From: Yaroslav H. <li...@on...> - 2011-11-08 05:31:22
|
Motivated by Tom's feedback/contribution on introducing <matches> I have pushed it into the main fail2ban repository's master. Since 0.8.5 there were few changes but as Tom points out it might be worth of a new release but we need testing (I will upload current master into debian unstable some time as well). Besides some cruel typos and 'matches' handling it should be as stable (or even much better in case of multiple jails) than 0.8.4 -- so get it while it is hot: https://github.com/fail2ban/fail2ban -- clone (somewhat easier and better to contribute back) or download. So, brief summary of changes since 0.8.5: * major one: 3a58d0e Lock server's executeCmd to prevent racing among iptables callIs many kudos go to Michael Saavedra for elegantly addressing long standing issue ;) * few fixups in testing framework, * added <matches> into actions * modelines all around for emacs/vim to ease contribution work outside of codebase: * Yehuda helped a lot to bring sanity to wiki. detailed log: $> git lg 0.8.5.. * 22b7007 - (HEAD, origin/master, origin/_tent/matches_info, gh-yarikoptic/master, gh-yarikoptic/_tent/matches_info, master, _tent/matches_info) format output of matches data. (4 minutes ago) [Tom Hendrikx] * 344effb - ENH: minor unittest to see if tickets carry correct 'matches' (4 weeks ago) [Yaroslav Halchenko] * de8786d - ENH: introduced usa of Ticket.__matches throughout (4 weeks ago) [Yaroslav Halchenko] * b52d420 - ENH: added 'matches' to the Ticket(s) and deprecated "custom" constructors for derived *Tickets (4 weeks ago) [Yaroslav Halchenko] * ed6daa7 - ENH: modelines for emacs and vim to assure consistent indentation scheme (tabs) (4 weeks ago) [Yaroslav Halchenko] * 19c9ac4 - ENH: failmanager -- additional debug message about # of known failures (4 weeks ago) [Yaroslav Halchenko] * 1674b7b - ENH: rudimentary __str__ for the ticket (4 weeks ago) [Yaroslav Halchenko] * 94aa94e - ENH: more human-accessible printout of the dates if any comparison fails (4 weeks ago) [Yaroslav Halchenko] * 6641b1c - ENH: few debug messages and use MyTime.localtime instead of straight time.time (4 weeks ago) [Yaroslav Halchenko] * b6d50c1 - ENH: Added localtime() to MyTime (4 weeks ago) [Yaroslav Halchenko] * 5a2d518 - BF: set TZ to CEST while unittesting so dates matching would work (4 weeks ago) [Yaroslav Halchenko] * 08fced9 - ENH: added a .pylintrc to help with consistent appearance and catch obvious problems (5 weeks ago) [Yaroslav Halchenko] * ec4fda8 - Removed Subversion keyword (5 weeks ago) [Cyril Jaquier] * 877de0d - adjusted the version in README to match the most recent "release" 0.8.5 (5 weeks ago) [Yaroslav Halchenko] * 90167a1 - DOC: moved THANKS into a THANKS file for better visibility, concise README (5 weeks ago) [Yaroslav Halchenko] * c321593 - Thank Yehuda for all his work on bringing sanity to wiki (5 weeks ago) [Yaroslav Halchenko] * 3152afb - Recognise time-stamped kernel messages (6 weeks ago) [Adam Spiers] * 3a58d0e - BF: Lock server's executeCmd to prevent racing among iptables calls (Closes: #554162) (6 weeks ago) [Yaroslav Halchenko] * 3eb5e3b - BF: Allow for trailing spaces in sasl logs (3 months ago) [Yaroslav Halchenko] Cheers! On Tue, 08 Nov 2011, Yaroslav Halchenko wrote: > Hi Tom, > Thanks for giving it a shout!!! not sure why it didn't apply nicely on > top of 0.8.4 but indeed it might have been a while ;) for the patch -- > looks good to me ... I will either 'git am' it or feel free to send a > pull request.... I am bit "under the rain" at the moment and will be at > a conference till end of next week > as for release -- > since there were no objections or further recommendations on having > <matches> -- let's merge this branch (with our patch) in, let > people drive it and if everything is splendid -- release it to be ;-) > On Mon, 07 Nov 2011, Tom Hendrikx wrote: > > > I just deployed this on a host, and it looks fine. The single nitpick I > > > have is that the output is an unformatted python list: > > > ['log line 1 including newline > > > ', 'log line 2 including newline > > > ', 'log line 3 including newline > > > '] > > > This is a bit ugly, so you might add some reformatting at the point > > > where the final output is created: slap it into a single string, with > > > single newlines between the entries. > > update: attached two-liner works for me :) -- =------------------------------------------------------------------= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic |
From: Christian R. <c...@ro...> - 2011-11-08 14:27:56
Attachments:
signature.asc
|
Hi, Am 08.11.2011 06:31, schrieb Yaroslav Halchenko: > Motivated by Tom's feedback/contribution on introducing <matches> I have > pushed it into the main fail2ban repository's master. > I finished writing the parser (X-ARF json schemata) today (at least a first version of it), so I am going to test the matches part in the next days. Also trying to add the SQL stuff to fail2ban as well. The databases are all set up (having full support for X-ARF) and the validation parser already scans the database tables and generates a final data structure that is MIME-part 2 of the X-ARF specification. So hopefully we are getting closer with fail2ban and X-ARF :-) Best wishes Christian -- Roessner-Network-Solutions Bachelor of Science Informatik 50°34.725'N, 08°40.904'O, Nahrungsberg 81, 35390 Giessen F: +49 641 33055572, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com |
From: Yaroslav H. <li...@on...> - 2011-11-08 22:39:24
|
cool -- thanks for the heads up On Tue, 08 Nov 2011, Christian Roessner wrote: > The databases are all set up (having full support for X-ARF) and the > validation parser already scans the database tables and generates a > final data structure that is MIME-part 2 of the X-ARF specification. > So hopefully we are getting closer with fail2ban and X-ARF :-) -- =------------------------------------------------------------------= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic |
From: Tom H. <to...@wh...> - 2011-11-17 13:12:42
|
On 08/11/11 06:31, Yaroslav Halchenko wrote: > Motivated by Tom's feedback/contribution on introducing <matches> I have > pushed it into the main fail2ban repository's master. > > Since 0.8.5 there were few changes but as Tom points out it might be worth of a > new release but we need testing (I will upload current master into debian > unstable some time as well). Besides some cruel typos and 'matches' handling > it should be as stable (or even much better in case of multiple jails) than > 0.8.4 -- so get it while it is hot: https://github.com/fail2ban/fail2ban -- > clone (somewhat easier and better to contribute back) or download. I took current gentoo ebuild and updated it to use the github tarball for 0.8.5, and fumbled a bit to make it work. I ran into a few patches in the gentoo repo (http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/files/) that might be applicable for the whole project. All *.patch files still apply and seem reasonable, except for the cve patch, which is already included. I have 1 system running with this code now, including an updated actions.d/sendmail-whois-lines.conf for <matches> testing. I'll see if I find more nitpicks :) -- Regards, Tom |
From: Yaroslav H. <li...@on...> - 2011-11-17 17:52:21
|
Hi Tom, Thanks for pointing them out! I still have some patches (don't remember if any "functionality"-related one) in Debian build -- I should look into incorporating them all. Meanwhile gentoo patch queue: * fail2ban-0.8.4-gentoo-init.patch I guess if gentoo people do it for files/gentoo-initd -- that what it should actually be. * fail2ban-0.8.4-hashlib.patch should be tuned up (API is identical so we could just fall back to md5 if hashlib is NA) so it remains compatible with elderly python 2.4 -- I bet some old servers might still have it as the default * fail2ban-0.8.4-sshd-breakin.patch seems to be needing some tuneup Meanwhile I will try to get in touch with hwoarang (author of those patches) to get proper "author" information for git commits ;) Cheers On Thu, 17 Nov 2011, Tom Hendrikx wrote: > I took current gentoo ebuild and updated it to use the github tarball > for 0.8.5, and fumbled a bit to make it work. I ran into a few patches > in the gentoo repo > (http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/files/) > that might be applicable for the whole project. > All *.patch files still apply and seem reasonable, except for the cve > patch, which is already included. > I have 1 system running with this code now, including an updated > actions.d/sendmail-whois-lines.conf for <matches> testing. I'll see if I > find more nitpicks :) -- =------------------------------------------------------------------= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic |
From: Yaroslav H. <li...@on...> - 2011-11-18 17:14:11
|
meanwhile I have absorbed those few changes from debian branch(es), removed debian-release, only debian branch left which sits on top of master with "debian/" changes only. I have added accumulated sample log files for various filters under testcases/files/logs ... idea is to incorporate them into unittests -- at least to verify that for each line there is a date/failregex matches. Contributions would be very appreciated! On Thu, 17 Nov 2011, Yaroslav Halchenko wrote: > Hi Tom, > Thanks for pointing them out! I still have some patches (don't remember > if any "functionality"-related one) in Debian build -- I should look > into incorporating them all. -- =------------------------------------------------------------------= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic |
From: Yaroslav H. <li...@on...> - 2011-11-18 20:00:58
|
FWIW -- gentoo's patches adopted -- all besides 1: "reverse mapping checking" catch for sshd (see my take on that at elderly http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588431) so even more testing is welcome ;) On Fri, 18 Nov 2011, Yaroslav Halchenko wrote: > meanwhile I have absorbed those few changes from debian branch(es), > removed debian-release, only debian branch left which sits on top of > master with "debian/" changes only. > I have added accumulated sample log files for various filters under > testcases/files/logs ... idea is to incorporate them into unittests -- > at least to verify that for each line there is a date/failregex > matches. Contributions would be very appreciated! -- =------------------------------------------------------------------= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic |