You can subscribe to this list here.
2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(24) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2007 |
Jan
(31) |
Feb
(17) |
Mar
(14) |
Apr
(5) |
May
(14) |
Jun
(8) |
Jul
(9) |
Aug
(14) |
Sep
(4) |
Oct
(5) |
Nov
(3) |
Dec
(14) |
2008 |
Jan
(6) |
Feb
(5) |
Mar
(29) |
Apr
(6) |
May
(12) |
Jun
|
Jul
(5) |
Aug
(7) |
Sep
|
Oct
(5) |
Nov
|
Dec
|
2009 |
Jan
(7) |
Feb
(8) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(17) |
Sep
(6) |
Oct
|
Nov
|
Dec
(2) |
2010 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
(3) |
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
2011 |
Jan
|
Feb
|
Mar
(10) |
Apr
|
May
(1) |
Jun
(2) |
Jul
(3) |
Aug
(9) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
From: <los...@us...> - 2008-10-13 14:57:12
|
Revision: 717 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=717&view=rev Author: lostcontrol Date: 2008-10-13 14:56:54 +0000 (Mon, 13 Oct 2008) Log Message: ----------- - Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to Russell Odom. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/MANIFEST branches/FAIL2BAN-0_8/README Added Paths: ----------- branches/FAIL2BAN-0_8/config/action.d/complain.conf branches/FAIL2BAN-0_8/config/action.d/dshield.conf branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-10-13 14:38:41 UTC (rev 716) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-10-13 14:56:54 UTC (rev 717) @@ -18,6 +18,8 @@ valid date/time. Described in Debian #491253. Thanks to Yaroslav Halchenko. - Added/improved filters and date formats. +- Added actions to report abuse to ISP, DShield and + myNetWatchman. Thanks to Russell Odom. ver. 0.8.3 (2008/07/17) - stable ---------- Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2008-10-13 14:38:41 UTC (rev 716) +++ branches/FAIL2BAN-0_8/MANIFEST 2008-10-13 14:56:54 UTC (rev 717) @@ -79,6 +79,8 @@ config/filter.d/webmin-auth.conf config/filter.d/wuftpd.conf config/filter.d/xinetd-fail.conf +config/action.d/complain.conf +config/action.d/dshield.conf config/action.d/hostsdeny.conf config/action.d/ipfw.conf config/action.d/iptables.conf @@ -90,6 +92,7 @@ config/action.d/mail-buffered.conf config/action.d/mail-whois.conf config/action.d/mail-whois-lines.conf +config/action.d/mynetwatchman.conf config/action.d/sendmail.conf config/action.d/sendmail-buffered.conf config/action.d/sendmail-whois.conf Modified: branches/FAIL2BAN-0_8/README =================================================================== --- branches/FAIL2BAN-0_8/README 2008-10-13 14:38:41 UTC (rev 716) +++ branches/FAIL2BAN-0_8/README 2008-10-13 14:56:54 UTC (rev 717) @@ -76,7 +76,8 @@ Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner, Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann, -Vincent Deffontaines, Bill Heaton and many others. +Vincent Deffontaines, Bill Heaton, Russell Odom and many +others. License: -------- Added: branches/FAIL2BAN-0_8/config/action.d/complain.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/complain.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/action.d/complain.conf 2008-10-13 14:56:54 UTC (rev 717) @@ -0,0 +1,86 @@ +# Fail2Ban configuration file +# +# Author: Russell Odom <ru...@gl...> +# Sends a complaint e-mail to addresses listed in the whois record for an +# offending IP address. +# +# You should provide the <logpath> in the jail config - lines from the log +# matching the given IP address will be provided in the complaint as evidence. +# +# Note that we will try to use e-mail addresses that are most likely to be abuse +# addresses (based on various keywords). If they aren't found we fall back on +# any other addresses found in the whois record, with a few exceptions. +# If no addresses are found, no e-mail is sent. +# +# $Revision$ +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <failtime> unix timestamp of the last failure +# <bantime> unix timestamp of the ban time +# Values: CMD +# +actionban = ADDRESSES=`whois <ip> | perl -e 'while (<STDIN>) { next if /^changed|@(ripe|apnic)\.net/io; $m += (/abuse|trouble:|report|spam|security/io?3:0); if (/([a-z0-9_\-\.+]+@[a-z0-9\-]+(\.[[a-z0-9\-]+)+)/io) { while (s/([a-z0-9_\-\.+]+@[a-z0-9\-]+(\.[[a-z0-9\-]+)+)//io) { if ($m) { $a{lc($1)}=$m } else { $b{lc($1)}=$m } } $m=0 } else { $m && --$m } } if (%%a) {print join(",",keys(%%a))} else {print join(",",keys(%%b))}'` + IP=<ip> + if [ ! -z "$ADDRESSES" ]; then + (printf %%b "<message>\n"; date '+Note: Local timezone is %%z (%%Z)'; grep '<ip>' <logpath>) | <mailcmd> "Abuse from <ip>" $ADDRESSES <mailargs> + fi + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <bantime> unix timestamp of the ban time +# <unbantime> unix timestamp of the unban time +# Values: CMD +# +actionunban = + +[Init] +message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a whois lookup is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process. This mail was generated by Fail2Ban.)\n + +# Path to the log files which contain relevant lines for the abuser IP +# +logpath = /dev/null + +# Option: mailcmd +# Notes.: Your system mail command. Is passed 2 args: subject and recipient +# Values: CMD Default: mail -s +# +mailcmd = mail -s + +# Option: mailargs +# Notes.: Additional arguments to mail command. e.g. for standard Unix mail: +# CC reports to another address: +# -c me...@ex... +# Appear to come from a different address - the '--' indicates +# arguments to be passed to Sendmail: +# -- -f me...@ex... +# Values: [ STRING ] Default: (empty) +# +mailargs = + Property changes on: branches/FAIL2BAN-0_8/config/action.d/complain.conf ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision Added: branches/FAIL2BAN-0_8/config/action.d/dshield.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/dshield.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/action.d/dshield.conf 2008-10-13 14:56:54 UTC (rev 717) @@ -0,0 +1,210 @@ +# Fail2Ban configuration file +# +# Author: Russell Odom <ru...@gl...> +# Submits attack reports to DShield (http://www.dshield.org/) +# +# You MUST configure at least: +# <port> (the port that's being attacked - use number not name). +# +# You SHOULD also provide: +# <myip> (your public IP address, if it's not the address of eth0) +# <userid> (your DShield userID, if you have one - recommended, but reports will +# be used anonymously if not) +# <protocol> (the protocol in use - defaults to tcp) +# +# Best practice is to provide <port> and <protocol> in jail.conf like this: +# action = dshield[port=1234,protocol=tcp] +# +# ...and create "dshield.local" with contents something like this: +# [Init] +# myip = 10.0.0.1 +# userid = 12345 +# +# Other useful configuration values are <mailargs> (you can use for specifying +# a different sender address for the report e-mails, which should match what is +# configured at DShield), and <lines>/<minreportinterval>/<maxbufferage> (to +# configure how often the buffer is flushed). +# +# $Revision$ + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = if [ -f <tmpfile>.buffer ]; then + cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <dest> <mailargs> + date +%%s > <tmpfile>.lastsent + fi + rm -f <tmpfile>.buffer <tmpfile>.first + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +# See http://www.dshield.org/specs.html for more on report format/notes +# +# Note: We are currently using <time> for the timestamp because no tag is +# available to indicate the timestamp of the log message(s) which triggered the +# ban. Therefore the timestamps we are using in the report, whilst often only a +# few seconds out, are incorrect. See +# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047 +# +actionban = TZONE=`date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` + DATETIME="`perl -e '@t=localtime(<time>);printf "%%4d-%%02d-%%02d %%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` $TZONE" + PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols` + if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi + printf %%b "$DATETIME\t<userid>\t<failures>\t<ip>\t<srcport>\t<myip>\t<port>\t$PROTOCOL\t<tcpflags>\n" >> <tmpfile>.buffer + NOW=`date +%%s` + if [ ! -f <tmpfile>.first ]; then + echo <time> | cut -d. -f1 > <tmpfile>.first + fi + if [ ! -f <tmpfile>.lastsent ]; then + echo 0 > <tmpfile>.lastsent + fi + LOGAGE=$(($NOW - `cat <tmpfile>.first`)) + LASTREPORT=$(($NOW - `cat <tmpfile>.lastsent`)) + LINES=$( wc -l <tmpfile>.buffer | awk '{ print $1 }' ) + if [ $LINES -ge <lines> && $LASTREPORT -gt <minreportinterval> ] || [ $LOGAGE -gt <maxbufferage> ]; then + cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ $TZONE Fail2Ban" <dest> <mailargs> + rm -f <tmpfile>.buffer <tmpfile>.first + echo $NOW > <tmpfile>.lastsent + fi + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionunban = if [ -f <tmpfile>.first ]; then + NOW=`date +%%s` + LOGAGE=$(($NOW - `cat <tmpfile>.first`)) + if [ $LOGAGE -gt <maxbufferage> ]; then + cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <dest> <mailargs> + rm -f <tmpfile>.buffer <tmpfile>.first + echo $NOW > <tmpfile>.lastsent + fi + fi + + +[Init] +# Option: port +# Notes.: The target port for the attack (numerical). MUST be provided in the +# jail config, as it cannot be detected here. +# Values: [ NUM ] Default: ??? +# +port = ??? + +# Option: userid +# Notes.: Your DSheild user ID. Should be provided either in the jail config or +# in a .local file. +# Register at https://secure.dshield.org/register.html +# Values: [ NUM ] Default: 0 +# +userid = 0 + +# Option: myip +# Notes.: TThe target IP for the attack (your public IP). Should be provided +# either in the jail config or in a .local file unless your PUBLIC IP +# is the first IP assigned to eth0 +# Values: [ an IP address ] Default: Tries to find the IP address of eth0, +# which in most cases will be a private IP, and therefore incorrect +# +myip = `ip -4 addr show dev eth0 | grep inet | head -1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'` + +# Option: protocol +# Notes.: The protocol over which the attack is happening +# Values: [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp +# +protocol = tcp + +# Option: lines +# Notes.: How many lines to buffer before making a report. Regardless of this, +# reports are sent a minimum of <minreportinterval> apart, or if the +# buffer contains an event over <maxbufferage> old, or on shutdown +# Values: [ NUM ] Default: 50 +# +lines = 50 + +# Option: minreportinterval +# Notes.: Minimum period (in seconds) that must elapse before we submit another +# batch of reports. DShield request a minimum of 1 hour (3600 secs) +# between reports. +# Values: [ NUM ] Default: 3600 +# +minreportinterval = 3600 + +# Option: maxbufferage +# Notes.: Maximum age (in seconds) of the oldest report in the buffer before we +# submit the batch, even if we haven't reached <lines> yet. Note that +# this is only checked on each ban/unban, and that we always send +# anything in the buffer on shutdown. Must be greater than +# <minreportinterval>. +# Values: [ NUM ] Default: 21600 (6 hours) +# +maxbufferage = 21600 + +# Option: srcport +# Notes.: The source port of the attack. You're unlikely to have this info, so +# you can leave the default +# Values: [ NUM ] Default: ??? +# +srcport = ??? + +# Option: tcpflags +# Notes.: TCP flags on attack. You're unlikely to have this info, so you can +# leave empty +# Values: [ STRING ] Default: (empty) +# +tcpflags = + +# Option: mailcmd +# Notes.: Your system mail command. Is passed 2 args: subject and recipient +# Values: CMD Default: mail -s +# +mailcmd = mail -s + +# Option: mailargs +# Notes.: Additional arguments to mail command. e.g. for standard Unix mail: +# CC reports to another address: +# -c me...@ex... +# Appear to come from a different address (the From address must match +# the one configured at DShield - the '--' indicates arguments to be +# passed to Sendmail): +# -- -f me...@ex... +# Values: [ STRING ] Default: (empty) +# +mailargs = + +# Option: dest +# Notes.: Destination e-mail address for reports +# Values: [ STRING ] Default: re...@ds... +# +dest = re...@ds... + +# Option: tmpfile +# Notes.: Base name of temporary files used for buffering +# Values: [ STRING ] Default: /tmp/fail2ban-dshield +# +tmpfile = /tmp/fail2ban-dshield + Added: branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf 2008-10-13 14:56:54 UTC (rev 717) @@ -0,0 +1,144 @@ +# Fail2Ban configuration file +# +# Author: Russell Odom <ru...@gl...> +# Submits attack reports to myNetWatchman (http://www.mynetwatchman.com/) +# +# You MUST configure at least: +# <port> (the port that's being attacked - use number not name). +# <mnwlogin> (your mNW login). +# <mnwpass> (your mNW password). +# +# You SHOULD also provide: +# <myip> (your public IP address, if it's not the address of eth0) +# <protocol> (the protocol in use - defaults to tcp) +# +# Best practice is to provide <port> and <protocol> in jail.conf like this: +# action = mynetwatchman[port=1234,protocol=udp] +# +# ...and create "mynetwatchman.local" with contents something like this: +# [Init] +# mnwlogin = me...@ex... +# mnwpass = SECRET +# myip = 10.0.0.1 +# +# Another useful configuration value is <getcmd>, if you don't have wget +# installed (an example config for curl is given below) +# +# $Revision$ + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +# +# Note: We are currently using <time> for the timestamp because no tag is +# available to indicate the timestamp of the log message(s) which triggered the +# ban. Therefore the timestamps we are using in the report, whilst often only a +# few seconds out, are incorrect. See +# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047 +# +actionban = MNWLOGIN=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwlogin>'` + MNWPASS=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwpass>'` + PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols` + if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi + DATETIME=`perl -e '@t=gmtime(<time>);printf "%%4d-%%02d-%%02d+%%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` + <getcmd> "<mnwurl>?AT=2&AV=0&AgentEmail=$MNWLOGIN&AgentPassword=$MNWPASS&AttackerIP=<ip>&SrcPort=<srcport>&ProtocolID=$PROTOCOL&DestPort=<port>&AttackCount=<failures>&VictimIP=<myip>&AttackDateTime=$DATETIME" 2>&1 >> <tmpfile>.out && grep -q 'Attack Report Insert Successful' <tmpfile>.out && rm -f <tmpfile>.out + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionunban = + +[Init] +# Option: port +# Notes.: The target port for the attack (numerical). MUST be provided in +# the jail config, as it cannot be detected here. +# Values: [ NUM ] Default: ??? +# +port = 0 + +# Option: mnwlogin +# Notes.: Your mNW login e-mail address. MUST be provided either in the jail +# config or in a .local file. +# Register at http://www.mynetwatchman.com/reg.asp +# Values: [ STRING ] Default: (empty) +# +mnwlogin = + +# Option: mnwpass +# Notes.: The password corresponding to your mNW login e-mail address. MUST be +# provided either in the jail config or in a .local file. +# Values: [ STRING ] Default: (empty) +# +mnwpass = + +# Option: myip +# Notes.: TThe target IP for the attack (your public IP). Should be overridden +# either in the jail config or in a .local file unless your PUBLIC IP +# is the first IP assigned to eth0 +# Values: [ an IP address ] Default: Tries to find the IP address of eth0, +# which in most cases will be a private IP, and therefore incorrect +# +myip = `ip -4 addr show dev eth0 | grep inet | head -1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'` + +# Option: protocol +# Notes.: The protocol over which the attack is happening +# Values: [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp +# +protocol = tcp + +# Option: getcmd +# Notes.: A command to fetch a URL. Should output page to STDOUT +# Values: CMD Default: wget +# +getcmd = wget --no-verbose --tries=3 --waitretry=10 --connect-timeout=10 --read-timeout=60 --retry-connrefused --output-document=- --user-agent=Fail2Ban +# Alternative value: +# getcmd = curl --silent --show-error --retry 3 --connect-timeout 10 --max-time 60 --user-agent Fail2Ban + +# Option: srcport +# Notes.: The source port of the attack. You're unlikely to have this info, so +# you can leave the default +# Values: [ NUM ] Default: 0 +# +srcport = 0 + +# Option: mnwurl +# Notes.: The report service URL on the mNW site +# Values: STRING Default: http://mynetwatchman.com/insertwebreport.asp +# +mnwurl = http://mynetwatchman.com/insertwebreport.asp + +# Option: tmpfile +# Notes.: Base name of temporary files +# Values: [ STRING ] Default: /tmp/fail2ban-mynetwatchman +# +tmpfile = /tmp/fail2ban-mynetwatchman This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-10-13 14:38:50
|
Revision: 716 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=716&view=rev Author: lostcontrol Date: 2008-10-13 14:38:41 +0000 (Mon, 13 Oct 2008) Log Message: ----------- - Added svn:keywords property. Modified Paths: -------------- branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf Property Changed: ---------------- branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf Modified: branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf 2008-10-13 14:37:25 UTC (rev 715) +++ branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf 2008-10-13 14:38:41 UTC (rev 716) @@ -2,7 +2,7 @@ # # Author: Yaroslav O. Halchenko <de...@on...> # -# $Revision: 569 $ +# $Revision$ # [Definition] Property changes on: branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-10-13 14:37:39
|
Revision: 715 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=715&view=rev Author: lostcontrol Date: 2008-10-13 14:37:25 +0000 (Mon, 13 Oct 2008) Log Message: ----------- - Added apache-nohome.conf. Thanks to Yaroslav Halchenko. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/MANIFEST Added Paths: ----------- branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-10-10 16:26:18 UTC (rev 714) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-10-13 14:37:25 UTC (rev 715) @@ -17,6 +17,7 @@ - Try to match the regex even if the line does not contain a valid date/time. Described in Debian #491253. Thanks to Yaroslav Halchenko. +- Added/improved filters and date formats. ver. 0.8.3 (2008/07/17) - stable ---------- Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2008-10-10 16:26:18 UTC (rev 714) +++ branches/FAIL2BAN-0_8/MANIFEST 2008-10-13 14:37:25 UTC (rev 715) @@ -59,6 +59,7 @@ config/filter.d/common.conf config/filter.d/apache-auth.conf config/filter.d/apache-badbots.conf +config/filter.d/apache-nohome.conf config/filter.d/apache-noscript.conf config/filter.d/apache-overflows.conf config/filter.d/courierlogin.conf Added: branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf 2008-10-13 14:37:25 UTC (rev 715) @@ -0,0 +1,23 @@ +# Fail2Ban configuration file +# +# Author: Yaroslav O. Halchenko <de...@on...> +# +# $Revision: 569 $ +# + +[Definition] + +# Option: failregex +# Notes.: regex to match failures to find a home directory on a server, which +# became popular last days. Most often attacker just uses IP instead of +# domain name -- so expect to see them in generic error.log if you have +# per-domain log files. +# Values: TEXT +# +failregex = [[]client <HOST>[]] File does not exist: .*/~.* + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-10-10 16:26:28
|
