From: <los...@us...> - 2007-06-07 21:29:19
|
Revision: 587 http://svn.sourceforge.net/fail2ban/?rev=587&view=rev Author: lostcontrol Date: 2007-06-07 14:29:18 -0700 (Thu, 07 Jun 2007) Log Message: ----------- - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/config/filter.d/sshd.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-05-29 20:08:37 UTC (rev 586) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-06-07 21:29:18 UTC (rev 587) @@ -4,9 +4,13 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= -Fail2Ban (version 0.8.0) 2007/05/03 +Fail2Ban (version 0.8.1) 2007/??/?? ============================================================= +ver. 0.8.1 (2007/??/??) - stable +---------- +- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid + ver. 0.8.0 (2007/05/03) - stable ---------- - Fixed RedHat init script. Thanks to Jonathan Underwood Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2007-05-29 20:08:37 UTC (rev 586) +++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2007-06-07 21:29:18 UTC (rev 587) @@ -14,10 +14,11 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = Authentication failure for .* from <HOST> - Failed [-/\w]+ for .* from <HOST> - ROOT LOGIN REFUSED .* FROM <HOST> - [iI](?:llegal|nvalid) user .* from <HOST> +failregex = Authentication failure for .* from <HOST>$ + Failed [-/\w]+ for .* from <HOST>$ + ROOT LOGIN REFUSED .* FROM <HOST>$ + [iI](?:llegal|nvalid) user .* from <HOST>$ + User .* from <HOST> not allowed because not listed in AllowUsers$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-06-25 21:57:10
|
Revision: 592 http://svn.sourceforge.net/fail2ban/?rev=592&view=rev Author: lostcontrol Date: 2007-06-25 14:57:10 -0700 (Mon, 25 Jun 2007) Log Message: ----------- - Improved regular expressions. Thanks to Yaroslav Halchenko Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf branches/FAIL2BAN-0_8/config/filter.d/sshd-ddos.conf branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf branches/FAIL2BAN-0_8/config/filter.d/wuftpd.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-06-25 21:52:58 UTC (rev 591) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-06-25 21:57:10 UTC (rev 592) @@ -11,6 +11,7 @@ ---------- - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid - Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko +- Improved regular expressions. Thanks to Yaroslav Halchenko ver. 0.8.0 (2007/05/03) - stable ---------- Modified: branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf 2007-06-25 21:52:58 UTC (rev 591) +++ branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf 2007-06-25 21:57:10 UTC (rev 592) @@ -19,7 +19,7 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = pure-ftpd: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$ +failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd-ddos.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/sshd-ddos.conf 2007-06-25 21:52:58 UTC (rev 591) +++ branches/FAIL2BAN-0_8/config/filter.d/sshd-ddos.conf 2007-06-25 21:57:10 UTC (rev 592) @@ -14,7 +14,7 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = sshd\[\S*\]: Did not receive identification string from <HOST> +failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. Modified: branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf 2007-06-25 21:52:58 UTC (rev 591) +++ branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf 2007-06-25 21:57:10 UTC (rev 592) @@ -14,7 +14,7 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = vsftpd: .* authentication failure; .* rhost=<HOST>$ +failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>$ \[.+\] FAIL LOGIN: Client "<HOST>"$ # Option: ignoreregex Modified: branches/FAIL2BAN-0_8/config/filter.d/wuftpd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/wuftpd.conf 2007-06-25 21:52:58 UTC (rev 591) +++ branches/FAIL2BAN-0_8/config/filter.d/wuftpd.conf 2007-06-25 21:57:10 UTC (rev 592) @@ -2,7 +2,7 @@ # # Author: Yaroslav Halchenko # -# $Revision: $ +# $Revision$ # [Definition] @@ -11,4 +11,4 @@ # Notes.: regex to match the password failures messages in the logfile. # Values: TEXT # -failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST> +failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>$ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-07-05 16:10:33
|
Revision: 595 http://svn.sourceforge.net/fail2ban/?rev=595&view=rev Author: lostcontrol Date: 2007-07-05 09:10:33 -0700 (Thu, 05 Jul 2007) Log Message: ----------- - Added sendmail actions. The action started with "mail" are now deprecated. Thanks to Rapha?\195?\171l Marichez - Fixed a small typo Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/MANIFEST branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf branches/FAIL2BAN-0_8/config/action.d/mail.conf branches/FAIL2BAN-0_8/config/jail.conf Added Paths: ----------- branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf branches/FAIL2BAN-0_8/config/action.d/sendmail.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-06-25 22:18:46 UTC (rev 594) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-07-05 16:10:33 UTC (rev 595) @@ -12,6 +12,8 @@ - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid - Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko - Improved regular expressions. Thanks to Yaroslav Halchenko +- Added sendmail actions. The action started with "mail" are + now deprecated. Thanks to Raphaël Marichez ver. 0.8.0 (2007/05/03) - stable ---------- Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2007-06-25 22:18:46 UTC (rev 594) +++ branches/FAIL2BAN-0_8/MANIFEST 2007-07-05 16:10:33 UTC (rev 595) @@ -84,6 +84,10 @@ config/action.d/mail-buffered.conf config/action.d/mail-whois.conf config/action.d/mail-whois-lines.conf +config/action.d/sendmail.conf +config/action.d/sendmail-buffered.conf +config/action.d/sendmail-whois.conf +config/action.d/sendmail-whois-lines.conf config/action.d/shorewall.conf config/fail2ban.conf man/fail2ban-client.1 Modified: branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf 2007-06-25 22:18:46 UTC (rev 594) +++ branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf 2007-07-05 16:10:33 UTC (rev 595) @@ -12,7 +12,7 @@ # Values: CMD # actionstart = echo -en "Hi,\n - The jail <name> has been started successfuly.\n + The jail <name> has been started successfully.\n Output will be buffered until <lines> lines are available.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> Modified: branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf 2007-06-25 22:18:46 UTC (rev 594) +++ branches/FAIL2BAN-0_8/config/action.d/mail-whois-lines.conf 2007-07-05 16:10:33 UTC (rev 595) @@ -12,7 +12,7 @@ # Values: CMD # actionstart = echo -en "Hi,\n - The jail <name> has been started successfuly.\n + The jail <name> has been started successfully.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> Modified: branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf 2007-06-25 22:18:46 UTC (rev 594) +++ branches/FAIL2BAN-0_8/config/action.d/mail-whois.conf 2007-07-05 16:10:33 UTC (rev 595) @@ -12,7 +12,7 @@ # Values: CMD # actionstart = echo -en "Hi,\n - The jail <name> has been started successfuly.\n + The jail <name> has been started successfully.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> Modified: branches/FAIL2BAN-0_8/config/action.d/mail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail.conf 2007-06-25 22:18:46 UTC (rev 594) +++ branches/FAIL2BAN-0_8/config/action.d/mail.conf 2007-07-05 16:10:33 UTC (rev 595) @@ -12,7 +12,7 @@ # Values: CMD # actionstart = echo -en "Hi,\n - The jail <name> has been started successfuly.\n + The jail <name> has been started successfully.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> Added: branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf 2007-07-05 16:10:33 UTC (rev 595) @@ -0,0 +1,105 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# +# $Revision$ +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = echo -en "Subject: [Fail2Ban] <name>: started + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + The jail <name> has been started successfully.\n + Output will be buffered until <lines> lines are available.\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + +# Option: actionend +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = if [ -f <tmpfile> ]; then + echo -en "Subject: [Fail2Ban] <name>: stopped + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + These hosts have been banned by Fail2Ban.\n + `cat <tmpfile>` + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + rm <tmpfile> + fi + echo -en "Subject: [Fail2Ban] <name>: stopped + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + The jail <name> has been stopped.\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionban = echo `date`": <ip> (<failures> failures)" >> <tmpfile> + LINE=$( wc -l <tmpfile> | awk '{ print $1 }' ) + if [ $LINE -eq <lines> ]; then + echo -en "Subject: [Fail2Ban] <name>: stopped + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + These hosts have been banned by Fail2Ban.\n + `cat <tmpfile>` + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + rm <tmpfile> + fi + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionunban = + +[Init] + +# Defaut name of the chain +# +name = default + +# Destination/Addressee of the mail +# +dest = root + +# Sender of the mail +# +sender = fail2ban + +# Default number of lines that are buffered +# +lines = 5 + +# Default temporary file +# +tmpfile = /tmp/fail2ban-mail.txt + Property changes on: branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf ___________________________________________________________________ Name: svn:keywords + Author Date Id Revision Added: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf 2007-07-05 16:10:33 UTC (rev 595) @@ -0,0 +1,88 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# +# $Revision$ +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = echo -en "Subject: [Fail2Ban] <name>: started + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + The jail <name> has been started successfully.\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + +# Option: actionend +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + The jail <name> has been stopped.\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip> + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + The IP <ip> has just been banned by Fail2Ban after + <failures> attempts against <name>.\n\n + Here are more information about <ip>:\n + `/usr/bin/whois <ip>`\n\n + Lines containing IP:<ip> in <logpath>\n + `/bin/grep '\<<ip>\>' <logpath>`\n\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionunban = + +[Init] + +# Defaut name of the chain +# +name = default + +# Destination/Addressee of the mail +# +dest = root + +# Sender of the mail +# +sender = fail2ban + +# Path to the log files which contain relevant lines for the abuser IP +# +logpath = /dev/null + Property changes on: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois-lines.conf ___________________________________________________________________ Name: svn:keywords + Author Date Id Revision Added: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf 2007-07-05 16:10:33 UTC (rev 595) @@ -0,0 +1,82 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# +# $Revision$ +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = echo -en "Subject: [Fail2Ban] <name>: started + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + The jail <name> has been started successfully.\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + +# Option: actionend +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + The jail <name> has been stopped.\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip> + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + The IP <ip> has just been banned by Fail2Ban after + <failures> attempts against <name>.\n\n + Here are more information about <ip>:\n + `/usr/bin/whois <ip>`\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionunban = + +[Init] + +# Defaut name of the chain +# +name = default + +# Destination/Addressee of the mail +# +dest = root + +# Sender of the mail +# +sender = fail2ban + Property changes on: branches/FAIL2BAN-0_8/config/action.d/sendmail-whois.conf ___________________________________________________________________ Name: svn:keywords + Author Date Id Revision Added: branches/FAIL2BAN-0_8/config/action.d/sendmail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail.conf 2007-07-05 16:10:33 UTC (rev 595) @@ -0,0 +1,80 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# +# $Revision$ +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = echo -en "Subject: [Fail2Ban] <name>: started + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + The jail <name> has been started successfully.\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + +# Option: actionend +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + The jail <name> has been stopped.\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip> + From: Fail2Ban <<sender>> + To: <dest>\n + Hi,\n + The IP <ip> has just been banned by Fail2Ban after + <failures> attempts against <name>.\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionunban = + +[Init] + +# Defaut name of the chain +# +name = default + +# Destination/Addressee of the mail +# +dest = root + +# Sender of the mail +# +sender = fail2ban + Property changes on: branches/FAIL2BAN-0_8/config/action.d/sendmail.conf ___________________________________________________________________ Name: svn:keywords + Author Date Id Revision Modified: branches/FAIL2BAN-0_8/config/jail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/jail.conf 2007-06-25 22:18:46 UTC (rev 594) +++ branches/FAIL2BAN-0_8/config/jail.conf 2007-07-05 16:10:33 UTC (rev 595) @@ -45,7 +45,7 @@ enabled = false filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] - mail-whois[name=SSH, dest=you...@ma...] + sendmail-whois[name=SSH, dest=yo...@ma..., sender=fai...@ma...] logpath = /var/log/sshd.log maxretry = 5 @@ -54,7 +54,7 @@ enabled = false filter = proftpd action = iptables[name=ProFTPD, port=ftp, protocol=tcp] - mail-whois[name=ProFTPD, dest=you...@ma...] + sendmail-whois[name=ProFTPD, dest=yo...@ma...] logpath = /var/log/proftpd/proftpd.log maxretry = 6 @@ -66,7 +66,7 @@ filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] - mail-whois[name=sasl, dest=you...@ma...] + sendmail-whois[name=sasl, dest=yo...@ma...] logpath = /var/log/mail.log # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is @@ -77,7 +77,7 @@ enabled = false filter = sshd action = hostsdeny - mail-whois[name=SSH, dest=you...@ma...] + sendmail-whois[name=SSH, dest=yo...@ma...] ignoreregex = for myuser from logpath = /var/log/sshd.log @@ -101,7 +101,7 @@ enabled = false filter = postfix action = hostsdeny[file=/not/a/standard/path/hosts.deny] - mail[name=Postfix, dest=you...@ma...] + sendmail[name=Postfix, dest=yo...@ma...] logpath = /var/log/postfix.log bantime = 300 @@ -112,7 +112,7 @@ enabled = false filter = vsftpd -action = mail-whois[name=VSFTPD, dest=you...@ma...] +action = sendmail-whois[name=VSFTPD, dest=yo...@ma...] logpath = /var/log/vsftpd.log maxretry = 5 bantime = 1800 @@ -124,7 +124,7 @@ enabled = false filter = vsftpd action = iptables[name=VSFTPD, port=ftp, protocol=tcp] - mail-whois[name=VSFTPD, dest=you...@ma...] + sendmail-whois[name=VSFTPD, dest=yo...@ma...] logpath = /var/log/vsftpd.log maxretry = 5 bantime = 1800 @@ -137,7 +137,7 @@ enabled = false filter = apache-badbots action = iptables-multiport[name=BadBots, port="http,https"] - mail-buffered[name=BadBots, lines=5, dest=you...@ma...] + sendmail-buffered[name=BadBots, lines=5, dest=yo...@ma...] logpath = /var/www/*/logs/access_log bantime = 172800 maxretry = 1 @@ -149,7 +149,7 @@ enabled = false filter = apache-noscript action = shorewall - mail[name=Postfix, dest=you...@ma...] + sendmail[name=Postfix, dest=yo...@ma...] logpath = /var/log/apache2/error_log # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" @@ -162,6 +162,6 @@ enabled = false filter = sshd action = ipfw[localhost=192.168.0.1] - mail-whois[name="SSH,IPFW", dest=you...@ma...] + sendmail-whois[name="SSH,IPFW", dest=yo...@ma...] logpath = /var/log/auth.log ignoreip = 168.192.0.1 This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-07-10 20:04:57
|
Revision: 597 http://svn.sourceforge.net/fail2ban/?rev=597&view=rev Author: lostcontrol Date: 2007-07-10 13:04:57 -0700 (Tue, 10 Jul 2007) Log Message: ----------- - Updated suse-initd and added it to MANIFEST. Thanks to Christian Rauch Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/MANIFEST branches/FAIL2BAN-0_8/files/suse-initd Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-07-10 19:54:01 UTC (rev 596) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-07-10 20:04:57 UTC (rev 597) @@ -15,6 +15,8 @@ - Added sendmail actions. The action started with "mail" are now deprecated. Thanks to Raphaël Marichez - Added "ignoreregex" support to fail2ban-regex +- Updated suse-initd and added it to MANIFEST. Thanks to + Christian Rauch ver. 0.8.0 (2007/05/03) - stable ---------- Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2007-07-10 19:54:01 UTC (rev 596) +++ branches/FAIL2BAN-0_8/MANIFEST 2007-07-10 20:04:57 UTC (rev 597) @@ -102,6 +102,7 @@ files/redhat-initd files/solaris-fail2ban.xml files/solaris-svc-fail2ban +files/suse-initd files/cacti/fail2ban_stats.sh files/cacti/cacti_host_template_fail2ban.xml files/cacti/README Modified: branches/FAIL2BAN-0_8/files/suse-initd =================================================================== --- branches/FAIL2BAN-0_8/files/suse-initd 2007-07-10 19:54:01 UTC (rev 596) +++ branches/FAIL2BAN-0_8/files/suse-initd 2007-07-10 20:04:57 UTC (rev 597) @@ -6,26 +6,26 @@ # ### BEGIN INIT INFO # Provides: fail2ban -# Required-Start: $syslog $remote_fs postfix +# Required-Start: $syslog $remote_fs sendmail # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind sendmail # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Description: startup Fail2Ban ### END INIT INFO -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/sbin:/usr/bin:/bin FAIL2BAN_BIN=/usr/local/bin/fail2ban-client FAIL2BAN_SERVER=/usr/local/bin/fail2ban-server FAIL2BAN_SOCKET=/tmp/fail2ban.sock -test -x $FAIL2BAN_BIN || { echo "$FAIL2BAN_BIN not installed"; - if [ "$1" = "stop" ]; then exit 0; - else exit 5; fi; } +test -x $FAIL2BAN_BIN || { echo "$FAIL2BAN_BIN not installed"; + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; } # Check for existence of needed config file and read it FAIL2BAN_CONFIG=/etc/fail2ban/fail2ban.conf test -r $FAIL2BAN_CONFIG || { echo "$FAIL2BAN_CONFIG not existing"; - if [ "$1" = "stop" ]; then exit 0; - else exit 6; fi; } + if [ "$1" = "stop" ]; then exit 0; + else exit 6; fi; } . /etc/rc.status @@ -34,54 +34,63 @@ case "$1" in start) - echo -n "Starting Fail2Ban " - /sbin/startproc $FAIL2BAN_BIN -q start 2>1 > /dev/null - rc_status -v - ;; + echo -n "Starting Fail2Ban " + /sbin/startproc $FAIL2BAN_BIN start &>/dev/null + rc_status -v + ;; stop) - echo -n "Shutting down Fail2ban " - /sbin/startproc $FAIL2BAN_BIN -q stop - rc_status -v - ;; + echo -n "Shutting down Fail2ban " + /sbin/startproc $FAIL2BAN_BIN -q stop + rc_status -v + ;; try-restart|condrestart) - if test "$1" = "condrestart"; then - echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" - fi - $0 status - if test $? = 0; then - $0 restart - else - rc_reset # Not running is not a failure. - fi - rc_status - ;; + if test "$1" = "condrestart"; then + echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" + fi + $0 status + if test $? = 0; then + $0 restart + else + rc_reset # Not running is not a failure. + fi + rc_status + ;; restart) - $0 stop - i=60 - while [ -e $FAIL2BAN_SOCKET ] && [ $i -gt 60 ] - sleep 1 - i=$[i-1] - echo -n "." - done - echo "." - $0 start + $0 stop + echo -n "-wait a minute " + i=60 + while [ -e $FAIL2BAN_SOCKET ] && [ $i -gt 0 ]; do + sleep 1 + i=$[$i-1] + echo -n "." + done + echo "." + $0 start - # Remember status and be quiet - rc_status - ;; + # Remember status and be quiet + rc_status + ;; force-reload) - echo -n "Reload service Fail2ban " - /sbin/startproc $FAIL2BAN_BIN -q reload - rc_status -v - ;; + echo -n "Reload service Fail2ban " + /sbin/startproc $FAIL2BAN_BIN -q reload + rc_status -v + ;; reload) - echo -n "Reload service Fail2ban " - /sbin/startproc $FAIL2BAN_BIN -q reload - rc_status -v - ;; + echo -n "Reload service Fail2ban " + /sbin/startproc $FAIL2BAN_BIN -q reload + rc_status -v + ;; status) - echo -n "Checking for service Fail2ban " - /sbin/checkproc $FAIL2BAN_SERVER - rc_status -v - ;; + echo -n "Checking for service Fail2ban " + /sbin/checkproc $FAIL2BAN_SERVER + rc_status -v + ;; probe) + test /etc/fail2ban/fail2ban.conf -nt /var/run/fail2ban.pid && echo reload + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" + exit 1 + ;; +esac +rc_exit \ No newline at end of file This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-07-10 20:11:20
|
Revision: 596 http://svn.sourceforge.net/fail2ban/?rev=596&view=rev Author: lostcontrol Date: 2007-07-10 12:54:01 -0700 (Tue, 10 Jul 2007) Log Message: ----------- - Added "ignoreregex" support to fail2ban-regex Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/fail2ban-regex branches/FAIL2BAN-0_8/server/filter.py Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-07-05 16:10:33 UTC (rev 595) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-07-10 19:54:01 UTC (rev 596) @@ -14,6 +14,7 @@ - Improved regular expressions. Thanks to Yaroslav Halchenko - Added sendmail actions. The action started with "mail" are now deprecated. Thanks to Raphaël Marichez +- Added "ignoreregex" support to fail2ban-regex ver. 0.8.0 (2007/05/03) - stable ---------- Modified: branches/FAIL2BAN-0_8/fail2ban-regex =================================================================== --- branches/FAIL2BAN-0_8/fail2ban-regex 2007-07-05 16:10:33 UTC (rev 595) +++ branches/FAIL2BAN-0_8/fail2ban-regex 2007-07-10 19:54:01 UTC (rev 596) @@ -68,6 +68,7 @@ def __init__(self): self.__filter = Filter(None) + self.__ignoreregex = list() self.__failregex = list() # Setup logging logging.getLogger("fail2ban").handlers = [] @@ -92,7 +93,7 @@ @staticmethod def dispUsage(): - print "Usage: "+sys.argv[0]+" [OPTIONS] <LOG> <REGEX>" + print "Usage: "+sys.argv[0]+" [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]" print print "Fail2Ban v" + version + " reads log file that contains password failure report" print "and bans the corresponding IP addresses using firewall rules." @@ -111,6 +112,10 @@ print " string a string representing a 'failregex'" print " filename path to a filter file (filter.d/sshd.conf)" print + print "IgnoreRegex:" + print " string a string representing an 'ignoreregex'" + print " filename path to a filter file (filter.d/sshd.conf)" + print print "Report bugs to <los...@us...>" def getCmdLineOptions(self, optList): @@ -128,6 +133,35 @@ def logIsFile(value): return os.path.isfile(value) + def readIgnoreRegex(self, value): + if os.path.isfile(value): + reader = SafeConfigParser() + try: + reader.read(value) + print "Use ignoreregex file : " + value + self.__ignoreregex = [RegexStat(m) + for m in reader.get("Definition", "ignoreregex").split('\n')] + except NoSectionError: + print "No [Definition] section in " + value + print + return False + except NoOptionError: + print "No failregex option in " + value + print + return False + except MissingSectionHeaderError: + print "No section headers in " + value + print + return False + else: + if len(value) > 53: + stripReg = value[0:50] + "..." + else: + stripReg = value + print "Use ignoreregex line : " + stripReg + self.__ignoreregex = [RegexStat(value)] + return True + def readRegex(self, value): if os.path.isfile(value): reader = SafeConfigParser() @@ -157,8 +191,27 @@ self.__failregex = [RegexStat(value)] return True + def testIgnoreRegex(self, line): + found = False + for regex in self.__ignoreregex: + logging.getLogger("fail2ban").setLevel(logging.DEBUG) + try: + self.__filter.addIgnoreRegex(regex.getFailRegex()) + try: + ret = self.__filter.ignoreLine(line) + if ret: + regex.inc() + except RegexException, e: + print e + return False + finally: + self.__filter.delIgnoreRegex(0) + logging.getLogger("fail2ban").setLevel(logging.CRITICAL) + def testRegex(self, line): found = False + for regex in self.__ignoreregex: + self.__filter.addIgnoreRegex(regex.getFailRegex()) for regex in self.__failregex: logging.getLogger("fail2ban").setLevel(logging.DEBUG) try: @@ -182,6 +235,8 @@ finally: self.__filter.delFailRegex(0) logging.getLogger("fail2ban").setLevel(logging.CRITICAL) + for regex in self.__ignoreregex: + self.__filter.delIgnoreRegex(0) def printStats(self): print @@ -191,25 +246,51 @@ # Print title cnt = 1 - print "Failregex:" + print "Failregex" + print "|- Regular expressions:" for failregex in self.__failregex: - print "[" + str(cnt) + "] " + failregex.getFailRegex() + print "| [" + str(cnt) + "] " + failregex.getFailRegex() cnt += 1 + cnt = 1 - print + print "|" # Print stats cnt = 1 total = 0 - print "Number of matches:" + print "`- Number of matches:" for failregex in self.__failregex: match = failregex.getStats() total += match - print "[" + str(cnt) + "] " + str(match) + " match(es)" + print " [" + str(cnt) + "] " + str(match) + " match(es)" cnt += 1 print + # Print title + cnt = 1 + print "Ignoreregex" + print "|- Regular expressions:" + for failregex in self.__ignoreregex: + print "| [" + str(cnt) + "] " + failregex.getFailRegex() + cnt += 1 + cnt = 1 + + print "|" + + # Print stats + cnt = 1 + print "`- Number of matches:" + for failregex in self.__ignoreregex: + match = failregex.getStats() + print " [" + str(cnt) + "] " + str(match) + " match(es)" + cnt += 1 + + print + print "Summary" + print "=======" + print + if total == 0: print "Sorry, no match" print @@ -236,7 +317,7 @@ print "Date template hits:" for template in self.__filter.dateDetector.getTemplates(): - print `template.getHits()` + " hit: " + template.getName() + print `template.getHits()` + " hit(s): " + template.getName() print @@ -260,7 +341,7 @@ # Process command line fail2banRegex.getCmdLineOptions(optList) # We need exactly 3 parameters - if not len(sys.argv) == 3: + if not len(sys.argv) in (3, 4): fail2banRegex.dispUsage() sys.exit(-1) else: @@ -269,6 +350,10 @@ print "=============" print + if len(sys.argv) == 4: + if fail2banRegex.readIgnoreRegex(sys.argv[3]) == False: + sys.exit(-1) + if fail2banRegex.readRegex(sys.argv[2]) == False: sys.exit(-1) @@ -278,6 +363,7 @@ print "Use log file : " + sys.argv[1] print for line in hdlr: + fail2banRegex.testIgnoreRegex(line) fail2banRegex.testRegex(line) except IOError, e: print e @@ -290,6 +376,7 @@ stripLog = sys.argv[1] print "Use single line: " + stripLog print + fail2banRegex.testIgnoreRegex(sys.argv[1]) fail2banRegex.testRegex(sys.argv[1]) if fail2banRegex.printStats(): Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2007-07-05 16:10:33 UTC (rev 595) +++ branches/FAIL2BAN-0_8/server/filter.py 2007-07-10 19:54:01 UTC (rev 596) @@ -414,6 +414,20 @@ return True ## + # Returns true if the line should be ignored. + # + # Uses ignoreregex. + # @param line: the line + # @return: a boolean + + def ignoreLine(self, line): + for ignoreRegex in self.__ignoreRegex: + ignoreRegex.search(line) + if ignoreRegex.hasMatched(): + return True + return False + + ## # Finds the failure in a line. # # Uses the failregex pattern to find it and timeregex in order @@ -423,12 +437,9 @@ def findFailure(self, line): failList = list() # Checks if we must ignore this line. - for ignoreRegex in self.__ignoreRegex: - ignoreRegex.search(line) - if ignoreRegex.hasMatched(): - # The ignoreregex matched. Return. - logSys.debug("Ignoring this line") - return failList + if self.ignoreLine(line): + # The ignoreregex matched. Return. + return failList # Iterates over all the regular expressions. for failRegex in self.__failRegex: failRegex.search(line) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-07-10 20:24:44
|
Revision: 598 http://svn.sourceforge.net/fail2ban/?rev=598&view=rev Author: lostcontrol Date: 2007-07-10 13:24:44 -0700 (Tue, 10 Jul 2007) Log Message: ----------- - Updated regular expressions Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/config/filter.d/sshd.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-07-10 20:04:57 UTC (rev 597) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-07-10 20:24:44 UTC (rev 598) @@ -12,6 +12,7 @@ - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid - Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko - Improved regular expressions. Thanks to Yaroslav Halchenko + and others - Added sendmail actions. The action started with "mail" are now deprecated. Thanks to Raphaël Marichez - Added "ignoreregex" support to fail2ban-regex Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2007-07-10 20:04:57 UTC (rev 597) +++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2007-07-10 20:24:44 UTC (rev 598) @@ -14,11 +14,12 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = Authentication failure for .* from <HOST>$ - Failed [-/\w]+ for .* from <HOST>$ - ROOT LOGIN REFUSED .* FROM <HOST>$ - [iI](?:llegal|nvalid) user .* from <HOST>$ - User .* from <HOST> not allowed because not listed in AllowUsers$ +failregex = Authentication failure for .+ from <HOST>(?: port \d+ ssh2)?$ + Failed [-/\w]+ for .+ from <HOST>(?: port \d+ ssh2)?$ + ROOT LOGIN REFUSED .+ FROM <HOST>(?: port \d+ ssh2)?$ + [iI](?:llegal|nvalid) user .+ from <HOST>(?: port \d+ ssh2)?$ + User .+ from <HOST> not allowed because not listed in AllowUsers$ + User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-07-11 22:12:46
|
Revision: 599 http://svn.sourceforge.net/fail2ban/?rev=599&view=rev Author: lostcontrol Date: 2007-07-11 15:12:45 -0700 (Wed, 11 Jul 2007) Log Message: ----------- - Tightening up the pid check in redhat-initd. Thanks to David Nutter Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/files/redhat-initd Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-07-10 20:24:44 UTC (rev 598) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-07-11 22:12:45 UTC (rev 599) @@ -18,6 +18,8 @@ - Added "ignoreregex" support to fail2ban-regex - Updated suse-initd and added it to MANIFEST. Thanks to Christian Rauch +- Tightening up the pid check in redhat-initd. Thanks to + David Nutter ver. 0.8.0 (2007/05/03) - stable ---------- Modified: branches/FAIL2BAN-0_8/files/redhat-initd =================================================================== --- branches/FAIL2BAN-0_8/files/redhat-initd 2007-07-10 20:24:44 UTC (rev 598) +++ branches/FAIL2BAN-0_8/files/redhat-initd 2007-07-11 22:12:45 UTC (rev 599) @@ -20,7 +20,7 @@ RETVAL=0 getpid() { - pid=`ps -ef | grep fail2ban-|grep -v grep|awk '{print $2}'` + pid=`ps -eo pid,comm | grep fail2ban- | awk '{ print $1 }'` } start() { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-07-11 22:27:17
|
Revision: 601 http://svn.sourceforge.net/fail2ban/?rev=601&view=rev Author: lostcontrol Date: 2007-07-11 15:27:16 -0700 (Wed, 11 Jul 2007) Log Message: ----------- - Added webmin authentication filter. Thanks to Guillaume Delvit Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/MANIFEST Added Paths: ----------- branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-07-11 22:13:07 UTC (rev 600) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-07-11 22:27:16 UTC (rev 601) @@ -20,6 +20,8 @@ Christian Rauch - Tightening up the pid check in redhat-initd. Thanks to David Nutter +- Added webmin authentication filter. Thanks to Guillaume + Delvit ver. 0.8.0 (2007/05/03) - stable ---------- Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2007-07-11 22:13:07 UTC (rev 600) +++ branches/FAIL2BAN-0_8/MANIFEST 2007-07-11 22:27:16 UTC (rev 601) @@ -74,6 +74,7 @@ config/filter.d/sshd.conf config/filter.d/sshd-ddos.conf config/filter.d/vsftpd.conf +config/filter.d/webmin-auth.conf config/filter.d/wuftpd.conf config/action.d/hostsdeny.conf config/action.d/ipfw.conf Added: branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf 2007-07-11 22:27:16 UTC (rev 601) @@ -0,0 +1,28 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# Rule by : Delvit Guillaume +# +# $Revision$ +# + +[Definition] + +# patern : webmin[15673]: Non-existent login as toto from 86.0.6.217 +# webmin[29544]: Invalid login as root from 86.0.6.217 +# +# Option: failregex +# Notes.: regex to match the password failure messages in the logfile. The +# host must be matched by a group named "host". The tag "<HOST>" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P<host>\S+) +# Values: TEXT +# +failregex = webmin.* Non-existent login as .+ from <HOST>$ + webmin.* Invalid login as .+ from <HOST>$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = Property changes on: branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf ___________________________________________________________________ Name: svn:keywords + Author Date Id Revision This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-07-17 20:41:04
|
Revision: 603 http://svn.sourceforge.net/fail2ban/?rev=603&view=rev Author: lostcontrol Date: 2007-07-17 13:41:00 -0700 (Tue, 17 Jul 2007) Log Message: ----------- - Added new regex for proftpd. Thanks to Vaclav Misek Modified Paths: -------------- branches/FAIL2BAN-0_8/README branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf Modified: branches/FAIL2BAN-0_8/README =================================================================== --- branches/FAIL2BAN-0_8/README 2007-07-11 22:27:29 UTC (rev 602) +++ branches/FAIL2BAN-0_8/README 2007-07-17 20:41:00 UTC (rev 603) @@ -75,7 +75,7 @@ René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch, Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner, Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume -Delvit +Delvit, Vaclav Misek License: -------- Modified: branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2007-07-11 22:27:29 UTC (rev 602) +++ branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2007-07-17 20:41:00 UTC (rev 603) @@ -15,6 +15,7 @@ # Values: TEXT # failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$ + \(\S*\[<HOST>\]\) - USER \S+ \(Login failed\): Incorrect password.$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-08-07 22:11:34
|
Revision: 605 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=605&view=rev Author: lostcontrol Date: 2007-08-07 15:11:34 -0700 (Tue, 07 Aug 2007) Log Message: ----------- - Removed textToDns() which is not required anymore. Thanks to Yaroslav Halchenko Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/server/filter.py Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-08-05 19:33:15 UTC (rev 604) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-08-07 22:11:34 UTC (rev 605) @@ -22,6 +22,8 @@ David Nutter - Added webmin authentication filter. Thanks to Guillaume Delvit +- Removed textToDns() which is not required anymore. Thanks + to Yaroslav Halchenko ver. 0.8.0 (2007/05/03) - stable ---------- Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2007-08-05 19:33:15 UTC (rev 604) +++ branches/FAIL2BAN-0_8/server/filter.py 2007-08-07 22:11:34 UTC (rev 605) @@ -504,17 +504,6 @@ return list() @staticmethod - def textToDns(text): - """ Search for possible DNS in an arbitrary text. - Thanks to Tom Pike. - """ - match = DNSUtils.DNS_CRE.match(text) - if match: - return match - else: - return None - - @staticmethod def searchIP(text): """ Search if an IP address if directly available and return it. @@ -549,11 +538,9 @@ ipList.append(plainIPStr) if not ipList: # Try to get IP from possible DNS - dns = DNSUtils.textToDns(text) - if not dns == None: - ip = DNSUtils.dnsToIp(dns.group(0)) - for e in ip: - ipList.append(e) + ip = DNSUtils.dnsToIp(text) + for e in ip: + ipList.append(e) return ipList @staticmethod This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-08-08 22:13:14
|
Revision: 606 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=606&view=rev Author: lostcontrol Date: 2007-08-08 15:13:09 -0700 (Wed, 08 Aug 2007) Log Message: ----------- - Added new action iptables-allports. Thanks to Yaroslav Halchenko Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG Added Paths: ----------- branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-08-07 22:11:34 UTC (rev 605) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-08-08 22:13:09 UTC (rev 606) @@ -24,6 +24,8 @@ Delvit - Removed textToDns() which is not required anymore. Thanks to Yaroslav Halchenko +- Added new action iptables-allports. Thanks to Yaroslav + Halchenko ver. 0.8.0 (2007/05/03) - stable ---------- Added: branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf 2007-08-08 22:13:09 UTC (rev 606) @@ -0,0 +1,65 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# Modified: Yaroslav O. Halchenko <de...@on...> +# made active on all ports from original iptables.conf +# +# $Revision$ +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = iptables -N fail2ban-<name> + iptables -A fail2ban-<name> -j RETURN + iptables -I INPUT -p <protocol> -j fail2ban-<name> + +# Option: actionend +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = iptables -D INPUT -p <protocol> -j fail2ban-<name> + iptables -F fail2ban-<name> + iptables -X fail2ban-<name> + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name> + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP + +[Init] + +# Defaut name of the chain +# +name = default + +# Option: protocol +# Notes.: internally used by config reader for interpolations. +# Values: [ tcp | udp | icmp | all ] Default: tcp +# +protocol = tcp + Property changes on: branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf ___________________________________________________________________ Name: svn:keywords + Author Date Id Revision This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-08-08 22:16:21
