Prev
Next
@@ -, +, @@
config/jail.conf | 9 ++-
server/filterinotify.py | 157 +++++++++++++++++++++++++++++++++++++++++++++++
server/jail.py | 18 +++++-
3 files changed, 179 insertions(+), 5 deletions(-)
create mode 100644 server/filterinotify.py
--- a/config/jail.conf
+++ a/config/jail.conf
@@ -26,13 +26,16 @@ findtime = 600
maxretry = 3
# "backend" specifies the backend used to get files modification. Available
-# options are "gamin", "polling" and "auto". This option can be overridden in
-# each jail too (use "gamin" for a jail and "polling" for another).
+# options are "inotify", "gamin", "polling" and "auto". This option can be
+# overridden in each jail too (use "gamin" for a jail and "polling" for
+# another).
#
+# inotify: requires pyinotify and the a kernel supporting Inotify
# gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin
# is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
-# auto: will choose Gamin if available and polling otherwise.
+# auto: will choose Inotify if pyinotify is present, if not then it will
+# try Gamin and use that if available, and polling otherwise.
backend = auto
--- a/server/filterinotify.py
+++ a/server/filterinotify.py
@@ -0,0 +1,157 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Jonathan G. Underwood
+#
+# $Revision$
+
+__author__ = "Jonathan G. Underwood"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2010 Jonathan G. Underwood"
+__license__ = "GPL"
+
+from failmanager import FailManagerEmpty
+from filter import FileFilter
+from mytime import MyTime
+
+import time, logging
+
+import pyinotify
+from pyinotify import ProcessEvent, WatchManager, Notifier
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.filter")
+
+##
+# Log reader class.
+#
+# This class reads a log file and detects login failures or anything else
+# that matches a given regular expression. This class is instanciated by
+# a Jail object.
+
+class FilterInotify(ProcessEvent, FileFilter):
+
+ ##
+ # Constructor.
+ #
+ # Initialize the filter object with default values.
+ # @param jail the jail object
+
+ # Note that according to the pyinotify documentation we shouldn't
+ # define an __init__ function, but define a my_init function which is
+ # called by ProcessEvent.__init__. However, that approach appears not
+ # to work here and so we define __init__ and call
+ # ProcessEvent.__init__ from here.
+ def __init__(self, jail):
+ FileFilter.__init__(self, jail)
+ ProcessEvent.__init__(self)
+ self.__monitor = WatchManager()
+ self.__notifier = Notifier(self.__monitor, self)
+ self.__mask = pyinotify.IN_MODIFY | pyinotify.IN_CREATE
+
+ ##
+ # Event handling functions used by pyinotify.ProcessEvent
+ # instance. These simply call the __handleMod method.
+ # @event an event object
+
+ def process_IN_MODIFY(self, event):
+ logSys.debug("process_IN_MODIFY called")
+ self.__handleMod(event)
+
+ def process_IN_CREATE(self, event):
+ logSys.debug("process_IN_CREATE called")
+ self.__handleMod(event)
+
+ ##
+ # This method handles all modified file events
+ # @event an event object
+
+ def __handleMod(self, event):
+ self.getFailures(event.path)
+ try:
+ while True:
+ ticket = self.failManager.toBan()
+ self.jail.putFailTicket(ticket)
+ except FailManagerEmpty:
+ self.failManager.cleanup(MyTime.time())
+ self.dateDetector.sortTemplate()
+
+ ##
+ # Add a log file path
+ #
+ # @param path log file path
+
+ def addLogPath(self, path, tail = False):
+ if self.containsLogPath(path):
+ logSys.error(path + " already exists")
+ else:
+ wd = self.__monitor.add_watch(path, self.__mask)
+ if wd[path] > 0:
+ FileFilter.addLogPath(self, path, tail)
+ logSys.info("Added logfile = %s" % path)
+ else:
+ logSys.error("Failed to add an inotify watch for logfile = %s" % path)
+
+ ##
+ # Delete a log path
+ #
+ # @param path the log file to delete
+
+ def delLogPath(self, path):
+ if not self.containsLogPath(path):
+ logSys.error(path + " is not monitored")
+ else:
+ rd = self.__monitor.rm_watch(self.__monitor.get_wd(path))
+ if rd[path]:
+ FileFilter.delLogPath(self, path)
+ logSys.info("Removed logfile = %s" % path)
+ else:
+ logSys.error("Failed to remove inotify watch for logfile = %s" % path)
+
+ ##
+ # Main loop.
+ #
+ # This function is the main loop of the thread. It checks if the
+ # file has been modified and looks for failures.
+ # @return True when the thread exits nicely
+
+ def run(self):
+ self.setActive(True)
+ while self._isActive():
+ if not self.getIdle():
+ # We cannot block here because we want to be able to
+ # exit. __notifier.check_events will block for
+ # timeout milliseconds.
+ if self.__notifier.check_events(timeout=10):
+ self.__notifier.read_events()
+ self.__notifier.process_events()
+ time.sleep(self.getSleepTime())
+ else:
+ time.sleep(self.getSleepTime())
+
+ # Cleanup when shutting down
+ for wd in self.watchd.keys():
+ self.__monitor.rm_watch(wd)
+ del self.__monitor
+ self.__notifier.stop()
+ del self.__notifier
+
+ logSys.debug(self.jail.getName() + ": filter terminated")
+ return True
+
+
+
--- a/server/jail.py
+++ a/server/jail.py
@@ -40,17 +40,31 @@ class Jail:
logSys.info("Creating new jail '%s'" % self.__name)
if backend == "polling":
self.__initPoller()
+ elif backend == "inotify":
+ self.__initInotify()
+ elif backend == "gamin":
+ self.__initGamin()
else:
try:
- self.__initGamin()
+ self.__initInotify()
except ImportError:
- self.__initPoller()
+ try:
+ self.__initGamin()
+ except ImportError:
+ self.__initPoller()
self.__action = Actions(self)
def __initPoller(self):
logSys.info("Jail '%s' uses poller" % self.__name)
from filterpoll import FilterPoll
self.__filter = FilterPoll(self)
+
+ def __initInotify(self):
+ # Try to import pyinotify
+ import pyinotify
+ logSys.info("Jail '%s' uses Inotify" % self.__name)
+ from filterinotify import FilterInotify
+ self.__filter = FilterInotify(self)
def __initGamin(self):
# Try to import gamin
