Menu
▾
▴
fail2ban-commit
|
From: <los...@us...> - 2008-07-22 22:23:44
|
Revision: 705
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=705&view=rev
Author: lostcontrol
Date: 2008-07-22 22:23:52 +0000 (Tue, 22 Jul 2008)
Log Message:
-----------
- Changed to SVN version.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/README
branches/FAIL2BAN-0_8/common/version.py
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2008-07-17 21:45:54 UTC (rev 704)
+++ branches/FAIL2BAN-0_8/ChangeLog 2008-07-22 22:23:52 UTC (rev 705)
@@ -4,9 +4,12 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-Fail2Ban (version 0.8.3) 2008/07/17
+Fail2Ban (version 0.8.4) 2008/??/??
=============================================================
+ver. 0.8.4 (2008/??/??) - stable
+----------
+
ver. 0.8.3 (2008/07/17) - stable
----------
- Process failtickets as long as failmanager is not empty.
Modified: branches/FAIL2BAN-0_8/README
===================================================================
--- branches/FAIL2BAN-0_8/README 2008-07-17 21:45:54 UTC (rev 704)
+++ branches/FAIL2BAN-0_8/README 2008-07-22 22:23:52 UTC (rev 705)
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-Fail2Ban (version 0.8.3) 2008/07/17
+Fail2Ban (version 0.8.4) 2008/??/??
=============================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -28,8 +28,8 @@
To install, just do:
-> tar xvfj fail2ban-0.8.3.tar.bz2
-> cd fail2ban-0.8.3
+> tar xvfj fail2ban-0.8.4.tar.bz2
+> cd fail2ban-0.8.4
> python setup.py install
This will install Fail2Ban into /usr/share/fail2ban. The
Modified: branches/FAIL2BAN-0_8/common/version.py
===================================================================
--- branches/FAIL2BAN-0_8/common/version.py 2008-07-17 21:45:54 UTC (rev 704)
+++ branches/FAIL2BAN-0_8/common/version.py 2008-07-22 22:23:52 UTC (rev 705)
@@ -24,4 +24,4 @@
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
-version = "0.8.3"
+version = "0.8.3-SVN"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2008-07-22 22:29:48
|
Revision: 706
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=706&view=rev
Author: lostcontrol
Date: 2008-07-22 22:29:57 +0000 (Tue, 22 Jul 2008)
Log Message:
-----------
- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/config/filter.d/sshd.conf
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2008-07-22 22:23:52 UTC (rev 705)
+++ branches/FAIL2BAN-0_8/ChangeLog 2008-07-22 22:29:57 UTC (rev 706)
@@ -9,6 +9,8 @@
ver. 0.8.4 (2008/??/??) - stable
----------
+- Merged patches from Debian package. Thanks to Yaroslav
+ Halchenko.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-07-22 22:23:52 UTC (rev 705)
+++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2008-07-22 22:29:57 UTC (rev 706)
@@ -24,7 +24,8 @@
# Values: TEXT
#
failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
- ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
+ ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
+ ^%(__prefix_line)sFailed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2008-08-12 20:51:45
|
Revision: 708
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=708&view=rev
Author: lostcontrol
Date: 2008-08-12 20:51:55 +0000 (Tue, 12 Aug 2008)
Log Message:
-----------
- Use current day and month instead of Jan 1st if both are not available in the log. Thanks to Andreas Itzchak Rehberg.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/server/datetemplate.py
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2008-08-12 19:20:02 UTC (rev 707)
+++ branches/FAIL2BAN-0_8/ChangeLog 2008-08-12 20:51:55 UTC (rev 708)
@@ -11,6 +11,8 @@
----------
- Merged patches from Debian package. Thanks to Yaroslav
Halchenko.
+- Use current day and month instead of Jan 1st if both are
+ not available in the log. Thanks to Andreas Itzchak Rehberg
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/server/datetemplate.py
===================================================================
--- branches/FAIL2BAN-0_8/server/datetemplate.py 2008-08-12 19:20:02 UTC (rev 707)
+++ branches/FAIL2BAN-0_8/server/datetemplate.py 2008-08-12 20:51:55 UTC (rev 708)
@@ -146,6 +146,11 @@
# that the log is not from this year but from the year before
if time.mktime(date) > MyTime.time():
date[0] -= 1
+ elif date[1] == 1 and date[2] == 1:
+ # If it is Jan 1st, it is either really Jan 1st or there
+ # is neither month nor day in the log.
+ date[1] = MyTime.gmtime()[1]
+ date[2] = MyTime.gmtime()[2]
return date
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2008-08-12 22:05:08
|
Revision: 711
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=711&view=rev
Author: lostcontrol
Date: 2008-08-12 22:05:13 +0000 (Tue, 12 Aug 2008)
Log Message:
-----------
- Removed "timeregex" and "timepattern" stuff that is not needed anymore.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/client/filterreader.py
branches/FAIL2BAN-0_8/common/protocol.py
Modified: branches/FAIL2BAN-0_8/client/filterreader.py
===================================================================
--- branches/FAIL2BAN-0_8/client/filterreader.py 2008-08-12 21:42:21 UTC (rev 710)
+++ branches/FAIL2BAN-0_8/client/filterreader.py 2008-08-12 22:05:13 UTC (rev 711)
@@ -53,20 +53,14 @@
return ConfigReader.read(self, "filter.d/" + self.__file)
def getOptions(self, pOpts):
- opts = [["string", "timeregex", None],
- ["string", "timepattern", None],
- ["string", "ignoreregex", ""],
+ opts = [["string", "ignoreregex", ""],
["string", "failregex", ""]]
self.__opts = ConfigReader.getOptions(self, "Definition", opts, pOpts)
def convert(self):
stream = list()
for opt in self.__opts:
- if opt == "timeregex":
- stream.append(["set", self.__name, "timeregex", self.__opts[opt]])
- elif opt == "timepattern":
- stream.append(["set", self.__name, "timepattern", self.__opts[opt]])
- elif opt == "failregex":
+ if opt == "failregex":
for regex in self.__opts[opt].split('\n'):
# Do not send a command if the rule is empty.
if regex != '':
Modified: branches/FAIL2BAN-0_8/common/protocol.py
===================================================================
--- branches/FAIL2BAN-0_8/common/protocol.py 2008-08-12 21:42:21 UTC (rev 710)
+++ branches/FAIL2BAN-0_8/common/protocol.py 2008-08-12 22:05:13 UTC (rev 711)
@@ -72,8 +72,6 @@
['', "JAIL INFORMATION", ""],
["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"],
["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"],
-["get <JAIL> timeregex", "gets the regular expression used for the time detection for <JAIL>"],
-["get <JAIL> timepattern", "gets the pattern used for the time detection for <JAIL>"],
["get <JAIL> failregex", "gets the list of regular expressions which matches the failures for <JAIL>"],
["get <JAIL> ignoreregex", "gets the list of regular expressions which matches patterns to ignore for <JAIL>"],
["get <JAIL> findtime", "gets the time for which the filter will look back for failures for <JAIL>"],
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2008-08-12 22:39:57
|
Revision: 712
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=712&view=rev
Author: lostcontrol
Date: 2008-08-12 22:40:07 +0000 (Tue, 12 Aug 2008)
Log Message:
-----------
- Try to match the regex even if the line does not contain a valid date/time. Described in Debian #491253. Thanks to Yaroslav Halchenko.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/server/filter.py
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2008-08-12 22:05:13 UTC (rev 711)
+++ branches/FAIL2BAN-0_8/ChangeLog 2008-08-12 22:40:07 UTC (rev 712)
@@ -12,7 +12,11 @@
- Merged patches from Debian package. Thanks to Yaroslav
Halchenko.
- Use current day and month instead of Jan 1st if both are
- not available in the log. Thanks to Andreas Itzchak Rehberg
+ not available in the log. Thanks to Andreas Itzchak
+ Rehberg.
+- Try to match the regex even if the line does not contain a
+ valid date/time. Described in Debian #491253. Thanks to
+ Yaroslav Halchenko.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/server/filter.py
===================================================================
--- branches/FAIL2BAN-0_8/server/filter.py 2008-08-12 22:05:13 UTC (rev 711)
+++ branches/FAIL2BAN-0_8/server/filter.py 2008-08-12 22:40:07 UTC (rev 712)
@@ -241,15 +241,16 @@
except UnicodeDecodeError:
l = line
timeMatch = self.dateDetector.matchTime(l)
- if not timeMatch:
- # There is no valid time in this line
- return []
- # Lets split into time part and log part of the line
- timeLine = timeMatch.group()
- # Lets leave the beginning in as well, so if there is no
- # anchore at the beginning of the time regexp, we don't
- # at least allow injection. Should be harmless otherwise
- logLine = l[:timeMatch.start()] + l[timeMatch.end():]
+ if timeMatch:
+ # Lets split into time part and log part of the line
+ timeLine = timeMatch.group()
+ # Lets leave the beginning in as well, so if there is no
+ # anchore at the beginning of the time regexp, we don't
+ # at least allow injection. Should be harmless otherwise
+ logLine = l[:timeMatch.start()] + l[timeMatch.end():]
+ else:
+ timeLine = l
+ logLine = l
return self.findFailure(timeLine, logLine)
def processLineAndAdd(self, line):
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2008-10-13 14:37:39
|
Revision: 715
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=715&view=rev
Author: lostcontrol
Date: 2008-10-13 14:37:25 +0000 (Mon, 13 Oct 2008)
Log Message:
-----------
- Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/MANIFEST
Added Paths:
-----------
branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2008-10-10 16:26:18 UTC (rev 714)
+++ branches/FAIL2BAN-0_8/ChangeLog 2008-10-13 14:37:25 UTC (rev 715)
@@ -17,6 +17,7 @@
- Try to match the regex even if the line does not contain a
valid date/time. Described in Debian #491253. Thanks to
Yaroslav Halchenko.
+- Added/improved filters and date formats.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST 2008-10-10 16:26:18 UTC (rev 714)
+++ branches/FAIL2BAN-0_8/MANIFEST 2008-10-13 14:37:25 UTC (rev 715)
@@ -59,6 +59,7 @@
config/filter.d/common.conf
config/filter.d/apache-auth.conf
config/filter.d/apache-badbots.conf
+config/filter.d/apache-nohome.conf
config/filter.d/apache-noscript.conf
config/filter.d/apache-overflows.conf
config/filter.d/courierlogin.conf
Added: branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/filter.d/apache-nohome.conf 2008-10-13 14:37:25 UTC (rev 715)
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav O. Halchenko <de...@on...>
+#
+# $Revision: 569 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match failures to find a home directory on a server, which
+# became popular last days. Most often attacker just uses IP instead of
+# domain name -- so expect to see them in generic error.log if you have
+# per-domain log files.
+# Values: TEXT
+#
+failregex = [[]client <HOST>[]] File does not exist: .*/~.*
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2008-10-13 14:57:12
|
Revision: 717
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=717&view=rev
Author: lostcontrol
Date: 2008-10-13 14:56:54 +0000 (Mon, 13 Oct 2008)
Log Message:
-----------
- Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to Russell Odom.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/MANIFEST
branches/FAIL2BAN-0_8/README
Added Paths:
-----------
branches/FAIL2BAN-0_8/config/action.d/complain.conf
branches/FAIL2BAN-0_8/config/action.d/dshield.conf
branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2008-10-13 14:38:41 UTC (rev 716)
+++ branches/FAIL2BAN-0_8/ChangeLog 2008-10-13 14:56:54 UTC (rev 717)
@@ -18,6 +18,8 @@
valid date/time. Described in Debian #491253. Thanks to
Yaroslav Halchenko.
- Added/improved filters and date formats.
+- Added actions to report abuse to ISP, DShield and
+ myNetWatchman. Thanks to Russell Odom.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST 2008-10-13 14:38:41 UTC (rev 716)
+++ branches/FAIL2BAN-0_8/MANIFEST 2008-10-13 14:56:54 UTC (rev 717)
@@ -79,6 +79,8 @@
config/filter.d/webmin-auth.conf
config/filter.d/wuftpd.conf
config/filter.d/xinetd-fail.conf
+config/action.d/complain.conf
+config/action.d/dshield.conf
config/action.d/hostsdeny.conf
config/action.d/ipfw.conf
config/action.d/iptables.conf
@@ -90,6 +92,7 @@
config/action.d/mail-buffered.conf
config/action.d/mail-whois.conf
config/action.d/mail-whois-lines.conf
+config/action.d/mynetwatchman.conf
config/action.d/sendmail.conf
config/action.d/sendmail-buffered.conf
config/action.d/sendmail-whois.conf
Modified: branches/FAIL2BAN-0_8/README
===================================================================
--- branches/FAIL2BAN-0_8/README 2008-10-13 14:38:41 UTC (rev 716)
+++ branches/FAIL2BAN-0_8/README 2008-10-13 14:56:54 UTC (rev 717)
@@ -76,7 +76,8 @@
Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner,
Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann,
-Vincent Deffontaines, Bill Heaton and many others.
+Vincent Deffontaines, Bill Heaton, Russell Odom and many
+others.
License:
--------
Added: branches/FAIL2BAN-0_8/config/action.d/complain.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/complain.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/action.d/complain.conf 2008-10-13 14:56:54 UTC (rev 717)
@@ -0,0 +1,86 @@
+# Fail2Ban configuration file
+#
+# Author: Russell Odom <ru...@gl...>
+# Sends a complaint e-mail to addresses listed in the whois record for an
+# offending IP address.
+#
+# You should provide the <logpath> in the jail config - lines from the log
+# matching the given IP address will be provided in the complaint as evidence.
+#
+# Note that we will try to use e-mail addresses that are most likely to be abuse
+# addresses (based on various keywords). If they aren't found we fall back on
+# any other addresses found in the whois record, with a few exceptions.
+# If no addresses are found, no e-mail is sent.
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart =
+
+# Option: actionstop
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop =
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <failtime> unix timestamp of the last failure
+# <bantime> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = ADDRESSES=`whois <ip> | perl -e 'while (<STDIN>) { next if /^changed|@(ripe|apnic)\.net/io; $m += (/abuse|trouble:|report|spam|security/io?3:0); if (/([a-z0-9_\-\.+]+@[a-z0-9\-]+(\.[[a-z0-9\-]+)+)/io) { while (s/([a-z0-9_\-\.+]+@[a-z0-9\-]+(\.[[a-z0-9\-]+)+)//io) { if ($m) { $a{lc($1)}=$m } else { $b{lc($1)}=$m } } $m=0 } else { $m && --$m } } if (%%a) {print join(",",keys(%%a))} else {print join(",",keys(%%b))}'`
+ IP=<ip>
+ if [ ! -z "$ADDRESSES" ]; then
+ (printf %%b "<message>\n"; date '+Note: Local timezone is %%z (%%Z)'; grep '<ip>' <logpath>) | <mailcmd> "Abuse from <ip>" $ADDRESSES <mailargs>
+ fi
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <bantime> unix timestamp of the ban time
+# <unbantime> unix timestamp of the unban time
+# Values: CMD
+#
+actionunban =
+
+[Init]
+message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a whois lookup is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process. This mail was generated by Fail2Ban.)\n
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null
+
+# Option: mailcmd
+# Notes.: Your system mail command. Is passed 2 args: subject and recipient
+# Values: CMD Default: mail -s
+#
+mailcmd = mail -s
+
+# Option: mailargs
+# Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
+# CC reports to another address:
+# -c me...@ex...
+# Appear to come from a different address - the '--' indicates
+# arguments to be passed to Sendmail:
+# -- -f me...@ex...
+# Values: [ STRING ] Default: (empty)
+#
+mailargs =
+
Property changes on: branches/FAIL2BAN-0_8/config/action.d/complain.conf
___________________________________________________________________
Added: svn:keywords
+ Author Date Id Revision
Added: branches/FAIL2BAN-0_8/config/action.d/dshield.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/dshield.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/action.d/dshield.conf 2008-10-13 14:56:54 UTC (rev 717)
@@ -0,0 +1,210 @@
+# Fail2Ban configuration file
+#
+# Author: Russell Odom <ru...@gl...>
+# Submits attack reports to DShield (http://www.dshield.org/)
+#
+# You MUST configure at least:
+# <port> (the port that's being attacked - use number not name).
+#
+# You SHOULD also provide:
+# <myip> (your public IP address, if it's not the address of eth0)
+# <userid> (your DShield userID, if you have one - recommended, but reports will
+# be used anonymously if not)
+# <protocol> (the protocol in use - defaults to tcp)
+#
+# Best practice is to provide <port> and <protocol> in jail.conf like this:
+# action = dshield[port=1234,protocol=tcp]
+#
+# ...and create "dshield.local" with contents something like this:
+# [Init]
+# myip = 10.0.0.1
+# userid = 12345
+#
+# Other useful configuration values are <mailargs> (you can use for specifying
+# a different sender address for the report e-mails, which should match what is
+# configured at DShield), and <lines>/<minreportinterval>/<maxbufferage> (to
+# configure how often the buffer is flushed).
+#
+# $Revision$
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart =
+
+# Option: actionstop
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = if [ -f <tmpfile>.buffer ]; then
+ cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <dest> <mailargs>
+ date +%%s > <tmpfile>.lastsent
+ fi
+ rm -f <tmpfile>.buffer <tmpfile>.first
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+# See http://www.dshield.org/specs.html for more on report format/notes
+#
+# Note: We are currently using <time> for the timestamp because no tag is
+# available to indicate the timestamp of the log message(s) which triggered the
+# ban. Therefore the timestamps we are using in the report, whilst often only a
+# few seconds out, are incorrect. See
+# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047
+#
+actionban = TZONE=`date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'`
+ DATETIME="`perl -e '@t=localtime(<time>);printf "%%4d-%%02d-%%02d %%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` $TZONE"
+ PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols`
+ if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi
+ printf %%b "$DATETIME\t<userid>\t<failures>\t<ip>\t<srcport>\t<myip>\t<port>\t$PROTOCOL\t<tcpflags>\n" >> <tmpfile>.buffer
+ NOW=`date +%%s`
+ if [ ! -f <tmpfile>.first ]; then
+ echo <time> | cut -d. -f1 > <tmpfile>.first
+ fi
+ if [ ! -f <tmpfile>.lastsent ]; then
+ echo 0 > <tmpfile>.lastsent
+ fi
+ LOGAGE=$(($NOW - `cat <tmpfile>.first`))
+ LASTREPORT=$(($NOW - `cat <tmpfile>.lastsent`))
+ LINES=$( wc -l <tmpfile>.buffer | awk '{ print $1 }' )
+ if [ $LINES -ge <lines> && $LASTREPORT -gt <minreportinterval> ] || [ $LOGAGE -gt <maxbufferage> ]; then
+ cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ $TZONE Fail2Ban" <dest> <mailargs>
+ rm -f <tmpfile>.buffer <tmpfile>.first
+ echo $NOW > <tmpfile>.lastsent
+ fi
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban = if [ -f <tmpfile>.first ]; then
+ NOW=`date +%%s`
+ LOGAGE=$(($NOW - `cat <tmpfile>.first`))
+ if [ $LOGAGE -gt <maxbufferage> ]; then
+ cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <dest> <mailargs>
+ rm -f <tmpfile>.buffer <tmpfile>.first
+ echo $NOW > <tmpfile>.lastsent
+ fi
+ fi
+
+
+[Init]
+# Option: port
+# Notes.: The target port for the attack (numerical). MUST be provided in the
+# jail config, as it cannot be detected here.
+# Values: [ NUM ] Default: ???
+#
+port = ???
+
+# Option: userid
+# Notes.: Your DSheild user ID. Should be provided either in the jail config or
+# in a .local file.
+# Register at https://secure.dshield.org/register.html
+# Values: [ NUM ] Default: 0
+#
+userid = 0
+
+# Option: myip
+# Notes.: TThe target IP for the attack (your public IP). Should be provided
+# either in the jail config or in a .local file unless your PUBLIC IP
+# is the first IP assigned to eth0
+# Values: [ an IP address ] Default: Tries to find the IP address of eth0,
+# which in most cases will be a private IP, and therefore incorrect
+#
+myip = `ip -4 addr show dev eth0 | grep inet | head -1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'`
+
+# Option: protocol
+# Notes.: The protocol over which the attack is happening
+# Values: [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp
+#
+protocol = tcp
+
+# Option: lines
+# Notes.: How many lines to buffer before making a report. Regardless of this,
+# reports are sent a minimum of <minreportinterval> apart, or if the
+# buffer contains an event over <maxbufferage> old, or on shutdown
+# Values: [ NUM ] Default: 50
+#
+lines = 50
+
+# Option: minreportinterval
+# Notes.: Minimum period (in seconds) that must elapse before we submit another
+# batch of reports. DShield request a minimum of 1 hour (3600 secs)
+# between reports.
+# Values: [ NUM ] Default: 3600
+#
+minreportinterval = 3600
+
+# Option: maxbufferage
+# Notes.: Maximum age (in seconds) of the oldest report in the buffer before we
+# submit the batch, even if we haven't reached <lines> yet. Note that
+# this is only checked on each ban/unban, and that we always send
+# anything in the buffer on shutdown. Must be greater than
+# <minreportinterval>.
+# Values: [ NUM ] Default: 21600 (6 hours)
+#
+maxbufferage = 21600
+
+# Option: srcport
+# Notes.: The source port of the attack. You're unlikely to have this info, so
+# you can leave the default
+# Values: [ NUM ] Default: ???
+#
+srcport = ???
+
+# Option: tcpflags
+# Notes.: TCP flags on attack. You're unlikely to have this info, so you can
+# leave empty
+# Values: [ STRING ] Default: (empty)
+#
+tcpflags =
+
+# Option: mailcmd
+# Notes.: Your system mail command. Is passed 2 args: subject and recipient
+# Values: CMD Default: mail -s
+#
+mailcmd = mail -s
+
+# Option: mailargs
+# Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
+# CC reports to another address:
+# -c me...@ex...
+# Appear to come from a different address (the From address must match
+# the one configured at DShield - the '--' indicates arguments to be
+# passed to Sendmail):
+# -- -f me...@ex...
+# Values: [ STRING ] Default: (empty)
+#
+mailargs =
+
+# Option: dest
+# Notes.: Destination e-mail address for reports
+# Values: [ STRING ] Default: re...@ds...
+#
+dest = re...@ds...
+
+# Option: tmpfile
+# Notes.: Base name of temporary files used for buffering
+# Values: [ STRING ] Default: /tmp/fail2ban-dshield
+#
+tmpfile = /tmp/fail2ban-dshield
+
Added: branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf 2008-10-13 14:56:54 UTC (rev 717)
@@ -0,0 +1,144 @@
+# Fail2Ban configuration file
+#
+# Author: Russell Odom <ru...@gl...>
+# Submits attack reports to myNetWatchman (http://www.mynetwatchman.com/)
+#
+# You MUST configure at least:
+# <port> (the port that's being attacked - use number not name).
+# <mnwlogin> (your mNW login).
+# <mnwpass> (your mNW password).
+#
+# You SHOULD also provide:
+# <myip> (your public IP address, if it's not the address of eth0)
+# <protocol> (the protocol in use - defaults to tcp)
+#
+# Best practice is to provide <port> and <protocol> in jail.conf like this:
+# action = mynetwatchman[port=1234,protocol=udp]
+#
+# ...and create "mynetwatchman.local" with contents something like this:
+# [Init]
+# mnwlogin = me...@ex...
+# mnwpass = SECRET
+# myip = 10.0.0.1
+#
+# Another useful configuration value is <getcmd>, if you don't have wget
+# installed (an example config for curl is given below)
+#
+# $Revision$
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart =
+
+# Option: actionstop
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop =
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+#
+# Note: We are currently using <time> for the timestamp because no tag is
+# available to indicate the timestamp of the log message(s) which triggered the
+# ban. Therefore the timestamps we are using in the report, whilst often only a
+# few seconds out, are incorrect. See
+# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047
+#
+actionban = MNWLOGIN=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwlogin>'`
+ MNWPASS=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwpass>'`
+ PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols`
+ if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi
+ DATETIME=`perl -e '@t=gmtime(<time>);printf "%%4d-%%02d-%%02d+%%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'`
+ <getcmd> "<mnwurl>?AT=2&AV=0&AgentEmail=$MNWLOGIN&AgentPassword=$MNWPASS&AttackerIP=<ip>&SrcPort=<srcport>&ProtocolID=$PROTOCOL&DestPort=<port>&AttackCount=<failures>&VictimIP=<myip>&AttackDateTime=$DATETIME" 2>&1 >> <tmpfile>.out && grep -q 'Attack Report Insert Successful' <tmpfile>.out && rm -f <tmpfile>.out
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban =
+
+[Init]
+# Option: port
+# Notes.: The target port for the attack (numerical). MUST be provided in
+# the jail config, as it cannot be detected here.
+# Values: [ NUM ] Default: ???
+#
+port = 0
+
+# Option: mnwlogin
+# Notes.: Your mNW login e-mail address. MUST be provided either in the jail
+# config or in a .local file.
+# Register at http://www.mynetwatchman.com/reg.asp
+# Values: [ STRING ] Default: (empty)
+#
+mnwlogin =
+
+# Option: mnwpass
+# Notes.: The password corresponding to your mNW login e-mail address. MUST be
+# provided either in the jail config or in a .local file.
+# Values: [ STRING ] Default: (empty)
+#
+mnwpass =
+
+# Option: myip
+# Notes.: TThe target IP for the attack (your public IP). Should be overridden
+# either in the jail config or in a .local file unless your PUBLIC IP
+# is the first IP assigned to eth0
+# Values: [ an IP address ] Default: Tries to find the IP address of eth0,
+# which in most cases will be a private IP, and therefore incorrect
+#
+myip = `ip -4 addr show dev eth0 | grep inet | head -1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'`
+
+# Option: protocol
+# Notes.: The protocol over which the attack is happening
+# Values: [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp
+#
+protocol = tcp
+
+# Option: getcmd
+# Notes.: A command to fetch a URL. Should output page to STDOUT
+# Values: CMD Default: wget
+#
+getcmd = wget --no-verbose --tries=3 --waitretry=10 --connect-timeout=10 --read-timeout=60 --retry-connrefused --output-document=- --user-agent=Fail2Ban
+# Alternative value:
+# getcmd = curl --silent --show-error --retry 3 --connect-timeout 10 --max-time 60 --user-agent Fail2Ban
+
+# Option: srcport
+# Notes.: The source port of the attack. You're unlikely to have this info, so
+# you can leave the default
+# Values: [ NUM ] Default: 0
+#
+srcport = 0
+
+# Option: mnwurl
+# Notes.: The report service URL on the mNW site
+# Values: STRING Default: http://mynetwatchman.com/insertwebreport.asp
+#
+mnwurl = http://mynetwatchman.com/insertwebreport.asp
+
+# Option: tmpfile
+# Notes.: Base name of temporary files
+# Values: [ STRING ] Default: /tmp/fail2ban-mynetwatchman
+#
+tmpfile = /tmp/fail2ban-mynetwatchman
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-01-20 21:24:41
|
Revision: 718
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=718&view=rev
Author: lostcontrol
Date: 2009-01-20 21:24:33 +0000 (Tue, 20 Jan 2009)
Log Message:
-----------
- Remove socket file on startup is fail2ban crashed. Thanks to Detlef Reichelt.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/files/suse-initd
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2008-10-13 14:56:54 UTC (rev 717)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-01-20 21:24:33 UTC (rev 718)
@@ -20,6 +20,8 @@
- Added/improved filters and date formats.