|
Revision: 607 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=607&view=rev Author: lostcontrol Date: 2007-08-08 15:16:22 -0700 (Wed, 08 Aug 2007) Log Message: ----------- - Added "named" date format to date detector. Thanks to Yaroslav Halchenko Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/server/datedetector.py Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-08-08 22:13:09 UTC (rev 606) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-08-08 22:16:22 UTC (rev 607) @@ -26,6 +26,8 @@ to Yaroslav Halchenko - Added new action iptables-allports. Thanks to Yaroslav Halchenko +- Added "named" date format to date detector. Thanks to + Yaroslav Halchenko ver. 0.8.0 (2007/05/03) - stable ---------- Modified: branches/FAIL2BAN-0_8/server/datedetector.py =================================================================== --- branches/FAIL2BAN-0_8/server/datedetector.py 2007-08-08 22:13:09 UTC (rev 606) +++ branches/FAIL2BAN-0_8/server/datedetector.py 2007-08-08 22:16:22 UTC (rev 607) @@ -80,6 +80,12 @@ template.setRegex("\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}") template.setPattern("%Y-%m-%d %H:%M:%S") self.__templates.append(template) + # named 26-Jul-2007 15:20:52.252 + template = DateStrptime() + template.setName("Day-Month-Year Hour:Minute:Second[.Millisecond]") + template.setRegex("\d{2}-\S{3}-\d{4} \d{2}:\d{2}:\d{2}") + template.setPattern("%d-%b-%Y %H:%M:%S") + self.__templates.append(template) # TAI64N template = DateTai64n() template.setName("TAI64N") This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-08-08 22:21:13
|
Revision: 608 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=608&view=rev Author: lostcontrol Date: 2007-08-08 15:21:15 -0700 (Wed, 08 Aug 2007) Log Message: ----------- - Added filter file for named (bind9). Thanks to Yaroslav Halchenko Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG Added Paths: ----------- branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-08-08 22:16:22 UTC (rev 607) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-08-08 22:21:15 UTC (rev 608) @@ -28,6 +28,8 @@ Halchenko - Added "named" date format to date detector. Thanks to Yaroslav Halchenko +- Added filter file for named (bind9). Thanks to Yaroslav + Halchenko ver. 0.8.0 (2007/05/03) - stable ---------- Added: branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf 2007-08-08 22:21:15 UTC (rev 608) @@ -0,0 +1,34 @@ +# Fail2Ban configuration file for named (bind9). Trying to generalize the +# structure which is general to capture general patterns in log +# lines to cover different configurations/distributions +# +# Author: Yaroslav Halchenko +# +# $Revision$ +# + +[Definition] + +# if you want to catch only login erros from specific daemons, use smth like +#_named_rcodes=(?:REFUSED|SERVFAIL) +# To catch all REFUSED queries only +_named_rcodes=REFUSED +_daemon=named + +# +# Shortcuts for easier comprehension of the failregex +__pid_re=(?:\[\d+\]) +__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:? +__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:) +# hostname daemon_id spaces +# this can be optional (for instance if we match named native log files) +__line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)? + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. +# Values: TEXT +# +failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$ + %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$ + + Property changes on: branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf ___________________________________________________________________ Name: svn:keywords + Author Date Id Revision This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-08-08 22:31:49
|
Revision: 610 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=610&view=rev Author: lostcontrol Date: 2007-08-08 15:31:47 -0700 (Wed, 08 Aug 2007) Log Message: ----------- - Fixed vsftpd filter. Thanks to Yaroslav Halchenko Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-08-08 22:29:13 UTC (rev 609) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-08-08 22:31:47 UTC (rev 610) @@ -30,6 +30,7 @@ Yaroslav Halchenko - Added filter file for named (bind9). Thanks to Yaroslav Halchenko +- Fixed vsftpd filter. Thanks to Yaroslav Halchenko ver. 0.8.0 (2007/05/03) - stable ---------- Modified: branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf 2007-08-08 22:29:13 UTC (rev 609) +++ branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf 2007-08-08 22:31:47 UTC (rev 610) @@ -14,8 +14,8 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>$ - \[.+\] FAIL LOGIN: Client "<HOST>"$ +failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>\s*$ + \[.+\] FAIL LOGIN: Client "<HOST>"\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-08-14 21:39:13
|
Revision: 614 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=614&view=rev Author: lostcontrol Date: 2007-08-14 14:39:15 -0700 (Tue, 14 Aug 2007) Log Message: ----------- - Prepared for 0.8.1 Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/README branches/FAIL2BAN-0_8/common/version.py branches/FAIL2BAN-0_8/man/fail2ban-client.1 branches/FAIL2BAN-0_8/man/fail2ban-regex.1 branches/FAIL2BAN-0_8/man/fail2ban-server.1 Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-08-13 21:39:26 UTC (rev 613) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-08-14 21:39:15 UTC (rev 614) @@ -4,10 +4,10 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= -Fail2Ban (version 0.8.1) 2007/??/?? +Fail2Ban (version 0.8.1) 2007/08/14 ============================================================= -ver. 0.8.1 (2007/??/??) - stable +ver. 0.8.1 (2007/08/14) - stable ---------- - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid - Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko Modified: branches/FAIL2BAN-0_8/README =================================================================== --- branches/FAIL2BAN-0_8/README 2007-08-13 21:39:26 UTC (rev 613) +++ branches/FAIL2BAN-0_8/README 2007-08-14 21:39:15 UTC (rev 614) @@ -4,7 +4,7 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= -Fail2Ban (version 0.8.0) 2007/05/03 +Fail2Ban (version 0.8.1) 2007/08/14 ============================================================= Fail2Ban scans log files like /var/log/pwdfail and bans IP @@ -28,8 +28,8 @@ To install, just do: -> tar xvfj fail2ban-0.8.0.tar.bz2 -> cd fail2ban-0.8.0 +> tar xvfj fail2ban-0.8.1.tar.bz2 +> cd fail2ban-0.8.1 > python setup.py install This will install Fail2Ban into /usr/share/fail2ban. The Modified: branches/FAIL2BAN-0_8/common/version.py =================================================================== --- branches/FAIL2BAN-0_8/common/version.py 2007-08-13 21:39:26 UTC (rev 613) +++ branches/FAIL2BAN-0_8/common/version.py 2007-08-14 21:39:15 UTC (rev 614) @@ -24,4 +24,4 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier" __license__ = "GPL" -version = "0.8.0" +version = "0.8.1" Modified: branches/FAIL2BAN-0_8/man/fail2ban-client.1 =================================================================== --- branches/FAIL2BAN-0_8/man/fail2ban-client.1 2007-08-13 21:39:26 UTC (rev 613) +++ branches/FAIL2BAN-0_8/man/fail2ban-client.1 2007-08-14 21:39:15 UTC (rev 614) @@ -1,11 +1,11 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.36. -.TH FAIL2BAN-CLIENT "1" "May 2007" "fail2ban-client v0.8.0" "User Commands" +.TH FAIL2BAN-CLIENT "1" "August 2007" "fail2ban-client v0.8.1" "User Commands" .SH NAME fail2ban-client \- configure and control the server .SH DESCRIPTION [?1034hUsage: ../fail2ban\-client [OPTIONS] <COMMAND> .PP -Fail2Ban v0.8.0 reads log file that contains password failure report +Fail2Ban v0.8.1 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. .SH OPTIONS .TP Modified: branches/FAIL2BAN-0_8/man/fail2ban-regex.1 =================================================================== --- branches/FAIL2BAN-0_8/man/fail2ban-regex.1 2007-08-13 21:39:26 UTC (rev 613) +++ branches/FAIL2BAN-0_8/man/fail2ban-regex.1 2007-08-14 21:39:15 UTC (rev 614) @@ -1,12 +1,12 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.36. -.TH FAIL2BAN-REGEX "1" "May 2007" "fail2ban-regex v0.8.0" "User Commands" +.TH FAIL2BAN-REGEX "1" "August 2007" "fail2ban-regex v0.8.1" "User Commands" .SH NAME fail2ban-regex \- test Fail2ban "failregex" option .SH SYNOPSIS .B fail2ban-regex -[\fIOPTIONS\fR] \fI<LOG> <REGEX>\fR +[\fIOPTIONS\fR] \fI<LOG> <REGEX> \fR[\fIIGNOREREGEX\fR] .SH DESCRIPTION -Fail2Ban v0.8.0 reads log file that contains password failure report +Fail2Ban v0.8.1 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. .PP This tools can test regular expressions for "fail2ban". @@ -31,6 +31,13 @@ .TP \fBfilename\fR path to a filter file (filter.d/sshd.conf) +.SS "IgnoreRegex:" +.TP +\fBstring\fR +a string representing an 'ignoreregex' +.TP +\fBfilename\fR +path to a filter file (filter.d/sshd.conf) .SH AUTHOR Written by Cyril Jaquier <los...@us...>. Many contributions by Yaroslav O. Halchenko <de...@on...>. Modified: branches/FAIL2BAN-0_8/man/fail2ban-server.1 =================================================================== --- branches/FAIL2BAN-0_8/man/fail2ban-server.1 2007-08-13 21:39:26 UTC (rev 613) +++ branches/FAIL2BAN-0_8/man/fail2ban-server.1 2007-08-14 21:39:15 UTC (rev 614) @@ -1,12 +1,12 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.36. -.TH FAIL2BAN-SERVER "1" "May 2007" "fail2ban-server v0.8.0" "User Commands" +.TH FAIL2BAN-SERVER "1" "August 2007" "fail2ban-server v0.8.1" "User Commands" .SH NAME fail2ban-server \- start the server .SH SYNOPSIS .B fail2ban-server [\fIOPTIONS\fR] .SH DESCRIPTION -Fail2Ban v0.8.0 reads log file that contains password failure report +Fail2Ban v0.8.1 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. .PP Only use this command for debugging purpose. Start the server with This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-08-27 21:03:31
|
Revision: 616 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=616&view=rev Author: lostcontrol Date: 2007-08-27 14:03:33 -0700 (Mon, 27 Aug 2007) Log Message: ----------- - Fixed named filter. Thanks to Yaroslav Halchenko Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf branches/FAIL2BAN-0_8/config/jail.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-08-14 21:44:58 UTC (rev 615) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-08-27 21:03:33 UTC (rev 616) @@ -4,9 +4,13 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= -Fail2Ban (version 0.8.1) 2007/08/14 +Fail2Ban (version 0.8.2) 2007/??/?? ============================================================= +ver. 0.8.2 (2007/??/??) - stable +---------- +- Fixed named filter. Thanks to Yaroslav Halchenko + ver. 0.8.1 (2007/08/14) - stable ---------- - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid Modified: branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf 2007-08-14 21:44:58 UTC (rev 615) +++ branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf 2007-08-27 21:03:33 UTC (rev 616) @@ -9,10 +9,8 @@ [Definition] -# if you want to catch only login erros from specific daemons, use smth like -#_named_rcodes=(?:REFUSED|SERVFAIL) -# To catch all REFUSED queries only -_named_rcodes=REFUSED +# +# Daemon name _daemon=named # @@ -28,7 +26,6 @@ # Notes.: regex to match the password failures messages in the logfile. # Values: TEXT # -failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$ - %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$ +failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$ Modified: branches/FAIL2BAN-0_8/config/jail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/jail.conf 2007-08-14 21:44:58 UTC (rev 615) +++ branches/FAIL2BAN-0_8/config/jail.conf 2007-08-27 21:03:33 UTC (rev 616) @@ -170,13 +170,13 @@ # with bind9 installation. You will need something like this: # # logging { -# channel lame-servers_file { -# file "/var/log/named/lame-servers.log" versions 3 size 30m; +# channel security_file { +# file "/var/log/named/security.log" versions 3 size 30m; # severity dynamic; # print-time yes; # }; -# category lame-servers { -# lame-servers_file; +# category security { +# security_file; # }; # } # @@ -189,7 +189,7 @@ filter = named-refused action = iptables-multiport[name=Named, port="domain,953", protocol=udp] sendmail-whois[name=Named, dest=yo...@ma...] -logpath = /var/log/named/lame-servers.log +logpath = /var/log/named/security.log ignoreip = 168.192.0.1 # This jail blocks TCP traffic for DNS requests. @@ -200,6 +200,6 @@ filter = named-refused action = iptables-multiport[name=Named, port="domain,953", protocol=tcp] sendmail-whois[name=Named, dest=yo...@ma...] -logpath = /var/log/named/lame-servers.log +logpath = /var/log/named/security.log ignoreip = 168.192.0.1 This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-08-27 21:25:53
