ruben/jail2ban
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use app.logger instead of rolling with logging

Browse Source
This commit is contained in:
Ruben van Staveren 2022-03-07 13:14:00 +01:00
parent 6e5ccbbf81
commit 00e59fb638
Signed by: ruben
GPG Key ID: 886F6BECD477A93F
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app.py
View File

@ -2,7 +2,6 @@ from flask import Flask, request, jsonify
from flask_httpauth import HTTPBasicAuth from flask_httpauth import HTTPBasicAuth
from werkzeug.security import check_password_hash from werkzeug.security import check_password_hash
from ipaddress import ip_address from ipaddress import ip_address
import logging
import re import re
from pfctl import pfctl_table_op, pfctl_cfg_read, pfctl_cfg_write from pfctl import pfctl_table_op, pfctl_cfg_read, pfctl_cfg_write
@ -10,7 +9,6 @@ from pfctl import pfctl_table_op, pfctl_cfg_read, pfctl_cfg_write
app = Flask(__name__) app = Flask(__name__)
auth = HTTPBasicAuth() auth = HTTPBasicAuth()
logging.basicConfig(level=logging.DEBUG)
users = { users = {
"erg.verweg.com": 'pbkdf2:sha256:260000$leXVKkMYNu60eQZR$0893397beb241931d33d2c996e66447a375d3b7923aa32fc4af6b80eec716fbe' "erg.verweg.com": 'pbkdf2:sha256:260000$leXVKkMYNu60eQZR$0893397beb241931d33d2c996e66447a375d3b7923aa32fc4af6b80eec716fbe'
@ -44,7 +42,7 @@ def verify_password(username, password):
def flush(name): def flush(name):
remote_user = auth.username() remote_user = auth.username()
name = untaint(PAT_NAME, name) name = untaint(PAT_NAME, name)
logging.info(f'Flushing table f2b-{name}' app.logger.info(f'Flushing table f2b-{name}'
' in anchor f2b-jail/{remote_user}') ' in anchor f2b-jail/{remote_user}')
res = pfctl_table_op('f2b-jail/{remote_user}', res = pfctl_table_op('f2b-jail/{remote_user}',
table='f2b-{name}', table='f2b-{name}',
@ -86,7 +84,7 @@ def register():
pfctl_table_op(f'f2b-jail/{remote_user}', pfctl_table_op(f'f2b-jail/{remote_user}',
table=f'f2b-{name}', table=f'f2b-{name}',
operation='kill') operation='kill')
logging.info(f'pfctl -a f2b-jail/{remote_user} -f-') app.logger.info(f'pfctl -a f2b-jail/{remote_user} -f-')
return jsonify({'remote_user': remote_user, 'data': data}) return jsonify({'remote_user': remote_user, 'data': data})
return jsonify({'anchor': f'f2b-jail/{remote_user}', return jsonify({'anchor': f'f2b-jail/{remote_user}',
'table': f'f2b-{name}', 'table': f'f2b-{name}',
@ -104,14 +102,14 @@ def ban():
name = untaint(PAT_NAME, data['name']) name = untaint(PAT_NAME, data['name'])
ip = ip_address(data['ip']) ip = ip_address(data['ip'])
if request.method == 'PUT': if request.method == 'PUT':
logging.info(f'Add {ip} to f2b-{name}' app.logger.info(f'Add {ip} to f2b-{name}'
f' in anchor f2b-jail/{remote_user}') f' in anchor f2b-jail/{remote_user}')
res = pfctl_table_op(f'f2b-jail/{remote_user}', res = pfctl_table_op(f'f2b-jail/{remote_user}',
table=f'f2b-{name}', table=f'f2b-{name}',
operation='add', operation='add',
value=str(ip)) value=str(ip))
elif request.method == 'DELETE': elif request.method == 'DELETE':
logging.info(f'Remove {ip} from f2b-{name}' app.logger.info(f'Remove {ip} from f2b-{name}'
f' in anchor f2b-jail/{remote_user}') f' in anchor f2b-jail/{remote_user}')
res = pfctl_table_op(f'f2b-jail/{remote_user}', res = pfctl_table_op(f'f2b-jail/{remote_user}',
table=f'f2b-{name}', table=f'f2b-{name}',
@ -129,11 +127,11 @@ def permission_err(error):
''' '''
Show a json parsable error if the value is illegal Show a json parsable error if the value is illegal
''' '''
logging.fatal(error) app.logger.fatal(error)
return jsonify({'error': str(error)}), 500 return jsonify({'error': str(error)}), 500
@auth.error_handler @auth.error_handler
def auth_error(): def auth_error():
logging.error('Access Denied') app.logger.error('Access Denied')
return jsonify({'error': 'Access Denied'}), 401 return jsonify({'error': 'Access Denied'}), 401