%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python2.7/site-packages/fail2ban/server/
Upload File :
Create Path :
Current File : //usr/lib/python2.7/site-packages/fail2ban/server/actions.pyc

�
��&dc@s;dZdZdZddlZddlZddlZddlZddlmZyddlm	Z	Wne
k
reZ	nXddlm
Z
mZdd	lmZdd
lmZddlmZmZmZddlmZdd
lmZddlmZddlmZee�Z deefd��YZ!dS(s
Cyril Jaquiers Copyright (c) 2004 Cyril JaquiertGPLi����N(tMapping(tOrderedDicti(t
BanManagert	BanTicket(tIPAddr(t
JailThread(t
ActionBaset
CommandActiont
CallingMap(tMyTime(t	Observers(tUtilsi(t	getLoggertActionscBsYeZdZd�Zed��Zd d ed�Ze	d�Z
d�Zd�Zd�Z
d�Zd	�Zd
�Zd�Zd�Zd
�Zed�Zd�Zd e	ed�Zd d�Zd�Zdefd��YZd�Zdd�Zd d�Zd e	d�Zd�Zd d�Z ed ed�Z!d e	d�Z"dd�Z#RS(!s�Handles jail actions.

	This class handles the actions of the jail. Creation, deletion or to
	actions must be done through this class. This class is based on the
	Mapping type, and the `add` method must be used to add new actions.
	This class also starts and stops the actions, and fetches bans from
	the jail executing these bans via the actions.

	Parameters
	----------
	jail: Jail
		The jail of which the actions belongs to.

	Attributes
	----------
	daemon
	ident
	name
	status
	active : bool
		Control the state of the thread.
	idle : bool
		Control the idle state of the thread.
	sleeptime : int
		The time the thread sleeps for in the loop.
	cCsjtj|dd|j�||_t�|_t�|_d|_d|_	d|_
|j
d|_dS(Ntnamesf2b/a.ii
i(Rt__init__Rt_jailRt_actionsRt_Actions__banManagertbanEpocht _Actions__lastConsistencyCheckTMt
banPrecedencet
unbanMaxCount(tselftjail((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRNs				cCsftj|�}t|d�s1td|��n1t|jt�sbtd||jjf��n|S(NtActions&%s module does not have 'Action' classs0%s module %s does not implement required methods(Rtload_python_modulethasattrtRuntimeErrort
issubclassRRt__name__(tpythonModuletmod((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt_load_python_module\scCs�||jkrt|s(td|��n|j|}t|d�rtt|d�rm|j�||j|<ndSn|dkr�t|j|�}n'|j|�}|j	|j||�}||j|<dS(s�Adds a new action.

		Add a new action if not already present, defaulting to standard
		`CommandAction`, or specified Python module.

		Parameters
		----------
		name : str
			The name of the action.
		pythonModule : str, optional
			Path to Python file which must contain `Action` class.
			Default None, which means `CommandAction` is used.
		initOpts : dict, optional
			Options for Python Action, used as keyword arguments for
			initialisation. Default None.

		Raises
		------
		ValueError
			If action name already exists.
		RuntimeError
			If external Python module does not have `Action` class
			or does not implement necessary methods as per `ActionBase`
			abstract class.
		sAction %s already existstreloadtclearAllParamsN(
Rt
ValueErrorRR$t_reload_actionstNoneRRR"R(RRR tinitOptsR#tactiontcustomActionModule((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pytaddis