|
Revision: 617 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=617&view=rev Author: lostcontrol Date: 2007-08-27 14:25:56 -0700 (Mon, 27 Aug 2007) Log Message: ----------- - Fixed wrong path for apache-auth in jail.conf. Thanks to Vincent Deffontaines Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/config/jail.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-08-27 21:03:33 UTC (rev 616) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-08-27 21:25:56 UTC (rev 617) @@ -10,6 +10,8 @@ ver. 0.8.2 (2007/??/??) - stable ---------- - Fixed named filter. Thanks to Yaroslav Halchenko +- Fixed wrong path for apache-auth in jail.conf. Thanks to + Vincent Deffontaines ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/config/jail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/jail.conf 2007-08-27 21:03:33 UTC (rev 616) +++ branches/FAIL2BAN-0_8/config/jail.conf 2007-08-27 21:25:56 UTC (rev 617) @@ -89,8 +89,8 @@ enabled = false filter = apache-auth action = hostsdeny -logpath = /var/log/apache*/*access.log - /home/www/myhomepage/access.log +logpath = /var/log/apache*/*error.log + /home/www/myhomepage/error.log maxretry = 6 # The hosts.deny path can be defined with the "file" argument if it is This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-09-05 20:43:54
|
Revision: 618 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=618&view=rev Author: lostcontrol Date: 2007-09-05 13:43:47 -0700 (Wed, 05 Sep 2007) Log Message: ----------- - Fixed timezone bug with epoch date template. Thanks to Michael Hanselmann Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/server/dateepoch.py Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-08-27 21:25:56 UTC (rev 617) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-09-05 20:43:47 UTC (rev 618) @@ -12,6 +12,8 @@ - Fixed named filter. Thanks to Yaroslav Halchenko - Fixed wrong path for apache-auth in jail.conf. Thanks to Vincent Deffontaines +- Fixed timezone bug with epoch date template. Thanks to + Michael Hanselmann ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/server/dateepoch.py =================================================================== --- branches/FAIL2BAN-0_8/server/dateepoch.py 2007-08-27 21:25:56 UTC (rev 617) +++ branches/FAIL2BAN-0_8/server/dateepoch.py 2007-09-05 20:43:47 UTC (rev 618) @@ -40,5 +40,5 @@ dateMatch = self.matchDate(line) if dateMatch: # extract part of format which represents seconds since epoch - date = list(time.gmtime(float(dateMatch.group()))) + date = list(time.localtime(float(dateMatch.group()))) return date This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-09-12 21:38:55
|
Revision: 621 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=621&view=rev Author: lostcontrol Date: 2007-09-12 14:38:51 -0700 (Wed, 12 Sep 2007) Log Message: ----------- - Added "full line failregex" patch. Thanks to Yaroslav Halchenko. It will be possible to create stronger failregex against log injection Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/MANIFEST branches/FAIL2BAN-0_8/client/configreader.py branches/FAIL2BAN-0_8/config/filter.d/sshd.conf branches/FAIL2BAN-0_8/fail2ban-regex branches/FAIL2BAN-0_8/server/filter.py Added Paths: ----------- branches/FAIL2BAN-0_8/client/configparserinc.py branches/FAIL2BAN-0_8/config/filter.d/common.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-09-09 22:00:45 UTC (rev 620) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-09-12 21:38:51 UTC (rev 621) @@ -14,6 +14,9 @@ Vincent Deffontaines - Fixed timezone bug with epoch date template. Thanks to Michael Hanselmann +- Added "full line failregex" patch. Thanks to Yaroslav + Halchenko. It will be possible to create stronger failregex + against log injection ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2007-09-09 22:00:45 UTC (rev 620) +++ branches/FAIL2BAN-0_8/MANIFEST 2007-09-12 21:38:51 UTC (rev 621) @@ -7,6 +7,7 @@ fail2ban-testcases fail2ban-regex client/configreader.py +client/configparserinc.py client/jailreader.py client/fail2banreader.py client/jailsreader.py @@ -60,6 +61,7 @@ common/version.py common/protocol.py config/jail.conf +config/filter.d/common.conf config/filter.d/apache-auth.conf config/filter.d/apache-badbots.conf config/filter.d/apache-noscript.conf Added: branches/FAIL2BAN-0_8/client/configparserinc.py =================================================================== --- branches/FAIL2BAN-0_8/client/configparserinc.py (rev 0) +++ branches/FAIL2BAN-0_8/client/configparserinc.py 2007-09-12 21:38:51 UTC (rev 621) @@ -0,0 +1,97 @@ +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# Author: Yaroslav Halchenko +# $Revision$ + +__author__ = 'Yaroslav Halhenko' +__revision__ = '$Revision: $' +__date__ = '$Date: $' +__copyright__ = 'Copyright (c) 2007 Yaroslav Halchenko' +__license__ = 'GPL' + +from ConfigParser import SafeConfigParser +from ConfigParser import NoOptionError, NoSectionError + +class SafeConfigParserWithIncludes(SafeConfigParser): + """ + Class adds functionality to SafeConfigParser to handle included + other configuration files (or may be urls, whatever in the future) + + File should have section [includes] and only 2 options implemented + are 'files_before' and 'files_after' where files are listed 1 per + line. + + Example: + +[INCLUDES] +files_before = 1.conf + 3.conf + +files_after = 1.conf + + It is a simple implementation, so just basic care is taken about + recursion. Includes preserve right order, ie new files are + inserted to the list of read configs before original, and their + includes correspondingly so the list should follow the leaves of + the tree. + + I wasn't sure what would be the right way to implement generic (aka c++ + template) so we could base at any *configparser class... so I will + leave it for the future + + """ + + @staticmethod + def getIncludedFiles(filename, sectionName='INCLUDES', + defaults={}, seen=[]): + """ + Given 1 config filename returns list of included files + (recursively) with the original one as well + Simple loops are taken care about + """ + filenames = [] + #print "Opening file " + filename + d = defaults.copy() # so that we do not poison our defaults + parser = SafeConfigParser(defaults = d) + parser.read(filename) + newFiles = [ ('files_before', []), ('files_after', []) ] + if sectionName in parser.sections(): + for option_name, option_list in newFiles: + if option_name in parser.options(sectionName): + newFileNames = parser.get(sectionName, option_name) + for newFileName in newFileNames.split('\n'): + if newFileName in seen: continue + option_list += SafeConfigParserWithIncludes.\ + getIncludedFiles(newFileName, + defaults=defaults, + seen=seen + [filename]) + # combine lists + filenames = newFiles[0][1] + [filename] + newFiles[1][1] + #print "Includes list for " + filename + " is " + `filenames` + return filenames + + + def read(self, filenames): + fileNamesFull = [] + if not isinstance(filenames, list): + filenames = [ filenames ] + for filename in filenames: + fileNamesFull += SafeConfigParserWithIncludes.\ + getIncludedFiles(filename, defaults=self._defaults) + #print "Opening config files " + `fileNamesFull` + return SafeConfigParser.read(self, fileNamesFull) + Property changes on: branches/FAIL2BAN-0_8/client/configparserinc.py ___________________________________________________________________ Name: svn:keywords + Author Date Id Revision Modified: branches/FAIL2BAN-0_8/client/configreader.py =================================================================== --- branches/FAIL2BAN-0_8/client/configreader.py 2007-09-09 22:00:45 UTC (rev 620) +++ branches/FAIL2BAN-0_8/client/configreader.py 2007-09-12 21:38:51 UTC (rev 621) @@ -15,7 +15,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Author: Cyril Jaquier -# +# Modified by: Yaroslav Halchenko (SafeConfigParserWithIncludes) # $Revision$ __author__ = "Cyril Jaquier" @@ -25,18 +25,20 @@ __license__ = "GPL" import logging, os -from ConfigParser import SafeConfigParser +from configparserinc import SafeConfigParserWithIncludes from ConfigParser import NoOptionError, NoSectionError # Gets the instance of the logger. logSys = logging.getLogger("fail2ban.client.config") -class ConfigReader(SafeConfigParser): +class ConfigReader(SafeConfigParserWithIncludes): BASE_DIRECTORY = "/etc/fail2ban/" def __init__(self): - SafeConfigParser.__init__(self) + SafeConfigParserWithIncludes.__init__(self, + {'configpath' : \ + ConfigReader.BASE_DIRECTORY} ) self.__opts = None @staticmethod @@ -54,7 +56,7 @@ bConf = basename + ".conf" bLocal = basename + ".local" if os.path.exists(bConf) or os.path.exists(bLocal): - SafeConfigParser.read(self, [bConf, bLocal]) + SafeConfigParserWithIncludes.read(self, [bConf, bLocal]) return True else: logSys.error(bConf + " and " + bLocal + " do not exist") Added: branches/FAIL2BAN-0_8/config/filter.d/common.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/common.conf (rev 0) +++ branches/FAIL2BAN-0_8/config/filter.d/common.conf 2007-09-12 21:38:51 UTC (rev 621) @@ -0,0 +1,41 @@ +# Generic configuration items (to be used as interpolations) in other +# filters or actions configurations +# +# Author: Yaroslav Halchenko +# +# $Revision: $ +# + +[INCLUDES] + +# Load customizations if any available +files_after = %(configpath)s/filter.d/common.local + + +[DEFAULT] + +# Daemon definition is to be specialized (if needed) in .conf file +_daemon = \S* + +# +# Shortcuts for easier comprehension of the failregex +# +# PID. +# EXAMPLES: [123] +__pid_re = (?:\[\d+\]) + +# Daemon name (with optional source_file:line or whatever) +# EXAMPLES: pam_rhosts_auth, [sshd], pop(pam_unix) +__daemon_re = [\[\(]?%(_daemon)s(?:\(\S+\))?[\]\)]?:? + +# Combinations of daemon name and PID +# EXAMPLES: sshd[31607], pop(pam_unix)[4920] +__daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:) + +# +# Common line prefixes (beginnings) which could be used in filters +# +# [hostname] [vserver tag] daemon_id spaces +# this can be optional (for instance if we match named native log files) +__prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s* + Property changes on: branches/FAIL2BAN-0_8/config/filter.d/common.conf ___________________________________________________________________ Name: svn:keywords + Author Date Id Revision Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf =================================================================== --- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2007-09-09 22:00:45 UTC (rev 620) +++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2007-09-12 21:38:51 UTC (rev 621) @@ -5,8 +5,17 @@ # $Revision$ # +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +files_before = %(configpath)s/filter.d/common.conf + + [Definition] +_daemon = sshd + # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can @@ -14,12 +23,11 @@ # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # -failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$ - Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$ - ROOT LOGIN REFUSED.* FROM <HOST>\s*$ - [iI](?:llegal|nvalid) user .* from <HOST>\s*$ - User .+ from <HOST> not allowed because not listed in AllowUsers\s*$ - User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$ +failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$ + ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$ + ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$ + ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$ + ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. Modified: branches/FAIL2BAN-0_8/fail2ban-regex =================================================================== --- branches/FAIL2BAN-0_8/fail2ban-regex 2007-09-09 22:00:45 UTC (rev 620) +++ branches/FAIL2BAN-0_8/fail2ban-regex 2007-09-12 21:38:51 UTC (rev 621) @@ -31,7 +31,7 @@ # fix for bug #343821 sys.path.insert(1, "/usr/share/fail2ban") -from ConfigParser import SafeConfigParser +from client.configparserinc import SafeConfigParserWithIncludes from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError from common.version import version from server.filter import Filter @@ -65,7 +65,9 @@ class Fail2banRegex: test = None - + + CONFIG_DEFAULTS = {'configpath' : "/etc/fail2ban/"} + def __init__(self): self.__filter = Filter(None) self.__ignoreregex = list() @@ -135,7 +137,7 @@ def readIgnoreRegex(self, value): if os.path.isfile(value): - reader = SafeConfigParser() + reader = SafeConfigParserWithIncludes(defaults=self.CONFIG_DEFAULTS) try: reader.read(value) print "Use ignoreregex file : " + value @@ -164,7 +166,7 @@ def readRegex(self, value): if os.path.isfile(value): - reader = SafeConfigParser() + reader = SafeConfigParserWithIncludes(defaults=self.CONFIG_DEFAULTS) try: reader.read(value) print "Use regex file : " + value Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2007-09-09 22:00:45 UTC (rev 620) +++ branches/FAIL2BAN-0_8/server/filter.py 2007-09-12 21:38:51 UTC (rev 621) @@ -383,7 +383,7 @@ logSys.error("Unable to get failures in " + filename) return False self.__setFilePos() - lastLine = None + lastTimeLine = None for line in self.__crtHandler: if not self._isActive(): # The jail has been stopped @@ -393,11 +393,18 @@ line = line.decode('utf-8') except UnicodeDecodeError: pass - if not self.dateDetector.matchTime(line): + timeMatch = self.dateDetector.matchTime(line) + if not timeMatch: # There is no valid time in this line continue - lastLine = line - for element in self.findFailure(line): + # Lets split into time part and log part of the line + timeLine = timeMatch.group() + # Lets leave the beginning in as well, so if there is no + # anchore at the beginning of the time regexp, we don't + # at least allow injection. Should be harmless otherwise + logLine = line[:timeMatch.start()] + line[timeMatch.end():] + lastTimeLine = timeLine + for element in self.findFailure(timeLine, logLine): ip = element[0] unixTime = element[1] if unixTime < MyTime.time()-self.__findTime: @@ -408,8 +415,8 @@ logSys.debug("Found "+ip) self.failManager.addFailure(FailTicket(ip, unixTime)) self.__lastPos[filename] = self.__getFilePos() - if lastLine: - self.__lastDate[filename] = self.dateDetector.getUnixTime(lastLine) + if lastTimeLine: + self.__lastDate[filename] = self.dateDetector.getUnixTime(lastTimeLine) self.__closeLogFile() return True @@ -428,27 +435,28 @@ return False ## - # Finds the failure in a line. + # Finds the failure in a line given split into time and log parts. # # Uses the failregex pattern to find it and timeregex in order # to find the logging time. # @return a dict with IP and timestamp. - def findFailure(self, line): + def findFailure(self, timeLine, logLine): failList = list() # Checks if we must ignore this line. - if self.ignoreLine(line): + if self.ignoreLine(logLine): # The ignoreregex matched. Return. return failList # Iterates over all the regular expressions. for failRegex in self.__failRegex: - failRegex.search(line) + failRegex.search(logLine) if failRegex.hasMatched(): # The failregex matched. - date = self.dateDetector.getUnixTime(line) + date = self.dateDetector.getUnixTime(timeLine) if date == None: - logSys.debug("Found a match but no valid date/time found " - + "for " + line + ". Please contact the " + logSys.debug("Found a match for '" + logLine +"' but no " + + "valid date/time found for '" + + timeLine + "'. Please contact the " + "author in order to get support for this " + "format") else: This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-10-23 22:06:28
|
Revision: 623 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=623&view=rev Author: lostcontrol Date: 2007-10-23 15:06:31 -0700 (Tue, 23 Oct 2007) Log Message: ----------- - Fixed ipfw action script. Thanks to Nick Munger Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/config/action.d/ipfw.conf Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-10-06 17:57:50 UTC (rev 622) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-10-23 22:06:31 UTC (rev 623) @@ -17,6 +17,7 @@ - Added "full line failregex" patch. Thanks to Yaroslav Halchenko. It will be possible to create stronger failregex against log injection +- Fixed ipfw action script. Thanks to Nick Munger ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/config/action.d/ipfw.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/ipfw.conf 2007-10-06 17:57:50 UTC (rev 622) +++ branches/FAIL2BAN-0_8/config/action.d/ipfw.conf 2007-10-23 22:06:31 UTC (rev 623) @@ -37,7 +37,7 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionban = ipaction add deny tcp from <ip> to <localhost> <port> +actionban = ipfw add deny tcp from <ip> to <localhost> <port> # Option: actionunban @@ -48,7 +48,7 @@ # <time> unix timestamp of the ban time # Values: CMD # -actionunban = ipaction delete `ipfw list | grep -i <ip> | awk '{print $1;}'` +actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'` [Init] This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-11-25 20:51:28
|
Revision: 626 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=626&view=rev Author: lostcontrol Date: 2007-11-25 12:51:32 -0800 (Sun, 25 Nov 2007) Log Message: ----------- - Removed date from logging message when using SYSLOG. Thanks to Iain Lea Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/server/server.py Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-11-12 22:46:32 UTC (rev 625) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-11-25 20:51:32 UTC (rev 626) @@ -18,6 +18,8 @@ Halchenko. It will be possible to create stronger failregex against log injection - Fixed ipfw action script. Thanks to Nick Munger +- Removed date from logging message when using SYSLOG. Thanks + to Iain Lea ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/server/server.py =================================================================== --- branches/FAIL2BAN-0_8/server/server.py 2007-11-12 22:46:32 UTC (rev 625) +++ branches/FAIL2BAN-0_8/server/server.py 2007-11-25 20:51:32 UTC (rev 626) @@ -315,7 +315,11 @@ def setLogTarget(self, target): try: self.__loggingLock.acquire() + # set a format which is simpler for console use + formatter = logging.Formatter("%(asctime)s %(name)-16s: %(levelname)-6s %(message)s") if target == "SYSLOG": + # Syslog daemons already add date to the message. + formatter = logging.Formatter("%(name)-16s: %(levelname)-6s %(message)s") facility = logging.handlers.SysLogHandler.LOG_DAEMON hdlr = logging.handlers.SysLogHandler("/dev/log", facility = facility) @@ -336,10 +340,8 @@ # Removes previous handlers for handler in logging.getLogger("fail2ban").handlers: # Closes the handler. + logging.getLogger("fail2ban").removeHandler(handler) handler.close() - logging.getLogger("fail2ban").removeHandler(handler) - # set a format which is simpler for console use - formatter = logging.Formatter("%(asctime)s %(name)-16s: %(levelname)-6s %(message)s") # tell the handler to use this format hdlr.setFormatter(formatter) logging.getLogger("fail2ban").addHandler(hdlr) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-11-26 23:15:28
|
Revision: 627 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=627&view=rev Author: lostcontrol Date: 2007-11-26 15:15:27 -0800 (Mon, 26 Nov 2007) Log Message: ----------- - Fixed "ignore IPs". Only the first value was taken into account. Thanks to Adrien Clerc Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/README branches/FAIL2BAN-0_8/server/filter.py Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-11-25 20:51:32 UTC (rev 626) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-11-26 23:15:27 UTC (rev 627) @@ -20,6 +20,8 @@ - Fixed ipfw action script. Thanks to Nick Munger - Removed date from logging message when using SYSLOG. Thanks to Iain Lea +- Fixed "ignore IPs". Only the first value was taken into + account. Thanks to Adrien Clerc ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/README =================================================================== --- branches/FAIL2BAN-0_8/README 2007-11-25 20:51:32 UTC (rev 626) +++ branches/FAIL2BAN-0_8/README 2007-11-26 23:15:27 UTC (rev 627) @@ -75,7 +75,7 @@ René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch, Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner, Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume -Delvit, Vaclav Misek +Delvit, Vaclav Misek, Adrien Clerc License: -------- Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2007-11-25 20:51:32 UTC (rev 626) +++ branches/FAIL2BAN-0_8/server/filter.py 2007-11-26 23:15:27 UTC (rev 627) @@ -299,7 +299,7 @@ for i in self.__ignoreIpList: # An empty string is always false if i == "": - return False + continue s = i.split('/', 1) # IP address without CIDR mask if len(s) == 1: @@ -314,7 +314,7 @@ if ip in ips: return True else: - return False + continue if a == b: return True return False This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-12-14 21:22:12
|
Revision: 628 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=628&view=rev Author: lostcontrol Date: 2007-12-14 13:19:00 -0800 (Fri, 14 Dec 2007) Log Message: ----------- - Moved socket to /var/run/fail2ban. - Rewrote the communication server. Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/MANIFEST branches/FAIL2BAN-0_8/fail2ban-server branches/FAIL2BAN-0_8/server/server.py Added Paths: ----------- branches/FAIL2BAN-0_8/server/asyncserver.py Removed Paths: ------------- branches/FAIL2BAN-0_8/server/ssocket.py Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-11-26 23:15:27 UTC (rev 627) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-12-14 21:19:00 UTC (rev 628) @@ -22,6 +22,8 @@ to Iain Lea - Fixed "ignore IPs". Only the first value was taken into account. Thanks to Adrien Clerc +- Moved socket to /var/run/fail2ban. +- Rewrote the communication server. ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2007-11-26 23:15:27 UTC (rev 627) +++ branches/FAIL2BAN-0_8/MANIFEST 2007-12-14 21:19:00 UTC (rev 628) @@ -17,7 +17,7 @@ client/__init__.py client/configurator.py client/csocket.py -server/ssocket.py +server/asyncserver.py server/banticket.py server/filter.py server/filtergamin.py Modified: branches/FAIL2BAN-0_8/fail2ban-server =================================================================== --- branches/FAIL2BAN-0_8/fail2ban-server 2007-11-26 23:15:27 UTC (rev 627) +++ branches/FAIL2BAN-0_8/fail2ban-server 2007-12-14 21:19:00 UTC (rev 628) @@ -50,7 +50,7 @@ self.__conf = dict() self.__conf["background"] = True self.__conf["force"] = False - self.__conf["socket"] = "/tmp/fail2ban.sock" + self.__conf["socket"] = "/var/run/fail2ban/fail2ban.sock" def dispVersion(self): print "Fail2Ban v" + version Added: branches/FAIL2BAN-0_8/server/asyncserver.py =================================================================== --- branches/FAIL2BAN-0_8/server/asyncserver.py (rev 0) +++ branches/FAIL2BAN-0_8/server/asyncserver.py 2007-12-14 21:19:00 UTC (rev 628) @@ -0,0 +1,153 @@ +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# Author: Cyril Jaquier +# +# $Revision: 567 $ + +__author__ = "Cyril Jaquier" +__version__ = "$Revision: 567 $" +__date__ = "$Date: 2007-03-26 23:17:31 +0200 (Mon, 26 Mar 2007) $" +__copyright__ = "Copyright (c) 2004 Cyril Jaquier" +__license__ = "GPL" + +from pickle import dumps, loads, HIGHEST_PROTOCOL +import asyncore, asynchat, socket, os, logging, sys + +# Gets the instance of the logger. +logSys = logging.getLogger("fail2ban.server") + +## +# Request handler class. +# +# This class extends asynchat in order to provide a request handler for +# incoming query. + +class RequestHandler(asynchat.async_chat): + + END_STRING = "<F2B_END_COMMAND>" + + def __init__(self, conn, transmitter): + asynchat.async_chat.__init__(self, conn) + self.__transmitter = transmitter + self.__buffer = [] + # Sets the terminator. + self.set_terminator(RequestHandler.END_STRING) + self.found_terminator = self.handle_request_line + + def collect_incoming_data(self, data): + logSys.debug("Received raw data: " + str(data)) + self.__buffer.append(data) + + ## + # Handles a new request. + # + # This method is called once we have a complete request. + + def handle_request_line(self): + # Joins the buffer items. + message = loads("".join(self.__buffer)) + # Gives the message to the transmitter. + message = self.__transmitter.proceed(message) + # Serializes the response. + message = dumps(message, HIGHEST_PROTOCOL) + # Sends the response to the client. + self.send(message + RequestHandler.END_STRING) + # Closes the channel. + self.close_when_done() + + def handle_error(self): + logSys.error("Unexpected communication error") + self.close() + +## +# Asynchronous server class. +# +# This class extends asyncore and dispatches connection requests to +# RequestHandler. + +class AsyncServer(asyncore.dispatcher): + + def __init__(self, transmitter): + asyncore.dispatcher.__init__(self) + self.__transmitter = transmitter + self.__sock = "/var/run/fail2ban/fail2ban.sock" + self.__init = False + + ## + # Returns False as we only read the socket first. + + def writable(self): + return False + + def handle_accept(self): + try: + conn, addr = self.accept() + except socket.error: + logSys.warning("Socket error") + return + except TypeError: + logSys.warning("Type error") + return + # Creates an instance of the handler class to handle the + # request/response on the incoming connection. + RequestHandler(conn, self.__transmitter) + + ## + # Starts the communication server. + # + # @param sock: socket file. + # @param force: remove the socket file if exists. + + def start(self, sock, force): + self.__sock = sock + # Remove socket + if os.path.exists(sock): + logSys.error("Fail2ban seems to be already running") + if force: + logSys.warn("Forcing execution of the server") + os.remove(sock) + else: + raise AsyncServerException("Server already running") + # Creates the socket. + self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM) + self.set_reuse_addr() + self.bind(sock) + self.listen(1) + # Sets the init flag. + self.__init = True + # TODO Add try..catch + asyncore.loop(timeout = 2) + + ## + # Stops the communication server. + + def stop(self): + if self.__init: + # Only closes the socket if it was initialized first. + self.close() + # Remove socket + if os.path.exists(self.__sock): + logSys.debug("Removed socket file " + self.__sock) + os.remove(self.__sock) + logSys.debug("Socket shutdown") + + +## +# AsyncServerException is used to wrap communication exceptions. + +class AsyncServerException(Exception): + pass Modified: branches/FAIL2BAN-0_8/server/server.py =================================================================== --- branches/FAIL2BAN-0_8/server/server.py 2007-11-26 23:15:27 UTC (rev 627) +++ branches/FAIL2BAN-0_8/server/server.py 2007-12-14 21:19:00 UTC (rev 628) @@ -27,8 +27,8 @@ from threading import Lock, RLock from jails import Jails from transmitter import Transmitter -from ssocket import SSocket -from ssocket import SSocketErrorException +from asyncserver import AsyncServer +from asyncserver import AsyncServerException import logging, logging.handlers, sys, os, signal # Gets the instance of the logger. @@ -42,7 +42,7 @@ self.__jails = Jails() self.__daemon = daemon self.__transm = Transmitter(self) - self.__socket = SSocket(self.__transm) + self.__asyncServer = AsyncServer(self.__transm) self.__logLevel = 3 self.__logTarget = "STDOUT" # Set logging level @@ -72,20 +72,15 @@ # Start the communication logSys.debug("Starting communication") try: - self.__socket.initialize(sock, force) - self.__socket.start() - # Workaround (???) for join() bug. - # https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1167930&group_id=5470 - while self.__socket.isAlive(): - self.__socket.join(1) - except SSocketErrorException: + self.__asyncServer.start(sock, force) + except AsyncServerException: logSys.error("Could not start server") logSys.info("Exiting Fail2ban") def quit(self): self.stopAllJail() # Stop communication - self.__socket.stop() + self.__asyncServer.stop() def addJail(self, name, backend): self.__jails.add(name, backend) Deleted: branches/FAIL2BAN-0_8/server/ssocket.py =================================================================== --- branches/FAIL2BAN-0_8/server/ssocket.py 2007-11-26 23:15:27 UTC (rev 627) +++ branches/FAIL2BAN-0_8/server/ssocket.py 2007-12-14 21:19:00 UTC (rev 628) @@ -1,136 +0,0 @@ -# This file is part of Fail2Ban. -# -# Fail2Ban is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# Fail2Ban is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -# Author: Cyril Jaquier -# -# $Revision$ - -__author__ = "Cyril Jaquier" -__version__ = "$Revision$" -__date__ = "$Date$" -__copyright__ = "Copyright (c) 2004 Cyril Jaquier" -__license__ = "GPL" - -from threading import Thread -# cPickle generates an exception with Python 2.5 -#from cPickle import dumps, loads, HIGHEST_PROTOCOL -from pickle import dumps, loads, HIGHEST_PROTOCOL -import socket, logging, os, os.path - -# Gets the instance of the logger. -logSys = logging.getLogger("fail2ban.comm") - -class SSocket(Thread): - - END_STRING = "<F2B_END_COMMAND>" - - def __init__(self, transmitter): - Thread.__init__(self) - self.__transmit = transmitter - self.__isRunning = False - self.__socket = "/tmp/fail2ban.sock" - self.__ssock = None - logSys.debug("Created SSocket") - - def initialize(self, sock = "/tmp/fail2ban.sock", force = False): - self.__socket = sock - # Remove socket - if os.path.exists(sock): - logSys.error("Fail2ban seems to be already running") - if force: - logSys.warn("Forcing execution of the server") - os.remove(sock) - else: - raise SSocketErrorException("Server already running") - # Create an INET, STREAMing socket - #self.__ssock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - self.__ssock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) - #self.__ssock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - #self.__ssock.setblocking(False) - # Do not use a blocking socket as there is problem at shutdown. - # Use a timeout instead. Daemon exits at most 'timeout' seconds - # after the command. - self.__ssock.settimeout(1) - # Bind the socket to a public host and a well-known port - #self.__ssock.bind(("localhost", 2222)) - self.__ssock.bind(sock) - # Become a server socket - self.__ssock.listen(1) - - def run(self): - self.__isRunning = True - while self.__isRunning: - try: - (csock, address) = self.__ssock.accept() - thread = SocketWorker(csock, self.__transmit) - thread.start() - except socket.timeout: - # Do nothing here - pass - except socket.error: - # Do nothing here - pass - self.__ssock.close() - # Remove socket - if os.path.exists(self.__socket): - logSys.debug("Removed socket file " + self.__socket) - os.remove(self.__socket) - logSys.debug("Socket shutdown") - return True - - ## - # Stop the thread. - # - # Set the isRunning flag to False. - # @bug It seems to be some concurrency problem with this flag - - def stop(self): - self.__isRunning = False - - -class SocketWorker(Thread): - - def __init__(self, csock, transmitter): - Thread.__init__(self) - self.__csock = csock - self.__transmit = transmitter - - def run(self): - logSys.debug("Starting new thread to handle the request") - msg = self.__receive(self.__csock) - msg = self.__transmit.proceed(msg) - self.__send(self.__csock, msg) - self.__csock.close() - logSys.debug("Connection closed") - - @staticmethod - def __send(sock, msg): - obj = dumps(msg, HIGHEST_PROTOCOL) - sock.send(obj + SSocket.END_STRING) - - @staticmethod - def __receive(sock): - msg = '' - while msg.rfind(SSocket.END_STRING) == -1: - chunk = sock.recv(128) - if chunk == '': - raise RuntimeError, "socket connection broken" - msg = msg + chunk - return loads(msg) - - -class SSocketErrorException(Exception): - pass This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-12-14 21:34:25
|
Revision: 629 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=629&view=rev Author: lostcontrol Date: 2007-12-14 13:33:33 -0800 (Fri, 14 Dec 2007) Log Message: ----------- - Moved socket to /var/run/fail2ban. Modified Paths: -------------- branches/FAIL2BAN-0_8/client/csocket.py branches/FAIL2BAN-0_8/config/fail2ban.conf Modified: branches/FAIL2BAN-0_8/client/csocket.py =================================================================== --- branches/FAIL2BAN-0_8/client/csocket.py 2007-12-14 21:19:00 UTC (rev 628) +++ branches/FAIL2BAN-0_8/client/csocket.py 2007-12-14 21:33:33 UTC (rev 629) @@ -32,7 +32,7 @@ END_STRING = "<F2B_END_COMMAND>" - def __init__(self, sock = "/tmp/fail2ban.sock"): + def __init__(self, sock = "/var/run/fail2ban/fail2ban.sock"): # Create an INET, STREAMing socket #self.csock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.__csock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) Modified: branches/FAIL2BAN-0_8/config/fail2ban.conf =================================================================== --- branches/FAIL2BAN-0_8/config/fail2ban.conf 2007-12-14 21:19:00 UTC (rev 628) +++ branches/FAIL2BAN-0_8/config/fail2ban.conf 2007-12-14 21:33:33 UTC (rev 629) @@ -28,7 +28,7 @@ # Notes.: Set the socket file. This is used to communicate with the daemon. Do # not remove this file when Fail2ban runs. It will not be possible to # communicate with the server afterwards. -# Values: FILE Default: /tmp/fail2ban.sock +# Values: FILE Default: /var/run/fail2ban/fail2ban.sock # -socket = /tmp/fail2ban.sock +socket = /var/run/fail2ban/fail2ban.sock This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2007-12-16 18:05:31
|
Revision: 633 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=633&view=rev Author: lostcontrol Date: 2007-12-16 10:05:07 -0800 (Sun, 16 Dec 2007) Log Message: ----------- - Refactoring. Reduced number of files. Modified Paths: -------------- branches/FAIL2BAN-0_8/CHANGELOG branches/FAIL2BAN-0_8/MANIFEST branches/FAIL2BAN-0_8/server/datedetector.py branches/FAIL2BAN-0_8/server/datetemplate.py branches/FAIL2BAN-0_8/server/failregex.py branches/FAIL2BAN-0_8/server/filter.py Removed Paths: ------------- branches/FAIL2BAN-0_8/.settings/org.eclipse.core.resources.prefs branches/FAIL2BAN-0_8/server/dateepoch.py branches/FAIL2BAN-0_8/server/datestrptime.py branches/FAIL2BAN-0_8/server/datetai64n.py branches/FAIL2BAN-0_8/server/regex.py Deleted: branches/FAIL2BAN-0_8/.settings/org.eclipse.core.resources.prefs =================================================================== --- branches/FAIL2BAN-0_8/.settings/org.eclipse.core.resources.prefs 2007-12-14 22:37:55 UTC (rev 632) +++ branches/FAIL2BAN-0_8/.settings/org.eclipse.core.resources.prefs 2007-12-16 18:05:07 UTC (rev 633) @@ -1,3 +0,0 @@ -#Wed Sep 20 22:14:25 GMT 2006 -eclipse.preferences.version=1 -encoding//server/datestrptime.py=UTF-8 Modified: branches/FAIL2BAN-0_8/CHANGELOG =================================================================== --- branches/FAIL2BAN-0_8/CHANGELOG 2007-12-14 22:37:55 UTC (rev 632) +++ branches/FAIL2BAN-0_8/CHANGELOG 2007-12-16 18:05:07 UTC (rev 633) @@ -24,6 +24,7 @@ account. Thanks to Adrien Clerc - Moved socket to /var/run/fail2ban. - Rewrote the communication server. +- Refactoring. Reduced number of files. ver. 0.8.1 (2007/08/14) - stable ---------- Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2007-12-14 22:37:55 UTC (rev 632) +++ branches/FAIL2BAN-0_8/MANIFEST 2007-12-16 18:05:07 UTC (rev 633) @@ -23,10 +23,8 @@ server/filtergamin.py server/filterpoll.py server/server.py -server/datestrptime.py server/failticket.py server/actions.py -server/datetai64n.py server/faildata.py server/failmanager.py server/datedetector.py @@ -37,11 +35,9 @@ server/jail.py server/jails.py server/__init__.py -server/dateepoch.py server/banmanager.py server/datetemplate.py server/mytime.py -server/regex.py server/failregex.py testcases/banmanagertestcase.py testcases/failmanagertestcase.py Modified: branches/FAIL2BAN-0_8/server/datedetector.py =================================================================== --- branches/FAIL2BAN-0_8/server/datedetector.py 2007-12-14 22:37:55 UTC (rev 632) +++ branches/FAIL2BAN-0_8/server/datedetector.py 2007-12-16 18:05:07 UTC (rev 633) @@ -26,9 +26,9 @@ import time, logging -from datestrptime import DateStrptime -from datetai64n import DateTai64n -from dateepoch import DateEpoch +from datetemplate import DateStrptime +from datetemplate import DateTai64n +from datetemplate import DateEpoch from threading import Lock # Gets the instance of the logger. Deleted: branches/FAIL2BAN-0_8/server/dateepoch.py =================================================================== --- branches/FAIL2BAN-0_8/server/dateepoch.py 2007-12-14 22:37:55 UTC (rev 632) +++ branches/FAIL2BAN-0_8/server/dateepoch.py 2007-12-16 18:05:07 UTC (rev 633) @@ -1,44 +0,0 @@ -# This file is part of Fail2Ban. -# -# Fail2Ban is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# Fail2Ban is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -# Author: Cyril Jaquier -# -# $Revision$ - -__author__ = "Cyril Jaquier" -__version__ = "$Revision$" -__date__ = "$Date$" -__copyright__ = "Copyright (c) 2004 Cyril Jaquier" -__license__ = "GPL" - -import time - -from datetemplate import DateTemplate - -class DateEpoch(DateTemplate): - - def __init__(self): - DateTemplate.