github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'remotes/gh-upstream/master' into f2b-perfom-prepare-716

pull/1346/head
sebres 2016-05-02 15:40:05 +02:00
parent 74b88e1706 9664406719
commit 05f38285f1
33 changed files with 343 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
ChangeLog
View File

@ -6,7 +6,26 @@
Fail2Ban: Changelog Fail2Ban: Changelog
=================== ===================
ver. 0.9.4 (2015/XX/XXX) - wanna-be-released ver. 0.9.5 (2016/XX/XXX) - wanna-be-released
-----------
- Fixes:
* filter.d/monit.conf
- extended failregex with new monit "access denied" version (gh-1355);
- failregex of previous monit version merged as single expression.
* filter.d/postfix.conf, filter.d/postfix-sasl.conf
- extended failregex daemon part, matching also `postfix/smtps/smtpd` now (gh-1391)
- New Features:
* New Actions:
- action.d/firewallcmd-rich-rules and action.d/firewallcmd-rich-logging (gh-1367)
- Enhancements:
* journald journalmatch for pure-ftpd (gh-1362)
* Add additional regex filter for dovecot ldap authentication failures (gh-1370)
* added additional regex filters for exim (gh-1371)
ver. 0.9.4 (2016/03/08) - for-you-ladies
----------- -----------
- Fixes: - Fixes:

