npm - @roflsec/fail2scan - Versions diffs - 0.0.3 → 0.0.5 - Mend

@roflsec/fail2scan 0.0.3 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/bin/daemon.js CHANGED Viewed

@@ -1,346 +1,200 @@
 #!/usr/bin/env node
 'use strict';
-/**
- * Fail2Scan daemon - integrated version
- * - watches fail2ban log for "Ban" events (handles rotation)
- * - extracts IPv4/IPv6
- * - queue with persistence and rescan TTL
- * - fallback output dir if /var/log/fail2scan not writable
- * - single-ip CLI --scan-ip
- *
- * Usage:
- *   fail2scan-daemon --log /var/log/fail2ban.log --out /var/log/fail2scan --concurrency 2 --nmap-args "-sS -Pn -p- -T4 -sV" --quiet
- */
-const fs = require('fs');
-const path = require('path');
-const os = require('os');
+const fs = require('fs'), path = require('path'), os = require('os');
 const { execFile, spawn } = require('child_process');
 const { promisify } = require('util');
 const execFileP = promisify(execFile);
 // -------------------- CLI / CONFIG --------------------
 const argv = process.argv.slice(2);
-function getArg(key, def) {
-  for (let i = 0; i < argv.length; i++) {
-    const a = argv[i];
-    if (a === key && argv[i + 1]) return argv[++i];
-    if (a.startsWith(key + '=')) return a.split('=')[1];
-  }
-  return def;
-}
-if (argv.includes('--help') || argv.includes('-h')) {
-  console.log('Fail2Scan daemon\n--log PATH (default /var/log/fail2ban.log)\n--out PATH (default /var/log/fail2scan)\n--concurrency N (default 1)\n--nmap-args "args" (default "-sS -Pn -p- -T4 -sV")\n--scan-ip IP (do one scan and exit)\n--quiet');
-  process.exit(0);
-}
-const LOG_PATH = getArg('--log', '/var/log/fail2ban.log');
-const OUT_ROOT = getArg('--out', '/var/log/fail2scan');
-const CONCURRENCY = Math.max(1, parseInt(getArg('--concurrency', '1'), 10) || 1);
-const NMAP_ARGS_STR = getArg('--nmap-args', '-sS -Pn -p- -T4 -sV');
-const SINGLE_IP = getArg('--scan-ip', null);
+const getArg = (k,d) => { for(let i=0;i<argv.length;i++){const a=argv[i]; if(a===k&&argv[i+1]) return argv[++i]; if(a.startsWith(k+'=')) return a.split('=')[1]; } return d; };
+if(argv.includes('--help')||argv.includes('-h')){console.log(`Fail2Scan optimized daemon
+--log PATH (default /var/log/fail2ban.log)
+--out PATH (default /var/log/fail2scan)
+--concurrency N (default 1)
+--cores N (override concurrency with CPU cores)
+--nmap-args "args" (default "-sS -Pn -p- -T4 -sV")
+--scan-ip IP (do one scan and exit)
+--quiet
+`); process.exit(0); }
+const LOG_PATH = getArg('--log','/var/log/fail2ban.log');
+const OUT_ROOT = getArg('--out','/var/log/fail2scan');
+const USER_CONCURRENCY = parseInt(getArg('--concurrency','0'),10)||0;
+const CORE_OVERRIDE = parseInt(getArg('--cores','0'),10)||0;
+const NMAP_ARGS_STR = getArg('--nmap-args','-sS -Pn -p- -T4 -sV');
+const SINGLE_IP = getArg('--scan-ip',null);
 const QUIET = argv.includes('--quiet');
+const RESCAN_TTL_SEC = 60*60;
+const STATE_FILE = path.join(os.homedir(),'.fail2scan_state.json');
+const LOG_FILE = path.join(os.homedir(),'.fail2scan.log');
-function log(...args) { if (!QUIET) console.log(new Date().toISOString(), ...args); appendLog(args.join(' ')); }
-// -------------------- small logger to file --------------------
-const STATE_FILE = path.join(os.homedir(), '.fail2scan_state.json');
-const LOG_FILE = path.join(os.homedir(), '.fail2scan.log');
-function appendLog(msg) {
-  try { fs.appendFileSync(LOG_FILE, new Date().toISOString() + ' ' + msg + '\n'); } catch (e) {}
-}
+const log=(...a)=>{if(!QUIET)console.log(new Date().toISOString(),...a); try{fs.appendFileSync(LOG_FILE,new Date().toISOString()+' '+a.join(' ')+'\n');}catch{}};
 // -------------------- utilities --------------------
-function sanitizeFilename(s) { return String(s).replace(/[:\/\\<>?"|* ]+/g, '_'); }
-async function which(bin) { try { await execFileP('which', [bin]); return true; } catch { return false; } }
-async function runCmdCapture(cmd, args, opts = {}) {
-  try {
-    const { stdout, stderr } = await execFileP(cmd, args, { maxBuffer: 1024 * 1024 * 32, ...opts });
-    return { ok: true, stdout: stdout || '', stderr: stderr || '' };
-  } catch (e) {
-    return { ok: false, stdout: (e.stdout || '') + '', stderr: (e.stderr || e.message) + '' };
-  }
-}
-function safeMkdirSyncWithFallback(p) {
-  try { fs.mkdirSync(p, { recursive: true, mode: 0o750 }); return p; }
-  catch (e) {
-    const fallback = path.join('/tmp', 'fail2scan');
-    try { fs.mkdirSync(fallback, { recursive: true, mode: 0o750 }); return fallback; }
