ܜ^c@s*dZdZdZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl mZmZddlmZmZdd lmZdd lmZdd lmZdd lmZmZdd lmZddlmZm Z m!Z!ddl"m#Z#ddl$m%Z%ddl&m'Z'm(Z(e'e)Z*defdYZ+de+fdYZ,y@ddl-Z-ye-j.Z/e/dj0Wne-j1Z/nXWn&e2k rddl.Z.e.j3Z/nXdfdYZ4ia5de+fdYZ6dS(s'Cyril Jaquier and Fail2Ban Contributorss>Copyright (c) 2004 Cyril Jaquier, 2011-2013 Yaroslav HalchenkotGPLiNi(tActions(tFailManagerEmptyt FailManager(tDNSUtilstIPAddr(t Observers(t FailTicket(t JailThread(t DateDetectortvalidateTimeZone(tMyTime(t FailRegextRegextRegexException(t CommandAction(tUtilsi(t getLoggert PREFER_ENCtFiltercBsEeZddZdZedZdZedZedZ edZ e j dZ d Z d6d Zd Zd Zd6d ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!edZ"e"j dZ"ed Z#e#j d!Z#d6d"Z$d#Z%ed$Z&e&j d%Z&d&Z'd6d'Z(d(d)Z)d*Z*ed+Z+ed,Z,d6d-Z-d6d.Z.d/Z/d0Z0d7d1Z1d2Z2d6d3Z3d4d5Z4RS(8twarncCstj|||_t|_d|_t|_t|_ |j |d|_ t |_ g|_t|_d|_d|_g|_d|_d|_d|_t|_d|_d|_t|_t|_t |_d|_d|j|_ t!|_"t#j$d|dS(NiXitisf2b/f.s Created %s(%Rt__init__tjailRt failManagertNonet_Filter__prefRegextlistt_Filter__failRegext_Filter__ignoreRegext setUseDnst_Filter__findTimetTruet_Filter__ignoreSelft_Filter__ignoreIpListtFalset_Filter__ignoreCommandt_Filter__ignoreCachet_Filter__lineBufferSizet_Filter__lineBuffert_Filter__lastTimeTextt_Filter__lastDatet_Filter__logtimezoneRt_Filter__encodingt_Filter__mlfidCachet_errorst returnRawHostt checkAllRegext checkFindTimettickstjailNametnameR t dateDetectortlogSystdebug(tselfRtuseDns((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRAs6                         cCsd|jj|jfS(Ns%s(%r)(t __class__t__name__R(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt__repr__wscCs|jdk r|jjpdS(Ns ~jailless~(RRR3(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR2zscCs"|j|j|jdS(s8 Clear all lists/dicts parameters (used by reloading) N(t delFailRegextdelIgnoreRegext delIgnoreIP(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytclearAllParams~s  cCs|rD|jt|drtd|jD|_qn@t|drx|jD]}|j|q]Wt|dndS(s@ Begin or end of reloading resp. refreshing of all parameters t getLogPathscss|]}|dfVqdS(iN((t.0tk((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pys st _reload_logsN(R?thasattrtdictR@RCt delLogPathtdelattr(R7tbegintpath((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytreloads %cCs2|jr|jStjdddd|_|jS(NtmaxCountidtmaxTimeii<i,(R,RtCache(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt mlfidCaches cCs|jS(N(R(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt prefRegexscCs.|r!t|d|j|_n d|_dS(NR8(R t_Filter__useDnsRR(R7tvalue((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyROscCsw|jdk}y8t|d|jd|d|j}|jj|Wn&tk rr}tj||nXdS(NiROt multilineR8( t getMaxLinesR RRPRtappendRR5terror(R7RQt multiLinetregexte((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt addFailRegexs  cCsMy%|dkr|j2dS|j|=Wn!tk rHtjd|nXdS(Ns7Cannot remove regular expression. Index %d is not valid(RRt IndexErrorR5RU(R7tindex((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR<s   cCs g|jD]}|j^q S(N(RtgetRegex(R7RW((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt getFailRegexscCsVy)t|d|j}|jj|Wn&tk rQ}tj||nXdS(NR8(R RPRRTRR5RU(R7RQRWRX((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytaddIgnoreRegexs  cCsMy%|dkr|j2dS|j|=Wn!tk rHtjd|nXdS(Ns7Cannot remove regular expression. Index %d is not valid(RRRZR5RU(R7R[((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR=s   cCs4t}x$|jD]}|j|jqW|S(N(RRRTR\(R7t ignoreRegexRW((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytgetIgnoreRegexs cCs{t|tr*idt6dt6|}n|j}|dkr[tjd|d}ntjd||||_dS(NtyestnoRtraws8Incorrect value %r specified for usedns. Using safe 'no'sSetting usedns = %s for %s(syesswarnRbsraw( t isinstancetboolR R#tlowerR5RUR6RP(R7RQ((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRs    cCs|jS(N(RP(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt getUseDnsscCs<tj|}||_|jj|tjd|dS(Ns findtime: %s(R t str2secondsRRt setMaxTimeR5tinfo(R7RQ((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt setFindTime s cCs|jS(N(R(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt getFindTimescCs|dkrd|_dSt}|j|_t|ttfsmtt t t j t jd|}nx|D]}|j|qtW||_dS(Ns +(RR4R R*t default_tzRdRttupletfilterRetmaptstrtstriptretsplittappendTemplate(R7tpatterntdd((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytsetDatePatterns    * cCs|jdk r|jj}t| s:t|dkr>dSt|rt|ddrm|dj}nd}||djfSndS(NisDefault DetectorsiRv(NsDefault Detectors(R4Rt templatestlenRDRvR3(R7RyRv((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytgetDatePattern1s  cCs2t|||_|jr.|j|j_ndS(N(R R*R4Rm(R7ttz((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytsetLogTimeZoneDs   cCs|jS(N(R*(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytgetLogTimeZoneNscCs$|jj|tjd|dS(Ns maxRetry: %s(Rt setMaxRetryR5Rj(R7RQ((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRVscCs |jjS(N(Rt getMaxRetry(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR_scCsGt|dkr!tdnt||_tjd|jdS(Nis*maxlines must be integer greater than zeros maxLines: %i(tintt ValueErrorR&R5Rj(R7RQ((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt setMaxLinesgscCs|jS(N(R&(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRSrscCsE|jdkrt}ntj|||_tjd||S(Ntautos encoding: %s(RfRtcodecstlookupR+R5Rj(R7tencoding((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytsetLogEncodingzs    cCs|jS(N(R+(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytgetLogEncodingscCstddS(Nsrun() is abstract(t Exception(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytrunscCs|jS(N(R$(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt ignoreCommandscCs ||_dS(N(R$(R7tcommand((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRscCs5|jr1|jd|jdj|jdjgSdS(Nii(R%RKRLR(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt ignoreCachesc Csb|rU|dtjdt|jdddtj|jdd f|_n d|_dS( NtkeyRKs max-countidRLsmax-timeii<i,(RRMRtgetR RhR%R(R7R((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRs?cCsay3x,tr1|jj|}|jj|qWWn'tk r\|jjtjnXdS(sKPerforms a ban for IPs (or given ip) that are reached maxretry of the jail.N( R RttoBanRt putFailTicketRtcleanupR ttime(R7tiptticket((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt performBans   cGst|tst|}nt|}tj}t||d|}tjd|j|t j j |j d|j j |t|pd|j|dS(s Generate a failed attempt for iptmatchess[%s] Attempt %s - %ss%Y-%m-%d %H:%M:%Si(RdRRR RRR5RjR2tdatetimet fromtimestamptstrftimeRt addFailureRzR(R7RRtunixTimeR((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt addAttempts  ( cCs|jS(N(R!(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt ignoreSelfscCs ||_dS(N(R!(R7RQ((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRscCsi|dkrdSt|}||jkrBtjd||dStjd|||jj|dS(NRs2 Ignore duplicate %r (%r), already in ignore lists Add %r to ignore list (%r)(RR"R5RR6RT(R7tipstrR((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt addIgnoreIPs  cCs;|dkr|j2dStjd||jj|dS(Ns Remove %r from ignore list(RR"R5R6tremove(R7R((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR>s  sunknown sourcecCs&|r"tjd|j||ndS(Ns[%s] Ignore %s by %s(R5RjR2(R7Rt log_ignoret ignore_source((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt logIgnoreIpscCs|jS(N(R"(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt getIgnoreIPscCs[d}t|tr*|}|j}nt|tsHt|}n|j|||S(N(RRdRtgetIPRt_inIgnoreIPList(R7RRR((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytinIgnoreIPListsc CsQd}|jr|j\}}|rNtj||j}tj||}ni|d6}tj||}|j|}|dk r|Sn|j r|t j kr|j ||dd|jr|j |tntSxe|jD]Z}|j|r|j ||d|jrdnd|jr@|j |tntSqW|jr1|r|sutj||j}ntj|j|} n+|si|d6}ntj|j|} tjd| tj| dd \} } | o| dk} |j ||o| dd |jr-|j || n| S|jrM|j |tntS( NRRsignoreself ruletdnssignore command: %st success_codesiiR(ii(RR%Rt ActionInfoRRtreplaceDynamicTagst replaceTagRR!Rt getSelfIPsRtsetR R"tisInNettisValidR$R5R6t executeCmdR#( R7RRRtaInfoRtctvtnetRtrett ret_ignore((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRsP    %    cs|r|n|jd}tjdd||jj|\}}|r||jd ||jd|jd!