106
MANIFEST
View File

@ -1,18 +1,8 @@
CONTRIBUTING.md
COPYING
ChangeLog
DEVELOP
FILTERS
README.Solaris
README.md
RELEASE
THANKS
TODO
Vagrantfile
bin/fail2ban-client bin/fail2ban-client
bin/fail2ban-regex bin/fail2ban-regex
bin/fail2ban-server bin/fail2ban-server
bin/fail2ban-testcases bin/fail2ban-testcases
ChangeLog
config/action.d/apf.conf config/action.d/apf.conf
config/action.d/badips.conf config/action.d/badips.conf
config/action.d/badips.py config/action.d/badips.py
@ -31,20 +21,22 @@ config/action.d/ipfilter.conf
config/action.d/ipfw.conf config/action.d/ipfw.conf
config/action.d/iptables-allports.conf config/action.d/iptables-allports.conf
config/action.d/iptables-common.conf config/action.d/iptables-common.conf
config/action.d/iptables.conf
config/action.d/iptables-ipset-proto4.conf config/action.d/iptables-ipset-proto4.conf
config/action.d/iptables-ipset-proto6-allports.conf config/action.d/iptables-ipset-proto6-allports.conf
config/action.d/iptables-ipset-proto6.conf config/action.d/iptables-ipset-proto6.conf
config/action.d/iptables-multiport-log.conf
config/action.d/iptables-multiport.conf config/action.d/iptables-multiport.conf
config/action.d/iptables-multiport-log.conf
config/action.d/iptables-new.conf config/action.d/iptables-new.conf
config/action.d/iptables-xt_recent-echo.conf config/action.d/iptables-xt_recent-echo.conf
config/action.d/iptables.conf
config/action.d/mail-buffered.conf config/action.d/mail-buffered.conf
config/action.d/mail-whois-lines.conf
config/action.d/mail-whois.conf
config/action.d/mail.conf config/action.d/mail.conf
config/action.d/mail-whois.conf
config/action.d/mail-whois-lines.conf
config/action.d/mynetwatchman.conf config/action.d/mynetwatchman.conf
config/action.d/nsupdate.conf config/action.d/nftables-allports.conf
config/action.d/nftables-common.conf
config/action.d/nftables-multiport.conf
config/action.d/nsupdate.conf config/action.d/nsupdate.conf
config/action.d/osx-afctl.conf config/action.d/osx-afctl.conf
config/action.d/osx-ipfw.conf config/action.d/osx-ipfw.conf
@ -52,13 +44,13 @@ config/action.d/pf.conf
config/action.d/route.conf config/action.d/route.conf
config/action.d/sendmail-buffered.conf config/action.d/sendmail-buffered.conf
config/action.d/sendmail-common.conf config/action.d/sendmail-common.conf
config/action.d/sendmail.conf
config/action.d/sendmail-geoip-lines.conf config/action.d/sendmail-geoip-lines.conf
config/action.d/sendmail-whois.conf
config/action.d/sendmail-whois-ipjailmatches.conf config/action.d/sendmail-whois-ipjailmatches.conf
config/action.d/sendmail-whois-ipmatches.conf config/action.d/sendmail-whois-ipmatches.conf
config/action.d/sendmail-whois-lines.conf config/action.d/sendmail-whois-lines.conf
config/action.d/sendmail-whois-matches.conf config/action.d/sendmail-whois-matches.conf
config/action.d/sendmail-whois.conf
config/action.d/sendmail.conf
config/action.d/shorewall.conf config/action.d/shorewall.conf
config/action.d/smtp.py config/action.d/smtp.py
config/action.d/symbiosis-blacklist-allports.conf config/action.d/symbiosis-blacklist-allports.conf
@ -89,44 +81,43 @@ config/filter.d/dovecot.conf
config/filter.d/dropbear.conf config/filter.d/dropbear.conf
config/filter.d/ejabberd-auth.conf config/filter.d/ejabberd-auth.conf
config/filter.d/exim-common.conf config/filter.d/exim-common.conf
config/filter.d/exim-spam.conf
config/filter.d/exim.conf config/filter.d/exim.conf
config/filter.d/exim-spam.conf
config/filter.d/freeswitch.conf config/filter.d/freeswitch.conf
config/filter.d/groupoffice.conf config/filter.d/groupoffice.conf
config/filter.d/gssftpd.conf config/filter.d/gssftpd.conf
config/filter.d/guacamole.conf config/filter.d/guacamole.conf
config/filter.d/haproxy-http-auth.conf
config/filter.d/horde.conf config/filter.d/horde.conf
config/filter.d/ignorecommands config/filter.d/ignorecommands
config/filter.d/ignorecommands/apache-fakegooglebot config/filter.d/ignorecommands/apache-fakegooglebot
config/filter.d/kerio.conf config/filter.d/kerio.conf
config/filter.d/lighttpd-auth.conf config/filter.d/lighttpd-auth.conf
config/filter.d/monit.conf config/filter.d/monit.conf
config/filter.d/murmur.conf
config/filter.d/mysqld-auth.conf config/filter.d/mysqld-auth.conf
config/filter.d/nagios.conf config/filter.d/nagios.conf
config/filter.d/named-refused.conf config/filter.d/named-refused.conf
config/filter.d/nginx-botsearch.conf config/filter.d/nginx-botsearch.conf
config/filter.d/nginx-http-auth.conf config/filter.d/nginx-http-auth.conf
config/filter.d/nginx-limit-req.conf
config/filter.d/nsd.conf config/filter.d/nsd.conf
config/filter.d/openhab.conf
config/filter.d/openwebmail.conf config/filter.d/openwebmail.conf
config/filter.d/oracleims.conf config/filter.d/oracleims.conf
config/filter.d/pam-generic.conf config/filter.d/pam-generic.conf
config/filter.d/pam-generic.conf
config/filter.d/pam-generic.conf
config/filter.d/perdition.conf config/filter.d/perdition.conf
config/filter.d/php-url-fopen.conf config/filter.d/php-url-fopen.conf
config/filter.d/php-url-fopen.conf
config/filter.d/php-url-fopen.conf
config/filter.d/portsentry.conf config/filter.d/portsentry.conf
config/filter.d/postfix.conf
config/filter.d/postfix-rbl.conf config/filter.d/postfix-rbl.conf
config/filter.d/postfix-sasl.conf config/filter.d/postfix-sasl.conf
config/filter.d/postfix-sasl.conf
config/filter.d/postfix-sasl.conf
config/filter.d/postfix.conf
config/filter.d/proftpd.conf config/filter.d/proftpd.conf
config/filter.d/pure-ftpd.conf config/filter.d/pure-ftpd.conf
config/filter.d/qmail.conf config/filter.d/qmail.conf
config/filter.d/recidive.conf config/filter.d/recidive.conf
config/filter.d/roundcube-auth.conf config/filter.d/roundcube-auth.conf
config/filter.d/screensharingd.conf
config/filter.d/selinux-common.conf config/filter.d/selinux-common.conf
config/filter.d/selinux-ssh.conf config/filter.d/selinux-ssh.conf
config/filter.d/sendmail-auth.conf config/filter.d/sendmail-auth.conf
@ -137,8 +128,8 @@ config/filter.d/sogo-auth.conf
config/filter.d/solid-pop3d.conf config/filter.d/solid-pop3d.conf
config/filter.d/squid.conf config/filter.d/squid.conf
config/filter.d/squirrelmail.conf config/filter.d/squirrelmail.conf
config/filter.d/sshd-ddos.conf
config/filter.d/sshd.conf config/filter.d/sshd.conf
config/filter.d/sshd-ddos.conf
config/filter.d/stunnel.conf config/filter.d/stunnel.conf
config/filter.d/suhosin.conf config/filter.d/suhosin.conf
config/filter.d/tine20.conf config/filter.d/tine20.conf
@ -152,13 +143,13 @@ config/paths-common.conf
config/paths-debian.conf config/paths-debian.conf
config/paths-fedora.conf config/paths-fedora.conf
config/paths-freebsd.conf config/paths-freebsd.conf
config/paths-opensuse.conf
config/paths-osx.conf config/paths-osx.conf
CONTRIBUTING.md
COPYING
DEVELOP
doc/run-rootless.txt doc/run-rootless.txt
fail2ban-2to3 fail2ban-2to3
fail2ban-testcases-all
fail2ban-testcases-all-python3
fail2ban/__init__.py
fail2ban/client/__init__.py
fail2ban/client/actionreader.py fail2ban/client/actionreader.py
fail2ban/client/beautifier.py fail2ban/client/beautifier.py
fail2ban/client/configparserinc.py fail2ban/client/configparserinc.py
@ -166,13 +157,15 @@ fail2ban/client/configreader.py
fail2ban/client/configurator.py fail2ban/client/configurator.py
fail2ban/client/csocket.py fail2ban/client/csocket.py
fail2ban/client/fail2banreader.py fail2ban/client/fail2banreader.py
fail2ban/client/fail2banregex.py
fail2ban/client/filterreader.py fail2ban/client/filterreader.py
fail2ban/client/__init__.py
fail2ban/client/jailreader.py fail2ban/client/jailreader.py
fail2ban/client/jailsreader.py fail2ban/client/jailsreader.py
fail2ban/exceptions.py fail2ban/exceptions.py
fail2ban/helpers.py fail2ban/helpers.py
fail2ban/__init__.py
fail2ban/protocol.py fail2ban/protocol.py
fail2ban/server/__init__.py
fail2ban/server/action.py fail2ban/server/action.py
fail2ban/server/actions.py fail2ban/server/actions.py
fail2ban/server/asyncserver.py fail2ban/server/asyncserver.py
@ -182,11 +175,12 @@ fail2ban/server/datedetector.py
fail2ban/server/datetemplate.py fail2ban/server/datetemplate.py
fail2ban/server/failmanager.py fail2ban/server/failmanager.py
fail2ban/server/failregex.py fail2ban/server/failregex.py
fail2ban/server/filter.py
fail2ban/server/filtergamin.py fail2ban/server/filtergamin.py
fail2ban/server/filterpoll.py fail2ban/server/filterpoll.py
fail2ban/server/filter.py
fail2ban/server/filterpyinotify.py fail2ban/server/filterpyinotify.py
