"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "fail2ban/server/filtersystemd.py" between
fail2ban-1.0.1.tar.gz and fail2ban-1.0.2.tar.gz

About: fail2ban scans log files and bans (via firewall rules) IP-addresses that makes too many access failures. It updates firewall rules to reject the IP address.

filtersystemd.py  (fail2ban-1.0.1):filtersystemd.py  (fail2ban-1.0.2)
skipping to change at line 313 skipping to change at line 313
# for possible future switches of in-operation mode: # for possible future switches of in-operation mode:
startTime = (0, startTime) startTime = (0, startTime)
# Move back one entry to ensure do not end up in dead space # Move back one entry to ensure do not end up in dead space
# if start time beyond end of journal # if start time beyond end of journal
try: try:
self.__journal.get_previous() self.__journal.get_previous()
except OSError: except OSError:
pass # Reading failure, so safe to ignore pass # Reading failure, so safe to ignore
wcode = journal.NOP
line = None line = None
while self.active: while self.active:
# wait for records (or for timeout in sleeptime seconds): # wait for records (or for timeout in sleeptime seconds):
try: try:
## todo: find better method as wait_for to break ## wait for entries using journal.wait:
(e.g. notify) journal.wait(self.sleeptime), if wcode == journal.NOP and self.inOperation:
## don't use `journal.close()` for it, because in ## todo: find better method as wait_for t
some python/systemd implementation it may o break (e.g. notify) journal.wait(self.sleeptime),
## cause abnormal program termination ## don't use `journal.close()` for it, be
#self.__journal.wait(self.sleeptime) != journal.N cause in some python/systemd implementation it may
OP ## cause abnormal program termination (e.
## g. segfault)
## wait for entries without sleep in intervals, b ##
ecause "sleeping" in journal.wait: ## wait for entries without sleep in inte
if not logentry: rvals, because "sleeping" in journal.wait,
Utils.wait_for(lambda: not self.active or ## journal.NOP is 0, so we can wait for n
\ on zero (APPEND or INVALIDATE):
self.__journal.wait(Utils.DEFAULT wcode = Utils.wait_for(lambda: not self.a
_SLEEP_INTERVAL) != journal.NOP, ctive and journal.APPEND or \
self.__journal.wait(Utils.DEFAULT
_SLEEP_INTERVAL),
self.sleeptime, 0.00001) self.sleeptime, 0.00001)
## if invalidate (due to rotation, vacuum
ing or journal files added/removed etc):
if self.active and wcode == journal.INVAL
IDATE:
if self.ticks:
logSys.log(logging.DEBUG,
"[%s] Invalidate signaled, take a little break (rotation ends)", self.jailName)
time.sleep(self.sleeptime
* 0.25)
Utils.wait_for(lambda: not self.a
ctive or \
self.__journal.wait(Utils
.DEFAULT_SLEEP_INTERVAL) != journal.INVALIDATE,
self.sleeptime * 3, 0.000
01)
if self.ticks:
# move back and forth to
ensure do not end up in dead space by rotation or vacuuming,
# if position beyond end
of journal (gh-3396)
try:
if self.__journal
.get_previous(): self.__journal.get_next()
except OSError:
pass
if self.idle: if self.idle:
# because journal.wait will returns immed iatelly if we have records in journal, # because journal.wait will returns immed iatelly if we have records in journal,
# just wait a little bit here for not idl e, to prevent hi-load: # just wait a little bit here for not idl e, to prevent hi-load:
if not Utils.wait_for(lambda: not self.ac tive or not self.idle, if not Utils.wait_for(lambda: not self.ac tive or not self.idle,
self.sleeptime * 10, self.sleepti me self.sleeptime * 10, self.sleepti me
): ):
self.ticks += 1 self.ticks += 1
continue continue
self.__modified = 0 self.__modified = 0
while self.active: while self.active:
skipping to change at line 361 skipping to change at line 378
# if it reached s tart entry (or get read time larger than start time) # if it reached s tart entry (or get read time larger than start time)
if logentry.get(' __CURSOR') == startTime[2] or tm > startTime[1]: if logentry.get(' __CURSOR') == startTime[2] or tm > startTime[1]:
# give th e filter same time it needed to reach the start entry: # give th e filter same time it needed to reach the start entry:
startTime = (0, MyTime.time()*2 - startTime[1]) startTime = (0, MyTime.time()*2 - startTime[1])
elif tm > startTime[1]: # reached start time (approximated): elif tm > startTime[1]: # reached start time (approximated):
self.inOperationM ode() self.inOperationM ode()
# process line # process line
self.processLineAndAdd(line, tm) self.processLineAndAdd(line, tm)
self.__modified += 1 self.__modified += 1
if self.__modified >= 100: # todo : should be configurable if self.__modified >= 100: # todo : should be configurable
wcode = journal.APPEND; # don't need wait - there are still unprocessed entries
break break
else: else:
# "in operation" mode since we do n't have messages anymore (reached end of journal): # "in operation" mode since we do n't have messages anymore (reached end of journal):
if not self.inOperation: if not self.inOperation:
self.inOperationMode() self.inOperationMode()
wcode = journal.NOP; # enter wait - no more entries to process
break break
self.__modified = 0 self.__modified = 0
if self.ticks % 10 == 0: if self.ticks % 10 == 0:
self.performSvc() self.performSvc()
# update position in log (time and iso string): # update position in log (time and iso string):
if self.jail.database: if self.jail.database:
if line: if line:
self._pendDBUpdates['systemd-jour nal'] = (tm, line[1]) self._pendDBUpdates['systemd-jour nal'] = (tm, line[1])
line = None line = None
if self._pendDBUpdates and ( if self._pendDBUpdates and (
self.ticks % 100 == 0 self.ticks % 100 == 0
or MyTime.time() >= self._nextUpdateTM or MyTime.time() >= self._nextUpdateTM
or not self.active or not self.active
): ):
self._updateDBPending() self._updateDBPending()
self._nextUpdateTM = MyTime.time( ) + Utils.DEFAULT_SLEEP_TIME * 5 self._nextUpdateTM = MyTime.time( ) + Utils.DEFAULT_SLEEP_TIME * 5
except Exception as e: # pragma: no cover except Exception as e: # pragma: no cover
if not self.active: # if not active - error by st op... if not self.active: # if not active - error by st op...
break break
wcode = journal.NOP
logSys.error("Caught unhandled exception in main cycle: %r", e, logSys.error("Caught unhandled exception in main cycle: %r", e,
exc_info=logSys.getEffectiveLevel()<=logg ing.DEBUG) exc_info=logSys.getEffectiveLevel()<=logg ing.DEBUG)
# incr common error counter: # incr common error counter:
self.commonError("unhandled", e) self.commonError("unhandled", e)
logSys.debug("[%s] filter terminated", self.jailName) logSys.debug("[%s] filter terminated", self.jailName)
# close journal: # close journal:
self.closeJournal()
logSys.debug("[%s] filter exited (systemd)", self.jailName)
return True
def closeJournal(self):
try: try:
if self.__journal: jnl, self.__journal = self.__journal, None
self.__journal.close() if jnl:
jnl.close()
except Exception as e: # pragma: no cover except Exception as e: # pragma: no cover
logSys.error("Close journal failed: %r", e, logSys.error("Close journal failed: %r", e,
exc_info=logSys.getEffectiveLevel()<=logging.DEBU G) exc_info=logSys.getEffectiveLevel()<=logging.DEBU G)
logSys.debug("[%s] filter exited (systemd)", self.jailName)
return True
def status(self, flavor="basic"): def status(self, flavor="basic"):
ret = super(FilterSystemd, self).status(flavor=flavor) ret = super(FilterSystemd, self).status(flavor=flavor)
ret.append(("Journal matches", ret.append(("Journal matches",
[" + ".join(" ".join(match) for match in self.__matches)] )) [" + ".join(" ".join(match) for match in self.__matches)] ))
return ret return ret
def _updateDBPending(self): def _updateDBPending(self):
"""Apply pending updates (jornal position) to database. """Apply pending updates (jornal position) to database.
""" """
db = self.jail.database db = self.jail.database
while True: while True:
try: try:
log, args = self._pendDBUpdates.popitem() log, args = self._pendDBUpdates.popitem()
except KeyError: except KeyError:
break break
db.updateJournal(self.jail, log, *args) db.updateJournal(self.jail, log, *args)
def onStop(self): def onStop(self):
"""Stop monitoring of journal. Invoked after run method. """Stop monitoring of journal. Invoked after run method.
""" """
# close journal:
self.closeJournal()
# ensure positions of pending logs are up-to-date: # ensure positions of pending logs are up-to-date:
if self._pendDBUpdates and self.jail.database: if self._pendDBUpdates and self.jail.database:
self._updateDBPending() self._updateDBPending()
 End of changes. 10 change blocks. 
20 lines changed or deleted 57 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)