escalation

package
v1.136.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2026 License: MPL-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddToPersistentOffenders 

func AddToPersistentOffenders(confPath, ip, reason string) error

AddToPersistentOffenders adds an IP to the persistent offenders config file

func CountRecentBans 

func CountRecentBans(logPath, ip string, period time.Duration) (int, error)

CountRecentBans counts how many times an IP was banned in the given period

func LogPersistentOffender 

func LogPersistentOffender(logPath, ip, jail string, banCount int) error

LogPersistentOffender logs to persistent-offenders.log

func LogTempBan 

func LogTempBan(logPath, ip, jail, reason string) error

LogTempBan logs a temporary ban to the tracking file for escalation tracking.

V127 UX-3 item 2.4 (A1 facade convergence): Pre-V127 this function wrote a SPACE-DELIMITED legacy format ("2025-11-27T10:00:00Z 1.2.3.4 nftban-sshd SSH brute force") to logPath. Callers passed cfg.BanLog (= /var/log/nftban/bans.log), which is the SAME file internal/banlog/banlog.go::writeEntryFull writes in BLC-1 pipe format to — producing interleaved mixed-format rows that broke nftban stats recent (audit item 2.4).

LogTempBan is RETAINED as a backward-compatibility facade so existing call sites (cmd/nftban-core/cmd_ban.go, cmd/nftband/daemon_handlers_ban.go, and any future callers) keep their unchanged signature, but the body now delegates to banlog.LogBanFull so bans.log has ONE writer path and ONE canonical 10-field BLC-1 pipe format.

Any future caller of LogTempBan automatically gets BLC-1 — the legacy space-delimited format CANNOT reappear unless this function is rewritten or a new direct-write code path is added (regression test guards against that). For new code, prefer calling banlog.LogBanFull directly with an explicit BanClass; reach for LogTempBan only when wrapping an existing jail/reason-pair shape from legacy escalation callers.

The logPath parameter is preserved in the signature for backward compatibility but is NOT used — banlog routes to the canonical path via nftbanconf.MustLoadPaths(). If a legacy caller passes a non-canonical path, the entry STILL lands in /var/log/nftban/bans.log (intentional — the convergence is the whole point).

(Scope: AUDIT_190_LIFECYCLE/V127_FULL_UX_CORRECTION_UMBRELLA_SCOPE.md UX-3 item 2.4)

Types

type BanEntry 

type BanEntry struct {
	Timestamp time.Time
	IP        string
	Jail      string
	Reason    string
}

BanEntry represents a ban logged in bans.log (v1.0: removed fail2ban prefix)

type Config 

type Config struct {
	GlobalThreshold int
	GlobalPeriod    time.Duration
	GlobalAction    string
	Enabled         bool

	BanLog        string
	OffendersLog  string
	OffendersConf string

	// Per-filter thresholds (v1.0: renamed from jail)
	Filters map[string]*FilterConfig
}

Config holds persistent offender configuration

func LoadConfig 

func LoadConfig(configDir string) (*Config, error)

LoadConfig loads persistent offender configuration from files Removed: fail2ban.conf references (v1.0 migration to Suricata) .local settings override defaults

func (*Config) GetFilterConfig 

func (c *Config) GetFilterConfig(filterName string) *FilterConfig

GetFilterConfig returns configuration for a specific filter (v1.0: renamed from GetJailConfig) If filter not found, returns global defaults

type FilterConfig 

type FilterConfig struct {
	Name      string
	Threshold int
	Period    time.Duration
	Action    string
	Comment   string
}

FilterConfig holds configuration for a specific filter (v1.0: renamed from JailConfig)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.