- Added actions to report abuse to ISP, DShield and
myNetWatchman. Thanks to Russell Odom.
+- Suse init script. Remove socket file on startup is fail2ban
+ crashed. Thanks to Detlef Reichelt.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/files/suse-initd
===================================================================
--- branches/FAIL2BAN-0_8/files/suse-initd 2008-10-13 14:56:54 UTC (rev 717)
+++ branches/FAIL2BAN-0_8/files/suse-initd 2009-01-20 21:24:33 UTC (rev 718)
@@ -35,6 +35,13 @@
case "$1" in
start)
echo -n "Starting Fail2Ban "
+ # a cleanup workaround, since /etc/init.d/boot.local removes only.
+ # regular files, and not sockets
+ if test -e $FAIL2BAN_SOCKET; then
+ if ! lsof -n $FAIL2BAN_SOCKET &>/dev/null; then
+ rm $FAIL2BAN_SOCKET
+ fi
+ fi
/sbin/startproc $FAIL2BAN_BIN start &>/dev/null
rc_status -v
;;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-01-20 22:27:32
|
Revision: 719
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=719&view=rev
Author: lostcontrol
Date: 2009-01-20 21:48:04 +0000 (Tue, 20 Jan 2009)
Log Message:
-----------
- Removed begin-line anchor for "standard" timestamp. Fixed Debian bug #500824.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/server/datedetector.py
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-01-20 21:24:33 UTC (rev 718)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-01-20 21:48:04 UTC (rev 719)
@@ -22,6 +22,8 @@
myNetWatchman. Thanks to Russell Odom.
- Suse init script. Remove socket file on startup is fail2ban
crashed. Thanks to Detlef Reichelt.
+- Removed begin-line anchor for "standard" timestamp. Fixed
+ Debian bug #500824.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/server/datedetector.py
===================================================================
--- branches/FAIL2BAN-0_8/server/datedetector.py 2009-01-20 21:24:33 UTC (rev 718)
+++ branches/FAIL2BAN-0_8/server/datedetector.py 2009-01-20 21:48:04 UTC (rev 719)
@@ -44,7 +44,7 @@
# standard
template = DateStrptime()
template.setName("MONTH Day Hour:Minute:Second")
- template.setRegex("^\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
+ template.setRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
template.setPattern("%b %d %H:%M:%S")
self.__templates.append(template)
# asctime
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-01-27 22:58:33
|
Revision: 721
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=721&view=rev
Author: lostcontrol
Date: 2009-01-27 22:58:29 +0000 (Tue, 27 Jan 2009)
Log Message:
-----------
- Added nagios script. Thanks to Sebastian Mueller.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/MANIFEST
Added Paths:
-----------
branches/FAIL2BAN-0_8/files/nagios/
branches/FAIL2BAN-0_8/files/nagios/check_fail2ban
branches/FAIL2BAN-0_8/files/nagios/f2ban.txt
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-01-20 23:08:59 UTC (rev 720)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-01-27 22:58:29 UTC (rev 721)
@@ -24,6 +24,7 @@
crashed. Thanks to Detlef Reichelt.
- Removed begin-line anchor for "standard" timestamp. Fixed
Debian bug #500824.
+- Added nagios script. Thanks to Sebastian Mueller.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST 2009-01-20 23:08:59 UTC (rev 720)
+++ branches/FAIL2BAN-0_8/MANIFEST 2009-01-27 22:58:29 UTC (rev 721)
@@ -116,3 +116,5 @@
files/cacti/fail2ban_stats.sh
files/cacti/cacti_host_template_fail2ban.xml
files/cacti/README
+files/nagios/check_fail2ban
+files/nagios/f2ban.txt
Added: branches/FAIL2BAN-0_8/files/nagios/check_fail2ban
===================================================================
--- branches/FAIL2BAN-0_8/files/nagios/check_fail2ban (rev 0)
+++ branches/FAIL2BAN-0_8/files/nagios/check_fail2ban 2009-01-27 22:58:29 UTC (rev 721)
@@ -0,0 +1,106 @@
+#!/bin/bash
+#
+# Usage: ./check_fail2ban
+###############################################################################################
+# Description:
+# This plugin will check the status of Fail2ban.
+#
+# Created: 2008-10-25 (Sebastian Mueller)
+#
+# Changes: 2008-10-26 fixed some issues (Sebastian Mueller)
+# Changes: 2009-01-25 add the second check, when server is not replying and the
+# process is hang-up (Sebastian Mueller)
+#
+# please visit my website http://www.elchtest.eu or my personal WIKI http://wiki.elchtest.eu
+#
+################################################################################################
+# if you have any questions, send a mail to li...@kr...
+#
+# this script is for my personal use. read the script before running/using it!!!
+#
+#
+# YOU HAVE BEEN WARNED. THIS MAY DESTROY YOUR MACHINE. I ACCEPT NO RESPONSIBILITY.
+###############################################################################################
+
+
+SECOND_CHECK=0
+STATE_OK=0
+STATE_CRITICAL=2
+
+######################################################################
+# Read the Status from fail2ban-client
+######################################################################
+check_processes_fail2ban()
+{
+
+ F2B=`sudo -u root fail2ban-client ping | awk -F " " '{print $3}'`
+ exit_fail2ban=0
+
+ if [[ $F2B = "pong" ]]; then
+ exit_fail2ban=$STATE_OK
+ else
+ exit_fail2ban=$STATE_CRITICAL
+ fi
+
+}
+######################################################################
+# first check in the Background, PID will be killed when no response
+# after 10 seconds, might be possible, otherwise the scipt will be
+# pressent in your memory all the time
+#
+######################################################################
+
+check_processes_fail2ban &
+pid=$!
+
+typeset -i i=0
+while ps $pid >/dev/null
+do
+ sleep 1
+ i=$i+1
+if [ $i -ge 10 ]
+ then
+ kill $pid
+ SECOND_CHECK=1
+ exit_fail2ban=$STATE_CRITICAL
+ break
+fi
+done
+
+######################################################################
+# when the Server response (doesent mean the FAIL2BAN is working)
+# in the first step, then it will run again and test the Service
+# and provide the real status
+######################################################################
+
+
+if [ $SECOND_CHECK -eq 0 ]; then
+ check_processes_fail2ban
+ elif [ $SECOND_CHECK -eq 1 ]; then
+ exit_fail2ban=$STATE_CRITICAL
+fi
+
+
+
+######################################################################
+# Mainmenu
+######################################################################
+
+
+final_exit=$exit_fail2ban
+if [ $final_exit -eq 0 ]; then
+ echo "SYSTEM OK - Fail2ban is working normaly"
+ exitstatus=$STATE_OK
+elif [ $final_exit -ne "0" ]; then
+ echo "SYSTEM WARNING - Fail2Ban is not working"
+######################################################################
+# If don't have a Nagios Server for monitoring, remove the comment and
+# add your Mail Addres. You can check it with a Cron Job once a hour.
+# put a txt file on your server and describe how to fix the issue, this
+# could be attached to the mail.
+######################################################################
+# mutt -s "FAIL2BAN NOT WORKING" yo...@em... < /home/f2ban.txt
+
+ exitstatus=$STATE_CRITICAL
+fi
+exit $exitstatus
Added: branches/FAIL2BAN-0_8/files/nagios/f2ban.txt
===================================================================
--- branches/FAIL2BAN-0_8/files/nagios/f2ban.txt (rev 0)
+++ branches/FAIL2BAN-0_8/files/nagios/f2ban.txt 2009-01-27 22:58:29 UTC (rev 721)
@@ -0,0 +1,18 @@
+It seems that Fail2ban is currently not working, please login and check
+
+HELP:
+
+1.) stop the Service
+/etc/init.d/fail2ban stop
+
+2.) delete the socket if avalible
+rm /tmp/fail2ban.sock
+
+3.) start the Service
+/etc/init.d/fail2ban start
+
+4.) check if fail2ban is working
+fail2ban-client ping
+Answer should be "pong"
+
+5.) if the answer is not "pong" run away or CRY FOR HELP ;-)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-01-27 23:21:59
|
Revision: 722
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=722&view=rev
Author: lostcontrol
Date: 2009-01-27 23:21:55 +0000 (Tue, 27 Jan 2009)
Log Message:
-----------
- Added CPanel date format. Thanks to David Collins. Tracker #1967610.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/server/datedetector.py
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-01-27 22:58:29 UTC (rev 721)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-01-27 23:21:55 UTC (rev 722)
@@ -25,6 +25,8 @@
- Removed begin-line anchor for "standard" timestamp. Fixed
Debian bug #500824.
- Added nagios script. Thanks to Sebastian Mueller.
+- Added CPanel date format. Thanks to David Collins. Tracker
+ #1967610
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/server/datedetector.py
===================================================================
--- branches/FAIL2BAN-0_8/server/datedetector.py 2009-01-27 22:58:29 UTC (rev 721)
+++ branches/FAIL2BAN-0_8/server/datedetector.py 2009-01-27 23:21:55 UTC (rev 722)
@@ -77,6 +77,12 @@
template.setRegex("\d{2}/\S{3}/\d{4}:\d{2}:\d{2}:\d{2}")
template.setPattern("%d/%b/%Y:%H:%M:%S")
self.__templates.append(template)
+ # CPanel 05/20/2008:01:57:39
+ template = DateStrptime()
+ template.setName("Month/Day/Year:Hour:Minute:Second")
+ template.setRegex("\d{2}/\d{2}/\d{4}:\d{2}:\d{2}:\d{2}")
+ template.setPattern("%m/%d/%Y:%H:%M:%S")
+ self.__templates.append(template)
# Exim 2006-12-21 06:43:20
template = DateStrptime()
template.setName("Year-Month-Day Hour:Minute:Second")
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-01-27 23:35:51
|
Revision: 723
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=723&view=rev
Author: lostcontrol
Date: 2009-01-27 23:35:46 +0000 (Tue, 27 Jan 2009)
Log Message:
-----------
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/config/filter.d/sasl.conf
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-01-27 23:21:55 UTC (rev 722)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-01-27 23:35:46 UTC (rev 723)
@@ -26,7 +26,9 @@
Debian bug #500824.
- Added nagios script. Thanks to Sebastian Mueller.
- Added CPanel date format. Thanks to David Collins. Tracker
- #1967610
+ #1967610.
+- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker
+ #2310410.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/config/filter.d/sasl.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/sasl.conf 2009-01-27 23:21:55 UTC (rev 722)
+++ branches/FAIL2BAN-0_8/config/filter.d/sasl.conf 2009-01-27 23:35:46 UTC (rev 723)
@@ -14,7 +14,7 @@
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
-failregex = : warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
+failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-01-27 23:39:40
|
Revision: 724
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=724&view=rev
Author: lostcontrol
Date: 2009-01-27 23:39:38 +0000 (Tue, 27 Jan 2009)
Log Message:
-----------
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/MANIFEST
Added Paths:
-----------
branches/FAIL2BAN-0_8/config/action.d/ipfilter.conf
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-01-27 23:35:46 UTC (rev 723)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-01-27 23:39:38 UTC (rev 724)
@@ -29,6 +29,8 @@
#1967610.
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker
#2310410.
+- Added NetBSD ipfilter (ipf command) action. Thanks to Ed
+ Ravin. Tracker #2484115.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST 2009-01-27 23:35:46 UTC (rev 723)
+++ branches/FAIL2BAN-0_8/MANIFEST 2009-01-27 23:39:38 UTC (rev 724)
@@ -83,6 +83,7 @@
config/action.d/dshield.conf
config/action.d/hostsdeny.conf
config/action.d/ipfw.conf
+config/action.d/ipfilter.conf
config/action.d/iptables.conf
config/action.d/iptables-allports.conf
config/action.d/iptables-multiport.conf
Added: branches/FAIL2BAN-0_8/config/action.d/ipfilter.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/ipfilter.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/action.d/ipfilter.conf 2009-01-27 23:39:38 UTC (rev 724)
@@ -0,0 +1,57 @@
+# Fail2Ban configuration file
+#
+# NetBSD ipfilter (ipf command) ban/unban
+#
+# Author: Ed Ravin <er...@pa...>
+#
+#
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+# enable IPF if not already enabled
+actionstart = /sbin/ipf -E
+
+
+# Option: actionstop
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+# don't disable IPF with "/sbin/ipf -D", there may be other filters in use
+actionstop =
+
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = echo block in quick from <ip>/32 | /sbin/ipf -f -
+
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+# note -r option used to remove matching rule
+actionunban = echo block in quick from <ip>/32 | /sbin/ipf -r -f -
+
+[Init]
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-02-03 22:37:50
|
Revision: 727
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=727&view=rev
Author: lostcontrol
Date: 2009-02-03 22:37:46 +0000 (Tue, 03 Feb 2009)
Log Message:
-----------
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/MANIFEST
Added Paths:
-----------
branches/FAIL2BAN-0_8/config/filter.d/cyrus-imap.conf
branches/FAIL2BAN-0_8/config/filter.d/sieve.conf
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-02-03 21:56:03 UTC (rev 726)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-02-03 22:37:46 UTC (rev 727)
@@ -31,6 +31,8 @@
#2310410.
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed
Ravin. Tracker #2484115.
+- Added cyrus-imap and sieve filters. Thanks to Jan Wagner.
+ Debian bug #513953.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST 2009-02-03 21:56:03 UTC (rev 726)
+++ branches/FAIL2BAN-0_8/MANIFEST 2009-02-03 22:37:46 UTC (rev 727)
@@ -64,6 +64,7 @@
config/filter.d/apache-overflows.conf
config/filter.d/courierlogin.conf
config/filter.d/couriersmtp.conf
+config/filter.d/cyrus-imap.conf
config/filter.d/exim.conf
config/filter.d/gssftpd.conf
config/filter.d/named-refused.conf
@@ -73,6 +74,7 @@
config/filter.d/qmail.conf
config/filter.d/pam-generic.conf
config/filter.d/sasl.conf
+config/filter.d/sieve.conf
config/filter.d/sshd.conf
config/filter.d/sshd-ddos.conf
config/filter.d/vsftpd.conf
Added: branches/FAIL2BAN-0_8/config/filter.d/cyrus-imap.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/cyrus-imap.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/filter.d/cyrus-imap.conf 2009-02-03 22:37:46 UTC (rev 727)
@@ -0,0 +1,26 @@
+# Fail2Ban configuration file
+#
+# Author: Jan Wagner <wa...@cy...>
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+#
+failregex = : badlogin: .*\[<HOST>\] plaintext .*SASL\(-13\): authentication failure: checkpass failed$
+ : badlogin: .*\[<HOST>\] LOGIN \[SASL\(-13\): authentication failure: checkpass failed\]$
+ : badlogin: .*\[<HOST>\] (?:CRAM-MD5|NTLM) \[SASL\(-13\): authentication failure: incorrect (?:digest|NTLM) response\]$
+ : badlogin: .*\[<HOST>\] DIGEST-MD5 \[SASL\(-13\): authentication failure: client response doesn't match what we generated\]$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
Property changes on: branches/FAIL2BAN-0_8/config/filter.d/cyrus-imap.conf
___________________________________________________________________
Added: svn:keywords
+ Author Date Id Revision
Added: branches/FAIL2BAN-0_8/config/filter.d/sieve.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/sieve.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/filter.d/sieve.conf 2009-02-03 22:37:46 UTC (rev 727)
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Jan Wagner <wa...@cy...>
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = : badlogin: .*\[<HOST>\] (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failure$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
Property changes on: branches/FAIL2BAN-0_8/config/filter.d/sieve.conf
___________________________________________________________________
Added: svn:keywords
+ Author Date Id Revision
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-02-08 17:31:33
|
Revision: 728
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=728&view=rev
Author: lostcontrol
Date: 2009-02-08 17:31:24 +0000 (Sun, 08 Feb 2009)
Log Message:
-----------
- Changed <HOST> template to be more restrictive. Debian bug #514163.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/config/filter.d/apache-auth.conf
branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf
branches/FAIL2BAN-0_8/config/filter.d/common.conf
branches/FAIL2BAN-0_8/config/filter.d/courierlogin.conf
branches/FAIL2BAN-0_8/config/filter.d/couriersmtp.conf
branches/FAIL2BAN-0_8/config/filter.d/cyrus-imap.conf
branches/FAIL2BAN-0_8/config/filter.d/exim.conf
branches/FAIL2BAN-0_8/config/filter.d/postfix.conf
branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf
branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf
branches/FAIL2BAN-0_8/config/filter.d/qmail.conf
branches/FAIL2BAN-0_8/config/filter.d/sasl.conf
branches/FAIL2BAN-0_8/config/filter.d/sshd-ddos.conf
branches/FAIL2BAN-0_8/config/filter.d/sshd.conf
branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf
branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf
branches/FAIL2BAN-0_8/config/filter.d/xinetd-fail.conf
branches/FAIL2BAN-0_8/server/failregex.py
branches/FAIL2BAN-0_8/server/filter.py
branches/FAIL2BAN-0_8/testcases/filtertestcase.py
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-02-08 17:31:24 UTC (rev 728)
@@ -33,6 +33,8 @@
Ravin. Tracker #2484115.
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner.
Debian bug #513953.
+- Changed <HOST> template to be more restrictive. Debian bug
+ #514163.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/config/filter.d/apache-auth.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/apache-auth.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/apache-auth.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = [[]client <HOST>[]] user .* authentication failure
Modified: branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/apache-noscript.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)
Modified: branches/FAIL2BAN-0_8/config/filter.d/common.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/common.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/common.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -3,7 +3,7 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: $
+# $Revision$
#
[INCLUDES]
Modified: branches/FAIL2BAN-0_8/config/filter.d/courierlogin.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/courierlogin.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/courierlogin.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -12,7 +12,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = LOGIN FAILED, .*, ip=\[<HOST>\]$
Modified: branches/FAIL2BAN-0_8/config/filter.d/couriersmtp.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/couriersmtp.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/couriersmtp.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = error,relay=<HOST>,.*550 User unknown
Modified: branches/FAIL2BAN-0_8/config/filter.d/cyrus-imap.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/cyrus-imap.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/cyrus-imap.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = : badlogin: .*\[<HOST>\] plaintext .*SASL\(-13\): authentication failure: checkpass failed$
Modified: branches/FAIL2BAN-0_8/config/filter.d/exim.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/exim.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/exim.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address)
Modified: branches/FAIL2BAN-0_8/config/filter.d/postfix.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/postfix.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/postfix.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = reject: RCPT from (.*)\[<HOST>\]: 554
Modified: branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
Modified: branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -16,7 +16,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
Modified: branches/FAIL2BAN-0_8/config/filter.d/qmail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/qmail.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/qmail.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )<HOST>
Modified: branches/FAIL2BAN-0_8/config/filter.d/sasl.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/sasl.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/sasl.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd-ddos.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/sshd-ddos.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/sshd-ddos.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
Modified: branches/FAIL2BAN-0_8/config/filter.d/sshd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/sshd.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -20,7 +20,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
Modified: branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/vsftpd.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$
Modified: branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/webmin-auth.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -15,7 +15,7 @@
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = webmin.* Non-existent login as .+ from <HOST>$
Modified: branches/FAIL2BAN-0_8/config/filter.d/xinetd-fail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/xinetd-fail.conf 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/config/filter.d/xinetd-fail.conf 2009-02-08 17:31:24 UTC (rev 728)
@@ -11,7 +11,7 @@
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
-# (?:::f{4,6}:)?(?P<host>\S+)
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
# Cfr.: /var/log/(daemon\.|sys)log
Modified: branches/FAIL2BAN-0_8/server/failregex.py
===================================================================
--- branches/FAIL2BAN-0_8/server/failregex.py 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/server/failregex.py 2009-02-08 17:31:24 UTC (rev 728)
@@ -44,7 +44,7 @@
self._matchCache = None
# Perform shortcuts expansions.
# Replace "<HOST>" with default regular expression for host.
- regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
+ regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_]+)")
if regex.lstrip() == '':
raise RegexException("Cannot add empty regex")
try:
Modified: branches/FAIL2BAN-0_8/server/filter.py
===================================================================
--- branches/FAIL2BAN-0_8/server/filter.py 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/server/filter.py 2009-02-08 17:31:24 UTC (rev 728)
@@ -492,7 +492,7 @@
class DNSUtils:
- IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3}")
+ IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$")
#@staticmethod
def dnsToIp(dns):
Modified: branches/FAIL2BAN-0_8/testcases/filtertestcase.py
===================================================================
--- branches/FAIL2BAN-0_8/testcases/filtertestcase.py 2009-02-03 22:37:46 UTC (rev 727)
+++ branches/FAIL2BAN-0_8/testcases/filtertestcase.py 2009-02-08 17:31:24 UTC (rev 728)
@@ -99,7 +99,7 @@
output = ('193.168.0.128', 3, 1124013599.0)
self.__filter.addLogPath(GetFailures.FILENAME_01)
- self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)")
+ self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")
self.__filter.getFailures(GetFailures.FILENAME_01)
@@ -116,7 +116,7 @@
output = ('141.3.81.106', 4, 1124013539.0)
self.__filter.addLogPath(GetFailures.FILENAME_02)
- self.__filter.addFailRegex("Failed .* (?:::f{4,6}:)(?P<host>\S*)")
+ self.__filter.addFailRegex("Failed .* from <HOST>")
self.__filter.getFailures(GetFailures.FILENAME_02)
@@ -133,7 +133,7 @@
output = ('203.162.223.135', 6, 1124013544.0)
self.__filter.addLogPath(GetFailures.FILENAME_03)
- self.__filter.addFailRegex("error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown")
+ self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown")
self.__filter.getFailures(GetFailures.FILENAME_03)
@@ -151,7 +151,7 @@
('212.41.96.185', 4, 1124013598.0)]
self.__filter.addLogPath(GetFailures.FILENAME_04)
- self.__filter.addFailRegex("Invalid user .* (?P<host>\S*)")
+ self.__filter.addFailRegex("Invalid user .* <HOST>")
self.__filter.getFailures(GetFailures.FILENAME_04)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-02-08 19:50:48
|
Revision: 729
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=729&view=rev
Author: lostcontrol
Date: 2009-02-08 19:50:44 +0000 (Sun, 08 Feb 2009)
Log Message:
-----------
- Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100% correct fix but seems to work. Tracker #2500276.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/server/datetemplate.py
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-02-08 17:31:24 UTC (rev 728)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-02-08 19:50:44 UTC (rev 729)
@@ -35,6 +35,8 @@
Debian bug #513953.
- Changed <HOST> template to be more restrictive. Debian bug
#514163.
+- Use timetuple instead of utctimetuple for ISO 8601. Maybe
+ not a 100% correct fix but seems to work. Tracker #2500276.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/server/datetemplate.py
===================================================================
--- branches/FAIL2BAN-0_8/server/datetemplate.py 2009-02-08 17:31:24 UTC (rev 728)
+++ branches/FAIL2BAN-0_8/server/datetemplate.py 2009-02-08 19:50:44 UTC (rev 729)
@@ -187,5 +187,5 @@
if dateMatch:
# Parses the date.
value = dateMatch.group()
- date = list(iso8601.parse_date(value).utctimetuple())
+ date = list(iso8601.parse_date(value).timetuple())
return date
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-02-09 20:27:38
|
Revision: 730
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=730&view=rev
Author: lostcontrol
Date: 2009-02-09 20:27:35 +0000 (Mon, 09 Feb 2009)
Log Message:
-----------
- Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-02-08 19:50:44 UTC (rev 729)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-02-09 20:27:35 UTC (rev 730)
@@ -37,6 +37,8 @@
#514163.
- Use timetuple instead of utctimetuple for ISO 8601. Maybe
not a 100% correct fix but seems to work. Tracker #2500276.
+- Made the named-refused regex a bit less restrictive in
+ order to match logs with "view". Thanks to Stephen Gildea.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf 2009-02-08 19:50:44 UTC (rev 729)
+++ branches/FAIL2BAN-0_8/config/filter.d/named-refused.conf 2009-02-09 20:27:35 UTC (rev 730)
@@ -26,7 +26,7 @@
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT
#
-failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
+failregex = %(__line_prefix)sclient <HOST>#.+: query(?: \(cache\))? '.*' denied\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-02-09 22:46:07
|
Revision: 732
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=732&view=rev
Author: lostcontrol
Date: 2009-02-09 22:36:11 +0000 (Mon, 09 Feb 2009)
Log Message:
-----------
- Use 80 columns.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/README
branches/FAIL2BAN-0_8/TODO
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-02-09 22:08:21 UTC (rev 731)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-02-09 22:36:11 UTC (rev 732)
@@ -1,130 +1,102 @@
- __ _ _ ___ _
- / _|__ _(_) |_ ) |__ __ _ _ _
- | _/ _` | | |/ /| '_ \/ _` | ' \
- |_| \__,_|_|_/___|_.__/\__,_|_||_|
+ __ _ _ ___ _
+ / _|__ _(_) |_ ) |__ __ _ _ _
+ | _/ _` | | |/ /| '_ \/ _` | ' \
+ |_| \__,_|_|_/___|_.__/\__,_|_||_|
-=============================================================
-Fail2Ban (version 0.8.4) 2008/??/??
-=============================================================
+================================================================================
+Fail2Ban (version 0.8.4) 2009/02/??
+================================================================================
-ver. 0.8.4 (2008/??/??) - stable
+ver. 0.8.4 (2009/??/??) - stable
----------
-- Merged patches from Debian package. Thanks to Yaroslav
- Halchenko.
-- Use current day and month instead of Jan 1st if both are
- not available in the log. Thanks to Andreas Itzchak
- Rehberg.
-- Try to match the regex even if the line does not contain a
- valid date/time. Described in Debian #491253. Thanks to
- Yaroslav Halchenko.
+- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
+- Use current day and month instead of Jan 1st if both are not available in the
+ log. Thanks to Andreas Itzchak Rehberg.
+- Try to match the regex even if the line does not contain a valid date/time.
+ Described in Debian #491253. Thanks to Yaroslav Halchenko.
- Added/improved filters and date formats.
-- Added actions to report abuse to ISP, DShield and
- myNetWatchman. Thanks to Russell Odom.
-- Suse init script. Remove socket file on startup is fail2ban
- crashed. Thanks to Detlef Reichelt.
-- Removed begin-line anchor for "standard" timestamp. Fixed
- Debian bug #500824.
+- Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to
+ Russell Odom.
+- Suse init script. Remove socket file on startup is fail2ban crashed. Thanks to
+ Detlef Reichelt.
+- Removed begin-line anchor for "standard" timestamp. Fixed Debian bug #500824.
- Added nagios script. Thanks to Sebastian Mueller.
-- Added CPanel date format. Thanks to David Collins. Tracker
- #1967610.
-- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker
- #2310410.
-- Added NetBSD ipfilter (ipf command) action. Thanks to Ed
- Ravin. Tracker #2484115.
-- Added cyrus-imap and sieve filters. Thanks to Jan Wagner.
- Debian bug #513953.
-- Changed <HOST> template to be more restrictive. Debian bug
- #514163.
-- Use timetuple instead of utctimetuple for ISO 8601. Maybe
- not a 100% correct fix but seems to work. Tracker #2500276.
-- Made the named-refused regex a bit less restrictive in
- order to match logs with "view". Thanks to Stephen Gildea.
-- Fixed maxretry/findtime rate. Many thanks to Christos
- Psonis. Tracker #2019714.
+- Added CPanel date format. Thanks to David Collins. Tracker #1967610.
+- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
+- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker
+ #2484115.
+- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953.
+- Changed <HOST> template to be more restrictive. Debian bug #514163.
+- Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100% correct
+ fix but seems to work. Tracker #2500276.
+- Made the named-refused regex a bit less restrictive in order to match logs
+ with "view". Thanks to Stephen Gildea.
+- Fixed maxretry/findtime rate. Many thanks to Christos Psonis. Tracker
+ #2019714.
ver. 0.8.3 (2008/07/17) - stable
----------
- Process failtickets as long as failmanager is not empty.
-- Added "pam-generic" filter and more configuration fixes.
- Thanks to Yaroslav Halchenko.
-- Fixed socket path in redhat and suse init script. Thanks to
- Jim Wight.
-- Fixed PID file while started in daemon mode. Thanks to
- Christian Jobic who submitted a similar patch.
+- Added "pam-generic" filter and more configuration fixes. Thanks to Yaroslav
+ Halchenko.
+- Fixed socket path in redhat and suse init script. Thanks to Jim Wight.
+- Fixed PID file while started in daemon mode. Thanks to Christian Jobic who
+ submitted a similar patch.
- Fixed "fail2ban-client get <jail> logpath". Bug #1916986.
- Added gssftpd filter. Thanks to Kevin Zembower.
-- Added "Day/Month/Year Hour:Minute:Second" date template.
- Thanks to Dennis Winter.
-- Fixed ignoreregex processing in fail2ban-client. Thanks to
- René Berber.
+- Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to Dennis
+ Winter.
+- Fixed ignoreregex processing in fail2ban-client. Thanks to René Berber.
- Added ISO 8601 date/time format.
- Added and changed some logging level and messages.
-- Added missing ignoreregex to filters. Thanks to Klaus
- Lehmann.
-- Use poll instead of select in asyncore.loop. This should
- solve the "Unknown error 514". Thanks to Michael Geiger and
- Klaus Lehmann.
+- Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
+- Use poll instead of select in asyncore.loop. This should solve the "Unknown
+ error 514". Thanks to Michael Geiger and Klaus Lehmann.
ver. 0.8.2 (2008/03/06) - stable
----------
- Fixed named filter. Thanks to Yaroslav Halchenko
-- Fixed wrong path for apache-auth in jail.conf. Thanks to
- Vincent Deffontaines
-- Fixed timezone bug with epoch date template. Thanks to
- Michael Hanselmann
-- Added "full line failregex" patch. Thanks to Yaroslav
- Halchenko. It will be possible to create stronger failregex
- against log injection
+- Fixed wrong path for apache-auth in jail.conf. Thanks to Vincent Deffontaines
+- Fixed timezone bug with epoch date template. Thanks to Michael Hanselmann
+- Added "full line failregex" patch. Thanks to Yaroslav Halchenko. It will be
+ possible to create stronger failregex against log injection
- Fixed ipfw action script. Thanks to Nick Munger
-- Removed date from logging message when using SYSLOG. Thanks
- to Iain Lea
-- Fixed "ignore IPs". Only the first value was taken into
- account. Thanks to Adrien Clerc
+- Removed date from logging message when using SYSLOG. Thanks to Iain Lea
+- Fixed "ignore IPs". Only the first value was taken into account. Thanks to
+ Adrien Clerc
- Moved socket to /var/run/fail2ban.
- Rewrote the communication server.
- Refactoring. Reduced number of files.
-- Removed Python 2.4. Minimum required version is now Python
- 2.3.
+- Removed Python 2.4. Minimum required version is now Python 2.3.
- New log rotation detection algorithm.
- Print monitored files in status.
-- Create a PID file in /var/run/fail2ban/. Thanks to Julien
- Perez.
-- Fixed "Feb 29" bug. Thanks to James Andrewartha who pointed
- this out. Thanks to Yaroslav Halchenko for the fix.
-- "reload <jail>" reloads a single jail and the parameters in
- fail2ban.conf.
+- Create a PID file in /var/run/fail2ban/. Thanks to Julien Perez.
+- Fixed "Feb 29" bug. Thanks to James Andrewartha who pointed this out. Thanks
+ to Yaroslav Halchenko for the fix.
+- "reload <jail>" reloads a single jail and the parameters in fail2ban.conf.
- Added Mac OS/X startup script. Thanks to Bill Heaton.
- Absorbed some Debian patches. Thanks to Yaroslav Halchenko.
- Replaced "echo" with "printf" in actions. Fix #1839673
-- Replaced "reject" with "drop" in shorwall action. Fix
- #1854875
+- Replaced "reject" with "drop" in shorwall action. Fix #1854875
- Fixed Debian bug #456567, #468477, #462060, #461426
-- readline is now optional in fail2ban-client (not needed in
- fail2ban-server).
+- readline is now optional in fail2ban-client (not needed in fail2ban-server).
ver. 0.8.1 (2007/08/14) - stable
----------
- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
- Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko
-- Improved regular expressions. Thanks to Yaroslav Halchenko
- and others
-- Added sendmail actions. The action started with "mail" are
- now deprecated. Thanks to Raphaël Marichez
+- Improved regular expressions. Thanks to Yaroslav Halchenko and others
+- Added sendmail actions. The action started with "mail" are now deprecated.
+ Thanks to Raphaël Marichez
- Added "ignoreregex" support to fail2ban-regex
-- Updated suse-initd and added it to MANIFEST. Thanks to
- Christian Rauch
-- Tightening up the pid check in redhat-initd. Thanks to
- David Nutter
-- Added webmin authentication filter. Thanks to Guillaume
- Delvit
-- Removed textToDns() which is not required anymore. Thanks
- to Yaroslav Halchenko
-- Added new action iptables-allports. Thanks to Yaroslav
+- Updated suse-initd and added it to MANIFEST. Thanks to Christian Rauch
+- Tightening up the pid check in redhat-initd. Thanks to David Nutter
+- Added webmin authentication filter. Thanks to Guillaume Delvit
+- Removed textToDns() which is not required anymore. Thanks to Yaroslav
Halchenko
-- Added "named" date format to date detector. Thanks to
- Yaroslav Halchenko
-- Added filter file for named (bind9). Thanks to Yaroslav
- Halchenko
+- Added new action iptables-allports. Thanks to Yaroslav Halchenko
+- Added "named" date format to date detector. Thanks to Yaroslav Halchenko
+- Added filter file for named (bind9). Thanks to Yaroslav Halchenko
- Fixed vsftpd filter. Thanks to Yaroslav Halchenko
ver. 0.8.0 (2007/05/03) - stable
@@ -144,20 +116,17 @@
----------
- Fixed asctime pattern in datedetector.py
- Added new filters/actions. Thanks to Yaroslav Halchenko
-- Added Suse init script and modified gentoo-initd. Thanks to
- Christian Rauch
+- Added Suse init script and modified gentoo-initd. Thanks to Christian Rauch
- Moved every locking statements in a try..finally block
ver. 0.7.7 (2007/02/08) - release candidate
----------
- Added signal handling in fail2ban-client
- Added a wonderful visual effect when waiting on the server
-- fail2ban-client returns an error code if configuration is
- not valid
+- fail2ban-client returns an error code if configuration is not valid
- Added new filters/actions. Thanks to Yaroslav Halchenko
- Call Python interpreter directly (instead of using "env")
-- Added file support to fail2ban-regex. Benchmark feature has
- been removed
+- Added file support to fail2ban-regex. Benchmark feature has been removed
- Added cacti script and template.
- Added IP list in "status <JAIL>". Thanks to Eric Gerbier
@@ -167,60 +136,53 @@
- Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
- Use numeric output for iptables in "actioncheck"
- Fixed removal of host in hosts.deny. Thanks to René Berber
-- Added new date format (2006-12-21 06:43:20) and Exim4
- filter. Thanks to mEDI
-- Several "failregex" and "ignoreregex" are now accepted.
- Creation of rules should be easier now.
+- Added new date format (2006-12-21 06:43:20) and Exim4 filter. Thanks to mEDI
+- Several "failregex" and "ignoreregex" are now accepted. Creation of rules
+ should be easier now.
- Added license in COPYING. Thanks to Axel Thimm
-- Allow comma in action options. The value of the option must
- be escaped with " or '. Thanks to Yaroslav Halchenko
-- Now Fail2ban goes in /usr/share/fail2ban instead of
- /usr/lib/fail2ban. This is more compliant with FHS. Thanks
- to Axel Thimm and Yaroslav Halchenko
+- Allow comma in action options. The value of the option must be escaped with "
+ or '. Thanks to Yaroslav Halchenko
+- Now Fail2ban goes in /usr/share/fail2ban instead of /usr/lib/fail2ban. This is
+ more compliant with FHS. Thanks to Axel Thimm and Yaroslav Halchenko
ver. 0.7.5 (2006/12/07) - beta
----------
-- Do not ban a host that is currently banned. Thanks to
- Yaroslav Halchenko
-- The supported tags in "action(un)ban" are <ip>, <failures>
- and <time>
+- Do not ban a host that is currently banned. Thanks to Yaroslav Halchenko
+- The supported tags in "action(un)ban" are <ip>, <failures> and <time>
- Fixed refactoring bug (getLastcommand -> getLastAction)
-- Added option "ignoreregex" in filter scripts and jail.conf.
- Feature Request #1283304
+- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request
+ #1283304
- Fixed a bug in user defined time regex/pattern
- Improved documentation
- Moved version.py and protocol.py to common/
- Merged "maxtime" option with "findtime"
-- Added "<HOST>" tag support in failregex which matches
- default IP address/hostname. "(?P<host>\S)" is still valid
- and supported
-- Fixed exception when calling fail2ban-server with unknown
- option
-- Fixed Debian bug 400162. The "socket" option is now handled
- correctly by fail2ban-client
+- Added "<HOST>" tag support in failregex which matches default IP
+ address/hostname. "(?P<host>\S)" is still valid and supported
+- Fixed exception when calling fail2ban-server with unknown option
+- Fixed Debian bug 400162. The "socket" option is now handled correctly by
+ fail2ban-client
- Fixed RedHat init script. Thanks to Justin Shore
-- Changed timeout to 30 secondes before assuming the server
- cannot be started. Thanks to Joël Bertrand
+- Changed timeout to 30 secondes before assuming the server cannot be started.
+ Thanks to Joël Bertrand
ver. 0.7.4 (2006/11/01) - beta
----------
- Improved configuration files. Thanks to Yaroslav Halchenko
- Added man page for "fail2ban-regex"
- Moved ban/unban messages from "info" level to "warn"
-- Added "-s" option to specify the socket path and "socket"
- option in "fail2ban.conf"
+- Added "-s" option to specify the socket path and "socket" option in
+ "fail2ban.conf"
- Added "backend" option in "jail.conf"
-- Added more filters/actions and jail samples. Thanks to Nick
- Munger, Christoph Haas
+- Added more filters/actions and jail samples. Thanks to Nick Munger, Christoph
+ Haas
- Improved testing framework
-- Fixed a bug in the return code handling of the executed
- commands. Thanks to Yaroslav Halchenko
-- Signal handling. There is a bug with join() and signal in
- Python
+- Fixed a bug in the return code handling of the executed commands. Thanks to
+ Yaroslav Halchenko
+- Signal handling. There is a bug with join() and signal in Python
- Better debugging output for "fail2ban-regex"
- Added support for more date format
-- cPickle does not work with Python 2.5. Use pickle instead
- (performance is not a problem in our case)
+- cPickle does not work with Python 2.5. Use pickle instead (performance is not
+ a problem in our case)
ver. 0.7.3 (2006/09/28) - beta
----------
@@ -240,15 +202,13 @@
- Improved client output
- Added more get/set commands
- Added more configuration templates
-- Removed "logpath" and "maxretry" from filter templates.
- They must be defined in jail.conf now
+- Removed "logpath" and "maxretry" from filter templates. They must be defined
+ in jail.conf now
- Added interactive mode. Use "-i"
-- Added a date detector. "timeregex" and "timepattern" are no
- more needed
-- Added "fail2ban-regex". This is a tool to help finding
- "failregex"
-- Improved server communication. Start a new thread for each
- incoming request. Fail2ban is not really thread-safe yet
+- Added a date detector. "timeregex" and "timepattern" are no more needed
+- Added "fail2ban-regex". This is a tool to help finding "failregex"
+- Improved server communication. Start a new thread for each incoming request.
+ Fail2ban is not really thread-safe yet
ver. 0.7.1 (2006/08/23) - alpha
----------
@@ -259,106 +219,91 @@
ver. 0.7.0 (2006/08/23) - alpha
----------
-- Almost a complete rewrite :) Fail2ban design is really
- better (IMHO). There is a lot of new features
+- Almost a complete rewrite :) Fail2ban design is really better (IMHO). There is
+ a lot of new features
- Client/Server architecture
-- Multithreading. Each jail has its own threads: one for the
- log reading and another for the actions
+- Multithreading. Each jail has its own threads: one for the log reading and
+ another for the actions
- Execute several actions
-- Split configuration files. They are more readable and easy
- to use
-- failregex uses group (<host>) now. This feature was already
- present in the Debian package
+- Split configuration files. They are more readable and easy to use
+- failregex uses group (<host>) now. This feature was already present in the
+ Debian package
- lots of things...
ver. 0.6.1 (2006/03/16) - stable
----------
-- Added permanent banning. Set banTime to a negative value to
- enable this feature (-1 is perfect). Thanks to Mannone
+- Added permanent banning. Set banTime to a negative value to enable this
+ feature (-1 is perfect). Thanks to Mannone
- Fixed locale bug. Thanks to Fernando José
- Fixed crash when time format does not match data
-- Propagated patch from Debian to fix fail2ban search path
- addition to the path search list: now it is added first.
- Thanks to Nick Craig-Wood
-- Added SMTP authentification for mail notification. Thanks
- to Markus Hoffmann
+- Propagated patch from Debian to fix fail2ban search path addition to the path
+ search list: now it is added first. Thanks to Nick Craig-Wood
+- Added SMTP authentification for mail notification. Thanks to Markus Hoffmann
- Removed debug mode as it is confusing for people
-- Added parsing of timestamp in TAI64N format (#1275325).
- Thanks to Mark Edgington
-- Added patch #1382936 (Default formatted syslog logging).
- Thanks to Patrick B�rjesson
-- Removed 192.168.0.0/16 from ignoreip. Attacks could also
- come from the local network.
-- Robust startup: if iptables module does not get fully
- initialized after startup of fail2ban, fail2ban will do
- "maxreinit" attempts to initialize its own firewall. It
- will sleep between attempts for "polltime" number of
- seconds (closes Debian: #334272). Thanks to Yaroslav
- Halchenko
-- Added "interpolations" in fail2ban.conf. This is provided
- by the ConfigParser module. Old configuration files still
- work. Thanks to Yaroslav Halchenko
-- Added initial support for hosts.deny and shorewall. Need
- more testing. Please test. Thanks to kojiro from Gentoo
- forum for hosts.deny support
+- Added parsing of timestamp in TAI64N format (#1275325). Thanks to Mark
+ Edgington
+- Added patch #1382936 (Default formatted syslog logging). Thanks to Patrick
+ B�rjesson
+- Removed 192.168.0.0/16 from ignoreip. Attacks could also come from the local
+ network.
+- Robust startup: if iptables module does not get fully initialized after
+ startup of fail2ban, fail2ban will do "maxreinit" attempts to initialize its
+ own firewall. It will sleep between attempts for "polltime" number of seconds
+ (closes Debian: #334272). Thanks to Yaroslav Halchenko
+- Added "interpolations" in fail2ban.conf. This is provided by the ConfigParser
+ module. Old configuration files still work. Thanks to Yaroslav Halchenko
+- Added initial support for hosts.deny and shorewall. Need more testing. Please
+ test. Thanks to kojiro from Gentoo forum for hosts.deny support
- Added support for vsftpd. Thanks to zugeschmiert
ver. 0.6.0 (2005/11/20) - stable
----------
-- Propagated patches introduced by Debian maintainer
- (Yaroslav Halchenko):
- * Added an option to report local time (including timezone)
- or GMT in mail notification.
+- Propagated patches introduced by Debian maintainer (Yaroslav Halchenko):
+ * Added an option to report local time (including timezone) or GMT in mail
+ notification.
ver. 0.5.5 (2005/10/26) - beta
----------
-- Propagated patches introduced by Debian maintainer
- (Yaroslav Halchenko):
- * Introduced fwcheck option to verify consistency of the
- chains. Implemented automatic restart of fail2ban main
- function in case check of fwban or fwunban command failed
- (closes: #329163, #331695). (Introduced patch was further
- adjusted by upstream author).
+- Propagated patches introduced by Debian maintainer (Yaroslav Halchenko):
+ * Introduced fwcheck option to verify consistency of the chains. Implemented
+ automatic restart of fail2ban main function in case check of fwban or
+ fwunban command failed (closes: #329163, #331695). (Introduced patch was
+ further adjusted by upstream author).
* Added -f command line parameter for [findtime].
- * Added a cleanup of firewall rules on emergency shutdown
- when unknown exception is catched.
- * Fail2ban should not crash now if a wrong file name is
- specified in config.
- * reordered code a bit so that log targets are setup right
- after background and then only loglevel (verbose, debug)
- is processed, so the warning could be seen in the logs
- * Added a keyword <section> in parsing of the subject and
- the body of an email sent out by fail2ban (closes:
- #330311)
+ * Added a cleanup of firewall rules on emergency shutdown when unknown
+ exception is catched.
+ * Fail2ban should not crash now if a wrong file name is specified in config.
+ * reordered code a bit so that log targets are setup right after background
+ and then only loglevel (verbose, debug) is processed, so the warning could
+ be seen in the logs
+ * Added a keyword <section> in parsing of the subject and the body of an email
+ sent out by fail2ban (closes: #330311)
ver. 0.5.4 (2005/09/13) - beta
----------
- Fixed bug #1286222.
-- Propagated patches introduced by Debian maintainer
- (Yaroslav Halchenko):
- * Fixed handling of SYSLOG logging target. Now it can log
- to any SYSLOG target and facility as directed by the
- config
+- Propagated patches introduced by Debian maintainer (Yaroslav Halchenko):
+ * Fixed handling of SYSLOG logging target. Now it can log to any SYSLOG target
+ and facility as directed by the config
* Format of SYSLOG entries fixed to look closer to standard
* Fixed errata in config/gentoo-confd
- * Introduced findtime configuration variable to control the
- lifetime of caught "failed" log entries
+ * Introduced findtime configuration variable to control the lifetime of caught
+ "failed" log entries
ver. 0.5.3 (2005/09/08) - beta
----------
-- Fixed a bug when overriding "maxfailures" or "bantime".
- Thanks to Yaroslav Halchenko
-- Added more debug output if an error occurs when sending
- mail. Thanks to Stephen Gildea
-- Renamed "maxretry" to "maxfailures" and changed default
- value to 5. Thanks to Stephen Gildea
+- Fixed a bug when overriding "maxfailures" or "bantime". Thanks to Yaroslav
+ Halchenko
+- Added more debug output if an error occurs when sending mail. Thanks to
+ Stephen Gildea
+- Renamed "maxretry" to "maxfailures" and changed default value to 5. Thanks to
+ Stephen Gildea
- Hopefully fixed bug #1256075
- Fixed bug #1262345
- Fixed exception handling in PIDLock
-- Removed warning when using "-V" or "-h" with no config
- file. Thanks to Yaroslav Halchenko
-- Removed "-i eth0" from config file. Thanks to Yaroslav
- Halchenko
+- Removed warning when using "-V" or "-h" with no config file. Thanks to
+ Yaroslav Halchenko
+- Removed "-i eth0" from config file. Thanks to Yaroslav Halchenko
ver. 0.5.2 (2005/08/06) - beta
----------
@@ -374,11 +319,9 @@
----------
- Fixed bugs #1241756, #1239557
- Added log targets in configuration file. Removed -l option
-- Changed iptables rules in order to create a separated chain
- for each section
+- Changed iptables rules in order to create a separated chain for each section
- Fixed static banList in firewall.py
-- Added an initd script for Debian. Thanks to Yaroslav
- Halchenko
+- Added an initd script for Debian. Thanks to Yaroslav Halchenko
- Check for obsolete files after install
ver. 0.5.0 (2005/07/12) - beta
@@ -386,24 +329,22 @@
- Added support for CIDR mask in ignoreip
- Added mail notification support
- Fixed bug #1234699
-- Added tags replacement in rules definition. Should allow a
- clean solution for Feature Request #1229479
+- Added tags replacement in rules definition. Should allow a clean solution for
+ Feature Request #1229479
- Removed "interface" and "firewall" options
-- Added start and end commands in the configuration file.
- Thanks to Yaroslav Halchenko
+- Added start and end commands in the configuration file. Thanks to Yaroslav
+ Halchenko
- Added firewall rules definition in the configuration file
- Cleaned fail2ban.py
-- Added an initd script for RedHat/Fedora. Thanks to Andrey
- G. Grozin
+- Added an initd script for RedHat/Fedora. Thanks to Andrey G. Grozin
ver. 0.4.1 (2005/06/30) - stable
----------
-- Fixed textToDNS method which generated wrong matches for
- "rhost=12-xyz...". Thanks to Tom Pike
+- Fixed textToDNS method which generated wrong matches for "rhost=12-xyz...".
+ Thanks to Tom Pike
- fail2ban.conf modified for readability. Thanks to Iain Lea
- Added an initd script for Gentoo
-- Changed default PID lock file location from /tmp to
- /var/run
+- Changed default PID lock file location from /tmp to /var/run
ver. 0.4.0 (2005/04/24) - stable
----------
@@ -419,8 +360,8 @@
ver. 0.3.0 (2005/02/24) - beta
----------
-- Re-writting of parts of the code in order to handle several
- log files with different rules
+- Re-writting of parts of the code in order to handle several log files with
+ different rules
- Removed sshd.py because it is no more needed
- Fixed a bug when exiting with IP in the ban list
- Added PID lock file
@@ -430,26 +371,22 @@
ver. 0.1.2 (2004/11/21) - beta
----------
-- Add ipfw and ipfwadm support. The rules are taken from
- BlockIt. Thanks to Robert Edeker
-- Add -e option which allows to set the interface. Thanks to
- Robert Edeker who reminded me this
+- Add ipfw and ipfwadm support. The rules are taken from BlockIt. Thanks to
+ Robert Edeker
+- Add -e option which allows to set the interface. Thanks to Robert Edeker who
+ reminded me this
- Small code cleaning
ver. 0.1.1 (2004/10/23) - beta
----------
-- Add SIGTERM handler in order to exit nicely when in daemon
- mode
-- Add -r option which allows to set the maximum number of
- login failures
-- Remove the Metalog class as the log file are not so syslog
- daemon specific
-- Rewrite log reader to be service centered. Sshd support
- added. Match "Failed password" and "Illegal user"
+- Add SIGTERM handler in order to exit nicely when in daemon mode
+- Add -r option which allows to set the maximum number of login failures
+- Remove the Metalog class as the log file are not so syslog daemon specific
+- Rewrite log reader to be service centered. Sshd support added. Match "Failed
+ password" and "Illegal user"
- Add /etc/fail2ban.conf configuration support
- Code documentation
-
ver. 0.1.0 (2004/10/12) - alpha
----------
- Initial release
Modified: branches/FAIL2BAN-0_8/README
===================================================================
--- branches/FAIL2BAN-0_8/README 2009-02-09 22:08:21 UTC (rev 731)
+++ branches/FAIL2BAN-0_8/README 2009-02-09 22:36:11 UTC (rev 732)
@@ -1,21 +1,19 @@
- __ _ _ ___ _
- / _|__ _(_) |_ ) |__ __ _ _ _
- | _/ _` | | |/ /| '_ \/ _` | ' \
- |_| \__,_|_|_/___|_.__/\__,_|_||_|
+ __ _ _ ___ _
+ / _|__ _(_) |_ ) |__ __ _ _ _
+ | _/ _` | | |/ /| '_ \/ _` | ' \
+ |_| \__,_|_|_/___|_.__/\__,_|_||_|
-=============================================================
-Fail2Ban (version 0.8.4) 2008/??/??
-=============================================================
+================================================================================
+Fail2Ban (version 0.8.4) 2009/??/??
+================================================================================
-Fail2Ban scans log files like /var/log/pwdfail and bans IP
-that makes too many password failures. It updates firewall
-rules to reject the IP address. These rules can be defined by
-the user. Fail2Ban can read multiple log files such as sshd
-or Apache web server ones.
+Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many
+password failures. It updates firewall rules to reject the IP address. These
+rules can be defined by the user. Fail2Ban can read multiple log files such as
+sshd or Apache web server ones.
-This README is a quick introduction to Fail2ban. More
-documentation, FAQ, HOWTOs are available on the project
-website: http://www.fail2ban.org
+This README is a quick introduction to Fail2ban. More documentation, FAQ, HOWTOs
+are available on the project website: http://www.fail2ban.org
Installation:
-------------
@@ -32,33 +30,32 @@
> cd fail2ban-0.8.4
> python setup.py install
-This will install Fail2Ban into /usr/share/fail2ban. The
-executable scripts are placed into /usr/bin.
+This will install Fail2Ban into /usr/share/fail2ban. The executable scripts are
+placed into /usr/bin.
-It is possible that Fail2ban is already packaged for your
-distribution. In this case, you should use it.
+It is possible that Fail2ban is already packaged for your distribution. In this
+case, you should use it.
Fail2Ban should be correctly installed now. Just type:
> fail2ban-client -h
-to see if everything is alright. You should always use
-fail2ban-client and never call fail2ban-server directly.
+to see if everything is alright. You should always use fail2ban-client and never
+call fail2ban-server directly.
Configuration:
--------------
-You can configure Fail2ban using the files in /etc/fail2ban.
-It is possible to configure the server using commands sent to
-it by fail2ban-client. The available commands are described
-in the man page of fail2ban-client. Please refer to it or to
-the website: http://www.fail2ban.org
+You can configure Fail2ban using the files in /etc/fail2ban. It is possible to
+configure the server using commands sent to it by fail2ban-client. The available
+commands are described in the man page of fail2ban-client. Please refer to it or
+to the website: http://www.fail2ban.org
Contact:
--------
-You need some new features, you found bugs or you just
-appreciate this program, you can contact me at:
+You need some new features, you found bugs or you just appreciate this program,
+you can contact me at:
Website: http://www.fail2ban.org
@@ -67,34 +64,27 @@
Thanks:
-------
-Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
-Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
-Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
-Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
-Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
-René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch,
-Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner,
-Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
-Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann,
-Vincent Deffontaines, Bill Heaton, Russell Odom and many
-others.
+Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker, Tom Pike, Iain Lea,
+Andrey G. Grozin, Yaroslav Halchenko, Jonathan Kamens, Stephen Gildea, Markus
+Hoffmann, Mark Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler, Nick
+Munger, Christoph Haas, Justin Shore, Joël Bertrand, René Berber, mEDI, Axel
+Thimm, Eric Gerbier, Christian Rauch, Michael C. Haller, Jonathan Underwood,
+Hanno 'Rince' Wagner, Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
+Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann, Vincent Deffontaines,
+Bill Heaton, Russell Odom, Christos Psonis and many others.
License:
--------
-Fail2Ban is free software; you can redistribute it
-and/or modify it under the terms of the GNU General Public
-License as published by the Free Software Foundation; either
-version 2 of the License, or (at your option) any later
+Fail2Ban is free software; you can redistribute it and/or modify it under the
+terms of the GNU General Public License as published by the Free Software
+Foundation; either version 2 of the License, or (at your option) any later
version.
