Browse Source

filter to match any number of regex + noop action == a reject filter

master
Y 3 years ago
parent
commit
86f27e8aa3
32 changed files with 138 additions and 3 deletions
  1. +0
    -2
      TODO.md
  2. +3
    -0
      pyruse/actions/action_counterRaise.py
  3. +3
    -0
      pyruse/actions/action_counterReset.py
  4. +3
    -0
      pyruse/actions/action_dailyReport.py
  5. +3
    -0
      pyruse/actions/action_email.py
  6. +3
    -0
      pyruse/actions/action_nftBan.py
  7. +11
    -0
      pyruse/actions/action_noop.py
  8. +3
    -0
      pyruse/base.py
  9. +3
    -0
      pyruse/config.py
  10. +3
    -0
      pyruse/counter.py
  11. +3
    -0
      pyruse/email.py
  12. +3
    -0
      pyruse/filters/filter_equals.py
  13. +3
    -0
      pyruse/filters/filter_greaterOrEquals.py
  14. +3
    -0
      pyruse/filters/filter_pcre.py
  15. +23
    -0
      pyruse/filters/filter_pcreAny.py
  16. +3
    -0
      pyruse/filters/filter_userExists.py
  17. +3
    -0
      pyruse/log.py
  18. +3
    -0
      pyruse/main.py
  19. +3
    -0
      pyruse/module.py
  20. +3
    -0
      pyruse/workflow.py
  21. +3
    -0
      tests/action_counterRaise.py
  22. +3
    -0
      tests/action_counterReset.py
  23. +3
    -0
      tests/action_dailyReport.py
  24. +3
    -0
      tests/action_email.py
  25. +3
    -0
      tests/action_nftBan.py
  26. +3
    -0
      tests/filter_equals.py
  27. +3
    -0
      tests/filter_greaterOrEquals.py
  28. +3
    -0
      tests/filter_pcre.py
  29. +15
    -0
      tests/filter_pcreAny.py
  30. +3
    -0
      tests/filter_userExists.py
  31. +8
    -1
      tests/main.py
  32. +3
    -0
      tests/pyruse/actions/action_testLog.py

+ 0
- 2
TODO.md View File

@ -1,7 +1,5 @@
# TODO
* Insert the GPL stuff in the source files.
* Create a filter that rejects all messages that match a series of regular expressions.
* Maybe switch from storing the daily journal in a file, to storing it in a database.
* Write the systemd service that starts pyruse on boot.
* Write the systemd service+timer that restores bans after a reboot.


+ 3
- 0
pyruse/actions/action_counterRaise.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import datetime
from pyruse import base, counter


+ 3
- 0
pyruse/actions/action_counterReset.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import datetime
from pyruse import base, counter


+ 3
- 0
pyruse/actions/action_dailyReport.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import json
import os
import string


+ 3
- 0
pyruse/actions/action_email.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import string
from pyruse import base, email


+ 3
- 0
pyruse/actions/action_nftBan.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import datetime
import json
import os


+ 11
- 0
pyruse/actions/action_noop.py View File

@ -0,0 +1,11 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
from pyruse import base
class Action(base.Action):
def __init__(self, args):
super().__init__()
def act(self, entry):
pass

+ 3
- 0
pyruse/base.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import abc
from pyruse import log


+ 3
- 0
pyruse/config.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import json
import os
from collections import OrderedDict


+ 3
- 0
pyruse/counter.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import datetime
class Counter():


+ 3
- 0
pyruse/email.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import subprocess
from email.headerregistry import Address
from email.message import EmailMessage


+ 3
- 0
pyruse/filters/filter_equals.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
from pyruse import base
class Filter(base.Filter):


+ 3
- 0
pyruse/filters/filter_greaterOrEquals.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
from pyruse import base
class Filter(base.Filter):


+ 3
- 0
pyruse/filters/filter_pcre.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import re
from pyruse import base


+ 23
- 0
pyruse/filters/filter_pcreAny.py View File

@ -0,0 +1,23 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import re
from pyruse import base
class Filter(base.Filter):
def __init__(self, args):
super().__init__()
self.field = args["field"]
reList = []
for item in args["re"]:
reList.append(re.compile(item))
self.reList = reList
def filter(self, entry):
for item in self.reList:
match = item.search(entry.get(self.field, ""))
if match:
for name, value in match.groupdict().items():
entry[name] = value
return True
return False

+ 3
- 0
pyruse/filters/filter_userExists.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import pwd
from pyruse import base


+ 3
- 0
pyruse/log.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
from systemd import journal
EMERG = 0 # System is unusable.


+ 3
- 0
pyruse/main.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import os
import sys
from systemd import journal


+ 3
- 0
pyruse/module.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import importlib
from pyruse import log


+ 3
- 0
pyruse/workflow.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
from pyruse import log, module
class Workflow:


+ 3
- 0
tests/action_counterRaise.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import time
from pyruse.actions.action_counterRaise import Action
from pyruse.actions import action_counterReset


+ 3
- 0
tests/action_counterReset.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import time
from pyruse.actions.action_counterReset import Action
from pyruse.actions import action_counterRaise


+ 3
- 0
tests/action_dailyReport.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import os
import re
from datetime import datetime


+ 3
- 0
tests/action_email.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import os
import re
from pyruse.actions.action_email import Action


+ 3
- 0
tests/action_nftBan.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import json
import os
import time


+ 3
- 0
tests/filter_equals.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
from pyruse.filters.filter_equals import Filter
def whenGreaterThenFalse():


+ 3
- 0
tests/filter_greaterOrEquals.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
from pyruse.filters.filter_greaterOrEquals import Filter
def whenGreaterPosIntThenTrue():


+ 3
- 0
tests/filter_pcre.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
from pyruse.filters.filter_pcre import Filter
def whenMatchesThenTrue():


+ 15
- 0
tests/filter_pcreAny.py View File

@ -0,0 +1,15 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
from pyruse.filters.filter_pcreAny import Filter
def whenMatchesThenTrue():
assert Filter({"field": "v", "re": ["cool", "ok"]}).filter({"v": "joke"})
def whenNoMatchThenFalse():
assert not Filter({"field": "v", "re": ["bad", "ko"]}).filter({"v": "Koala"})
def whenNamedGroupsThenFoundInEntry():
entry = {"v": "It works or not"}
Filter({"field": "v", "re": ["^(?P<o>It)(?P<k> works)", "(?P<k>or)(?P<o> not)$"]}).filter(entry)
assert entry["o"] + entry["k"] == "It works"

+ 3
- 0
tests/filter_userExists.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
from pyruse.filters.filter_userExists import Filter
def whenUserExistsThenTrue():


+ 8
- 1
tests/main.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import os
import subprocess
import sys
@ -25,7 +28,7 @@ def main():
base.actionFallback = None
# Unit tests
import filter_equals, filter_greaterOrEquals, filter_pcre, filter_userExists
import filter_equals, filter_greaterOrEquals, filter_pcre, filter_pcreAny, filter_userExists
import action_counterRaise, action_counterReset, action_dailyReport, action_email, action_nftBan
filter_equals.whenGreaterThenFalse()
@ -44,6 +47,10 @@ def main():
filter_pcre.whenSaveThenGroupsInEntry()
filter_pcre.whenNamedGroupsThenFoundInEntry()
filter_pcreAny.whenMatchesThenTrue()
filter_pcreAny.whenNoMatchThenFalse()
filter_pcreAny.whenNamedGroupsThenFoundInEntry()
filter_userExists.whenUserExistsThenTrue()
filter_userExists.whenGarbageThenFalse()


+ 3
- 0
tests/pyruse/actions/action_testLog.py View File

@ -1,3 +1,6 @@
# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
from pyruse.actions import action_dailyReport
class Action(action_dailyReport.Action):


Loading…
Cancel
Save