__init__(self) - # We already know the format for TAI64N - self.setRegex("^\d{10}(\.\d{6})?") - - def getDate(self, line): - date = None - dateMatch = self.matchDate(line) - if dateMatch: - # extract part of format which represents seconds since epoch - date = list(time.localtime(float(dateMatch.group()))) - return date Deleted: branches/FAIL2BAN-0_8/server/datestrptime.py =================================================================== --- branches/FAIL2BAN-0_8/server/datestrptime.py 2007-12-14 22:37:55 UTC (rev 632) +++ branches/FAIL2BAN-0_8/server/datestrptime.py 2007-12-16 18:05:07 UTC (rev 633) @@ -1,84 +0,0 @@ -# -*- coding: utf8 -*- -# This file is part of Fail2Ban. -# -# Fail2Ban is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# Fail2Ban is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -# Author: Cyril Jaquier -# -# $Revision$ - -__author__ = "Cyril Jaquier" -__version__ = "$Revision$" -__date__ = "$Date$" -__copyright__ = "Copyright (c) 2004 Cyril Jaquier" -__license__ = "GPL" - -from mytime import MyTime -import time - -from datetemplate import DateTemplate - -## -# Use strptime() to parse a date. Our current locale is the 'C' -# one because we do not set the locale explicitly. This is POSIX -# standard. - -class DateStrptime(DateTemplate): - - TABLE = dict() - TABLE["Jan"] = [] - TABLE["Feb"] = [u"Fév"] - TABLE["Mar"] = [u"Mär"] - TABLE["Apr"] = ["Avr"] - TABLE["May"] = ["Mai"] - TABLE["Jun"] = [] - TABLE["Jul"] = [] - TABLE["Aug"] = ["Aou"] - TABLE["Sep"] = [] - TABLE["Oct"] = ["Okt"] - TABLE["Nov"] = [] - TABLE["Dec"] = [u"Déc", "Dez"] - - def __init__(self): - DateTemplate.__init__(self) - - @staticmethod - def convertLocale(date): - for t in DateStrptime.TABLE: - for m in DateStrptime.TABLE[t]: - if date.find(m) >= 0: - return date.replace(m, t) - return date - - def getDate(self, line): - date = None - dateMatch = self.matchDate(line) - if dateMatch: - try: - # Try first with 'C' locale - date = list(time.strptime(dateMatch.group(), self.getPattern())) - except ValueError: - # Try to convert date string to 'C' locale - conv = self.convertLocale(dateMatch.group()) - date = list(time.strptime(conv, self.getPattern())) - if date[0] < 2000: - # There is probably no year field in the logs - date[0] = MyTime.gmtime()[0] - # Bug fix for #1241756 - # If the date is greater than the current time, we suppose - # that the log is not from this year but from the year before - if time.mktime(date) > MyTime.time(): - date[0] -= 1 - return date Deleted: branches/FAIL2BAN-0_8/server/datetai64n.py =================================================================== --- branches/FAIL2BAN-0_8/server/datetai64n.py 2007-12-14 22:37:55 UTC (rev 632) +++ branches/FAIL2BAN-0_8/server/datetai64n.py 2007-12-16 18:05:07 UTC (rev 633) @@ -1,46 +0,0 @@ -# This file is part of Fail2Ban. -# -# Fail2Ban is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# Fail2Ban is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -# Author: Cyril Jaquier -# -# $Revision$ - -__author__ = "Cyril Jaquier" -__version__ = "$Revision$" -__date__ = "$Date$" -__copyright__ = "Copyright (c) 2004 Cyril Jaquier" -__license__ = "GPL" - -import time - -from datetemplate import DateTemplate - -class DateTai64n(DateTemplate): - - def __init__(self): - DateTemplate.__init__(self) - # We already know the format for TAI64N - self.setRegex("@[0-9a-f]{24}") - - def getDate(self, line): - date = None - dateMatch = self.matchDate(line) - if dateMatch: - # extract part of format which represents seconds since epoch - value = dateMatch.group() - seconds_since_epoch = value[2:17] - date = list(time.gmtime(int(seconds_since_epoch, 16))) - return date Modified: branches/FAIL2BAN-0_8/server/datetemplate.py =================================================================== --- branches/FAIL2BAN-0_8/server/datetemplate.py 2007-12-14 22:37:55 UTC (rev 632) +++ branches/FAIL2BAN-0_8/server/datetemplate.py 2007-12-16 18:05:07 UTC (rev 633) @@ -1,3 +1,4 @@ +# -*- coding: utf8 -*- # This file is part of Fail2Ban. # # Fail2Ban is free software; you can redistribute it and/or modify @@ -24,8 +25,10 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier" __license__ = "GPL" -import re +import re, time +from mytime import MyTime + class DateTemplate: def __init__(self): @@ -69,3 +72,91 @@ def getDate(self, line): raise Exception("matchDate() is abstract") + + +class DateEpoch(DateTemplate): + + def __init__(self): + DateTemplate.__init__(self) + # We already know the format for TAI64N + self.setRegex("^\d{10}(\.\d{6})?") + + def getDate(self, line): + date = None + dateMatch = self.matchDate(line) + if dateMatch: + # extract part of format which represents seconds since epoch + date = list(time.localtime(float(dateMatch.group()))) + return date + + +## +# Use strptime() to parse a date. Our current locale is the 'C' +# one because we do not set the locale explicitly. This is POSIX +# standard. + +class DateStrptime(DateTemplate): + + TABLE = dict() + TABLE["Jan"] = [] + TABLE["Feb"] = [u"Fév"] + TABLE["Mar"] = [u"Mär"] + TABLE["Apr"] = ["Avr"] + TABLE["May"] = ["Mai"] + TABLE["Jun"] = [] + TABLE["Jul"] = [] + TABLE["Aug"] = ["Aou"] + TABLE["Sep"] = [] + TABLE["Oct"] = ["Okt"] + TABLE["Nov"] = [] + TABLE["Dec"] = [u"Déc", "Dez"] + + def __init__(self): + DateTemplate.__init__(self) + + @staticmethod + def convertLocale(date): + for t in DateStrptime.TABLE: + for m in DateStrptime.TABLE[t]: + if date.find(m) >= 0: + return date.replace(m, t) + return date + + def getDate(self, line): + date = None + dateMatch = self.matchDate(line) + if dateMatch: + try: + # Try first with 'C' locale + date = list(time.strptime(dateMatch.group(), self.getPattern())) + except ValueError: + # Try to convert date string to 'C' locale + conv = self.convertLocale(dateMatch.group()) + date = list(time.strptime(conv, self.getPattern())) + if date[0] < 2000: + # There is probably no year field in the logs + date[0] = MyTime.gmtime()[0] + # Bug fix for #1241756 + # If the date is greater than the current time, we suppose + # that the log is not from this year but from the year before + if time.mktime(date) > MyTime.time(): + date[0] -= 1 + return date + + +class DateTai64n(DateTemplate): + + def __init__(self): + DateTemplate.__init__(self) + # We already know the format for TAI64N + self.setRegex("@[0-9a-f]{24}") + + def getDate(self, line): + date = None + dateMatch = self.matchDate(line) + if dateMatch: + # extract part of format which represents seconds since epoch + value = dateMatch.group() + seconds_since_epoch = value[2:17] + date = list(time.gmtime(int(seconds_since_epoch, 16))) + return date \ No newline at end of file Modified: branches/FAIL2BAN-0_8/server/failregex.py =================================================================== --- branches/FAIL2BAN-0_8/server/failregex.py 2007-12-14 22:37:55 UTC (rev 632) +++ branches/FAIL2BAN-0_8/server/failregex.py 2007-12-16 18:05:07 UTC (rev 633) @@ -24,13 +24,80 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier" __license__ = "GPL" -from regex import Regex, RegexException +import re, sre_constants ## # Regular expression class. # # This class represents a regular expression with its compiled version. +class Regex: + + ## + # Constructor. + # + # Creates a new object. This method can throw RegexException in order to + # avoid construction of invalid object. + # @param value the regular expression + + def __init__(self, regex): + self._matchCache = None + # Perform shortcuts expansions. + # Replace "<HOST>" with default regular expression for host. + regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)") + if regex.lstrip() == '': + raise RegexException("Cannot add empty regex") + try: + self._regexObj = re.compile(regex) + self._regex = regex + except sre_constants.error: + raise RegexException("Unable to compile regular expression '%s'" % + regex) + + ## + # Gets the regular expression. + # + # The effective regular expression used is returned. + # @return the regular expression + + def getRegex(self): + return self._regex + + ## + # Searches the regular expression. + # + # Sets an internal cache (match object) in order to avoid searching for + # the pattern again. This method must be called before calling any other + # method of this object. + # @param value the line + + def search(self, value): + self._matchCache = self._regexObj.search(value) + + ## + # Checks if the previous call to search() matched. + # + # @return True if a match was found, False otherwise + + def hasMatched(self): + if self._matchCache: + return True + else: + return False + + +## +# Exception dedicated to the class Regex. + +class RegexException(Exception): + pass + + +## +# Regular expression class. +# +# This class represents a regular expression with its compiled version. + class FailRegex(Regex): ## Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2007-12-14 22:37:55 UTC (rev 632) +++ branches/FAIL2BAN-0_8/server/filter.py 2007-12-16 18:05:07 UTC (rev 633) @@ -29,8 +29,7 @@ from jailthread import JailThread from datedetector import DateDetector from mytime import MyTime -from regex import Regex, RegexException -from failregex import FailRegex +from failregex import FailRegex, Regex, RegexException import logging, re Deleted: branches/FAIL2BAN-0_8/server/regex.py =================================================================== --- branches/FAIL2BAN-0_8/server/regex.py 2007-12-14 22:37:55 UTC (rev 632) +++ branches/FAIL2BAN-0_8/server/regex.py 2007-12-16 18:05:07 UTC (rev 633) @@ -1,93 +0,0 @@ -# This file is part of Fail2Ban. -# -# Fail2Ban is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# Fail2Ban is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -# Author: Cyril Jaquier -# -# $Revision$ - -__author__ = "Cyril Jaquier" -__version__ = "$Revision$" -__date__ = "$Date$" -__copyright__ = "Copyright (c) 2004 Cyril Jaquier" -__license__ = "GPL" - -import re, sre_constants - -## -# Regular expression class. -# -# This class represents a regular expression with its compiled version. - -class Regex: - - ## - # Constructor. - # - # Creates a new object. This method can throw RegexException in order to - # avoid construction of invalid object. - # @param value the regular expression - - def __init__(self, regex): - self._matchCache = None - # Perform shortcuts expansions. - # Replace "<HOST>" with default regular expression for host. - regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)") - if regex.lstrip() == '': - raise RegexException("Cannot add empty regex") - try: - self._regexObj = re.compile(regex) - self._regex = regex - except sre_constants.error: - raise RegexException("Unable to compile regular expression '%s'" % - regex) - - ## - # Gets the regular expression. - # - # The effective regular expression used is returned. - # @return the regular expression - - def getRegex(self): - return self._regex - - ## - # Searches the regular expression. - # - # Sets an internal cache (match object) in order to avoid searching for - # the pattern again. This method must be called before calling any other - # method of this object. - # @param value the line - - def search(self, value): - self._matchCache = self._regexObj.search(value) - - ## - # Checks if the previous call to search() matched. - # - # @return True if a match was found, False otherwise - - def hasMatched(self): - if self._matchCache: - return True - else: - return False - - -## -# Exception dedicated to the class Regex. - -class RegexException(Exception): - pass This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |