|
|
|
@@ -, +, @@
|
|
|
|
config/jail.conf | 9 ++-
|
|
|
|
server/filterinotify.py | 157 +++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
server/jail.py | 18 +++++-
|
|
|
|
3 files changed, 179 insertions(+), 5 deletions(-)
|
|
|
|
create mode 100644 server/filterinotify.py
|
|
|
|
--- a/config/jail.conf
|
|
|
|
+++ a/config/jail.conf
|
|
|
|
@@ -26,13 +26,16 @@ findtime = 600
|
|
|
|
maxretry = 3
|
|
|
|
|
|
|
|
# "backend" specifies the backend used to get files modification. Available
|
|
|
|
-# options are "gamin", "polling" and "auto". This option can be overridden in
|
|
|
|
-# each jail too (use "gamin" for a jail and "polling" for another).
|
|
|
|
+# options are "inotify", "gamin", "polling" and "auto". This option can be
|
|
|
|
+# overridden in each jail too (use "gamin" for a jail and "polling" for
|
|
|
|
+# another).
|
|
|
|
#
|
|
|
|
+# inotify: requires pyinotify and the a kernel supporting Inotify
|
|
|
|
# gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin
|
|
|
|
# is not installed, Fail2ban will use polling.
|
|
|
|
# polling: uses a polling algorithm which does not require external libraries.
|
|
|
|
-# auto: will choose Gamin if available and polling otherwise.
|
|
|
|
+# auto: will choose Inotify if pyinotify is present, if not then it will
|
|
|
|
+# try Gamin and use that if available, and polling otherwise.
|
|
|
|
backend = auto
|
|
|
|
|
|
|
|
|
|
|
|
--- a/server/filterinotify.py
|
|
|
|
+++ a/server/filterinotify.py
|
|
|
|
@@ -0,0 +1,157 @@
|
|
|
|
+# This file is part of Fail2Ban.
|
|
|
|
+#
|
|
|
|
+# Fail2Ban is free software; you can redistribute it and/or modify
|
|
|
|
+# it under the terms of the GNU General Public License as published by
|
|
|
|
+# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
+# (at your option) any later version.
|
|
|
|
+#
|
|
|
|
+# Fail2Ban is distributed in the hope that it will be useful,
|
|
|
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
+# GNU General Public License for more details.
|
|
|
|
+#
|
|
|
|
+# You should have received a copy of the GNU General Public License
|
|
|
|
+# along with Fail2Ban; if not, write to the Free Software
|
|
|
|
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
+
|
|
|
|
+# Author: Jonathan G. Underwood
|
|
|
|
+#
|
|
|
|
+# $Revision$
|
|
|
|
+
|
|
|
|
+__author__ = "Jonathan G. Underwood"
|
|
|
|
+__version__ = "$Revision$"
|
|
|
|
+__date__ = "$Date$"
|
|
|
|
+__copyright__ = "Copyright (c) 2010 Jonathan G. Underwood"
|
|
|
|
+__license__ = "GPL"
|
|
|
|
+
|
|
|
|
+from failmanager import FailManagerEmpty
|
|
|
|
+from filter import FileFilter
|
|
|
|
+from mytime import MyTime
|
|
|
|
+
|
|
|
|
+import time, logging
|
|
|
|
+
|
|
|
|
+import pyinotify
|
|
|
|
+from pyinotify import ProcessEvent, WatchManager, Notifier
|
|
|
|
+
|
|
|
|
+# Gets the instance of the logger.
|
|
|
|
+logSys = logging.getLogger("fail2ban.filter")
|
|
|
|
+
|
|
|
|
+##
|
|
|
|
+# Log reader class.
|
|
|
|
+#
|
|
|
|
+# This class reads a log file and detects login failures or anything else
|
|
|
|
+# that matches a given regular expression. This class is instanciated by
|
|
|
|
+# a Jail object.
|
|
|
|
+
|
|
|
|
+class FilterInotify(ProcessEvent, FileFilter):
|
|
|
|
+
|
|
|
|
+ ##
|
|
|
|
+ # Constructor.
|
|
|
|
+ #
|
|
|
|
+ # Initialize the filter object with default values.
|
|
|
|
+ # @param jail the jail object
|
|
|
|
+
|
|
|
|
+ # Note that according to the pyinotify documentation we shouldn't
|
|
|
|
+ # define an __init__ function, but define a my_init function which is
|
|
|
|
+ # called by ProcessEvent.__init__. However, that approach appears not
|
|
|
|
+ # to work here and so we define __init__ and call
|
|
|
|
+ # ProcessEvent.__init__ from here.
|
|
|
|
+ def __init__(self, jail):
|
|
|
|
+ FileFilter.__init__(self, jail)
|
|
|
|
+ ProcessEvent.__init__(self)
|
|
|
|
+ self.__monitor = WatchManager()
|
|
|
|
+ self.__notifier = Notifier(self.__monitor, self)
|
|
|
|
+ self.__mask = pyinotify.IN_MODIFY | pyinotify.IN_CREATE
|
|
|
|
+
|
|
|
|
+ ##
|
|
|
|
+ # Event handling functions used by pyinotify.ProcessEvent
|
|
|
|
+ # instance. These simply call the __handleMod method.
|
|
|
|
+ # @event an event object
|
|
|
|
+
|
|
|
|
+ def process_IN_MODIFY(self, event):
|
|
|
|
+ logSys.debug("process_IN_MODIFY called")
|
|
|
|
+ self.__handleMod(event)
|
|
|
|
+
|
|
|
|
+ def process_IN_CREATE(self, event):
|
|
|
|
+ logSys.debug("process_IN_CREATE called")
|
|
|
|
+ self.__handleMod(event)
|
|
|
|
+
|
|
|
|
+ ##
|
|
|
|
+ # This method handles all modified file events
|
|
|
|
+ # @event an event object
|
|
|
|
+
|
|
|
|
+ def __handleMod(self, event):
|
|
|
|
+ self.getFailures(event.path)
|
|
|
|
+ try:
|
|
|
|
+ while True:
|
|
|
|
+ ticket = self.failManager.toBan()
|
|
|
|
+ self.jail.putFailTicket(ticket)
|
|
|
|
+ except FailManagerEmpty:
|
|
|
|
+ self.failManager.cleanup(MyTime.time())
|
|
|
|
+ self.dateDetector.sortTemplate()
|
|
|
|
+
|
|
|
|
+ ##
|
|
|
|
+ # Add a log file path
|
|
|
|
+ #
|
|
|
|
+ # @param path log file path
|
|
|
|
+
|
|
|
|
+ def addLogPath(self, path, tail = False):
|
|
|
|
+ if self.containsLogPath(path):
|
|
|
|
+ logSys.error(path + " already exists")
|
|
|
|
+ else:
|
|
|
|
+ wd = self.__monitor.add_watch(path, self.__mask)
|
|
|
|
+ if wd[path] > 0:
|
|
|
|
+ FileFilter.addLogPath(self, path, tail)
|
|
|
|
+ logSys.info("Added logfile = %s" % path)
|
|
|
|
+ else:
|
|
|
|
+ logSys.error("Failed to add an inotify watch for logfile = %s" % path)
|
|
|
|
+
|
|
|
|
+ ##
|
|
|
|
+ # Delete a log path
|
|
|
|
+ #
|
|
|
|
+ # @param path the log file to delete
|
|
|
|
+
|
|
|
|
+ def delLogPath(self, path):
|
|
|
|
+ if not self.containsLogPath(path):
|
|
|
|
+ logSys.error(path + " is not monitored")
|
|
|
|
+ else:
|
|
|
|
+ rd = self.__monitor.rm_watch(self.__monitor.get_wd(path))
|
|
|
|
+ if rd[path]:
|
|
|
|
+ FileFilter.delLogPath(self, path)
|
|
|
|
+ logSys.info("Removed logfile = %s" % path)
|
|
|
|
+ else:
|
|
|
|
+ logSys.error("Failed to remove inotify watch for logfile = %s" % path)
|
|
|
|
+
|
|
|
|
+ ##
|
|
|
|
+ # Main loop.
|
|
|
|
+ #
|
|
|
|
+ # This function is the main loop of the thread. It checks if the
|
|
|
|
+ # file has been modified and looks for failures.
|
|
|
|
+ # @return True when the thread exits nicely
|
|
|
|
+
|
|
|
|
+ def run(self):
|
|
|
|
+ self.setActive(True)
|
|
|
|
+ while self._isActive():
|
|
|
|
+ if not self.getIdle():
|
|
|
|
+ # We cannot block here because we want to be able to
|
|
|
|
+ # exit. __notifier.check_events will block for
|
|
|
|
+ # timeout milliseconds.
|
|
|
|
+ if self.__notifier.check_events(timeout=10):
|
|
|
|
+ self.__notifier.read_events()
|
|
|
|
+ self.__notifier.process_events()
|
|
|
|
+ time.sleep(self.getSleepTime())
|
|
|
|
+ else:
|
|
|
|
+ time.sleep(self.getSleepTime())
|
|
|
|
+
|
|
|
|
+ # Cleanup when shutting down
|
|
|
|
+ for wd in self.watchd.keys():
|
|
|
|
+ self.__monitor.rm_watch(wd)
|
|
|
|
+ del self.__monitor
|
|
|
|
+ self.__notifier.stop()
|
|
|
|
+ del self.__notifier
|
|
|
|
+
|
|
|
|
+ logSys.debug(self.jail.getName() + ": filter terminated")
|
|
|
|
+ return True
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+
|
|
|
|
--- a/server/jail.py
|
|
|
|
+++ a/server/jail.py
|
|
|
|
@@ -40,17 +40,31 @@ class Jail:
|
|
|
|
logSys.info("Creating new jail '%s'" % self.__name)
|
|
|
|
if backend == "polling":
|
|
|
|
self.__initPoller()
|
|
|
|
+ elif backend == "inotify":
|
|
|
|
+ self.__initInotify()
|
|
|
|
+ elif backend == "gamin":
|
|
|
|
+ self.__initGamin()
|
|
|
|
else:
|
|
|
|
try:
|
|
|
|
- self.__initGamin()
|
|
|
|
+ self.__initInotify()
|
|
|
|
except ImportError:
|
|
|
|
- self.__initPoller()
|
|
|
|
+ try:
|
|
|
|
+ self.__initGamin()
|
|
|
|
+ except ImportError:
|
|
|
|
+ self.__initPoller()
|
|
|
|
self.__action = Actions(self)
|
|
|
|
|
|
|
|
def __initPoller(self):
|
|
|
|
logSys.info("Jail '%s' uses poller" % self.__name)
|
|
|
|
from filterpoll import FilterPoll
|
|
|
|
self.__filter = FilterPoll(self)
|
|
|
|
+
|
|
|
|
+ def __initInotify(self):
|
|
|
|
+ # Try to import pyinotify
|
|
|
|
+ import pyinotify
|
|
|
|
+ logSys.info("Jail '%s' uses Inotify" % self.__name)
|
|
|
|
+ from filterinotify import FilterInotify
|
|
|
|
+ self.__filter = FilterInotify(self)
|
|
|
|
|
|
|
|
def __initGamin(self):
|
|
|
|
# Try to import gamin
|