ogfwfdZdZdZddlZddlmZmZddlZddlZddlZddl Z ddl Z ddl m Z m Z ddlmZdd lmZmZmZdd lmZdd lmZmZd d lmZd dlmZmZmZmZm Z m!Z!m"Z"ee#Z$dZ%dZ&dZ' ddl(m)Z)dZ+ e,dZ/GddZ0Gdde1Z2y#e*$rdZ)Y(wxYw#e-$re.Z,Y/wxYw)z Cyril Jaquierz Copyright (c) 2004 Cyril JaquierGPLN)LockRLock) ObserversObserverThread)Jails)DNSUtils FileFilter JournalFilter) Transmitter) AsyncServerAsyncServerException)version) getLogger_as_boolextractOptions str2LogLevelgetVerbosityFormat excepthookprctl_set_th_nameautoINFOSTDOUT) Fail2BanDbcRtjjjSN) threadingcurrent_thread __class____name__8/usr/lib/python3/dist-packages/fail2ban/server/server.py _thread_namer&:s  ",,555r$ctjj|}tjj|r tj|yy#t t f$r}|jdk7rYd}~yd}~wwxYw)z0Creates path of file (last level only) on demandN)ospathdirnameisabsmkdirOSErrorFileExistsErrorerrno)namees r%_make_file_pathr3Bsc GGMM$ 88D> ? # ggm  sAB&A;;Bc<eZdZdYdZdZdZdZddifdZdZd Z dZd Z d Z d Z d Z dZdZdZdZdZdZdZdZdZdYdZdZdZdZdZdZdZdZdZd Z d!Z!d"Z"d#Z#d$Z$d%Z%d&Z&d'Z'd(Z(d)Z)d*Z*dYd+Z+d[d-Z,d.Z-dYd/Z.d0Z/d1Z0d2Z1d3Z2d4Z3d5Z4d6Z5d7Z6d8Z7d9Z8d:Z9d;Z:d<Z;d=ZZ=d?Z>d@Z?d\dAZ@d]dBZAdCZBdYdDZCdEZDdFZEdGZFd[dHZGdIZHd^dJZIdKZJdLZKdMZLdNZMdOZNdPZOdQZPeQdRZRdSZSdTZTdUZUdVZVeQdWZWdXZXy,)_ServerFct|_t|_t |_d|_||_t||_ i|_ d|_ d|_ d|_ d|_d|_dddd|_i|_y)Nz/var/run/syslogz /var/run/logz/dev/log)DarwinFreeBSDLinux)r_Server__loggingLockr _Server__lockr _Server__jails _Server__db_Server__daemonr _Server__transm_Server__reload_state_Server__asyncServer_Server__logLevel_Server__logTarget_Server__verbose_Server__syslogSocket_Server__autoSyslogSocketPaths_Server__prev_signals)selfdaemons r%__init__zServer.__init__Qsv$$+$,$)$-d#$-$$$/$$.$ "$ $r$cPtjd||jy)NzCaught signal %d. Exiting)logSysdebugquit)rHsignumframes r%__sigTERMhandlerzServer.__sigTERMhandlerfs,,*F3))+r$cPtjd||jy)NzCaught signal %d. Flushing logs)rLrM flushLogs)rHrOfnames r%__sigUSR1handlerzServer.__sigUSR1handlerjs,,0&9..r$cttj||j|<tj||y)z>Bind new signal handler while storing old one in _prev_signalsN)signal getsignalrG)rHsnews r% _rebindSignalzServer._rebindSignalns+!++A.$a--3r$TcXtjd|jrTtj d|j }|y|ds'd|ddf}tj |t|t|jdd|jd d|_ |j|jd |j |jnt|j|jd |j |jnt |j#|jd |j$ |j$nt&tj d tj dt(j(|jrtj dt+dk(rkt,j.t,j0fD]}|j3||j4 |j3t,j6|j8t:t<_ tj?d|tA|tC|d} | jEdtjFz| jI|rAtNjP1tStN_(tNjPjUtj?d tA|tW|jX|_-|jd|jZ_.|jZjU|||ja tj?d|tjb|y#tJtLf$r!