filter to match any number of regex + noop action == a reject filter
parent
03b36437f0
commit
86f27e8aa3
2
TODO.md
2
TODO.md
|
@ -1,7 +1,5 @@
|
||||||
# TODO
|
# TODO
|
||||||
|
|
||||||
* Insert the GPL stuff in the source files.
|
|
||||||
* Create a filter that rejects all messages that match a series of regular expressions.
|
|
||||||
* Maybe switch from storing the daily journal in a file, to storing it in a database.
|
* Maybe switch from storing the daily journal in a file, to storing it in a database.
|
||||||
* Write the systemd service that starts pyruse on boot.
|
* Write the systemd service that starts pyruse on boot.
|
||||||
* Write the systemd service+timer that restores bans after a reboot.
|
* Write the systemd service+timer that restores bans after a reboot.
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import datetime
|
import datetime
|
||||||
from pyruse import base, counter
|
from pyruse import base, counter
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import datetime
|
import datetime
|
||||||
from pyruse import base, counter
|
from pyruse import base, counter
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
import string
|
import string
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import string
|
import string
|
||||||
from pyruse import base, email
|
from pyruse import base, email
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import datetime
|
import datetime
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
|
from pyruse import base
|
||||||
|
|
||||||
|
class Action(base.Action):
|
||||||
|
def __init__(self, args):
|
||||||
|
super().__init__()
|
||||||
|
|
||||||
|
def act(self, entry):
|
||||||
|
pass
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import abc
|
import abc
|
||||||
from pyruse import log
|
from pyruse import log
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
from collections import OrderedDict
|
from collections import OrderedDict
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import datetime
|
import datetime
|
||||||
|
|
||||||
class Counter():
|
class Counter():
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import subprocess
|
import subprocess
|
||||||
from email.headerregistry import Address
|
from email.headerregistry import Address
|
||||||
from email.message import EmailMessage
|
from email.message import EmailMessage
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
from pyruse import base
|
from pyruse import base
|
||||||
|
|
||||||
class Filter(base.Filter):
|
class Filter(base.Filter):
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
from pyruse import base
|
from pyruse import base
|
||||||
|
|
||||||
class Filter(base.Filter):
|
class Filter(base.Filter):
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import re
|
import re
|
||||||
from pyruse import base
|
from pyruse import base
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
|
import re
|
||||||
|
from pyruse import base
|
||||||
|
|
||||||
|
class Filter(base.Filter):
|
||||||
|
def __init__(self, args):
|
||||||
|
super().__init__()
|
||||||
|
self.field = args["field"]
|
||||||
|
reList = []
|
||||||
|
for item in args["re"]:
|
||||||
|
reList.append(re.compile(item))
|
||||||
|
self.reList = reList
|
||||||
|
|
||||||
|
def filter(self, entry):
|
||||||
|
for item in self.reList:
|
||||||
|
match = item.search(entry.get(self.field, ""))
|
||||||
|
if match:
|
||||||
|
for name, value in match.groupdict().items():
|
||||||
|
entry[name] = value
|
||||||
|
return True
|
||||||
|
return False
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import pwd
|
import pwd
|
||||||
from pyruse import base
|
from pyruse import base
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
from systemd import journal
|
from systemd import journal
|
||||||
|
|
||||||
EMERG = 0 # System is unusable.
|
EMERG = 0 # System is unusable.
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
from systemd import journal
|
from systemd import journal
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import importlib
|
import importlib
|
||||||
from pyruse import log
|
from pyruse import log
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
from pyruse import log, module
|
from pyruse import log, module
|
||||||
|
|
||||||
class Workflow:
|
class Workflow:
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import time
|
import time
|
||||||
from pyruse.actions.action_counterRaise import Action
|
from pyruse.actions.action_counterRaise import Action
|
||||||
from pyruse.actions import action_counterReset
|
from pyruse.actions import action_counterReset
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import time
|
import time
|
||||||
from pyruse.actions.action_counterReset import Action
|
from pyruse.actions.action_counterReset import Action
|
||||||
from pyruse.actions import action_counterRaise
|
from pyruse.actions import action_counterRaise
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
from pyruse.actions.action_email import Action
|
from pyruse.actions.action_email import Action
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
import time
|
import time
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
from pyruse.filters.filter_equals import Filter
|
from pyruse.filters.filter_equals import Filter
|
||||||
|
|
||||||
def whenGreaterThenFalse():
|
def whenGreaterThenFalse():
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
from pyruse.filters.filter_greaterOrEquals import Filter
|
from pyruse.filters.filter_greaterOrEquals import Filter
|
||||||
|
|
||||||
def whenGreaterPosIntThenTrue():
|
def whenGreaterPosIntThenTrue():
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
from pyruse.filters.filter_pcre import Filter
|
from pyruse.filters.filter_pcre import Filter
|
||||||
|
|
||||||
def whenMatchesThenTrue():
|
def whenMatchesThenTrue():
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
|
from pyruse.filters.filter_pcreAny import Filter
|
||||||
|
|
||||||
|
def whenMatchesThenTrue():
|
||||||
|
assert Filter({"field": "v", "re": ["cool", "ok"]}).filter({"v": "joke"})
|
||||||
|
|
||||||
|
def whenNoMatchThenFalse():
|
||||||
|
assert not Filter({"field": "v", "re": ["bad", "ko"]}).filter({"v": "Koala"})
|
||||||
|
|
||||||
|
def whenNamedGroupsThenFoundInEntry():
|
||||||
|
entry = {"v": "It works or not"}
|
||||||
|
Filter({"field": "v", "re": ["^(?P<o>It)(?P<k> works)", "(?P<k>or)(?P<o> not)$"]}).filter(entry)
|
||||||
|
assert entry["o"] + entry["k"] == "It works"
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
from pyruse.filters.filter_userExists import Filter
|
from pyruse.filters.filter_userExists import Filter
|
||||||
|
|
||||||
def whenUserExistsThenTrue():
|
def whenUserExistsThenTrue():
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import os
|
import os
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
|
@ -25,7 +28,7 @@ def main():
|
||||||
base.actionFallback = None
|
base.actionFallback = None
|
||||||
|
|
||||||
# Unit tests
|
# Unit tests
|
||||||
import filter_equals, filter_greaterOrEquals, filter_pcre, filter_userExists
|
import filter_equals, filter_greaterOrEquals, filter_pcre, filter_pcreAny, filter_userExists
|
||||||
import action_counterRaise, action_counterReset, action_dailyReport, action_email, action_nftBan
|
import action_counterRaise, action_counterReset, action_dailyReport, action_email, action_nftBan
|
||||||
|
|
||||||
filter_equals.whenGreaterThenFalse()
|
filter_equals.whenGreaterThenFalse()
|
||||||
|
@ -44,6 +47,10 @@ def main():
|
||||||
filter_pcre.whenSaveThenGroupsInEntry()
|
filter_pcre.whenSaveThenGroupsInEntry()
|
||||||
filter_pcre.whenNamedGroupsThenFoundInEntry()
|
filter_pcre.whenNamedGroupsThenFoundInEntry()
|
||||||
|
|
||||||
|
filter_pcreAny.whenMatchesThenTrue()
|
||||||
|
filter_pcreAny.whenNoMatchThenFalse()
|
||||||
|
filter_pcreAny.whenNamedGroupsThenFoundInEntry()
|
||||||
|
|
||||||
filter_userExists.whenUserExistsThenTrue()
|
filter_userExists.whenUserExistsThenTrue()
|
||||||
filter_userExists.whenGarbageThenFalse()
|
filter_userExists.whenGarbageThenFalse()
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
|
# Copyright © 2017 Y. Gablin
|
||||||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
from pyruse.actions import action_dailyReport
|
from pyruse.actions import action_dailyReport
|
||||||
|
|
||||||
class Action(action_dailyReport.Action):
|
class Action(action_dailyReport.Action):
|
||||||
|
|
Loading…
Reference in New Issue