You can subscribe to this list here.
2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(24) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2007 |
Jan
(31) |
Feb
(17) |
Mar
(14) |
Apr
(5) |
May
(14) |
Jun
(8) |
Jul
(9) |
Aug
(14) |
Sep
(4) |
Oct
(5) |
Nov
(3) |
Dec
(14) |
2008 |
Jan
(6) |
Feb
(5) |
Mar
(29) |
Apr
(6) |
May
(12) |
Jun
|
Jul
(5) |
Aug
(7) |
Sep
|
Oct
(5) |
Nov
|
Dec
|
2009 |
Jan
(7) |
Feb
(8) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(17) |
Sep
(6) |
Oct
|
Nov
|
Dec
(2) |
2010 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
(3) |
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
2011 |
Jan
|
Feb
|
Mar
(10) |
Apr
|
May
(1) |
Jun
(2) |
Jul
(3) |
Aug
(9) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
From: <los...@us...> - 2008-03-05 22:23:39
|
Revision: 666 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=666&view=rev Author: lostcontrol Date: 2008-03-05 14:23:41 -0800 (Wed, 05 Mar 2008) Log Message: ----------- - Fixed Debian bug #462060 Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/MANIFEST Added Paths: ----------- branches/FAIL2BAN-0_8/config/action.d/iptables-multiport-log.conf Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-03-05 21:53:33 UTC (rev 665) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-03-05 22:23:41 UTC (rev 666) @@ -40,7 +40,7 @@ - Replaced "echo" with "printf" in actions. Fix #1839673 - Replaced "reject" with "drop" in shorwall action. Fix #1854875 -- Fixed Debian bug #456567, #468477 +- Fixed Debian bug #456567, #468477, #462060 ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2008-03-05 21:53:33 UTC (rev 665) +++ branches/FAIL2BAN-0_8/MANIFEST 2008-03-05 22:23:41 UTC (rev 666) @@ -79,6 +79,7 @@ config/action.d/iptables.conf config/action.d/iptables-allports.conf config/action.d/iptables-multiport.conf +config/action.d/iptables-multiport-log.conf config/action.d/iptables-new.conf config/action.d/mail.conf config/action.d/mail-buffered.conf Added: branches/FAIL2BAN-0_8/config/action.d/iptables-multiport-log.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/iptables-multiport-log.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/action.d/iptables-multiport-log.conf 2008-03-05 22:23:41 UTC (rev 666) @@ -0,0 +1,78 @@ +# Fail2Ban configuration file +# +# Author: Guido Bozzetto +# Modified: Cyril Jaquier +# +# make "fail2ban-<name>" chain to match drop IP +# make "fail2ban-<name>-log" chain to log and drop +# insert a jump to fail2ban-<name> from -I INPUT if proto/port match +# +# $Revision: 658 $ +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = iptables -N fail2ban-<name> + iptables -A fail2ban-<name> -j RETURN + iptables -I INPUT 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name> + iptables -N fail2ban-<name>-log + iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2 + iptables -A fail2ban-<name>-log -j DROP + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name> + iptables -F fail2ban-<name> + iptables -F fail2ban-<name>-log + iptables -X fail2ban-<name> + iptables -X fail2ban-<name>-log + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = iptables -n -L fail2ban-<name>-log >/dev/null + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionban = iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionunban = iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log + +[Init] + +# Defaut name of the chain +# +name = default + +# Option: port +# Notes.: specifies port to monitor +# Values: [ NUM | STRING ] Default: +# +port = ssh + +# Option: protocol +# Notes.: internally used by config reader for interpolations. +# Values: [ tcp | udp | icmp | all ] Default: tcp +# +protocol = tcp This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-05 21:56:45
|
Revision: 664 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=664&view=rev Author: lostcontrol Date: 2008-03-05 13:47:59 -0800 (Wed, 05 Mar 2008) Log Message: ----------- - Fixed Debian bug #456567 Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/MANIFEST branches/FAIL2BAN-0_8/config/filter.d/apache-badbots.conf Added Paths: ----------- branches/FAIL2BAN-0_8/config/filter.d/apache-overflows.conf Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-03-05 21:47:14 UTC (rev 663) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-03-05 21:47:59 UTC (rev 664) @@ -40,6 +40,7 @@ - Replaced "echo" with "printf" in actions. Fix #1839673 - Replaced "reject" with "drop" in shorwall action. Fix #1854875 +- Fixed Debian bug #456567 ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2008-03-05 21:47:14 UTC (rev 663) +++ branches/FAIL2BAN-0_8/MANIFEST 2008-03-05 21:47:59 UTC (rev 664) @@ -59,6 +59,7 @@ config/filter.d/apache-auth.conf config/filter.d/apache-badbots.conf config/filter.d/apache-noscript.conf +config/filter.d/apache-overflows.conf config/filter.d/courierlogin.conf config/filter.d/couriersmtp.conf config/filter.d/exim.conf Modified: branches/FAIL2BAN-0_8/config/filter.d/apache-badbots.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/apache-badbots.conf 2008-03-05 21:47:14 UTC (rev 663) +++ branches/FAIL2BAN-0_8/config/filter.d/apache-badbots.conf 2008-03-05 21:47:59 UTC (rev 664) @@ -5,10 +5,12 @@ # # Author: Yaroslav Halchenko # +# $Revision: 658 $ +# [Definition] -badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02 +badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider badbots = atSpider/1\.0|autoemailspider|China Local Browse 2\.6|ContentSmartz|DataCha0s/2\.0|DataCha0s/2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Industry Program 1\.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsCrawl\.com/1\.0 +http\://letscrawl\.com/|Lincoln State Web Browser|LWP\:\:Simple/5\.803|Mac Finder 1\.0\.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control - 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missigua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)|MVAClient|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\.com|sogou spider|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|WebVulnCrawl\.blogspot\.com/1\.0 libwww-perl/5\.803|Wells Search II|WEP Search 00 # Option: failregex Added: branches/FAIL2BAN-0_8/config/filter.d/apache-overflows.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/apache-overflows.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/filter.d/apache-overflows.conf 2008-03-05 21:47:59 UTC (rev 664) @@ -0,0 +1,20 @@ +# Fail2Ban configuration file +# +# Author: Tim Connors +# +# $Revision: 658 $ +# + +[Definition] + +# Option: failregex +# Notes.: Regexp to catch Apache overflow attempts. +# Values: TEXT +# +failregex = [[]client <HOST>[]] (Invalid method in request|request failed: URI too long|erroneous characters after protocol string) + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-05 21:56:28
|
Revision: 665 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=665&view=rev Author: lostcontrol Date: 2008-03-05 13:53:33 -0800 (Wed, 05 Mar 2008) Log Message: ----------- - Fixed Debian bug #468477 Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-03-05 21:47:59 UTC (rev 664) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-03-05 21:53:33 UTC (rev 665) @@ -40,7 +40,7 @@ - Replaced "echo" with "printf" in actions. Fix #1839673 - Replaced "reject" with "drop" in shorwall action. Fix #1854875 -- Fixed Debian bug #456567 +- Fixed Debian bug #456567, #468477 ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2008-03-05 21:47:59 UTC (rev 664) +++ branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2008-03-05 21:53:33 UTC (rev 665) @@ -14,10 +14,10 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = \(\S+\[<HOST>\]\): USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$ - \(\S+\[<HOST>\]\): USER \S+ \(Login failed\): Incorrect password\.$ - \(\S+\[<HOST>\]\): SECURITY VIOLATION: \S+ login attempted\.$ - \(\S+\[<HOST>\]\): Maximum login attempts \(\d+\) exceeded$ +failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$ + \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$ + \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$ + \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-05 21:55:48
|
Revision: 663 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=663&view=rev Author: lostcontrol Date: 2008-03-05 13:47:14 -0800 (Wed, 05 Mar 2008) Log Message: ----------- - Added revision. Modified Paths: -------------- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-03-04 23:41:58 UTC (rev 662) +++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-03-05 21:47:14 UTC (rev 663) @@ -30,6 +30,7 @@ ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$ ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ + ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-04 23:41:54
|
Revision: 662 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=662&view=rev Author: lostcontrol Date: 2008-03-04 15:41:58 -0800 (Tue, 04 Mar 2008) Log Message: ----------- - Added "reload <JAIL>" Modified Paths: -------------- branches/FAIL2BAN-0_8/common/protocol.py Modified: branches/FAIL2BAN-0_8/common/protocol.py =================================================================== --- branches/FAIL2BAN-0_8/common/protocol.py 2008-03-04 23:20:10 UTC (rev 661) +++ branches/FAIL2BAN-0_8/common/protocol.py 2008-03-04 23:41:58 UTC (rev 662) @@ -33,6 +33,7 @@ ['', "BASIC", ""], ["start", "starts the server and the jails"], ["reload", "reloads the configuration"], +["reload <JAIL>", "reloads the jail <JAIL>"], ["stop", "stops all jails and terminate the server"], ["status", "gets the current status of the server"], ["ping", "tests if the server is alive"], This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-04 23:20:13
|
Revision: 661 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=661&view=rev Author: lostcontrol Date: 2008-03-04 15:20:10 -0800 (Tue, 04 Mar 2008) Log Message: ----------- - Replaced "reject" with "drop" in shorwall action. Fix #1854875 Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/config/action.d/shorewall.conf Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-03-04 23:11:28 UTC (rev 660) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-03-04 23:20:10 UTC (rev 661) @@ -38,6 +38,8 @@ - Added Mac OS/X startup script. Thanks to Bill Heaton. - Absorbed some Debian patches. Thanks to Yaroslav Halchenko. - Replaced "echo" with "printf" in actions. Fix #1839673 +- Replaced "reject" with "drop" in shorwall action. Fix + #1854875 ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/config/action.d/shorewall.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/shorewall.conf 2008-03-04 23:11:28 UTC (rev 660) +++ branches/FAIL2BAN-0_8/config/action.d/shorewall.conf 2008-03-04 23:20:10 UTC (rev 661) @@ -4,6 +4,14 @@ # # $Revision$ # +# The default Shorewall configuration is with "BLACKLISTNEWONLY=Yes" (see +# file /etc/shorewall/shorewall.conf). This means that when Fail2ban adds a +# new shorewall rule to ban an IP address, that rule will affect only new +# connections. So if the attempter goes on trying using the same connection +# he could even log in. In order to get the same behavior of the iptable +# action (so that the ban is immediate) the /etc/shorewall/shorewall.conf +# file should me modified with "BLACKLISTNEWONLY=No". +# [Definition] @@ -33,7 +41,7 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionban = shorewall reject <ip> +actionban = shorewall drop <ip> # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-04 23:11:22
|
Revision: 660 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=660&view=rev Author: lostcontrol Date: 2008-03-04 15:11:28 -0800 (Tue, 04 Mar 2008) Log Message: ----------- - Replaced "echo" with "printf" in actions. Fix #1839673 Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/config/action.d/dummy.conf branches/FAIL2BAN-0_8/config/action.d/hostsdeny.conf branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf branches/FAIL2BAN-0_8/config/action.d/mail.conf branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf branches/FAIL2BAN-0_8/config/action.d/sendmail.conf Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-03-04 23:09:30 UTC (rev 659) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-03-04 23:11:28 UTC (rev 660) @@ -37,6 +37,7 @@ fail2ban.conf. - Added Mac OS/X startup script. Thanks to Bill Heaton. - Absorbed some Debian patches. Thanks to Yaroslav Halchenko. +- Replaced "echo" with "printf" in actions. Fix #1839673 ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/config/action.d/dummy.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/dummy.conf 2008-03-04 23:09:30 UTC (rev 659) +++ branches/FAIL2BAN-0_8/config/action.d/dummy.conf 2008-03-04 23:11:28 UTC (rev 660) @@ -12,7 +12,7 @@ # Values: CMD # actionstart = touch /tmp/fail2ban.dummy - echo "<init>" >> /tmp/fail2ban.dummy + printf %%b "<init>\n" >> /tmp/fail2ban.dummy # Option: actionstop # Notes.: command executed once at the end of Fail2Ban @@ -34,7 +34,7 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionban = echo "+<ip>" >> /tmp/fail2ban.dummy +actionban = printf %%b "+<ip>\n" >> /tmp/fail2ban.dummy # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the @@ -44,7 +44,7 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionunban = echo "-<ip>" >> /tmp/fail2ban.dummy +actionunban = printf %%b "-<ip>\n" >> /tmp/fail2ban.dummy [Init] Modified: branches/FAIL2BAN-0_8/config/action.d/hostsdeny.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/hostsdeny.conf 2008-03-04 23:09:30 UTC (rev 659) +++ branches/FAIL2BAN-0_8/config/action.d/hostsdeny.conf 2008-03-04 23:11:28 UTC (rev 660) @@ -34,7 +34,7 @@ # Values: CMD # actionban = IP=<ip> && - echo "ALL: $IP" >> <file> + printf %%b "ALL: $IP\n" >> <file> # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the Modified: branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf 2008-03-04 23:09:30 UTC (rev 659) +++ branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf 2008-03-04 23:11:28 UTC (rev 660) @@ -11,7 +11,7 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = echo -en "Hi,\n +actionstart = printf %%b "Hi,\n The jail <name> has been started successfully.\n Output will be buffered until <lines> lines are available.\n Regards,\n @@ -22,14 +22,14 @@ # Values: CMD # actionstop = if [ -f <tmpfile> ]; then - echo -en "Hi,\n + printf %%b "Hi,\n These hosts have been banned by Fail2Ban.\n `cat <tmpfile>` Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest> rm <tmpfile> fi - echo -en "Hi,\n + printf %%b "Hi,\n The jail <name> has been stopped.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> @@ -48,10 +48,10 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionban = echo `date`": <ip> (<failures> failures)" >> <tmpfile> +actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile> LINE=$( wc -l <tmpfile> | awk '{ print $1 }' ) if [ $LINE -eq <lines> ]; then - echo -en "Hi,\n + printf %%b "Hi,\n These hosts have been banned by Fail2Ban.\n `cat <tmpfile>` \nRegards,\n Modified: branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf 2008-03-04 23:09:30 UTC (rev 659) +++ branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf 2008-03-04 23:11:28 UTC (rev 660) @@ -11,7 +11,7 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = echo -en "Hi,\n +actionstart = printf %%b "Hi,\n The jail <name> has been started successfully.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> @@ -20,7 +20,7 @@ # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = echo -en "Hi,\n +actionstop = printf %%b "Hi,\n The jail <name> has been stopped.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> @@ -40,7 +40,7 @@ # <bantime> unix timestamp of the ban time # Values: CMD # -actionban = echo -en "Hi,\n +actionban = printf %%b "Hi,\n The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>.\n\n Here are more information about <ip>:\n Modified: branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf 2008-03-04 23:09:30 UTC (rev 659) +++ branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf 2008-03-04 23:11:28 UTC (rev 660) @@ -11,7 +11,7 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = echo -en "Hi,\n +actionstart = printf %%b "Hi,\n The jail <name> has been started successfully.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> @@ -20,7 +20,7 @@ # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = echo -en "Hi,\n +actionstop = printf %%b "Hi,\n The jail <name> has been stopped.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> @@ -39,7 +39,7 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionban = echo -en "Hi,\n +actionban = printf %%b "Hi,\n The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>.\n\n Here are more information about <ip>:\n Modified: branches/FAIL2BAN-0_8/config/action.d/mail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail.conf 2008-03-04 23:09:30 UTC (rev 659) +++ branches/FAIL2BAN-0_8/config/action.d/mail.conf 2008-03-04 23:11:28 UTC (rev 660) @@ -11,7 +11,7 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = echo -en "Hi,\n +actionstart = printf %%b "Hi,\n The jail <name> has been started successfully.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> @@ -20,7 +20,7 @@ # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = echo -en "Hi,\n +actionstop = printf %%b "Hi,\n The jail <name> has been stopped.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> @@ -39,7 +39,7 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionban = echo -en "Hi,\n +actionban = printf %%b "Hi,\n The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>.\n Regards,\n Modified: branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf 2008-03-04 23:09:30 UTC (rev 659) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf 2008-03-04 23:11:28 UTC (rev 660) @@ -11,7 +11,7 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = echo -en "Subject: [Fail2Ban] <name>: started +actionstart = printf %%b "Subject: [Fail2Ban] <name>: started From: Fail2Ban <<sender>> To: <dest>\n Hi,\n @@ -25,7 +25,7 @@ # Values: CMD # actionstop = if [ -f <tmpfile> ]; then - echo -en "Subject: [Fail2Ban] <name>: summary + printf %%b "Subject: [Fail2Ban] <name>: summary From: Fail2Ban <<sender>> To: <dest>\n Hi,\n @@ -35,7 +35,7 @@ Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> rm <tmpfile> fi - echo -en "Subject: [Fail2Ban] <name>: stopped + printf %%b "Subject: [Fail2Ban] <name>: stopped From: Fail2Ban <<sender>> To: <dest>\n Hi,\n @@ -57,10 +57,10 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionban = echo `date`": <ip> (<failures> failures)" >> <tmpfile> +actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile> LINE=$( wc -l <tmpfile> | awk '{ print $1 }' ) if [ $LINE -eq <lines> ]; then - echo -en "Subject: [Fail2Ban] <name>: summary + printf %%b "Subject: [Fail2Ban] <name>: summary From: Fail2Ban <<sender>> To: <dest>\n Hi,\n Modified: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf 2008-03-04 23:09:30 UTC (rev 659) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf 2008-03-04 23:11:28 UTC (rev 660) @@ -11,7 +11,7 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = echo -en "Subject: [Fail2Ban] <name>: started +actionstart = printf %%b "Subject: [Fail2Ban] <name>: started From: Fail2Ban <<sender>> To: <dest>\n Hi,\n @@ -23,7 +23,7 @@ # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped +actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped From: Fail2Ban <<sender>> To: <dest>\n Hi,\n @@ -45,7 +45,7 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip> +actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> From: Fail2Ban <<sender>> To: <dest>\n Hi,\n Modified: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf 2008-03-04 23:09:30 UTC (rev 659) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf 2008-03-04 23:11:28 UTC (rev 660) @@ -11,7 +11,7 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = echo -en "Subject: [Fail2Ban] <name>: started +actionstart = printf %%b "Subject: [Fail2Ban] <name>: started From: Fail2Ban <<sender>> To: <dest>\n Hi,\n @@ -23,7 +23,7 @@ # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped +actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped From: Fail2Ban <<sender>> To: <dest>\n Hi,\n @@ -45,7 +45,7 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip> +actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> From: Fail2Ban <<sender>> To: <dest>\n Hi,\n Modified: branches/FAIL2BAN-0_8/config/action.d/sendmail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail.conf 2008-03-04 23:09:30 UTC (rev 659) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail.conf 2008-03-04 23:11:28 UTC (rev 660) @@ -11,7 +11,7 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = echo -en "Subject: [Fail2Ban] <name>: started +actionstart = printf %%b "Subject: [Fail2Ban] <name>: started From: Fail2Ban <<sender>> To: <dest>\n Hi,\n @@ -23,7 +23,7 @@ # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped +actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped From: Fail2Ban <<sender>> To: <dest>\n Hi,\n @@ -45,7 +45,7 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip> +actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> From: Fail2Ban <<sender>> To: <dest>\n Hi,\n This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-04 23:09:27
|
Revision: 659 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=659&view=rev Author: lostcontrol Date: 2008-03-04 15:09:30 -0800 (Tue, 04 Mar 2008) Log Message: ----------- - Catch Exception instead of AttributeError. Modified Paths: -------------- branches/FAIL2BAN-0_8/client/jailreader.py Modified: branches/FAIL2BAN-0_8/client/jailreader.py =================================================================== --- branches/FAIL2BAN-0_8/client/jailreader.py 2008-03-04 22:41:28 UTC (rev 658) +++ branches/FAIL2BAN-0_8/client/jailreader.py 2008-03-04 23:09:30 UTC (rev 659) @@ -90,7 +90,7 @@ self.__actions.append(action) else: raise AttributeError("Unable to read action") - except AttributeError, e: + except Exception, e: logSys.error("Error in action definition " + act) logSys.debug(e) return False This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-04 22:41:28
|
Revision: 658 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=658&view=rev Author: lostcontrol Date: 2008-03-04 14:41:28 -0800 (Tue, 04 Mar 2008) Log Message: ----------- - Absorbed some Debian patches. Thanks to Yaroslav Halchenko. - Renamed actionend to actionstop. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/config/action.d/dummy.conf branches/FAIL2BAN-0_8/config/action.d/hostsdeny.conf branches/FAIL2BAN-0_8/config/action.d/ipfw.conf branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf branches/FAIL2BAN-0_8/config/action.d/iptables-multiport.conf branches/FAIL2BAN-0_8/config/action.d/iptables-new.conf branches/FAIL2BAN-0_8/config/action.d/iptables.conf branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf branches/FAIL2BAN-0_8/config/action.d/mail.conf branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf branches/FAIL2BAN-0_8/config/action.d/sendmail.conf branches/FAIL2BAN-0_8/config/action.d/shorewall.conf branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf branches/FAIL2BAN-0_8/config/filter.d/sshd.conf branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-03-04 22:41:28 UTC (rev 658) @@ -36,6 +36,7 @@ - "reload <jail>" reloads a single jail and the parameters in fail2ban.conf. - Added Mac OS/X startup script. Thanks to Bill Heaton. +- Absorbed some Debian patches. Thanks to Yaroslav Halchenko. ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/config/action.d/dummy.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/dummy.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/dummy.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -14,7 +14,7 @@ actionstart = touch /tmp/fail2ban.dummy echo "<init>" >> /tmp/fail2ban.dummy -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/hostsdeny.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/hostsdeny.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/hostsdeny.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -13,7 +13,7 @@ # actionstart = -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/ipfw.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/ipfw.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/ipfw.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -15,7 +15,7 @@ actionstart = -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -17,7 +17,7 @@ iptables -A fail2ban-<name> -j RETURN iptables -I INPUT -p <protocol> -j fail2ban-<name> -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/iptables-multiport.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/iptables-multiport.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/iptables-multiport.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -15,7 +15,7 @@ iptables -A fail2ban-<name> -j RETURN iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name> -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/iptables-new.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/iptables-new.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/iptables-new.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -17,7 +17,7 @@ iptables -A fail2ban-<name> -j RETURN iptables -I INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name> -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/iptables.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/iptables.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/iptables.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -15,7 +15,7 @@ iptables -A fail2ban-<name> -j RETURN iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name> -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -17,7 +17,7 @@ Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -7,7 +7,7 @@ [Definition] -# Option: fwstart +# Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # @@ -16,7 +16,7 @@ Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> -# Option: fwend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # @@ -25,13 +25,13 @@ Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> -# Option: fwcheck -# Notes.: command executed once before each fwban command +# Option: actioncheck +# Notes.: command executed once before each actionban command # Values: CMD # actioncheck = -# Option: fwban +# Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: <ip> IP address @@ -50,7 +50,7 @@ Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest> -# Option: fwunban +# Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: <ip> IP address Modified: branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -16,7 +16,7 @@ Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/mail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/mail.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -16,7 +16,7 @@ Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -20,7 +20,7 @@ Regards,\n Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -19,7 +19,7 @@ Regards,\n Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -19,7 +19,7 @@ Regards,\n Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/sendmail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -19,7 +19,7 @@ Regards,\n Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/action.d/shorewall.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/shorewall.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/action.d/shorewall.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -13,7 +13,7 @@ # actionstart = -# Option: actionend +# Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # Modified: branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -14,7 +14,7 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = [[]client <HOST>[]] File does not exist: .*(\.php|\.asp) +failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*(\.php|\.asp|\.exe|\.pl) # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. Modified: branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -14,8 +14,10 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$ - \(\S*\[<HOST>\]\) - USER \S+ \(Login failed\): Incorrect password.$ +failregex = \(\S+\[<HOST>\]\): USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$ + \(\S+\[<HOST>\]\): USER \S+ \(Login failed\): Incorrect password\.$ + \(\S+\[<HOST>\]\): SECURITY VIOLATION: \S+ login attempted\.$ + \(\S+\[<HOST>\]\): Maximum login attempts \(\d+\) exceeded$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -28,6 +28,8 @@ ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$ ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$ ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$ + ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ + ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. Modified: branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf 2008-03-04 00:20:12 UTC (rev 657) +++ branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf 2008-03-04 22:41:28 UTC (rev 658) @@ -14,7 +14,7 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>\s*$ +failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$ \[.+\] FAIL LOGIN: Client "<HOST>"\s*$ # Option: ignoreregex This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-04 00:20:17
|
Revision: 657 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=657&view=rev Author: lostcontrol Date: 2008-03-03 16:20:12 -0800 (Mon, 03 Mar 2008) Log Message: ----------- - Updated. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/README Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-03-04 00:17:56 UTC (rev 656) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-03-04 00:20:12 UTC (rev 657) @@ -33,6 +33,9 @@ Perez. - Fixed "Feb 29" bug. Thanks to James Andrewartha who pointed this out. Thanks to Yaroslav Halchenko for the fix. +- "reload <jail>" reloads a single jail and the parameters in + fail2ban.conf. +- Added Mac OS/X startup script. Thanks to Bill Heaton. ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/README =================================================================== --- branches/FAIL2BAN-0_8/README 2008-03-04 00:17:56 UTC (rev 656) +++ branches/FAIL2BAN-0_8/README 2008-03-04 00:20:12 UTC (rev 657) @@ -75,7 +75,8 @@ René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch, Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner, Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume -Delvit, Vaclav Misek, Adrien Clerc +Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann, +Vincent Deffontaines, Bill Heaton License: -------- This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-04 00:17:51
|
Revision: 656 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=656&view=rev Author: lostcontrol Date: 2008-03-03 16:17:56 -0800 (Mon, 03 Mar 2008) Log Message: ----------- - Fixed fail2ban-regex. It support "includes" in configuration files. - Modified "includes" to be more generic. We will probably support URL in the future. - Small refactoring. Modified Paths: -------------- branches/FAIL2BAN-0_8/client/configparserinc.py branches/FAIL2BAN-0_8/client/configreader.py branches/FAIL2BAN-0_8/config/filter.d/common.conf branches/FAIL2BAN-0_8/config/filter.d/sshd.conf branches/FAIL2BAN-0_8/fail2ban-regex branches/FAIL2BAN-0_8/server/filter.py Modified: branches/FAIL2BAN-0_8/client/configparserinc.py =================================================================== --- branches/FAIL2BAN-0_8/client/configparserinc.py 2008-03-04 00:13:39 UTC (rev 655) +++ branches/FAIL2BAN-0_8/client/configparserinc.py 2008-03-04 00:17:56 UTC (rev 656) @@ -15,6 +15,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Author: Yaroslav Halchenko +# Modified: Cyril Jaquier # $Revision$ __author__ = 'Yaroslav Halhenko' @@ -23,9 +24,12 @@ __copyright__ = 'Copyright (c) 2007 Yaroslav Halchenko' __license__ = 'GPL' +import logging, os from ConfigParser import SafeConfigParser -from ConfigParser import NoOptionError, NoSectionError +# Gets the instance of the logger. +logSys = logging.getLogger("fail2ban.client.config") + class SafeConfigParserWithIncludes(SafeConfigParser): """ Class adds functionality to SafeConfigParser to handle included @@ -38,10 +42,10 @@ Example: [INCLUDES] -files_before = 1.conf +before = 1.conf 3.conf -files_after = 1.conf +after = 1.conf It is a simple implementation, so just basic care is taken about recursion. Includes preserve right order, ie new files are @@ -55,35 +59,42 @@ """ + SECTION_NAME = "INCLUDES" + #@staticmethod - def getIncludedFiles(filename, sectionName='INCLUDES', - defaults={}, seen=[]): + def getIncludes(resource, seen = []): """ - Given 1 config filename returns list of included files + Given 1 config resource returns list of included files (recursively) with the original one as well Simple loops are taken care about """ - filenames = [] - #print "Opening file " + filename - d = defaults.copy() # so that we do not poison our defaults - parser = SafeConfigParser(defaults = d) - parser.read(filename) - newFiles = [ ('files_before', []), ('files_after', []) ] - if sectionName in parser.sections(): + + # Use a short class name ;) + SCPWI = SafeConfigParserWithIncludes + + parser = SafeConfigParser() + parser.read(resource) + + resourceDir = os.path.dirname(resource) + + newFiles = [ ('before', []), ('after', []) ] + if SCPWI.SECTION_NAME in parser.sections(): for option_name, option_list in newFiles: - if option_name in parser.options(sectionName): - newFileNames = parser.get(sectionName, option_name) - for newFileName in newFileNames.split('\n'): - if newFileName in seen: continue - option_list += SafeConfigParserWithIncludes.\ - getIncludedFiles(newFileName, - defaults=defaults, - seen=seen + [filename]) + if option_name in parser.options(SCPWI.SECTION_NAME): + newResources = parser.get(SCPWI.SECTION_NAME, option_name) + for newResource in newResources.split('\n'): + if os.path.isabs(newResource): + r = newResource + else: + r = "%s/%s" % (resourceDir, newResource) + if r in seen: + continue + s = seen + [resource] + option_list += SCPWI.getIncludes(r, s) # combine lists - filenames = newFiles[0][1] + [filename] + newFiles[1][1] - #print "Includes list for " + filename + " is " + `filenames` - return filenames - getIncludedFiles = staticmethod(getIncludedFiles) + return newFiles[0][1] + [resource] + newFiles[1][1] + #print "Includes list for " + resource + " is " + `resources` + getIncludes = staticmethod(getIncludes) def read(self, filenames): @@ -91,8 +102,7 @@ if not isinstance(filenames, list): filenames = [ filenames ] for filename in filenames: - fileNamesFull += SafeConfigParserWithIncludes.\ - getIncludedFiles(filename, defaults=self._defaults) - #print "Opening config files " + `fileNamesFull` + fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename) + logSys.debug("Reading files: %s" % fileNamesFull) return SafeConfigParser.read(self, fileNamesFull) Modified: branches/FAIL2BAN-0_8/client/configreader.py =================================================================== --- branches/FAIL2BAN-0_8/client/configreader.py 2008-03-04 00:13:39 UTC (rev 655) +++ branches/FAIL2BAN-0_8/client/configreader.py 2008-03-04 00:17:56 UTC (rev 656) @@ -36,9 +36,7 @@ BASE_DIRECTORY = "/etc/fail2ban/" def __init__(self): - SafeConfigParserWithIncludes.__init__(self, - {'configpath' : \ - ConfigReader.BASE_DIRECTORY} ) + SafeConfigParserWithIncludes.__init__(self) self.__opts = None #@staticmethod Modified: branches/FAIL2BAN-0_8/config/filter.d/common.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/common.conf 2008-03-04 00:13:39 UTC (rev 655) +++ branches/FAIL2BAN-0_8/config/filter.d/common.conf 2008-03-04 00:17:56 UTC (rev 656) @@ -9,7 +9,7 @@ [INCLUDES] # Load customizations if any available -files_after = %(configpath)s/filter.d/common.local +after = common.local [DEFAULT] Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-03-04 00:13:39 UTC (rev 655) +++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-03-04 00:17:56 UTC (rev 656) @@ -9,7 +9,7 @@ # Read common prefixes. If any customizations available -- read them from # common.local -files_before = %(configpath)s/filter.d/common.conf +before = common.conf [Definition] Modified: branches/FAIL2BAN-0_8/fail2ban-regex =================================================================== --- branches/FAIL2BAN-0_8/fail2ban-regex 2008-03-04 00:13:39 UTC (rev 655) +++ branches/FAIL2BAN-0_8/fail2ban-regex 2008-03-04 00:17:56 UTC (rev 656) @@ -222,7 +222,7 @@ try: self.__filter.addFailRegex(regex.getFailRegex()) try: - ret = self.__filter.findFailure(line) + ret = self.__filter.processLine(line) if not len(ret) == 0: if found == True: ret[0].append(True) Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2008-03-04 00:13:39 UTC (rev 655) +++ branches/FAIL2BAN-0_8/server/filter.py 2008-03-04 00:17:56 UTC (rev 656) @@ -235,9 +235,6 @@ def processLine(self, line): - if not self._isActive(): - # The jail has been stopped - return try: # Decode line to UTF-8 l = line.decode('utf-8') @@ -246,25 +243,27 @@ timeMatch = self.dateDetector.matchTime(l) if not timeMatch: # There is no valid time in this line - return + return [] # Lets split into time part and log part of the line timeLine = timeMatch.group() # Lets leave the beginning in as well, so if there is no # anchore at the beginning of the time regexp, we don't # at least allow injection. Should be harmless otherwise logLine = l[:timeMatch.start()] + l[timeMatch.end():] - for element in self.findFailure(timeLine, logLine): + return self.findFailure(timeLine, logLine) + + def processLineAndAdd(self, line): + for element in self.processLine(line): ip = element[0] unixTime = element[1] - if unixTime < MyTime.time() - self.__findTime: + if unixTime < MyTime.time() - self.getFindTime(): break if self.inIgnoreIPList(ip): - logSys.debug("Ignore "+ip) + logSys.debug("Ignore %s" % ip) continue - logSys.debug("Found "+ip) + logSys.debug("Found %s" % ip) self.failManager.addFailure(FailTicket(ip, unixTime)) - ## # Returns true if the line should be ignored. # @@ -409,32 +408,7 @@ if not self._isActive(): # The jail has been stopped break - try: - # Decode line to UTF-8 - line = line.decode('utf-8') - except UnicodeDecodeError: - pass - timeMatch = self.dateDetector.matchTime(line) - if not timeMatch: - # There is no valid time in this line - line = container.readline() - continue - # Lets split into time part and log part of the line - timeLine = timeMatch.group() - # Lets leave the beginning in as well, so if there is no - # anchore at the beginning of the time regexp, we don't - # at least allow injection. Should be harmless otherwise - logLine = line[:timeMatch.start()] + line[timeMatch.end():] - for element in self.findFailure(timeLine, logLine): - ip = element[0] - unixTime = element[1] - if unixTime < MyTime.time() - self.getFindTime(): - break - if self.inIgnoreIPList(ip): - logSys.debug("Ignore "+ip) - continue - logSys.debug("Found "+ip) - self.failManager.addFailure(FailTicket(ip, unixTime)) + self.processLineAndAdd(line) # Read a new line. line = container.readline() container.close() This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-04 00:13:36
|
Revision: 655 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=655&view=rev Author: lostcontrol Date: 2008-03-03 16:13:39 -0800 (Mon, 03 Mar 2008) Log Message: ----------- - "reload <jail>" reloads a single jail and the parameters in fail2ban.conf. - Look for fail2ban-server in sys.path[0]. Thanks to Bill Heaton. Modified Paths: -------------- branches/FAIL2BAN-0_8/client/configurator.py branches/FAIL2BAN-0_8/client/jailsreader.py branches/FAIL2BAN-0_8/fail2ban-client Modified: branches/FAIL2BAN-0_8/client/configurator.py =================================================================== --- branches/FAIL2BAN-0_8/client/configurator.py 2008-03-04 00:10:30 UTC (rev 654) +++ branches/FAIL2BAN-0_8/client/configurator.py 2008-03-04 00:13:39 UTC (rev 655) @@ -56,13 +56,13 @@ def readAll(self): self.readEarly() self.__jails.read() - + def getEarlyOptions(self): return self.__fail2ban.getEarlyOptions() - - def getAllOptions(self): + + def getOptions(self, jail = None): self.__fail2ban.getOptions() - return self.__jails.getOptions() + return self.__jails.getOptions(jail) def convertToProtocol(self): self.__streams["general"] = self.__fail2ban.convert() Modified: branches/FAIL2BAN-0_8/client/jailsreader.py =================================================================== --- branches/FAIL2BAN-0_8/client/jailsreader.py 2008-03-04 00:10:30 UTC (rev 654) +++ branches/FAIL2BAN-0_8/client/jailsreader.py 2008-03-04 00:13:39 UTC (rev 655) @@ -40,12 +40,13 @@ def read(self): ConfigReader.read(self, "jail") - def getOptions(self): + def getOptions(self, section = None): opts = [] self.__opts = ConfigReader.getOptions(self, "Definition", opts) - for sec in self.sections(): - jail = JailReader(sec) + if section: + # Get the options of a specific jail. + jail = JailReader(section) jail.read() ret = jail.getOptions() if ret: @@ -53,8 +54,21 @@ # We only add enabled jails self.__jails.append(jail) else: - logSys.error("Errors in jail '" + sec + "'. Skipping...") + logSys.error("Errors in jail '%s'. Skipping..." % section) return False + else: + # Get the options of all jails. + for sec in self.sections(): + jail = JailReader(sec) + jail.read() + ret = jail.getOptions() + if ret: + if jail.isEnabled(): + # We only add enabled jails + self.__jails.append(jail) + else: + logSys.error("Errors in jail '" + sec + "'. Skipping...") + return False return True def convert(self): Modified: branches/FAIL2BAN-0_8/fail2ban-client =================================================================== --- branches/FAIL2BAN-0_8/fail2ban-client 2008-03-04 00:10:30 UTC (rev 654) +++ branches/FAIL2BAN-0_8/fail2ban-client 2008-03-04 00:13:39 UTC (rev 655) @@ -48,7 +48,8 @@ class Fail2banClient: - prompt = "fail2ban> " + SERVER = "fail2ban-server" + PROMPT = "fail2ban> " def __init__(self): self.__argv = None @@ -208,6 +209,19 @@ else: logSys.error("Could not find server") return False + elif len(cmd) == 2 and cmd[0] == "reload": + if self.__ping(): + jail = cmd[1] + ret = self.__readJailConfig(jail) + # Do not continue if configuration is not 100% valid + if not ret: + return False + self.__processCmd([['stop', jail]], False) + # Configure the server + return self.__processCmd(self.__stream, False) + else: + logSys.error("Could not find server") + return False else: return self.__processCmd([cmd]) @@ -222,7 +236,7 @@ pid = os.fork() if pid == 0: args = list() - args.append("fail2ban-server") + args.append(self.SERVER) # Start in background mode. args.append("-b") # Set the socket path. @@ -232,14 +246,15 @@ if force: args.append("-x") try: - # Use the PATH env - os.execvp("fail2ban-server", args) + # Use the current directory. + exe = os.path.abspath(os.path.join(sys.path[0], self.SERVER)) + os.execv(exe, args) except OSError: try: - # Use the current directory - os.execv("fail2ban-server", args) + # Use the PATH env. + os.execvp(self.SERVER, args) except OSError: - print "Could not find fail2ban-server" + print "Could not find %s" % self.SERVER os.exit(-1) @@ -333,7 +348,7 @@ readline.parse_and_bind("tab: complete") self.dispInteractive() while True: - cmd = raw_input(self.prompt) + cmd = raw_input(self.PROMPT) if cmd == "exit" or cmd == "quit": # Exit return True @@ -352,11 +367,18 @@ def __readConfig(self): # Read the configuration self.__configurator.readAll() - ret = self.__configurator.getAllOptions() + ret = self.__configurator.getOptions() self.__configurator.convertToProtocol() self.__stream = self.__configurator.getConfigStream() return ret + def __readJailConfig(self, jail): + self.__configurator.readAll() + ret = self.__configurator.getOptions(jail) + self.__configurator.convertToProtocol() + self.__stream = self.__configurator.getConfigStream() + return ret + #@staticmethod def dumpConfig(cmd): for c in cmd: This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-04 00:10:26
|
Revision: 654 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=654&view=rev Author: lostcontrol Date: 2008-03-03 16:10:30 -0800 (Mon, 03 Mar 2008) Log Message: ----------- - Added Mac OS/X startup script. Thanks to Bill Heaton. Modified Paths: -------------- branches/FAIL2BAN-0_8/MANIFEST Added Paths: ----------- branches/FAIL2BAN-0_8/files/macosx-initd Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2008-03-03 20:39:04 UTC (rev 653) +++ branches/FAIL2BAN-0_8/MANIFEST 2008-03-04 00:10:30 UTC (rev 654) @@ -99,6 +99,7 @@ files/gentoo-initd files/gentoo-confd files/redhat-initd +files/macosx-initd files/solaris-fail2ban.xml files/solaris-svc-fail2ban files/suse-initd Added: branches/FAIL2BAN-0_8/files/macosx-initd =================================================================== --- branches/FAIL2BAN-0_8/files/macosx-initd (rev 0) +++ branches/FAIL2BAN-0_8/files/macosx-initd 2008-03-04 00:10:30 UTC (rev 654) @@ -0,0 +1,19 @@ +/Library/LaunchDaemonsm/org.fail2ban.plist +=================================== +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>Disabled</key> + <false/> + <key>Label</key> + <string>fail2ban</string> + <key>ProgramArguments</key> + <array> + <string>/usr/local/bin/fail2ban-client</string> + <string>start</string> + </array> + <key>RunAtLoad</key> + <true/> +</dict> +</plist> \ No newline at end of file This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-03-03 20:46:49
|
Revision: 653 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=653&view=rev Author: lostcontrol Date: 2008-03-03 12:39:04 -0800 (Mon, 03 Mar 2008) Log Message: ----------- - Updated. Modified Paths: -------------- branches/FAIL2BAN-0_8/TODO Modified: branches/FAIL2BAN-0_8/TODO =================================================================== --- branches/FAIL2BAN-0_8/TODO 2008-02-28 23:01:30 UTC (rev 652) +++ branches/FAIL2BAN-0_8/TODO 2008-03-03 20:39:04 UTC (rev 653) @@ -15,9 +15,6 @@ - Removed relative imports -- Discuss where Fail2ban should be installed (/usr/share, - /usr/lib/python/site-packages/, etc) - - Cleanup fail2ban-client and fail2ban-server. Move code to server/ and client/ @@ -45,12 +42,8 @@ - Add gettext support (I18N) -- Fix the cPickle issue with Python 2.5 - - Multiline log reading -- Improve communication. (asyncore, asynchat??) - - Improve execution of action. Why does subprocess.call deadlock with multi-jails? This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-02-28 23:01:28
|
Revision: 652 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=652&view=rev Author: lostcontrol Date: 2008-02-28 15:01:30 -0800 (Thu, 28 Feb 2008) Log Message: ----------- - Fixed "Feb 29" bug. Thanks to James Andrewartha who pointed this out. Thanks to Yaroslav Halchenko for the fix. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/server/datetemplate.py Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2008-02-06 20:17:12 UTC (rev 651) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-02-28 23:01:30 UTC (rev 652) @@ -31,6 +31,8 @@ - Print monitored files in status. - Create a PID file in /var/run/fail2ban/. Thanks to Julien Perez. +- Fixed "Feb 29" bug. Thanks to James Andrewartha who pointed + this out. Thanks to Yaroslav Halchenko for the fix. ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/server/datetemplate.py =================================================================== --- branches/FAIL2BAN-0_8/server/datetemplate.py 2008-02-06 20:17:12 UTC (rev 651) +++ branches/FAIL2BAN-0_8/server/datetemplate.py 2008-02-28 23:01:30 UTC (rev 652) @@ -129,7 +129,14 @@ except ValueError: # Try to convert date string to 'C' locale conv = self.convertLocale(dateMatch.group()) - date = list(time.strptime(conv, self.getPattern())) + try: + date = list(time.strptime(conv, self.getPattern())) + except ValueError: + # Try to add the current year to the pattern. Should fix + # the "Feb 29" issue. + conv += " %s" % MyTime.gmtime()[0] + pattern = "%s %%Y" % self.getPattern() + date = list(time.strptime(conv, pattern)) if date[0] < 2000: # There is probably no year field in the logs date[0] = MyTime.gmtime()[0] This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-02-06 20:17:17
|
Revision: 651 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=651&view=rev Author: lostcontrol Date: 2008-02-06 12:17:12 -0800 (Wed, 06 Feb 2008) Log Message: ----------- - Renamed CHANGELOG to ChangeLog. Modified Paths: -------------- branches/FAIL2BAN-0_8/MANIFEST Added Paths: ----------- branches/FAIL2BAN-0_8/ChangeLog Removed Paths: ------------- branches/FAIL2BAN-0_8/CHANGELOG Deleted: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2008-02-02 20:07:06 UTC (rev 650) +++ branches/FAIL2BAN-0_8/CHANGELOG 2008-02-06 20:17:12 UTC (rev 651) @@ -1,385 +0,0 @@ - __ _ _ ___ _ - / _|__ _(_) |_ ) |__ __ _ _ _ - | _/ _` | | |/ /| '_ \/ _` | ' \ - |_| \__,_|_|_/___|_.__/\__,_|_||_| - -============================================================= -Fail2Ban (version 0.8.2) 2008/??/?? -============================================================= - -ver. 0.8.2 (2008/??/??) - stable ----------- -- Fixed named filter. Thanks to Yaroslav Halchenko -- Fixed wrong path for apache-auth in jail.conf. Thanks to - Vincent Deffontaines -- Fixed timezone bug with epoch date template. Thanks to - Michael Hanselmann -- Added "full line failregex" patch. Thanks to Yaroslav - Halchenko. It will be possible to create stronger failregex - against log injection -- Fixed ipfw action script. Thanks to Nick Munger -- Removed date from logging message when using SYSLOG. Thanks - to Iain Lea -- Fixed "ignore IPs". Only the first value was taken into - account. Thanks to Adrien Clerc -- Moved socket to /var/run/fail2ban. -- Rewrote the communication server. -- Refactoring. Reduced number of files. -- Removed Python 2.4. Minimum required version is now Python - 2.3. -- New log rotation detection algorithm. -- Print monitored files in status. -- Create a PID file in /var/run/fail2ban/. Thanks to Julien - Perez. - -ver. 0.8.1 (2007/08/14) - stable ----------- -- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid -- Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko -- Improved regular expressions. Thanks to Yaroslav Halchenko - and others -- Added sendmail actions. The action started with "mail" are - now deprecated. Thanks to Raphaël Marichez -- Added "ignoreregex" support to fail2ban-regex -- Updated suse-initd and added it to MANIFEST. Thanks to - Christian Rauch -- Tightening up the pid check in redhat-initd. Thanks to - David Nutter -- Added webmin authentication filter. Thanks to Guillaume - Delvit -- Removed textToDns() which is not required anymore. Thanks - to Yaroslav Halchenko -- Added new action iptables-allports. Thanks to Yaroslav - Halchenko -- Added "named" date format to date detector. Thanks to - Yaroslav Halchenko -- Added filter file for named (bind9). Thanks to Yaroslav - Halchenko -- Fixed vsftpd filter. Thanks to Yaroslav Halchenko - -ver. 0.8.0 (2007/05/03) - stable ----------- -- Fixed RedHat init script. Thanks to Jonathan Underwood -- Added Solaris 10 files. Thanks to Hanno 'Rince' Wagner - -ver. 0.7.9 (2007/04/19) - release candidate ----------- -- Close opened handlers. Thanks to Yaroslav Halchenko -- Fixed "reload" bug. Many many thanks to Yaroslav Halchenko -- Added date format for asctime without year -- Modified filters config. Thanks to Michael C. Haller -- Fixed a small bug in mail-buffered.conf - -ver. 0.7.8 (2007/03/21) - release candidate ----------- -- Fixed asctime pattern in datedetector.py -- Added new filters/actions. Thanks to Yaroslav Halchenko -- Added Suse init script and modified gentoo-initd. Thanks to - Christian Rauch -- Moved every locking statements in a try..finally block - -ver. 0.7.7 (2007/02/08) - release candidate ----------- -- Added signal handling in fail2ban-client -- Added a wonderful visual effect when waiting on the server -- fail2ban-client returns an error code if configuration is - not valid -- Added new filters/actions. Thanks to Yaroslav Halchenko -- Call Python interpreter directly (instead of using "env") -- Added file support to fail2ban-regex. Benchmark feature has - been removed -- Added cacti script and template. -- Added IP list in "status <JAIL>". Thanks to Eric Gerbier - -ver. 0.7.6 (2007/01/04) - beta ----------- -- Added a "sleep 1" in redhat-initd. Thanks to Jim Wight -- Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey -- Use numeric output for iptables in "actioncheck" -- Fixed removal of host in hosts.deny. Thanks to René Berber -- Added new date format (2006-12-21 06:43:20) and Exim4 - filter. Thanks to mEDI -- Several "failregex" and "ignoreregex" are now accepted. - Creation of rules should be easier now. -- Added license in COPYING. Thanks to Axel Thimm -- Allow comma in action options. The value of the option must - be escaped with " or '. Thanks to Yaroslav Halchenko -- Now Fail2ban goes in /usr/share/fail2ban instead of - /usr/lib/fail2ban. This is more compliant with FHS. Thanks - to Axel Thimm and Yaroslav Halchenko - -ver. 0.7.5 (2006/12/07) - beta ----------- -- Do not ban a host that is currently banned. Thanks to - Yaroslav Halchenko -- The supported tags in "action(un)ban" are <ip>, <failures> - and <time> -- Fixed refactoring bug (getLastcommand -> getLastAction) -- Added option "ignoreregex" in filter scripts and jail.conf. - Feature Request #1283304 -- Fixed a bug in user defined time regex/pattern -- Improved documentation -- Moved version.py and protocol.py to common/ -- Merged "maxtime" option with "findtime" -- Added "<HOST>" tag support in failregex which matches - default IP address/hostname. "(?P<host>\S)" is still valid - and supported -- Fixed exception when calling fail2ban-server with unknown - option -- Fixed Debian bug 400162. The "socket" option is now handled - correctly by fail2ban-client -- Fixed RedHat init script. Thanks to Justin Shore -- Changed timeout to 30 secondes before assuming the server - cannot be started. Thanks to Joël Bertrand - -ver. 0.7.4 (2006/11/01) - beta ----------- -- Improved configuration files. Thanks to Yaroslav Halchenko -- Added man page for "fail2ban-regex" -- Moved ban/unban messages from "info" level to "warn" -- Added "-s" option to specify the socket path and "socket" - option in "fail2ban.conf" -- Added "backend" option in "jail.conf" -- Added more filters/actions and jail samples. Thanks to Nick - Munger, Christoph Haas -- Improved testing framework -- Fixed a bug in the return code handling of the executed - commands. Thanks to Yaroslav Halchenko -- Signal handling. There is a bug with join() and signal in - Python -- Better debugging output for "fail2ban-regex" -- Added support for more date format -- cPickle does not work with Python 2.5. Use pickle instead - (performance is not a problem in our case) - -ver. 0.7.3 (2006/09/28) - beta ----------- -- Added man pages. Thanks to Yaroslav Halchenko -- Added wildcard support for "logpath" -- Added Gamin (file and directory monitoring system) support -- (Re)added "ignoreip" option -- Added more concurrency protection -- First attempt at solving bug #1457620 (locale issue) -- Performance improvements -- (Re)added permanent banning with banTime < 0 -- Added DNS support to "ignoreip". Feature Request #1285859 - -ver. 0.7.2 (2006/09/10) - beta ----------- -- Refactoring and code cleanup -- Improved client output -- Added more get/set commands -- Added more configuration templates -- Removed "logpath" and "maxretry" from filter templates. - They must be defined in jail.conf now -- Added interactive mode. Use "-i" -- Added a date detector. "timeregex" and "timepattern" are no - more needed -- Added "fail2ban-regex". This is a tool to help finding - "failregex" -- Improved server communication. Start a new thread for each - incoming request. Fail2ban is not really thread-safe yet - -ver. 0.7.1 (2006/08/23) - alpha ----------- -- Fixed daemon mode bug -- Added Gentoo init.d script -- Fixed path bug when trying to start "fail2ban-server" -- Fixed reload command - -ver. 0.7.0 (2006/08/23) - alpha ----------- -- Almost a complete rewrite :) Fail2ban design is really - better (IMHO). There is a lot of new features -- Client/Server architecture -- Multithreading. Each jail has its own threads: one for the - log reading and another for the actions -- Execute several actions -- Split configuration files. They are more readable and easy - to use -- failregex uses group (<host>) now. This feature was already - present in the Debian package -- lots of things... - -ver. 0.6.1 (2006/03/16) - stable ----------- -- Added permanent banning. Set banTime to a negative value to - enable this feature (-1 is perfect). Thanks to Mannone -- Fixed locale bug. Thanks to Fernando José -- Fixed crash when time format does not match data -- Propagated patch from Debian to fix fail2ban search path - addition to the path search list: now it is added first. - Thanks to Nick Craig-Wood -- Added SMTP authentification for mail notification. Thanks - to Markus Hoffmann -- Removed debug mode as it is confusing for people -- Added parsing of timestamp in TAI64N format (#1275325). - Thanks to Mark Edgington -- Added patch #1382936 (Default formatted syslog logging). - Thanks to Patrick B�rjesson -- Removed 192.168.0.0/16 from ignoreip. Attacks could also - come from the local network. -- Robust startup: if iptables module does not get fully - initialized after startup of fail2ban, fail2ban will do - "maxreinit" attempts to initialize its own firewall. It - will sleep between attempts for "polltime" number of - seconds (closes Debian: #334272). Thanks to Yaroslav - Halchenko -- Added "interpolations" in fail2ban.conf. This is provided - by the ConfigParser module. Old configuration files still - work. Thanks to Yaroslav Halchenko -- Added initial support for hosts.deny and shorewall. Need - more testing. Please test. Thanks to kojiro from Gentoo - forum for hosts.deny support -- Added support for vsftpd. Thanks to zugeschmiert - -ver. 0.6.0 (2005/11/20) - stable ----------- -- Propagated patches introduced by Debian maintainer - (Yaroslav Halchenko): - * Added an option to report local time (including timezone) - or GMT in mail notification. - -ver. 0.5.5 (2005/10/26) - beta ----------- -- Propagated patches introduced by Debian maintainer - (Yaroslav Halchenko): - * Introduced fwcheck option to verify consistency of the - chains. Implemented automatic restart of fail2ban main - function in case check of fwban or fwunban command failed - (closes: #329163, #331695). (Introduced patch was further - adjusted by upstream author). - * Added -f command line parameter for [findtime]. - * Added a cleanup of firewall rules on emergency shutdown - when unknown exception is catched. - * Fail2ban should not crash now if a wrong file name is - specified in config. - * reordered code a bit so that log targets are setup right - after background and then only loglevel (verbose, debug) - is processed, so the warning could be seen in the logs - * Added a keyword <section> in parsing of the subject and - the body of an email sent out by fail2ban (closes: - #330311) - -ver. 0.5.4 (2005/09/13) - beta ----------- -- Fixed bug #1286222. -- Propagated patches introduced by Debian maintainer - (Yaroslav Halchenko): - * Fixed handling of SYSLOG logging target. Now it can log - to any SYSLOG target and facility as directed by the - config - * Format of SYSLOG entries fixed to look closer to standard - * Fixed errata in config/gentoo-confd - * Introduced findtime configuration variable to control the - lifetime of caught "failed" log entries - -ver. 0.5.3 (2005/09/08) - beta ----------- -- Fixed a bug when overriding "maxfailures" or "bantime". - Thanks to Yaroslav Halchenko -- Added more debug output if an error occurs when sending - mail. Thanks to Stephen Gildea -- Renamed "maxretry" to "maxfailures" and changed default - value to 5. Thanks to Stephen Gildea -- Hopefully fixed bug #1256075 -- Fixed bug #1262345 -- Fixed exception handling in PIDLock -- Removed warning when using "-V" or "-h" with no config - file. Thanks to Yaroslav Halchenko -- Removed "-i eth0" from config file. Thanks to Yaroslav - Halchenko - -ver. 0.5.2 (2005/08/06) - beta ----------- -- Better PID lock file handling. Should close #1239562 -- Added man pages -- Removed log4py dependency. Use logging module instead -- "maxretry" and "bantime" can be overridden in each section -- Fixed bug #1246278 (excessive memory usage) -- Fixed crash on wrong option value in configuration file -- Changed custom chains to lowercase - -ver. 0.5.1 (2005/07/23) - beta ----------- -- Fixed bugs #1241756, #1239557 -- Added log targets in configuration file. Removed -l option -- Changed iptables rules in order to create a separated chain - for each section -- Fixed static banList in firewall.py -- Added an initd script for Debian. Thanks to Yaroslav - Halchenko -- Check for obsolete files after install - -ver. 0.5.0 (2005/07/12) - beta ----------- -- Added support for CIDR mask in ignoreip -- Added mail notification support -- Fixed bug #1234699 -- Added tags replacement in rules definition. Should allow a - clean solution for Feature Request #1229479 -- Removed "interface" and "firewall" options -- Added start and end commands in the configuration file. - Thanks to Yaroslav Halchenko -- Added firewall rules definition in the configuration file -- Cleaned fail2ban.py -- Added an initd script for RedHat/Fedora. Thanks to Andrey - G. Grozin - -ver. 0.4.1 (2005/06/30) - stable ----------- -- Fixed textToDNS method which generated wrong matches for - "rhost=12-xyz...". Thanks to Tom Pike -- fail2ban.conf modified for readability. Thanks to Iain Lea -- Added an initd script for Gentoo -- Changed default PID lock file location from /tmp to - /var/run - -ver. 0.4.0 (2005/04/24) - stable ----------- -- Fixed textToDNS which did not recognize strings like - "12-345-67-890.abcd.mnopqr.xyz" - -ver. 0.3.1 (2005/03/31) - beta ----------- -- Corrected level of messages -- Added DNS lookup support -- Improved parsing speed. Only parse the new log messages -- Added a second verbose level (-vv) - -ver. 0.3.0 (2005/02/24) - beta ----------- -- Re-writting of parts of the code in order to handle several - log files with different rules -- Removed sshd.py because it is no more needed -- Fixed a bug when exiting with IP in the ban list -- Added PID lock file -- Improved some parts of the code -- Added ipfw-start-rule option (thanks to Robert Edeker) -- Added -k option which kills a currently running Fail2Ban - -ver. 0.1.2 (2004/11/21) - beta ----------- -- Add ipfw and ipfwadm support. The rules are taken from - BlockIt. Thanks to Robert Edeker -- Add -e option which allows to set the interface. Thanks to - Robert Edeker who reminded me this -- Small code cleaning - -ver. 0.1.1 (2004/10/23) - beta ----------- -- Add SIGTERM handler in order to exit nicely when in daemon - mode -- Add -r option which allows to set the maximum number of - login failures -- Remove the Metalog class as the log file are not so syslog - daemon specific -- Rewrite log reader to be service centered. Sshd support - added. Match "Failed password" and "Illegal user" -- Add /etc/fail2ban.conf configuration support -- Code documentation - - -ver. 0.1.0 (2004/10/12) - alpha ----------- -- Initial release Copied: branches/FAIL2BAN-0_8/ChangeLog (from rev 647, branches/FAIL2BAN-0_8/CHANGELOG) =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog (rev 0) +++ branches/FAIL2BAN-0_8/ChangeLog 2008-02-06 20:17:12 UTC (rev 651) @@ -0,0 +1,385 @@ + __ _ _ ___ _ + / _|__ _(_) |_ ) |__ __ _ _ _ + | _/ _` | | |/ /| '_ \/ _` | ' \ + |_| \__,_|_|_/___|_.__/\__,_|_||_| + +============================================================= +Fail2Ban (version 0.8.2) 2008/??/?? +============================================================= + +ver. 0.8.2 (2008/??/??) - stable +---------- +- Fixed named filter. Thanks to Yaroslav Halchenko +- Fixed wrong path for apache-auth in jail.conf. Thanks to + Vincent Deffontaines +- Fixed timezone bug with epoch date template. Thanks to + Michael Hanselmann +- Added "full line failregex" patch. Thanks to Yaroslav + Halchenko. It will be possible to create stronger failregex + against log injection +- Fixed ipfw action script. Thanks to Nick Munger +- Removed date from logging message when using SYSLOG. Thanks + to Iain Lea +- Fixed "ignore IPs". Only the first value was taken into + account. Thanks to Adrien Clerc +- Moved socket to /var/run/fail2ban. +- Rewrote the communication server. +- Refactoring. Reduced number of files. +- Removed Python 2.4. Minimum required version is now Python + 2.3. +- New log rotation detection algorithm. +- Print monitored files in status. +- Create a PID file in /var/run/fail2ban/. Thanks to Julien + Perez. + +ver. 0.8.1 (2007/08/14) - stable +---------- +- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid +- Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko +- Improved regular expressions. Thanks to Yaroslav Halchenko + and others +- Added sendmail actions. The action started with "mail" are + now deprecated. Thanks to Raphaël Marichez +- Added "ignoreregex" support to fail2ban-regex +- Updated suse-initd and added it to MANIFEST. Thanks to + Christian Rauch +- Tightening up the pid check in redhat-initd. Thanks to + David Nutter +- Added webmin authentication filter. Thanks to Guillaume + Delvit +- Removed textToDns() which is not required anymore. Thanks + to Yaroslav Halchenko +- Added new action iptables-allports. Thanks to Yaroslav + Halchenko +- Added "named" date format to date detector. Thanks to + Yaroslav Halchenko +- Added filter file for named (bind9). Thanks to Yaroslav + Halchenko +- Fixed vsftpd filter. Thanks to Yaroslav Halchenko + +ver. 0.8.0 (2007/05/03) - stable +---------- +- Fixed RedHat init script. Thanks to Jonathan Underwood +- Added Solaris 10 files. Thanks to Hanno 'Rince' Wagner + +ver. 0.7.9 (2007/04/19) - release candidate +---------- +- Close opened handlers. Thanks to Yaroslav Halchenko +- Fixed "reload" bug. Many many thanks to Yaroslav Halchenko +- Added date format for asctime without year +- Modified filters config. Thanks to Michael C. Haller +- Fixed a small bug in mail-buffered.conf + +ver. 0.7.8 (2007/03/21) - release candidate +---------- +- Fixed asctime pattern in datedetector.py +- Added new filters/actions. Thanks to Yaroslav Halchenko +- Added Suse init script and modified gentoo-initd. Thanks to + Christian Rauch +- Moved every locking statements in a try..finally block + +ver. 0.7.7 (2007/02/08) - release candidate +---------- +- Added signal handling in fail2ban-client +- Added a wonderful visual effect when waiting on the server +- fail2ban-client returns an error code if configuration is + not valid +- Added new filters/actions. Thanks to Yaroslav Halchenko +- Call Python interpreter directly (instead of using "env") +- Added file support to fail2ban-regex. Benchmark feature has + been removed +- Added cacti script and template. +- Added IP list in "status <JAIL>". Thanks to Eric Gerbier + +ver. 0.7.6 (2007/01/04) - beta +---------- +- Added a "sleep 1" in redhat-initd. Thanks to Jim Wight +- Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey +- Use numeric output for iptables in "actioncheck" +- Fixed removal of host in hosts.deny. Thanks to René Berber +- Added new date format (2006-12-21 06:43:20) and Exim4 + filter. Thanks to mEDI +- Several "failregex" and "ignoreregex" are now accepted. + Creation of rules should be easier now. +- Added license in COPYING. Thanks to Axel Thimm +- Allow comma in action options. The value of the option must + be escaped with " or '. Thanks to Yaroslav Halchenko +- Now Fail2ban goes in /usr/share/fail2ban instead of + /usr/lib/fail2ban. This is more compliant with FHS. Thanks + to Axel Thimm and Yaroslav Halchenko + +ver. 0.7.5 (2006/12/07) - beta +---------- +- Do not ban a host that is currently banned. Thanks to + Yaroslav Halchenko +- The supported tags in "action(un)ban" are <ip>, <failures> + and <time> +- Fixed refactoring bug (getLastcommand -> getLastAction) +- Added option "ignoreregex" in filter scripts and jail.conf. + Feature Request #1283304 +- Fixed a bug in user defined time regex/pattern +- Improved documentation +- Moved version.py and protocol.py to common/ +- Merged "maxtime" option with "findtime" +- Added "<HOST>" tag support in failregex which matches + default IP address/hostname. "(?P<host>\S)" is still valid + and supported +- Fixed exception when calling fail2ban-server with unknown + option +- Fixed Debian bug 400162. The "socket" option is now handled + correctly by fail2ban-client +- Fixed RedHat init script. Thanks to Justin Shore +- Changed timeout to 30 secondes before assuming the server + cannot be started. Thanks to Joël Bertrand + +ver. 0.7.4 (2006/11/01) - beta +---------- +- Improved configuration files. Thanks to Yaroslav Halchenko +- Added man page for "fail2ban-regex" +- Moved ban/unban messages from "info" level to "warn" +- Added "-s" option to specify the socket path and "socket" + option in "fail2ban.conf" +- Added "backend" option in "jail.conf" +- Added more filters/actions and jail samples. Thanks to Nick + Munger, Christoph Haas +- Improved testing framework +- Fixed a bug in the return code handling of the executed + commands. Thanks to Yaroslav Halchenko +- Signal handling. There is a bug with join() and signal in + Python +- Better debugging output for "fail2ban-regex" +- Added support for more date format +- cPickle does not work with Python 2.5. Use pickle instead + (performance is not a problem in our case) + +ver. 0.7.3 (2006/09/28) - beta +---------- +- Added man pages. Thanks to Yaroslav Halchenko +- Added wildcard support for "logpath" +- Added Gamin (file and directory monitoring system) support +- (Re)added "ignoreip" option +- Added more concurrency protection +- First attempt at solving bug #1457620 (locale issue) +- Performance improvements +- (Re)added permanent banning with banTime < 0 +- Added DNS support to "ignoreip". Feature Request #1285859 + +ver. 0.7.2 (2006/09/10) - beta +---------- +- Refactoring and code cleanup +- Improved client output +- Added more get/set commands +- Added more configuration templates +- Removed "logpath" and "maxretry" from filter templates. + They must be defined in jail.conf now +- Added interactive mode. Use "-i" +- Added a date detector. "timeregex" and "timepattern" are no + more needed +- Added "fail2ban-regex". This is a tool to help finding + "failregex" +- Improved server communication. Start a new thread for each + incoming request. Fail2ban is not really thread-safe yet + +ver. 0.7.1 (2006/08/23) - alpha +---------- +- Fixed daemon mode bug +- Added Gentoo init.d script +- Fixed path bug when trying to start "fail2ban-server" +- Fixed reload command + +ver. 0.7.0 (2006/08/23) - alpha +---------- +- Almost a complete rewrite :) Fail2ban design is really + better (IMHO). There is a lot of new features +- Client/Server architecture +- Multithreading. Each jail has its own threads: one for the + log reading and another for the actions +- Execute several actions +- Split configuration files. They are more readable and easy + to use +- failregex uses group (<host>) now. This feature was already + present in the Debian package +- lots of things... + +ver. 0.6.1 (2006/03/16) - stable +---------- +- Added permanent banning. Set banTime to a negative value to + enable this feature (-1 is perfect). Thanks to Mannone +- Fixed locale bug. Thanks to Fernando José +- Fixed crash when time format does not match data +- Propagated patch from Debian to fix fail2ban search path + addition to the path search list: now it is added first. + Thanks to Nick Craig-Wood +- Added SMTP authentification for mail notification. Thanks + to Markus Hoffmann +- Removed debug mode as it is confusing for people +- Added parsing of timestamp in TAI64N format (#1275325). + Thanks to Mark Edgington +- Added patch #1382936 (Default formatted syslog logging). + Thanks to Patrick B�rjesson +- Removed 192.168.0.0/16 from ignoreip. Attacks could also + come from the local network. +- Robust startup: if iptables module does not get fully + initialized after startup of fail2ban, fail2ban will do + "maxreinit" attempts to initialize its own firewall. It + will sleep between attempts for "polltime" number of + seconds (closes Debian: #334272). Thanks to Yaroslav + Halchenko +- Added "interpolations" in fail2ban.conf. This is provided + by the ConfigParser module. Old configuration files still + work. Thanks to Yaroslav Halchenko +- Added initial support for hosts.deny and shorewall. Need + more testing. Please test. Thanks to kojiro from Gentoo + forum for hosts.deny support +- Added support for vsftpd. Thanks to zugeschmiert + +ver. 0.6.0 (2005/11/20) - stable +---------- +- Propagated patches introduced by Debian maintainer + (Yaroslav Halchenko): + * Added an option to report local time (including timezone) + or GMT in mail notification. + +ver. 0.5.5 (2005/10/26) - beta +---------- +- Propagated patches introduced by Debian maintainer + (Yaroslav Halchenko): + * Introduced fwcheck option to verify consistency of the + chains. Implemented automatic restart of fail2ban main + function in case check of fwban or fwunban command failed + (closes: #329163, #331695). (Introduced patch was further + adjusted by upstream author). + * Added -f command line parameter for [findtime]. + * Added a cleanup of firewall rules on emergency shutdown + when unknown exception is catched. + * Fail2ban should not crash now if a wrong file name is + specified in config. + * reordered code a bit so that log targets are setup right + after background and then only loglevel (verbose, debug) + is processed, so the warning could be seen in the logs + * Added a keyword <section> in parsing of the subject and + the body of an email sent out by fail2ban (closes: + #330311) + +ver. 0.5.4 (2005/09/13) - beta +---------- +- Fixed bug #1286222. +- Propagated patches introduced by Debian maintainer + (Yaroslav Halchenko): + * Fixed handling of SYSLOG logging target. Now it can log + to any SYSLOG target and facility as directed by the + config + * Format of SYSLOG entries fixed to look closer to standard + * Fixed errata in config/gentoo-confd + * Introduced findtime configuration variable to control the + lifetime of caught "failed" log entries + +ver. 0.5.3 (2005/09/08) - beta +---------- +- Fixed a bug when overriding "maxfailures" or "bantime". + Thanks to Yaroslav Halchenko +- Added more debug output if an