H_c@sdZdZdZdZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl m Z m Z ddlmZmZmZydd lmZWnek reZnXdd lmZmZd d lmZdd lmZmZddlmZmZddl m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&e$dZ'e(ddZ)dZ*ddZ+edZ,dZ-dZ.dZ/de fdYZ0dZ1de2fdYZ3de2fd YZ4d!e2fd"YZ5d#Z6dS($s Fail2Ban reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. This tools can test regular expressions for "fail2ban". sFail2Ban DeveloperssICopyright (c) 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors Copyright of modifications held by their respective authors. Licensed under the GNU General Public License v2 (GPL). Written by Cyril Jaquier . Many contributions by Yaroslav O. Halchenko, Steven Hiscocks, Sergey G. Brester (sebres).tGPLiN(t OptionParsertOption(t NoOptionErrortNoSectionErrortMissingSectionHeaderErrori(t FilterSystemd(tversiont normVersioni(t FilterReader(tFiltert FileContainer(tRegextRegexException(t str2LogLeveltgetVerbosityFormattFormatterWithTraceBackt getLoggertextractOptionst PREFER_ENCtfail2bantyescCsNitj|d|d6|d6dd6}|r=d|d [IGNOREREGEX]i(R6targv(((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pytjst _f2bOptParsercBseZdZRS(cOs;d|_dttdtj|||dtdS(s, Overwritten format helper with full ussage.R*sUsage: s LOG: string a string representing a log line filename path to a log file (/var/log/auth.log) "systemd-journal" search systemd journal (systemd-python required) REGEX: string a string representing a 'failregex' filename path to a filter file (filter.d/sshd.conf) IGNOREREGEX: string a string representing an 'ignoreregex' filename path to a filter file (filter.d/sshd.conf) s> Report bugs to https://github.com/fail2ban/fail2ban/issues s (tusaget__doc__Rt format_helpt __copyright__(tselfR#tkwargs((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyR>ms (t__name__t __module__R>(((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyR;lscCstdtddt}|jtdddddd td d dd td dddddddtdddtddtdddddtddtdddddddtdddtddddtd d!dd"td#d$d%d&dd'dd(td)dd*d*t dd+td,d-dd.d%d/dddd0td1ddd%d/dtdd2td3d4dddd5td6d7dddd8td9dd:d%d;dt dd<td=d>ddd%d?dddd@tdAddddBtdCddddDtdEddddFtdGddddHtdIddddJtdKdLddddMtdNddddOg|S(PNR<Rs%prog s-cs--configtdefaults /etc/fail2banthelpsset alternate config directorys-ds --datepatterns+set custom pattern used to match date/timess --timezones--TZtactiontstores)set time-zone used by convert time formats-es --encodings%File encoding. Default: system locales-rs--rawt store_truesRaw hosts, don't resolve dnss--usednsspDNS specified replacement of tags in regexp ('yes' - matches all form of hosts, 'no' - IP addresses only)s-Ls --maxlinesttypeismaxlines for multi-line regex.s-ms--journalmatchsGjournalctl style matches overriding filter file. "systemd-journal" onlys-ls --log-leveltdestt log_leveltcriticals(Log level for the Fail2Ban logger to uses-Vtcallbacks,get version in machine-readable short formats-vs --verbosetcounttverbosesIncrease verbositys --verbositys'Set numerical level of verbosity (0..4)s--verbose-dates--VDs%Verbose date patterns/regex in outputs-Ds --debuggexs-Produce debuggex.com urls for debugging theres--no-check-allt store_falset checkAllRegexsDisable check for all regex'ss-os--outtoutsaSet token to print failure information only (row, id, ip, msg, host, ip4, ip6, dns, matches, ...)s--print-no-missedsDo not print any missed liness--print-no-ignoredsDo not print any ignored liness--print-all-matchedsPrint all matched liness--print-all-misseds*Print all missed lines, no matter how manys--print-all-ignoreds+Print all ignored lines, no matter how manys-ts--log-tracebacks.Enrich log-messages with compressed tracebackss--full-tracebacksBEither to make the tracebacks full, not compressed (as by default)( R;R<Rt add_optionsRtNoneRtFalsetintR8R.(tp((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pytget_opt_parsersl      t RegexStatcBsGeZdZdZdZdZdZdZdZRS(cCs"d|_||_t|_dS(Ni(t_statst _failregextlistt_ipList(R@t failregex((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyt__init__s  cCs d|j|j|j|jfS(Ns%s(%r) %d failed: %s(t __class__R[RZR](R@((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyt__str__scCs|jd7_dS(Ni(RZ(R@((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pytincscCs|jS(N(RZ(R@((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pytgetStatsscCs|jS(N(R[(R@((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyt getFailRegexscCs|jj|dS(N(R]tappend(R@tvalue((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pytappendIPscCs|jS(N(R](R@((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyt getIPLists( RBRCR_RaRbRcRdRgRh(((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyRYs      t LineStatscBs)eZdZdZdZdZRS(s(Just a convenience container for stats cCshd|_|_g|_d|_g|_d|_g|_|jrdg|_g|_ g|_ ndS(Ni( ttestedtmatchedt matched_linestmissedt missed_linestignoredt ignored_linestdebuggextmatched_lines_timeextractedtmissed_lines_timeextractedtignored_lines_timeextracted(R@topts((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyR_s        cCsd|S(NsM%(tested)d lines, %(ignored)d ignored, %(matched)d matched, %(missed)d missed((R@((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyRascCs t||rt||SdS(NR*(thasattrtgetattr(R@tkey((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyt __getitem__s(RBRCR=R_RaRy(((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyRis t Fail2banRegexcBseZdZdZdZdZdZdZdZdZ dZ d Z dd Z d Zd Zd ZdZdZRS(cCs|jjtd|jjD||_t|_t|_d|_ t|_ t d|_ t |_t |_d|_t||_|jr|j|jn d|_|jdk r|jtj|jn|jr|j j|jn|jr#|j|jn|jrB|j j|jn|j |j _!t|j _"|j#om|j$ |j _#d|_%dS(Ncss%|]\}}d||fVqdS(t_N((t.0totv((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pys sitauto(&t__dict__tupdatetdictt iteritemst_optsRUt _maxlines_sett_datepattern_setRTt _journalmatcht share_configR t_filterR\t _ignoreregexR[t _time_elapsedRit _line_statstmaxlinest setMaxLinest _maxlinest journalmatchtsetJournalMatchtshlextsplitttimezonetsetLogTimeZonet datepatterntsetDatePatterntusednst setUseDnstrawt returnRawHostt checkFindTimeRQRRt_backend(R@Ru((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyR_s4)              cCs|jjst|ndS(N(RRRR%(R@tline((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyR%s cCstjd|j|S(Ns(R t decode_linet _encoding(R@R((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyRscCs|j|jdS(Ntignore(tencodeR(R@R((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyt encode_linescCsY|jsU|jj|t|_|dk rU|jd|jjdfqUndS(NsUse datepattern : %si(RRRR.RTR%tgetDatePattern(R@tpattern((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyRs     cCsI|jsE|jjt|t|_|jd|jjndS(NsUse maxlines : %d(RRRRVR.R%t getMaxLines(R@R~((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyR&s  cCs ||_dS(N(R(R@R~((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyR,scCsi}|j}xbddg|jD]J}y0||krH||n|jd||||jjj||jr|jjj|qq>n||s>|jjd7_|j r>|js|jj|j dkr>|jj j||jr;|jj!j|q;q>n|jj"d7_"qWtj||_#dS(NiiR*s t#tidtiptmsgs cSsdjd|DS(NR*css|] }|VqdS(N((R|R~((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pys s(R+(R~((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyR:sitmatchestrows [%r, %r, %r],icss-|]#\}}|dkr||fVqdS(RN((R|RR~((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pys s(sidsip($ttimet isinstancettupleRR+trstript startswithRRRot_print_no_ignoredt_print_all_ignoredRRpReRRtR&RRRR%tmapRRRRkRRlRrRmt_print_no_missedt_print_all_missedRnRsRjR(R@t test_linestt0Rtline_datetimestrippedRR((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pytprocesssZ  ,    3 @ !  , c sj}||}||d}jjdk|rd|jf}jr`|dksp|dkr|j}n j}||d}|jkstd|rFgg}xA||gD]3}g|D] } |D]} | | g^qq}qWt fd|} t g| D]} | j ^q'|qt d |||fq|jkstd|rt g|D]} | j ^q|qt d |||fndS( Nt_linesis %s line(s):RmRkt_lines_timeextractedt _print_all_csN|dd|djdtj|d|djjjS(Nis | is | (RdR$RRR(ta(R"R@(sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyR:8s s?%s too many to print. Use --print-all-%s to print all %d lines( RRRt capitalizeRR[RRRwRR-RR%( R@tltypetlstatsRR(R,t regexlisttanstargtxtytb((R"R@sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyt printLines&s0     " 1 )")c sjjrtStdtdtdfd}|dj}|dj}jjdk r:tdg}xjjj D]}j s|j r|j d|j |j fjr&|j d |j|jjt|d df|j d t|d dfq&qqWt|d ntdjjdk rntdjntdjrjdnjsjdnjsjdntS(NR*tResultss=======c s#dg}}xt|D]\}}|j}||7}|sKjrr|jd|d||jfnjrt|jrxj|jD]Y}tj|d}tj d|} |jd|d| |drdpd fqWqqWt d ||ft |d |S( Nis %2d) [%d] %siis%a %b %d %H:%M:%S %Ys %s %s%sis (multiple regex matched)R*s %s: %d totals" #) [# of hits] regular expression( t enumerateRcRReRdR&RhRt localtimetstrftimeR%R-( Rt failregexesttotalRRtcntR^RRt timeTuplet timeString(R@(sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pytprint_failregexesKs$   '& t Failregext Ignoreregexs Date template hits:s[%d] %ss& # weight: %.3f (%.3f), pattern: %sRs # regex: %sR!s[# of hits] date formats Lines: %ss[processed in %.2f sec]RkRoRm(RRRR.R%R[RRt dateDetectorRTt templatesRthitsRetnamet _verbose_datetweightttemplateRwR-RRRRRR(R@RRR{RRR'((R@sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyt printStatsEs>       *    ccs#x|D]}|j|VqWdS(N(R(R@thdlrR((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pytfile_lines_gens cCs|d \}}|jdr+d|_nyG|j|dsDtSt|dkrq|j|dd rqtSWn"tk r}td|tSXtjj |ryGt |d}|jd ||jd |j |j |}Wqt k r}t|tSXn|jdrts7td tS|jd |jd |j t|\}}td|} | j|j | j} |j} |jd| r| j| |jd dj| nt| | }n|jjdkr1|jdt|jdd|g}n|jd}|jdt|xXt|D]J\} } | dkr|jdPn|jd| dt| fqdW|jd|jd|j||jstSt S(Nissystemd-journaltsystemdRiRs ERROR: %strbsUse log file : %ssUse encoding : %ss,Error: systemd library not found. Exiting...sUse systemd journalsUse journal match : %st isUse single line : %ss s\ns Use multi line : %s line(s)is| ...s | %2.2s: %ss`-R*(!RRRRUR&R R%RRRtopenRR*tIOErrorRRRTtsetLogEncodingtgetJournalReaderRRtaddJournalMatchR+R5RRR)treplaceRRRR(R.(R@R#tcmd_logt cmd_regexRR)RtbackendtbeArgsR2R3RtiR(((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pytstartsh )       #   %    N(RBRCR_R%RRRRRRRRRTRRRR(R*R9(((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pyRzs        x / 7  = c GsFt}|j|\}}g}|jrF|jrF|jdn|jrh|jrh|jdnt|dkr|jdn|r|jt j j ddj |dt j dn|jstdtd td tdnt|j|_tj|jtjt j}|jd krHd nd }|jryt}|jrldpod|}n tj}|j|t|j|tj|yt|}Wnbt k r"}|jstj!tj"krtj#|dt$ntd|t j dnX|j%|sBt j dndS(NsGERROR: --print-no-missed and --print-all-missed are mutually exclusive.sIERROR: --print-no-ignored and --print-all-ignored are mutually exclusive.iis&ERROR: provide both and .s iR*s Running testss =============is%(levelname)-1.1s: %(message)ss %(message)ss %(tb)ss %(tbc)stexc_infos ERROR: %s(ii(&RXt parse_argstprint_no_missedtprint_all_missedRetprint_no_ignoredtprint_all_ignoredR&t print_helpR6tstderrtwriteR+R7RRR%RRKRtsetLevelRt StreamHandlertstdoutROt log_tracebackRtfull_tracebackt Formattert setFormatterRt addHandlerRzRRRRLR.R9( R#tparserRuterrorsREtfmtRHt fail2banRegexR((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pytexec_command_linesJ  !        (7R=t __author__R?t __license__tgetoptRRRR6RRtoptparseRRt ConfigParserRRRtserver.filtersystemdRt ImportErrorRTRRt filterreaderR t server.filterR R tserver.failregexR R thelpersRRRRRRRRUR$R%R)R-R5R8R<R;RXtobjectRYRiRzRO(((sA/usr/lib/python2.7/site-packages/fail2ban/client/fail2banregex.pytsJ          .      ?