Revision: 714 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=714&view=rev Author: lostcontrol Date: 2008-10-10 16:26:18 +0000 (Fri, 10 Oct 2008) Log Message: ----------- - Added new time format. No idea from where it comes... Modified Paths: -------------- branches/FAIL2BAN-0_8/server/datedetector.py Modified: branches/FAIL2BAN-0_8/server/datedetector.py =================================================================== --- branches/FAIL2BAN-0_8/server/datedetector.py 2008-10-10 16:00:10 UTC (rev 713) +++ branches/FAIL2BAN-0_8/server/datedetector.py 2008-10-10 16:26:18 UTC (rev 714) @@ -113,6 +113,12 @@ template.setRegex("^\d{2}:\d{2}:\d{2}") template.setPattern("%H:%M:%S") self.__templates.append(template) + # <09/16/08@05:03:30> + template = DateStrptime() + template.setName("<Month/Day/Year@Hour:Minute:Second>") + template.setRegex("^<\d{2}/\d{2}/\d{2}@\d{2}:\d{2}:\d{2}>") + template.setPattern("<%m/%d/%y@%H:%M:%S>") + self.__templates.append(template) finally: self.__lock.release() This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-10-10 16:00:25
|
Revision: 713 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=713&view=rev Author: lostcontrol Date: 2008-10-10 16:00:10 +0000 (Fri, 10 Oct 2008) Log Message: ----------- - Added new regex. Thanks to Tobias Offermann. Modified Paths: -------------- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-08-12 22:40:07 UTC (rev 712) +++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-10-10 16:00:10 UTC (rev 713) @@ -32,6 +32,7 @@ ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT\s*$ + ^%(__prefix_line)sUser \S+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: Klaus L. <leh...@t-...> - 2008-08-15 11:36:10
|
hi fans I'm often too lazy, to type correct fail2ban stop and start. here's my (very) small shell-script: #!/bin/sh /etc/init.d/fail2ban stop sleep 10 /etc/init.d/fail2ban start remark: you must use sleep (or similar), fail2ban would'nt NO start without some seconds delay... ;-) yours very klaus lehmann |
From: <los...@us...> - 2008-08-12 22:39:57
|
Revision: 712 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=712&view=rev Author: lostcontrol Date: 2008-08-12 22:40:07 +0000 (Tue, 12 Aug 2008) Log Message: ----------- - Try to match the regex even if the line does not contain a valid date/time. Described in Debian #491253. Thanks to Yaroslav Halchenko. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/server/filter.py Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-08-12 22:05:13 UTC (rev 711) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-08-12 22:40:07 UTC (rev 712) @@ -12,7 +12,11 @@ - Merged patches from Debian package. Thanks to Yaroslav Halchenko. - Use current day and month instead of Jan 1st if both are - not available in the log. Thanks to Andreas Itzchak Rehberg + not available in the log. Thanks to Andreas Itzchak + Rehberg. +- Try to match the regex even if the line does not contain a + valid date/time. Described in Debian #491253. Thanks to + Yaroslav Halchenko. ver. 0.8.3 (2008/07/17) - stable ---------- Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2008-08-12 22:05:13 UTC (rev 711) +++ branches/FAIL2BAN-0_8/server/filter.py 2008-08-12 22:40:07 UTC (rev 712) @@ -241,15 +241,16 @@ except UnicodeDecodeError: l = line timeMatch = self.dateDetector.matchTime(l) - if not timeMatch: - # There is no valid time in this line - return [] - # Lets split into time part and log part of the line - timeLine = timeMatch.group() - # Lets leave the beginning in as well, so if there is no - # anchore at the beginning of the time regexp, we don't - # at least allow injection. Should be harmless otherwise - logLine = l[:timeMatch.start()] + l[timeMatch.end():] + if timeMatch: + # Lets split into time part and log part of the line + timeLine = timeMatch.group() + # Lets leave the beginning in as well, so if there is no + # anchore at the beginning of the time regexp, we don't + # at least allow injection. Should be harmless otherwise + logLine = l[:timeMatch.start()] + l[timeMatch.end():] + else: + timeLine = l + logLine = l return self.findFailure(timeLine, logLine) def processLineAndAdd(self, line): This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-08-12 22:05:08
|
Revision: 711 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=711&view=rev Author: lostcontrol Date: 2008-08-12 22:05:13 +0000 (Tue, 12 Aug 2008) Log Message: ----------- - Removed "timeregex" and "timepattern" stuff that is not needed anymore. Modified Paths: -------------- branches/FAIL2BAN-0_8/client/filterreader.py branches/FAIL2BAN-0_8/common/protocol.py Modified: branches/FAIL2BAN-0_8/client/filterreader.py =================================================================== --- branches/FAIL2BAN-0_8/client/filterreader.py 2008-08-12 21:42:21 UTC (rev 710) +++ branches/FAIL2BAN-0_8/client/filterreader.py 2008-08-12 22:05:13 UTC (rev 711) @@ -53,20 +53,14 @@ return ConfigReader.read(self, "filter.d/" + self.__file) def getOptions(self, pOpts): - opts = [["string", "timeregex", None], - ["string", "timepattern", None], - ["string", "ignoreregex", ""], + opts = [["string", "ignoreregex", ""], ["string", "failregex", ""]] self.__opts = ConfigReader.getOptions(self, "Definition", opts, pOpts) def convert(self): stream = list() for opt in self.__opts: - if opt == "timeregex": - stream.append(["set", self.__name, "timeregex", self.__opts[opt]]) - elif opt == "timepattern": - stream.append(["set", self.__name, "timepattern", self.__opts[opt]]) - elif opt == "failregex": + if opt == "failregex": for regex in self.__opts[opt].split('\n'): # Do not send a command if the rule is empty. if regex != '': Modified: branches/FAIL2BAN-0_8/common/protocol.py =================================================================== --- branches/FAIL2BAN-0_8/common/protocol.py 2008-08-12 21:42:21 UTC (rev 710) +++ branches/FAIL2BAN-0_8/common/protocol.py 2008-08-12 22:05:13 UTC (rev 711) @@ -72,8 +72,6 @@ ['', "JAIL INFORMATION", ""], ["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"], ["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"], -["get <JAIL> timeregex", "gets the regular expression used for the time detection for <JAIL>"], -["get <JAIL> timepattern", "gets the pattern used for the time detection for <JAIL>"], ["get <JAIL> failregex", "gets the list of regular expressions which matches the failures for <JAIL>"], ["get <JAIL> ignoreregex", "gets the list of regular expressions which matches patterns to ignore for <JAIL>"], ["get <JAIL> findtime", "gets the time for which the filter will look back for failures for <JAIL>"], This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-08-12 21:42:14
|
Revision: 710 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=710&view=rev Author: lostcontrol Date: 2008-08-12 21:42:21 +0000 (Tue, 12 Aug 2008) Log Message: ----------- - Added date template for Day-Month-Year Hour:Minute:Second. - Values as string are shown in capital in the description. Modified Paths: -------------- branches/FAIL2BAN-0_8/server/datedetector.py Modified: branches/FAIL2BAN-0_8/server/datedetector.py =================================================================== --- branches/FAIL2BAN-0_8/server/datedetector.py 2008-08-12 20:59:17 UTC (rev 709) +++ branches/FAIL2BAN-0_8/server/datedetector.py 2008-08-12 21:42:21 UTC (rev 710) @@ -43,19 +43,19 @@ try: # standard template = DateStrptime() - template.setName("Month Day Hour:Minute:Second") + template.setName("MONTH Day Hour:Minute:Second") template.setRegex("^\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") template.setPattern("%b %d %H:%M:%S") self.__templates.append(template) # asctime template = DateStrptime() - template.setName("Weekday Month Day Hour:Minute:Second Year") + template.setName("WEEKDAY MONTH Day Hour:Minute:Second Year") template.setRegex("\S{3} \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2} \d{4}") template.setPattern("%a %b %d %H:%M:%S %Y") self.__templates.append(template) # asctime without year template = DateStrptime() - template.setName("Weekday Month Day Hour:Minute:Second") + template.setName("WEEKDAY MONTH Day Hour:Minute:Second") template.setRegex("\S{3} \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") template.setPattern("%a %b %d %H:%M:%S") self.__templates.append(template) @@ -73,7 +73,7 @@ self.__templates.append(template) # Apache format [31/Oct/2006:09:22:55 -0000] template = DateStrptime() - template.setName("Day/Month/Year:Hour:Minute:Second") + template.setName("Day/MONTH/Year:Hour:Minute:Second") template.setRegex("\d{2}/\S{3}/\d{4}:\d{2}:\d{2}:\d{2}") template.setPattern("%d/%b/%Y:%H:%M:%S") self.__templates.append(template) @@ -85,10 +85,16 @@ self.__templates.append(template) # named 26-Jul-2007 15:20:52.252 template = DateStrptime() - template.setName("Day-Month-Year Hour:Minute:Second[.Millisecond]") + template.setName("Day-MONTH-Year Hour:Minute:Second[.Millisecond]") template.setRegex("\d{2}-\S{3}-\d{4} \d{2}:\d{2}:\d{2}") template.setPattern("%d-%b-%Y %H:%M:%S") self.__templates.append(template) + # 17-07-2008 17:23:25 + template = DateStrptime() + template.setName("Day-Month-Year Hour:Minute:Second") + template.setRegex("\d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}") + template.setPattern("%d-%m-%Y %H:%M:%S") + self.__templates.append(template) # TAI64N template = DateTai64n() template.setName("TAI64N") This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-08-12 20:59:08
|
Revision: 709 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=709&view=rev Author: lostcontrol Date: 2008-08-12 20:59:17 +0000 (Tue, 12 Aug 2008) Log Message: ----------- - Added date pattern for Hour:Minute:Second. Thanks to Andreas Itzchak Rehberg. Modified Paths: -------------- branches/FAIL2BAN-0_8/server/datedetector.py Modified: branches/FAIL2BAN-0_8/server/datedetector.py =================================================================== --- branches/FAIL2BAN-0_8/server/datedetector.py 2008-08-12 20:51:55 UTC (rev 708) +++ branches/FAIL2BAN-0_8/server/datedetector.py 2008-08-12 20:59:17 UTC (rev 709) @@ -101,6 +101,12 @@ template = DateISO8601() template.setName("ISO 8601") self.__templates.append(template) + # Only time information in the log + template = DateStrptime() + template.setName("Hour:Minute:Second") + template.setRegex("^\d{2}:\d{2}:\d{2}") + template.setPattern("%H:%M:%S") + self.__templates.append(template) finally: self.__lock.release() This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-08-12 20:51:45
|
Revision: 708 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=708&view=rev Author: lostcontrol Date: 2008-08-12 20:51:55 +0000 (Tue, 12 Aug 2008) Log Message: ----------- - Use current day and month instead of Jan 1st if both are not available in the log. Thanks to Andreas Itzchak Rehberg. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/server/datetemplate.py Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-08-12 19:20:02 UTC (rev 707) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-08-12 20:51:55 UTC (rev 708) @@ -11,6 +11,8 @@ ---------- - Merged patches from Debian package. Thanks to Yaroslav Halchenko. +- Use current day and month instead of Jan 1st if both are + not available in the log. Thanks to Andreas Itzchak Rehberg ver. 0.8.3 (2008/07/17) - stable ---------- Modified: branches/FAIL2BAN-0_8/server/datetemplate.py =================================================================== --- branches/FAIL2BAN-0_8/server/datetemplate.py 2008-08-12 19:20:02 UTC (rev 707) +++ branches/FAIL2BAN-0_8/server/datetemplate.py 2008-08-12 20:51:55 UTC (rev 708) @@ -146,6 +146,11 @@ # that the log is not from this year but from the year before if time.mktime(date) > MyTime.time(): date[0] -= 1 + elif date[1] == 1 and date[2] == 1: + # If it is Jan 1st, it is either really Jan 1st or there + # is neither month nor day in the log. + date[1] = MyTime.gmtime()[1] + date[2] = MyTime.gmtime()[2] return date This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-08-12 19:19:54
|
Revision: 707 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=707&view=rev Author: lostcontrol Date: 2008-08-12 19:20:02 +0000 (Tue, 12 Aug 2008) Log Message: ----------- - Improved pattern. Thanks to Yaroslav Halchenko. Modified Paths: -------------- branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf Modified: branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf 2008-07-22 22:29:57 UTC (rev 706) +++ branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf 2008-08-12 19:20:02 UTC (rev 707) @@ -14,7 +14,8 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*(\.php|\.asp|\.exe|\.pl) +failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl) + [[]client <HOST>[]] script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat *$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-07-22 22:29:48
|
Revision: 706 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=706&view=rev Author: lostcontrol Date: 2008-07-22 22:29:57 +0000 (Tue, 22 Jul 2008) Log Message: ----------- - Merged patches from Debian package. Thanks to Yaroslav Halchenko. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/config/filter.d/sshd.conf Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-07-22 22:23:52 UTC (rev 705) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-07-22 22:29:57 UTC (rev 706) @@ -9,6 +9,8 @@ ver. 0.8.4 (2008/??/??) - stable ---------- +- Merged patches from Debian package. Thanks to Yaroslav + Halchenko. ver. 0.8.3 (2008/07/17) - stable ---------- Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-07-22 22:23:52 UTC (rev 705) +++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-07-22 22:29:57 UTC (rev 706) @@ -24,7 +24,8 @@ # Values: TEXT # failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$ - ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$ + ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$ + ^%(__prefix_line)sFailed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$ ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$ ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$ ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-07-22 22:23:44
|
Revision: 705 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=705&view=rev Author: lostcontrol Date: 2008-07-22 22:23:52 +0000 (Tue, 22 Jul 2008) Log Message: ----------- - Changed to SVN version. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/README branches/FAIL2BAN-0_8/common/version.py Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-07-17 21:45:54 UTC (rev 704) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-07-22 22:23:52 UTC (rev 705) @@ -4,9 +4,12 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= -Fail2Ban (version 0.8.3) 2008/07/17 +Fail2Ban (version 0.8.4) 2008/??/?? ============================================================= +ver. 0.8.4 (2008/??/??) - stable +---------- + ver. 0.8.3 (2008/07/17) - stable ---------- - Process failtickets as long as failmanager is not empty. Modified: branches/FAIL2BAN-0_8/README =================================================================== --- branches/FAIL2BAN-0_8/README 2008-07-17 21:45:54 UTC (rev 704) +++ branches/FAIL2BAN-0_8/README 2008-07-22 22:23:52 UTC (rev 705) @@ -4,7 +4,7 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= -Fail2Ban (version 0.8.3) 2008/07/17 +Fail2Ban (version 0.8.4) 2008/??/?? ============================================================= Fail2Ban scans log files like /var/log/pwdfail and bans IP @@ -28,8 +28,8 @@ To install, just do: -> tar xvfj fail2ban-0.8.3.tar.bz2 -> cd fail2ban-0.8.3 +> tar xvfj fail2ban-0.8.4.tar.bz2 +> cd fail2ban-0.8.4 > python setup.py install This will install Fail2Ban into /usr/share/fail2ban. The Modified: branches/FAIL2BAN-0_8/common/version.py =================================================================== --- branches/FAIL2BAN-0_8/common/version.py 2008-07-17 21:45:54 UTC (rev 704) +++ branches/FAIL2BAN-0_8/common/version.py 2008-07-22 22:23:52 UTC (rev 705) @@ -24,4 +24,4 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier" __license__ = "GPL" -version = "0.8.3" +version = "0.8.3-SVN" This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-07-17 21:45:48
|
Revision: 704 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=704&view=rev Author: lostcontrol Date: 2008-07-17 21:45:54 +0000 (Thu, 17 Jul 2008) Log Message: ----------- - Release 0.8.3 Added Paths: ----------- tags/FAIL2BAN-0_8_3/ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-07-17 21:28:45
|
Revision: 703 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=703&view=rev Author: lostcontrol Date: 2008-07-17 21:28:51 +0000 (Thu, 17 Jul 2008) Log Message: ----------- - Prepared for 0.8.3. Modified Paths: -------------- branches/FAIL2BAN-0_8/common/version.py Modified: branches/FAIL2BAN-0_8/common/version.py =================================================================== --- branches/FAIL2BAN-0_8/common/version.py 2008-07-16 22:10:44 UTC (rev 702) +++ branches/FAIL2BAN-0_8/common/version.py 2008-07-17 21:28:51 UTC (rev 703) @@ -24,4 +24,4 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier" __license__ = "GPL" -version = "0.8.2-SVN" +version = "0.8.3" This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-07-14 21:56:01
|
Revision: 700 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=700&view=rev Author: lostcontrol Date: 2008-07-14 14:56:07 -0700 (Mon, 14 Jul 2008) Log Message: ----------- - Use poll instead of select in asyncore.loop. This should solve the "Unknown error 514". Thanks to Michael Geiger and Klaus Lehmann. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/server/asyncserver.py Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-05-21 22:17:00 UTC (rev 699) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-07-14 21:56:07 UTC (rev 700) @@ -26,6 +26,9 @@ - Added and changed some logging level and messages. - Added missing ignoreregex to filters. Thanks to Klaus Lehmann. +- Use poll instead of select in asyncore.loop. This should + solve the "Unknown error 514". Thanks to Michael Geiger and + Klaus Lehmann. ver. 0.8.2 (2008/03/06) - stable ---------- Modified: branches/FAIL2BAN-0_8/server/asyncserver.py =================================================================== --- branches/FAIL2BAN-0_8/server/asyncserver.py 2008-05-21 22:17:00 UTC (rev 699) +++ branches/FAIL2BAN-0_8/server/asyncserver.py 2008-07-14 21:56:07 UTC (rev 700) @@ -132,7 +132,7 @@ # Sets the init flag. self.__init = True # TODO Add try..catch - asyncore.loop() + asyncore.loop(use_poll = True) ## # Stops the communication server. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-05-21 22:17:21
|
Revision: 699 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=699&view=rev Author: lostcontrol Date: 2008-05-21 15:17:00 -0700 (Wed, 21 May 2008) Log Message: ----------- - Added missing ignoreregex to filters. Thanks to Klaus Lehmann. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/config/filter.d/gssftpd.conf branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf branches/FAIL2BAN-0_8/config/filter.d/pam-generic.conf branches/FAIL2BAN-0_8/config/filter.d/wuftpd.conf trunk/config/filter.d/gssftpd.conf trunk/config/filter.d/named-refused.conf trunk/config/filter.d/pam-generic.conf trunk/config/filter.d/wuftpd.conf Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-05-19 21:09:39 UTC (rev 698) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-05-21 22:17:00 UTC (rev 699) @@ -24,6 +24,8 @@ René Berber. - Added ISO 8601 date/time format. - Added and changed some logging level and messages. +- Added missing ignoreregex to filters. Thanks to Klaus + Lehmann. ver. 0.8.2 (2008/03/06) - stable ---------- Modified: branches/FAIL2BAN-0_8/config/filter.d/gssftpd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/gssftpd.conf 2008-05-19 21:09:39 UTC (rev 698) +++ branches/FAIL2BAN-0_8/config/filter.d/gssftpd.conf 2008-05-21 22:17:00 UTC (rev 699) @@ -12,3 +12,9 @@ # Values: TEXT # failregex = ftpd(?:\[\d+\])?:\s+repeated login failures from <HOST> \(\S+\)$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = Modified: branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf 2008-05-19 21:09:39 UTC (rev 698) +++ branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf 2008-05-21 22:17:00 UTC (rev 699) @@ -28,4 +28,8 @@ # failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$ - +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = Modified: branches/FAIL2BAN-0_8/config/filter.d/pam-generic.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/pam-generic.conf 2008-05-19 21:09:39 UTC (rev 698) +++ branches/FAIL2BAN-0_8/config/filter.d/pam-generic.conf 2008-05-21 22:17:00 UTC (rev 699) @@ -23,3 +23,9 @@ # Values: TEXT # failregex = \s\S+ \S+%(__pam_combs_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = Modified: branches/FAIL2BAN-0_8/config/filter.d/wuftpd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/wuftpd.conf 2008-05-19 21:09:39 UTC (rev 698) +++ branches/FAIL2BAN-0_8/config/filter.d/wuftpd.conf 2008-05-21 22:17:00 UTC (rev 699) @@ -12,3 +12,9 @@ # Values: TEXT # failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = Modified: trunk/config/filter.d/gssftpd.conf =================================================================== --- trunk/config/filter.d/gssftpd.conf 2008-05-19 21:09:39 UTC (rev 698) +++ trunk/config/filter.d/gssftpd.conf 2008-05-21 22:17:00 UTC (rev 699) @@ -12,3 +12,9 @@ # Values: TEXT # failregex = ftpd(?:\[\d+\])?:\s+repeated login failures from <HOST> \(\S+\)$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = Modified: trunk/config/filter.d/named-refused.conf =================================================================== --- trunk/config/filter.d/named-refused.conf 2008-05-19 21:09:39 UTC (rev 698) +++ trunk/config/filter.d/named-refused.conf 2008-05-21 22:17:00 UTC (rev 699) @@ -28,4 +28,8 @@ # failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$ - +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = Modified: trunk/config/filter.d/pam-generic.conf =================================================================== --- trunk/config/filter.d/pam-generic.conf 2008-05-19 21:09:39 UTC (rev 698) +++ trunk/config/filter.d/pam-generic.conf 2008-05-21 22:17:00 UTC (rev 699) @@ -23,3 +23,9 @@ # Values: TEXT # failregex = \s\S+ \S+%(__pam_combs_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = Modified: trunk/config/filter.d/wuftpd.conf =================================================================== --- trunk/config/filter.d/wuftpd.conf 2008-05-19 21:09:39 UTC (rev 698) +++ trunk/config/filter.d/wuftpd.conf 2008-05-21 22:17:00 UTC (rev 699) @@ -12,3 +12,9 @@ # Values: TEXT # failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-05-19 21:10:36
|
Revision: 698 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=698&view=rev Author: lostcontrol Date: 2008-05-19 14:09:39 -0700 (Mon, 19 May 2008) Log Message: ----------- - Removed deprecated mail*.conf actions. Modified Paths: -------------- trunk/ChangeLog trunk/MANIFEST Removed Paths: ------------- trunk/config/action.d/mail-buffered.conf trunk/config/action.d/mail-whois-lines.conf trunk/config/action.d/mail-whois.conf trunk/config/action.d/mail.conf Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-05-19 21:08:36 UTC (rev 697) +++ trunk/ChangeLog 2008-05-19 21:09:39 UTC (rev 698) @@ -11,6 +11,7 @@ ---------- - Added new prefix remover. - Added ISO 8601 date/time format. +- Removed deprecated mail*.conf actions. ver. 0.8.3 (2008/??/??) - stable ---------- Modified: trunk/MANIFEST =================================================================== --- trunk/MANIFEST 2008-05-19 21:08:36 UTC (rev 697) +++ trunk/MANIFEST 2008-05-19 21:09:39 UTC (rev 698) @@ -86,10 +86,6 @@ config/action.d/iptables-multiport.conf config/action.d/iptables-multiport-log.conf config/action.d/iptables-new.conf -config/action.d/mail.conf -config/action.d/mail-buffered.conf -config/action.d/mail-whois.conf -config/action.d/mail-whois-lines.conf config/action.d/sendmail.conf config/action.d/sendmail-buffered.conf config/action.d/sendmail-whois.conf Deleted: trunk/config/action.d/mail-buffered.conf =================================================================== --- trunk/config/action.d/mail-buffered.conf 2008-05-19 21:08:36 UTC (rev 697) +++ trunk/config/action.d/mail-buffered.conf 2008-05-19 21:09:39 UTC (rev 698) @@ -1,88 +0,0 @@ -# Fail2Ban configuration file -# -# Author: Cyril Jaquier -# -# $Revision: 668 $ -# - -[Definition] - -# Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. -# Values: CMD -# -actionstart = printf %%b "Hi,\n - The jail <name> has been started successfully.\n - Output will be buffered until <lines> lines are available.\n - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> - -# Option: actionstop -# Notes.: command executed once at the end of Fail2Ban -# Values: CMD -# -actionstop = if [ -f <tmpfile> ]; then - printf %%b "Hi,\n - These hosts have been banned by Fail2Ban.\n - `cat <tmpfile>` - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest> - rm <tmpfile> - fi - printf %%b "Hi,\n - The jail <name> has been stopped.\n - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> - -# Option: actioncheck -# Notes.: command executed once before each actionban command -# Values: CMD -# -actioncheck = - -# Option: actionban -# Notes.: command executed when banning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: <ip> IP address -# <failures> number of failures -# <time> unix timestamp of the ban time -# Values: CMD -# -actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile> - LINE=$( wc -l <tmpfile> | awk '{ print $1 }' ) - if [ $LINE -eq <lines> ]; then - printf %%b "Hi,\n - These hosts have been banned by Fail2Ban.\n - `cat <tmpfile>` - \nRegards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest> - rm <tmpfile> - fi - -# Option: actionunban -# Notes.: command executed when unbanning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: <ip> IP address -# <failures> number of failures -# <time> unix timestamp of the ban time -# Values: CMD -# -actionunban = - -[Init] - -# Default name of the chain -# -name = default - -# Default number of lines that are buffered -# -lines = 5 - -# Default temporary file -# -tmpfile = /tmp/fail2ban-mail.txt - -# Destination/Addressee of the mail -# -dest = root Deleted: trunk/config/action.d/mail-whois-lines.conf =================================================================== --- trunk/config/action.d/mail-whois-lines.conf 2008-05-19 21:08:36 UTC (rev 697) +++ trunk/config/action.d/mail-whois-lines.conf 2008-05-19 21:09:39 UTC (rev 698) @@ -1,75 +0,0 @@ -# Fail2Ban configuration file -# -# Author: Cyril Jaquier -# Modified-By: Yaroslav Halchenko to include grepping on IP over log files -# $Revision$ -# - -[Definition] - -# Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. -# Values: CMD -# -actionstart = printf %%b "Hi,\n - The jail <name> has been started successfully.\n - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> - -# Option: actionstop -# Notes.: command executed once at the end of Fail2Ban -# Values: CMD -# -actionstop = printf %%b "Hi,\n - The jail <name> has been stopped.\n - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> - -# Option: actioncheck -# Notes.: command executed once before each actionban command -# Values: CMD -# -actioncheck = - -# Option: actionban -# Notes.: command executed when banning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: <ip> IP address -# <failures> number of failures -# <failtime> unix timestamp of the last failure -# <bantime> unix timestamp of the ban time -# Values: CMD -# -actionban = printf %%b "Hi,\n - The IP <ip> has just been banned by Fail2Ban after - <failures> attempts against <name>.\n\n - Here are more information about <ip>:\n - `whois <ip>`\n\n - Lines containing IP:<ip> in <logpath>\n - `grep '\<<ip>\>' <logpath>`\n\n - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest> - -# Option: actionunban -# Notes.: command executed when unbanning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: <ip> IP address -# <bantime> unix timestamp of the ban time -# <unbantime> unix timestamp of the unban time -# Values: CMD -# -actionunban = - -[Init] - -# Defaut name of the chain -# -name = default - -# Destinataire of the mail -# -dest = root - -# Path to the log files which contain relevant lines for the abuser IP -# -logpath = /dev/null Deleted: trunk/config/action.d/mail-whois.conf =================================================================== --- trunk/config/action.d/mail-whois.conf 2008-05-19 21:08:36 UTC (rev 697) +++ trunk/config/action.d/mail-whois.conf 2008-05-19 21:09:39 UTC (rev 698) @@ -1,69 +0,0 @@ -# Fail2Ban configuration file -# -# Author: Cyril Jaquier -# -# $Revision$ -# - -[Definition] - -# Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. -# Values: CMD -# -actionstart = echo -en "Hi,\n - The jail <name> has been started successfuly.\n - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> - -# Option: actionend -# Notes.: command executed once at the end of Fail2Ban -# Values: CMD -# -actionstop = echo -en "Hi,\n - The jail <name> has been stopped.\n - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> - -# Option: actioncheck -# Notes.: command executed once before each actionban command -# Values: CMD -# -actioncheck = - -# Option: actionban -# Notes.: command executed when banning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: <ip> IP address -# <failures> number of failures -# <time> unix timestamp of the ban time -# Values: CMD -# -actionban = echo -en "Hi,\n - The IP <ip> has just been banned by Fail2Ban after - <failures> attempts against <name>.\n\n - Here are more information about <ip>:\n - `whois <ip>`\n - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest> - -# Option: actionunban -# Notes.: command executed when unbanning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: <ip> IP address -# <failures> number of failures -# <time> unix timestamp of the ban time -# Values: CMD -# -actionunban = - -[Init] - -# Defaut name of the chain -# -name = default - -# Destination/Addressee of the mail -# -dest = root - Deleted: trunk/config/action.d/mail.conf =================================================================== --- trunk/config/action.d/mail.conf 2008-05-19 21:08:36 UTC (rev 697) +++ trunk/config/action.d/mail.conf 2008-05-19 21:09:39 UTC (rev 698) @@ -1,67 +0,0 @@ -# Fail2Ban configuration file -# -# Author: Cyril Jaquier -# -# $Revision$ -# - -[Definition] - -# Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. -# Values: CMD -# -actionstart = echo -en "Hi,\n - The jail <name> has been started successfuly.