%s: action %s terminatedN(R'RtitemstreverseR/t ExceptionRFterrorRRtgetEffectiveLevelR\tDEBUGtdebug(RR.t revactionsRR)te((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR6s      c s|d}xrˆjjƒD]a\}}y|jƒWqtk rv}tjdˆjj||dtjƒt j kƒqXqWxàˆj r]ˆj rÒtj dƒtj‡fd†d„ˆjƒtj dƒq~ntj‡fd†ˆjƒ}||7}| s|ˆjkr~ˆj rQ|d 9}ˆj|rD|ˆjkrD|nˆjƒnd}q~q~Wˆjd tƒˆjƒtS( sÝMain loop for Threading. This function is the main loop of the thread. It checks the jail queue and executes commands when an IP address is banned. Returns ------- bool True when the thread exits nicely. is)Failed to start jail '%s' action '%s': %sRdsActions: enter idle modecsˆj pˆj S(N(tactivetidle((R(s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pytGscSstS(N(R4(((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpHssActions: leave idle modecsˆj pˆjƒS(N(RnRR((R(s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpLsiR/(RR1tstartRgRFRhRRRiR\RjRnRoRkR twait_fort sleeptimeRt_Actions__checkUnBanRR3R5R6(RR`RR)Rmtbancnt((Rs;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pytrun1s2         .  t ActionInfocBsþeZd)Zid„d6d„d6d„d6d„d 6d „d6d „d 6d „d6d„d6d„d6d„d6d„d6d*d„d6d„d6d„d6d„d6d„d 6d!„d6Zejd+Zd*eed%„Zd&„Z d'„Z e d(„Z RS(,tfids raw-ticketcCs |jjƒS(N(t_ActionInfo__tickettgetIP(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRp_sRMcCs |djS(NRM(t familyStr(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRp`stfamilycCs|djdƒS(NRMt(tgetPTR(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpassip-revcCs|djƒS(NRM(tgetHost(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpbssip-hostcCs |jjƒS(N(RytgetID(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpcscCs |jjƒS(N(Ryt getAttempt(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpdstfailurescCs |jjƒS(N(RytgetTime(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpesROcCs |jƒS(N(t _getBanTime(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpfstbantimecCs |jjƒS(N(Ryt getBanCount(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpgstbancountcCsdj|jjƒƒS(Ns (tjoinRyt getMatches(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRphstmatchescCs|jjrdSdS(Nii(Rytrestored(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpjsR‹cCs|jj|ƒS(N(RytgetData(Rttag((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRplssF-*cCsdj|jtƒjƒƒS(Ns (Rˆt_mi4ipR5R‰(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpnst ipmatchescCsdj|jƒjƒƒS(Ns (RˆRŽR‰(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpost ipjailmatchescCs|jtƒjƒS(N(RŽR5R(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRppst ipfailurescCs|jƒjƒS(N(RŽR(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpqstipjailfailurescCs t|jƒS(N(treprRy(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRpsst__tickett__jailt__mi4ipcCs4||_||_tƒ|_||_||_dS(N(Ryt_ActionInfo__jailR0tstoraget immutabletdata(RRbRR™Rš((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRxs     cCs(|j|j|j|j|jjƒƒS(N(t __class__RyR—R™Rštcopy(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRœscCs:|jjƒ}|dkr0|jjjƒ}nt|ƒS(N(RyRIR'R—R.tint(Rtbtime((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR„‚s cCs6t|dƒsi|_n|j}|r0dnd}||kra||dk rZ||S|jSyr|j}|d}d||<|js‘|jS|r³|jjd|ƒ||s R.s"Banned %s / %s, %s ticket(s) in %rN(1t_Actions__getFailTicketsRR'RtwrapRIRRzt_Actions__getActionInfot addBanTicketR tMainR‹R+RRFtnoticeRRR1tgetattrR4R™tresettbanRgRhRiR\RjR5tbannedRtgetRGRƒtNOTICEtWARNINGR[R RORt itervaluestconsistencyCheckR0t_Actions__reBanRkt getBanTotaltsize(RRSR`t rebanactsRbRžRMR©R®RR)Rmtdiftmtll((R²s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt __checkBanÀsn    +      % (c CsI|p |j}|jƒ}|j|ƒ}|rytjd|jj|dt|ƒdkrod|jƒdndƒnx¨|j ƒD]š\}}yCtj d|jj||ƒ|j sÇ|j ƒn|j |ƒWq†tk r}tjd|jj|||d tjƒtjkƒdSXq†Wt|_|jrE|j|_ndS( s¨Repeat bans for the ticket. Executes the actions in order to reban the host given in the ticket. Parameters ---------- ticket : Ticket Ticket to reban s[%s] Reban %s%sRMis , action %riR}s[%s] action %r: reban %ss;Failed to execute reban jail '%s' action '%s' info '%r': %sRd(RRzRµRFR¸RRR2tkeysR1RkR™RºtrebanRgRhRiR\RjR5R¼R( RRbR.R[RMR©RR)Rm((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__reBans*  I    c Csÿ|jj|ƒsdSd}xÜ|jjƒD]Ë\}}yu|jr\t|dtƒr\w,n|jskw,n|dkr‰|j |ƒ}n|j sŸ|j ƒn|j |ƒWq,t k rö}tjd|jj|||dtjƒtjkƒq,Xq,WdS(NR°s9Failed to execute ban jail '%s' action '%s' info '%r': %sRd(Rt _inBanListR'RR1R‹R¹R4t _prolongableRµR™RºtprolongRgRFRhRRRiR\Rj(RRbR©RR)Rm((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt _prolongBan4s&   cCsw|jjtjƒ|ƒ}x|D]}|j|ƒq"Wt|ƒ}|rstjd||jjƒ|j j ƒn|S(sKCheck for IP address to unban. Unban IP addresses which are outdated. sUnbanned %s, %s ticket(s) in %r( Rt unBanListR RORZR2RFRkRÄRR(RtmaxCounttlstRbR`((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt __checkUnBanKs   c s!t}|dkr1tjdƒˆjjƒ}nt}tˆjƒ}d}i}x+|dk rg|nˆjj ƒD]\}‰yZt ˆdƒrÙt ˆt ƒ s«ˆj rÙtjdˆjj|ƒˆjƒrÙwtqÙnWnˆtk rd} tjdˆjj|| dtjƒtjkƒtjdƒt ˆdƒre‡‡‡fd †} ˆj| ƒqtqenXtjd ƒˆ||tjd||fƒnd|jjƒfd|jjƒfd|jjƒfg}|dkrá|jjƒ}|d|jj|ƒfd|jj |ƒfd |jj |ƒfg7}n|S( sEStatus of current and total ban counts and current banned IP list. RÞtcymrus9Unsupported extended jail status flavor %r. Supported: %ssCurrently banneds Total bannedsBanned IP listsBanned ASN listsBanned Country listsBanned RIR listN( R'RFtwarningRRÄRÃRLtgetBanListExtendedCymruInfotgeBanListExtendedASNtgeBanListExtendedCountrytgeBanListExtendedRIR(Rtflavortsupported_flavorstrett cymru_info((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pytstatus®s  N(#RR¥t__doc__Rt staticmethodR"R'R4R+R5R#R;R<R>R?RARCRERIRLRTRUR6RvR RwRµR³RRRÂRÏRtR3RZRé(((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR2s8  .         2  )X  R"  6("t __author__t __copyright__t __license__R\tostsysROt collectionsRRt ImportErrorR0t banmanagerRRtipdnsRt jailthreadRR)RRR tmytimeR tobserverR tutilsR thelpersR RRFR(((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyts*