fail2ban.server.database module¶
- class fail2ban.server.database.Fail2BanDb(filename, purgeAge=86400, outDatedFactor=3)¶
Bases:
object
Fail2Ban database for storing persistent data.
This allows after Fail2Ban is restarted to reinstated bans and to continue monitoring logs from the same point.
This will either create a new Fail2Ban database, connect to an existing, and if applicable upgrade the schema in the process.
- Parameters:
- filenamestr
File name for SQLite3 database, which will be created if doesn’t already exist.
- purgeAgeint
Purge age in seconds, used to remove old bans from database during purge.
- Attributes:
Methods
addBan
(cur, jail, ticket)Add a ban to the database.
addJail
(cur, jail)Adds a jail to the database.
addLog
(cur, jail, container)Adds a log to the database.
delAllJails
(cur)Deletes all jails from the database.
delBan
(cur, jail, *args)Delete a single or multiple tickets from the database.
delJail
(cur, jail)Deletes a jail from the database.
getBans
(**kwargs)Get bans from the database.
getBansMerged
([ip, jail, bantime])Get bans from the database, merged into single ticket.
getCurrentBans
([jail, ip, forbantime, ...])Reads tickets (with merged info) currently affected from ban from the database.
getJailNames
(cur[, enabled])Get name of jails in database.
getJournalPos
(cur, jail, name[, time, iso])Get journal position from database.
getLogPaths
(cur[, jail])Gets all the log paths from the database.
purge
(cur)Purge old bans, jails and log files from database.
updateDb
(cur, version)Update an existing database, called during initialisation.
updateJournal
(cur, jail, name, time, iso)Updates last position (as time) of journal.
updateLog
(cur, jail, container)Updates hash and last position in log file.
close
createDb
getBan
repairDB
- Raises:
- sqlite3.OperationalError
Error connecting/creating a SQLite3 database.
- RuntimeError
If existing database fails to update to new schema.
- addBan(cur, jail, ticket)¶
Add a ban to the database.
- Parameters:
- jailJail
Jail in which the ban has occurred.
- ticketBanTicket
Ticket of the ban to be added.
- addJail(cur, jail)¶
Adds a jail to the database.
- Parameters:
- jailJail
Jail to be added to the database.
- addLog(cur, jail, container)¶
Adds a log to the database.
- Parameters:
- jailJail
Jail that log is being monitored by.
- containerFileContainer
File container of the log file being added.
- Returns:
- int
If log was already present in database, value of last position in the log file; else None
- close()¶
- createDb(cur, incremental=False)¶
- delAllJails(cur)¶
Deletes all jails from the database.
- delBan(cur, jail, *args)¶
Delete a single or multiple tickets from the database.
- Parameters:
- jailJail
Jail in which the ticket(s) should be removed.
- argslist of IP
IPs to be removed, if not given all tickets of jail will be removed.
- delJail(cur, jail)¶
Deletes a jail from the database.
- Parameters:
- jailJail
Jail to be removed from the database.
- property filename¶
File name of SQLite3 database file.
- getBan(cur, ip, jail=None, forbantime=None, overalljails=None, fromtime=None)¶
- getBans(**kwargs)¶
Get bans from the database.
- Parameters:
- jailJail
Jail that the ban belongs to. Default None; all jails.
- bantimeint
Ban time in seconds, such that bans returned would still be valid now. Negative values are equivalent to None. Default None; no limit.
- ipstr
IP Address to filter bans by. Default None; all IPs.
- Returns:
- list
List of `Ticket`s for bans stored in database.
- getBansMerged(ip=None, jail=None, bantime=None)¶
Get bans from the database, merged into single ticket.
This is the same as getBans, but bans merged into single ticket.
- Parameters:
- jailJail
Jail that the ban belongs to. Default None; all jails.
- bantimeint
Ban time in seconds, such that bans returned would still be valid now. Negative values are equivalent to None. Default None; no limit.
- ipstr
IP Address to filter bans by. Default None; all IPs.
- Returns:
- list or Ticket
Single ticket representing bans stored in database per IP in a list. When ip argument passed, a single Ticket is returned.
- getCurrentBans(jail=None, ip=None, forbantime=None, fromtime=None, correctBanTime=True, maxmatches=None)¶
Reads tickets (with merged info) currently affected from ban from the database.
There are all the tickets corresponding parameters jail/ip, forbantime, fromtime (normally now).
If correctBanTime specified (default True) it will fix the restored ban-time (and therefore endOfBan) of the ticket (normally it is ban-time of jail as maximum) for all tickets with ban-time greater (or persistent).
- getJailNames(cur, enabled=None)¶
Get name of jails in database.
Currently only used for testing purposes.
- Returns:
- set
Set of jail names.
- getJournalPos(cur, jail, name, time=0, iso=None)¶
Get journal position from database.
- Parameters:
- jailJail
Jail of which the journal belongs to.
- name, time, iso
Journal name (typically systemd-journal) and last known time.
- Returns:
- int (or float)
Last position (as time) if it was already present in database; else None
- getLogPaths(cur, jail=None)¶
Gets all the log paths from the database.
Currently only for testing purposes.
- Parameters:
- jailJail
If specified, will only return logs belonging to the jail.
- Returns:
- set
Set of log paths.
- purge(cur)¶
Purge old bans, jails and log files from database.
- property purgeage¶
Purge age in seconds.
- repairDB()¶
- updateDb(cur, version)¶
Update an existing database, called during initialisation.
A timestamped backup is also created prior to attempting the update.
- updateJournal(cur, jail, name, time, iso)¶
Updates last position (as time) of journal.
- Parameters:
- jailJail
Jail of which the journal belongs to.
- name, time, iso
Journal name (typically systemd-journal) and last known time.
- updateLog(cur, jail, container)¶
Updates hash and last position in log file.
- Parameters:
- jailJail
Jail of which the log file belongs to.
- containerFileContainer
File container of the log file being updated.
- fail2ban.server.database.commitandrollback(f)¶