340 lines
10 KiB
Bash
340 lines
10 KiB
Bash
#compdef fail2ban-client
|
|
# ------------------------------------------------------------------------------
|
|
# Copyright (c) 2020 Github zsh-users - http://github.com/zsh-users
|
|
# All rights reserved.
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person obtaining
|
|
# a copy of this software and associated documentation files (the
|
|
# "Software"), to deal in the Software without restriction, including
|
|
# without limitation the rights to use, copy, modify, merge, publish,
|
|
# distribute, sublicense, and/or sell copies of the Software, and to
|
|
# permit persons to whom the Software is furnished to do so, subject to
|
|
# the following conditions:
|
|
#
|
|
# The above copyright notice and this permission notice shall be included
|
|
# in all copies or substantial portions of the Software.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
|
|
# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
|
|
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
|
# OTHER DEALINGS IN THE SOFTWARE.
|
|
# ------------------------------------------------------------------------------
|
|
# Description
|
|
# -----------
|
|
#
|
|
# Completion script for fail2ban-client (https://www.fail2ban.org/).
|
|
#
|
|
# ------------------------------------------------------------------------------
|
|
# Authors
|
|
# -------
|
|
#
|
|
# * Felix Neumärker <xdch47@posteo.de>
|
|
#
|
|
# ------------------------------------------------------------------------------
|
|
|
|
_f2bc_jails() {
|
|
LANG=C fail2ban-client status 2> /dev/null | sed -n -e 's/.*Jail list:\s\+//' -e 'T' -e 's/,\s\+/\'$'\n/g' -e 'p'
|
|
}
|
|
|
|
_complete_f2bc_cmds() {
|
|
local cmds=(
|
|
'unban:unbans all IP addresses'
|
|
'set:set property'
|
|
'get:get property'
|
|
'status:gets the current status of the server'
|
|
'reload:reloads the configuration/jails'
|
|
'restart:restarts the server'
|
|
'start:starts the server and the jails'
|
|
'stop:stops all jails and terminate the server'
|
|
'ping:tests if the server is alive'
|
|
'flushlogs:flushes the logtarget if a file and reopens it'
|
|
'help:return this output'
|
|
'version:return the server version'
|
|
)
|
|
|
|
_describe -V "fail2ban commands" cmds
|
|
}
|
|
|
|
_complete_f2bc_cmdargs() {
|
|
local f2barg="$words[$NORMARG]"
|
|
case "$f2barg" in
|
|
unban)
|
|
local jail
|
|
if (( $words[(I)(--all)] == 0 )) ; then
|
|
for jail in $(_f2bc_jails) ; do
|
|
_complete_f2bc_ips $jail
|
|
done
|
|
local unban_opts=(--all)
|
|
_describe -o "unban options" unban_opts
|
|
else
|
|
_nothing
|
|
fi
|
|
;;
|
|
(set|get))
|
|
if (( $NORMARG + 1 == $CURRENT )) ; then
|
|
_complete_f2bc_jails
|
|
_complete_f2bc_settings
|
|
else
|
|
_complete_f2bc_jail${f2barg}
|
|
fi
|
|
;;
|
|
status)
|
|
if (( $NORMARG + 1 == $CURRENT )) ; then
|
|
_complete_f2bc_jails
|
|
elif (( $NORMARG + 2 == $CURRENT )) ; then
|
|
_values "flavor" basic cymru
|
|
else
|
|
_nothing
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
_complete_f2bc_jails() {
|
|
local jails=($(_f2bc_jails))
|
|
_describe -V "jails" jails
|
|
}
|
|
|
|
_complete_f2bc_ips() {
|
|
local ips=("${(@f)$(LANG=C fail2ban-client status $1 2> /dev/null | sed -n -e 's/^.*Banned IP list:\s\+//' -e 'T' -e 's/\s\+/\'$'\n/g' -e 'p')}")
