private int RunProcess(string program, bool requireExitCode, out IReadOnlyList <string> lines, string commandLine, params object[] args)
{
commandLine = program + " " + string.Format(commandLine, args);
commandLine = "-c \"" + commandLine.Replace("\"", "\\\"") + "\"";
IPBanLog.Debug("Running firewall process: /bin/bash {0}", commandLine);
Process p = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = "/bin/bash",
Arguments = commandLine,
UseShellExecute = false,
CreateNoWindow = true,
RedirectStandardOutput = true
}
};
p.Start();
List <string> lineList = new List <string>();
string line;
while ((line = p.StandardOutput.ReadLine()) != null)
{
lineList.Add(line);
}
lines = lineList;
p.WaitForExit();
if (requireExitCode && p.ExitCode != 0)
{
IPBanLog.Error("Process {0} had exit code {1}", commandLine, p.ExitCode);
}
return(p.ExitCode);
}
private HashSet <WatchedFile> UpdateWatchedFiles()
{
HashSet <WatchedFile> watchedFilesCopy = new HashSet <WatchedFile>();
try
{
// read in existing files that match the mask in the directory being watched
if (Directory.Exists(directoryToWatch))
{
foreach (string file in Directory.EnumerateFiles(directoryToWatch, fileMask, SearchOption.TopDirectoryOnly))
{
watchedFilesCopy.Add(new WatchedFile(file, new FileInfo(file).Length));
}
}
}
catch
{
// nothing to do here, something failed enumerating the directory files
}
lock (watchedFiles)
{
// remove files that no longer exist
foreach (WatchedFile existing in watchedFiles.ToArray())
{
if (!watchedFilesCopy.Contains(existing))
{
IPBanLog.Debug("Removing parsed log file {0}", existing.FileName);
watchedFiles.Remove(existing);
}
}
// add new files
foreach (WatchedFile newFile in watchedFilesCopy)
{
// add the file, will fail if it already exists
if (watchedFiles.Add(newFile))
{
IPBanLog.Debug("Adding parsed log file {0}", newFile.FileName);
}
}
// make a copy so we can enumerate outside a lock
watchedFilesCopy.Clear();
foreach (WatchedFile file in watchedFiles)
{
watchedFilesCopy.Add(file);
}
}
return(watchedFilesCopy);
}
/// <summary>
/// Process a line, checking for ip addresses
/// </summary>
/// <param name="line">Line to process</param>
/// <returns>True</returns>
protected override bool OnProcessLine(string line)
{
IPBanLog.Debug("Parsing log file line {0}...", line);
IPAddressLogInfo info = IPBanService.GetIPAddressInfoFromRegex(dns, regex, line);
if (info.FoundMatch)
{
info.Source = info.Source ?? Source;
IPBanLog.Debug("Log file found match, ip: {0}, user: {1}, source: {2}, count: {3}", info.IPAddress, info.UserName, info.Source, info.Count);
failedLogin.AddFailedLogin(info);
}
else
{
IPBanLog.Debug("No match for line {0}", line);
}
return(true);
}
/// <summary>
/// Get a firewall ip address, clean and normalize
/// </summary>
/// <param name="ipAddress">IP Address</param>
/// <param name="normalizedIP">The normalized ip ready to go in the firewall or null if invalid ip address</param>
/// <returns>True if ip address can go in the firewall, false otherwise</returns>
public static bool TryGetFirewallIPAddress(this string ipAddress, out string normalizedIP)
{
normalizedIP = ipAddress?.Trim();
if (string.IsNullOrWhiteSpace(normalizedIP) ||
normalizedIP == "0.0.0.0" ||
normalizedIP == "127.0.0.1" ||
normalizedIP == "::0" ||
normalizedIP == "::1" ||
!IPAddressRange.TryParse(normalizedIP, out IPAddressRange range))
{
normalizedIP = null;
return(false);
}
try
{
normalizedIP = (range.Begin.Equals(range.End) ? range.Begin.ToString() : range.ToCidrString());
}
catch (Exception ex)
{
IPBanLog.Debug("Failed to normalize ip {0}, it is not a single ip or cidr range: {1}", ipAddress, ex);
return(false);
}
return(true);
}
private bool PingFile(WatchedFile file, FileStream fs)
{
const int maxCountBeforeNewline = 1024;
int b;
long lastNewlinePos = -1;
byte[] bytes;
long end = Math.Min(file.LastLength, fs.Length);
int countBeforeNewline = 0;
fs.Position = file.LastPosition;
IPBanLog.Info("Processing watched file {0}, len = {1}, pos = {2}", file.FileName, file.LastLength, file.LastPosition);
while (fs.Position < end && countBeforeNewline++ != maxCountBeforeNewline)
{
// read until last \n is found
b = fs.ReadByte();
if (b == '\n')
{
lastNewlinePos = fs.Position - 1;
countBeforeNewline = 0;
}
}
if (countBeforeNewline == maxCountBeforeNewline)
{
throw new InvalidOperationException("Log file " + this.fileMask + " may not be a plain text new line delimited file");
}
if (lastNewlinePos > -1)
{
// set file position ready for the next read right after the newline
fs.Position = file.LastPosition;
bytes = new BinaryReader(fs).ReadBytes((int)(lastNewlinePos - fs.Position));
// set position for next ping
file.LastPosition = lastNewlinePos + 1;
// read text and run regex to find ip addresses to ban
string subString = Encoding.UTF8.GetString(bytes);
string[] lines = subString.Split('\n');
bool foundOne = false;
// find ip and user name from all lines
foreach (string line in lines)
{
string trimmedLine = line.Trim();
IPBanLog.Debug("Parsing log file line {0}...", trimmedLine);
IPAddressLogInfo info = IPBanService.GetIPAddressInfoFromRegex(dns, Regex, trimmedLine);
if (info.FoundMatch)
{
info.Source = info.Source ?? Source;
IPBanLog.Debug("Log file found match, ip: {0}, user: {1}, source: {2}, count: {3}", info.IPAddress, info.UserName, info.Source, info.Count);
failedLogin.AddFailedLogin(info);
foundOne = true;
}
else
{
IPBanLog.Debug("No match for line {0}", line);
}
}
if (foundOne)
{
// signal that we have found ip addresses
ipEvent.Set();
}
}
return(maxFileSize > 0 && fs.Length > maxFileSize);
}
private void PingFiles()
{
try
{
pingTimer.Enabled = false;
}
catch
{
}
try
{
// re-open files and read one byte to flush disk cache
foreach (WatchedFile file in UpdateWatchedFiles())
{
// if file length has changed, ping the file
bool delete = false;
// ugly hack to force file to flush
using (FileStream fs = new FileStream(file.FileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
try
{
fs.Position = fs.Length - 1;
fs.ReadByte();
}
catch
{
}
}
long len = new FileInfo(file.FileName).Length;
// if file has shrunk (deleted and recreated for example) reset positions to 0
if (len < file.LastLength || len < file.LastPosition)
{
file.LastPosition = 0;
}
// use file info for length compare to avoid doing a full file open
if (len != file.LastLength)
{
using (FileStream fs = new FileStream(file.FileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
file.LastLength = len;
delete = PingFile(file, fs);
}
}
else
{
IPBanLog.Debug("Watched file {0} length has not changed", file.FileName);
}
if (delete)
{
try
{
File.Delete(file.FileName);
}
catch
{
// OK someone else might have it open, in which case we have no chance to delete
}
}
}
}
catch (Exception ex)
{
IPBanLog.Error(ex);
}
try
{
pingTimer.Enabled = true;
}
catch
{
}
}