fws
/
smeserver-fail2ban
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add the timestamp for unban action in the database

Browse Source
tags/0.0.1
Daniel Berteaud 12 years ago
parent 613b3220ef
commit daa6416b13
2 changed files with 16 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      root/etc/cron.daily/cleanup_fail2ban
  2. 19
      root/sbin/e-smith/smeserver-fail2ban

4
root/etc/cron.daily/cleanup_fail2ban
Unescape View File

@ -14,8 +14,8 @@ my $bantime = $f2b->prop('BanTime') || '1800';
my $mod = 0; my $mod = 0;
foreach my $ban ($f->get_all_by_prop( type => 'ban')){ foreach my $ban ($f->get_all_by_prop( type => 'ban')){
my $ts = $ban->prop('Timestamp') || time; my $ts = $ban->prop('UnbanTimestamp') || time+$bantime;
if ( ($ts + $bantime) < time ){ if ( $ts < time ){
$ban->delete; $ban->delete;
$mod = 1; $mod = 1;
} }

19
root/sbin/e-smith/smeserver-fail2ban
Unescape View File

@ -6,20 +6,22 @@ use esmith::ConfigDB;
use Getopt::Long; use Getopt::Long;
our $f2bdb = esmith::ConfigDB->open('fail2ban'); our $f2bdb = esmith::ConfigDB->open('fail2ban');
our $c = esmith::ConfigDB->open_ro;
our %opts; our %opts;
sub usage(){ sub usage(){
print<<"EOF"; print<<"EOF";
Usage: $0 --host=<ip> [--unban] [--protocol=tcp|udp|icmp|all] [--port=<port number>] Usage: $0 --host=<ip> [--unban] [--protocol=tcp|udp|icmp|all] [--port=<port number>] [--bantime]
* --host must specify a valid IPv4 adress in the form 10.11.12.13 * --host must specify a valid IPv4 adress in the form 10.11.12.13
* --protocol can be used to specify the protocol to block. Only tcp, udp, icmp and all are valid (default is all) * --protocol can be used to specify the protocol to block. Only tcp, udp, icmp and all are valid (default is all)
* --port can be used to specify the port to block. Only valid for tcp and udp. You can also specify a range * --port can be used to specify the port(s) to block. Only valid for tcp and udp. You can also specify a range
of port like 10000:20000 of port like 10000:20000. You can also specify several ports or range of port separated by a comma
* if --unban is specified, the given host will be removed from the blacklist * if --unban is specified, the given host will be removed from the blacklist
default is to add to the blacklist instead default is to add to the blacklist instead
* --bantime can be used to specify how long the ban should be (in seconds)
EOF EOF
} }
@ -60,14 +62,19 @@ sub generate_uniq_id(){
return $id; return $id;
} }
my $f2b = $c->get('fail2ban') ||
die "fail2ban service not found in the configuration database\n"
# default is to ban a host # default is to ban a host
$opts{unban} = '0'; $opts{unban} = '0';
$opts{bantime} = $f2b->prop('BanTime') || '1800';
GetOptions( GetOptions(
"host=s" => \$opts{host}, "host=s" => \$opts{host},
"unban" => \$opts{unban}, "unban" => \$opts{unban},
"protocol=s" => \$opts{proto}, "protocol=s" => \$opts{proto},
"port=s" => \$opts{port} "port=s" => \$opts{port},
"bantime=i" => \$opts{bantime}
); );
# special "undef" value for port and proto # special "undef" value for port and proto
@ -112,7 +119,9 @@ else{
$f2bdb->set_prop($id, 'Port', $opts{port}) $f2bdb->set_prop($id, 'Port', $opts{port})
if ($opts{port}); if ($opts{port});
# Set the current timestamp # Set the current timestamp
$f2bdb->set_prop($id, 'Timestamp', time()); $f2bdb->set_prop($id, 'BanTimestamp', time());
# Set the timestamp of the unban
$f2bdb->set_prop($id, 'UnbanTimestamp', time()+$opts{bantime});
} }
die "An error occured while updating the firewall rules" die "An error occured while updating the firewall rules"

Write Preview
Loading…
Cancel
Save