} tj d| Yd} ~ "d} ~ wwxYw#t^$r } tj d| Yd} ~ d} ~ wwxYw#tJtLf$r } tj d| Yd} ~ yd} ~ wwxYw)N?zStarting in daemon modeFrzCould not create daemon %srpnamezfail2ban-serververbose syslogsocketloglevel logtargetz2--------------------------------------------------zStarting Fail2ban v%szDaemon started _MainThreadzCreating PID file %swz%s zUnable to create PID file: %szStarting communicationonstartzCould not start server: %szRemove PID file %szUnable to remove PID file: %s)2r)umaskr>rLinfo_Server__createDaemonerrorServerInitializationErrorrgetrDsetSyslogSocketrEDEF_SYSLOGSOCKET setLogLevelrB DEF_LOGLEVEL setLogTargetrC DEF_LOGTARGETrr&rWSIGTERMSIGINTr[_Server__sigTERMhandlerSIGUSR1_Server__sigUSR1handlerrsysrMr3openwritegetpidcloser.IOErrorrMainrstartrr?rArerrNremove) rHsockpidfileforceobserverconfreterrrYpidFiler2s r%r~z Server.startss%((5/ ]] ;;()   3 k  a& &AB /C LL #C ((DHHW&78988It,$.txx--94?OQR488Joo14??|EFDHH[''34HI ++f++%w7 ]] ;; ^}$ ^^V]] +1qq$//01fnnd&;&;<#.4 <<&07 '3 7 =="))+%& ==? nn#%IN NN ,,'(14#DMM24 $ 34D%( ))+4 <<$g.99W3 7 4 <</334 1 <<,a001 7 4 <</334sJA#N=A!O/+O:O *OO  O7O22O7:P) P$$P)cd|_tjd|j|jj t dk(r8|j jD]\}}tj||tj}||jdrd}dt_ |j||j|jr!|jjd|_ |j!|jjd|_tjdy)Ncy)NFr#r#r$r%zServer.quit..sr$zShutdown in progress...rcF) forceQuitzExiting Fail2ban)rNrLrgrAstop_communicationr&rGitemsrWrr}stop stopAllJailr=r{)rHrYshobsMains r%rNz Server.quits$)++'( #((*^}$##))+uq" MM!R NN'  llUl#G9>  <<> YY99??49 #4++ !r$c@d}|jj|r|jj|r|j|}|j|k(r(d}t j d|d|j|<nBt j d||j||j|d|j|=|r'|jj|||j|j)|jj|j|yy)NTFzReload jail %rz"Restart jail %r (reason: %r != %r)r) r@rkr<existsbackendrLrgdelJailaddr=addJail)rHr1raddflgjails r%rzServer.addJails & T"t||':':4'@ ,,t 4 llg F KK $' $D KK4dDLL'RLLDL! D! <<D'499- YY99T\\$'(r$c|j|}|s|jr|j|||r5|j|jj ||j|=yy)Nrjoin)r<isAliverr=r)rHr1rrrs r%rzServer.delJails[ d $ T\\^99$T9"  iiIId ||D r$c.|j5|j|}|js|jn1||jvr#t j d||j|=|jrd|_dddy#1swYyxYw)NzJail %r reloadedF)r;r<rr~r@rLrgidle)rHr1rs r% startJailzServer.startJailsw {{ ,,t 4 ,,.JJL ### KK"D) D! iiDIs A5B  Bcl|j5|j|ddddy#1swYyxYw)NTr)r;rrHr1s r%stopJailzServer.stopJails. {{!<<4< !!!s*3cbtjd|j5t|jj D]}|j |ddt|jj D]}|j |dd dddy#1swYyxYw)NzStopping all jailsTFr)rLrgr;listr<keysrrs r%rzServer.stopAllJails++"# {{.DLL%%'(.tLLDuL-.DLL%%'(.tLLEL-. ...s A9B%%B.c|tjjtjjyr)r CACHE_nameToIpclearCACHE_ipToNamerHs r% clearCacheszServer.clearCaches(s& ! !r$c|r|jr+|dk(s|jj|r tdtj d|dk7rd|zndz|j 5|dk7r]d}d|vs|j j|r|j |}|rcd|vr|j|d|vrJ|j|n8|jd|vr|jd|vr|j|j jD]^\}}|dk(s||k(sd |_ ||j|<|jjd |j jd ` dddy|j 5g}|j jD]]\}}||jvr|j#|&|jjd |j jd _|D]}|j%| dddi|_tj d y#1swYyxYw#1swY2xYw) Nz--allzReload already in progresszReload zjail %sz all jailsz --if-existsz--unbanz --restartT)beginFzReload finished.)r@rk ValueErrorrLrgr;r<r setUnbanIPrrrrrfilterreloadactionsappendr)rHr1optsrrjndeljailss r% reloadJailszServer.reloadJails-s7  tw$2E2E2I2I$2O 1 22 ;;y$'/Y-{ST   w TT!T\\%8%8%> \\$ d d  t   }}T T oot LL&&(&D 2:di $d" kkt$ ll% &  =  B HLL&&('D d!!!oob kku% ll&' \\" 4 ;;!"_  B  s!)CI/AIBIII%c,||j|_y)NTr<rrHr1values r% setIdleJailzServer.setIdleJailds!$,,t r$c4|j|jSrrrs r% getIdleJailzServer.getIdleJailhs d   r$cRt||j|j_yr)rr<r ignoreSelfrs r% setIgnoreSelfzServer.setIgnoreSelfls)1%$,,t&r$cH|j|jjSr)r<rrrs r% getIgnoreSelfzServer.getIgnoreSelfos d  " " - --r$cT|j|jj|yr)r<r addIgnoreIPrHr1ips r%rzServer.addIgnoreIPr,,t''+r$cT|j|jj|yr)r<r delIgnoreIPrs r%rzServer.delIgnoreIPurr$cP|j|jjSr)r<r getIgnoreIPrs r%rzServer.getIgnoreIPx d  " " . . 00r$c||j|j}t|tr|j ||yyr)r<r isinstancer addLogPath)rHr1fileNametailfilter_s r%rzServer.addLogPath{s5 LL  % %'$ h%%r$cz|j|j}t|tr|j |yyr)r<rrr delLogPath)rHr1rrs r%rzServer.delLogPaths3 LL  % %'$ h%r$c|j|j}t|tr|j St j d|zgS)Nz$Jail %s is not a FileFilter instance)r<rrr getLogPathsrLrMrHr1rs r% getLogPathzServer.getLogPathsF LL  % %'$     <<6=> 9r$cz|j|j}t|tr|j |yyr)r<rrr addJournalMatchrHr1matchrs r%rzServer.addJournalMatch3 LL  % %'' 5!(r$cz|j|j}t|tr|j |yyr)r<rrr delJournalMatchrs r%rzServer.delJournalMatchrr$c|j|j}t|tr|j St j d|zgS)Nz'Jail %s is not a JournalFilter instance)r<rrr getJournalMatchrLrMrs r%rzServer.getJournalMatchsF LL  % %''  ! ! ## <<9D@A 9r$cX|j|j}|j|yr)r<rsetLogEncoding)rHr1encodingrs r%rzServer.setLogEncodings$ LL  % %' "r$cT|j|j}|jSr)r<rgetLogEncodingrs r%rzServer.getLogEncodings% LL  % %'    !!r$cT|j|jj|yr)r<r setFindTimers r%rzServer.setFindTime,,t''.r$cP|j|jjSr)r<r getFindTimers r%rzServer.getFindTimerr$cT|j|jj|yr)r<rsetDatePattern)rHr1patterns r%rzServer.setDatePatterns,,t**73r$cP|j|jjSr)r<rgetDatePatternrs r%rzServer.getDatePattern d  " " 1 1 33r$cT|j|jj|yr)r<rsetLogTimeZone)rHr1tzs r%rzServer.setLogTimeZones,,t**2.r$cP|j|jjSr)r<rgetLogTimeZoners r%rzServer.getLogTimeZonerr$c@||j|j_yrr<r ignoreCommandrs r%setIgnoreCommandzServer.setIgnoreCommands,1$,,t)r$cH|j|jjSrrrs r%getIgnoreCommandzServer.getIgnoreCommands d  " " 0 00r$chtd|zdz\}}||j|j_y)Nzcache[])rr<r ignoreCache)rHr1roptionss r%setIgnoreCachezServer.setIgnoreCaches0!(5."45.%*1$,,t'r$cH|j|jjSr)r<rrrs r%getIgnoreCachezServer.getIgnoreCaches d  " " . ..r$cp|j|j}tjd|||_y)Nz prefregex: %r)r<rrLrM prefRegex)rHr1rflts r% setPrefRegexzServer.setPrefRegexs, T!!#,, %(#-r$cH|j|jjSr)r<rrrs r% getPrefRegexzServer.getPrefRegexs d  " " , ,,r$c|j|j}|s|f}|D])}tjd||j |+y)Nz failregex: %r)r<rrLrM addFailRegexrHr1rmultipler s r%rzServer.addFailRegexsK T!!# E85e <<!5)Er$NcT|j|jj|yr)r<r delFailRegexrHr1indexs r%rzServer.delFailRegexs,,t((/r$cP|j|jjSr)r<r getFailRegexrs r%rzServer.getFailRegexs d  " " / / 11r$c|j|j}|s|f}|D])}tjd||j |+y)Nz ignoreregex: %r)r<rrLrMaddIgnoreRegexrs r%rzServer.addIgnoreRegexsK T!!