||jd||ffn|dddffd|_|j |S(sFSplit the time portion from log msg and return findFailures on them s isWorking on line %riRcsdjdddS(NRi(tjoin((t tupleLine(s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytQsN( trstripR5tlogR4t matchTimetstarttendRt processedLinet findFailure(R7tlinetdatetlt timeMatchttemplate((Rs:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt processLine<s c CsIyx|j||D]}|d}|d}|d}tjd||t||d|}|j||rzqntjd|j|tj||j j |t j d k rt j jd|j |j|qqW|jr|jd_nWnEtk rD}tjd||d tjtjk|jnXd S( s<Processes the line for failures and populates failManager iiis&Processing line with time:%s and ip:%stdatas[%s] Found %s - %st failureFounds0Failed to process line: %r, caught exception: %rtexc_infoN(RR5R6RRRjR2R ttime2strRRRtMainRtaddRR-RRUtgetEffectiveLeveltloggingtDEBUGt commonError( R7RRtelementRRtfailttickRX((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytprocessLineAndAddTs*     & cCs`|jd7_tj|j|jdkr\tjd|j|jd_t|_ndS(Niids(Too many errors at once (%s), going idlei(R-Rtsleept sleeptimeR5RUR tidle(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRqs cCsStj|}x=t|jD],\}}|j|||jr|SqWdS(N(R t_tupleLinesBuft enumerateRtsearcht hasMatchedR(R7t tupleLinestbuftignoreRegexIndexR_((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt ignoreLines  cCsD|jd}|r@|s/t|d<}n|j||SdS(Ntusers(RRRR(R7RtuserR((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt _updateUserss c Csr|jr|jj|nd}d}d}|jdri|dO}|jds|d|dt||}|dk r2||kr2t|tj}n|g}nt/j0||j}x'|D]}|j1| |||gqZW|j$sPnWqLt2k r}tj|qLXqLW|S(#NRciis(Matched ignoreregex and was "%s" ignoredRiis(findFailure failed to parse timeText: %siis#Ignore line since time %s < %s - %ssLooking for match of %rs Looking for prefregex %rs Prefregex not matcheds Pre-filter matched %stcontents Looking for failregex %d - %rs Matched failregex %d: %ss% Matched ignoreregex and was ignoreds Found a match for %r but no valid date/time found for %r. Please try setting a custom date pattern (see man page jail.conf(5)). If format is complex, please file a detailed issue on https://github.com/fail2ban/fail2ban/issues in order to get support for this format.s RRs"Nofail by mlfid %r in regex %s: %sRswaiting for failureRtfidtip4tcidrtip6Rs)No failure-id by mlfid %r in regex %s: %sswaiting for identifier(3RR5RR.Rt CIDR_UNSPECRPR tCIDR_RAWRRRRR(R)R4tgetTimeRUR0R RRlR&R'R RRR\RRt getGroupsRRRRtgetUnmatchedTupleLinesR/twarningtgetMatchedLinesRStcopyRRRtFAM_IPv4tFAM_IPv6t getFailIDRttextToIpRTR(R7RRtfailListtllR.RttimeTextt dateTimeMatcht orgBufferRt preGroupstrepltfailRegexIndexRRRctcurrFailRRthosttipsRRX((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRs     %          % 1 &     "                            tbasiccCs.d|jjfd|jjfg}|S(s)Status of failures detected by filter. sCurrently faileds Total failed(Rtsizet getFailTotal(R7tflavorR((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytstatussN((5R:t __module__RR;tpropertyR2R?R RJRNROtsetterRYRR<R]R^R=R`RRgRkRlRxR{R}R~RRRRSRRRRRRRRRR>RRRRRRRRRRRR(((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR9sf 6                  -      D t FileFiltercBseZdZeedZdZdZdZdZ dZ dZ dZ d Z d Zd Zd d ZddZdZRS(cKs/tj|||t|_t|_dS(N(RRREt_FileFilter__logst_FileFilter__autoSeek(R7Rtkwargs((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRs cCs ||jkrNt|dr:||jkr:|j|=qtj|dnt||j|}|jj}|dk r|j |j|}|r| r|j |qn||j||js|j}| s|j rPn|j|qWnWd|jX|jj}|dk r|j|j|ntS(NsUnable to get failures in %ssUnable to open %sisError opening %sssInternal error in FileContainer open method - please report as a bug to https://github.com/fail2ban/fail2ban/issuess'Error during seek to start time in "%s"(R3RR5RUR#topentIOErrorterrnot exceptiontOSErrorRRRRdReR RRlt seekToTimeRtreadlinetactiveRtcloseRRR)R (R7tfilenameRt has_contentRXt startTimeRR&((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt getFailures sV            icCsN|j}tjtjkrCtjd|tj||n|j}|}|}d}d} d} d} d} |} xZ||kr|dkrt |||d}n |d}}t d|d}|j |}}| d7} d}d}d}xt r|j}|s#Pn|jj|\}}|rr|jj||j|j!||f}n(|j}||kr|}Pn|}| r|r|d8}qnPqW|r|d} | |kr,| dks| | kr|} | } n||kr|}n||kr|}qq| dksD| | krS|} | } n|dkrn|j}n|}||kr|}qn||kr| d8} | dkrPn||kr|}}qnPn|}qW|j |t} |j| tjtjkrJtjd||| | dk r=tj| nd| ndS( Ns'Seek to find time %s (%s), file size %siiiiis7Position %s from %s, found time %s (%s) within %s seeksR(t getFileSizeR5RRRR6R RR!RRtmaxtseekR R:R4RRRRttellR#R (R7t containerRtaccuracytfstminptmaxpttryPostlastPostfoundPost foundTimetcntrRtmovecntrtpostseekpostlncntrR tnextpRRR((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR9Is                               RcCsAtt|jd|}|jj}|jd|f|S(s/Status of Filter plus files being monitored. Rs File list(R0RRRR+RT(R7RRRI((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRscCs>x$|jjD]}|j|qWtt|jdS(s!Stop monitoring of log-file(s) N(RR+RFR0Rtstop(R7RI((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRTs(R:RRR#R R(R#RFR*R@R-R.R/RR3R@R9RRT(((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRs      < U t RcBseZedZdZdZdZdZdZdZ dZ dZ e d Z d Zed Zd Zd ZRS(cCs||_|j|||_d|_t|d}tj|j}|j |_ zV|j }t |j |_|r|jdd|j|_n d|_Wd|jXdS(Ntrbii(t_FileContainer__filenameR2t_FileContainer__tailRt_FileContainer__handlerR4tostfstattfilenotst_inot_FileContainer__inoR:tmd5sumt hexdigestt_FileContainer__hashRCRDt_FileContainer__posR<(R7R=RR$thandlertstatst firstLine((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRs       cCs|jS(N(RW(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt getFileNamescCstjj|jS(N(RZRItgetsizeRW(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRAscCstj|||_dS(N(RRt_FileContainer__encoding(R7R((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR2s cCs|jS(N(Rh(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyt getEncodingscCs|jS(N(Ra(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR"scCs|jS(N(Rb(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR!scCs ||_dS(N(Rb(R7RQ((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR scCst|jd|_|jj}tj|tj}tj|tj|tjBtj |jj}|j s{t S|jj }t |j}|j|ks|j|jkrtjtjd|j||_|j|_d|_n|jj|jtS(NRVsLog rotation detected for %si(R4RWRYR\tfcntltF_GETFDtF_SETFDt FD_CLOEXECRZR[tst_sizeR#R:R_R`RaR^R]R5RRtMSGRbRCR (R7tfdtflagsRdRetmyHash((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR4s  !   cCs<|j}|j|d|r2|r2|jn|jS(Ni(RYRCR:RD(R7toffstendLineth((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRCs    cCs |jjS(N(RYRD(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRDscCsy|j|dSWnttfk r}tj}tj|dtjkrstj }tjdt||jdk r:|jj|_|jjd|_ndS(N(RYRRDRbR<(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR<9s (R:RR#RRfRAR2RiR"R!R R4R RCRDt staticmethodRR:R<(((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRs           t JournalFiltercBs/eZdZdZddZdZRS(cCs!tt|j|jdS(N(R0RR?tdelJournalMatch(R7((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyR?MscCsdS(N((R7tmatch((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytaddJournalMatchQscCsdS(N((R7R((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRTscCsgS(N((R7R((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytgetJournalMatchWsN(R:RR?RRRR(((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pyRKs   (7t __author__t __copyright__t __license__RRRjRRZRstsysRtactionsRt failmanagerRRtipdnsRRtobserverRRRt jailthreadRt datedetectorR R tmytimeR t failregexR R RtactionRtutilsRthelpersRRR:R5RRthashlibtmd5R_R`tsha1t ImportErrortnewRR{R(((s:/usr/lib/python2.7/site-packages/fail2ban/server/filter.pytsT         g     ~