How to use so called action variables in fail2ban?
I've seen a few mentions of these in the docs and misc scripts, but nothing concrete on exactly how they are used. Could anyone give me some examples?
Is it just a case of
myvar=7
.
.
.
[ssh]
bantime=%(myvar)s
If so what is the point?
Secondly, how do I use the "Action shortcuts" in the jail.conf? e.g. action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
, any docs on this?
If you take a look at the rules that are included with fail2ban
you'll notice that they use these variables to make things neater and more parameterized. For example in the included jail.conf
they've used them to make general action rules that they can then use when defining the various jails.
Example
Here are some basic variables at the top.
# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = root@localhost
# Sender email address used solely for some actions
sender = root@localhost
# Default protocol
protocol = tcp
# Ports to be banned
# Usually should be overridden in a particular jail
port = 0:65535
These variables are then used in other variables to construct some basic actions.
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-multiport
# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
Notice here that they're constructing a general purpose action called, action_
which is made using other variables, such as, %(banaction)s
, %(port)s
, `%(protocol)s, etc.
From the man jail.conf
man page:
Using Python "string interpolation" mechanisms, other definitions are allowed and can later be used within other definitions as %(name)s. For example.
baduseragents = IE|wget failregex = useragent=%(baduseragents)s
So the %(...)s
are part of the Python language. If you search for them you'll eventually find this page from the Python language's specification, specifically this section titled: 5.6.2. String Formatting Operations. There is an example on this page:
>>> print '%(language)s has %(number)03d quote types.' % \
... {"language": "Python", "number": 2}
Python has 002 quote types.
The %(...string...)s
is called a string formatting or interpolation operator in Python. The s
at the end of the %(...string...)
is a flag, specifying that any Python objects that may be passed to it, get converted to strings. From the link I referenced, there's a table with all the flags allowed:
The %
specifies where you want the specifier to begin, and the (...string...)
is what Python variable we want to have expanded here.