/// <summary> /// Create a log file scanner /// </summary> /// <param name="loginHandler">Interface for handling logins</param> /// <param name="dns">Interface for dns lookup</param> /// <param name="source">The source, i.e. SSH or SMTP, etc.</param> /// <param name="pathAndMask">File path and mask (i.e. /var/log/auth*.log)</param> /// <param name="recursive">Whether to parse all sub directories of path and mask recursively</param> /// <param name="regexFailure">Regex to parse file lines to pull out failed login ipaddress and username</param> /// <param name="regexSuccess">Regex to parse file lines to pull out successful login ipaddress and username</param> /// <param name="maxFileSizeBytes">Max size of file (in bytes) before it is deleted or 0 for unlimited</param> /// <param name="pingIntervalMilliseconds">Ping interval in milliseconds, less than 1 for manual ping required</param> public IPBanIPAddressLogFileScanner ( IIPAddressEventHandler loginHandler, IDnsLookup dns, string source, string pathAndMask, bool recursive, string regexFailure, string regexSuccess, long maxFileSizeBytes = 0, int pingIntervalMilliseconds = 0 ) : base(pathAndMask, recursive, maxFileSizeBytes, pingIntervalMilliseconds) { loginHandler.ThrowIfNull(nameof(loginHandler)); dns.ThrowIfNull(nameof(dns)); Source = source; this.loginHandler = loginHandler; this.dns = dns; this.regexFailure = IPBanConfig.ParseRegex(regexFailure); this.regexSuccess = IPBanConfig.ParseRegex(regexSuccess); }
private void UpdateLogFiles(IPBanConfig newConfig) { // remove existing log files that are no longer in config foreach (IPBanLogFileScanner file in logFilesToParse.ToArray()) { if (newConfig.LogFilesToParse.FirstOrDefault(f => f.PathsAndMasks.Contains(file.PathAndMask)) == null) { file.Dispose(); logFilesToParse.Remove(file); } } foreach (IPBanLogFileToParse newFile in newConfig.LogFilesToParse) { string[] pathsAndMasks = newFile.PathAndMask.Split('\n'); for (int i = 0; i < pathsAndMasks.Length; i++) { string pathAndMask = pathsAndMasks[i].Trim(); if (pathAndMask.Length != 0) { // if we don't have this log file and the platform matches, add it if (logFilesToParse.FirstOrDefault(f => f.PathAndMask == pathAndMask) == null && !string.IsNullOrWhiteSpace(newFile.PlatformRegex) && Regex.IsMatch(IPBanOS.Description, newFile.PlatformRegex.ToString().Trim(), RegexOptions.IgnoreCase | RegexOptions.CultureInvariant)) { // log files use a timer internally and do not need to be updated regularly IPBanLogFileScanner scanner = new IPBanIPAddressLogFileScanner(this, DnsLookup, newFile.Source, pathAndMask, newFile.Recursive, newFile.FailedLoginRegex, newFile.SuccessfulLoginRegex, newFile.MaxFileSize, newFile.PingInterval); logFilesToParse.Add(scanner); IPBanLog.Debug("Adding log file to parse: {0}", pathAndMask); } else { IPBanLog.Debug("Ignoring log file path {0}, regex: {1}", pathAndMask, newFile.PlatformRegex); } } } } }
internal async Task ReadAppSettings() { try { ConfigFilePath = (!File.Exists(ConfigFilePath) ? Path.Combine(AppDomain.CurrentDomain.BaseDirectory, IPBanService.ConfigFileName) : ConfigFilePath); string newXml = await ConfigReaderWriter.CheckForConfigChange(); if (!string.IsNullOrWhiteSpace(newXml)) { IPBanConfig oldConfig = Config; IPBanConfig newConfig = IPBanConfig.LoadFromXml(newXml, DnsLookup); UpdateLogFiles(newConfig); whitelistChanged = (Config == null || Config.WhiteList != newConfig.WhiteList || Config.WhiteListRegex != newConfig.WhiteListRegex); Config = newConfig; LoadFirewall(oldConfig); } } catch (Exception ex) { IPBanLog.Error(ex); if (Config == null) { throw new ApplicationException("Configuration failed to load, make sure to check for XML errors or unblock all the files.", ex); } } // set or unset default banned ip address handler based on config if (Config.UseDefaultBannedIPAddressHandler && BannedIPAddressHandler == null) { BannedIPAddressHandler = new DefaultBannedIPAddressHandler(); } else if (!Config.UseDefaultBannedIPAddressHandler && BannedIPAddressHandler != null && BannedIPAddressHandler is DefaultBannedIPAddressHandler) { BannedIPAddressHandler = null; } }