diff --git a/TODO.md b/TODO.md index 821131c..7333443 100644 --- a/TODO.md +++ b/TODO.md @@ -1,7 +1,5 @@ # TODO -* Insert the GPL stuff in the source files. -* Create a filter that rejects all messages that match a series of regular expressions. * Maybe switch from storing the daily journal in a file, to storing it in a database. * Write the systemd service that starts pyruse on boot. * Write the systemd service+timer that restores bans after a reboot. diff --git a/pyruse/actions/action_counterRaise.py b/pyruse/actions/action_counterRaise.py index ff1fe64..1ae3a5d 100644 --- a/pyruse/actions/action_counterRaise.py +++ b/pyruse/actions/action_counterRaise.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import datetime from pyruse import base, counter diff --git a/pyruse/actions/action_counterReset.py b/pyruse/actions/action_counterReset.py index 137dac3..bb351d6 100644 --- a/pyruse/actions/action_counterReset.py +++ b/pyruse/actions/action_counterReset.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import datetime from pyruse import base, counter diff --git a/pyruse/actions/action_dailyReport.py b/pyruse/actions/action_dailyReport.py index 6243e21..5458393 100644 --- a/pyruse/actions/action_dailyReport.py +++ b/pyruse/actions/action_dailyReport.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import json import os import string diff --git a/pyruse/actions/action_email.py b/pyruse/actions/action_email.py index dd26922..e96c6e9 100644 --- a/pyruse/actions/action_email.py +++ b/pyruse/actions/action_email.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import string from pyruse import base, email diff --git a/pyruse/actions/action_nftBan.py b/pyruse/actions/action_nftBan.py index d363663..cc07da1 100644 --- a/pyruse/actions/action_nftBan.py +++ b/pyruse/actions/action_nftBan.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import datetime import json import os diff --git a/pyruse/actions/action_noop.py b/pyruse/actions/action_noop.py new file mode 100644 index 0000000..2299bee --- /dev/null +++ b/pyruse/actions/action_noop.py @@ -0,0 +1,11 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. +from pyruse import base + +class Action(base.Action): + def __init__(self, args): + super().__init__() + + def act(self, entry): + pass diff --git a/pyruse/base.py b/pyruse/base.py index 84a3220..cf54b2d 100644 --- a/pyruse/base.py +++ b/pyruse/base.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import abc from pyruse import log diff --git a/pyruse/config.py b/pyruse/config.py index c626563..80b0f86 100644 --- a/pyruse/config.py +++ b/pyruse/config.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import json import os from collections import OrderedDict diff --git a/pyruse/counter.py b/pyruse/counter.py index a69a70f..a32fc05 100644 --- a/pyruse/counter.py +++ b/pyruse/counter.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import datetime class Counter(): diff --git a/pyruse/email.py b/pyruse/email.py index 5b8eb45..eb468d5 100644 --- a/pyruse/email.py +++ b/pyruse/email.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import subprocess from email.headerregistry import Address from email.message import EmailMessage diff --git a/pyruse/filters/filter_equals.py b/pyruse/filters/filter_equals.py index 7724def..cca83a5 100644 --- a/pyruse/filters/filter_equals.py +++ b/pyruse/filters/filter_equals.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. from pyruse import base class Filter(base.Filter): diff --git a/pyruse/filters/filter_greaterOrEquals.py b/pyruse/filters/filter_greaterOrEquals.py index 0f6e71d..46f8d8c 100644 --- a/pyruse/filters/filter_greaterOrEquals.py +++ b/pyruse/filters/filter_greaterOrEquals.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. from pyruse import base class Filter(base.Filter): diff --git a/pyruse/filters/filter_pcre.py b/pyruse/filters/filter_pcre.py index 7f6a14e..9a02862 100644 --- a/pyruse/filters/filter_pcre.py +++ b/pyruse/filters/filter_pcre.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import re from pyruse import base diff --git a/pyruse/filters/filter_pcreAny.py b/pyruse/filters/filter_pcreAny.py new file mode 100644 index 0000000..6551663 --- /dev/null +++ b/pyruse/filters/filter_pcreAny.py @@ -0,0 +1,23 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. +import re +from pyruse import base + +class Filter(base.Filter): + def __init__(self, args): + super().__init__() + self.field = args["field"] + reList = [] + for item in args["re"]: + reList.append(re.compile(item)) + self.reList = reList + + def filter(self, entry): + for item in self.reList: + match = item.search(entry.get(self.field, "")) + if match: + for name, value in match.groupdict().items(): + entry[name] = value + return True + return False diff --git a/pyruse/filters/filter_userExists.py b/pyruse/filters/filter_userExists.py index 6662e6c..2540fb5 100644 --- a/pyruse/filters/filter_userExists.py +++ b/pyruse/filters/filter_userExists.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import pwd from pyruse import base diff --git a/pyruse/log.py b/pyruse/log.py index 9052fa2..c9c0bc8 100644 --- a/pyruse/log.py +++ b/pyruse/log.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. from systemd import journal EMERG = 0 # System is unusable. diff --git a/pyruse/main.py b/pyruse/main.py index fbbd330..5f43123 100644 --- a/pyruse/main.py +++ b/pyruse/main.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import os import sys from systemd import journal diff --git a/pyruse/module.py b/pyruse/module.py index f16b1c7..0dc69d6 100644 --- a/pyruse/module.py +++ b/pyruse/module.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import importlib from pyruse import log diff --git a/pyruse/workflow.py b/pyruse/workflow.py index 82eed0a..5798796 100644 --- a/pyruse/workflow.py +++ b/pyruse/workflow.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. from pyruse import log, module class Workflow: diff --git a/tests/action_counterRaise.py b/tests/action_counterRaise.py index a58e19b..19239de 100644 --- a/tests/action_counterRaise.py +++ b/tests/action_counterRaise.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import time from pyruse.actions.action_counterRaise import Action from pyruse.actions import action_counterReset diff --git a/tests/action_counterReset.py b/tests/action_counterReset.py index fc3e9a8..9d71a58 100644 --- a/tests/action_counterReset.py +++ b/tests/action_counterReset.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import time from pyruse.actions.action_counterReset import Action from pyruse.actions import action_counterRaise diff --git a/tests/action_dailyReport.py b/tests/action_dailyReport.py index b487efd..9c76acc 100644 --- a/tests/action_dailyReport.py +++ b/tests/action_dailyReport.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import os import re from datetime import datetime diff --git a/tests/action_email.py b/tests/action_email.py index 672c660..4a3162c 100644 --- a/tests/action_email.py +++ b/tests/action_email.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import os import re from pyruse.actions.action_email import Action diff --git a/tests/action_nftBan.py b/tests/action_nftBan.py index 9eb2382..f2a933b 100644 --- a/tests/action_nftBan.py +++ b/tests/action_nftBan.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import json import os import time diff --git a/tests/filter_equals.py b/tests/filter_equals.py index 4eb9a30..314c9b6 100644 --- a/tests/filter_equals.py +++ b/tests/filter_equals.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. from pyruse.filters.filter_equals import Filter def whenGreaterThenFalse(): diff --git a/tests/filter_greaterOrEquals.py b/tests/filter_greaterOrEquals.py index 513ca8b..3610b28 100644 --- a/tests/filter_greaterOrEquals.py +++ b/tests/filter_greaterOrEquals.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. from pyruse.filters.filter_greaterOrEquals import Filter def whenGreaterPosIntThenTrue(): diff --git a/tests/filter_pcre.py b/tests/filter_pcre.py index 44d2be1..f49ea21 100644 --- a/tests/filter_pcre.py +++ b/tests/filter_pcre.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. from pyruse.filters.filter_pcre import Filter def whenMatchesThenTrue(): diff --git a/tests/filter_pcreAny.py b/tests/filter_pcreAny.py new file mode 100644 index 0000000..aec5485 --- /dev/null +++ b/tests/filter_pcreAny.py @@ -0,0 +1,15 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. +from pyruse.filters.filter_pcreAny import Filter + +def whenMatchesThenTrue(): + assert Filter({"field": "v", "re": ["cool", "ok"]}).filter({"v": "joke"}) + +def whenNoMatchThenFalse(): + assert not Filter({"field": "v", "re": ["bad", "ko"]}).filter({"v": "Koala"}) + +def whenNamedGroupsThenFoundInEntry(): + entry = {"v": "It works or not"} + Filter({"field": "v", "re": ["^(?PIt)(?P works)", "(?Por)(?P not)$"]}).filter(entry) + assert entry["o"] + entry["k"] == "It works" diff --git a/tests/filter_userExists.py b/tests/filter_userExists.py index d322bfa..d340d27 100644 --- a/tests/filter_userExists.py +++ b/tests/filter_userExists.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. from pyruse.filters.filter_userExists import Filter def whenUserExistsThenTrue(): diff --git a/tests/main.py b/tests/main.py index f890bf9..5e56a63 100644 --- a/tests/main.py +++ b/tests/main.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. import os import subprocess import sys @@ -25,7 +28,7 @@ def main(): base.actionFallback = None # Unit tests - import filter_equals, filter_greaterOrEquals, filter_pcre, filter_userExists + import filter_equals, filter_greaterOrEquals, filter_pcre, filter_pcreAny, filter_userExists import action_counterRaise, action_counterReset, action_dailyReport, action_email, action_nftBan filter_equals.whenGreaterThenFalse() @@ -44,6 +47,10 @@ def main(): filter_pcre.whenSaveThenGroupsInEntry() filter_pcre.whenNamedGroupsThenFoundInEntry() + filter_pcreAny.whenMatchesThenTrue() + filter_pcreAny.whenNoMatchThenFalse() + filter_pcreAny.whenNamedGroupsThenFoundInEntry() + filter_userExists.whenUserExistsThenTrue() filter_userExists.whenGarbageThenFalse() diff --git a/tests/pyruse/actions/action_testLog.py b/tests/pyruse/actions/action_testLog.py index 7499ccb..124b6fd 100644 --- a/tests/pyruse/actions/action_testLog.py +++ b/tests/pyruse/actions/action_testLog.py @@ -1,3 +1,6 @@ +# pyruse is intended as a replacement to both fail2ban and epylog +# Copyright © 2017 Y. Gablin +# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. from pyruse.actions import action_dailyReport class Action(action_dailyReport.Action):