cs�|rt��_n�t�d�r�xO�jj�D]>\}}|�jkr4�j|j|rh|ni�q4q4Wt�fd��jj�D��}t|�r��jdt	d|dt
��jd|�nt�d�ndS(s@ Begin or end of reloading resp. refreshing of all parameters
		R&c3s0|]&\}}|�jkr||fVqdS(N(R&(t.0RR)(R(s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pys	<genexpr>�s	tdbtactionststopN(
tdictR&Rt	iteritemsRR#Rtlent_Actions__flushBantFalsetTruetstopActionstdelattr(RtbeginRR(tdelacts((Rs;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR#�s'%cCs7y|j|SWn!tk
r2td|��nXdS(NsInvalid Action name: %s(RtKeyError(RR((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__getitem__�s
cCs6y|j|=Wn!tk
r1td|��nXdS(NsInvalid Action name: %s(RR:(RR((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__delitem__�s
cCs
t|j�S(N(titerR(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__iter__�scCs
t|j�S(N(R2R(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__len__�scCstS(N(R4(Rtother((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__eq__�scCs
t|�S(N(tid(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__hash__�scCs4tj|�}|jj|�tjd|�dS(Ns
  banTime: %s(R
tstr2secondsRt
setBanTimetlogSystinfo(Rtvalue((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRE�scCs
|jj�S(N(Rt
getBanTime(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRI�scsY|jj��|s�St|�dkrC|d�kr?dSdSt�fd�|�S(Niics|�krdSdS(Nii((tip(tlst(s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt<lambda>�s(Rt
getBanListR2tmap(Rtids((RKs;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt	getBanned�scCs|jjdtd|�S(skReturns the list of banned IP addresses.

		Returns
		-------
		list
			The list of banned IP addresses.
		torderedtwithTime(RRMR5(RRR((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRM�scsStj��t|t�r4�fd�|D�}nt|��f}|j|�S(sBan an IP or list of IPs.c3s|]}t|��VqdS(N(R(R,RJ(tunixTime(s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pys	<genexpr>�s(R
ttimet
isinstancetlistRt_Actions__checkBan(RRJttickets((RSs;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pytaddBannedIP�s
cCs�|dkr|j|�St|ttf�r�g}d}xU|D]M}y||j|||�7}WqAtk
r�|s�|j|�q�qAXqAW|r�td|��n|S|r�|jj	dk	r�|jj	j
|j|�n|jj|�}|dk	r|j
|�n�t|t�sot|�}|jsot|j|jj��}	|	rl|j|	||�Sqond|}
tjtj|
�|r�dSt|
��dS(sORemoves banned IP calling actions' unban method

		Remove a banned IP now, rather than waiting for it to expire,
		even if set to never expire.

		Parameters
		----------
		ip : list, str, IPAddr or None
			The IP address (or multiple IPs as list) to unban or all IPs if None

		Raises
		------
		ValueError
			If `ip` is not banned
		isnot banned: %rs%s is not bannediN(R'R3RURVttupletremoveBannedIPR%tappendRtdatabasetdelBanRt
getTicketByIDt_Actions__unBanRtisSingletfiltertcontainsRMRFtlogtloggingtMSG(RRJR-tifexiststmissedtcnttittickettipatipstmsg((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR[�s>


	
c	Cs�|dkr|j}n|j�}|j�x�|D]�\}}y|j�WnDtk
r�}tjd|jj	||dtj
�tjk�nX|j|=tj
d|jj	|�q5WdS(s>Stops the actions in reverse sequence (optionally filtered)
		s(Failed to stop jail '%s' action '%s': %stexc_infos%s: action %s terminatedN(R'RtitemstreverseR/t	ExceptionRFterrorRRtgetEffectiveLevelRetDEBUGtdebug(RR.t
revactionsRR)te((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR6/s
	
c	sKd}xr�jj�D]a\}}y|j�Wqtk
rv}tjd�jj||dtj�t	j
k�qXqWx��jr,y^�jr�tj
d�tj�fd�d��j�tj
d�w~nd}t�j�jjtj��}tjdd	|�j�tj�fd
�|�rJ�j�}||7}n|s`|�jkr��jr�|d9}tjdd|r�|�jkr�|n�j|�j��j|r�|�jkr�|n�j�nd}nWq~tk
r(}tjd
�jj|dtj�t	j
k�q~Xq~W�jdt��j�tS(s�Main loop for Threading.

		This function is the main loop of the thread. It checks the jail
		queue and executes commands when an IP address is banned.

		Returns
		-------
		bool
			True when the thread exits nicely.
		is)Failed to start jail '%s' action '%s': %sRosActions: enter idle modecs�jp�jS(N(tactivetidle((R(s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRLXscSstS(N(R4(((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRLYssActions: leave idle modeis1Actions: wait for pending tickets %s (default %s)cs�jp�jjS(N(RyRthasFailTickets((R(s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL`sis+Actions: check-unban %s, bancnt %s, max: %ss*[%s] unhandled error in actions thread: %sR/(RR1tstartRrRFRsRRRtReRuRyRzRvRtwait_fort	sleeptimetminRt_nextUnbanTimeR
RTRdRWRRt_Actions__checkUnBanR3R5R6(RRiRR)Rxtbancnttwt((Rs;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pytrunAsF		

"
	
:.
	
t
ActionInfocBs�eZd)Zid�d6d�d6d�d6d�d	6d
�d6d�d6d
�d6d�d6d�d6d�d6d�d6d*d�d6d�d6d�d6d�d6d�d 6d!�d6Zejd+Zd*eed%�Zd&�Z	d'�Z
ed(�ZRS(,tfids
raw-ticketcCs
|jj�S(N(t_ActionInfo__tickettgetIP(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRLysRJcCs|djS(NRJ(t	familyStr(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRLzstfamilycCs|djd�S(NRJt(tgetPTR(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL{ssip-revcCs|dj�S(NRJ(tgetHost(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL|ssip-hostcCs
|jj�S(N(R�tgetID(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL}scCs
|jj�S(N(R�t
getAttempt(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL~stfailurescCs
|jj�S(N(R�tgetTime(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRLsRTcCs
|j�S(N(t_getBanTime(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL�stbantimecCs
|jj�S(N(R�tgetBanCount(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL�stbancountcCsdj|jj��S(Ns
(tjoinR�t
getMatches(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL�stmatchescCs|jjrdSdS(Nii(R�trestored(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL�sR�cCs|jj|�S(N(R�tgetData(Rttag((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL�ssF-*cCsdj|jt�j��S(Ns
(R�t_mi4ipR5R�(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL�st	ipmatchescCsdj|j�j��S(Ns
(R�R�R�(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL�st
ipjailmatchescCs|jt�j�S(N(R�R5R�(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL�st
ipfailurescCs|j�j�S(N(R�R�(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL�stipjailfailurescCs
t|j�S(N(treprR�(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyRL�st__tickett__jailt__mi4ipcCs4||_||_t�|_||_||_dS(N(R�t_ActionInfo__jailR0tstoraget	immutabletdata(RRkRR�R�((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR�s
			cCs(|j|j|j|j|jj��S(N(t	__class__R�R�R�R�tcopy(R((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR��scCs:|jj�}|dkr0|jjj�}nt|�S(N(R�RIR'R�R.tint(Rtbtime((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR��scCs6t|d�si|_n|j}|r0dnd}||kra||dk	rZ||S|jSyr|j}|d}d||<|js�|jS|r�|jjd|�||<n|jjd|d|�||<WnAtk
r}tj	d||j
|dtj�tj
k�nX||dk	r/||S|jS(s�Gets bans merged once, a helper for lambda(s), prevents stop of executing action by any exception inside.

			This function never returns None for ainfo lambdas - always a ticket (merged or single one)
			and prevents any errors through merging (to guarantee ban actions will be executed).
			[TODO] move merging to observer - here we could wait for merge and read already merged info from a database

			Parameters
			----------
			overalljails : bool
				switch to get a merged bans :
				False - (default) bans merged for current jail only
				True - bans merged for all jails of current ip address

			Returns
			-------
			BanTicket 
				merged or self ticket only
			R�tallRRJs+Failed to get %s bans merged, jail '%s': %sRoN(Rt_ActionInfo__mi4ipR'R�R�R]t
getBansMergedRrRFRsRRtReRu(RtoveralljailstmitidxRRJRx((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR��s*		

	#(R�s
raw-ticketN(s__tickets__jails__mi4ip(
Rt
__module__t
CM_REPR_ITEMSR'tAI_DICTR	t	__slots__R5RR�R�R4R�(((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR�ts0

















		cCs7|stdtj��}ntj||j�}|S(NR�(RR
RTRR�R(RRktaInfo((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt_getActionInfo�sidccsEd}x8||kr@|jj�}|s.Pn|V|d7}q	WdS(sAGenerator to get maximal count failure tickets from fail-manager.iiN(Rt
getFailTicket(RtcountRiRk((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__getFailTickets�scs�d}|s!|j|j�}nd}xK|D]C}tj|��|j|jj��}�j�}|j��}i}|jj	�d|�r�|d7}t
jdk	r��jr�t
jj
d�|j|�ntjd|jj�js�dnd|�x�|jj�D]�\}	}
yH�jrAt|
dt�rAwn|jsW|j�n|
j|�Wqtk
r�}tjd	|jj|	||d
tj�tjk�qXqWt�_|j rq|j �_ qqq.|j!dd�rtj"d|jj|�q.n|j!d
����jr^|j#��j#�}|dkrNtjn|dkrctj$ntj%}
tj&|
d|jj|��j |j kr�|dkr�|r�t'j(�|j)dkr�x!|jj*�D]}
|
j+�q�Wt'j(�|_)q�n�j |j krq|s?t,�fd�|jj�D��}n||j-�d|�7}qqq.||j-��7}q.W|r�tj.d||jj/�|jj0�|jj�n|S(sCheck for IP address to ban.

		If tickets are not specified look in the jail queue for FailTicket. If a ticket is available,
		it executes the "ban" command and adds a ticket to the BanManager.

		Returns
		-------
		bool
			True if an IP address get banned.
		itreasonitbanFounds
[%s] %sBan %sR�sRestore t
norestoreds9Failed to execute ban jail '%s' action '%s' info '%r': %sRotexpireds[%s] Ignore %s, expired bantimeRkii<s[%s] %s already bannedc3s3|])\}}|j�jkr||fVqdS(N(R(R,RR)(tbTicket(s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pys	<genexpr>$s	R.s"Banned %s / %s, %s ticket(s) in %rN(1t_Actions__getFailTicketsRR'RtwrapRIRR�R�taddBanTicketRtMainR�R+RRFtnoticeRRR1tgetattrR4R�tresettbanRrRsRtReRuR5tbannedRtgetRGR�tNOTICEtWARNINGRdR
RTRt
itervaluestconsistencyCheckR0t_Actions__reBanRvtgetBanTotaltsize(RRXRit	rebanactsRkR�RJR�R�RR)Rxtdiftmtll((R�s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt
__checkBan�sn

+	
				 %(c	CsI|p|j}|j�}|j|�}|rytjd|jj|dt|�dkrod|j�dnd�nx�|j	�D]�\}}yCtj
d|jj||�|js�|j�n|j
|�Wq�tk
r}tjd|jj|||d	tj�tjk�dSXq�Wt|_|jrE|j|_ndS(
s�Repeat bans for the ticket.

		Executes the actions in order to reban the host given in the
		ticket.

		Parameters
		----------
		ticket : Ticket
			Ticket to reban
		s[%s] Reban %s%sRJis, action %riR�s[%s] action %r: reban %ss;Failed to execute reban jail '%s' action '%s' info '%r': %sRo(RR�R�RFR�RRR2tkeysR1RvR�R�trebanRrRsRtReRuR5R�R(	RRkR.RdRJR�RR)Rx((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__reBan0s*I	
			c
Cs�|jj|�sdSd}x�|jj�D]�\}}yu|jr\t|dt�r\w,n|jskw,n|dkr�|j	|�}n|j
s�|j�n|j|�Wq,t
k
r�}tjd|jj|||dtj�tjk�q,Xq,WdS(NR�s9Failed to execute ban jail '%s' action '%s' info '%r': %sRo(Rt
_inBanListR'RR1R�R�R4t_prolongableR�R�R�tprolongRrRFRsRRRtReRu(RRkR�RR)Rx((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt_prolongBanRs&		
cCsw|jjtj�|�}x|D]}|j|�q"Wt|�}|rstjd||jj�|j	j
�n|S(sKCheck for IP address to unban.

		Unban IP addresses which are outdated.
		sUnbanned %s, %s ticket(s) in %r(Rt	unBanListR
RTR`R2RFRvR�RR(RtmaxCountRKRkRi((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__checkUnBanis
	c	s!t}|dkr1tjd��jj�}nt}t�j�}d}i}x+|dk	rg|n�jj	�D]\}�yZt
�d�r�t�t�s��j
r�tjd�jj|��j�r�wtq�nWn�tk
rd}	tjd�jj||	dtj�tjk�tjd�t
�d�re���fd	�}
�j|
�qtqenXtjd
��||<qtW|}|r��jjdk	r�tjd��jjj�j�nx1|D])}�j|d|d
|�|d7}q�Wtjd|�jj��jj�|S(s�Flush the ban list.

		Unban all IP address which are still in the banning list.

		If actions specified, don't flush list - just execute unban for 
		given actions (reload, obsolete resp. removed actions).
		s  Flush ban listitflushs[%s] Flush ticket(s) with %ss1Failed to flush bans in jail '%s' action '%s': %sRos'No flush occurred, do consistency checkR�cs1�r-t�dd�r-�jjd�tStS(Ntactionrepair_on_unbans,Invariant check failed. Flush is impossible.(R�R't_logSysRsR4R5((R)RR/(s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt
_beforeRepair�ss   Unban tickets each individualys  Flush jail in databaseR.Rdis!  Unbanned %s, %s ticket(s) in %rN(R5R'RFRvRtflushBanListR4R=RR1RRURtactionflushR�RRR�RrRsRtReRuRGR�R]R^R`R�(RR-R.R/RdRKRit
unbactionsRRxR�Rk((R)RR/s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt
__flushBanwsF
.(
	





	c

Cs
|dkr|j}n|}|j�}|j|�}|r_tjd|jj|d�nx�|j�D]�\}}yCtj	d|jj||�|j
s�|j�n|j|�Wqlt
k
r}	tjd|jj|||	dtj�tjk�qlXqlWdS(s�Unbans host corresponding to the ticket.

		Executes the actions in order to unban the host given in the
		ticket.

		Parameters
		----------
		ticket : FailTicket
			Ticket of failures of which to unban
		s
[%s] Unban %sRJs[%s] action %r: unban %ss;Failed to execute unban jail '%s' action '%s' info '%r': %sRoN(R'RR�R�RFR�RRR1RvR�R�tunbanRrRsRtReRu(
RRkR.RdR�RJR�RR)Rx((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt__unBan�s$ 	
tbasiccCs(dddg}|dks'||krAtjd||f�n|dkrk|jj�}t|�}n|jj�}d|fd|jj�fg}|dkr�|d|fg7}n|dkr$|jj�}|d|jj	|�fd	|jj
|�fd
|jj|�fg7}n|S(sEStatus of current and total ban counts and current banned IP list.
		tshortR�tcymrus9Unsupported extended jail status flavor %r. Supported: %ssCurrently bannedsTotal bannedsBanned IP listsBanned ASN listsBanned Country listsBanned RIR listN(R'RFtwarningRRMR2R�R�tgetBanListExtendedCymruInfotgeBanListExtendedASNtgeBanListExtendedCountrytgeBanListExtendedRIR(Rtflavortsupported_flavorsR�Ritrett
cymru_info((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pytstatus�s$	N($RR�t__doc__RtstaticmethodR"R'R4R+R5R#R;R<R>R?RARCRERIRPRMRYR[R6R�R	R�R�R�RWR�R�R�R3R`R�(((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyR2s:	
.							
		
	
:	3X	
T"	6("t
__author__t
__copyright__t__license__RetostsysRTtcollectionsRRtImportErrorR0t
banmanagerRRtipdnsRt
jailthreadRR)RRR	tmytimeR
tobserverRtutilsRthelpersR
RRFR(((s;/usr/lib/python2.7/site-packages/fail2ban/server/actions.pyt<module>s*



Zerion Mini Shell 1.0