fail2ban.server.action module¶
- class fail2ban.server.action.ActionBase(jail, name)¶
Bases: object
An abstract base class for actions in Fail2Ban.
Action Base is a base definition of what methods need to be in place to create a Python based action for Fail2Ban. This class can be inherited from to ease implementation. Required methods:
- __init__(jail, name)
- start()
- stop()
- ban(aInfo)
- unban(aInfo)
Called when action is created, but before the jail/actions is started. This should carry out necessary methods to initialise the action but not “start” the action.
Parameters: jail : Jail
The jail in which the action belongs to.
name : str
Name assigned to the action.
Notes
Any additional arguments specified in jail.conf or passed via fail2ban-client will be passed as keyword arguments.
Methods
ban(aInfo) Executed when a ban occurs. start() Executed when the jail/action is started. stop() Executed when the jail/action is stopped. unban(aInfo) Executed when a ban expires. - ban(aInfo)¶
Executed when a ban occurs.
Parameters: aInfo : dict
Dictionary which includes information in relation to the ban.
- start()¶
Executed when the jail/action is started.
- stop()¶
Executed when the jail/action is stopped.
- unban(aInfo)¶
Executed when a ban expires.
Parameters: aInfo : dict
Dictionary which includes information in relation to the ban.
- class fail2ban.server.action.CallingMap(*args, **kwargs)¶
Bases: _abcoll.MutableMapping
A Mapping type which returns the result of callable values.
CallingMap behaves similar to a standard python dictionary, with the exception that any values which are callable, are called and the result is returned as the value. No error handling is in place, such that any errors raised in the callable will raised as usual. Actual dictionary is stored in property data, and can be accessed to obtain original callable values.
Attributes
data (dict) The dictionary data which can be accessed to obtain items uncalled Methods
clear(() -> None. Remove all items from D.) get((k[,d]) -> D[k] if k in D, ...) items(() -> list of D’s (key, value) pairs, ...) iteritems(() -> an iterator over the (key, ...) iterkeys(() -> an iterator over the keys of D) itervalues(...) keys(() -> list of D’s keys) pop((k[,d]) -> v, ...) If key is not found, d is returned if given, otherwise KeyError is raised. popitem(() -> (k, v), ...) as a 2-tuple; but raise KeyError if D is empty. setdefault((k[,d]) -> D.get(k,d), ...) update(([E, ...) If E present and has a .keys() method, does: for k in E: D[k] = E[k] values(() -> list of D’s values) - clear() → None. Remove all items from D.¶
- get(k[, d]) → D[k] if k in D, else d. d defaults to None.¶
- items() → list of D's (key, value) pairs, as 2-tuples¶
- iteritems() → an iterator over the (key, value) items of D¶
- iterkeys() → an iterator over the keys of D¶
- itervalues() → an iterator over the values of D¶
- keys() → list of D's keys¶
- pop(k[, d]) → v, remove specified key and return the corresponding value.¶
If key is not found, d is returned if given, otherwise KeyError is raised.
- popitem() → (k, v), remove and return some (key, value) pair¶
as a 2-tuple; but raise KeyError if D is empty.
- setdefault(k[, d]) → D.get(k,d), also set D[k]=d if k not in D¶
- update([E, ]**F) → None. Update D from mapping/iterable E and F.¶
If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
- values() → list of D's values¶
- class fail2ban.server.action.CommandAction(jail, name)¶
Bases: fail2ban.server.action.ActionBase
A action which executes OS shell commands.
This is the default type of action which Fail2Ban uses.
Default sets all commands for actions as empty string, such no command is executed.
Parameters: jail : Jail
The jail in which the action belongs to.
name : str
Name assigned to the action.
Attributes
actionban The command used when a ban occurs. actionstart The command executed on start of the jail/action. actionstop The command executed when the jail/actions stops. actionunban The command used when an unban occurs. timeout Time out period in seconds for execution of commands. Methods
ban(aInfo) Executes the “actionban” command. escapeTag(value) Escape characters which may be used for command injection. executeCmd(realCmd[, timeout]) Executes a command. replaceTag(query, aInfo) Replaces tags in query with property values. start() Executes the “actionstart” command. stop() Executes the “actionstop” command. substituteRecursiveTags(tags) Sort out tag definitions within other tags. unban(aInfo) Executes the “actionunban” command. - actionban¶
The command used when a ban occurs.
- actioncheck¶
The command used to check the environment.
This is used prior to a ban taking place to ensure the environment is appropriate. If this check fails, stop and start is executed prior to the check being called again.
- actionstart¶
The command executed on start of the jail/action.
- actionstop¶
The command executed when the jail/actions stops.
- actionunban¶
The command used when an unban occurs.
- ban(aInfo)¶
Executes the “actionban” command.
Replaces the tags in the action command with actions properties and ban information, and executes the resulting command.
Parameters: aInfo : dict
Dictionary which includes information in relation to the ban.
- static escapeTag(value)¶
Escape characters which may be used for command injection.
Parameters: value : str
A string of which characters will be escaped.
Returns: str
value with certain characters escaped.
Notes
The following characters are escaped:
\#&;`|*?~<>^()[]{}$'"
- static executeCmd(realCmd, timeout=60)¶
Executes a command.
Parameters: realCmd : str
The command to execute.
timeout : int
The time out in seconds for the command.
Returns: bool
True if the command succeeded.
Raises: OSError
If command fails to be executed.
RuntimeError
If command execution times out.
- classmethod replaceTag(query, aInfo)¶
Replaces tags in query with property values.
Parameters: query : str
String with tags.
aInfo : dict
Tags(keys) and associated values for substitution in query.
Returns: str
query string with tags replaced.
- start()¶
Executes the “actionstart” command.
Replace the tags in the action command with actions properties and executes the resulting command.
- stop()¶
Executes the “actionstop” command.
Replaces the tags in the action command with actions properties and executes the resulting command.
- classmethod substituteRecursiveTags(tags)¶
Sort out tag definitions within other tags.
so: becomes: a = 3 a = 3 b = <a>_3 b = 3_3
Parameters: tags : dict
Dictionary of tags(keys) and their values.
Returns: dict
Dictionary of tags(keys) and their values, with tags within the values recursively replaced.
- timeout¶
Time out period in seconds for execution of commands.
- unban(aInfo)¶
Executes the “actionunban” command.
Replaces the tags in the action command with actions properties and ban information, and executes the resulting command.
Parameters: aInfo : dict
Dictionary which includes information in relation to the ban.