a =*fv@sdZdZdZdZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddlZ ddlmZmZddlmZmZmZzdd lmZWneydZYn0dd lmZmZd d lmZmZmZdd lm Z m!Z!m"Z"ddl#m$Z$m%Z%ddl&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,e*dZ-d0ddZ.ddZ/d1ddZ0d2ddZ1ddZ2ddZ3d d!Z4Gd"d#d#eZ5d$d%Z6Gd&d'd'e7Z8Gd(d)d)e7Z9Gd*d+d+e7Z:d,d-Z;d.d/Z. Many contributions by Yaroslav O. Halchenko, Steven Hiscocks, Sergey G. Brester (sebres).ZGPLN) OptionParserOption) NoOptionErrorNoSectionErrorMissingSectionHeaderError) FilterSystemd)version normVersion) FilterReader JailReader NoJailError)Filter FileContainerMyTime)RegexRegexException) str2LogLevelgetVerbosityFormatFormatterWithTraceBack getLoggerextractOptions PREFER_ENCZfail2banFyescCs2tj||d|dd}|r"d|d<dtj|S)N)useDnsZpython)restrZflavormflagszhttps://www.debuggex.com/?)rZ_resolveHostTagurllibparse urlencode)Zsampleregex multilinerargsr&A/usr/lib/python3.9/site-packages/fail2ban/client/fail2banregex.py debuggexURL?s   r(cCs t|dSN)printr%r&r&r'outputHsr,5cCs$t||kr |d|ddS|S)zReturn shortened string N...)len)slr&r&r'shortstrKs r3cCs<t|s dS|rd|}nd}t|dd|ddS)Nz|- %s z| z | z `-)r0r,join)r2headerr1r&r&r' pprint_listRs  r7ccs<z |}Wnty"YqYn0|s*q8||VqdSr))Zget_nextOSErrorZformatJournalEntry)flt myjournalentryr&r&r'journal_lines_gen[s   r<cGstttddSNr)r,r sysexitr+r&r&r'dumpNormVersiones r@cCsdtjdS)Nz(%s [OPTIONS] [IGNOREREGEX]r)r>argvr&r&r&r'irBc@seZdZddZdS) _f2bOptParsercOs@d|_dtdtdtj|g|Ri|dtdS)z, Overwritten format helper with full ussage.r4zUsage:  a LOG: string a string representing a log line filename path to a log file (/var/log/auth.log) systemd-journal search systemd journal (systemd-python required), optionally with backend parameters, see `man jail.conf` for usage and examples (systemd-journal[journalflags=1]). REGEX: string a string representing a 'failregex' filter name of filter, optionally with options (sshd[mode=aggressive]) filename path to a filter file (filter.d/sshd.conf) IGNOREREGEX: string a string representing an 'ignoreregex' filename path to a filter file (filter.d/sshd.conf) z> Report bugs to https://github.com/fail2ban/fail2ban/issues )usage__doc__r format_help __copyright__)selfr%kwargsr&r&r'rHlsz_f2bOptParser.format_helpN)__name__ __module__ __qualname__rHr&r&r&r'rDksrDcCsfttdtd}|tdddddtdd d d td d ddddtddtddtddddddtdddddtddtdddtd d!d"d td#d$d%d&d'd(td)d*td+d,td-d.d/d0dd1d2td3dd0td4d5td6d7dd8d9td:d;ddd?d@dAd2tdBdCddDddEd2tdFddGd9tdHddId9tdJddKd9tdLddMd9tdNddOd9tdPdQddRd9tdSddTd9g|S)UNz%prog )rFr z-cz--configz /etc/fail2banzset alternate config directory)defaulthelpz-dz --datepatternz+set custom pattern used to match date/times)rPz --timezonez--TZstorez)set time-zone used by convert time format)actionrOrPz-ez --encodingz%File encoding. Default: system localez-rz--raw store_trueFzRaw hosts, don't resolve dnsz--usednszpDNS specified replacement of tags in regexp ('yes' - matches all form of hosts, 'no' - IP addresses only)z-Lz --maxlinesrzmaxlines for multi-line regex.)typerOrPz-mz--journalmatchzGjournalctl style matches overriding filter file. "systemd-journal" onlyz-lz --log-level log_levelcriticalz(Log level for the Fail2Ban logger to use)destrOrPz-Vcallbackz,get version in machine-readable short format)rRrXrPz-vz --verbosecountverbosezIncrease verbosity)rRrWrOrPz --verbosityz'Set numerical level of verbosity (0..4))rRrWrTrPz--verbose-datez--VDz%Verbose date patterns/regex in output)rRrPz-Dz --debuggexz-Produce debuggex.com urls for debugging therez--no-check-all store_false checkAllRegexTzDisable check for all regex'sz-oz--outoutzaSet token to print failure information only (row, id, ip, msg, host, ip4, ip6, dns, matches, ...)z--print-no-missedzDo not print any missed linesz--print-no-ignoredzDo not print any ignored linesz--print-all-matchedzPrint all matched linesz--print-all-missedz*Print all missed lines, no matter how manyz--print-all-ignoredz+Print all ignored lines, no matter how manyz-tz--log-tracebackz.Enrich log-messages with compressed tracebacksz--full-tracebackzBEither to make the tracebacks full, not compressed (as by default))rDrFr Z add_optionsrrintr@)pr&r&r'get_opt_parsers       6r`c@sDeZdZddZddZddZddZd d Zd d Zd dZ dS) RegexStatcCsd|_||_t|_dSr=)_stats _failregexlist_ipList)rJ failregexr&r&r'__init__szRegexStat.__init__cCsd|j|j|j|jfS)Nz%s(%r) %d failed: %s) __class__rcrbrerJr&r&r'__str__szRegexStat.__str__cCs|jd7_dSNr rbrir&r&r'incsz RegexStat.inccCs|jSr)rlrir&r&r'getStatsszRegexStat.getStatscCs|jSr))rcrir&r&r' getFailRegexszRegexStat.getFailRegexcCs|j|dSr))reappend)rJvaluer&r&r'appendIPszRegexStat.appendIPcCs|jSr))rerir&r&r' getIPListszRegexStat.getIPListN) rLrMrNrgrjrmrnrorrrsr&r&r&r'rasrac@s(eZdZdZddZddZddZdS) LineStatsz(Just a convenience container for stats cCsFd|_|_g|_d|_g|_d|_g|_|jrBg|_g|_ g|_ dSr=) testedmatched matched_linesmissed missed_linesignored ignored_linesZdebuggexmatched_lines_timeextractedmissed_lines_timeextractedignored_lines_timeextracted)rJoptsr&r&r'rgs zLineStats.__init__cCsd|S)NzM%(tested)d lines, %(ignored)d ignored, %(matched)d matched, %(missed)d missedr&rir&r&r'rjszLineStats.__str__cCst||rt||SdS)Nr4)hasattrgetattr)rJkeyr&r&r' __getitem__szLineStats.__getitem__N)rLrMrNrGrgrjrr&r&r&r'rts rtc@seZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ d ddZ ddZ ddZddZddZddZdS)! Fail2banRegexcCsN|jtdd|jD||_d|_d|_d|_t|_t d|_ d|_ t |_ t |_t |_d|_t||_|jr||jnd|_|jdur|t|j|jr|j |jd|j _tdddlm }||j!r|"|j!|j#r|j $|j#|j%|j _&|j'o&|j( |j _'t)|j(|j _*|j+|j _,d|_-dS) Ncss|]\}}d||fVqdS)_Nr&).0ovr&r&r' rCz)Fail2banRegex.__init__..Frr) _updateTimeREauto).__dict__updatedictitems_opts _maxlines_set_datepattern_set _journalmatch share_configr_filter_prefREMatchedrd _prefREGroups _ignoreregexrc _time_elapsedrt _line_statsmaxlines setMaxLines _maxlines journalmatchsetJournalMatchshlexsplittimezoneZsetLogTimeZoneZ checkFindTimerZsetAlternateNowZserver.strptimer datepatternsetDatePatternusednsZ setUseDnsrawZ returnRawHostr\r]boolZ ignorePending_onIgnoreRegexZ onIgnoreRegex_backend)rJrrr&r&r'rgsB         zFail2banRegex.__init__cCs|jjst|dSr))rr]r,rJliner&r&r'r,!szFail2banRegex.outputcCs||jdS)Nignore)encode _encodingrr&r&r' encode_line$szFail2banRegex.encode_linecCs@|js<|j|d|_|dur<|d||jdfdS)NTzUse datepattern : %s : %sr )rrrr,ZgetDatePattern)rJpatternr&r&r'r's zFail2banRegex.setDatePatterncCs4|js0|jt|d|_|d|jdS)NTzUse maxlines : %d)rrrr^r, getMaxLinesrJrr&r&r'r/szFail2banRegex.setMaxLinescCs ||_dSr))rrr&r&r'r5szFail2banRegex.setJournalMatchc si}}ttr$fdd}njr8fdd}ndd}ddgt|D]8}z ||vrj||n||||<WqTtyYqT0qT|d|dS)Ncs d|SNZ Definition)getkreaderr&r'rB<rCz0Fail2banRegex._dumpRealOptions..csjd|Sr)filterrrrr&r'rB>rCcSsdSr)r&rr&r&r'rB@rCZlogtyperzReal filter options : %r)Z getCombined isinstancer rrdkeysrr,)rJrfltOptZrealoptsZcomboptsZ_get_optrr&rr'_dumpRealOptions8s   zFail2banRegex._dumpRealOptionsc Cs>|dvs J|d}|jj}|}d}i}d}|dkrtd|rzt|\}}td|szt|d|j|d}|Wntyd}Yn0d|d dvr|f} n||d |d f} | D]}t j |d krt j ||}nJd |vr&t j |d krt j ||}nt j |d |}n t j |}t j |rFqLd}qWnTty} z:tdt| ftd|f|jr| WYd} ~ dSd} ~ 00d} |rD|dd|f|r|d||si}|j|d<|j|d} | s td|fdS|jdks(ttjkr4||||jdd} n|dur||jjkst j |d ksd|d dvrd |vrt j |d krt j |}t j t j |d}|dd||fn0|dd|fd}t j |st j |}|r|d|t|d||j|d} d} z*|durH| } n| d| } WnDty} z*td t| f|jr| WYd} ~ n d} ~ 00| std!|dS| !|j| d|jdksttjkr|| || } | ri}| D]}|dd"kr*|d#}n |dd$kr |d#d}nq z,|d%d&krt|D]}||j"_#q`n|d%d'kr|$d}|st%}|d<|D]}|&t'|qn|d%d(kr|$d)}|st%}|d)<|D]}|&t'|qnr|d%d*kr*|D]}|(|qnL|d%d+krP|D]}|)|qdd}nXdkrPd d}nFd vrffd d}n0d d lmmmddfdd}|S)zOPrepares output- and fetch-function corresponding given '--out' option (format))idZfidcSs|D]}t|dqdSrk)r,rrr&r&r'_out/sz+Fail2banRegex._prepaireOutput.._outipcSs&|D]}t|dd|dqdS)Nr.rr r,rrr&r&r'r3smsgcSsH|D]>}|ddD]*}t|ts8ddd|D}t|qqdS)Nr.matchesr4css|] }|VqdSr)r&rrr&r&r'r;rC>Fail2banRegex._prepaireOutput.._out..)rrrr5r,rr&r&r'r7s  rowc Ss>|D]4}td|d|dtdd|dDfqdS)Nz [%r, %r, %r],r rcss"|]\}}|dkr||fVqdS)rNr&)rrrr&r&r'r@rCrr.)r,rrrr&r&r'r>s._escOutcsg}ddi|D]ndddd}|}fdd}||d <j|d }drv||fqt|q|D]N\}dd D]6ttsd d dD|dtqqdS)NNLrr rr.)timedatacs8ds(tddgdkr(|dSdd<dSdS)Nrr.rr msg)r0rrirwrapr&r'_get_msgSs z=Fail2banRegex._prepaireOutput.._out.._get_msgr)Z escapeValrr4css|] }|VqdSr)r&rr&r&r'rdrCrr) Z ActionInfoZreplaceDynamicTagsrpr,rrrr5r)rZrowsZticketZaInforrrrrrrrr'rLs$     )rr]Zserver.actionsrrr)rJrr&rr'_prepaireOutput+s    zFail2banRegex._prepaireOutputcCst}|jjr|}|D]}t|trV||d|d\}}}d|d}n*|d}| ds|spq||\}}}|jjrt |dkr|s||q|r|j j d7_ |j s|js|j j |jdkr|j j||jr|j j|nt |dkrD|j jd7_|jr|j j||jr|j j|nX|j jd7_|js|jsx|j j|jdkr|j j||jr|j j||j jd7_qt||_dS)Nrr r4z #)rrr]rrtuplerr5rstrip startswithr0rrz_print_no_ignoredZ_print_all_ignoredrr{rprr~rvrrwr|rx_print_no_missedZ_print_all_missedryr}rur)rJ test_linesZt0r]rZline_datetimestrippedrrr&r&r'processjsB   $zFail2banRegex.processc sNj}|j|j|j|jks"J||}||d}jdk|rJd|f}jr|dksp|dkrxj }nj }||d}|j kst d|rgg}||fD]fdd |D}qfd d |D}t d d |D|ntd |||fnD|j ks"t d|r8t d d |D|ntd |||fdS)NZ_linesr z %s line(s):rxrvZ_lines_timeextractedZ _print_all_cs g|]}D]}||gq qSr&r&)rxy)argr&r' rCz,Fail2banRegex.printLines..csLg|]D}|dd|ddt|d|djjqS)rz | r z | )ror(rrr)ra)r$rJr&r'rs cSsg|] }|qSr&r rrr&r&r'rrCz?%s too many to print. Use --print-all-%s to print all %d linescSsg|] }|qSr&rrr&r&r'rrC)rrxrurvrzrr capitalizerrcrrrr7r,) rJZltypeZlstatsrr2r6Z regexlistZansbr&)rr$rJr' printLiness8    zFail2banRegex.printLinesc sjjr dStdtdtdfdd}jjrjj}|g}jrljD]}|d|fqVtdd j ft ||d j }|d j }jj dur4td g}jj jD]f}js|jr|d |j|jfjr|d|j|jjt|ddf|dt|ddfqt |dtdjjdur\tdjtdjrvdjsdjsddS)NTr4ZResultsz=======c sdg}}t|D]\}}|}||7}|s4jrP|d|d||fjrt|r|D]B}t|d}t d|} |d|d| |drdpd fqjqt d ||ft |d |S) Nrz %2d) [%d] %sr rz%a %b %d %H:%M:%S %Yz %s %s%sz (multiple regex matched)r4 %s: %d totalz" #) [# of hits] regular expression) enumeraternrrpror0rsr localtimestrftimer,r7) rZ failregexestotalr]ZcntrfrrZ timeTupleZ timeStringrir&r'print_failregexess(     z3Fail2banRegex.printStats..print_failregexesz %srZ PrefregexZ FailregexZ Ignoreregexz Date template hits:z[%d] %sz& # weight: %.3f (%.3f), pattern: %srz # regex: %sr#z[# of hits] date formatz Lines: %sz[processed in %.2f sec]rvrzrx)rr]r,rrZgetRegexrrrprr7rcrZ dateDetectorZ templateshitsnameZ _verbose_dateZweighttemplaterrrrrr r )rJr rr]grprrr#r&rir' printStatssN              zFail2banRegex.printStatsc Csx|dd\}}|dr d|_z8||ds4WdSt|dkrV||ddsVWdSWn2ty}ztd|WYd}~dSd}~00tj|rz2t ||j d d }|d ||d |j Wn0t y}zt|WYd}~dSd}~00nP|drt s td dS|d|d |j t |\}}t di|}||j |} |j} |d| r|| |dd| t|| }n|jdkrd|vr|dt|dd|g}nn|d}|dt|t|D]>\} } | dkr*|dqH|d| dt| fq|d|d|||stdSd S)Nrzsystemd-journalZsystemdrFr.rrT)ZdoOpenzUse log file : %szUse encoding : %sz,Error: systemd library not found. Exiting...zUse systemd journalzUse journal match : %s r rEzUse single line : %sz\nz Use multi line : %s line(s)z| ...z | %2.2s: %sz`-r4)N)r rrr0rr,rrrrrIOErrorrrZsetLogEncodingZgetJournalReaderrrZaddJournalMatchr5r<rrr3rrrrr%) rJr%Zcmd_logZ cmd_regexrrrZbeArgsr9r:rir2r&r&r'startsd                 zFail2banRegex.start)N)rLrMrNrgr,rrrrrrrrrrrr%r*r&r&r&r'rs * @?)HrcCs6|tkr|tks|jdkr(t|||StddS)N r)BrokenPipeErrorr(errnor>__excepthook__r?)exctyperq tracebackr&r&r'_loc_except_hook;sr1c Gstt_dt_t}|j|\}}g}|jr:|jr:| d|j rP|j rP| dt |dvrf| d|r| tjdd|dtd|jstdtd td tdt|j|_t|jttj}|jd krd nd }|jrt}|jr dpd|}ntj}||t |j|t!|z t"|}Wndt#y}zJ|jsrt$tj%krtj&|ddn td|tdWYd}~n d}~00|'|stddS)NTzGERROR: --print-no-missed and --print-all-missed are mutually exclusive.zIERROR: --print-no-ignored and --print-all-ignored are mutually exclusive.)rr.z&ERROR: provide both and .rEr4z Running testsz =============r z%(levelname)-1.1s: %(message)sz %(message)sz %(tb)sz %(tbc)s)exc_infor)(r1r> excepthookrZ exitOnIOErrorr` parse_argsZprint_no_missedZprint_all_missedrpZprint_no_ignoredZprint_all_ignoredr0 print_helpstderrwriter5r?r]r,rrUrZsetLevelZ StreamHandlerstdoutrZZ log_tracebackrZfull_traceback FormatterZ setFormatterrZ addHandlerrrrrrVr*) r%parserrerrorsr9fmtr:Z fail2banRegexrr&r&r'exec_command_lineAsN               r>)Fr)r-)N)=rG __author__rIZ __license__getoptrrrrr>rZurllib.requestr urllib.parseZ urllib.errorZoptparserrZ configparserrrrZserver.filtersystemdr ImportErrorr r Z jailreaderr r rZ server.filterrrrZserver.failregexrrZhelpersrrrrrrrr(r,r3r7r<r@rFrDr`objectrartrr1r>r&r&r&r'sR       ?J