diff options
author | Anton Khirnov <anton@khirnov.net> | 2020-04-06 11:46:37 +0200 |
---|---|---|
committer | Anton Khirnov <anton@khirnov.net> | 2020-04-06 11:46:37 +0200 |
commit | 1e7883269f6f5ba61c9fc618d418b484916aba7f (patch) | |
tree | ac0c0c4af5d30b0413fb51a1286fd95e85ac783f /sshban.py | |
parent | 526924d1c507fff1d7cadfadeea0a8f4dc370468 (diff) |
sshban: allow using SIGUSR1 to dump current state to log
Diffstat (limited to 'sshban.py')
-rwxr-xr-x | sshban.py | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -6,6 +6,7 @@ import logging.handlers import os import re import select +import signal import shlex import sys import subprocess @@ -59,6 +60,14 @@ class ExpiringCounter: self._data = {} self.default_timeout = default_timeout + def __str__(self): + now = self._now() + ret = '' + for key, (ts, count) in self._data.items(): + ret += '%s(%d): %gs, %gs remaining\n' % (key, count, now - ts, self.default_timeout - (now - ts)) + + return ret + def __contains__(self, key): if not key in self._data: return False @@ -143,6 +152,14 @@ class Judge: return ACT_NOTHING + def __str__(self): + ret = 'Judge:\n wl: %s\n gl: %s\n' % (str(self._whitelist), str(self._graylist)) + + for key, val in self._blacklists.items(): + ret += ' bl %s: %s\n' % (key, str(val)) + + return ret + parser = argparse.ArgumentParser('Parse logs and ban SSH abusers') parser.add_argument('-s', '--thresh-short', type = int, default = 8, @@ -186,6 +203,13 @@ sys.excepthook = excepthook judge = Judge({ ACT_BAN_SHORT : args.thresh_short, ACT_BAN_MEDIUM : args.thresh_medium, ACT_BAN_LONG : args.thresh_long }) +# use SIGUSR1 to print state +def log_state(sig, stack): + state = str(judge).splitlines() + for l in state: + logger.info(l) +signal.signal(signal.SIGUSR1, log_state) + # open FIFO read-write so poll() won't return HUP endlessly if the writer dies fifofd = os.open(args.inputfifo, os.O_RDWR | os.O_NONBLOCK) with open(fifofd) as fifo: |