no more fallbacks
parent
d73780cacd
commit
f58781adad
|
@ -1,5 +1,5 @@
|
||||||
# pyruse is intended as a replacement to both fail2ban and epylog
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
# Copyright © 2017 Y. Gablin
|
# Copyright © 2017–2018 Y. Gablin
|
||||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import abc
|
import abc
|
||||||
from pyruse import log
|
from pyruse import log
|
||||||
|
@ -28,16 +28,13 @@ class Filter(Step):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def run(self, entry):
|
def run(self, entry):
|
||||||
global filterFallback
|
|
||||||
try:
|
try:
|
||||||
nextStep = self.nextStep if self.filter(entry) else self.altStep
|
nextStep = self.nextStep if self.filter(entry) else self.altStep
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
log.error("Error while executing %s: %s." % (type(self), str(e)))
|
|
||||||
nextStep = self.altStep
|
nextStep = self.altStep
|
||||||
|
log.error("Error while executing %s: %s." % (type(self), str(e)))
|
||||||
if nextStep:
|
if nextStep:
|
||||||
nextStep.run(entry)
|
nextStep.run(entry)
|
||||||
elif filterFallback is not None:
|
|
||||||
filterFallback.run(entry)
|
|
||||||
|
|
||||||
class Action(Step):
|
class Action(Step):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
|
@ -48,15 +45,11 @@ class Action(Step):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def run(self, entry):
|
def run(self, entry):
|
||||||
global actionFallback
|
|
||||||
try:
|
try:
|
||||||
self.act(entry)
|
self.act(entry)
|
||||||
|
nextStep = self.nextStep
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
nextStep = None
|
||||||
log.error("Error while executing %s: %s." % (type(self), str(e)))
|
log.error("Error while executing %s: %s." % (type(self), str(e)))
|
||||||
if self.nextStep:
|
if nextStep:
|
||||||
self.nextStep.run(entry)
|
nextStep.run(entry)
|
||||||
elif self != filterFallback and self != actionFallback and actionFallback is not None:
|
|
||||||
actionFallback.run(entry)
|
|
||||||
|
|
||||||
filterFallback = None
|
|
||||||
actionFallback = None
|
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
# pyruse is intended as a replacement to both fail2ban and epylog
|
# pyruse is intended as a replacement to both fail2ban and epylog
|
||||||
# Copyright © 2017 Y. Gablin
|
# Copyright © 2017–2018 Y. Gablin
|
||||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
from systemd import journal
|
from systemd import journal
|
||||||
from pyruse import base, config, module, workflow
|
from pyruse import config, module, workflow
|
||||||
|
|
||||||
PYRUSE_ENVVAR = "PYRUSE_EXTRA"
|
PYRUSE_ENVVAR = "PYRUSE_EXTRA"
|
||||||
PYRUSE_PATHS = []
|
PYRUSE_PATHS = []
|
||||||
|
@ -37,17 +37,8 @@ def boot(modName):
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
_setPyrusePaths()
|
_setPyrusePaths()
|
||||||
conf = config.Config(PYRUSE_PATHS)
|
conf = config.Config(PYRUSE_PATHS).asMap().get("actions", {})
|
||||||
fback = conf.asMap().get("fallback", {})
|
wf = workflow.Workflow(conf)
|
||||||
if "all_filters_failed" in fback:
|
|
||||||
base.filterFallback = module.get(fback.get("all_filters_failed")).module
|
|
||||||
else:
|
|
||||||
base.filterFallback = None
|
|
||||||
if "finalize_after_last_action" in fback:
|
|
||||||
base.actionFallback = module.get(fback.get("finalize_after_last_action")).module
|
|
||||||
else:
|
|
||||||
base.actionFallback = None
|
|
||||||
wf = workflow.Workflow(conf.asMap().get("actions", {}))
|
|
||||||
_doForEachJournalEntry(wf.run)
|
_doForEachJournalEntry(wf.run)
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
|
|
@ -7,7 +7,7 @@ import sys
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
sys.path.insert(1, "..")
|
sys.path.insert(1, "..")
|
||||||
from pyruse import actions, base, config, module, workflow
|
from pyruse import actions, config, module, workflow
|
||||||
|
|
||||||
def _clean():
|
def _clean():
|
||||||
for f in ['acted_on.log', 'action_nftBan.py.json', 'email.dump', 'nftBan.cmd', 'unfiltered.log']:
|
for f in ['acted_on.log', 'action_nftBan.py.json', 'email.dump', 'nftBan.cmd', 'unfiltered.log']:
|
||||||
|
@ -17,15 +17,6 @@ def _clean():
|
||||||
def main():
|
def main():
|
||||||
global _microsec
|
global _microsec
|
||||||
conf = config.Config(os.curdir)
|
conf = config.Config(os.curdir)
|
||||||
fback = conf.asMap().get("fallback", {})
|
|
||||||
if "all_filters_failed" in fback:
|
|
||||||
base.filterFallback = module.get(fback.get("all_filters_failed")).module
|
|
||||||
else:
|
|
||||||
base.filterFallback = None
|
|
||||||
if "finalize_after_last_action" in fback:
|
|
||||||
base.actionFallback = module.get(fback.get("finalize_after_last_action")).module
|
|
||||||
else:
|
|
||||||
base.actionFallback = None
|
|
||||||
|
|
||||||
# Unit tests
|
# Unit tests
|
||||||
import filter_equals, filter_greaterOrEquals, filter_in, filter_lowerOrEquals, filter_pcre, filter_pcreAny, filter_userExists
|
import filter_equals, filter_greaterOrEquals, filter_in, filter_lowerOrEquals, filter_pcre, filter_pcreAny, filter_userExists
|
||||||
|
|
|
@ -16,7 +16,8 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"action": "action_dailyReport",
|
"action": "action_dailyReport",
|
||||||
"args": { "level": "INFO", "message": "Login as {user} from {ip}" }
|
"args": { "level": "INFO", "message": "Login as {user} from {ip}" },
|
||||||
|
"then": "… finalize after last action"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"… Detect failed logins": [
|
"… Detect failed logins": [
|
||||||
|
@ -57,20 +58,23 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"action": "action_nftBan",
|
"action": "action_nftBan",
|
||||||
"args": { "IP": "ip", "banSeconds": 100, "nftSetIPv4": "I4 bans", "nftSetIPv6": "I6 bans" }
|
"args": { "IP": "ip", "banSeconds": 100, "nftSetIPv4": "I4 bans", "nftSetIPv6": "I6 bans" },
|
||||||
|
"then": "… finalize after last action"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"all filters failed": [
|
||||||
|
{
|
||||||
|
"action": "action_testLog",
|
||||||
|
"args": { "level": "OTHER", "message": "Filter came last [{_HOSTNAME}:{service}] {MESSAGE}", "outFile": "unfiltered.log" }
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"… finalize after last action": [
|
||||||
|
{
|
||||||
|
"action": "action_testLog",
|
||||||
|
"args": { "level": "OTHER", "message": "Action came last [{_HOSTNAME}:{service}] {MESSAGE}", "outFile": "acted_on.log" }
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"fallback": {
|
|
||||||
"all_filters_failed": {
|
|
||||||
"action": "action_testLog",
|
|
||||||
"args": { "level": "OTHER", "message": "Filter came last [{_HOSTNAME}:{service}] {MESSAGE}", "outFile": "unfiltered.log" }
|
|
||||||
},
|
|
||||||
"finalize_after_last_action": {
|
|
||||||
"action": "action_testLog",
|
|
||||||
"args": { "level": "OTHER", "message": "Action came last [{_HOSTNAME}:{service}] {MESSAGE}", "outFile": "acted_on.log" }
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"email": {
|
"email": {
|
||||||
"from": "pyruse@localhost",
|
"from": "pyruse@localhost",
|
||||||
"to": [
|
"to": [
|
||||||
|
|
Loading…
Reference in New Issue