fail2ban/server/filtersystemd.py fail2ban/server/filtersystemd.py
fail2ban/server/__init__.py
fail2ban/server/iso8601.py fail2ban/server/iso8601.py
fail2ban/server/jail.py fail2ban/server/jail.py
fail2ban/server/jails.py fail2ban/server/jails.py
@ -197,7 +191,8 @@ fail2ban/server/strptime.py
fail2ban/server/ticket.py fail2ban/server/ticket.py
fail2ban/server/transmitter.py fail2ban/server/transmitter.py
fail2ban/server/utils.py fail2ban/server/utils.py
fail2ban/tests/__init__.py fail2ban-testcases-all
fail2ban-testcases-all-python3
fail2ban/tests/action_d/__init__.py fail2ban/tests/action_d/__init__.py
fail2ban/tests/action_d/test_badips.py fail2ban/tests/action_d/test_badips.py
fail2ban/tests/action_d/test_smtp.py fail2ban/tests/action_d/test_smtp.py
@ -218,33 +213,34 @@ fail2ban/tests/config/paths-osx.conf
fail2ban/tests/databasetestcase.py fail2ban/tests/databasetestcase.py
fail2ban/tests/datedetectortestcase.py fail2ban/tests/datedetectortestcase.py
fail2ban/tests/dummyjail.py fail2ban/tests/dummyjail.py
fail2ban/tests/fail2banregextestcase.py
fail2ban/tests/failmanagertestcase.py fail2ban/tests/failmanagertestcase.py
fail2ban/tests/files/action.d/action.py
fail2ban/tests/files/action.d/action_checkainfo.py fail2ban/tests/files/action.d/action_checkainfo.py
fail2ban/tests/files/action.d/action_errors.py fail2ban/tests/files/action.d/action_errors.py
fail2ban/tests/files/action.d/action_modifyainfo.py fail2ban/tests/files/action.d/action_modifyainfo.py
fail2ban/tests/files/action.d/action_noAction.py fail2ban/tests/files/action.d/action_noAction.py
fail2ban/tests/files/action.d/action_nomethod.py fail2ban/tests/files/action.d/action_nomethod.py
fail2ban/tests/files/config/apache-auth/README fail2ban/tests/files/action.d/action.py
fail2ban/tests/files/config/apache-auth/basic/authz_owner/cant_get_me.html
fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htaccess fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htaccess
fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd
fail2ban/tests/files/config/apache-auth/basic/authz_owner/cant_get_me.html
fail2ban/tests/files/config/apache-auth/basic/file/.htaccess fail2ban/tests/files/config/apache-auth/basic/file/.htaccess
fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd
fail2ban/tests/files/config/apache-auth/digest.py
fail2ban/tests/files/config/apache-auth/digest/.htaccess
fail2ban/tests/files/config/apache-auth/digest/.htpasswd
fail2ban/tests/files/config/apache-auth/digest_anon/.htaccess fail2ban/tests/files/config/apache-auth/digest_anon/.htaccess
fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd
fail2ban/tests/files/config/apache-auth/digest/.htaccess
fail2ban/tests/files/config/apache-auth/digest/.htpasswd
fail2ban/tests/files/config/apache-auth/digest.py
fail2ban/tests/files/config/apache-auth/digest_time/.htaccess fail2ban/tests/files/config/apache-auth/digest_time/.htaccess
fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd
fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess
fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd
fail2ban/tests/files/config/apache-auth/noentry/.htaccess fail2ban/tests/files/config/apache-auth/noentry/.htaccess
fail2ban/tests/files/config/apache-auth/README
fail2ban/tests/files/database_v1.db fail2ban/tests/files/database_v1.db
fail2ban/tests/files/filter.d/substition.conf fail2ban/tests/files/filter.d/substition.conf
fail2ban/tests/files/filter.d/testcase-common.conf
fail2ban/tests/files/filter.d/testcase01.conf fail2ban/tests/files/filter.d/testcase01.conf
fail2ban/tests/files/filter.d/testcase-common.conf
fail2ban/tests/files/ignorecommand.py fail2ban/tests/files/ignorecommand.py
fail2ban/tests/files/logs/3proxy fail2ban/tests/files/logs/3proxy
fail2ban/tests/files/logs/apache-auth fail2ban/tests/files/logs/apache-auth
@ -276,16 +272,20 @@ fail2ban/tests/files/logs/freeswitch
fail2ban/tests/files/logs/groupoffice fail2ban/tests/files/logs/groupoffice
fail2ban/tests/files/logs/gssftpd fail2ban/tests/files/logs/gssftpd
fail2ban/tests/files/logs/guacamole fail2ban/tests/files/logs/guacamole
fail2ban/tests/files/logs/haproxy-http-auth
fail2ban/tests/files/logs/horde fail2ban/tests/files/logs/horde
fail2ban/tests/files/logs/kerio fail2ban/tests/files/logs/kerio
fail2ban/tests/files/logs/lighttpd-auth fail2ban/tests/files/logs/lighttpd-auth
fail2ban/tests/files/logs/monit fail2ban/tests/files/logs/monit
fail2ban/tests/files/logs/murmur
fail2ban/tests/files/logs/mysqld-auth fail2ban/tests/files/logs/mysqld-auth
fail2ban/tests/files/logs/nagios fail2ban/tests/files/logs/nagios
fail2ban/tests/files/logs/named-refused fail2ban/tests/files/logs/named-refused
fail2ban/tests/files/logs/nginx-botsearch fail2ban/tests/files/logs/nginx-botsearch
fail2ban/tests/files/logs/nginx-http-auth fail2ban/tests/files/logs/nginx-http-auth
fail2ban/tests/files/logs/nginx-limit-req
fail2ban/tests/files/logs/nsd fail2ban/tests/files/logs/nsd
fail2ban/tests/files/logs/openhab
fail2ban/tests/files/logs/openwebmail fail2ban/tests/files/logs/openwebmail
fail2ban/tests/files/logs/oracleims fail2ban/tests/files/logs/oracleims
fail2ban/tests/files/logs/pam-generic fail2ban/tests/files/logs/pam-generic
@ -300,6 +300,7 @@ fail2ban/tests/files/logs/pure-ftpd
fail2ban/tests/files/logs/qmail fail2ban/tests/files/logs/qmail
fail2ban/tests/files/logs/recidive fail2ban/tests/files/logs/recidive
fail2ban/tests/files/logs/roundcube-auth fail2ban/tests/files/logs/roundcube-auth
fail2ban/tests/files/logs/screensharingd
fail2ban/tests/files/logs/selinux-ssh fail2ban/tests/files/logs/selinux-ssh
fail2ban/tests/files/logs/sendmail-auth fail2ban/tests/files/logs/sendmail-auth
fail2ban/tests/files/logs/sendmail-reject fail2ban/tests/files/logs/sendmail-reject
@ -319,14 +320,16 @@ fail2ban/tests/files/logs/vsftpd
fail2ban/tests/files/logs/webmin-auth fail2ban/tests/files/logs/webmin-auth
fail2ban/tests/files/logs/wuftpd fail2ban/tests/files/logs/wuftpd
fail2ban/tests/files/logs/xinetd-fail fail2ban/tests/files/logs/xinetd-fail
fail2ban/tests/files/testcase-journal.log
fail2ban/tests/files/testcase-multiline.log
fail2ban/tests/files/testcase-usedns.log
fail2ban/tests/files/testcase01.log fail2ban/tests/files/testcase01.log
fail2ban/tests/files/testcase02.log fail2ban/tests/files/testcase02.log
fail2ban/tests/files/testcase03.log fail2ban/tests/files/testcase03.log
fail2ban/tests/files/testcase04.log fail2ban/tests/files/testcase04.log
fail2ban/tests/files/testcase-journal.log
fail2ban/tests/files/testcase-multiline.log
fail2ban/tests/files/testcase-usedns.log
fail2ban/tests/files/testcase-wrong-char.log
fail2ban/tests/filtertestcase.py fail2ban/tests/filtertestcase.py
fail2ban/tests/__init__.py
fail2ban/tests/misctestcase.py fail2ban/tests/misctestcase.py
fail2ban/tests/samplestestcase.py fail2ban/tests/samplestestcase.py
fail2ban/tests/servertestcase.py fail2ban/tests/servertestcase.py
@ -335,13 +338,13 @@ fail2ban/tests/tickettestcase.py
fail2ban/tests/utils.py fail2ban/tests/utils.py
fail2ban/version.py fail2ban/version.py
files/bash-completion files/bash-completion
files/cacti/README
files/cacti/cacti_host_template_fail2ban.xml files/cacti/cacti_host_template_fail2ban.xml
files/cacti/fail2ban_stats.sh files/cacti/fail2ban_stats.sh
files/cacti/README
files/debian-initd files/debian-initd
files/fail2ban-logrotate files/fail2ban-logrotate
files/fail2ban-tmpfiles.conf
files/fail2ban.service files/fail2ban.service
files/fail2ban-tmpfiles.conf
files/fail2ban.upstart files/fail2ban.upstart
files/gen_badbots files/gen_badbots
files/gentoo-confd files/gentoo-confd
@ -350,21 +353,28 @@ files/ipmasq-ZZZzzz_fail2ban.rul
files/logwatch/fail2ban files/logwatch/fail2ban
files/macosx-initd files/macosx-initd
files/monit/fail2ban files/monit/fail2ban
files/nagios/README
files/nagios/check_fail2ban files/nagios/check_fail2ban
files/nagios/README
files/redhat-initd files/redhat-initd
files/solaris-fail2ban.xml files/solaris-fail2ban.xml
files/solaris-svc-fail2ban files/solaris-svc-fail2ban
files/suse-initd files/suse-initd
FILTERS
kill-server kill-server
man/fail2ban.1
man/fail2ban-client.1 man/fail2ban-client.1
man/fail2ban-client.h2m man/fail2ban-client.h2m
man/fail2ban-regex.1 man/fail2ban-regex.1
man/fail2ban-regex.h2m man/fail2ban-regex.h2m
man/fail2ban-server.1 man/fail2ban-server.1
man/fail2ban-server.h2m man/fail2ban-server.h2m
man/fail2ban.1
man/generate-man man/generate-man
man/jail.conf.5 man/jail.conf.5
README.md
README.Solaris
RELEASE
setup.cfg setup.cfg
setup.py setup.py
THANKS
TODO
Vagrantfile

6
README.md
View File

@ -2,7 +2,7 @@
/ _|__ _(_) |_ ) |__ __ _ _ _ / _|__ _(_) |_ ) |__ __ _ _ _
| _/ _` | | |/ /| '_ \/ _` | ' \ | _/ _` | | |/ /| '_ \/ _` | ' \
|_| \__,_|_|_/___|_.__/\__,_|_||_| |_| \__,_|_|_/___|_.__/\__,_|_||_|
v0.9.3.dev 2015/XX/XX v0.9.4.dev0 2016/??/??
## Fail2Ban: ban hosts that cause multiple authentication errors ## Fail2Ban: ban hosts that cause multiple authentication errors
@ -39,8 +39,8 @@ Optional:
To install, just do: To install, just do:
tar xvfj fail2ban-0.9.3.tar.bz2 tar xvfj fail2ban-0.9.4.tar.bz2
cd fail2ban-0.9.3 cd fail2ban-0.9.4
python setup.py install python setup.py install
This will install Fail2Ban into the python library directory. The executable This will install Fail2Ban into the python library directory. The executable

7
RELEASE
View File

@ -51,6 +51,11 @@ Preparation
find -type f | grep -v -e '\.git' -e '/doc/' -e '\.travis' -e MANIFEST | sed -e 's,^\./,,g' | while read f; do grep -ne "^$f\$" MANIFEST >/dev/null || echo "$f" ; done find -type f | grep -v -e '\.git' -e '/doc/' -e '\.travis' -e MANIFEST | sed -e 's,^\./,,g' | while read f; do grep -ne "^$f\$" MANIFEST >/dev/null || echo "$f" ; done
or an alternative for comparison with previous release
git diff 0.9.4 | grep -B2 'index 0000000..' | grep -B1 'new file mode' | sed -n -e '/^diff /s,.* b/,,gp' >> MANIFEST
sort MANIFEST | uniq | sponge MANIFEST
* Run:: * Run::
python setup.py sdist python setup.py sdist
@ -185,7 +190,7 @@ Post Release
Add the following to the top of the ChangeLog:: Add the following to the top of the ChangeLog::
ver. 0.9.5 (2015/XX/XXX) - wanna-be-released ver. 0.9.6 (2016/XX/XXX) - wanna-be-released
----------- -----------
- Fixes: - Fixes:

2
THANKS
View File

@ -12,6 +12,7 @@ Adrien Clerc
ache ache
ag4ve (Shawn) ag4ve (Shawn)
Alasdair D. Campbell Alasdair D. Campbell
Alexandre Perrin (kAworu)
Amir Caspi Amir Caspi
Amy Amy
Andrew St. Jean Andrew St. Jean
@ -34,6 +35,7 @@ Daniel B. Cid
Daniel B. Daniel B.
Daniel Black Daniel Black
David Nutter David Nutter
David Reagan (jerrac)
Derek Atkins Derek Atkins
Donald Yandt Donald Yandt
Eric Gerbier Eric Gerbier

4
bin/fail2ban-client
View File

@ -376,8 +376,10 @@ class Fail2banClient:
logSys.setLevel(logging.WARNING) logSys.setLevel(logging.WARNING)
elif verbose == 2: elif verbose == 2:
logSys.setLevel(logging.INFO) logSys.setLevel(logging.INFO)
else: elif verbose == 3:
logSys.setLevel(logging.DEBUG) logSys.setLevel(logging.DEBUG)
else:
logSys.setLevel(logging.HEAVYDEBUG)
# Add the default logging handler to dump to stderr # Add the default logging handler to dump to stderr
logout = logging.StreamHandler(sys.stderr) logout = logging.StreamHandler(sys.stderr)
# set a format which is simpler for console use # set a format which is simpler for console use

2
config/action.d/firewallcmd-allports.conf
View File

@ -6,7 +6,7 @@
[INCLUDES] [INCLUDES]
before = iptables-blocktype.conf before = iptables-common.conf
[Definition] [Definition]

6
config/action.d/firewallcmd-multiport.conf
View File

@ -5,15 +5,15 @@
[INCLUDES] [INCLUDES]
before = iptables-blocktype.conf before = iptables-common.conf
[Definition] [Definition]
actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name> actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name> firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name> actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
firewall-cmd --direct --remove-rules ipv4 filter f2b-<name> firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
firewall-cmd --direct --remove-chain ipv4 filter f2b-<name> firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>

65
config/action.d/firewallcmd-rich-logging.conf Normal file
View File

@ -0,0 +1,65 @@
# Fail2Ban configuration file
#
# Author: Donald Yandt
#
# Because of the rich rule commands requires firewalld-0.3.1+
# This action uses firewalld rich-rules which gives you a cleaner iptables since it stores rules according to zones and not
# by chain. So for an example all deny rules will be listed under <zone>_deny and all log rules under <zone>_log.
#
# Also this action logs banned access attempts so you can filter that and increase ban time for offenders.
#
# If you use the --permanent rule you get a xml file in /etc/firewalld/zones/<zone>.xml that can be shared and parsed easliy
#
# Example commands to view rules:
# firewall-cmd [--zone=<zone>] --list-rich-rules
# firewall-cmd [--zone=<zone>] --list-all
# firewall-cmd [--zone=zone] --query-rich-rule='rule'
[Definition]
actionstart =
actionstop =
actioncheck =
# you can also use zones and/or service names.
#
# zone example:
# firewall-cmd --zone=<zone> --add-rich-rule="rule family='ipv4' source address='<ip>' port port='<port>' protocol='<protocol>' log prefix='f2b-<name>' level='<level>' limit value='<rate>/m' <blocktype>"
# service name example:
# firewall-cmd --zone=<zone> --add-rich-rule="rule family='ipv4' source address='<ip>' service name='<service>' log prefix='f2b-<name>' level='<level>' limit value='<rate>/m' <blocktype>"
# Because rich rules can only handle single or a range of ports we must split ports and execute the command for each port. Ports can be single and ranges seperated by a comma or space for an example: http, https, 22-60, 18 smtp
actionban = ports="<port>"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='<ip>' port port='$p' protocol='<protocol>' log prefix='f2b-<name>' level='<level>' limit value='<rate>/m' <blocktype>"; done
actionunban = ports="<port>"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='<ip>' port port='$p' protocol='<protocol>' log prefix='f2b-<name>' level='<level>' limit value='<rate>/m' <blocktype>"; done
[Init]
name = default
# log levels are "emerg", "alert", "crit", "error", "warning", "notice", "info" or "debug"
level = info
# log rate per minute
rate = 1
zone = public
# use command firewall-cmd --get-services to see a list of services available
#
# Examples:
#
# amanda-client amanda-k5-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns freeipa-ldap freeipa-ldaps
# freeipa-replication ftp high-availability http https imaps ipp ipp-client ipsec iscsi-target kadmin kerberos
# kpasswd ldap ldaps libvirt libvirt-tls mdns mosh mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s
# postgresql privoxy proxy-dhcp puppetmaster radius rpc-bind rsyncd samba samba-client sane smtp squid ssh synergy
# telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server
service = ssh
# reject types: 'icmp-net-unreachable', 'icmp-host-unreachable', 'icmp-port-unreachable', 'icmp-proto-unreachable',
# 'icmp-net-prohibited', 'icmp-host-prohibited', 'icmp-admin-prohibited' or 'tcp-reset'
blocktype = reject type='icmp-port-unreachable'

57
config/action.d/firewallcmd-rich-rules.conf Normal file
View File

@ -0,0 +1,57 @@
# Fail2Ban configuration file
#
# Author: Donald Yandt
#
# Because of the rich rule commands requires firewalld-0.3.1+
# This action uses firewalld rich-rules which gives you a cleaner iptables since it stores rules according to zones and not
# by chain. So for an example all deny rules will be listed under <zone>_deny.
#
# If you use the --permanent rule you get a xml file in /etc/firewalld/zones/<zone>.xml that can be shared and parsed easliy
#
# Example commands to view rules:
# firewall-cmd [--zone=<zone>] --list-rich-rules
# firewall-cmd [--zone=<zone>] --list-all
# firewall-cmd [--zone=zone] --query-rich-rule='rule'
[Definition]
actionstart =
actionstop =
actioncheck =
#you can also use zones and/or service names.
#
# zone example:
# firewall-cmd --zone=<zone> --add-rich-rule="rule family='ipv4' source address='<ip>' port port='<port>' protocol='<protocol>' <blocktype>"
# service name example:
# firewall-cmd --zone=<zone> --add-rich-rule="rule family='ipv4' source address='<ip>' service name='<service>' <blocktype>"
# Because rich rules can only handle single or a range of ports we must split ports and execute the command for each port. Ports can be single and ranges seperated by a comma or space for an example: http, https, 22-60, 18 smtp
actionban = ports="<port>"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='<ip>' port port='$p' protocol='<protocol>' <blocktype>"; done
actionunban = ports="<port>"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='<ip>' port port='$p' protocol='<protocol>' <blocktype>"; done
[Init]
name = default
zone = public
# use command firewall-cmd --get-services to see a list of services available
#
# Examples:
#
# amanda-client amanda-k5-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns freeipa-ldap freeipa-ldaps
# freeipa-replication ftp high-availability http https imaps ipp ipp-client ipsec iscsi-target kadmin kerberos
# kpasswd ldap ldaps libvirt libvirt-tls mdns mosh mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s
# postgresql privoxy proxy-dhcp puppetmaster radius rpc-bind rsyncd samba samba-client sane smtp squid ssh synergy
# telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server
service = ssh
# reject types: 'icmp-net-unreachable', 'icmp-host-unreachable', 'icmp-port-unreachable', 'icmp-proto-unreachable',
# 'icmp-net-prohibited', 'icmp-host-prohibited', 'icmp-admin-prohibited' or 'tcp-reset'
blocktype = reject type='icmp-port-unreachable'

4
config/filter.d/dovecot.conf
View File

@ -13,6 +13,7 @@ failregex = ^%(__prefix_line)s(%(__pam_auth)s(\(dovecot:auth\))?:)?\s+authentica
^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\):( user=<\S*>,)?( method=\S+,)? rip=<HOST>(, lip=(\d{1,3}\.){3}\d{1,3})?(, TLS( handshaking(: SSL_accept\(\) failed: error:[\dA-F]+:SSL routines:[TLS\d]+_GET_CLIENT_HELLO:unknown protocol)?)?(: Disconnected)?)?(, session=<\S+>)?\s*$ ^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\):( user=<\S*>,)?( method=\S+,)? rip=<HOST>(, lip=(\d{1,3}\.){3}\d{1,3})?(, TLS( handshaking(: SSL_accept\(\) failed: error:[\dA-F]+:SSL routines:[TLS\d]+_GET_CLIENT_HELLO:unknown protocol)?)?(: Disconnected)?)?(, session=<\S+>)?\s*$
^%(__prefix_line)s(Info|dovecot: auth\(default\)|auth-worker\(\d+\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\))\s*$ ^%(__prefix_line)s(Info|dovecot: auth\(default\)|auth-worker\(\d+\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\))\s*$
^%(__prefix_line)s(auth|auth-worker\(\d+\)): (pam|passwd-file)\(\S+,<HOST>\): unknown user\s*$ ^%(__prefix_line)s(auth|auth-worker\(\d+\)): (pam|passwd-file)\(\S+,<HOST>\): unknown user\s*$
^%(__prefix_line)s(auth|auth-worker\(\d+\)): Info: ldap\(\S*,<HOST>,\S*\): invalid credentials\s*$
ignoreregex = ignoreregex =
@ -22,9 +23,10 @@ journalmatch = _SYSTEMD_UNIT=dovecot.service
# DEV Notes: # DEV Notes:
# * the first regex is essentially a copy of pam-generic.conf # * the first regex is essentially a copy of pam-generic.conf
# * Probably doesn't do dovecot sql/ldap backends properly # * Probably doesn't do dovecot sql/ldap backends properly (resolved in edit 21/03/2016)
# * Removed the 'no auth attempts' log lines from the matches because produces # * Removed the 'no auth attempts' log lines from the matches because produces
# lots of false positives on misconfigured MTAs making regexp unusable # lots of false positives on misconfigured MTAs making regexp unusable
# #
# Author: Martin Waschbuesch # Author: Martin Waschbuesch
# Daniel Black (rewrote with begin and end anchors) # Daniel Black (rewrote with begin and end anchors)
# Martin O'Neal (added LDAP authentication failure regex)

12
config/filter.d/exim.conf
View File

@ -14,10 +14,13 @@ before = exim-common.conf
[Definition] [Definition]
failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$ failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$
^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\](:\d+)?( I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$ ^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\](:\d+)?( I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (relay not permitted|Sender verify failed|Unknown user)\s*$ ^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (relay not permitted|Sender verify failed|Unknown user)\s*$
^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$ ^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$
^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\](:\d+)? )?dropped: too many nonmail commands \(last was "\S+"\)\s*$ ^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\](:\d+)? )?dropped: too many nonmail commands \(last was "\S+"\)\s*$
^%(pid)s SMTP protocol error in "AUTH \S*(| \S*)" H=(|\S* )(|\(\S*\) )\[<HOST>\]\:\d+ I=\[\S*\]\:\d+ AUTH command used when not advertised\s*$
^%(pid)s no MAIL in SMTP connection from (|\S* )(|\(\S*\) )\[<HOST>\]\:\d+ I=\[\S*\]\:\d+ D=\d+s(| C=\S*)\s*$
^%(pid)s \S+ SMTP connection from (|\S* )(|\(\S*\) )\[<HOST>\]\:\d+ I=\[\S*\]\:\d+ closed by DROP in ACL\s*$
ignoreregex = ignoreregex =
@ -30,3 +33,4 @@ ignoreregex =
# #
# Author: Cyril Jaquier # Author: Cyril Jaquier
# Daniel Black (rewrote with strong regexs) # Daniel Black (rewrote with strong regexs)
# Martin O'Neal (added additional regexs to detect authentication failures, protocol errors, and drops)

2
config/filter.d/freeswitch.conf
View File

@ -16,7 +16,7 @@ failregex = ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ SIP auth (failure|challenge) \((
ignoreregex = ignoreregex =
# Author: Rupa SChomaker, soapee01, Daniel Black # Author: Rupa SChomaker, soapee01, Daniel Black
# http://wiki.freeswitch.org/wiki/Fail2ban # https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban
# Thanks to Jim on mailing list of samples and guidance # Thanks to Jim on mailing list of samples and guidance
# #
# No need to match the following. Its a duplicate of the SIP auth regex. # No need to match the following. Its a duplicate of the SIP auth regex.

