filter to match any number of regex + noop action == a reject filter
parent
03b36437f0
commit
86f27e8aa3
2
TODO.md
2
TODO.md
|
@ -1,7 +1,5 @@
|
|||
# TODO
|
||||
|
||||
* Insert the GPL stuff in the source files.
|
||||
* Create a filter that rejects all messages that match a series of regular expressions.
|
||||
* Maybe switch from storing the daily journal in a file, to storing it in a database.
|
||||
* Write the systemd service that starts pyruse on boot.
|
||||
* Write the systemd service+timer that restores bans after a reboot.
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import datetime
|
||||
from pyruse import base, counter
|
||||
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import datetime
|
||||
from pyruse import base, counter
|
||||
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import json
|
||||
import os
|
||||
import string
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import string
|
||||
from pyruse import base, email
|
||||
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import datetime
|
||||
import json
|
||||
import os
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
from pyruse import base
|
||||
|
||||
class Action(base.Action):
|
||||
def __init__(self, args):
|
||||
super().__init__()
|
||||
|
||||
def act(self, entry):
|
||||
pass
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import abc
|
||||
from pyruse import log
|
||||
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import json
|
||||
import os
|
||||
from collections import OrderedDict
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import datetime
|
||||
|
||||
class Counter():
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import subprocess
|
||||
from email.headerregistry import Address
|
||||
from email.message import EmailMessage
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
from pyruse import base
|
||||
|
||||
class Filter(base.Filter):
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
from pyruse import base
|
||||
|
||||
class Filter(base.Filter):
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import re
|
||||
from pyruse import base
|
||||
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import re
|
||||
from pyruse import base
|
||||
|
||||
class Filter(base.Filter):
|
||||
def __init__(self, args):
|
||||
super().__init__()
|
||||
self.field = args["field"]
|
||||
reList = []
|
||||
for item in args["re"]:
|
||||
reList.append(re.compile(item))
|
||||
self.reList = reList
|
||||
|
||||
def filter(self, entry):
|
||||
for item in self.reList:
|
||||
match = item.search(entry.get(self.field, ""))
|
||||
if match:
|
||||
for name, value in match.groupdict().items():
|
||||
entry[name] = value
|
||||
return True
|
||||
return False
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import pwd
|
||||
from pyruse import base
|
||||
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
from systemd import journal
|
||||
|
||||
EMERG = 0 # System is unusable.
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import os
|
||||
import sys
|
||||
from systemd import journal
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import importlib
|
||||
from pyruse import log
|
||||
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
from pyruse import log, module
|
||||
|
||||
class Workflow:
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import time
|
||||
from pyruse.actions.action_counterRaise import Action
|
||||
from pyruse.actions import action_counterReset
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import time
|
||||
from pyruse.actions.action_counterReset import Action
|
||||
from pyruse.actions import action_counterRaise
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import os
|
||||
import re
|
||||
from datetime import datetime
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import os
|
||||
import re
|
||||
from pyruse.actions.action_email import Action
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import json
|
||||
import os
|
||||
import time
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
from pyruse.filters.filter_equals import Filter
|
||||
|
||||
def whenGreaterThenFalse():
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
from pyruse.filters.filter_greaterOrEquals import Filter
|
||||
|
||||
def whenGreaterPosIntThenTrue():
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
from pyruse.filters.filter_pcre import Filter
|
||||
|
||||
def whenMatchesThenTrue():
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
from pyruse.filters.filter_pcreAny import Filter
|
||||
|
||||
def whenMatchesThenTrue():
|
||||
assert Filter({"field": "v", "re": ["cool", "ok"]}).filter({"v": "joke"})
|
||||
|
||||
def whenNoMatchThenFalse():
|
||||
assert not Filter({"field": "v", "re": ["bad", "ko"]}).filter({"v": "Koala"})
|
||||
|
||||
def whenNamedGroupsThenFoundInEntry():
|
||||
entry = {"v": "It works or not"}
|
||||
Filter({"field": "v", "re": ["^(?P<o>It)(?P<k> works)", "(?P<k>or)(?P<o> not)$"]}).filter(entry)
|
||||
assert entry["o"] + entry["k"] == "It works"
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
from pyruse.filters.filter_userExists import Filter
|
||||
|
||||
def whenUserExistsThenTrue():
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
import os
|
||||
import subprocess
|
||||
import sys
|
||||
|
@ -25,7 +28,7 @@ def main():
|
|||
base.actionFallback = None
|
||||
|
||||
# Unit tests
|
||||
import filter_equals, filter_greaterOrEquals, filter_pcre, filter_userExists
|
||||
import filter_equals, filter_greaterOrEquals, filter_pcre, filter_pcreAny, filter_userExists
|
||||
import action_counterRaise, action_counterReset, action_dailyReport, action_email, action_nftBan
|
||||
|
||||
filter_equals.whenGreaterThenFalse()
|
||||
|
@ -44,6 +47,10 @@ def main():
|
|||
filter_pcre.whenSaveThenGroupsInEntry()
|
||||
filter_pcre.whenNamedGroupsThenFoundInEntry()
|
||||
|
||||
filter_pcreAny.whenMatchesThenTrue()
|
||||
filter_pcreAny.whenNoMatchThenFalse()
|
||||
filter_pcreAny.whenNamedGroupsThenFoundInEntry()
|
||||
|
||||
filter_userExists.whenUserExistsThenTrue()
|
||||
filter_userExists.whenGarbageThenFalse()
|
||||
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||
# Copyright © 2017 Y. Gablin
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
from pyruse.actions import action_dailyReport
|
||||
|
||||
class Action(action_dailyReport.Action):
|
||||
|
|
Loading…
Reference in New Issue