a =*fv@sdZdZdZdZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddlZ ddlmZmZddlmZmZmZzdd lmZWneydZYn0dd lmZmZd d lmZmZmZdd lm Z m!Z!m"Z"ddl#m$Z$m%Z%ddl&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,e*dZ-d0ddZ.ddZ/d1ddZ0d2ddZ1ddZ2ddZ3d d!Z4Gd"d#d#eZ5d$d%Z6Gd&d'd'e7Z8Gd(d)d)e7Z9Gd*d+d+e7Z:d,d-Z;d.d/Z. Many contributions by Yaroslav O. Halchenko, Steven Hiscocks, Sergey G. Brester (sebres).ZGPLN) OptionParserOption) NoOptionErrorNoSectionErrorMissingSectionHeaderError) FilterSystemd)version normVersion) FilterReader JailReader NoJailError)Filter FileContainerMyTime)RegexRegexException) str2LogLevelgetVerbosityFormatFormatterWithTraceBack getLoggerextractOptions PREFER_ENCZfail2banFyescCs2tj||d|dd}|r"d|d<dtj|S)N)useDnsZpython)restrZflavormflagszhttps://www.debuggex.com/?)rZ_resolveHostTagurllibparse urlencode)Zsampleregex multilinerargsr&A/usr/lib/python3.9/site-packages/fail2ban/client/fail2banregex.py debuggexURL?s   r(cCs t|dSN)printr%r&r&r'outputHsr,5cCs$t||kr |d|ddS|S)zReturn shortened string N...)len)slr&r&r'shortstrKs r3cCs<t|s dS|rd|}nd}t|dd|ddS)Nz|- %s z| z | z `-)r0r,join)r2headerr1r&r&r' pprint_listRs  r7ccs<z |}Wnty"YqYn0|s*q8||VqdSr))Zget_nextOSErrorZformatJournalEntry)flt myjournalentryr&r&r'journal_lines_gen[s   r<cGstttddSNr)r,r sysexitr+r&r&r'dumpNormVersiones r@cCsdtjdS)Nz(%s [OPTIONS] [IGNOREREGEX]r)r>argvr&r&r&r'irBc@seZdZddZdS) _f2bOptParsercOs@d|_dtdtdtj|g|Ri|dtdS)z, Overwritten format helper with full ussage.r4zUsage:  a LOG: string a string representing a log line filename path to a log file (/var/log/auth.log) systemd-journal search systemd journal (systemd-python required), optionally with backend parameters, see `man jail.conf` for usage and examples (systemd-journal[journalflags=1]). REGEX: string a string representing a 'failregex' filter name of filter, optionally with options (sshd[mode=aggressive]) filename path to a filter file (filter.d/sshd.conf) IGNOREREGEX: string a string representing an 'ignoreregex' filename path to a filter file (filter.d/sshd.conf) z> Report bugs to https://github.com/fail2ban/fail2ban/issues )usage__doc__r format_help __copyright__)selfr%kwargsr&r&r'rHlsz_f2bOptParser.format_helpN)__name__ __module__ __qualname__rHr&r&r&r'rDksrDcCsfttdtd}|tdddddtdd d d td d ddddtddtddtddddddtdddddtddtdddtd d!d"d td#d$d%d&d'd(td)d*td+d,td-d.d/d0dd1d2td3dd0td4d5td6d7dd8d9td:d;ddd?d@dAd2tdBdCddDddEd2tdFddGd9tdHddId9tdJddKd9tdLddMd9tdNddOd9tdPdQddRd9tdSddTd9g|S)UNz%prog )rFr z-cz--configz /etc/fail2banzset alternate config directory)defaulthelpz-dz --datepatternz+set custom pattern used to match date/times)rPz --timezonez--TZstorez)set time-zone used by convert time format)actionrOrPz-ez --encodingz%File encoding. Default: system localez-rz--raw store_trueFzRaw hosts, don't resolve dnsz--usednszpDNS specified replacement of tags in regexp ('yes' - matches all form of hosts, 'no' - IP addresses only)z-Lz --maxlinesrzmaxlines for multi-line regex.)typerOrPz-mz--journalmatchzGjournalctl style matches overriding filter file. "systemd-journal" onlyz-lz --log-level log_levelcriticalz(Log level for the Fail2Ban logger to use)destrOrPz-Vcallbackz,get version in machine-readable short format)rRrXrPz-vz --verbosecountverbosezIncrease verbosity)rRrWrOrPz --verbosityz'Set numerical level of verbosity (0..4))rRrWrTrPz--verbose-datez--VDz%Verbose date patterns/regex in output)rRrPz-Dz --debuggexz-Produce debuggex.com urls for debugging therez--no-check-all store_false checkAllRegexTzDisable check for all regex'sz-oz--outoutzaSet token to print failure information only (row, id, ip, msg, host, ip4, ip6, dns, matches, ...)z--print-no-missedzDo not print any missed linesz--print-no-ignoredzDo not print any ignored linesz--print-all-matchedzPrint all matched linesz--print-all-missedz*Print all missed lines, no matter how manyz--print-all-ignoredz+Print all ignored lines, no matter how manyz-tz--log-tracebackz.Enrich log-messages with compressed tracebacksz--full-tracebackzBEither to make the tracebacks full, not compressed (as by default))rDrFr Z add_optionsrrintr@)pr&r&r'get_opt_parsers       6r`c@sDeZdZddZddZddZddZd d Zd d Zd dZ dS) RegexStatcCsd|_||_t|_dSr=)_stats _failregexlist_ipList)rJ failregexr&r&r'__init__szRegexStat.__init__cCsd|j|j|j|jfS)Nz%s(%r) %d failed: %s) __class__rcrbrerJr&r&r'__str__szRegexStat.__str__cCs|jd7_dSNr rbrir&r&r'incsz RegexStat.inccCs|jSr)rlrir&r&r'getStatsszRegexStat.getStatscCs|jSr))rcrir&r&r' getFailRegexszRegexStat.getFailRegexcCs|j|dSr))reappend)rJvaluer&r&r'appendIPszRegexStat.appendIPcCs|jSr))rerir&r&r' getIPListszRegexStat.getIPListN) rLrMrNrgrjrmrnrorrrsr&r&r&r'rasrac@s(eZdZdZddZddZddZdS) LineStatsz(Just a convenience container for stats cCsFd|_|_g|_d|_g|_d|_g|_|jrBg|_g|_ g|_ dSr=) testedmatched matched_linesmissed missed_linesignored ignored_linesZdebuggexmatched_lines_timeextractedmissed_lines_timeextractedignored_lines_timeextracted)rJoptsr&r&r'rgs zLineStats.__init__cCsd|S)NzM%(tested)d lines, %(ignored)d ignored, %(matched)d matched, %(missed)d missedr&rir&r&r'rjszLineStats.__str__cCst||rt||SdS)Nr4)hasattrgetattr)rJkeyr&r&r' __getitem__szLineStats.__getitem__N)rLrMrNrGrgrjrr&r&r&r'rts rtc@seZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ d ddZ ddZ ddZddZddZddZdS)! Fail2banRegexcCsN|jtdd|jD||_d|_d|_d|_t|_t d|_ d|_ t |_ t |_t |_d|_t||_|jr||jnd|_|jdur|t|j|jr|j |jd|j _tdddlm }||j!r|"|j!|j#r|j $|j#|j%|j _&|j'o&|j( |j _'t)|j(|j _*|j+|j _,d|_-dS) Ncss|]\}}d||fVqdS)_Nr&).0ovr&r&r' rCz)Fail2banRegex.__init__..Frr) _updateTimeREauto).__dict__updatedictitems_opts _maxlines_set_datepattern_set _journalmatch share_configr_filter_prefREMatchedrd _prefREGroups _ignoreregexrc _time_elapsedrt _line_statsmaxlines setMaxLines _maxlines journalmatchsetJournalMatchshlexsplittimezoneZsetLogTimeZoneZ checkFindTimerZsetAlternateNowZserver.strptimer datepatternsetDatePatternusednsZ setUseDnsrawZ returnRawHostr\r]boolZ ignorePending_onIgnoreRegexZ onIgnoreRegex_backend)rJrrr&r&r'rgsB         zFail2banRegex.__init__cCs|jjst|dSr))rr]r,rJliner&r&r'r,!szFail2banRegex.outputcCs||jdS)Nignore)encode _encodingrr&r&r' encode_line$szFail2banRegex.encode_linecCs@|js<|j|d|_|dur<|d||jdfdS)NTzUse datepattern : %s : %sr )rrrr,ZgetDatePattern)rJpatternr&r&r'r's zFail2banRegex.setDatePatterncCs4|js0|jt|d|_|d|jdS)NTzUse maxlines : %d)rrrr^r, getMaxLinesrJrr&r&r'r/szFail2banRegex.setMaxLinescCs ||_dSr))rrr&r&r'r5szFail2banRegex.setJournalMatchc si}}ttr$fdd}njr8fdd}ndd}ddgt|D]8}z ||vrj||n||||<WqTtyYqT0qT|d|dS)Ncs d|SNZ Definition)getkreaderr&r'rB<rCz0Fail2banRegex._dumpRealOptions..csjd|Sr)filterrrrr&r'rB>rCcSsdSr)r&rr&r&r'rB@rCZlogtyperzReal filter options : %r)Z getCombined isinstancer rrdkeysrr,)rJrfltOptZrealoptsZcomboptsZ_get_optrr&rr'_dumpRealOptions8s   zFail2banRegex._dumpRealOptionsc Cs2|d}|jj}|}d}i}d}|dkrtd|rzt|\}}td|szt|d|j|d}|Wntyd}Yn0d|ddvr|f} n||d |d f} | D]}t j |d krt j ||}nJd |vrt j |d krt j ||}nt j |d |}n t j |}t j |r:q@d}qWnTty} z:td t| ftd|f|jr| WYd} ~ dSd} ~ 00d} |r8|dd|f|r|d||si}|j|d<|j|d} | std|fdS|jdksttjkr(||||jdd} n|dur||jjks~t j |d ks~d|ddvrd |vrt j |d krt j |}t j t j |d}|dd||fn0|dd|fd}t j |st j |}|r|d|t|d||j|d} d} z*|dur<| } n| d| } WnDty} z*tdt| f|jr| WYd} ~ n d} ~ 00| std |dS| !|j| d|jdksttjkr|| || } | ri}| D]}|dd!kr|d"}n |dd#kr|d"d}nqz,|d$d%krh|D]}||j"_#qTn|d$d&kr|$d}|st%}|d<|D]}|&t'|qn|d$d'kr|$d(}|st%}|d(<|D]}|&t'|qnr|d$d)kr|D]}|(|q nL|d$d*krD|D]}|)|q0n&|d$d+krj|jj*durj|+|WnBt,y} z(td,|d$||| fWYd} ~ dSd} ~ 00qn$|d-|t-|f|t'|gi}|.D]J\}}|d}t/|d.|||D]"}t0|j"d/|1|2qqdS)0Nr#failz"(?ms)^/{0,3}[\w/_\-.]+(?:\[.*\])?$z(?ms)(?:/|\.(?:conf|local)$)T)Z force_enablerbasedir.iz.confz.localzfilter.d/z'ERROR: Wrong filter name or options: %sz while parsing: %sFzUse %11s jail : %sr4zUse jail/flt options : %rbackend)ZaddOptsz ERROR: Failed to get jail for %rr )Zallow_no_filesrzUse %11s file : %s, basedir: %srzUse %11s file : %szUse filter options : %rzfail2ban-regex-jail)rrzWrong config file: %szERROR: failed to load filter %sz multi-setr.setrZ prefregexZ addfailregexZaddignoreregexrrrZaddjournalmatchz1ERROR: Invalid value for %s (%r) read from %s: %szUse %11s line : %srz add%sRegex)3rZconfigrsearchrr rreadrospathdirnamer5basenameisfile Exceptionr,r_verboserZ getOptionslogSysgetEffectiveLevelloggingDEBUGrZconvertsplitextisabsabspathr Z setBaseDirZ readexplicitZapplyAutoOptionsr prefRegexrrdrprarrrr ValueErrorr3rsetattrrtitlero)rJrqZ regextyper#rZfltNameZfltFilerZjailZtryNameseZreadercommandsretrZ regex_valuesoptZoptvalZstorr&r&r' readRegexKs                     "           zFail2banRegex.readRegexcCsd|_|j|dS)NT) _lineIgnoredrrm)rJidxZ ignoreRegexr&r&r'rszFail2banRegex._onIgnoreRegexNc Cs|jj}|jdkr"|dd}t||jk}d}|_z|j||}g}g}|D]\} |jjs| t|dk|j | d} | | | | d ds|| q\d}q\|jjrd|dfWS|jj rB|jj } | rB|jd7_|jrBt|j|jkr$|j| nt|j|jkrB|jdWn4tyx} ztd| WYd} ~ d Sd} ~ 00|jdkrt|t|dD]} | |jjvrzR|jj|jjd | |jr|jj|jjd | ddd WntyYn0|jrP|js:|jj d | n|| d| d |jj!d7_!|jj"d8_"q|r||j#d |}|||p|jfS) Nr Frr.ZnofailTr/ ERROR: %s)NrNr4rrE)$rZ_Filter__lineBufferrr0rZ processLinerr]rprcrmrrrrZ hasMatchedrrrrZ getGroupsrr,r^rrypopindexr5 _debuggexr}r_print_all_matchedrwrvrxZ processedLine)rJrdateZ orgLineBufferZ fullBuffer is_ignoredfoundlinesrmatchr#prerZbufLiner&r&r' testRegexsr         zFail2banRegex.testRegexcs|jjdvrdd}n|dkr,dd}njdkr>dd}nXdkrPd d}nFd vrffd d}n0d d lmmmddfdd}|S)zOPrepares output- and fetch-function corresponding given '--out' option (format))idZfidcSs|D]}t|dqdSrk)r,rrr&r&r'_out/sz+Fail2banRegex._prepaireOutput.._outipcSs&|D]}t|dd|dqdS)Nr.rr r,rrr&r&r'r3smsgcSsH|D]>}|ddD]*}t|ts8ddd|D}t|qqdS)Nr.matchesr4css|] }|VqdSr)r&rrr&r&r'r;rC>Fail2banRegex._prepaireOutput.._out..)rrrr5r,rr&r&r'r7s  rowc Ss>|D]4}td|d|dtdd|dDfqdS)Nz [%r, %r, %r],r rcss"|]\}}|dkr||fVqdS)rNr&)rrrr&r&r'r@rCrr.)r,rrrr&r&r'r>s._escOutcsg}ddi|D]ndddd}|}fdd}||d <j|d }drv||fqt|q|D]N\}dd D]6ttsd d dD|dtqqdS)NNLrr rr.)timedatacs8ds(tddgdkr(|dSdd<dSdS)Nrr.rr msg)r0rrirwrapr&r'_get_msgSs z=Fail2banRegex._prepaireOutput.._out.._get_msgr)Z escapeValrr4css|] }|VqdSr)r&rr&r&r'rdrCrr) Z ActionInfoZreplaceDynamicTagsrpr,rrrr5r)rZrowsZticketZaInforrrrrrrrr'rLs$     )rr]Zserver.actionsrrr)rJrr&rr'_prepaireOutput+s    zFail2banRegex._prepaireOutputcCst}|jjr|}|D]}t|trV||d|d\}}}d|d}n*|d}| ds|spq||\}}}|jjrt |dkr|s||q|r|j j d7_ |j s|js|j j |jdkr|j j||jr|j j|nt |dkrD|j jd7_|jr|j j||jr|j j|nX|j jd7_|js|jsx|j j|jdkr|j j||jr|j j||j jd7_qt||_dS)Nrr r4z #)rrr]rrtuplerr5rstrip startswithr0rrz_print_no_ignoredZ_print_all_ignoredrr{rprr~rvrrwr|rx_print_no_missedZ_print_all_missedryr}rur)rJ test_linesZt0r]rZline_datetimestrippedrrr&r&r'processjsB   $zFail2banRegex.processc s0j}||}||d}jdk|r,d|f}jr|dksR|dkrZj}nj}||d}|jkstd|rgg}||fD]fdd |D}qfd d |D}t d d |D|nt d |||fnD|jkstd|rt d d |D|nt d |||fdS)NZ_linesr z %s line(s):rxrvZ_lines_timeextractedZ _print_all_cs g|]}D]}||gq qSr&r&)rxy)argr&r' rCz,Fail2banRegex.printLines..csLg|]D}|dd|ddt|d|djjqS)rz | r z | )ror(rrr)ra)r$rJr&r'rs cSsg|] }|qSr&r rrr&r&r'rrCz?%s too many to print. Use --print-all-%s to print all %d linescSsg|] }|qSr&rrr&r&r'rrC) rrr capitalizerrcrrrr7r,) rJZltypeZlstatsrr2r6Z regexlistZansbr&)rr$rJr' printLiness6    zFail2banRegex.printLinesc sjjr dStdtdtdfdd}jjrjj}|g}jrljD]}|d|fqVtdd j ft ||d j }|d j }jj dur4td g}jj jD]f}js|jr|d |j|jfjr|d|j|jjt|ddf|dt|ddfqt |dtdjjdur\tdjtdjrvdjsdjsddS)NTr4ZResultsz=======c sdg}}t|D]\}}|}||7}|s4jrP|d|d||fjrt|r|D]B}t|d}t d|} |d|d| |drdpd fqjqt d ||ft |d |S) Nrz %2d) [%d] %sr rz%a %b %d %H:%M:%S %Yz %s %s%sz (multiple regex matched)r4 %s: %d totalz" #) [# of hits] regular expression) enumeraternrrpror0rsr localtimestrftimer,r7) rZ failregexestotalr]ZcntrfrrZ timeTupleZ timeStringrir&r'print_failregexess(     z3Fail2banRegex.printStats..print_failregexesz %srZ PrefregexZ FailregexZ Ignoreregexz Date template hits:z[%d] %sz& # weight: %.3f (%.3f), pattern: %srz # regex: %sr#z[# of hits] date formatz Lines: %sz[processed in %.2f sec]rvrzrx)rr]r,rrZgetRegexrrrprr7rcrZ dateDetectorZ templateshitsnameZ _verbose_dateZweighttemplaterrrrrr r )rJr rr]grprrr#r&rir' printStatssN              zFail2banRegex.printStatsc Csx|dd\}}|dr d|_z8||ds4WdSt|dkrV||ddsVWdSWn2ty}ztd|WYd}~dSd}~00tj|rz2t ||j d d }|d ||d |j Wn0t y}zt|WYd}~dSd}~00nP|drt s td dS|d|d |j t |\}}t di|}||j |} |j} |d| r|| |dd| t|| }n|jdkrd|vr|dt|dd|g}nn|d}|dt|t|D]>\} } | dkr*|dqH|d| dt| fq|d|d|||stdSd S)Nrzsystemd-journalZsystemdrFr.rrT)ZdoOpenzUse log file : %szUse encoding : %sz,Error: systemd library not found. Exiting...zUse systemd journalzUse journal match : %s r rEzUse single line : %sz\nz Use multi line : %s line(s)z| ...z | %2.2s: %sz`-r4)N)r rrr0rr,rrrrrIOErrorrrZsetLogEncodingZgetJournalReaderrrZaddJournalMatchr5r<rrr3rrrrr%) rJr%Zcmd_logZ cmd_regexrrrZbeArgsr9r:rir2r&r&r'startsd                 zFail2banRegex.start)N)rLrMrNrgr,rrrrrrrrrrrr%r*r&r&r&r'rs * @?)HrcCs6|tkr|tks|jdkr(t|||StddS)N r)BrokenPipeErrorr(errnor>__excepthook__r?)exctyperq tracebackr&r&r'_loc_except_hook;sr1c Gstt_dt_t}|j|\}}g}|jr:|jr:| d|j rP|j rP| dt |dvrf| d|r| tjdd|dtd|jstdtd td tdt|j|_t|jttj}|jd krd nd }|jrt}|jr dpd|}ntj}||t |j|t!|z t"|}Wndt#y}zJ|jsrt$tj%krtj&|ddn td|tdWYd}~n d}~00|'|stddS)NTzGERROR: --print-no-missed and --print-all-missed are mutually exclusive.zIERROR: --print-no-ignored and --print-all-ignored are mutually exclusive.)rr.z&ERROR: provide both and .rEr4z Running testsz =============r z%(levelname)-1.1s: %(message)sz %(message)sz %(tb)sz %(tbc)s)exc_infor)(r1r> excepthookrZ exitOnIOErrorr` parse_argsZprint_no_missedZprint_all_missedrpZprint_no_ignoredZprint_all_ignoredr0 print_helpstderrwriter5r?r]r,rrUrZsetLevelZ StreamHandlerstdoutrZZ log_tracebackrZfull_traceback FormatterZ setFormatterrZ addHandlerrrrrrVr*) r%parserrerrorsr9fmtr:Z fail2banRegexrr&r&r'exec_command_lineAsN               r>)Fr)r-)N)=rG __author__rIZ __license__getoptrrrrr>rZurllib.requestr urllib.parseZ urllib.errorZoptparserrZ configparserrrrZserver.filtersystemdr ImportErrorr r Z jailreaderr r rZ server.filterrrrZserver.failregexrrZhelpersrrrrrrrr(r,r3r7r<r@rFrDr`objectrartrr1r>r&r&r&r'sR       ?J