15
config/filter.d/monit.conf
View File

@ -2,9 +2,20 @@
# #
# #
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition] [Definition]
failregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied unknown user '\w+' accessing monit httpd$ _daemon = monit
^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied wrong password for user '\w+' accessing monit httpd$
# Regexp for previous (accessing monit httpd) and new (access denied) versions
failregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied (?:unknown user '[^']+'|wrong password for user '[^']*') accessing monit httpd$
^%(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '[^']+'|wrong password for user '[^']*'|empty password)$
# Ignore login with empty user (first connect, no user specified)
# ignoreregex = %(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '')
ignoreregex = ignoreregex =

2
config/filter.d/postfix-sasl.conf
View File

@ -7,7 +7,7 @@ before = common.conf
[Definition] [Definition]
_daemon = postfix(-\w+)?/(submission/)?smtp(d|s) _daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds]
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$ failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$

2
config/filter.d/postfix.conf
View File

@ -10,7 +10,7 @@ before = common.conf
[Definition] [Definition]
_daemon = postfix(-\w+)?/(submission/)?smtp(d|s) _daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds]
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$ failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$

4
config/filter.d/pure-ftpd.conf
View File

@ -21,6 +21,10 @@ failregex = ^%(__prefix_line)s\(.+?@<HOST>\) \[WARNING\] %(__errmsg)s\s*$
ignoreregex = ignoreregex =
[Init]
journalmatch = _SYSTEMD_UNIT=pure-ftpd.service + _COMM=pure-ftpd
# Author: Cyril Jaquier # Author: Cyril Jaquier
# Modified: Yaroslav Halchenko for pure-ftpd # Modified: Yaroslav Halchenko for pure-ftpd
# Documentation thanks to Blake on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal # Documentation thanks to Blake on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal

2
config/filter.d/sshd.conf
View File

@ -18,7 +18,7 @@ before = common.conf
_daemon = sshd _daemon = sshd
failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$ failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error|failed) for .* from <HOST>( via \S+)?\s*$
^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$ ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
^%(__prefix_line)sFailed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(__md5hex)s(, client user ".*", client host ".*")?))?\s*$ ^%(__prefix_line)sFailed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(__md5hex)s(, client user ".*", client host ".*")?))?\s*$
^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$ ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$

4
config/paths-fedora.conf
View File

@ -34,7 +34,8 @@ apache_access_log = /var/log/httpd/*access_log
exim_main_log = /var/log/exim/main.log exim_main_log = /var/log/exim/main.log
mysql_log = /var/lib/mysql/mysqld.log mysql_log = /var/log/mariadb/mariadb.log
/var/log/mysqld.log
roundcube_errors_log = /var/log/roundcubemail/errors roundcube_errors_log = /var/log/roundcubemail/errors
@ -48,4 +49,3 @@ pureftpd_backend = systemd
wuftpd_backend = systemd wuftpd_backend = systemd
postfix_backend = systemd postfix_backend = systemd
dovecot_backend = systemd dovecot_backend = systemd
mysql_backend = systemd

2
fail2ban/client/fail2banregex.py
View File

@ -61,7 +61,7 @@ def debuggexURL(sample, regex):
q = urllib.urlencode({ 're': regex.replace('<HOST>', '(?&.ipv4)'), q = urllib.urlencode({ 're': regex.replace('<HOST>', '(?&.ipv4)'),
'str': sample, 'str': sample,
'flavor': 'python' }) 'flavor': 'python' })
return 'http://www.debuggex.com/?' + q return 'https://www.debuggex.com/?' + q
def output(args): def output(args):
print(args) print(args)

43
fail2ban/tests/banmanagertestcase.py
View File

@ -28,7 +28,7 @@ import unittest
from ..server.banmanager import BanManager from ..server.banmanager import BanManager
from ..server.ticket import BanTicket from ..server.ticket import BanTicket
from .utils import assert_dict_equal
class AddFailure(unittest.TestCase): class AddFailure(unittest.TestCase):
def setUp(self): def setUp(self):
@ -122,15 +122,10 @@ class StatusExtendedCymruInfo(unittest.TestCase):
def testCymruInfo(self): def testCymruInfo(self):
cymru_info = self.__banManager.getBanListExtendedCymruInfo() cymru_info = self.__banManager.getBanListExtendedCymruInfo()
if "assertDictEqual" in dir(self): assert_dict_equal(cymru_info,
self.assertDictEqual(cymru_info, {"asn": [self.__asn], {"asn": [self.__asn],
"country": [self.__country], "country": [self.__country],
"rir": [self.__rir]}) "rir": [self.__rir]})
else:
# Python 2.6 does not support assertDictEqual()
self.assertEqual(cymru_info["asn"], [self.__asn])
self.assertEqual(cymru_info["country"], [self.__country])
self.assertEqual(cymru_info["rir"], [self.__rir])
def testCymruInfoASN(self): def testCymruInfoASN(self):
self.assertEqual( self.assertEqual(
@ -148,16 +143,24 @@ class StatusExtendedCymruInfo(unittest.TestCase):
[self.__rir]) [self.__rir])
def testCymruInfoNxdomain(self): def testCymruInfoNxdomain(self):
ticket = BanTicket("10.0.0.0", 1167605999.0)
self.__banManager = BanManager() self.__banManager = BanManager()
# non-existing IP
ticket = BanTicket("0.0.0.0", 1167605999.0)
self.assertTrue(self.__banManager.addBanTicket(ticket)) self.assertTrue(self.__banManager.addBanTicket(ticket))
cymru_info = self.__banManager.getBanListExtendedCymruInfo() cymru_info = self.__banManager.getBanListExtendedCymruInfo()
if "assertDictEqual" in dir(self): assert_dict_equal(cymru_info,
self.assertDictEqual(cymru_info, {"asn": ["nxdomain"], {"asn": ["nxdomain"],
"country": ["nxdomain"], "country": ["nxdomain"],
"rir": ["nxdomain"]}) "rir": ["nxdomain"]})
else:
# Python 2.6 does not support assertDictEqual() # even for private IPs ASNs defined
self.assertEqual(cymru_info["asn"], ["nxdomain"]) # Since it outputs for all active tickets we would get previous results
self.assertEqual(cymru_info["country"], ["nxdomain"]) # and new ones
self.assertEqual(cymru_info["rir"], ["nxdomain"]) ticket = BanTicket("10.0.0.0", 1167606000.0)
self.assertTrue(self.__banManager.addBanTicket(ticket))
cymru_info = self.__banManager.getBanListExtendedCymruInfo()
assert_dict_equal(cymru_info,
{"asn": ["nxdomain", "4565",],
"country": ["nxdomain", "unknown"],
"rir": ["nxdomain", "other"]})

7
fail2ban/tests/fail2banregextestcase.py
View File

@ -40,6 +40,7 @@ except ImportError:
from ..client import fail2banregex from ..client import fail2banregex
from ..client.fail2banregex import Fail2banRegex, get_opt_parser, output from ..client.fail2banregex import Fail2banRegex, get_opt_parser, output
from .utils import LogCaptureTestCase, logSys from .utils import LogCaptureTestCase, logSys
from .utils import CONFIG_DIR
fail2banregex.logSys = logSys fail2banregex.logSys = logSys
@ -48,8 +49,6 @@ def _test_output(*args):
fail2banregex.output = _test_output fail2banregex.output = _test_output
CONF_FILES_DIR = os.path.abspath(
os.path.join(os.path.dirname(__file__),"..", "..", "config"))
TEST_FILES_DIR = os.path.join(os.path.dirname(__file__), "files") TEST_FILES_DIR = os.path.join(os.path.dirname(__file__), "files")
@ -66,7 +65,7 @@ class Fail2banRegexTest(LogCaptureTestCase):
FILENAME_02 = os.path.join(TEST_FILES_DIR, "testcase02.log") FILENAME_02 = os.path.join(TEST_FILES_DIR, "testcase02.log")
FILENAME_WRONGCHAR = os.path.join(TEST_FILES_DIR, "testcase-wrong-char.log") FILENAME_WRONGCHAR = os.path.join(TEST_FILES_DIR, "testcase-wrong-char.log")
FILTER_SSHD = os.path.join(CONF_FILES_DIR, 'filter.d', 'sshd.conf') FILTER_SSHD = os.path.join(CONFIG_DIR, 'filter.d', 'sshd.conf')
def setUp(self): def setUp(self):
"""Call before every test case.""" """Call before every test case."""
@ -176,6 +175,6 @@ class Fail2banRegexTest(LogCaptureTestCase):
self.assertTrue(fail2banRegex.start(opts, args)) self.assertTrue(fail2banRegex.start(opts, args))
self.assertLogged('Lines: 4 lines, 0 ignored, 2 matched, 2 missed') self.assertLogged('Lines: 4 lines, 0 ignored, 2 matched, 2 missed')
self.assertLogged('http://') self.assertLogged('https://')

3
fail2ban/tests/files/logs/dovecot
View File

@ -70,3 +70,6 @@ Jun 13 21:48:06 platypus dovecot: pop3-login: Disconnected: Inactivity (no auth
Jun 13 20:20:21 platypus dovecot: imap-login: Disconnected (no auth attempts): rip=180.189.168.166, lip=113.212.99.194, TLS handshaking: Disconnected Jun 13 20:20:21 platypus dovecot: imap-login: Disconnected (no auth attempts): rip=180.189.168.166, lip=113.212.99.194, TLS handshaking: Disconnected
# failJSON: { "time": "2005-07-02T13:49:32", "match": false , "host": "192.51.100.13" } # failJSON: { "time": "2005-07-02T13:49:32", "match": false , "host": "192.51.100.13" }
Jul 02 13:49:32 hostname dovecot[442]: pop3-login: Disconnected (no auth attempts in 58 secs): user=<>, rip=192.51.100.13, lip=203.0.113.17, session=<LgDINsQCkttVIMPg> Jul 02 13:49:32 hostname dovecot[442]: pop3-login: Disconnected (no auth attempts in 58 secs): user=<>, rip=192.51.100.13, lip=203.0.113.17, session=<LgDINsQCkttVIMPg>
# failJSON: { "time": "2005-03-23T06:10:52", "match": true , "host": "52.37.139.121" }
Mar 23 06:10:52 auth: Info: ldap(dog,52.37.139.121,): invalid credentials

20
fail2ban/tests/files/logs/exim
View File

@ -43,3 +43,23 @@
# failJSON: { "time": "2014-12-02T03:00:23", "match": true , "host": "193.254.202.35" } # failJSON: { "time": "2014-12-02T03:00:23", "match": true , "host": "193.254.202.35" }
2014-12-02 03:00:23 auth_plain authenticator failed for (rom182) [193.254.202.35]:41556 I=[10.0.0.1]:25: 535 Incorrect authentication data (set_id=webmaster) 2014-12-02 03:00:23 auth_plain authenticator failed for (rom182) [193.254.202.35]:41556 I=[10.0.0.1]:25: 535 Incorrect authentication data (set_id=webmaster)
# failJSON: { "time": "2016-03-18T00:34:06", "match": true , "host": "45.32.34.167" }
2016-03-18 00:34:06 [7513] SMTP protocol error in "AUTH LOGIN" H=(ylmf-pc) [45.32.34.167]:60723 I=[172.89.0.6]:587 AUTH command used when not advertised
# failJSON: { "time": "2016-03-19T18:40:44", "match": true , "host": "92.45.204.170" }
2016-03-19 18:40:44 [26221] SMTP protocol error in "AUTH LOGIN aW5mb0BtYW5iYXQub3Jn" H=([127.0.0.1]) [92.45.204.170]:14243 I=[172.89.0.6]:587 AUTH command used when not advertised
# failJSON: { "time": "2016-03-21T06:38:05", "match": true , "host": "49.212.207.15" }
2016-03-21 06:38:05 [5718] no MAIL in SMTP connection from www3005.sakura.ne.jp [49.212.207.15]:28890 I=[172.89.0.6]:25 D=21s C=EHLO,STARTTLS
# failJSON: { "time": "2016-03-21T06:57:36", "match": true , "host": "122.165.71.116" }
2016-03-21 06:57:36 [5908] no MAIL in SMTP connection from [122.165.71.116]:2056 I=[172.89.0.6]:25 D=10s
# failJSON: { "time": "2016-03-21T04:07:49", "match": true , "host": "174.137.147.204" }
2016-03-21 04:07:49 [25874] 1ahr79-0006jK-G9 SMTP connection from (voyeur.webair.com) [174.137.147.204]:44884 I=[172.89.0.6]:25 closed by DROP in ACL
# failJSON: { "time": "2016-03-21T04:33:13", "match": true , "host": "206.214.71.53" }
2016-03-21 04:33:13 [26074] 1ahrVl-0006mY-79 SMTP connection from riveruse.com [206.214.71.53]:39865 I=[172.89.0.6]:25 closed by DROP in ACL
# failJSON: { "time": "2016-04-01T11:08:39", "match": true , "host": "192.0.2.1" }
2016-04-01 11:08:39 [18643] no MAIL in SMTP connection from host.example.com (SERVER) [192.0.2.1]:1418 I=[172.89.0.6]:25 D=34s C=EHLO,AUTH
# failJSON: { "time": "2016-04-01T11:09:21", "match": true , "host": "192.0.2.1" }
2016-04-01 11:09:21 [18648] SMTP protocol error in "AUTH LOGIN" H=host.example.com (SERVER) [192.0.2.1]:4692 I=[172.89.0.6]:25 AUTH command used when not advertised
# failJSON: { "time": "2016-03-27T16:48:48", "match": true , "host": "192.0.2.1" }
2016-03-27 16:48:48 [21478] 1akDqs-0005aQ-9b SMTP connection from host.example.com (SERVER) [192.0.2.1]:47714 I=[172.89.0.6]:25 closed by DROP in ACL

17
fail2ban/tests/files/logs/monit
View File

@ -1,6 +1,21 @@
# Previous version --
# failJSON: { "time": "2005-04-16T21:05:29", "match": true , "host": "69.93.127.111" } # failJSON: { "time": "2005-04-16T21:05:29", "match": true , "host": "69.93.127.111" }
[PDT Apr 16 21:05:29] error : Warning: Client '69.93.127.111' supplied unknown user 'foo' accessing monit httpd [PDT Apr 16 21:05:29] error : Warning: Client '69.93.127.111' supplied unknown user 'foo' accessing monit httpd
# failJSON: { "time": "2005-04-16T20:59:33", "match": true , "host": "97.113.189.111" } # failJSON: { "time": "2005-04-16T20:59:33", "match": true , "host": "97.113.189.111" }
[PDT Apr 16 20:59:33] error : Warning: Client '97.113.189.111' supplied wrong password for user 'admin' accessing monit httpd [PDT Apr 16 20:59:33] error : Warning: Client '97.113.189.111' supplied wrong password for user 'admin' accessing monit httpd
# Current version -- corresponding "https://bitbucket.org/tildeslash/monit/src/6905335aa903d425cae732cab766bd88ea5f2d1d/src/http/processor.c?at=master&fileviewer=file-view-default#processor.c-728"
# failJSON: { "time": "2005-03-09T09:18:28", "match": false, "desc": "should be ignored: no login" }
Mar 9 09:18:28 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3.4: missing or invalid Authorization header
# failJSON: { "time": "2005-03-09T09:18:28", "match": false, "desc": "should be ignored: no login" }
Mar 9 09:18:28 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3.4: invalid Authorization header
# failJSON: { "time": "2005-03-09T09:18:29", "match": false, "desc": "should be ignored: connect, still no user specified" }
Mar 9 09:18:29 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3.4: empty username
# failJSON: { "time": "2005-03-09T09:18:31", "match": false, "desc": "should be ignored: connect, still no user specified" }
Mar 9 09:18:31 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3.4: unknown user ''
# failJSON: { "time": "2005-03-09T09:18:32", "match": true, "host": "1.2.3.4", "desc": "no password try" }
Mar 9 09:18:32 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3.4: empty password
# failJSON: { "time": "2005-03-09T09:18:33", "match": true, "host": "1.2.3.4", "desc": "unknown user try" }
Mar 9 09:18:33 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3.4: unknown user 'test1'
# failJSON: { "time": "2005-03-09T09:18:34", "match": true, "host": "1.2.3.4", "desc": "wrong password try" }
Mar 9 09:18:34 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3.4: wrong password for user 'test2'