\n - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> - -# Option: actionend -# Notes.: command executed once at the end of Fail2Ban -# Values: CMD -# -actionstop = echo -en "Hi,\n - The jail <name> has been stopped.\n - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> - -# Option: actioncheck -# Notes.: command executed once before each actionban command -# Values: CMD -# -actioncheck = - -# Option: actionban -# Notes.: command executed when banning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: <ip> IP address -# <failures> number of failures -# <time> unix timestamp of the ban time -# Values: CMD -# -actionban = echo -en "Hi,\n - The IP <ip> has just been banned by Fail2Ban after - <failures> attempts against <name>.\n - Regards,\n - Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest> - -# Option: actionunban -# Notes.: command executed when unbanning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: <ip> IP address -# <failures> number of failures -# <time> unix timestamp of the ban time -# Values: CMD -# -actionunban = - -[Init] - -# Defaut name of the chain -# -name = default - -# Destination/Addressee of the mail -# -dest = root - This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-05-19 21:08:43
|
Revision: 697 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=697&view=rev Author: lostcontrol Date: 2008-05-19 14:08:36 -0700 (Mon, 19 May 2008) Log Message: ----------- - Added and changed some logging level and messages. Modified Paths: -------------- trunk/server/filter.py trunk/server/filtergamin.py trunk/server/filterpoll.py trunk/server/jail.py trunk/server/server.py Modified: trunk/server/filter.py =================================================================== --- trunk/server/filter.py 2008-05-19 21:05:32 UTC (rev 696) +++ trunk/server/filter.py 2008-05-19 21:08:36 UTC (rev 697) @@ -64,7 +64,7 @@ self.__findTime = 6000 ## The ignore IP list. self.__ignoreIpList = [] - logSys.info("Created Filter") + logSys.debug("Created Filter") ## @@ -411,7 +411,7 @@ class FileContainer: - def __init__(self, filename, tail = False): + def __init__(self, filename, tail = True): self.__filename = filename self.__tail = tail self.__handler = None Modified: trunk/server/filtergamin.py =================================================================== --- trunk/server/filtergamin.py 2008-05-19 21:05:32 UTC (rev 696) +++ trunk/server/filtergamin.py 2008-05-19 21:08:36 UTC (rev 697) @@ -53,7 +53,7 @@ self.__modified = False # Gamin monitor self.monitor = gamin.WatchMonitor() - logSys.info("Created FilterGamin") + logSys.debug("Created FilterGamin") def callback(self, path, event): @@ -69,7 +69,7 @@ # # @param path log file path - def addLogPath(self, path, tail = False): + def addLogPath(self, path, tail = True): if self.containsLogPath(path): logSys.error(path + " already exists") else: Modified: trunk/server/filterpoll.py =================================================================== --- trunk/server/filterpoll.py 2008-05-19 21:05:32 UTC (rev 696) +++ trunk/server/filterpoll.py 2008-05-19 21:08:36 UTC (rev 697) @@ -54,14 +54,14 @@ ## The time of the last modification of the file. self.__lastModTime = dict() self.__file404Cnt = dict() - logSys.info("Created FilterPoll") + logSys.debug("Created FilterPoll") ## # Add a log file path # # @param path log file path - def addLogPath(self, path, tail = False): + def addLogPath(self, path, tail = True): if self.containsLogPath(path): logSys.error(path + " already exists") else: Modified: trunk/server/jail.py =================================================================== --- trunk/server/jail.py 2008-05-19 21:05:32 UTC (rev 696) +++ trunk/server/jail.py 2008-05-19 21:08:36 UTC (rev 697) @@ -37,6 +37,7 @@ self.__name = name self.__queue = Queue.Queue() self.__filter = None + logSys.info("Creating new jail '%s'" % self.__name) if backend == "polling": self.__initPoller() else: @@ -47,14 +48,14 @@ self.__action = Actions(self) def __initPoller(self): - logSys.info("Using poller") + logSys.info("Jail '%s' uses poller" % self.__name) from filterpoll import FilterPoll self.__filter = FilterPoll(self) def __initGamin(self): # Try to import gamin import gamin - logSys.info("Using Gamin") + logSys.info("Jail '%s' uses Gamin" % self.__name) from filtergamin import FilterGamin self.__filter = FilterGamin(self) @@ -82,12 +83,14 @@ def start(self): self.__filter.start() self.__action.start() + logSys.info("Jail '%s' started" % self.__name) def stop(self): self.__filter.stop() self.__action.stop() self.__filter.join() self.__action.join() + logSys.info("Jail '%s' stopped" % self.__name) def isAlive(self): isAlive0 = self.__filter.isAlive() Modified: trunk/server/server.py =================================================================== --- trunk/server/server.py 2008-05-19 21:05:32 UTC (rev 696) +++ trunk/server/server.py 2008-05-19 21:08:36 UTC (rev 697) @@ -46,11 +46,11 @@ self.__daemon = daemon self.__transm = Transmitter(self) self.__asyncServer = AsyncServer(self.__transm) - self.__logLevel = 3 - self.__logTarget = "STDOUT" + self.__logLevel = None + self.__logTarget = None # Set logging level - self.setLogLevel(self.__logLevel) - self.setLogTarget(self.__logTarget) + self.setLogLevel(3) + self.setLogTarget("STDOUT") def __sigTERMhandler(self, signum, frame): logSys.debug("Caught signal %d. Exiting" % signum) @@ -66,6 +66,7 @@ # First set the mask to only allow access to owner os.umask(0077) if self.__daemon: + logSys.info("Starting in daemon mode") ret = self.__createDaemon() if ret: logSys.info("Daemon started") @@ -264,7 +265,7 @@ length = len(jailList) if not length == 0: jailList = jailList[:length-2] - ret = [("Number of jail", self.__jails.size()), + ret = [("Number of jail", self.__jails.size()), ("Jail list", jailList)] return ret finally: @@ -331,7 +332,7 @@ # Syslog daemons already add date to the message. formatter = logging.Formatter("%(name)-16s: %(levelname)-6s %(message)s") facility = logging.handlers.SysLogHandler.LOG_DAEMON - hdlr = logging.handlers.SysLogHandler("/dev/log", + hdlr = logging.handlers.SysLogHandler("/dev/log", facility = facility) elif target == "STDOUT": hdlr = logging.StreamHandler(sys.stdout) @@ -346,7 +347,6 @@ logSys.error("Unable to log to " + target) logSys.info("Logging to previous target " + self.__logTarget) return False - self.__logTarget = target # Removes previous handlers for handler in logging.getLogger("fail2ban").handlers: # Closes the handler. @@ -355,6 +355,12 @@ # tell the handler to use this format hdlr.setFormatter(formatter) logging.getLogger("fail2ban").addHandler(hdlr) + # Does not display this message at startup. + if not self.__logTarget == None: + logSys.info("Changed logging target to %s for Fail2ban v%s" % + (target, version.version)) + # Sets the logging target. + self.__logTarget = target return True finally: self.__loggingLock.release() This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-05-19 21:05:47
|
Revision: 696 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=696&view=rev Author: lostcontrol Date: 2008-05-19 14:05:32 -0700 (Mon, 19 May 2008) Log Message: ----------- - Added and changed some logging level and messages. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/server/filter.py branches/FAIL2BAN-0_8/server/filtergamin.py branches/FAIL2BAN-0_8/server/filterpoll.py branches/FAIL2BAN-0_8/server/jail.py branches/FAIL2BAN-0_8/server/server.py Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-05-18 20:08:34 UTC (rev 695) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-05-19 21:05:32 UTC (rev 696) @@ -17,13 +17,13 @@ - Fixed PID file while started in daemon mode. Thanks to Christian Jobic who submitted a similar patch. - Fixed "fail2ban-client get <jail> logpath". Bug #1916986. -- Changed some log levels. - Added gssftpd filter. Thanks to Kevin Zembower. - Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to Dennis Winter. - Fixed ignoreregex processing in fail2ban-client. Thanks to René Berber. - Added ISO 8601 date/time format. +- Added and changed some logging level and messages. ver. 0.8.2 (2008/03/06) - stable ---------- Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2008-05-18 20:08:34 UTC (rev 695) +++ branches/FAIL2BAN-0_8/server/filter.py 2008-05-19 21:05:32 UTC (rev 696) @@ -68,7 +68,7 @@ self.dateDetector = DateDetector() self.dateDetector.addDefaultTemplate() - logSys.info("Created Filter") + logSys.debug("Created Filter") ## Modified: branches/FAIL2BAN-0_8/server/filtergamin.py =================================================================== --- branches/FAIL2BAN-0_8/server/filtergamin.py 2008-05-18 20:08:34 UTC (rev 695) +++ branches/FAIL2BAN-0_8/server/filtergamin.py 2008-05-19 21:05:32 UTC (rev 696) @@ -53,7 +53,7 @@ self.__modified = False # Gamin monitor self.monitor = gamin.WatchMonitor() - logSys.info("Created FilterGamin") + logSys.debug("Created FilterGamin") def callback(self, path, event): Modified: branches/FAIL2BAN-0_8/server/filterpoll.py =================================================================== --- branches/FAIL2BAN-0_8/server/filterpoll.py 2008-05-18 20:08:34 UTC (rev 695) +++ branches/FAIL2BAN-0_8/server/filterpoll.py 2008-05-19 21:05:32 UTC (rev 696) @@ -54,7 +54,7 @@ ## The time of the last modification of the file. self.__lastModTime = dict() self.__file404Cnt = dict() - logSys.info("Created FilterPoll") + logSys.debug("Created FilterPoll") ## # Add a log file path Modified: branches/FAIL2BAN-0_8/server/jail.py =================================================================== --- branches/FAIL2BAN-0_8/server/jail.py 2008-05-18 20:08:34 UTC (rev 695) +++ branches/FAIL2BAN-0_8/server/jail.py 2008-05-19 21:05:32 UTC (rev 696) @@ -37,6 +37,7 @@ self.__name = name self.__queue = Queue.Queue() self.__filter = None + logSys.info("Creating new jail '%s'" % self.__name) if backend == "polling": self.__initPoller() else: @@ -47,14 +48,14 @@ self.__action = Actions(self) def __initPoller(self): - logSys.info("Using poller") + logSys.info("Jail '%s' uses poller" % self.__name) from filterpoll import FilterPoll self.__filter = FilterPoll(self) def __initGamin(self): # Try to import gamin import gamin - logSys.info("Using Gamin") + logSys.info("Jail '%s' uses Gamin" % self.__name) from filtergamin import FilterGamin self.__filter = FilterGamin(self) @@ -82,12 +83,14 @@ def start(self): self.__filter.start() self.__action.start() + logSys.info("Jail '%s' started" % self.__name) def stop(self): self.__filter.stop() self.__action.stop() self.__filter.join() self.__action.join() + logSys.info("Jail '%s' stopped" % self.__name) def isAlive(self): isAlive0 = self.__filter.isAlive() Modified: branches/FAIL2BAN-0_8/server/server.py =================================================================== --- branches/FAIL2BAN-0_8/server/server.py 2008-05-18 20:08:34 UTC (rev 695) +++ branches/FAIL2BAN-0_8/server/server.py 2008-05-19 21:05:32 UTC (rev 696) @@ -46,11 +46,11 @@ self.__daemon = daemon self.__transm = Transmitter(self) self.__asyncServer = AsyncServer(self.__transm) - self.__logLevel = 3 - self.__logTarget = "STDOUT" + self.__logLevel = None + self.__logTarget = None # Set logging level - self.setLogLevel(self.__logLevel) - self.setLogTarget(self.__logTarget) + self.setLogLevel(3) + self.setLogTarget("STDOUT") def __sigTERMhandler(self, signum, frame): logSys.debug("Caught signal %d. Exiting" % signum) @@ -66,6 +66,7 @@ # First set the mask to only allow access to owner os.umask(0077) if self.__daemon: + logSys.info("Starting in daemon mode") ret = self.__createDaemon() if ret: logSys.info("Daemon started") @@ -345,7 +346,6 @@ logSys.error("Unable to log to " + target) logSys.info("Logging to previous target " + self.__logTarget) return False - self.__logTarget = target # Removes previous handlers for handler in logging.getLogger("fail2ban").handlers: # Closes the handler. @@ -354,6 +354,12 @@ # tell the handler to use this format hdlr.setFormatter(formatter) logging.getLogger("fail2ban").addHandler(hdlr) + # Does not display this message at startup. + if not self.__logTarget == None: + logSys.info("Changed logging target to %s for Fail2ban v%s" % + (target, version.version)) + # Sets the logging target. + self.__logTarget = target return True finally: self.__loggingLock.release() This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-05-18 20:08:41
|
Revision: 695 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=695&view=rev Author: lostcontrol Date: 2008-05-18 13:08:34 -0700 (Sun, 18 May 2008) Log Message: ----------- - Modified failregex to support new prefix remover. Modified Paths: -------------- trunk/config/filter.d/sshd-ddos.conf trunk/config/filter.d/sshd.conf Modified: trunk/config/filter.d/sshd-ddos.conf =================================================================== --- trunk/config/filter.d/sshd-ddos.conf 2008-05-18 20:06:38 UTC (rev 694) +++ trunk/config/filter.d/sshd-ddos.conf 2008-05-18 20:08:34 UTC (rev 695) @@ -14,7 +14,7 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$ +failregex = <TIME> <PREFIX> Did not receive identification string from <HOST>$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. Modified: trunk/config/filter.d/sshd.conf =================================================================== --- trunk/config/filter.d/sshd.conf 2008-05-18 20:06:38 UTC (rev 694) +++ trunk/config/filter.d/sshd.conf 2008-05-18 20:08:34 UTC (rev 695) @@ -5,17 +5,8 @@ # $Revision$ # -[INCLUDES] - -# Read common prefixes. If any customizations available -- read them from -# common.local -before = common.conf - - [Definition] -_daemon = sshd - # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can @@ -23,14 +14,14 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$ - ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$ - ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$ - ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$ - ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$ - ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ - ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ - ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT\s*$ +failregex = <TIME> <PREFIX> (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$ + <TIME> <PREFIX> Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$ + <TIME> <PREFIX> ROOT LOGIN REFUSED.* FROM <HOST>\s*$ + <TIME> <PREFIX> [iI](?:llegal|nvalid) user .* from <HOST>\s*$ + <TIME> <PREFIX> User \S+ from <HOST> not allowed because not listed in AllowUsers$ + <TIME> <PREFIX> authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ + <TIME> <PREFIX> refused connect from \S+ \(<HOST>\)\s*$ + <TIME> <PREFIX> Address <HOST> .* POSSIBLE BREAK-IN ATTEMPT\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-05-18 20:06:46
|
Revision: 694 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=694&view=rev Author: lostcontrol Date: 2008-05-18 13:06:38 -0700 (Sun, 18 May 2008) Log Message: ----------- - Added new prefix remover. - Added ISO 8601 date/time format. Modified Paths: -------------- trunk/COPYING trunk/ChangeLog trunk/MANIFEST trunk/server/timetemplate.py Added Paths: ----------- trunk/server/iso8601.py Modified: trunk/COPYING =================================================================== --- trunk/COPYING 2008-05-18 19:54:47 UTC (rev 693) +++ trunk/COPYING 2008-05-18 20:06:38 UTC (rev 694) @@ -1,3 +1,7 @@ +The following copyright applies to all files present in the Fail2ban package, +except if a different copyright is explicitly defined in this file. + + GNU GENERAL PUBLIC LICENSE Version 2, June 1991 @@ -337,3 +341,28 @@ consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. + +--------------------------------- +The file server/iso8601.py is licensed under the following terms. + + +Copyright (c) 2007 Michael Twomey + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-05-18 19:54:47 UTC (rev 693) +++ trunk/ChangeLog 2008-05-18 20:06:38 UTC (rev 694) @@ -9,6 +9,8 @@ ver. 0.9.0 (2008/??/??) - alpha ---------- +- Added new prefix remover. +- Added ISO 8601 date/time format. ver. 0.8.3 (2008/??/??) - stable ---------- Modified: trunk/MANIFEST =================================================================== --- trunk/MANIFEST 2008-05-18 19:54:47 UTC (rev 693) +++ trunk/MANIFEST 2008-05-18 20:06:38 UTC (rev 694) @@ -22,6 +22,7 @@ server/filtergamin.py server/filterpoll.py server/server.py +server/iso8601.py server/actions.py server/faildata.py server/failmanager.py @@ -44,7 +45,6 @@ testcases/clientreadertestcase.py testcases/filtertestcase.py testcases/__init__.py -testcases/datedetectortestcase.py testcases/actiontestcase.py testcases/servertestcase.py testcases/files/testcase01.log Added: trunk/server/iso8601.py =================================================================== --- trunk/server/iso8601.py (rev 0) +++ trunk/server/iso8601.py 2008-05-18 20:06:38 UTC (rev 694) @@ -0,0 +1,123 @@ +# Copyright (c) 2007 Michael Twomey +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be included +# in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +"""ISO 8601 date time string parsing + +Basic usage: +>>> import iso8601 +>>> iso8601.parse_date("2007-01-25T12:00:00Z") +datetime.datetime(2007, 1, 25, 12, 0, tzinfo=<iso8601.iso8601.Utc ...>) +>>> + +""" + +from datetime import datetime, timedelta, tzinfo +import re + +__all__ = ["parse_date", "ParseError"] + +# Adapted from http://delete.me.uk/2005/03/iso8601.html +ISO8601_REGEX = re.compile(r"(?P<year>[0-9]{4})(-(?P<month>[0-9]{1,2})(-(?P<day>[0-9]{1,2})" + r"((?P<separator>.)(?P<hour>[0-9]{2}):(?P<minute>[0-9]{2})(:(?P<second>[0-9]{2})(\.(?P<fraction>[0-9]+))?)?" + r"(?P<timezone>Z|(([-+])([0-9]{2}):([0-9]{2})))?)?)?)?" +) +TIMEZONE_REGEX = re.compile("(?P<prefix>[+-])(?P<hours>[0-9]{2}).(?P<minutes>[0-9]{2})") + +class ParseError(Exception): + """Raised when there is a problem parsing a date string""" + +# Yoinked from python docs +ZERO = timedelta(0) +class Utc(tzinfo): + """UTC + + """ + def utcoffset(self, dt): + return ZERO + + def tzname(self, dt): + return "UTC" + + def dst(self, dt): + return ZERO +UTC = Utc() + +class FixedOffset(tzinfo): + """Fixed offset in hours and minutes from UTC + + """ + def __init__(self, offset_hours, offset_minutes, name): + self.__offset = timedelta(hours=offset_hours, minutes=offset_minutes) + self.__name = name + + def utcoffset(self, dt): + return self.__offset + + def tzname(self, dt): + return self.__name + + def dst(self, dt): + return ZERO + + def __repr__(self): + return "<FixedOffset %r>" % self.__name + +def parse_timezone(tzstring, default_timezone=UTC): + """Parses ISO 8601 time zone specs into tzinfo offsets + + """ + if tzstring == "Z": + return default_timezone + # This isn't strictly correct, but it's common to encounter dates without + # timezones so I'll assume the default (which defaults to UTC). + # Addresses issue 4. + if tzstring is None: + return default_timezone + m = TIMEZONE_REGEX.match(tzstring) + prefix, hours, minutes = m.groups() + hours, minutes = int(hours), int(minutes) + if prefix == "-": + hours = -hours + minutes = -minutes + return FixedOffset(hours, minutes, tzstring) + +def parse_date(datestring, default_timezone=UTC): + """Parses ISO 8601 dates into datetime objects + + The timezone is parsed from the date string. However it is quite common to + have dates without a timezone (not strictly correct). In this case the + default timezone specified in default_timezone is used. This is UTC by + default. + """ + if not isinstance(datestring, basestring): + raise ParseError("Expecting a string %r" % datestring) + m = ISO8601_REGEX.match(datestring) + if not m: + raise ParseError("Unable to parse date string %r" % datestring) + groups = m.groupdict() + tz = parse_timezone(groups["timezone"], default_timezone=default_timezone) + if groups["fraction"] is None: + groups["fraction"] = 0 + else: + groups["fraction"] = int(float("0.%s" % groups["fraction"]) * 1e6) + return datetime(int(groups["year"]), int(groups["month"]), int(groups["day"]), + int(groups["hour"]), int(groups["minute"]), int(groups["second"]), + int(groups["fraction"]), tz) Modified: trunk/server/timetemplate.py =================================================================== --- trunk/server/timetemplate.py 2008-05-18 19:54:47 UTC (rev 693) +++ trunk/server/timetemplate.py 2008-05-18 20:06:38 UTC (rev 694) @@ -25,11 +25,17 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier" __license__ = "GPL" -import time +import time, logging from template import Template, Templates from mytime import MyTime +# Import ISO 8601 support. +import iso8601 + +# Gets the instance of the logger. +logSys = logging.getLogger("fail2ban.timetemplate") + class TimeTemplate(Template): def __init__(self): @@ -42,6 +48,20 @@ raise Exception("getTime() is abstract") +class TimeISO8601(TimeTemplate): + + def __init__(self): + TimeTemplate.__init__(self) + date_re = "[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}" \ + ".[0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]+)?" \ + "(Z|(([-+])([0-9]{2}):([0-9]{2})))?" + self.setRegex(date_re) + + def getTime(self, line): + # Parses the date. + return list(iso8601.parse_date(line).utctimetuple()) + + class TimeEpoch(TimeTemplate): def __init__(self): @@ -193,3 +213,7 @@ template = TimeEpoch() template.setDescription("Epoch") self.templates.append(template) + # ISO 8601 + template = TimeISO8601() + template.setDescription("ISO 8601") + self.templates.append(template) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-05-18 19:54:48
|
Revision: 693 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=693&view=rev Author: lostcontrol Date: 2008-05-18 12:54:47 -0700 (Sun, 18 May 2008) Log Message: ----------- - Added svn:keywords. Property Changed: ---------------- branches/FAIL2BAN-0_8/server/iso8601.py Property changes on: branches/FAIL2BAN-0_8/server/iso8601.py ___________________________________________________________________ Name: svn:keywords + Author Date Id Revision This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-05-18 19:53:19
|
Revision: 692 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=692&view=rev Author: lostcontrol Date: 2008-05-18 12:53:18 -0700 (Sun, 18 May 2008) Log Message: ----------- - Added ISO 8601 date/time format. Modified Paths: -------------- branches/FAIL2BAN-0_8/COPYING branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/MANIFEST branches/FAIL2BAN-0_8/server/datedetector.py branches/FAIL2BAN-0_8/server/datetemplate.py Added Paths: ----------- branches/FAIL2BAN-0_8/server/iso8601.py Modified: branches/FAIL2BAN-0_8/COPYING =================================================================== --- branches/FAIL2BAN-0_8/COPYING 2008-05-12 09:03:04 UTC (rev 691) +++ branches/FAIL2BAN-0_8/COPYING 2008-05-18 19:53:18 UTC (rev 692) @@ -1,3 +1,7 @@ +The following copyright applies to all files present in the Fail2ban package, +except if a different copyright is explicitly defined in this file. + + GNU GENERAL PUBLIC LICENSE Version 2, June 1991 @@ -337,3 +341,28 @@ consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. + +--------------------------------- +The file server/iso8601.py is licensed under the following terms. + + +Copyright (c) 2007 Michael Twomey + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-05-12 09:03:04 UTC (rev 691) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-05-18 19:53:18 UTC (rev 692) @@ -23,6 +23,7 @@ Thanks to Dennis Winter. - Fixed ignoreregex processing in fail2ban-client. Thanks to René Berber. +- Added ISO 8601 date/time format. ver. 0.8.2 (2008/03/06) - stable ---------- Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2008-05-12 09:03:04 UTC (rev 691) +++ branches/FAIL2BAN-0_8/MANIFEST 2008-05-18 19:53:18 UTC (rev 692) @@ -21,6 +21,7 @@ server/filter.py server/filtergamin.py server/filterpoll.py +server/iso8601.py server/server.py server/actions.py server/faildata.py Modified: branches/FAIL2BAN-0_8/server/datedetector.py =================================================================== --- branches/FAIL2BAN-0_8/server/datedetector.py 2008-05-12 09:03:04 UTC (rev 691) +++ branches/FAIL2BAN-0_8/server/datedetector.py 2008-05-18 19:53:18 UTC (rev 692) @@ -26,9 +26,7 @@ import time, logging -from datetemplate import DateStrptime -from datetemplate import DateTai64n -from datetemplate import DateEpoch +from datetemplate import DateStrptime, DateTai64n, DateEpoch, DateISO8601 from threading import Lock # Gets the instance of the logger. @@ -99,6 +97,10 @@ template = DateEpoch() template.setName("Epoch") self.__templates.append(template) + # ISO 8601 + template = DateISO8601() + template.setName("ISO 8601") + self.__templates.append(template) finally: self.__lock.release() Modified: branches/FAIL2BAN-0_8/server/datetemplate.py =================================================================== --- branches/FAIL2BAN-0_8/server/datetemplate.py 2008-05-12 09:03:04 UTC (rev 691) +++ branches/FAIL2BAN-0_8/server/datetemplate.py 2008-05-18 19:53:18 UTC (rev 692) @@ -28,6 +28,7 @@ import re, time from mytime import MyTime +import iso8601 class DateTemplate: @@ -163,4 +164,24 @@ value = dateMatch.group() seconds_since_epoch = value[2:17] date = list(time.gmtime(int(seconds_since_epoch, 16))) - return date \ No newline at end of file + return date + + +class DateISO8601(DateTemplate): + + def __init__(self): + DateTemplate.__init__(self) + date_re = "[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}" \ + ".[0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]+)?" \ + "(Z|(([-+])([0-9]{2}):([0-9]{2})))?" + self.setRegex(date_re) + + def getDate(self, line): + date = None + dateMatch = self.matchDate(line) + if dateMatch: + # Parses the date. + value = dateMatch.group() + print value + date = list(iso8601.parse_date(value).utctimetuple()) + return date Added: branches/FAIL2BAN-0_8/server/iso8601.py =================================================================== --- branches/FAIL2BAN-0_8/server/iso8601.py (rev 0) +++ branches/FAIL2BAN-0_8/server/iso8601.py 2008-05-18 19:53:18 UTC (rev 692) @@ -0,0 +1,123 @@ +# Copyright (c) 2007 Michael Twomey +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be included +# in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +"""ISO 8601 date time string parsing + +Basic usage: +>>> import iso8601 +>>> iso8601.parse_date("2007-01-25T12:00:00Z") +datetime.datetime(2007, 1, 25, 12, 0, tzinfo=<iso8601.iso8601.Utc ...>) +>>> + +""" + +from datetime import datetime, timedelta, tzinfo +import re + +__all__ = ["parse_date", "ParseError"] + +# Adapted from http://delete.me.uk/2005/03/iso8601.html +ISO8601_REGEX = re.compile(r"(?P<year>[0-9]{4})(-(?P<month>[0-9]{1,2})(-(?P<day>[0-9]{1,2})" + r"((?P<separator>.)(?P<hour>[0-9]{2}):(?P<minute>[0-9]{2})(:(?P<second>[0-9]{2})(\.(?P<fraction>[0-9]+))?)?" + r"(?P<timezone>Z|(([-+])([0-9]{2}):([0-9]{2})))?)?)?)?" +) +TIMEZONE_REGEX = re.compile("(?P<prefix>[+-])(?P<hours>[0-9]{2}).(?P<minutes>[0-9]{2})") + +class ParseError(Exception): + """Raised when there is a problem parsing a date string""" + +# Yoinked from python docs +ZERO = timedelta(0) +class Utc(tzinfo): + """UTC + + """ + def utcoffset(self, dt): + return ZERO + + def tzname(self, dt): + return "UTC" + + def dst(self, dt): + return ZERO +UTC = Utc() + +class FixedOffset(tzinfo): + """Fixed offset in hours and minutes from UTC + + """ + def __init__(self, offset_hours, offset_minutes, name): + self.__offset = timedelta(hours=offset_hours, minutes=offset_minutes) + self.__name = name + + def utcoffset(self, dt): + return self.__offset + + def tzname(self, dt): + return self.__name + + def dst(self, dt): + return ZERO + + def __repr__(self): + return "<FixedOffset %r>" % self.__name + +def parse_timezone(tzstring, default_timezone=UTC): + """Parses ISO 8601 time zone specs into tzinfo offsets + + """ + if tzstring == "Z": + return default_timezone + # This isn't strictly correct, but it's common to encounter dates without + # timezones so I'll assume the default (which defaults to UTC). + # Addresses issue 4. + if tzstring is None: + return default_timezone + m = TIMEZONE_REGEX.match(tzstring) + prefix, hours, minutes = m.groups() + hours, minutes = int(hours), int(minutes) + if prefix == "-": + hours = -hours + minutes = -minutes + return FixedOffset(hours, minutes, tzstring) + +def parse_date(datestring, default_timezone=UTC): + """Parses ISO 8601 dates into datetime objects + + The timezone is parsed from the date string. However it is quite common to + have dates without a timezone (not strictly correct). In this case the + default timezone specified in default_timezone is used. This is UTC by + default. + """ + if not isinstance(datestring, basestring): + raise ParseError("Expecting a string %r" % datestring) + m = ISO8601_REGEX.match(datestring) + if not m: + raise ParseError("Unable to parse date string %r" % datestring) + groups = m.groupdict() + tz = parse_timezone(groups["timezone"], default_timezone=default_timezone) + if groups["fraction"] is None: + groups["fraction"] = 0 + else: + groups["fraction"] = int(float("0.%s" % groups["fraction"]) * 1e6) + return datetime(int(groups["year"]), int(groups["month"]), int(groups["day"]), + int(groups["hour"]), int(groups["minute"]), int(groups["second"]), + int(groups["fraction"]), tz) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |