Merge branch 'master' into journaldefault

Conflicts:
	ChangeLog

ChangeLog

@@ -21,6 +21,7 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released
    * Treat failed and killed execution of commands identically (only
      different log messages), which addresses different behavior on different
      exit codes of dash and bash (gh-1155)
+   * Fix jail.conf.5 man's section (gh-1226)
    * Use postfix_log logpath for postfix-rbl jail
 
 - New Features:
@@ -35,6 +36,10 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released
      (Thanks M. Maraun)
    * Added check against atacker's Googlebot PTR fake records
      (Thanks Pablo Rodriguez Fernandez)
+   * Enhance filter against atacker's Googlebot PTR fake records
+     (gh-1226)
+   * Added filter for openhab domotic software authentication failure with the
+     rest api and web interface (gh-1223)
    * Add *_backend options for services to allow distros to set the default
      backend per service, set default to systemd for Fedora as appropriate
 

THANKS

@@ -40,6 +40,7 @@ Eric Gerbier
 Enrico Labedzki
 Eugene Hopkinson (SlowRiot)
 ftoppi
+Florian Robert (1technophile)
 François Boulogne
 Frantisek Sumsal
 Frédéric

config/filter.d/ignorecommands/apache-fakegooglebot

@@ -26,7 +26,7 @@ def is_googlebot(ip):
     from fail2ban.server.filter import DNSUtils
 
     host = DNSUtils.ipToName(ip)
-    if not host or not re.match('crawl-.*\.googlebot\.com', host):
+    if not host or not re.match('.*\.google(bot)?\.com$', host):
        sys.exit(1)
     host_ips = DNSUtils.dnsToIp(host)
     sys.exit(0 if ip in host_ips else 1)

config/filter.d/openhab.conf

@@ -0,0 +1,16 @@
+# Openhab brute force auth filter: /etc/fail2ban/filter.d/openhab.conf:
+#
+# Block IPs trying to auth openhab by web or rest api
+#
+# Matches e.g.
+# 12.34.33.22 -  -  [26/sept./2015:18:04:43 +0200] "GET /openhab.app HTTP/1.1" 401 1382 
+# 175.18.15.10 -  -  [02/sept./2015:00:11:31 +0200] "GET /rest/bindings HTTP/1.1" 401 1384
+
+[Definition] 
+failregex = ^<HOST>\s+-\s+-\s+\[\]\s+"[A-Z]+ .*" 401 \d+\s*$
+
+[Init]
+datepattern = %%d/%%b[^/]*/%%Y:%%H:%%M:%%S %%z
+
+
+

config/jail.conf

@@ -309,6 +309,12 @@ port    = http,https
 logpath = %(apache_error_log)s
 maxretry = 1
 
+[openhab-auth]
+
+filter = openhab
+action = iptables-allports[name=NoAuthFailures]
+logpath = /opt/openhab/logs/request.log
+
 [nginx-http-auth]
 
 port    = http,https

fail2ban/tests/files/logs/openhab

@@ -0,0 +1,11 @@
+# should match
+# failJSON: { "time": "2015-09-02T00:11:31", "match": true , "host": "175.18.15.10" } 
+175.18.15.10 -  -  [02/sept./2015:00:11:31 +0200] "GET /openhab.app HTTP/1.1" 401 1382 
+# failJSON: { "time": "2015-09-02T00:11:31", "match": true , "host": "175.18.15.10" } 
+175.18.15.10 -  -  [02/sept./2015:00:11:31 +0200] "GET /rest/bindings HTTP/1.1" 401 1384
+
+# Should not match
+# failJSON: { "match": false }
+175.18.15.11 -  -  [17/oct./2015:00:35:12 +0200] "GET /openhab.app?sitemap=default&poll=true&__async=true&__source=waHome HTTP/1.1" 200 92 
+# failJSON: { "match": false }
+175.18.15.11 -  -  [16/oct./2015:20:29:38 +0200] "GET /rest/sitemaps/default/maison HTTP/1.1" 200 2837 

man/jail.conf.5

@@ -1,4 +1,4 @@
-.TH JAIL.CONF "10" "October 2013" "Fail2Ban" "Fail2Ban Configuration"
+.TH JAIL.CONF "5" "October 2013" "Fail2Ban" "Fail2Ban Configuration"
 .SH NAME
 jail.conf \- configuration for the fail2ban server
 .SH SYNOPSIS