3
fail2ban/tests/files/logs/postfix
View File

@ -32,3 +32,6 @@ Jan 31 13:55:24 xxx postfix/smtpd[3462]: NOQUEUE: reject: EHLO from s271272.stat
# failJSON: { "time": "2005-01-31T13:55:24", "match": true , "host": "78.107.251.238" } # failJSON: { "time": "2005-01-31T13:55:24", "match": true , "host": "78.107.251.238" }
Jan 31 13:55:24 xxx postfix-incoming/smtpd[3462]: NOQUEUE: reject: EHLO from s271272.static.corbina.ru[78.107.251.238]: 504 5.5.2 <User>: Helo command rejected: need fully-qualified hostname; proto=SMTP helo=<User> Jan 31 13:55:24 xxx postfix-incoming/smtpd[3462]: NOQUEUE: reject: EHLO from s271272.static.corbina.ru[78.107.251.238]: 504 5.5.2 <User>: Helo command rejected: need fully-qualified hostname; proto=SMTP helo=<User>
# failJSON: { "time": "2005-04-12T02:24:11", "match": true , "host": "62.138.2.143" }
Apr 12 02:24:11 xxx postfix/smtps/smtpd[42]: NOQUEUE: reject: EHLO from astra4139.startdedicated.de[62.138.2.143]: 504 5.5.2 <User>: Helo command rejected: need fully-qualified hostname; proto=SMTP helo=<User>

3
fail2ban/tests/files/logs/postfix-sasl
View File

@ -23,3 +23,6 @@ Feb 3 08:29:28 mail postfix/smtpd[21022]: warning: unknown[1.1.1.1]: SASL LOGIN
# failJSON: { "time": "2005-01-29T08:11:45", "match": true , "host": "1.1.1.1" } # failJSON: { "time": "2005-01-29T08:11:45", "match": true , "host": "1.1.1.1" }
Jan 29 08:11:45 mail postfix-incoming/smtpd[10752]: warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Password: Jan 29 08:11:45 mail postfix-incoming/smtpd[10752]: warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Password:
# failJSON: { "time": "2005-04-12T02:24:11", "match": true , "host": "62.138.2.143" }
Apr 12 02:24:11 xxx postfix/smtps/smtpd[42]: warning: astra4139.startdedicated.de[62.138.2.143]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

7
fail2ban/tests/utils.py
View File

@ -358,4 +358,11 @@ class LogCaptureTestCase(unittest.TestCase):
def printLog(self): def printLog(self):
print(self._log.getvalue()) print(self._log.getvalue())
pid_exists = Utils.pid_exists pid_exists = Utils.pid_exists
# Python 2.6 compatibility. in 2.7 assertDictEqual
def assert_dict_equal(a, b):
assert isinstance(a, dict), "Object is not dictionary: %r" % a
assert isinstance(b, dict), "Object is not dictionary: %r" % b
assert a==b, "Dictionaries differ:\n%r !=\n%r" % (a, b)

4
fail2ban/version.py
View File

@ -21,7 +21,7 @@
# #
__author__ = "Cyril Jaquier, Yaroslav Halchenko, Steven Hiscocks, Daniel Black" __author__ = "Cyril Jaquier, Yaroslav Halchenko, Steven Hiscocks, Daniel Black"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2005-2015 Yaroslav Halchenko, 2013-2014 Steven Hiscocks, Daniel Black" __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2005-2016 Yaroslav Halchenko, 2013-2014 Steven Hiscocks, Daniel Black"
__license__ = "GPL-v2+" __license__ = "GPL-v2+"
version = "0.9.3.dev" version = "0.9.4.dev0"

6
man/fail2ban-client.1
View File

@ -1,12 +1,12 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.1. .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.2.
.TH FAIL2BAN-CLIENT "1" "July 2015" "fail2ban-client v0.9.3" "User Commands" .TH FAIL2BAN-CLIENT "1" "March 2016" "fail2ban-client v0.9.4" "User Commands"
.SH NAME .SH NAME
fail2ban-client \- configure and control the server fail2ban-client \- configure and control the server
.SH SYNOPSIS .SH SYNOPSIS
.B fail2ban-client .B fail2ban-client
[\fI\,OPTIONS\/\fR] \fI\,<COMMAND>\/\fR [\fI\,OPTIONS\/\fR] \fI\,<COMMAND>\/\fR
.SH DESCRIPTION .SH DESCRIPTION
Fail2Ban v0.9.3 reads log file that contains password failure report Fail2Ban v0.9.4 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules. and bans the corresponding IP addresses using firewall rules.
.SH OPTIONS .SH OPTIONS
.TP .TP

4
man/fail2ban-regex.1
View File

@ -1,5 +1,5 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.1. .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.2.
.TH FAIL2BAN-REGEX "1" "July 2015" "fail2ban-regex 0.9.3" "User Commands" .TH FAIL2BAN-REGEX "1" "March 2016" "fail2ban-regex 0.9.4" "User Commands"
.SH NAME .SH NAME
fail2ban-regex \- test Fail2ban "failregex" option fail2ban-regex \- test Fail2ban "failregex" option
.SH SYNOPSIS .SH SYNOPSIS

6
man/fail2ban-server.1
View File

@ -1,12 +1,12 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.1. .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.2.
.TH FAIL2BAN-SERVER "1" "July 2015" "fail2ban-server v0.9.3" "User Commands" .TH FAIL2BAN-SERVER "1" "March 2016" "fail2ban-server v0.9.4" "User Commands"
.SH NAME .SH NAME
fail2ban-server \- start the server fail2ban-server \- start the server
.SH SYNOPSIS .SH SYNOPSIS
.B fail2ban-server .B fail2ban-server
[\fI\,OPTIONS\/\fR] [\fI\,OPTIONS\/\fR]
.SH DESCRIPTION .SH DESCRIPTION
Fail2Ban v0.9.3 reads log file that contains password failure report Fail2Ban v0.9.4 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules. and bans the corresponding IP addresses using firewall rules.
.PP .PP
Only use this command for debugging purpose. Start the server with Only use this command for debugging purpose. Start the server with

4
man/fail2ban-testcases.1
View File

@ -1,5 +1,5 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.1. .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.2.
.TH FAIL2BAN-TESTCASES "1" "July 2015" "fail2ban-testcases 0.9.3" "User Commands" .TH FAIL2BAN-TESTCASES "1" "March 2016" "fail2ban-testcases 0.9.4" "User Commands"
.SH NAME .SH NAME
fail2ban-testcases \- run Fail2Ban unit-tests fail2ban-testcases \- run Fail2Ban unit-tests
.SH SYNOPSIS .SH SYNOPSIS