-Fail2Ban is distributed in the hope that it will be
-useful, but WITHOUT ANY WARRANTY; without even the implied
-warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-PURPOSE. See the GNU General Public License for more
-details.
+Fail2Ban is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+PARTICULAR PURPOSE. See the GNU General Public License for more details.
-You should have received a copy of the GNU General Public
-License along with Fail2Ban; if not, write to the Free
-Software Foundation, Inc., 59 Temple Place, Suite 330,
-Boston, MA 02111-1307 USA
+You should have received a copy of the GNU General Public License along with
+Fail2Ban; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
+Suite 330, Boston, MA 02111-1307 USA
Modified: branches/FAIL2BAN-0_8/TODO
===================================================================
--- branches/FAIL2BAN-0_8/TODO 2009-02-09 22:08:21 UTC (rev 731)
+++ branches/FAIL2BAN-0_8/TODO 2009-02-09 22:36:11 UTC (rev 732)
@@ -1,11 +1,11 @@
- __ _ _ ___ _
- / _|__ _(_) |_ ) |__ __ _ _ _
- | _/ _` | | |/ /| '_ \/ _` | ' \
- |_| \__,_|_|_/___|_.__/\__,_|_||_|
+ __ _ _ ___ _
+ / _|__ _(_) |_ ) |__ __ _ _ _
+ | _/ _` | | |/ /| '_ \/ _` | ' \
+ |_| \__,_|_|_/___|_.__/\__,_|_||_|
-=============================================================
-ToDo $Revision$
-=============================================================
+================================================================================
+ToDo $Revision$
+================================================================================
Legend:
- not yet done
@@ -15,26 +15,24 @@
- Removed relative imports
-- Cleanup fail2ban-client and fail2ban-server. Move code to
- server/ and client/
+- Cleanup fail2ban-client and fail2ban-server. Move code to server/ and client/
-- Add timeout to external commands (signal alarm, watchdog
- thread, etc)
+- Add timeout to external commands (signal alarm, watchdog thread, etc)
- New backend: pyinotify
-- Uniformize filters and actions name. Use the software name
- (openssh, postfix, proftp)
+- Uniformize filters and actions name. Use the software name (openssh, postfix,
+ proftp)
-- Added <USER> tag for failregex. Add features using this
- information. Maybe add more tags
+- Added <USER> tag for failregex. Add features using this information. Maybe add
+ more tags
- Look at the memory consumption. Decrease memory usage
- More detailed statistics
-- Auto-enable function (search for log files), check
- modification date to see if service is still in use
+- Auto-enable function (search for log files), check modification date to see if
+ service is still in use
- Improve parsing of the action parameters in jailreader.py
@@ -44,8 +42,8 @@
- Multiline log reading
-- Improve execution of action. Why does subprocess.call
- deadlock with multi-jails?
+- Improve execution of action. Why does subprocess.call deadlock with
+ multi-jails?
# see Feature Request Tracking System at SourceForge.net
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-02-09 22:55:29
|
Revision: 731
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=731&view=rev
Author: lostcontrol
Date: 2009-02-09 22:08:21 +0000 (Mon, 09 Feb 2009)
Log Message:
-----------
- Fixed maxretry/findtime rate. Many thanks to Christos Psonis. Tracker #2019714.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/server/faildata.py
branches/FAIL2BAN-0_8/server/failmanager.py
branches/FAIL2BAN-0_8/testcases/failmanagertestcase.py
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-02-09 20:27:35 UTC (rev 730)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-02-09 22:08:21 UTC (rev 731)
@@ -38,7 +38,9 @@
- Use timetuple instead of utctimetuple for ISO 8601. Maybe
not a 100% correct fix but seems to work. Tracker #2500276.
- Made the named-refused regex a bit less restrictive in
- order to match logs with "view". Thanks to Stephen Gildea.
+ order to match logs with "view". Thanks to Stephen Gildea.
+- Fixed maxretry/findtime rate. Many thanks to Christos
+ Psonis. Tracker #2019714.
ver. 0.8.3 (2008/07/17) - stable
----------
Modified: branches/FAIL2BAN-0_8/server/faildata.py
===================================================================
--- branches/FAIL2BAN-0_8/server/faildata.py 2009-02-09 20:27:35 UTC (rev 730)
+++ branches/FAIL2BAN-0_8/server/faildata.py 2009-02-09 22:08:21 UTC (rev 731)
@@ -34,6 +34,7 @@
def __init__(self):
self.__retry = 0
self.__lastTime = 0
+ self.__lastReset = 0
def setRetry(self, value):
self.__retry = value
@@ -50,4 +51,9 @@
def getLastTime(self):
return self.__lastTime
-
\ No newline at end of file
+
+ def getLastReset(self):
+ return self.__lastReset
+
+ def setLastReset(self, value):
+ self.__lastReset = value
Modified: branches/FAIL2BAN-0_8/server/failmanager.py
===================================================================
--- branches/FAIL2BAN-0_8/server/failmanager.py 2009-02-09 20:27:35 UTC (rev 730)
+++ branches/FAIL2BAN-0_8/server/failmanager.py 2009-02-09 22:08:21 UTC (rev 731)
@@ -90,11 +90,15 @@
unixTime = ticket.getTime()
if self.__failList.has_key(ip):
fData = self.__failList[ip]
+ if fData.getLastReset() < unixTime - self.__maxTime:
+ fData.setLastReset(unixTime)
+ fData.setRetry(0)
fData.inc()
fData.setLastTime(unixTime)
else:
fData = FailData()
fData.inc()
+ fData.setLastReset(unixTime)
fData.setLastTime(unixTime)
self.__failList[ip] = fData
self.__failTotal += 1
Modified: branches/FAIL2BAN-0_8/testcases/failmanagertestcase.py
===================================================================
--- branches/FAIL2BAN-0_8/testcases/failmanagertestcase.py 2009-02-09 20:27:35 UTC (rev 730)
+++ branches/FAIL2BAN-0_8/testcases/failmanagertestcase.py 2009-02-09 22:08:21 UTC (rev 731)
@@ -39,7 +39,12 @@
['193.168.0.128', 1167605999.0],
['87.142.124.10', 1167605999.0],
['87.142.124.10', 1167605999.0],
- ['87.142.124.10', 1167605999.0]]
+ ['87.142.124.10', 1167605999.0],
+ ['100.100.10.10', 1000000000.0],
+ ['100.100.10.10', 1000000500.0],
+ ['100.100.10.10', 1000001000.0],
+ ['100.100.10.10', 1000001500.0],
+ ['100.100.10.10', 1000002000.0]]
self.__failManager = FailManager()
for i in self.__items:
@@ -49,7 +54,7 @@
"""Call after every test case."""
def testAdd(self):
- self.assertEqual(self.__failManager.size(), 2)
+ self.assertEqual(self.__failManager.size(), 3)
def _testDel(self):
self.__failManager.delFailure('193.168.0.128')
@@ -76,3 +81,10 @@
def testbanNOK(self):
self.__failManager.setMaxRetry(10)
self.assertRaises(FailManagerEmpty, self.__failManager.toBan)
+
+ def testWindow(self):
+ ticket = self.__failManager.toBan()
+ self.assertNotEqual(ticket.getIP(), "100.100.10.10")
+ ticket = self.__failManager.toBan()
+ self.assertNotEqual(ticket.getIP(), "100.100.10.10")
+ self.assertRaises(FailManagerEmpty, self.__failManager.toBan)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <bu...@us...> - 2009-08-30 13:51:25
|
Revision: 739
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=739&view=rev
Author: buanzo
Date: 2009-08-30 13:51:17 +0000 (Sun, 30 Aug 2009)
Log Message:
-----------
added 'unexpected communication error' fix to ChangeLog. Added formatExceptionInfo to server/asyncserver.py
We should move that function to a helpers module.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/server/asyncserver.py
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-08-30 13:36:04 UTC (rev 738)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-08-30 13:51:17 UTC (rev 739)
@@ -9,6 +9,8 @@
ver. 0.8.4 (2009/??/??) - stable
----------
+- Fixed the 'unexpected communication error' problem by means of
+ use_poll=False in Python >= 2.6.
- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
- Use current day and month instead of Jan 1st if both are not available in the
log. Thanks to Andreas Itzchak Rehberg.
Modified: branches/FAIL2BAN-0_8/server/asyncserver.py
===================================================================
--- branches/FAIL2BAN-0_8/server/asyncserver.py 2009-08-30 13:36:04 UTC (rev 738)
+++ branches/FAIL2BAN-0_8/server/asyncserver.py 2009-08-30 13:51:17 UTC (rev 739)
@@ -30,6 +30,19 @@
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban.server")
+# we should move this to some sort of helper functions module
+
+def formatExceptionInfo():
+ """ Author: Arturo 'Buanzo' Busleiman """
+ import sys
+ cla, exc = sys.exc_info()[:2]
+ excName = cla.__name__
+ try:
+ excArgs = exc.__dict__["args"]
+ except KeyError:
+ excArgs = str(exc)
+ return (excName, excArgs)
+
##
# Request handler class.
#
@@ -69,7 +82,9 @@
self.close_when_done()
def handle_error(self):
- logSys.error("Unexpected communication error")
+ e1,e2 = formatExceptionInfo()
+ logSys.error("Unexpected communication error: "+e2)
+ logSys.error(traceback.format_exc().splitlines())
self.close()
##
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-08-30 14:03:28
|
Revision: 740
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=740&view=rev
Author: lostcontrol
Date: 2009-08-30 14:03:18 +0000 (Sun, 30 Aug 2009)
Log Message:
-----------
- Added helper module in common.
- Moved formatExceptionInfo by Buanzo to common/helpers.py.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/MANIFEST
branches/FAIL2BAN-0_8/server/asyncserver.py
Added Paths:
-----------
branches/FAIL2BAN-0_8/common/helpers.py
Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST 2009-08-30 13:51:17 UTC (rev 739)
+++ branches/FAIL2BAN-0_8/MANIFEST 2009-08-30 14:03:18 UTC (rev 740)
@@ -53,6 +53,7 @@
setup.py
setup.cfg
common/__init__.py
+common/helpers.py
common/version.py
common/protocol.py
config/jail.conf
Added: branches/FAIL2BAN-0_8/common/helpers.py
===================================================================
--- branches/FAIL2BAN-0_8/common/helpers.py (rev 0)
+++ branches/FAIL2BAN-0_8/common/helpers.py 2009-08-30 14:03:18 UTC (rev 740)
@@ -0,0 +1,38 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Author: Cyril Jaquier
+# Author: Arturo 'Buanzo' Busleiman
+#
+# $Revision: 711 $
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision: 567 $"
+__date__ = "$Date: 2007-03-26 23:17:31 +0200 (Mon, 26 Mar 2007) $"
+__copyright__ = "Copyright (c) 2009 Cyril Jaquier"
+__license__ = "GPL"
+
+
+def formatExceptionInfo():
+ """ Author: Arturo 'Buanzo' Busleiman """
+ import sys
+ cla, exc = sys.exc_info()[:2]
+ excName = cla.__name__
+ try:
+ excArgs = exc.__dict__["args"]
+ except KeyError:
+ excArgs = str(exc)
+ return (excName, excArgs)
Modified: branches/FAIL2BAN-0_8/server/asyncserver.py
===================================================================
--- branches/FAIL2BAN-0_8/server/asyncserver.py 2009-08-30 13:51:17 UTC (rev 739)
+++ branches/FAIL2BAN-0_8/server/asyncserver.py 2009-08-30 14:03:18 UTC (rev 740)
@@ -25,24 +25,12 @@
__license__ = "GPL"
from pickle import dumps, loads, HIGHEST_PROTOCOL
+from common import helpers
import asyncore, asynchat, socket, os, logging, sys
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban.server")
-# we should move this to some sort of helper functions module
-
-def formatExceptionInfo():
- """ Author: Arturo 'Buanzo' Busleiman """
- import sys
- cla, exc = sys.exc_info()[:2]
- excName = cla.__name__
- try:
- excArgs = exc.__dict__["args"]
- except KeyError:
- excArgs = str(exc)
- return (excName, excArgs)
-
##
# Request handler class.
#
@@ -82,7 +70,7 @@
self.close_when_done()
def handle_error(self):
- e1,e2 = formatExceptionInfo()
+ e1,e2 = helpers.formatExceptionInfo()
logSys.error("Unexpected communication error: "+e2)
logSys.error(traceback.format_exc().splitlines())
self.close()
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <bu...@us...> - 2009-08-30 14:17:39
|
Revision: 742
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=742&view=rev
Author: buanzo
Date: 2009-08-30 14:17:29 +0000 (Sun, 30 Aug 2009)
Log Message:
-----------
added two new filter files (PHP url_fopen, lighttpd fastcgi alerts), updated MANIFEST and jail.conf accordingly
Modified Paths:
--------------
branches/FAIL2BAN-0_8/MANIFEST
branches/FAIL2BAN-0_8/config/jail.conf
Added Paths:
-----------
branches/FAIL2BAN-0_8/config/filter.d/lighttpd-fastcgi.conf
branches/FAIL2BAN-0_8/config/filter.d/php-url-fopen.conf
Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST 2009-08-30 14:13:04 UTC (rev 741)
+++ branches/FAIL2BAN-0_8/MANIFEST 2009-08-30 14:17:29 UTC (rev 742)
@@ -122,3 +122,5 @@
files/cacti/README
files/nagios/check_fail2ban
files/nagios/f2ban.txt
+config/filter.d/lighttpd-fastcgi.conf
+config/filter.d/php-url-fopen.conf
Added: branches/FAIL2BAN-0_8/config/filter.d/lighttpd-fastcgi.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/lighttpd-fastcgi.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/filter.d/lighttpd-fastcgi.conf 2009-08-30 14:17:29 UTC (rev 742)
@@ -0,0 +1,18 @@
+# Fail2Ban configuration file
+#
+# Author: Arturo 'Buanzo' Busleiman <bu...@bu...>
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match ALERTS as notified by lighttpd's FastCGI Module
+# Values: TEXT
+#
+failregex = .*ALERT\ -\ .*attacker\ \'<HOST>\'
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
Added: branches/FAIL2BAN-0_8/config/filter.d/php-url-fopen.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/php-url-fopen.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/filter.d/php-url-fopen.conf 2009-08-30 14:17:29 UTC (rev 742)
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file
+#
+# Author: Arturo 'Buanzo' Busleiman <bu...@bu...>
+# Version 2
+# fixes the failregex so REFERERS that contain =http:// don't get blocked
+# (mentioned by "fasuto" (no real email provided... blog comment) in this entry:
+# http://blogs.buanzo.com.ar/2009/04/fail2ban-filter-for-php-injection-attacks.html#comment-1489
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match this kind of request:
+#
+# 66.185.212.172 - - [26/Mar/2009:08:44:20 -0500] "GET /index.php?n=http://eatmyfood.hostinginfive.com/pizza.htm? HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
+#
+failregex = ^<HOST> -.*"(GET|POST).*\?.*\=http\:\/\/.* HTTP\/.*$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
Modified: branches/FAIL2BAN-0_8/config/jail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/jail.conf 2009-08-30 14:13:04 UTC (rev 741)
+++ branches/FAIL2BAN-0_8/config/jail.conf 2009-08-30 14:17:29 UTC (rev 742)
@@ -152,6 +152,34 @@
sendmail[name=Postfix, dest=yo...@ma...]
logpath = /var/log/apache2/error_log
+# Ban attackers that try to use PHP's URL-fopen() functionality
+# through GET/POST variables. - Experimental, with more than a year
+# of usage in production environments.
+
+[php-url-fopen]
+
+enabled = false
+port = http,https
+filter = php-url-fopen
+logpath = /var/www/*/logs/access_log
+maxretry = 1
+
+# A simple PHP-fastcgi jail which works with lighttpd.
+# If you run a lighttpd server, then you probably will
+# find these kinds of messages in your error_log:
+# ALERT – tried to register forbidden variable ‘GLOBALS’
+# through GET variables (attacker '1.2.3.4', file '/var/www/default/htdocs/index.php')
+# This jail would block the IP 1.2.3.4.
+
+[lighttpd-fastcgi]
+
+enabled = true
+port = http,https
+filter = lighttpd-fastcgi
+# adapt the following two items as needed
+logpath = /var/log/lighttpd/error.log
+maxretry = 2
+
# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
# option is overridden in this jail. Moreover, the action "mail-whois" defines
# the variable "name" which contains a comma using "". The characters '' are
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <bu...@us...> - 2009-08-30 18:26:27
|
Revision: 745
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=745&view=rev
Author: buanzo
Date: 2009-08-30 18:26:15 +0000 (Sun, 30 Aug 2009)
Log Message:
-----------
added "Ban IP" command to fail2ban branch 0.8
Modified Paths:
--------------
branches/FAIL2BAN-0_8/common/protocol.py
branches/FAIL2BAN-0_8/server/filter.py
branches/FAIL2BAN-0_8/server/server.py
branches/FAIL2BAN-0_8/server/transmitter.py
Modified: branches/FAIL2BAN-0_8/common/protocol.py
===================================================================
--- branches/FAIL2BAN-0_8/common/protocol.py 2009-08-30 14:49:16 UTC (rev 744)
+++ branches/FAIL2BAN-0_8/common/protocol.py 2009-08-30 18:26:15 UTC (rev 745)
@@ -59,6 +59,7 @@
["set <JAIL> delignoreregex <INDEX>", "removes the regular expression at <INDEX> for ignoreregex"],
["set <JAIL> findtime <TIME>", "sets the number of seconds <TIME> for which the filter will look back for <JAIL>"],
["set <JAIL> bantime <TIME>", "sets the number of seconds <TIME> a host will be banned for <JAIL>"],
+["set <JAIL> banip <IP>", "manually Ban <IP> for <JAIL>"],
["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"],
["set <JAIL> addaction <ACT>", "adds a new action named <NAME> for <JAIL>"],
["set <JAIL> delaction <ACT>", "removes the action <NAME> from <JAIL>"],
Modified: branches/FAIL2BAN-0_8/server/filter.py
===================================================================
--- branches/FAIL2BAN-0_8/server/filter.py 2009-08-30 14:49:16 UTC (rev 744)
+++ branches/FAIL2BAN-0_8/server/filter.py 2009-08-30 18:26:15 UTC (rev 745)
@@ -184,6 +184,17 @@
raise Exception("run() is abstract")
##
+ # Ban an IP - http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
+ # Arturo 'Buanzo' Busleiman <bu...@bu...>
+ #
+ # to enable banip fail2ban-client BAN command
+
+ def addBannedIP(self, ip):
+ unixTime = time.time()
+ self.failManager.addFailure(FailTicket(ip, unixTime))
+ return ip
+
+ ##
# Add an IP/DNS to the ignore list.
#
# IP addresses in the ignore list are not taken into account
Modified: branches/FAIL2BAN-0_8/server/server.py
===================================================================
--- branches/FAIL2BAN-0_8/server/server.py 2009-08-30 14:49:16 UTC (rev 744)
+++ branches/FAIL2BAN-0_8/server/server.py 2009-08-30 18:26:15 UTC (rev 745)
@@ -221,6 +221,9 @@
def setBanTime(self, name, value):
self.__jails.getAction(name).setBanTime(value)
+ def setBanIP(self, name, value):
+ return self.__jails.getFilter(name).addBannedIP(value)
+
def getBanTime(self, name):
return self.__jails.getAction(name).getBanTime()
Modified: branches/FAIL2BAN-0_8/server/transmitter.py
===================================================================
--- branches/FAIL2BAN-0_8/server/transmitter.py 2009-08-30 14:49:16 UTC (rev 744)
+++ branches/FAIL2BAN-0_8/server/transmitter.py 2009-08-30 18:26:15 UTC (rev 745)
@@ -164,6 +164,9 @@
value = command[2]
self.__server.setBanTime(name, int(value))
return self.__server.getBanTime(name)
+ elif command[1] == "banip":
+ value = command[2]
+ return self.__server.setBanIP(name,value)
elif command[1] == "addaction":
value = command[2]
self.__server.addAction(name, value)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <los...@us...> - 2009-09-07 19:13:52
|
Revision: 754
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=754&view=rev
Author: lostcontrol
Date: 2009-09-07 19:13:45 +0000 (Mon, 07 Sep 2009)
Log Message:
-----------
- Release 0.8.4.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/README
branches/FAIL2BAN-0_8/common/version.py
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2009-09-01 21:29:13 UTC (rev 753)
+++ branches/FAIL2BAN-0_8/ChangeLog 2009-09-07 19:13:45 UTC (rev 754)
@@ -4,10 +4,10 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
-Fail2Ban (version 0.8.4) 2009/02/??
+Fail2Ban (version 0.8.4) 2009/09/07
================================================================================
-ver. 0.8.4 (2009/??/??) - stable
+ver. 0.8.4 (2009/09/07) - stable
----------
- Check the inode number for rotation in addition to checking the first line of
the file. Thanks to Jonathan Kamens. Red Hat #503852. Tracker #2800279.
Modified: branches/FAIL2BAN-0_8/README
===================================================================
--- branches/FAIL2BAN-0_8/README 2009-09-01 21:29:13 UTC (rev 753)
+++ branches/FAIL2BAN-0_8/README 2009-09-07 19:13:45 UTC (rev 754)
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
-Fail2Ban (version 0.8.4) 2009/??/??
+Fail2Ban (version 0.8.4) 2009/09/07
================================================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many
@@ -71,7 +71,8 @@
Thimm, Eric Gerbier, Christian Rauch, Michael C. Haller, Jonathan Underwood,
Hanno 'Rince' Wagner, Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann, Vincent Deffontaines,
-Bill Heaton, Russell Odom, Christos Psonis and many others.
+Bill Heaton, Russell Odom, Christos Psonis, Arturo 'Buanzo' Busleiman and many
+others.
License:
--------
Modified: branches/FAIL2BAN-0_8/common/version.py
===================================================================
--- branches/FAIL2BAN-0_8/common/version.py 2009-09-01 21:29:13 UTC (rev 753)
+++ branches/FAIL2BAN-0_8/common/version.py 2009-09-07 19:13:45 UTC (rev 754)
@@ -24,4 +24,4 @@
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
-version = "0.8.3-SVN"
+version = "0.8.4"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-05-07 03:16:47
|
Revision: 777
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=777&view=rev
Author: yarikoptic
Date: 2011-05-07 03:16:40 +0000 (Sat, 07 May 2011)
Log Message:
-----------
BF: use standard/reserved example.com instead of mail.com
Adapted from fail2ban-0.8.4-examplemail.patch in Fedora:
http://sophie.zarb.org/sources/fail2ban/fail2ban-0.8.4-examplemail.patch
Modified Paths:
--------------
branches/FAIL2BAN-0_8/config/jail.conf
branches/FAIL2BAN-0_8/files/nagios/check_fail2ban
Property Changed:
----------------
branches/FAIL2BAN-0_8/files/nagios/check_fail2ban
Modified: branches/FAIL2BAN-0_8/config/jail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/jail.conf 2011-03-23 21:38:26 UTC (rev 776)
+++ branches/FAIL2BAN-0_8/config/jail.conf 2011-05-07 03:16:40 UTC (rev 777)
@@ -45,7 +45,7 @@
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
- sendmail-whois[name=SSH, dest=yo...@ma..., sender=fai...@ma...]
+ sendmail-whois[name=SSH, dest=yo...@ex..., sender=fai...@ex...]
logpath = /var/log/sshd.log
maxretry = 5
@@ -54,7 +54,7 @@
enabled = false
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
- sendmail-whois[name=ProFTPD, dest=yo...@ma...]
+ sendmail-whois[name=ProFTPD, dest=yo...@ex...]
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
@@ -66,7 +66,7 @@
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
- sendmail-whois[name=sasl, dest=yo...@ma...]
+ sendmail-whois[name=sasl, dest=yo...@ex...]
logpath = /var/log/mail.log
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
@@ -77,7 +77,7 @@
enabled = false
filter = sshd
action = hostsdeny
- sendmail-whois[name=SSH, dest=yo...@ma...]
+ sendmail-whois[name=SSH, dest=yo...@ex...]
ignoreregex = for myuser from
logpath = /var/log/sshd.log
@@ -101,7 +101,7 @@
enabled = false
filter = postfix
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
- sendmail[name=Postfix, dest=yo...@ma...]
+ sendmail[name=Postfix, dest=yo...@ex...]
logpath = /var/log/postfix.log
bantime = 300
@@ -112,7 +112,7 @@
enabled = false
filter = vsftpd
-action = sendmail-whois[name=VSFTPD, dest=yo...@ma...]
+action = sendmail-whois[name=VSFTPD, dest=yo...@ex...]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
@@ -124,7 +124,7 @@
enabled = false
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
- sendmail-whois[name=VSFTPD, dest=yo...@ma...]
+ sendmail-whois[name=VSFTPD, dest=yo...@ex...]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
@@ -137,7 +137,7 @@
enabled = false
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
- sendmail-buffered[name=BadBots, lines=5, dest=yo...@ma...]
+ sendmail-buffered[name=BadBots, lines=5, dest=yo...@ex...]
logpath = /var/www/*/logs/access_log
bantime = 172800
maxretry = 1
@@ -149,7 +149,7 @@
enabled = false
filter = apache-noscript
action = shorewall
- sendmail[name=Postfix, dest=yo...@ma...]
+ sendmail[name=Postfix, dest=yo...@ex...]
logpath = /var/log/apache2/error_log
# Ban attackers that try to use PHP's URL-fopen() functionality
@@ -190,7 +190,7 @@
enabled = false
filter = sshd
action = ipfw[localhost=192.168.0.1]
- sendmail-whois[name="SSH,IPFW", dest=yo...@ma...]
+ sendmail-whois[name="SSH,IPFW", dest=yo...@ex...]
logpath = /var/log/auth.log
ignoreip = 168.192.0.1
@@ -224,7 +224,7 @@
# enabled = false
# filter = named-refused
# action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
-# sendmail-whois[name=Named, dest=yo...@ma...]
+# sendmail-whois[name=Named, dest=yo...@ex...]
# logpath = /var/log/named/security.log
# ignoreip = 168.192.0.1
@@ -235,7 +235,7 @@
enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
- sendmail-whois[name=Named, dest=yo...@ma...]
+ sendmail-whois[name=Named, dest=yo...@ex...]
logpath = /var/log/named/security.log
ignoreip = 168.192.0.1
Modified: branches/FAIL2BAN-0_8/files/nagios/check_fail2ban
===================================================================
--- branches/FAIL2BAN-0_8/files/nagios/check_fail2ban 2011-03-23 21:38:26 UTC (rev 776)
+++ branches/FAIL2BAN-0_8/files/nagios/check_fail2ban 2011-05-07 03:16:40 UTC (rev 777)
@@ -99,7 +99,7 @@
# put a txt file on your server and describe how to fix the issue, this
# could be attached to the mail.
######################################################################
-# mutt -s "FAIL2BAN NOT WORKING" yo...@em... < /home/f2ban.txt
+# mutt -s "FAIL2BAN NOT WORKING" yo...@ex... < /home/f2ban.txt
exitstatus=$STATE_CRITICAL
fi
Property changes on: branches/FAIL2BAN-0_8/files/nagios/check_fail2ban
___________________________________________________________________
Added: svn:executable
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
Thanks for helping keep SourceForge clean.
X