|
|
if [[ -n "${ips[@]}" ]] ; then
|
|
_describe -t "f2b_jail_$1" -V "banned ips of jail $1" ips
|
|
else
|
|
_nothing
|
|
fi
|
|
}
|
|
|
|
_complete_f2bc_jailset() {
|
|
if (( $NORMARG + 2 == $CURRENT )) ; then
|
|
case $words[$NORMARG+1] in
|
|
loglevel)
|
|
local loglevel=(CRITICAL ERROR WARNING NOTICE INFO DEBUG TRACEDEBUG HEAVYDEBUG)
|
|
_describe -V "loglevel" loglevel ;;
|
|
logtarget)
|
|
local logtarget=(STDOUT STDERR SYSLOG)
|
|
_describe -V "logtarget" logtarget
|
|
_files ;;
|
|
syslogsocket)
|
|
local syslogsocket=(auto)
|
|
_describe -V "logtarget" syslogsocket
|
|
_files ;;
|
|
dbfile)
|
|
_files ;;
|
|
dbpurgeage)
|
|
_message "sets the max age in <SECONDS> that history of bans will be kept" ;;
|
|
*)
|
|
# jail
|
|
local jailsettings=(
|
|
unbanip
|
|
banip
|
|
action
|
|
addaction
|
|
addfailregex
|
|
addignoreip
|
|
addignoreregex
|
|
addjournalmatch
|
|
addlogpath
|
|
bantime
|
|
datepattern
|
|
delaction
|
|
delfailregex
|
|
delignoreip
|
|
delignorerexgex
|
|
deljournalmatch
|
|
dellogpath
|
|
findtime
|
|
idle
|
|
ignorecache
|
|
ignorecommand
|
|
ignoreself
|
|
logencoding
|
|
maxlines
|
|
maxretry
|
|
usedns
|
|
)
|
|
_describe -t "f2b_jail_setting" -V "jail setting" jailsettings ;;
|
|
esac
|
|
else
|
|
local jail="$words[$NORMARG+1]"
|
|
|
|
if (( $NORMARG + 3 == $CURRENT )) ; then
|
|
case $words[$NORMARG+2] in
|
|
unbanip)
|
|
_complete_f2bc_ips "$jail" ;;
|
|
delfailregex)
|
|
_complete_f2bc_regex fail "$jail" ;;
|
|
delignorerexgex)
|
|
_complete_f2bc_regex ignore "$jail" ;;
|
|
dellogpath)
|
|
local filelist=("${(@f)$(LANG=C fail2ban-client status $jail 2> /dev/null | sed -n -e 's/^.*File list:\s\+//' -e 'T' -e 's/\s\+/\'$'\n/g' -e 'p')}")
|
|
|
|
if [[ -n "${filelist[@]}" ]] ; then
|
|
_describe -t "f2b_filelist" -V "filelist of jail $1" filelist
|
|
else
|
|
_nothing
|
|
fi ;;
|
|
idle)
|
|
_values 'fail2ban idle' on off ;;
|
|
ignoreself)
|
|
_values 'fail2ban ignoreself' true false ;;
|
|
delignoreip)
|
|
local ignoreips=("${(@f)$(fail2ban-client get "$jail" ignoreip 2> /dev/null | sed -e 's/^[|`]-\s\+//p')}")
|
|
if [[ -n "${ignoreips[@]}" ]] ; then
|
|
_describe -t "f2b_ignoreip" -V "fail2ban ignored ips" ignoreips
|
|
else
|
|
_nothing
|
|
fi ;;
|
|
delaction|action)
|
|
_complete_f2bc_action "$jail" ;;
|
|
addlogpath)
|
|
_files ;;
|
|
*)
|
|
_message "No completion for ${words[NORMARG+2]}" ;;
|
|
esac
|
|
elif (( $NORMARG + 4 == $CURRENT )) ; then
|
|
case $words[$NORMARG+2] in
|
|
action)
|
|
_complete_f2bc_actionproperties "$jail" $words[$NORMARG+3] ;;
|
|
addaction)
|
|
_files ;;
|
|
*)
|
|
_nothing ;;
|
|
esac
|
|
else
|
|
_nothing
|
|
fi
|
|
fi
|
|
}
|
|
|
|
_complete_f2bc_jailget() {
|
|
if (( $NORMARG + 2 == $CURRENT )) ; then
|
|
case $words[$NORMARG+1] in
|
|
(loglevel|logtarget|syslogsocket|dbfile|dbpurgeage))
|
|
_nothing ;;
|
|
*)
|
|
# jail
|
|
local jailprops=(
|
|
logpath
|
|
logencoding
|
|
journalmatch
|
|
ignoreself
|
|
ignoreip
|
|
ignorecommand
|
|
failregex
|
|
ignoreregex
|
|
findtime
|
|
bantime
|
|
datepattern
|
|
usedns
|
|
maxretry
|
|
maxlines
|
|
actions
|
|
action
|
|
actionproperties
|
|
actionmethods
|
|
)
|
|
_describe -t "f2b_jail_props" -V "jail properties" jailprops ;;
|
|
esac
|
|
else
|
|
local jail="$words[$NORMARG+1]"
|
|
|
|
if (( $NORMARG + 3 == $CURRENT )) ; then
|
|
case $words[$NORMARG+2] in
|
|
(action|actionproperties|actionmethods))
|
|
_complete_f2bc_action "$jail" ;;
|
|
*)
|
|
_nothing ;;
|
|
esac
|
|
elif (( $NORMARG + 4 == $CURRENT )) ; then
|
|
case $words[$NORMARG+2] in
|
|
(action|actionproperties|actionmethods))
|
|
_complete_f2bc_actionproperties "$jail" $words[$NORMARG+3] ;;
|
|
*)
|
|
_nothing ;;
|
|
esac
|
|
else
|
|
_nothing
|
|
fi
|
|
fi
|
|
}
|
|
|
|
_complete_f2bc_action() {
|
|
local jailactions=("${(@f)$(fail2ban-client get $1 actions 2>/dev/null | sed -e '1d' -e 's/,\s\+/\'$'\n/g')}")
|
|
|
|
if [[ -n "${jailactions[@]}" ]] ; then
|
|
_describe -t "f2b_jail_actions" -V "jail actions" jailactions
|
|
else
|
|
_nothing
|
|
fi
|
|
}
|
|
|
|
_complete_f2bc_actionproperties() {
|
|
local default_actionproperties=(
|
|
actionstart
|
|
actionstop
|
|
actioncheck
|
|
actionban
|
|
actionunban
|
|
timeout
|
|
)
|
|
local all_actionproperties=("${(@f)$(fail2ban-client get $1 actionproperties $2 2>/dev/null | sed -e '1d' -e 's/,\s\+/\'$'\n/g')}")
|
|
local add_actionproperties=("${(@)all_actionproperties:|default_actionproperties}")
|
|
|
|
_describe -t "f2b_actions_defprops" -V "default action properties" default_actionproperties
|
|
|
|
if [[ -n "${add_actionproperties[@]}" ]] ; then
|
|
_describe -t "f2b_actions_remprops" -V "additional action properties" add_actionproperties
|
|
else
|
|
_nothing
|
|
fi
|
|
}
|
|
|
|
_complete_f2bc_regex() {
|
|
local regex=("${(@f)$(fail2ban-client get $2 ${1}regex 2> /dev/null | sed -n -e 's/[|`]- \[\([0-9]\+\)\]:\s\+/\1:/p')}")
|
|
if [[ -n "${regex[@]}" ]] ; then
|
|
_describe -t "f2b_regex" -V "jail $2 ${1}regex" regex
|
|
else
|
|
_nothing
|
|
fi
|
|
}
|
|
|
|
_complete_f2bc_settings() {
|
|
local setargs=(loglevel logtarget syslogsocket dbfile dbpurgeage)
|
|
_describe -t "f2b_settings" -V "fail2ban-client settings" setargs
|
|
}
|
|
|
|
integer NORMARG
|
|
|
|
_arguments -A "-*" -n \
|
|
'-c[configuration directory]:_files -/' \
|
|
'-s[socket path]:_files' \
|
|
'-p[pidfile path]:_files' \
|
|
'--loglevel[logging level]:(CRITICAL ERROR WARNING, NOTICE INFO, DEBUG, TRACEDEBUG HEAVYDEBUG)' \
|
|
'--logtarget[logging target]:(stdout stderr syslog sysout)' \
|
|
'--syslogsocket:_files' \
|
|
'-d[dump configuration]' \
|
|
'(--dp --dump-pretty)'{--dp,--dump-pretty}'[dump the configuration using more human readable representation]' \
|
|
'(-t --test)'{-t,--test}'[test configuration]' \
|
|
'-i[interactive mode]' \
|
|
'-v[increase verbosity]' \
|
|
'-q[decrease verbosity]' \
|
|
'-x[force execution of the server (remove socket file)]' \
|
|
'-b[start server in background]' \
|
|
'-f[start server in foreground]' \
|
|
'--str2sec[convert time abbreviation format to seconds]:_message str2sec' \
|
|
'(-h --help)'{-h,--help}'[display this help message]' \
|
|
'(-V --version)'{-V,--version}'[print the version]' \
|
|
'1:fail2ban command:_complete_f2bc_cmds' \
|
|
'*:fail2ban command argument:_complete_f2bc_cmdargs'
|
|
|
|
# Local Variables:
|
|
# mode: Shell-Script
|
|
# sh-indentation: 2
|
|
# indent-tabs-mode: nil
|
|
# sh-basic-offset: 2
|
|
# End:
|
|
# vim: set et sw=2 ts=2 ft=zsh:
|