From 10195c05b943b963573569b94a1e13c5a295b255 Mon Sep 17 00:00:00 2001
From: Thuban <thuban@yeuxdelibad.net>
Date: Sat, 01 Dec 2018 09:21:47 +0000
Subject: [PATCH] exemples
---
vilain.py | 98 +++++++++++++++++++++++++++---------------------
1 files changed, 55 insertions(+), 43 deletions(-)
diff --git a/vilain.py b/vilain.py
old mode 100755
new mode 100644
index 27e1313..44f8fdb
--- a/vilain.py
+++ b/vilain.py
@@ -1,21 +1,22 @@
#!/usr/bin/env python3
-# -*- coding:Utf-8 -*-
+# -*- coding:Utf-8 -*-
"""
-Author : thuban <thuban@yeuxdelibad.net>
+Author : thuban <thuban@yeuxdelibad.net>
Vincent <vincent.delft@gmail.com>
+ Yax https://blogduyax.madyanne.fr/
Licence : MIT
Require : python >= 3.5
Description : Mimic fail2ban with pf for OpenBSD.
Inspired from http://www.vincentdelft.be/post/post_20161106
- In pf.conf, add :
+ In pf.conf, add :
table <vilain_bruteforce> persist
- block quick from <vilain_bruteforce>
+ block quick from <vilain_bruteforce>
- To see banned IP :
+ To see banned IP :
pfctl -t vilain_bruteforce -T show
"""
@@ -24,25 +25,33 @@
import configparser
import re
import logging
+import logging.handlers
import subprocess
import asyncio
import time
CONFIGFILE = "/etc/vilain.conf"
-VERSION = "0.5"
+VERSION = "0.7"
vilain_table = "vilain_bruteforce"
-logfile = "/var/log/daemon"
+LOGFILE = "/var/log/daemon"
if os.geteuid() != 0:
print("Only root can use this tool")
- sys.exit()
+ sys.exit(1)
-# Configure logging
+# declare logger
logger = logging.getLogger(__name__)
-logging.basicConfig(filename=logfile,
- format='%(asctime)s %(module)s:%(funcName)s:%(message)s',
- datefmt='%H:%M:%S')
-logger.setLevel(logging.INFO)
+
+def configure_logging():
+ print('Log file : {}'.format(LOGFILE))
+ log_handler = logging.handlers.WatchedFileHandler(LOGFILE)
+ formatter = logging.Formatter(
+ '%(asctime)s %(module)s:%(funcName)s:%(message)s',
+ '%Y-%m-%d %H:%M:%S')
+ log_handler.setFormatter(formatter)
+ logger.addHandler(log_handler)
+ logger.setLevel(logging.INFO)
+
# functions
def readconfig():
@@ -53,13 +62,11 @@
config = configparser.ConfigParser()
config.read(CONFIGFILE)
- return(config)
+ return (config, config.defaults())
-def load_config():
- c = readconfig()
- d = c.defaults()
+def load_config(c, d):
watch_while = int(d['watch_while'])
- vilain_table = d['vilain_table']
+ VILAIN_TABLE = d['vilain_table']
default_maxtries = int(d['maxtries'])
sleeptime = float(d['sleeptime'])
ignore_ips = []
@@ -68,32 +75,30 @@
ignoreips = [ i[1] for i in c.items('ignoreip') if i[0] not in c.defaults()]
return(watch_while, default_maxtries, vilain_table, ignoreips, sleeptime)
-def load_sections():
- c = readconfig()
+def load_sections(c):
for s in c.sections():
if c.has_option(s,'logfile'):
- logfile = c.get(s,'logfile')
+ LOGFILE = c.get(s,'logfile')
regex = c.get(s,'regex')
#we take the default value of maxtries
maxtries = c.defaults()['maxtries']
if c.has_option(s,'maxtries'):
#if we have a maxtries defined in the section, we overwrite the default
maxtries = int(c.get(s,'maxtries'))
- d = {'name' : s, 'logfile':logfile, 'regex':regex, 'maxtries': maxtries}
+ d = {'name' : s, 'logfile':LOGFILE, 'regex':regex, 'maxtries': maxtries}
yield d
-
class Vilain():
- def __init__(self):
+ def __init__(self, config, config_dict):
logger.info('Start vilain version {}'.format(VERSION))
self.loop = asyncio.get_event_loop()
- self.watch_while, self.default_maxtries, self.vilain_table, self.ignore_ips, self.sleeptime = load_config()
+ self.watch_while, self.default_maxtries, self.vilain_table, self.ignore_ips, self.sleeptime = load_config(config, config_dict)
self.ip_seen_at = {}
self.load_bad_ips()
self.bad_ip_queue = asyncio.Queue(loop=self.loop)
- for entry in load_sections():
- logger.info("Start vilain for {}".format(entry['name']))
+ for entry in load_sections(config):
+ logger.info("Start vilain for {}".format(entry))
asyncio.ensure_future(self.check_logs(entry['logfile'], entry['maxtries'], entry['regex'], entry['name']))
asyncio.ensure_future(self.ban_ips())
@@ -108,18 +113,18 @@
for res in ret.split():
ip = res.strip().decode('utf-8')
logger.info('Add existing banned IPs in your pf table: {}'.format(ip))
- #we assign the counter to 1, but for sure we don't know the real value
+ #we assign the counter to 1, but for sure we don't know the real value
self.ip_seen_at[ip]={'time':time.time(),'count':1}
def start(self):
try:
+ logger.info('Run forever loop')
self.loop.run_forever()
except KeyboardInterrupt:
self.loop.close()
finally:
self.loop.close()
-
async def check_logs(self, logfile, maxtries, regex, reason):
"""
@@ -131,16 +136,21 @@
# Watch the file for changes
stat = os.stat(logfile)
size = stat.st_size
+ inode = stat.st_ino
mtime = stat.st_mtime
RE = re.compile(regex)
while True:
await asyncio.sleep(self.sleeptime)
stat = os.stat(logfile)
- if mtime < stat.st_mtime:
+ if size > stat.st_size and inode != stat.st_ino:
+ logger.info("The file {} has rotated. We start from position 0".format(logfile))
+ size = 0
+ inode = stat.st_ino
+ if mtime < stat.st_mtime and inode == stat.st_ino:
logger.debug("{} has been modified".format(logfile))
mtime = stat.st_mtime
with open(logfile, "rb") as f:
- f.seek(size)
+ f.seek(size,0)
for bline in f.readlines():
line = bline.decode().strip()
ret = RE.match(line)
@@ -152,8 +162,7 @@
await self.bad_ip_queue.put({'ip' : bad_ip, 'maxtries': maxtries, 'reason' : reason})
logger.debug('queue size: {}'.format(self.bad_ip_queue.qsize()))
else:
- logger.info('line match {}. But IP in ingore list'.format(bad_ip))
-
+ logger.info('line match {}. But IP in ignore list'.format(bad_ip))
size = stat.st_size
async def ban_ips(self):
@@ -161,9 +170,8 @@
record time when this IP has been seen in ip_seen_at = { ip:{'time':<time>,'count':<counter} }
and ban with pf
"""
- logger.info('ban_ips sarted with sleeptime={}'.format(self.sleeptime))
+ logger.info('ban_ips started')
while True:
- # await asyncio.sleep(self.sleeptime)
ip_item = await self.bad_ip_queue.get()
logger.debug('ban_ips awake')
ip = ip_item['ip']
@@ -175,8 +183,7 @@
logger.info("{} detected, reason {}, count: {}, maxtries: {}".format(ip, reason, n_ip, maxtries))
if n_ip >= maxtries:
ret = subprocess.call(["pfctl", "-t", self.vilain_table, "-T", "add", ip])
- logger.info("Blacklisting {}, return code:{}".format(ip, ret))
- self.ip_seen_at.pop(ip)
+ logger.info("Blacklisting {}, reason {}, return code:{}".format(ip, reason, ret))
#for debugging, this line allow us to see if the script run until here
logger.debug('ban_ips end:{}'.format(self.ip_seen_at))
@@ -184,9 +191,9 @@
"""
check old ip in ip_seen_at : remove older than watch_while
"""
- logger.info('clean_ips sarted with sleeptime={}'.format(self.sleeptime))
+ logger.info('clean_ips started with sleeptime={}'.format(self.sleeptime))
while True:
- await asyncio.sleep(self.sleeptime)
+ await asyncio.sleep(self.watch_while)
to_remove = []
for recorded_ip, data in self.ip_seen_at.items():
if time.time() - data['time'] >= self.watch_while:
@@ -201,9 +208,9 @@
-def main():
+def main(config, config_dict):
os.chdir(os.path.dirname(os.path.abspath(__file__)))
- v = Vilain()
+ v = Vilain(config, config_dict)
v.start()
return 0
@@ -224,11 +231,16 @@
if args.version:
print("Version: ", VERSION)
sys.exit(0)
- main()
+ # read config
+ config, config_dict = readconfig()
+ logfile = config_dict.get('vilain_log', None)
+ if logfile:
+ LOGFILE = logfile
+ configure_logging()
+ main(config, config_dict)
# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4
# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4
-
--
Gitblit v1.9.3