error occurs when sending + mail. Thanks to Stephen Gildea +- Renamed "maxretry" to "maxfailures" and changed default + value to 5. Thanks to Stephen Gildea +- Hopefully fixed bug #1256075 +- Fixed bug #1262345 +- Fixed exception handling in PIDLock +- Removed warning when using "-V" or "-h" with no config + file. Thanks to Yaroslav Halchenko +- Removed "-i eth0" from config file. Thanks to Yaroslav + Halchenko + +ver. 0.5.2 (2005/08/06) - beta +---------- +- Better PID lock file handling. Should close #1239562 +- Added man pages +- Removed log4py dependency. Use logging module instead +- "maxretry" and "bantime" can be overridden in each section +- Fixed bug #1246278 (excessive memory usage) +- Fixed crash on wrong option value in configuration file +- Changed custom chains to lowercase + +ver. 0.5.1 (2005/07/23) - beta +---------- +- Fixed bugs #1241756, #1239557 +- Added log targets in configuration file. Removed -l option +- Changed iptables rules in order to create a separated chain + for each section +- Fixed static banList in firewall.py +- Added an initd script for Debian. Thanks to Yaroslav + Halchenko +- Check for obsolete files after install + +ver. 0.5.0 (2005/07/12) - beta +---------- +- Added support for CIDR mask in ignoreip +- Added mail notification support +- Fixed bug #1234699 +- Added tags replacement in rules definition. Should allow a + clean solution for Feature Request #1229479 +- Removed "interface" and "firewall" options +- Added start and end commands in the configuration file. + Thanks to Yaroslav Halchenko +- Added firewall rules definition in the configuration file +- Cleaned fail2ban.py +- Added an initd script for RedHat/Fedora. Thanks to Andrey + G. Grozin + +ver. 0.4.1 (2005/06/30) - stable +---------- +- Fixed textToDNS method which generated wrong matches for + "rhost=12-xyz...". Thanks to Tom Pike +- fail2ban.conf modified for readability. Thanks to Iain Lea +- Added an initd script for Gentoo +- Changed default PID lock file location from /tmp to + /var/run + +ver. 0.4.0 (2005/04/24) - stable +---------- +- Fixed textToDNS which did not recognize strings like + "12-345-67-890.abcd.mnopqr.xyz" + +ver. 0.3.1 (2005/03/31) - beta +---------- +- Corrected level of messages +- Added DNS lookup support +- Improved parsing speed. Only parse the new log messages +- Added a second verbose level (-vv) + +ver. 0.3.0 (2005/02/24) - beta +---------- +- Re-writting of parts of the code in order to handle several + log files with different rules +- Removed sshd.py because it is no more needed +- Fixed a bug when exiting with IP in the ban list +- Added PID lock file +- Improved some parts of the code +- Added ipfw-start-rule option (thanks to Robert Edeker) +- Added -k option which kills a currently running Fail2Ban + +ver. 0.1.2 (2004/11/21) - beta +---------- +- Add ipfw and ipfwadm support. The rules are taken from + BlockIt. Thanks to Robert Edeker +- Add -e option which allows to set the interface. Thanks to + Robert Edeker who reminded me this +- Small code cleaning + +ver. 0.1.1 (2004/10/23) - beta +---------- +- Add SIGTERM handler in order to exit nicely when in daemon + mode +- Add -r option which allows to set the maximum number of + login failures +- Remove the Metalog class as the log file are not so syslog + daemon specific +- Rewrite log reader to be service centered. Sshd support + added. Match "Failed password" and "Illegal user" +- Add /etc/fail2ban.conf configuration support +- Code documentation + + +ver. 0.1.0 (2004/10/12) - alpha +---------- +- Initial release Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2008-02-02 20:07:06 UTC (rev 650) +++ branches/FAIL2BAN-0_8/MANIFEST 2008-02-06 20:17:12 UTC (rev 651) @@ -1,5 +1,5 @@ README -CHANGELOG +ChangeLog TODO COPYING fail2ban-client This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-02-02 20:13:12
|
Revision: 650 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=650&view=rev Author: lostcontrol Date: 2008-02-02 12:07:06 -0800 (Sat, 02 Feb 2008) Log Message: ----------- - Fixed date values. Modified Paths: -------------- branches/FAIL2BAN-0_8/testcases/datedetectortestcase.py Modified: branches/FAIL2BAN-0_8/testcases/datedetectortestcase.py =================================================================== --- branches/FAIL2BAN-0_8/testcases/datedetectortestcase.py 2008-02-02 17:04:11 UTC (rev 649) +++ branches/FAIL2BAN-0_8/testcases/datedetectortestcase.py 2008-02-02 20:07:06 UTC (rev 650) @@ -40,8 +40,8 @@ def testGetEpochTime(self): log = "1138049999 [sshd] error: PAM: Authentication failure" - date = [2006, 1, 23, 20, 59, 59, 0, 23, 0] - dateUnix = 1138046399.0 + date = [2006, 1, 23, 21, 59, 59, 0, 23, 0] + dateUnix = 1138049999.0 self.assertEqual(self.__datedetector.getTime(log), date) self.assertEqual(self.__datedetector.getUnixTime(log), dateUnix) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-02-02 17:13:56
|
Revision: 649 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=649&view=rev Author: lostcontrol Date: 2008-02-02 09:04:11 -0800 (Sat, 02 Feb 2008) Log Message: ----------- - Added missing argument. - Fixed use of FileContainer in filterpoll.py. Modified Paths: -------------- branches/FAIL2BAN-0_8/server/filtergamin.py branches/FAIL2BAN-0_8/server/filterpoll.py Modified: branches/FAIL2BAN-0_8/server/filtergamin.py =================================================================== --- branches/FAIL2BAN-0_8/server/filtergamin.py 2008-02-02 16:59:45 UTC (rev 648) +++ branches/FAIL2BAN-0_8/server/filtergamin.py 2008-02-02 17:04:11 UTC (rev 649) @@ -69,12 +69,12 @@ # # @param path log file path - def addLogPath(self, path): + def addLogPath(self, path, tail = False): if self.containsLogPath(path): logSys.error(path + " already exists") else: self.monitor.watch_file(path, self.callback) - FileFilter.addLogPath(self, path) + FileFilter.addLogPath(self, path, tail) logSys.info("Added logfile = %s" % path) ## Modified: branches/FAIL2BAN-0_8/server/filterpoll.py =================================================================== --- branches/FAIL2BAN-0_8/server/filterpoll.py 2008-02-02 16:59:45 UTC (rev 648) +++ branches/FAIL2BAN-0_8/server/filterpoll.py 2008-02-02 17:04:11 UTC (rev 649) @@ -61,13 +61,13 @@ # # @param path log file path - def addLogPath(self, path): + def addLogPath(self, path, tail = False): if self.containsLogPath(path): logSys.error(path + " already exists") else: self.__lastModTime[path] = 0 self.__file404Cnt[path] = 0 - FileFilter.addLogPath(self, path) + FileFilter.addLogPath(self, path, tail) logSys.info("Added logfile = %s" % path) ## @@ -96,9 +96,9 @@ while self._isActive(): if not self.getIdle(): # Get file modification - for f in self.getLogPath(): - if self.isModified(f): - self.getFailures(f) + for container in self.getLogPath(): + if self.isModified(container.getFileName()): + self.getFailures(container.getFileName()) self.__modified = True if self.__modified: This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-02-02 17:03:35
|
Revision: 648 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=648&view=rev Author: lostcontrol Date: 2008-02-02 08:59:45 -0800 (Sat, 02 Feb 2008) Log Message: ----------- - Removed debug message. Modified Paths: -------------- branches/FAIL2BAN-0_8/server/asyncserver.py Modified: branches/FAIL2BAN-0_8/server/asyncserver.py =================================================================== --- branches/FAIL2BAN-0_8/server/asyncserver.py 2008-01-20 16:30:35 UTC (rev 647) +++ branches/FAIL2BAN-0_8/server/asyncserver.py 2008-02-02 16:59:45 UTC (rev 648) @@ -48,7 +48,7 @@ self.set_terminator(RequestHandler.END_STRING) def collect_incoming_data(self, data): - logSys.debug("Received raw data: " + str(data)) + #logSys.debug("Received raw data: " + str(data)) self.__buffer.append(data) ## This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-01-20 16:30:52
|
Revision: 647 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=647&view=rev Author: lostcontrol Date: 2008-01-20 08:30:35 -0800 (Sun, 20 Jan 2008) Log Message: ----------- - Create a PID file in /var/run/fail2ban/. Thanks to Julien Perez. Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/server/server.py Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2008-01-19 11:14:07 UTC (rev 646) +++ branches/FAIL2BAN-0_8/CHANGELOG 2008-01-20 16:30:35 UTC (rev 647) @@ -29,6 +29,8 @@ 2.3. - New log rotation detection algorithm. - Print monitored files in status. +- Create a PID file in /var/run/fail2ban/. Thanks to Julien + Perez. ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/server/server.py =================================================================== --- branches/FAIL2BAN-0_8/server/server.py 2008-01-19 11:14:07 UTC (rev 646) +++ branches/FAIL2BAN-0_8/server/server.py 2008-01-20 16:30:35 UTC (rev 647) @@ -36,6 +36,8 @@ logSys = logging.getLogger("fail2ban.server") class Server: + + PID_FILE = "/var/run/fail2ban/fail2ban.pid" def __init__(self, daemon = False): self.__loggingLock = Lock() @@ -57,6 +59,15 @@ def start(self, sock, force = False): logSys.info("Starting Fail2ban v" + version.version) + # Creates a PID file. + try: + logSys.debug("Creating PID file %s" % Server.PID_FILE) + pidFile = open(Server.PID_FILE, 'w') + pidFile.write("%s\n" % os.getpid()) + pidFile.close() + except IOError, e: + logSys.error("Unable to create PID file: %s" % e) + # Install signal handlers signal.signal(signal.SIGTERM, self.__sigTERMhandler) signal.signal(signal.SIGINT, self.__sigTERMhandler) @@ -76,6 +87,12 @@ self.__asyncServer.start(sock, force) except AsyncServerException, e: logSys.error("Could not start server: %s", e) + # Removes the PID file. + try: + logSys.debug("Remove PID file %s" % Server.PID_FILE) + os.remove(Server.PID_FILE) + except OSError, e: + logSys.error("Unable to remove PID file: %s" % e) logSys.info("Exiting Fail2ban") def quit(self): This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-01-19 11:14:10
|
Revision: 646 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=646&view=rev Author: lostcontrol Date: 2008-01-19 03:14:07 -0800 (Sat, 19 Jan 2008) Log Message: ----------- - Fixed import of modules. Modified Paths: -------------- branches/FAIL2BAN-0_8/fail2ban-server Modified: branches/FAIL2BAN-0_8/fail2ban-server =================================================================== --- branches/FAIL2BAN-0_8/fail2ban-server 2008-01-16 22:55:04 UTC (rev 645) +++ branches/FAIL2BAN-0_8/fail2ban-server 2008-01-19 11:14:07 UTC (rev 646) @@ -27,13 +27,12 @@ import getopt, sys, logging -from common.version import version -from server.server import Server - # Inserts our own modules path first in the list # fix for bug #343821 sys.path.insert(1, "/usr/share/fail2ban") +from common.version import version +from server.server import Server # Gets the instance of the logger. logSys = logging.getLogger("fail2ban") This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-01-16 22:59:11
|
Revision: 645 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=645&view=rev Author: lostcontrol Date: 2008-01-16 14:55:04 -0800 (Wed, 16 Jan 2008) Log Message: ----------- - Small refactoring. Modified Paths: -------------- branches/FAIL2BAN-0_8/server/datedetector.py branches/FAIL2BAN-0_8/server/datetemplate.py Modified: branches/FAIL2BAN-0_8/server/datedetector.py =================================================================== --- branches/FAIL2BAN-0_8/server/datedetector.py 2008-01-14 23:12:21 UTC (rev 644) +++ branches/FAIL2BAN-0_8/server/datedetector.py 2008-01-16 22:55:04 UTC (rev 645) @@ -41,8 +41,8 @@ self.__templates = list() def addDefaultTemplate(self): + self.__lock.acquire() try: - self.__lock.acquire() # standard template = DateStrptime() template.setName("Month Day Hour:Minute:Second") @@ -100,8 +100,8 @@ return self.__templates def matchTime(self, line): + self.__lock.acquire() try: - self.__lock.acquire() for template in self.__templates: match = template.matchDate(line) if not match == None: @@ -111,8 +111,8 @@ self.__lock.release() def getTime(self, line): + self.__lock.acquire() try: - self.__lock.acquire() for template in self.__templates: try: date = template.getDate(line) @@ -137,8 +137,8 @@ # in this object and thus should be called from time to time. def sortTemplate(self): + self.__lock.acquire() try: - self.__lock.acquire() logSys.debug("Sorting the template list") self.__templates.sort(lambda x, y: cmp(x.getHits(), y.getHits())) self.__templates.reverse() Modified: branches/FAIL2BAN-0_8/server/datetemplate.py =================================================================== --- branches/FAIL2BAN-0_8/server/datetemplate.py 2008-01-14 23:12:21 UTC (rev 644) +++ branches/FAIL2BAN-0_8/server/datetemplate.py 2008-01-16 22:55:04 UTC (rev 645) @@ -35,7 +35,6 @@ self.__name = "" self.__regex = "" self.__cRegex = None - self.__pattern = "" self.__hits = 0 def setName(self, name): @@ -51,15 +50,6 @@ def getRegex(self): return self.__regex - def setPattern(self, pattern): - self.__pattern = pattern.strip() - - def getPattern(self): - return self.__pattern - - def isValid(self): - return self.__regex != "" and self.__pattern != "" - def getHits(self): return self.__hits @@ -112,7 +102,14 @@ def __init__(self): DateTemplate.__init__(self) + self.__pattern = "" + def setPattern(self, pattern): + self.__pattern = pattern.strip() + + def getPattern(self): + return self.__pattern + #@staticmethod def convertLocale(date): for t in DateStrptime.TABLE: This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-01-14 23:12:30
|
Revision: 644 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=644&view=rev Author: lostcontrol Date: 2008-01-14 15:12:21 -0800 (Mon, 14 Jan 2008) Log Message: ----------- - New log rotation detection algorithm. - Print monitored files in status. Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/client/beautifier.py branches/FAIL2BAN-0_8/server/filter.py branches/FAIL2BAN-0_8/server/filtergamin.py Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2008-01-13 15:49:23 UTC (rev 643) +++ branches/FAIL2BAN-0_8/CHANGELOG 2008-01-14 23:12:21 UTC (rev 644) @@ -4,10 +4,10 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= -Fail2Ban (version 0.8.2) 2007/??/?? +Fail2Ban (version 0.8.2) 2008/??/?? ============================================================= -ver. 0.8.2 (2007/??/??) - stable +ver. 0.8.2 (2008/??/??) - stable ---------- - Fixed named filter. Thanks to Yaroslav Halchenko - Fixed wrong path for apache-auth in jail.conf. Thanks to @@ -27,6 +27,8 @@ - Refactoring. Reduced number of files. - Removed Python 2.4. Minimum required version is now Python 2.3. +- New log rotation detection algorithm. +- Print monitored files in status. ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/client/beautifier.py =================================================================== --- branches/FAIL2BAN-0_8/client/beautifier.py 2008-01-13 15:49:23 UTC (rev 643) +++ branches/FAIL2BAN-0_8/client/beautifier.py 2008-01-14 23:12:21 UTC (rev 644) @@ -72,9 +72,14 @@ ipList = "" for ip in response[1][1][2][1]: ipList += ip + " " + # Creates file list. + fileList = "" + for f in response[0][1][2][1]: + fileList += f + " " # Display information msg = "Status for the jail: " + inC[1] + "\n" msg = msg + "|- " + response[0][0] + "\n" + msg = msg + "| |- " + response[0][1][2][0] + ":\t" + fileList + "\n" msg = msg + "| |- " + response[0][1][0][0] + ":\t" + `response[0][1][0][1]` + "\n" msg = msg + "| `- " + response[0][1][1][0] + ":\t" + `response[0][1][1][1]` + "\n" msg = msg + "`- " + response[1][0] + "\n" Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2008-01-13 15:49:23 UTC (rev 643) +++ branches/FAIL2BAN-0_8/server/filter.py 2008-01-14 23:12:21 UTC (rev 644) @@ -242,8 +242,8 @@ # Decode line to UTF-8 l = line.decode('utf-8') except UnicodeDecodeError: - pass - timeMatch = self.dateDetector.matchTime(line) + l = line + timeMatch = self.dateDetector.matchTime(l) if not timeMatch: # There is no valid time in this line return @@ -335,26 +335,17 @@ def __init__(self, jail): Filter.__init__(self, jail) - ## The log file handler. - self.__crtHandler = None - self.__crtFilename = None ## The log file path. self.__logPath = [] - ## The last position of the file. - self.__lastPos = dict() - ## The last date in tht log file. - self.__lastDate = dict() ## # Add a log file path # # @param path log file path - def addLogPath(self, path): - self.getLogPath().append(path) - # Initialize default values - self.__lastDate[path] = 0 - self.__lastPos[path] = 0 + def addLogPath(self, path, tail = False): + container = FileContainer(path, tail) + self.__logPath.append(container) ## # Delete a log path @@ -362,9 +353,10 @@ # @param path the log file to delete def delLogPath(self, path): - self.getLogPath().remove(path) - del self.__lastDate[path] - del self.__lastPos[path] + for log in self.__logPath: + if log.getFileName() == path: + self.__logPath.remove(log) + return ## # Get the log file path @@ -381,64 +373,18 @@ # @return True if the path is already monitored else False def containsLogPath(self, path): - try: - self.getLogPath().index(path) - return True - except ValueError: - return False - - ## - # Open the log file. - - def __openLogFile(self, filename): - """ Opens the log file specified on init. - """ - try: - self.__crtFilename = filename - self.__crtHandler = open(filename) - logSys.debug("Opened " + filename) - return True - except OSError: - logSys.error("Unable to open " + filename) - except IOError: - logSys.error("Unable to read " + filename + - ". Please check permissions") + for log in self.__logPath: + if log.getFileName() == path: + return True return False - ## - # Close the log file. + def getFileContainer(self, path): + for log in self.__logPath: + if log.getFileName() == path: + return log + return None - def __closeLogFile(self): - self.__crtFilename = None - self.__crtHandler.close() - ## - # Set the file position. - # - # Sets the file position. We must take care of log file rotation - # and reset the position to 0 in that case. Use the log message - # timestamp in order to detect this. - - def __setFilePos(self): - line = self.__crtHandler.readline() - lastDate = self.__lastDate[self.__crtFilename] - lineDate = self.dateDetector.getUnixTime(line) - if lastDate < lineDate: - logSys.debug("Date " + `lastDate` + " is smaller than " + `lineDate`) - logSys.debug("Log rotation detected for " + self.__crtFilename) - self.__lastPos[self.__crtFilename] = 0 - lastPos = self.__lastPos[self.__crtFilename] - logSys.debug("Setting file position to " + `lastPos` + " for " + - self.__crtFilename) - self.__crtHandler.seek(lastPos) - - ## - # Get the file position. - - def __getFilePos(self): - return self.__crtHandler.tell() - - ## # Gets all the failure in the log file. # # Gets all the failure in the log file which are newer than @@ -446,13 +392,20 @@ # is created and is added to the FailManager. def getFailures(self, filename): - # Try to open log file. - if not self.__openLogFile(filename): + container = self.getFileContainer(filename) + if container == None: logSys.error("Unable to get failures in " + filename) return False - self.__setFilePos() - lastTimeLine = None - for line in self.__crtHandler: + # Try to open log file. + try: + container.open() + except Exception, e: + logSys.error("Unable to open %s" % filename) + logSys.exception(e) + return False + + line = container.readline() + while not line == "": if not self._isActive(): # The jail has been stopped break @@ -464,6 +417,7 @@ timeMatch = self.dateDetector.matchTime(line) if not timeMatch: # There is no valid time in this line + line = container.readline() continue # Lets split into time part and log part of the line timeLine = timeMatch.group() @@ -471,7 +425,6 @@ # anchore at the beginning of the time regexp, we don't # at least allow injection. Should be harmless otherwise logLine = line[:timeMatch.start()] + line[timeMatch.end():] - lastTimeLine = timeLine for element in self.findFailure(timeLine, logLine): ip = element[0] unixTime = element[1] @@ -482,13 +435,78 @@ continue logSys.debug("Found "+ip) self.failManager.addFailure(FailTicket(ip, unixTime)) - self.__lastPos[filename] = self.__getFilePos() - if lastTimeLine: - self.__lastDate[filename] = self.dateDetector.getUnixTime(lastTimeLine) - self.__closeLogFile() + # Read a new line. + line = container.readline() + container.close() return True + + def status(self): + ret = Filter.status(self) + path = [m.getFileName() for m in self.getLogPath()] + ret.append(("File list", path)) + return ret +## +# FileContainer class. +# +# This class manages a file handler and takes care of log rotation detection. +# In order to detect log rotation, the hash (MD5) of the first line of the file +# is computed and compared to the previous hash of this line. +import md5 + +class FileContainer: + + def __init__(self, filename, tail = False): + self.__filename = filename + self.__tail = tail + self.__handler = None + # Try to open the file. Raises an exception if an error occured. + handler = open(filename) + try: + firstLine = handler.readline() + # Computes the MD5 of the first line. + self.__hash = md5.new(firstLine).digest() + # Start at the beginning of file if tail mode is off. + if tail: + handler.seek(0, 2) + self.__pos = handler.tell() + else: + self.__pos = 0 + finally: + handler.close() + + def getFileName(self): + return self.__filename + + def open(self): + self.__handler = open(self.__filename) + firstLine = self.__handler.readline() + # Computes the MD5 of the first line. + myHash = md5.new(firstLine).digest() + # Compare hash. + if not self.__hash == myHash: + logSys.info("Log rotation detected for %s" % self.__filename) + self.__hash = myHash + self.__pos = 0 + # Sets the file pointer to the last position. + self.__handler.seek(self.__pos) + + def readline(self): + if self.__handler == None: + return "" + return self.__handler.readline() + + def close(self): + if not self.__handler == None: + # Saves the last position. + self.__pos = self.__handler.tell() + # Closes the file. + self.__handler.close() + self.__handler = None + + + ## # Utils class for DNS and IP handling. # Modified: branches/FAIL2BAN-0_8/server/filtergamin.py =================================================================== --- branches/FAIL2BAN-0_8/server/filtergamin.py 2008-01-13 15:49:23 UTC (rev 643) +++ branches/FAIL2BAN-0_8/server/filtergamin.py 2008-01-14 23:12:21 UTC (rev 644) @@ -126,6 +126,6 @@ # Desallocates the resources used by Gamin. def __cleanup(self): - for path in self.getLogPath(self): - self.monitor.stop_watch(path) + for path in self.getLogPath(): + self.monitor.stop_watch(path.getFileName()) del self.monitor This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-01-13 15:49:33
|
Revision: 643 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=643&view=rev Author: lostcontrol Date: 2008-01-13 07:49:23 -0800 (Sun, 13 Jan 2008) Log Message: ----------- - Show version at startup. Thanks to Klaus Lehmann. Modified Paths: -------------- branches/FAIL2BAN-0_8/server/server.py Modified: branches/FAIL2BAN-0_8/server/server.py =================================================================== --- branches/FAIL2BAN-0_8/server/server.py 2008-01-05 22:33:44 UTC (rev 642) +++ branches/FAIL2BAN-0_8/server/server.py 2008-01-13 15:49:23 UTC (rev 643) @@ -29,6 +29,7 @@ from transmitter import Transmitter from asyncserver import AsyncServer from asyncserver import AsyncServerException +from common import version import logging, logging.handlers, sys, os, signal # Gets the instance of the logger. @@ -54,7 +55,7 @@ self.quit() def start(self, sock, force = False): - logSys.info("Starting Fail2ban") + logSys.info("Starting Fail2ban v" + version.version) # Install signal handlers signal.signal(signal.SIGTERM, self.__sigTERMhandler) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2008-01-05 22:33:43
|
Revision: 642 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=642&view=rev Author: lostcontrol Date: 2008-01-05 14:33:44 -0800 (Sat, 05 Jan 2008) Log Message: ----------- - Added string and regex to log message. Modified Paths: -------------- branches/FAIL2BAN-0_8/server/failregex.py Modified: branches/FAIL2BAN-0_8/server/failregex.py =================================================================== --- branches/FAIL2BAN-0_8/server/failregex.py 2007-12-26 11:46:22 UTC (rev 641) +++ branches/FAIL2BAN-0_8/server/failregex.py 2008-01-05 22:33:44 UTC (rev 642) @@ -123,5 +123,8 @@ def getHost(self): host = self._matchCache.group("host") if host == None: - raise RegexException("Unexpected error. Please check your regex") + # Gets a few information. + s = self._matchCache.string + r = self._matchCache.re + raise RegexException("No 'host' found in '%s' using '%s'" % (s, r)) return host This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |