GkcDdZdZdZddlZddlmZddlmZddlZddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlZdd lmZdd lmZdd lmZeeZGd d eZGddZeZy)zSerg G. Brester (sebres)z"Copyright (c) 2014 Serg G. BresterGPLN) JailThread)FailManagerEmpty) getLogger)MyTime)UtilscVeZdZdZej dz ZfdZdZdZdZ dZ dZ d Z d Z d Zd Zd ZdZdZdZdZdZd%dZfdZd&dZedZd%dZd%dZedZej<dZedZdZ dZ!dZ"Gdd Z#d!Z$d"Z%d#Z&d$Z'xZ(S)'ObserverThreada8Handles observing a database, managing bad ips and ban increment. Parameters ---------- Attributes ---------- daemon ident name status active : bool Control the state of the thread. idle : bool Control the idle state of the thread. sleeptime : int The time the thread sleeps for in the loop. ctt| dd|_t j |_g|_t j|_ d|_ i|_ d|_ d|_ d|_d|_y)Nz f2b/observer)nameT<Fi)superr __init__idle threadingRLock _queue_lock_queueEvent_notify sleeptime_timers_paused_ObserverThread__db"_ObserverThread__db_purge_intervaldaemonself __class__s :/usr/lib/python3/dist-packages/fail2ban/server/observer.pyrzObserverThread.__init__?sm&N&;$)__&$$+"$,$.$,$,$)"$$+cX |j|S#t$rtd|zwxYw)NzInvalid event index : %srKeyErrorr!is r# __getitem__zObserverThread.__getitem__Ts52 ++a. 2 ,q0 112s)cV |j|=y#t$rtd|zwxYw)NzInvalid event index: %sr&r(s r# __delitem__zObserverThread.__delitem__Zs21 {{1~ 1 +a/ 001s (c,t|jSN)iterrr!s r#__iter__zObserverThread.__iter__`s dkk r$c,t|jSr.)lenrr0s r#__len__zObserverThread.__len__cs T[[ r$cy)NF)r!others r#__eq__zObserverThread.__eq__fs r$ct|Sr.)idr0s r#__hash__zObserverThread.__hash__is D/r$c|jj|d}||jtj||j |}||j|<|j y)zAdd a named timer event to queue will start (and wake) in 'starttime' seconds Previous timer event with same name will be canceled and trigger self into queue after new 'starttime' value N)rgetcancelrTimeraddstart)r!r starttimeeventts r#add_named_timerzObserverThread.add_named_timerlsU  lltT"!]88:ooi51!$,,t'')r$cdtjo|rmtjtj |j tj|ztj|z|f}|jytj||j|}|jy)zJAdd a timer event to queue will start (and wake) in 'starttime' seconds N) r myTimerr?r DEFAULT_SLEEP_INTERVAL _delayedEventtimerAr@)r!rBrCrDs r# add_timerzObserverThread.add_timerys{ ]]9u33T5G5G [[]Y i 7?1779 ooi51!'')r$c tj|k\stj|k\r|jdg|ytjt j |j|||f}|jy)Nr) r rJrKrr?r rHrIrA)r! endMyTimeendTimerCrDs r#rIzObserverThread._delayedEventsf [[]i499;'#94>>!e ooe22D4F4F w!'')r$c\|js |j}|r|jyyy)z1Notify wakeup (sets /and resets/ notify event) N)rrset)r!ns r# pulse_notifyzObserverThread.pulse_notifys*  ||1EEG r$c|j5|jj|ddd|jy#1swYxYw)z5Add a event to queue and notify thread to wake up. N)rrappendrRr!rCs r#r@zObserverThread.adds@ ;;es AA c||j5|jj|dddy#1swYyxYw)z=Add a event to queue withouth notifying thread to wake up. N)rrrTrUs r#add_wnzObserverThread.add_wns4 ;;es2;c||yr.r6)r!largss r# call_lambdazObserverThread.call_lambdas T(r$c Ntjd|jd|jd|j|j |j |j|j|j|jddd } |jd|jr0d|_ |js d }|j5t!|j"r|j"j%d }d d d |nG|d }t'|d s|j)|xs t+||}||d d |js|j0}|r?d |_ |j3|j4|j7|jr1t9j:t<j>|j@sn|jr0tjdt!|j"d |_|j5g|_d d d d |_ y #1swY3xYw#t,$r#}tj/d |d Yd }~ d }~wwxYw#t,$r"}tj/d|d Yd }~d }~wwxYw#1swYd |_ y xYw)zMain loop for Threading. This function is the main loop of the thread. Returns ------- bool True when the thread exits nicely. zObserver start...DB_PURGEdb_purgecyNr6r6r6r$r#z$ObserverThread.run..r$cyr`r6r6r$r#raz$ObserverThread.run..rbr$) calldb_setr^is_alive is_activerAstopnopshutdownrfFNrr%sTexc_infoz&Observer stopped, %s events remaining.z Observer stopped after error: %s)!logSysinforErr[rer^isAliveisActiverArhr@activerrrr3rpopcallabler=getattr ExceptionerrorrwaitrclearrJsleepr rHis_full)r!_ObserverThread__methevmetherQs r#runzObserverThread.runs- ++!"z4#;#;ZH    [[}}  JJ 99  &,F88J DIll+ b    dkk  [[__Q    Ud be_VZZ%5%Lt9Ld BqrFmll$ ATYVVDNNWWY  ZZ556 LL E H ;;7T[[9IJ4<  4;$) O   + ll4Tl**+, F <<2A<EEF$) s1I&:H71H*9 H7I&:H7> I& B I&0I&J*H4/H77 I#II&I##I&& J/J  JJ$cy)NTr6r0s r#rpzObserverThread.isAlives r$c|jSr.)rr)r!fromStrs r#rqzObserverThread.isActives r$c|j5|jstt|dddy#1swYyxYwr.)rrrrr rAr s r#rAzObserverThread.starts5 ( ++ .$%'(((s6?c|jr|jrtjd||j5|j d|j}|jj d|_ddd|j|s|r&jd|_d|_ d|_ n|_|jt|dxr |j Sy#1swYtxYw)Nz-Observer stop ... try to end queue %s secondsrjFTg?)rrrrnrorrWrP wait_emptyryrr wait_idleminr{)r!wtime forceQuitrQs r#rhzObserverThread.stop s [[T\\ ;;>F KK  ALLDL  ooe GGIDKDLDIDL ..UC ) >$,,.>> !s ?C--C6cx|j5t|jrdndcdddS#1swYyxYw)NTF)rr3rr0s r#r{zObserverThread.is_full#s0 .dkk"$...s09ctjtj|t j|z}|j 9|j d|jr|jr|j|jrJ|t jkDrn0tjtj|jrJ|jd|j S)zWWait observer is running and returns if observer has no more events (queue is empty) rigMbP?) rJrzr rHr rrWr{rrRrr!rrs r#rzObserverThread.wait_empty(s**^ 2 23 {{}y 1 \\;;u lltyy   1 ::n334 .. \\ r$cptjtj|jry|t j|z}|jsV|$t jkDr |jStjtj|jsV|jS)zJWait observer is running and returns if observer idle (observer sleeps) T)rJrzr rHrr rs r#rzObserverThread.wait_idle<s**^ 2 23 YY  {{}y 1 II  1 ::n334 II r$c|jSr.)rr0s r#pausedzObserverThread.pausedJs r$cR|j|k(ry||_|jyr.)rrR)r!pauses r#rzObserverThread.pausedNs$ \\U $,r$cy)z/Status of observer to be implemented. [TODO] )rr6r0s r#statuszObserverThread.statusWs r$c||_yr.)r)r!dbs r#rezObserverThread.db_setas $)r$ctjd|j|jj|j d|j dy)NzPurge database event occurredr]r^)rndebugrpurgerErr0s r#r^zObserverThread.db_purgeds?,,./ YY99??z4#;#;ZHr$c |jr|jdsy|j}|j}tj d|j |d}d}d} |jjj}|j} | | j||D]3\}}} t||j}d|dkr|ndzdz dz}nt||}|)||kr$tj d|j |||y|dkrytjd |j |t!j"|||||k\rd nd |jjj%||dz d }|j'|||k\r|jj)|yy#t*$rE} tj-d | tj/t0j2kYd} ~ yd} ~ wwxYw)z} Notify observer a failure for ip was found Observer will check ip was known (bad) and possibly increase an retry count incrementNz[%s] Observer: failure found %srrrz8[%s] Ignore failure %s before last ban %s < %s, restoredz%[%s] Found %s, bad - %s, %s # -> %s%sz, BanrTrkrl)rpgetBanTimeExtragetIDgetTimernrrfilter failManager getMaxRetrydatabasegetBanmax getBanCountrror time2str addFailure setBanCount performBanrvrwgetEffectiveLevelloggingDEBUG) r!jailticketipunixTimebanCount retryCount timeOfBanmaxRetryr lastBanTimers r# failureFoundzObserverThread.failureFoundos t33K@  ||~" ^^ (,,0$))R@ (*) Mkk%%1138 2n,.IIb$,? ()[Hf0023Xhm(4P: hHKK2 M <<a&":":"F>"BF>> H ;HH ceZdZdZy)ObserverThread.BanTimeIncrc ||_||_yr.)TimeCount)r!banTimers r#rz#ObserverThread.BanTimeIncr.__init__s494:r$N__name__ __module__ __qualname__rr6r$r# BanTimeIncrrsr$rcX|j}|d|j||S)N evformula)rr)r!rrrbes r# calcBanTimezObserverThread.calcBanTimes. " K))'8< ==r$c|jr |js|S|j}|j}|} |dkDrA|j ddr.|jj |||j ddD]\}}} ||j k\r|j|dztjd||||dkDr|d|j||}|j||j|kDrktjd |jd |d |d tj |d tj"|dtj"| nd|_|S|S#t&$rF} tj)d| tj+t,j.kYd} ~ |Sd} ~ wwxYw)ztCheck for IP address to increment ban time (if was already banned). Returns ------- float new ban time. rrF overalljails)rrz"IP %s was already banned: %s #, %sr[z] IP z is bad: z # last z - incr z to TrkrlN)rprrrr=rrrrnrr setBanTimerrorr r seconds2strrestoredrvrwrrr) r!rrrrr orgBanTimerrrrs r# incrBanTimezObserverThread.incrBanTimes t}} > " ||~"*M kbff[%0 ]]"d1NO ()[ F&&(( !$ \\6HiP1 ; 0 0( CDg w9$ kktyyRTV^ y! *%v'9'9''BDEfo  .+ * . M <<a&":":"|j .|j |||}|dk(s||kDr|j||dk7rn|j|z}tj|tj|f}|tjkrtjd|dyd}||k7rtjd|j||jg|tjd d |j|||f|j!t#d t%d ||z d z |j&|||j(*|js|j(j+||yyy#t,$rE}tj/d |tj1t2j4kYd}~yd}~wwxYw) Notify observer a ban occured for ip Observer will check ip was known (bad) and possibly increase/prolong a ban time Secondary we will actualize the bans and bips (bad ip) in database Nz[%s] Observer: ban found %s, %szIgnore old bantime %srF) permanentinfinitez$[%s] Increase Ban %s (%d # %s -> %s)z[%s] Observer: prolong %s in %sr rrkrl)rrrnrr getBanTimerrrr rrrJnoticerlogrKrr prolongBanraddBanrvrwrrr) r!rrbtimeoldbtimerbendtimelogtimers r#banFoundzObserverThread.banFounds  __  M8 2 <<1499b%H rkf'')1   T5& 1E {eh& u rk~~%'H!!%(&//(*CDG&++- \\)71:6 'G x MM8$))   ) ') JJq3TYYUHDUVNN3r3q%("2Q"678$//6SWX mmMMv&)8 M <<a&":":"'R(MT Mr$r ceZdZdZy) _Observerscd|_yr.)Mainr0s r#rz_Observers.__init__s $)r$Nrr6r$r#rr sr$r) __author__ __copyright__ __license__r jailthreadr failmanagerrosrrJdatetimemathjsonrandomsyshelpersrmytimer utilsr rrnr r Observersr6r$r#rsg0( 4  ")6666  8 bMZbMJ L r$