# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*- # vi: set ft=python sts=4 ts=4 sw=4 noet : # This file is part of Fail2Ban. # # Fail2Ban is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # Fail2Ban is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # __author__ = "Cyril Jaquier" __copyright__ = "Copyright (c) 2004 Cyril Jaquier" __license__ = "GPL" import textwrap def output(s): """Default output handler for printing protocol. Used to ease mocking in the test cases. """ print(s) ## # Describes the protocol used to communicate with the server. class dotdict(dict): def __getattr__(self, name): return self[name] CSPROTO = dotdict({ "EMPTY": b"", "END": b"", "CLOSE": b"" }) protocol = [ ['', "BASIC", ""], ["start", "starts the server and the jails"], ["restart", "restarts the server"], ["restart [--unban] [--if-exists] ", "restarts the jail (alias for 'reload --restart ... ')"], ["reload [--restart] [--unban] [--all]", "reloads the configuration without restarting of the server, the option '--restart' activates completely restarting of affected jails, thereby can unban IP addresses (if option '--unban' specified)"], ["reload [--restart] [--unban] [--if-exists] ", "reloads the jail , or restarts it (if option '--restart' specified)"], ["stop", "stops all jails and terminate the server"], ["unban --all", "unbans all IP addresses (in all jails and database)"], ["unban ... ", "unbans (in all jails and database)"], ["banned", "return jails with banned IPs as dictionary"], ["banned ... ]", "return list(s) of jails where given IP(s) are banned"], ["status", "gets the current status of the server"], ["status --all [FLAVOR]", "gets the current status of all jails, with optional flavor or extended info"], ["stat[istic]s", "gets the current statistics of all jails as table"], ["ping", "tests if the server is alive"], ["echo", "for internal usage, returns back and outputs a given string"], ["help", "return this output"], ["version", "return the server version"], ['', "LOGGING", ""], ["set loglevel ", "sets logging level to . Levels: CRITICAL, ERROR, WARNING, NOTICE, INFO, " "DEBUG, TRACEDEBUG, HEAVYDEBUG or corresponding numeric value (50-5)"], ["get loglevel", "gets the logging level"], ["set logtarget ", "sets logging target to . Can be STDOUT, STDERR, SYSLOG, SYSTEMD-JOURNAL or a file"], ["get logtarget", "gets logging target"], ["set syslogsocket auto|", "sets the syslog socket path to auto or . Only used if logtarget is SYSLOG"], ["get syslogsocket", "gets syslog socket path"], ["flushlogs", "flushes the logtarget if a file and reopens it. For log rotation."], ['', "DATABASE", ""], ["set dbfile ", "set the location of fail2ban persistent datastore. Set to \"None\" to disable"], ["get dbfile", "get the location of fail2ban persistent datastore"], ["set dbmaxmatches ", "sets the max number of matches stored in database per ticket"], ["get dbmaxmatches", "gets the max number of matches stored in database per ticket"], ["set dbpurgeage ", "sets the max age in that history of bans will be kept"], ["get dbpurgeage", "gets the max age in seconds that history of bans will be kept"], ['', "JAIL CONTROL", ""], ["add ", "creates using "], ["start ", "starts the jail "], ["stop ", "stops the jail . The jail is removed"], ["status [FLAVOR]", "gets the current status of , with optional flavor or extended info"], ['', "JAIL CONFIGURATION", ""], ["set idle on|off", "sets the idle state of "], ["set ignoreself true|false", "allows the ignoring of own IP addresses"], ["set addignoreip ", "adds to the ignore list of "], ["set delignoreip ", "removes from the ignore list of "], ["set ignorecommand ", "sets ignorecommand of "], ["set ignorecache ", "sets ignorecache of "], ["set addlogpath ['tail']", "adds to the monitoring list of , optionally starting at the 'tail' of the file (default 'head')."], ["set dellogpath ", "removes from the monitoring list of "], ["set logencoding ", "sets the of the log files for "], ["set addjournalmatch ", "adds to the journal filter of "], ["set deljournalmatch ", "removes from the journal filter of "], ["set addfailregex ", "adds the regular expression which must match failures for "], ["set delfailregex ", "removes the regular expression at for failregex"], ["set addignoreregex ", "adds the regular expression which should match pattern to exclude for "], ["set delignoreregex ", "removes the regular expression at for ignoreregex"], ["set findtime ", "sets the number of seconds for which the filter will look back for "], ["set bantime ", "sets the number of seconds a host will be banned for "], ["set datepattern ", "sets the used to match date/times for "], ["set usedns ", "sets the usedns mode for "], ["set attempt [ ... ]", "manually notify about failure"], ["set banip ... ", "manually Ban for "], ["set unbanip [--report-absent] ... ", "manually Unban in "], ["set maxretry ", "sets the number of failures before banning the host for "], ["set maxmatches ", "sets the max number of matches stored in memory per ticket in "], ["set maxlines ", "sets the number of to buffer for regex search for "], ["set addaction [ ]", "adds a new action named for . Optionally for a Python based action, a and can be specified, else will be a Command Action"], ["set delaction ", "removes the action from "], ["", "COMMAND ACTION CONFIGURATION", ""], ["set action actionstart ", "sets the start command of the action for "], ["set action actionstop ", "sets the stop command of the action for "], ["set action actioncheck ", "sets the check command of the action for "], ["set action actionban ", "sets the ban command of the action for "], ["set action actionunban ", "sets the unban command of the action for "], ["set action timeout ", "sets as the command timeout in seconds for the action for "], ["", "GENERAL ACTION CONFIGURATION", ""], ["set action ", "sets the of for the action for "], ["set action [ ]", "calls the with for the action for "], ['', "JAIL INFORMATION", ""], ["get banned", "return banned IPs of "], ["get banned ... ]", "return 1 if IP is banned in otherwise 0, or a list of 1/0 for multiple IPs"], ["get logpath", "gets the list of the monitored files for "], ["get logencoding", "gets the encoding of the log files for "], ["get journalmatch", "gets the journal filter match for "], ["get ignoreself", "gets the current value of the ignoring the own IP addresses"], ["get ignoreip", "gets the list of ignored IP addresses for "], ["get ignorecommand", "gets ignorecommand of "], ["get failregex", "gets the list of regular expressions which matches the failures for "], ["get ignoreregex", "gets the list of regular expressions which matches patterns to ignore for "], ["get findtime", "gets the time for which the filter will look back for failures for "], ["get bantime", "gets the time a host is banned for "], ["get datepattern", "gets the pattern used to match date/times for "], ["get usedns", "gets the usedns setting for "], ["get banip [|--with-time]", "gets the list of of banned IP addresses for . Optionally the separator character ('', default is space) or the option '--with-time' (printing the times of ban) may be specified. The IPs are ordered by end of ban."], ["get maxretry", "gets the number of failures allowed for "], ["get maxmatches", "gets the max number of matches stored in memory per ticket in "], ["get maxlines", "gets the number of lines to buffer for "], ["get actions", "gets a list of actions for "], ["", "COMMAND ACTION INFORMATION",""], ["get action actionstart", "gets the start command for the action for "], ["get action actionstop", "gets the stop command for the action for "], ["get action actioncheck", "gets the check command for the action for "], ["get action actionban", "gets the ban command for the action for "], ["get action actionunban", "gets the unban command for the action for "], ["get action timeout", "gets the command timeout in seconds for the action for "], ["", "GENERAL ACTION INFORMATION", ""], ["get actionproperties ", "gets a list of properties for the action for "], ["get actionmethods ", "gets a list of methods for the action for "], ["get action ", "gets the value of for the action for "], ] ## # Prints the protocol in a "man" format. This is used for the # "-h" output of fail2ban-client. def printFormatted(): INDENT=4 MARGIN=41 WIDTH=34 firstHeading = False for m in protocol: if m[0] == '' and firstHeading: output("") firstHeading = True first = True if len(m[0]) >= MARGIN: m[1] = ' ' * WIDTH + m[1] for n in textwrap.wrap(m[1], WIDTH, drop_whitespace=False): if first: line = ' ' * INDENT + m[0] + ' ' * (MARGIN - len(m[0])) + n.strip() first = False else: line = ' ' * (INDENT + MARGIN) + n.strip() output(line) ## # Prints the protocol in a "mediawiki" format. def printWiki(): firstHeading = False for m in protocol: if m[0] == '': if firstHeading: output("|}") __printWikiHeader(m[1], m[2]) firstHeading = True else: output("|-") output("| " + m[0] + " || || " + m[1]) output("|}") def __printWikiHeader(section, desc): output("") output("=== " + section + " ===") output("") output(desc) output("") output("{|") output("| '''Command''' || || '''Description'''")