koozali/smeserver-fail2ban
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add the timestamp for unban action in the database

Browse Source
This commit is contained in:
Daniel Berteaud 2013-05-02 13:41:55 +02:00
parent 613b3220ef
commit daa6416b13
2 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
root/etc/cron.daily/cleanup_fail2ban
View File

@ -14,8 +14,8 @@ my $bantime = $f2b->prop('BanTime') || '1800';
my $mod = 0;
foreach my $ban ($f->get_all_by_prop( type => 'ban')){
my $ts = $ban->prop('Timestamp') || time;
if ( ($ts + $bantime) < time ){
my $ts = $ban->prop('UnbanTimestamp') || time+$bantime;
if ( $ts < time ){
$ban->delete;
$mod = 1;
}

19
root/sbin/e-smith/smeserver-fail2ban
View File

@ -6,20 +6,22 @@ use esmith::ConfigDB;
use Getopt::Long;
our $f2bdb = esmith::ConfigDB->open('fail2ban');
our $c = esmith::ConfigDB->open_ro;
our %opts;
sub usage(){
print<<"EOF";
Usage: $0 --host=<ip> [--unban] [--protocol=tcp|udp|icmp|all] [--port=<port number>]
Usage: $0 --host=<ip> [--unban] [--protocol=tcp|udp|icmp|all] [--port=<port number>] [--bantime]
* --host must specify a valid IPv4 adress in the form 10.11.12.13
* --protocol can be used to specify the protocol to block. Only tcp, udp, icmp and all are valid (default is all)
* --port can be used to specify the port to block. Only valid for tcp and udp. You can also specify a range
of port like 10000:20000
* --port can be used to specify the port(s) to block. Only valid for tcp and udp. You can also specify a range
of port like 10000:20000. You can also specify several ports or range of port separated by a comma
* if --unban is specified, the given host will be removed from the blacklist
default is to add to the blacklist instead
* --bantime can be used to specify how long the ban should be (in seconds)
EOF
}
@ -60,14 +62,19 @@ sub generate_uniq_id(){
return $id;
}
my $f2b = $c->get('fail2ban') ||
die "fail2ban service not found in the configuration database\n"
# default is to ban a host
$opts{unban} = '0';
$opts{bantime} = $f2b->prop('BanTime') || '1800';
GetOptions(
"host=s" => \$opts{host},
"unban" => \$opts{unban},
"protocol=s" => \$opts{proto},
"port=s" => \$opts{port}
"port=s" => \$opts{port},
"bantime=i" => \$opts{bantime}
);
# special "undef" value for port and proto
@ -112,7 +119,9 @@ else{
$f2bdb->set_prop($id, 'Port', $opts{port})
if ($opts{port});
# Set the current timestamp
$f2bdb->set_prop($id, 'Timestamp', time());
$f2bdb->set_prop($id, 'BanTimestamp', time());
# Set the timestamp of the unban
$f2bdb->set_prop($id, 'UnbanTimestamp', time()+$opts{bantime});
}
die "An error occured while updating the firewall rules"