# E85e <<#U+er$cT|j|jj|yr)r<rdelIgnoreRegexrs r%rzServer.delIgnoreRegexs,,t**51r$cP|j|jjSr)r<rgetIgnoreRegexrs r%rzServer.getIgnoreRegexrr$cT|j|jj|yr)r<r setUseDnsrs r%rzServer.setUseDnss,,t%%e,r$cP|j|jjSr)r<r getUseDnsrs r%r zServer.getUseDnss d  " " , , ..r$cT||j|jj_yrr<r failManager maxMatchesrs r% setMaxMatcheszServer.setMaxMatchess5:$,,t''2r$c\|j|jjjSrr"rs r% getMaxMatcheszServer.getMaxMatchess# d  " " . . 9 99r$cT|j|jj|yr)r<r setMaxRetryrs r%r)zServer.setMaxRetryrr$cP|j|jjSr)r<r getMaxRetryrs r%r+zServer.getMaxRetryrr$cT|j|jj|yr)r<r setMaxLinesrs r%r-zServer.setMaxLinesrr$cP|j|jjSr)r<r getMaxLinesrs r%r/zServer.getMaxLinesrr$cv|j|jj|g|d||jviy)Nr)r<rrr@)rHr1rargss r% addActionzServer.addActions= $,,t  '' $%% %'r$c4|j|jSrr<rrs r% getActionszServer.getActionss d  # ##r$c8|j|j|=yrr4rs r% delActionzServer.delAction s ll4  'r$c:|j|j|Srr4rs r% getActionzServer.getAction s d  # #E **r$cT|j|jj|yr)r<r setBanTimers r%r;zServer.setBanTimes,,t''.r$cN|j|jj|Sr)r<r addAttempt)rHr1r1s r% addAttemptIPzServer.addAttemptIPs$ -d  " " - -t 44r$cR|j|jj|Sr)r<r addBannedIPrs r%setBanIPzServer.setBanIPs" d  # # / / 66r$c||j|g}n#t|jj}d}||duz}|D]"}||jj ||z }$|S)Nr)ifexists)r<rvaluesrremoveBannedIP)rHr1rrCjailscntrs r%rzServer.setUnbanIPsy  LL  5  ##% &5 # tt|(@d$,, % %eh % ??3@ *r$c||j|g}n#t|jj}g}|]|r[|D]T}g}|D]:}|jj |gs |j |j <|j |V|S|D]@}|jj |}||cS|j |j |iB|Sr)r<rrDr getBannedrr1)rHr1idsrFresrrrs r%bannedz Server.banned&s  LL  5  ##% &5 # \c r C t$ jjJJsO  *"t ,,  %C  Z ZZC ! " *r$cP|j|jjSr)r<r getBanTimers r%rNzServer.getBanTime@s d  # # . . 00r$cR|j|jj|S)zReturns the list of banned IP addresses for a jail. Parameters ---------- name : str The name of a jail. Returns ------- list The list of banned IP addresses. )r<r getBanList)rHr1withTimes r%rPzServer.getBanListCs$ d  # # . .x 88r$cB|j|j||yr)r<setBanTimeExtra)rHr1optrs r%rSzServer.setBanTimeExtraRs,,t$$S%0r$c>|j|j|Sr)r<getBanTimeExtra)rHr1rTs r%rVzServer.getBanTimeExtraUs d  + +C 00r$cV|jduxr|jjSr)rAisActivers r% isStartedzServer.isStartedXs'  4 ' ID,>,>,G,G,IIr$c|t|j|k7ryt|jjD]}|j ryy)Nrr)lenr<rrDr)rHjailnumrs r%rzServer.isAlive[sM S.'9 4<<&&() d ,,.   r$cP |jjt|j}|j dj |}dt |jfd|fg}||jjS#|jjwxYw)Nz, zNumber of jailz Jail list)r;acquirerr<sortrr[release)rHrFjailListrs r%statusz Server.statusds ;;  5::<ii8 S. /X 3 ;;4;;s A,B B%c@|j|j|S)N)flavor)r<rb)rHr1rds r% statusJailzServer.statusJailps d  " "& " 11r$c4|j}|j5|j|k(r dddyt|}t dj t dk7s|tjkr|nt||_dddy#1swYyxYw)Nfail2ban INHERITED) upperr:rBrrsetLevelrqloggingDEBUGro)rHrlls r%rnzServer.setLogLevels ++-%  oo  U2 Z!! ; &"w}}*&>&@@1DT^ ^^J '7 wG33G wGGnnXr"b( .. "CG ~~!dnnq&8~~aW Wgw GC !!g'',- T " KK$goo6 KK 8   4&& ( (  4 Qhh& : \\=z~~j?YZ  ..99X:6  \\'0 [[0$2B2BC chh\  !  43#3#3v#= $> yhhsU UAU-'Q"DUAU09R;)1U T;FU"AR84U7R88U;?T:UTU6U>UUUUc|j5|j|k(r dddy||_ddd|jdk7xs|j|jS#1swY5xYw)NTrv)r:rErCrp)rHr`s r%rlzServer.setSyslogSocketss & \) &&&4&   X % -  4++ ,- &&sA"A""A+c^|j5|jcdddS#1swYyxYwr)r:rCrs r% getLogTargetzServer.getLogTargets)    rpc^|j5|jcdddS#1swYyxYwr)r:rErs r%getSyslogSocketzServer.getSyslogSockets)    rpc|jdvrNtdjD]5} |jtj d|jz7ytdjD]4}|jtj d|jz6y#t $r5|jtj d|jzYwxYw)N)r|rrvrsrgzrollover performed on %szflush performed on %sz rolled overflushed)rCrr doRolloverrLrgrr)rHrs r%rSzServer.flushLogss NNJ'00=w=  [[+d.>.>>?= J'00s YY499%%1 x~~'61 ! 9 ;; ^^49H8$DIII LL^^ >># r$c|jSr)r=rs r% getDatabasezServer.getDatabaseUs r$cdD]/tjjs#fd}|cStd)zGenerate a list of open file descriptors. This wouldn't work on some platforms, or if proc/fdescfs not mounted, or a chroot environment, then it'd raise a FileExistsError. )z /proc/self/fdz/proc/fdc3~KtjD] }|jst|"ywr)r)listdirisdigitr)r1r*s r%fdlistz#Server.__get_fdlist..fdlistds1D!  Ys)==zfd-list not found)r)r*rr/)rr*s @r% __get_fdlistzServer.__get_fdlistXsB d ggnnT 8O  +,,r$c\|jtjtj t j }|dk(rZt j t j }|dk(rt jdnt jdny |j}d}t"j$dd d k(rwt j&d tj(}|D]8} tj*j-||st j.|:t j.|n9|dk(r|D]} t j.|nt j0d|t j&d tj(t j&d tj2t j&d tj2y #t $r$}d|j|jffcYd}~Sd}~wwxYw#t $r$}d|j|jffcYd}~Sd}~wwxYw# t jd}n#ttf$rd}YnwxYwt!|dz}YxYw#t $rYwxYw#t $rY_wxYw)z Detach a process from the controlling terminal and run it in the background as a daemon. http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/278731 FNr/r~ SC_OPEN_MAXrr)rrz /dev/urandomz /dev/null)T)r[rWSIGHUPSIG_IGNr)forkr.r0strerrorsetsidchdir_exit_Server__get_fdlistsysconfrrrangerwrrxO_RDONLYr* sameopenfiler{ closerangeO_RDWR)rHpidr2rmaxfd urandom_fdfds r%__createDaemonzServer.__createDaemonls)V]]FNN3 ) 3 AX99;* '')C axHHSMHHQK      6 5 ai' 4:  r GG R 0hhrl 88J {  r XXb\ ==E''+r{{#''+ryy!''+ryy! Q ) 177AJJ' (()* * AGGQZZ( ))*( JJ} %E : & E %'N6        sG*H%I 75JJ* H3H HH I#I<II J  I#"J #I74J 6I77J  JJ J+*J+)F)TTr)NNT)NN)basic)Yr" __module__ __qualname__rJrtrvr[r~rNrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr r rrrrrrrr r%r'r)r+r-r/r2r5r7r9r;r>rArrLrNrPrSrVrYrrbrernrorprlrrrS staticmethodrrrrrrrhr#r$r%r5r5Os* ',dN4`,"^)( !." 5#n!9.,,1&   " "  #"/144/4212/ -0224-/;:/1/1' $(+/57   41 911J  2 "lf- **,7$.--&_r$r5c eZdZy)rjN)r"rrr#r$r%rjrjsr$rj)3 __author__ __copyright__ __license__rrrrkr)rWrrwrrrrFr rr r r transmitterr asyncserverrrrrhelpersrrrrrrrr"rLrmrorqdatabaser ImportErrorr&r/ NameErrorr.r3r5 Exceptionrjr#r$r%rs. 2  ! /77$:333 8   ! 6  | | ~ ss$4B>B&B#"B#&B0/B0