-    catch (ee) { throw e; }
-  }
-}
+const sanitizeFilename=s=>String(s).replace(/[:\/\\<>?"|* ]+/g,'_');
+async function which(bin){try{await execFileP('which',[bin]);return true;}catch{return false;}}
+async function runCmdCapture(cmd,args,opts={}){try{const {stdout,stderr}=await execFileP(cmd,args,{maxBuffer:1024*1024*32,...opts}); return {ok:true,stdout:stdout||'',stderr:stderr||''};}catch(e){return {ok:false,stdout:(e.stdout||'')+'',stderr:(e.stderr||e.message)+''};}}
+function safeMkdirSyncWithFallback(p){try{return fs.mkdirSync(p,{recursive:true,mode:0o750})||p}catch(e){const f=path.join('/tmp','fail2scan');try{return fs.mkdirSync(f,{recursive:true,mode:0o750})||f}catch(ee){throw e;}}}
 // -------------------- prerequisites --------------------
-(async function checkTools() {
-  const tools = ['nmap', 'dig', 'whois', 'which'];
-  for (const t of tools) {
-    if (t === 'which') continue;
-    if (!(await which(t))) {
-      console.error(`Missing required binary: ${t}. Please install it (eg: apt install ${t}).`);
-      process.exit(2);
-    }
-  }
-})().catch(e => { console.error('Prereq check failed', e); process.exit(2); });
+(async()=>{for(const t of ['nmap','dig','whois','which']){if(t==='which')continue;if(!(await which(t))){console.error(`Missing required binary: ${t}`);process.exit(2);}}})().catch(e=>{console.error('Prereq check failed',e);process.exit(2);});
-// -------------------- persistence state --------------------
-function loadState() {
-  try {
-    if (fs.existsSync(STATE_FILE)) {
-      const raw = fs.readFileSync(STATE_FILE, 'utf8');
-      const j = JSON.parse(raw);
-      return {
-        seen: new Set(Array.isArray(j.seen) ? j.seen : []),
-        retryAfter: typeof j.retryAfter === 'object' ? j.retryAfter : {}
-      };
-    }
-  } catch (e) {}
-  return { seen: new Set(), retryAfter: {} };
-}
-function saveState(state) {
-  try {
-    const obj = { seen: Array.from(state.seen || []), retryAfter: state.retryAfter || {} };
-    const dir = path.dirname(STATE_FILE);
-    try { fs.mkdirSync(dir, { recursive: true, mode: 0o700 }); } catch (e) {}
-    fs.writeFileSync(STATE_FILE, JSON.stringify(obj, null, 2));
-  } catch (e) {}
-}
-const STATE = loadState();
-const RESCAN_TTL_SEC = 60 * 60; // default 1 hour
+// -------------------- state --------------------
+function loadState(){try{if(fs.existsSync(STATE_FILE)){const j=JSON.parse(fs.readFileSync(STATE_FILE,'utf8'));return{seen:new Set(Array.isArray(j.seen)?j.seen:[]),retryAfter:typeof j.retryAfter==='object'?j.retryAfter:{}};}}catch{}return{seen:new Set(),retryAfter:{}};}
+function saveState(s){try{fs.mkdirSync(path.dirname(STATE_FILE),{recursive:true,mode:0o700});fs.writeFileSync(STATE_FILE,JSON.stringify({seen:Array.from(s.seen||[]),retryAfter:s.retryAfter||{}},null,2));}catch{}}
+const STATE=loadState();
 // -------------------- IP extraction --------------------
-function extractIpFromLine(line) {
-  // prefer strict IPv4
-  const ipv4 = line.match(/\b(?:\d{1,3}\.){3}\d{1,3}\b/);
-  if (ipv4 && ipv4[0]) return ipv4[0];
-  // simple IPv6 match
-  const ipv6 = line.match(/\b([0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4}\b/);
-  if (ipv6 && ipv6[0]) return ipv6[0];
-  return null;
-}
+function extractIpFromLine(line){const v4=line.match(/\b(?:\d{1,3}\.){3}\d{1,3}\b/);if(v4&&v4[0])return v4[0];const v6=line.match(/\b([0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4}\b/);if(v6&&v6[0])return v6[0];return null;}
-// -------------------- Scan implementation --------------------
-function spawnNmap(ip, outDir, nmapArgs) {
+// -------------------- nmap helpers (parallel support) --------------------
+function spawnOneNmap(args, outFile) {
   return new Promise((resolve, reject) => {
-    const outNmap = path.join(outDir, 'nmap.txt');
-    const args = nmapArgs.concat([ip]);
     const proc = spawn('nmap', args, { stdio: ['ignore', 'pipe', 'pipe'] });
-    const outStream = fs.createWriteStream(outNmap, { flags: 'w' });
+    const outStream = fs.createWriteStream(outFile, { flags: 'w' });
     proc.stdout.pipe(outStream);
     let stderr = '';
     proc.stderr.on('data', c => { stderr += c.toString(); });
     proc.on('close', code => {
-      if (stderr) fs.appendFileSync(outNmap, '\n\nSTDERR:\n' + stderr);
+      if (stderr) {
+        try { fs.appendFileSync(outFile, '\n\nSTDERR:\n' + stderr); } catch (e) {}
+      }
       resolve({ code, ok: code === 0 });
     });
     proc.on('error', err => reject(err));
   });
 }
-async function performScan(ip) {
-  const now = new Date();
-  const dateDir = now.toISOString().slice(0, 10);
-  const safeIp = sanitizeFilename(ip);
-  let outDir = path.join(OUT_ROOT, dateDir, `${safeIp}_${now.toISOString().replace(/[:.]/g, '-')}`);
-  try {
-    outDir = path.join(safeMkdirSyncWithFallback(path.dirname(outDir)), path.basename(outDir));
-    fs.mkdirSync(outDir, { recursive: true, mode: 0o750 });
-  } catch (e) {
-    log('Cannot create out dir for', ip, '-', e.message);
-    // schedule quick retry and exit
-    STATE.retryAfter[ip] = Math.floor(Date.now() / 1000) + 60;
-    saveState(STATE);
+async function spawnNmapParallel(ip, outDir, requestedArgs, parts) {
+  // requestedArgs: array of args
+  // if -p- not present, run single nmap
+  if (!requestedArgs.includes('-p-')) {
+    const outNmap = path.join(outDir, 'nmap.txt');
+    await spawnOneNmap([...requestedArgs, ip], outNmap);
     return;
   }
-  const summary = { ip, ts: now.toISOString(), cmds: {} };
+  // decide number of parts
+  const cpuCount = os.cpus() ? os.cpus().length : 1;
+  const numParts = Math.max(1, parts || CORE_OVERRIDE || cpuCount);
+  const portsPer = Math.floor(65535 / numParts);
+  const jobs = [];
+  for (let i = 0; i < numParts; i++) {
+    const start = 1 + i * portsPer;
+    const end = (i === numParts - 1) ? 65535 : ((i + 1) * portsPer);
+    const subdir = path.join(outDir, `part-${i}`);
+    try { fs.mkdirSync(subdir, { recursive: true, mode: 0o750 }); } catch (e) {}
+    const outNmap = path.join(subdir, 'nmap.txt');
+    const portArg = `-p${start}-${end}`;
+    // replace '-p-' with '-pstart-end' in requestedArgs
+    const args = requestedArgs.map(a => a === '-p-' ? portArg : a).concat([ip]);
+    jobs.push(spawnOneNmap(args, outNmap));
+  }
-  // choose nmap args and adapt if not root
-  const requested = NMAP_ARGS_STR.trim().split(/\s+/).filter(Boolean);
-  const isRoot = (typeof process.getuid === 'function' && process.getuid() === 0);
-  const nmapArgs = requested.map(a => (!isRoot && a === '-sS') ? '-sT' : a);
+  // await all parts
+  await Promise.all(jobs);
-  try {
-    log('Running nmap on', ip, 'args:', nmapArgs.join(' '));
-    await spawnNmap(ip, outDir, nmapArgs);
-    summary.cmds.nmap = { ok: true, args: nmapArgs.join(' '), path: 'nmap.txt' };
-  } catch (e) {
-    log('nmap failed for', ip, e.message);
-    summary.cmds.nmap = { ok: false, err: e.message };
+  // merge outputs into single nmap.txt (preserve order)
+  const partsContent = [];
+  for (let i = 0; i < numParts; i++) {
+    const fn = path.join(outDir, `part-${i}`, 'nmap.txt');
+    try {
+      if (fs.existsSync(fn)) partsContent.push(fs.readFileSync(fn, 'utf8'));
+    } catch (e) {}
   }
+  try { fs.writeFileSync(path.join(outDir, 'nmap.txt'), partsContent.join('\n\n--- PART ---\n\n')); } catch (e) {}
+}
-  // dig
-  try {
-    const dig = await runCmdCapture('dig', ['-x', ip, '+short']);
-    fs.writeFileSync(path.join(outDir, 'dig.txt'), (dig.stdout || '') + (dig.stderr ? '\n\nSTDERR:\n' + dig.stderr : ''));
-    summary.cmds.dig = { ok: dig.ok, path: 'dig.txt' };
-  } catch (e) { summary.cmds.dig = { ok: false, err: e.message }; }
-  // whois
-  try {
-    const who = await runCmdCapture('whois', [ip]);
-    fs.writeFileSync(path.join(outDir, 'whois.txt'), (who.stdout || '') + (who.stderr ? '\n\nSTDERR:\n' + who.stderr : ''));
-    summary.cmds.whois = { ok: who.ok, path: 'whois.txt' };
-  } catch (e) { summary.cmds.whois = { ok: false, err: e.message }; }
+// wrapper used by performScan
+async function runNmap(ip, outDir, requestedArgs) {
+  // adapt -sS -> -sT if not root
+  const isRoot = (typeof process.getuid === 'function' && process.getuid() === 0);
+  const args = requestedArgs.map(a => (!isRoot && a === '-sS') ? '-sT' : a);
-  // minimal parse for open ports
-  try {
-    const nmapTxt = fs.readFileSync(path.join(outDir, 'nmap.txt'), 'utf8');
-    const open = nmapTxt.split(/\r?\n/).filter(l => /^\d+\/tcp\s+open/.test(l)).map(l => l.trim());
-    summary.open_ports = open;
-  } catch (e) { summary.open_ports = []; }
+  // if user explicitly set a small host-timeout, keep it; otherwise let parallel jobs share same requested args
+  // decide parts from CORE_OVERRIDE or cpu
+  const cpuCount = os.cpus() ? os.cpus().length : 1;
+  const parts = CORE_OVERRIDE || cpuCount;
-  fs.writeFileSync(path.join(outDir, 'summary.json'), JSON.stringify(summary, null, 2));
-  try { fs.chmodSync(outDir, 0o750); } catch (e) {}
-  log('Scan written for', ip, '->', outDir);
+  // if args include -p- -> use parallel split, else single
+  await spawnNmapParallel(ip, outDir, args, parts);
 }
-// -------------------- Queue with concurrency and TTL --------------------
-class ScanQueue {
-  constructor(concurrency = 1) {
-    this.concurrency = concurrency;
-    this.running = 0;
-    this.q = [];
-    this.set = STATE.seen; // persistent set
+// -------------------- scan --------------------
+async function performScan(ip){
+  const now=new Date(),dateDir=now.toISOString().slice(0,10),safeIp=sanitizeFilename(ip);
+  let outDir=path.join(OUT_ROOT,dateDir,`${safeIp}_${now.toISOString().replace(/[:.]/g,'-')}`);
+  outDir=path.join(safeMkdirSyncWithFallback(path.dirname(outDir)),path.basename(outDir));
+  try { fs.mkdirSync(outDir,{recursive:true,mode:0o750}); } catch (e) {}
+  const summary={ip,ts:now.toISOString(),cmds:{}};
+  const requested=NMAP_ARGS_STR.trim().split(/\s+/).filter(Boolean);
+  try{
+    log('Running nmap on',ip,'args:',requested.join(' '));
+    await runNmap(ip, outDir, requested);
+    summary.cmds.nmap = { ok: true, args: requested.join(' '), path: 'nmap.txt' };
+  } catch(e){
+    log('nmap failed for',ip, e && e.message ? e.message : e);
+    summary.cmds.nmap = { ok: false, err: e && e.message ? e.message : String(e) };
   }
-  push(ip) {
-    const now = Math.floor(Date.now() / 1000);
-    const next = STATE.retryAfter[ip] || 0;
-    if (this.set.has(ip) && next > now) {
-      log('IP already queued or running (TTL not expired):', ip);
-      return;
-    }
-    if (this.set.has(ip) && next <= now) {
-      log('Re-queueing after TTL:', ip);
-      this.set.delete(ip);
-    }
-    this.set.add(ip);
-    STATE.seen = this.set;
-    saveState(STATE);
-    this.q.push(ip);
-    this._next();
+  try{ const dig = await runCmdCapture('dig',['-x',ip,'+short']); fs.writeFileSync(path.join(outDir,'dig.txt'),(dig.stdout||'') + (dig.stderr?'\n\nSTDERR:\n'+dig.stderr:'')); summary.cmds.dig = { ok: dig.ok, path: 'dig.txt' }; } catch(e){ summary.cmds.dig = { ok:false, err: e && e.message ? e.message : String(e) }; }
+  try{ const who = await runCmdCapture('whois',[ip]); fs.writeFileSync(path.join(outDir,'whois.txt'),(who.stdout||'') + (who.stderr?'\n\nSTDERR:\n'+who.stderr:'')); summary.cmds.whois = { ok: who.ok, path: 'whois.txt' }; } catch(e){ summary.cmds.whois = { ok:false, err: e && e.message ? e.message : String(e) }; }
+  try{ const nmapTxt = fs.readFileSync(path.join(outDir,'nmap.txt'),'utf8'); summary.open_ports = nmapTxt.split(/\r?\n/).filter(l=>/^\d+\/tcp\s+open/.test(l)).map(l=>l.trim()); } catch(e){ summary.open_ports = []; }
+  try{ fs.writeFileSync(path.join(outDir,'summary.json'),JSON.stringify(summary,null,2)); } catch (e) {}
+  try{ fs.chmodSync(outDir,0o750); } catch (e) {}
+  log('Scan written for',ip,'->',outDir);
+}
+// -------------------- queue optimized --------------------
+class ScanQueue{
+  constructor(concurrency=1){this.concurrency=concurrency;this.running=0;this.q=[];this.set=STATE.seen;this.tmpCache=new Set();}
+  push(ip){
+    const now=Math.floor(Date.now()/1000),next=STATE.retryAfter[ip]||0;
+    if((this.set.has(ip)&&next>now)||this.tmpCache.has(ip)){log('IP already queued or running (TTL/cache):',ip);return;}
+    if(this.set.has(ip)&&next<=now)log('Re-queueing after TTL:',ip),this.set.delete(ip);
+    this.set.add(ip);STATE.seen=this.set;saveState(STATE);
+    this.q.push(ip);this.tmpCache.add(ip);this._next();
   }
-  _next() {
-    if (this.running >= this.concurrency) return;
-    const ip = this.q.shift();
-    if (!ip) return;
+  _next(){
+    if(this.running>=this.concurrency)return;
+    const ip=this.q.shift();if(!ip)return;
     this.running++;
-    (async () => {
-      try {
-        log('Scanning', ip);
-        await performScan(ip);
-        log('Done', ip);
-      } catch (e) {
-        log('Error scanning', ip, e && e.message ? e.message : e);
-      } finally {
-        STATE.retryAfter[ip] = Math.floor(Date.now() / 1000) + RESCAN_TTL_SEC;
+    (async()=>{
+      try{log('Scanning',ip);await performScan(ip);log('Done',ip);}
+      catch(e){log('Error scanning',ip,e.message||e);}
+      finally{
+        STATE.retryAfter[ip]=Math.floor(Date.now()/1000)+RESCAN_TTL_SEC;
         saveState(STATE);
-        this.set.delete(ip); // allow future re-queue after TTL (state still records retryAfter)
-        this.running--;
-        setImmediate(() => this._next());
+        this.set.delete(ip);this.tmpCache.delete(ip);
+        this.running--;setImmediate(()=>this._next());
       }
     })();
+    setImmediate(()=>this._next());
   }
 }
-// -------------------- File tail (watch + read new lines, handle rotation) --------------------
-class FileTail {
-  constructor(filePath, onLine) {
-    this.filePath = filePath;
-    this.onLine = onLine;
-    this.pos = 0;
-    this.inode = null;
-    this.buf = '';
-    this.watch = null;
-    this.start();
-  }
-  start() {
-    try {
-      const st = fs.statSync(this.filePath);
-      this.inode = st.ino;
-      this.pos = st.size;
-    } catch (e) {
-      this.inode = null;
-      this.pos = 0;
-    }
-    this._watch();
-    // try initial read (if file exists and appended)
-    this._readNew().catch(()=>{});
-  }
-  _watch() {
-    try {
-      this.watch = fs.watch(this.filePath, { persistent: true }, async () => {
-        try {
-          let st;
-          try { st = fs.statSync(this.filePath); } catch { st = null; }
-          if (!st) { this.inode = null; this.pos = 0; return; }
-          if (this.inode !== null && st.ino !== this.inode) { // rotated
-            this.inode = st.ino;
-            this.pos = 0;
-          } else if (this.inode === null) {
-            this.inode = st.ino;
-            this.pos = 0;
-          }
-          await this._readNew();
-        } catch (e) { /* ignore transient */ }
-      });
-    } catch (e) { log('fs.watch failed:', e.message); }
-  }
-  async _readNew() {
-    try {
-      const st = fs.statSync(this.filePath);
-      if (st.size < this.pos) this.pos = 0;
-      if (st.size === this.pos) return;
-      const stream = fs.createReadStream(this.filePath, { start: this.pos, end: st.size - 1, encoding: 'utf8' });
-      for await (const chunk of stream) {
-        this.buf += chunk;
-        let idx;
-        while ((idx = this.buf.indexOf('\n')) >= 0) {
-          const line = this.buf.slice(0, idx);
-          this.buf = this.buf.slice(idx + 1);
-          if (line.trim()) this.onLine(line);
-        }
-      }
-      this.pos = st.size;
-    } catch (e) { /* ignore */ }
-  }
-  close() { try { if (this.watch) this.watch.close(); } catch (e) {} }
-}
-// -------------------- Main startup --------------------
-if (SINGLE_IP) {
-  (async () => {
-    const q = new ScanQueue(CONCURRENCY);
-    q.push(SINGLE_IP);
-  })();
-  return;
-}
-const q = new ScanQueue(CONCURRENCY);
-log('Fail2Scan started. Watching', LOG_PATH, ' -> output', OUT_ROOT, 'concurrency', CONCURRENCY);
+// -------------------- main --------------------
+if(SINGLE_IP){(async()=>{const q=new ScanQueue(CORE_OVERRIDE||USER_CONCURRENCY||1);q.push(SINGLE_IP);})();return;}
+const concurrency = CORE_OVERRIDE||USER_CONCURRENCY||os.cpus().length||1;
+const q = new ScanQueue(concurrency);
+log(`Fail2Scan started. Watching ${LOG_PATH} -> output ${OUT_ROOT}, concurrency ${concurrency}`);
-// On each new line, extract IP and push to queue if Ban detected
 const BAN_RE = /\bBan\b/i;
-const tail = new FileTail(LOG_PATH, (line) => {
-  try {
-    if (!BAN_RE.test(line)) return;
-    const ip = extractIpFromLine(line);
-    if (!ip) return;
-    q.push(ip);
-  } catch (e) { log('onLine handler error', e && e.message ? e.message : e); }
-});
-// graceful shutdown
-function shutdown() {
-  log('Shutting down Fail2Scan...');
-  tail.close();
-  // wait briefly for running tasks
-  const start = Date.now();
-  const wait = () => {
-    if (q.running === 0 || Date.now() - start > 10000) process.exit(0);
-    setTimeout(wait, 500);
-  };
-  wait();
+class FileTail{
+  constructor(filePath,onLine){this.filePath=filePath;this.onLine=onLine;this.pos=0;this.inode=null;this.buf='';this.watch=null;this.start();}
+  start(){try{const st=fs.statSync(this.filePath);this.inode=st.ino;this.pos=st.size;}catch{this.inode=null;this.pos=0;}this._watch();this._readNew().catch(()=>{});}
+  _watch(){try{this.watch=fs.watch(this.filePath,{persistent:true},async()=>{try{const st=fs.statSync(this.filePath);if(!st){this.inode=null;this.pos=0;return;}if(this.inode!==null&&st.ino!==this.inode)this.inode=st.ino,this.pos=0;else if(this.inode===null)this.inode=st.ino,this.pos=0;await this._readNew();}catch{}});}catch(e){log('fs.watch failed:',e.message);}}
+  async _readNew(){try{const st=fs.statSync(this.filePath);if(st.size<this.pos)this.pos=0;if(st.size===this.pos)return;const stream=fs.createReadStream(this.filePath,{start:this.pos,end:st.size-1,encoding:'utf8'});for await(const chunk of stream){this.buf+=chunk;let idx;while((idx=this.buf.indexOf('\n'))>=0){const line=this.buf.slice(0,idx);this.buf=this.buf.slice(idx+1);if(line.trim())this.onLine(line);}}this.pos=st.size;}catch{}}
+  close(){try{this.watch?.close();}catch{}}
 }
-process.on('SIGINT', shutdown);
-process.on('SIGTERM', shutdown);
+const tail=new FileTail(LOG_PATH,line=>{try{if(!BAN_RE.test(line))return;const ip=extractIpFromLine(line);if(!ip)return;q.push(ip);}catch(e){log('onLine handler error',e.message||e);}});
+function shutdown(){log('Shutting down Fail2Scan...');tail.close();const start=Date.now();const wait=()=>{if(q.running===0||Date.now()-start>10000)process.exit(0);setTimeout(wait,500);};wait();}
+process.on('SIGINT',shutdown);
+process.on('SIGTERM',shutdown);

package/bin/old.daemon.js ADDED Viewed

@@ -0,0 +1,346 @@
+#!/usr/bin/env node
+'use strict';
+/**
+ * Fail2Scan daemon - integrated version
+ * - watches fail2ban log for "Ban" events (handles rotation)
+ * - extracts IPv4/IPv6
+ * - queue with persistence and rescan TTL
+ * - fallback output dir if /var/log/fail2scan not writable
+ * - single-ip CLI --scan-ip
+ *
+ * Usage:
+ *   fail2scan-daemon --log /var/log/fail2ban.log --out /var/log/fail2scan --concurrency 2 --nmap-args "-sS -Pn -p- -T4 -sV" --quiet
+ */
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const { execFile, spawn } = require('child_process');
+const { promisify } = require('util');
+const execFileP = promisify(execFile);
+// -------------------- CLI / CONFIG --------------------
+const argv = process.argv.slice(2);
+function getArg(key, def) {
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (a === key && argv[i + 1]) return argv[++i];
+    if (a.startsWith(key + '=')) return a.split('=')[1];
+  }
+  return def;
+}
+if (argv.includes('--help') || argv.includes('-h')) {
+  console.log('Fail2Scan daemon\n--log PATH (default /var/log/fail2ban.log)\n--out PATH (default /var/log/fail2scan)\n--concurrency N (default 1)\n--nmap-args "args" (default "-sS -Pn -p- -T4 -sV")\n--scan-ip IP (do one scan and exit)\n--quiet');
+  process.exit(0);
+}
+const LOG_PATH = getArg('--log', '/var/log/fail2ban.log');
+const OUT_ROOT = getArg('--out', '/var/log/fail2scan');
+const CONCURRENCY = Math.max(1, parseInt(getArg('--concurrency', '1'), 10) || 1);
+const NMAP_ARGS_STR = getArg('--nmap-args', '-sS -Pn -p- -T4 -sV');
+const SINGLE_IP = getArg('--scan-ip', null);
+const QUIET = argv.includes('--quiet');
+function log(...args) { if (!QUIET) console.log(new Date().toISOString(), ...args); appendLog(args.join(' ')); }
+// -------------------- small logger to file --------------------
+const STATE_FILE = path.join(os.homedir(), '.fail2scan_state.json');
+const LOG_FILE = path.join(os.homedir(), '.fail2scan.log');
+function appendLog(msg) {
+  try { fs.appendFileSync(LOG_FILE, new Date().toISOString() + ' ' + msg + '\n'); } catch (e) {}
+}
+// -------------------- utilities --------------------
+function sanitizeFilename(s) { return String(s).replace(/[:\/\\<>?"|* ]+/g, '_'); }
+async function which(bin) { try { await execFileP('which', [bin]); return true; } catch { return false; } }
+async function runCmdCapture(cmd, args, opts = {}) {
+  try {
+    const { stdout, stderr } = await execFileP(cmd, args, { maxBuffer: 1024 * 1024 * 32, ...opts });
+    return { ok: true, stdout: stdout || '', stderr: stderr || '' };
+  } catch (e) {
+    return { ok: false, stdout: (e.stdout || '') + '', stderr: (e.stderr || e.message) + '' };
+  }
+}
+function safeMkdirSyncWithFallback(p) {
+  try { fs.mkdirSync(p, { recursive: true, mode: 0o750 }); return p; }
+  catch (e) {
+    const fallback = path.join('/tmp', 'fail2scan');
+    try { fs.mkdirSync(fallback, { recursive: true, mode: 0o750 }); return fallback; }
+    catch (ee) { throw e; }
+  }
+}
+// -------------------- prerequisites --------------------
+(async function checkTools() {
+  const tools = ['nmap', 'dig', 'whois', 'which'];
+  for (const t of tools) {
+    if (t === 'which') continue;
+    if (!(await which(t))) {
+      console.error(`Missing required binary: ${t}. Please install it (eg: apt install ${t}).`);
+      process.exit(2);
+    }
+  }
+})().catch(e => { console.error('Prereq check failed', e); process.exit(2); });
+// -------------------- persistence state --------------------
+function loadState() {
+  try {
+    if (fs.existsSync(STATE_FILE)) {
+      const raw = fs.readFileSync(STATE_FILE, 'utf8');
+      const j = JSON.parse(raw);
+      return {
+        seen: new Set(Array.isArray(j.seen) ? j.seen : []),
+        retryAfter: typeof j.retryAfter === 'object' ? j.retryAfter : {}
+      };
+    }
+  } catch (e) {}
+  return { seen: new Set(), retryAfter: {} };
+}
+function saveState(state) {
+  try {
+    const obj = { seen: Array.from(state.seen || []), retryAfter: state.retryAfter || {} };
+    const dir = path.dirname(STATE_FILE);
+    try { fs.mkdirSync(dir, { recursive: true, mode: 0o700 }); } catch (e) {}
+    fs.writeFileSync(STATE_FILE, JSON.stringify(obj, null, 2));
+  } catch (e) {}
+}
+const STATE = loadState();
+const RESCAN_TTL_SEC = 60 * 60; // default 1 hour
+// -------------------- IP extraction --------------------
+function extractIpFromLine(line) {
+  // prefer strict IPv4
+  const ipv4 = line.match(/\b(?:\d{1,3}\.){3}\d{1,3}\b/);
+  if (ipv4 && ipv4[0]) return ipv4[0];
+  // simple IPv6 match
+  const ipv6 = line.match(/\b([0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4}\b/);
+  if (ipv6 && ipv6[0]) return ipv6[0];
+  return null;
+}
+// -------------------- Scan implementation --------------------
+function spawnNmap(ip, outDir, nmapArgs) {
+  return new Promise((resolve, reject) => {
+    const outNmap = path.join(outDir, 'nmap.txt');
+    const args = nmapArgs.concat([ip]);
+    const proc = spawn('nmap', args, { stdio: ['ignore', 'pipe', 'pipe'] });
+    const outStream = fs.createWriteStream(outNmap, { flags: 'w' });
+    proc.stdout.pipe(outStream);
+    let stderr = '';
+    proc.stderr.on('data', c => { stderr += c.toString(); });
+    proc.on('close', code => {
+      if (stderr) fs.appendFileSync(outNmap, '\n\nSTDERR:\n' + stderr);
+      resolve({ code, ok: code === 0 });
+    });
+    proc.on('error', err => reject(err));
+  });
+}
+async function performScan(ip) {
+  const now = new Date();
+  const dateDir = now.toISOString().slice(0, 10);
+  const safeIp = sanitizeFilename(ip);
+  let outDir = path.join(OUT_ROOT, dateDir, `${safeIp}_${now.toISOString().replace(/[:.]/g, '-')}`);
+  try {
+    outDir = path.join(safeMkdirSyncWithFallback(path.dirname(outDir)), path.basename(outDir));
+    fs.mkdirSync(outDir, { recursive: true, mode: 0o750 });
+  } catch (e) {
+    log('Cannot create out dir for', ip, '-', e.message);
+    // schedule quick retry and exit
+    STATE.retryAfter[ip] = Math.floor(Date.now() / 1000) + 60;
+    saveState(STATE);
+    return;
+  }
+  const summary = { ip, ts: now.toISOString(), cmds: {} };
+  // choose nmap args and adapt if not root
+  const requested = NMAP_ARGS_STR.trim().split(/\s+/).filter(Boolean);
+  const isRoot = (typeof process.getuid === 'function' && process.getuid() === 0);
+  const nmapArgs = requested.map(a => (!isRoot && a === '-sS') ? '-sT' : a);
+  try {
+    log('Running nmap on', ip, 'args:', nmapArgs.join(' '));
+    await spawnNmap(ip, outDir, nmapArgs);
+    summary.cmds.nmap = { ok: true, args: nmapArgs.join(' '), path: 'nmap.txt' };
+  } catch (e) {
+    log('nmap failed for', ip, e.message);
+    summary.cmds.nmap = { ok: false, err: e.message };
+  }
+  // dig
+  try {
+    const dig = await runCmdCapture('dig', ['-x', ip, '+short']);
+    fs.writeFileSync(path.join(outDir, 'dig.txt'), (dig.stdout || '') + (dig.stderr ? '\n\nSTDERR:\n' + dig.stderr : ''));
+    summary.cmds.dig = { ok: dig.ok, path: 'dig.txt' };
+  } catch (e) { summary.cmds.dig = { ok: false, err: e.message }; }
+  // whois
+  try {
+    const who = await runCmdCapture('whois', [ip]);
+    fs.writeFileSync(path.join(outDir, 'whois.txt'), (who.stdout || '') + (who.stderr ? '\n\nSTDERR:\n' + who.stderr : ''));
+    summary.cmds.whois = { ok: who.ok, path: 'whois.txt' };
+  } catch (e) { summary.cmds.whois = { ok: false, err: e.message }; }
+  // minimal parse for open ports
+  try {
+    const nmapTxt = fs.readFileSync(path.join(outDir, 'nmap.txt'), 'utf8');
+    const open = nmapTxt.split(/\r?\n/).filter(l => /^\d+\/tcp\s+open/.test(l)).map(l => l.trim());
+    summary.open_ports = open;
+  } catch (e) { summary.open_ports = []; }
+  fs.writeFileSync(path.join(outDir, 'summary.json'), JSON.stringify(summary, null, 2));
+  try { fs.chmodSync(outDir, 0o750); } catch (e) {}
+  log('Scan written for', ip, '->', outDir);
+}
+// -------------------- Queue with concurrency and TTL --------------------
+class ScanQueue {
+  constructor(concurrency = 1) {
+    this.concurrency = concurrency;
+    this.running = 0;
+    this.q = [];
+    this.set = STATE.seen; // persistent set
+  }
+  push(ip) {
+    const now = Math.floor(Date.now() / 1000);
+    const next = STATE.retryAfter[ip] || 0;
+    if (this.set.has(ip) && next > now) {
+      log('IP already queued or running (TTL not expired):', ip);
+      return;
+    }
+    if (this.set.has(ip) && next <= now) {
+      log('Re-queueing after TTL:', ip);
+      this.set.delete(ip);
+    }
+    this.set.add(ip);
+    STATE.seen = this.set;
+    saveState(STATE);
+    this.q.push(ip);
+    this._next();
+  }
+  _next() {
+    if (this.running >= this.concurrency) return;
+    const ip = this.q.shift();
+    if (!ip) return;
+    this.running++;
+    (async () => {
+      try {
+        log('Scanning', ip);
+        await performScan(ip);
+        log('Done', ip);
+      } catch (e) {
+        log('Error scanning', ip, e && e.message ? e.message : e);
+      } finally {
+        STATE.retryAfter[ip] = Math.floor(Date.now() / 1000) + RESCAN_TTL_SEC;
+        saveState(STATE);
+        this.set.delete(ip); // allow future re-queue after TTL (state still records retryAfter)
+        this.running--;
+        setImmediate(() => this._next());
+      }
+    })();
+  }
+}
+// -------------------- File tail (watch + read new lines, handle rotation) --------------------
+class FileTail {
+  constructor(filePath, onLine) {
+    this.filePath = filePath;
+    this.onLine = onLine;
+    this.pos = 0;
+    this.inode = null;
+    this.buf = '';
+    this.watch = null;
+    this.start();
+  }
+  start() {
+    try {
+      const st = fs.statSync(this.filePath);
+      this.inode = st.ino;
+      this.pos = st.size;
+    } catch (e) {
+      this.inode = null;
+      this.pos = 0;
+    }
+    this._watch();
+    // try initial read (if file exists and appended)
+    this._readNew().catch(()=>{});
+  }
+  _watch() {
+    try {
+      this.watch = fs.watch(this.filePath, { persistent: true }, async () => {
+        try {
+          let st;
+          try { st = fs.statSync(this.filePath); } catch { st = null; }
+          if (!st) { this.inode = null; this.pos = 0; return; }
+          if (this.inode !== null && st.ino !== this.inode) { // rotated
+            this.inode = st.ino;
+            this.pos = 0;
+          } else if (this.inode === null) {
+            this.inode = st.ino;
+            this.pos = 0;
+          }
+          await this._readNew();
+        } catch (e) { /* ignore transient */ }
+      });
+    } catch (e) { log('fs.watch failed:', e.message); }
+  }
+  async _readNew() {
+    try {
+      const st = fs.statSync(this.filePath);
+      if (st.size < this.pos) this.pos = 0;
+      if (st.size === this.pos) return;
+      const stream = fs.createReadStream(this.filePath, { start: this.pos, end: st.size - 1, encoding: 'utf8' });
+      for await (const chunk of stream) {
+        this.buf += chunk;
+        let idx;
+        while ((idx = this.buf.indexOf('\n')) >= 0) {
+          const line = this.buf.slice(0, idx);
+          this.buf = this.buf.slice(idx + 1);
+          if (line.trim()) this.onLine(line);
+        }
+      }
+      this.pos = st.size;
+    } catch (e) { /* ignore */ }
+  }
+  close() { try { if (this.watch) this.watch.close(); } catch (e) {} }
+}
+// -------------------- Main startup --------------------
+if (SINGLE_IP) {
+  (async () => {
+    const q = new ScanQueue(CONCURRENCY);
+    q.push(SINGLE_IP);
+  })();
+  return;
+}
+const q = new ScanQueue(CONCURRENCY);
+log('Fail2Scan started. Watching', LOG_PATH, ' -> output', OUT_ROOT, 'concurrency', CONCURRENCY);
+// On each new line, extract IP and push to queue if Ban detected
+const BAN_RE = /\bBan\b/i;
+const tail = new FileTail(LOG_PATH, (line) => {
+  try {
+    if (!BAN_RE.test(line)) return;
+    const ip = extractIpFromLine(line);
+    if (!ip) return;
+    q.push(ip);
+  } catch (e) { log('onLine handler error', e && e.message ? e.message : e); }
+});
+// graceful shutdown
+function shutdown() {
+  log('Shutting down Fail2Scan...');
+  tail.close();
+  // wait briefly for running tasks
+  const start = Date.now();
+  const wait = () => {
+    if (q.running === 0 || Date.now() - start > 10000) process.exit(0);
+    setTimeout(wait, 500);
+  };
+  wait();
+}
+process.on('SIGINT', shutdown);
+process.on('SIGTERM', shutdown);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@roflsec/fail2scan",
-  "version": "0.0.3",
+  "version": "0.0.5",
   "description": "Fail2Scan daemon - watches fail2ban logs and scans banned IPs using nmap, dig and whois.",
   "bin": {
     "fail2scan-daemon": "./bin/daemon.js"