added new date format support for ASSP SMTP Proxy

pull/193/head
Enrico Labedzki 2013-04-28 10:44:31 +02:00
parent 7b87afef48
commit 1524b076d6
9 changed files with 3675 additions and 3 deletions

View File

@ -4,10 +4,10 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_| |_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================ ================================================================================
Fail2Ban (version 0.8.9) 2013/04/XX Fail2Ban (version 0.8.9) 2013/04/28
================================================================================ ================================================================================
ver. 0.8.9 (2013/04/XXX) - wanna-be-stable ver. 0.8.9 (2013/04/28) - wanna-be-stable
---------- ----------
Although primarily a bugfix release, it incorporates many new Although primarily a bugfix release, it incorporates many new
@ -68,6 +68,8 @@ Borreli, blotus:
Soulard Morgan Soulard Morgan
* [f336d9f] Add filter for webmin. Closes gh-99. * [f336d9f] Add filter for webmin. Closes gh-99.
- Enhancements: - Enhancements:
Enrico Labedzki
* [???????] Added Datew format for ASSP SMTP Proxy.
Steven Hiscocks Steven Hiscocks
* [3d6791f] Ensure restart of Actions after a check fails occurs * [3d6791f] Ensure restart of Actions after a check fails occurs
consistently. Closes gh-172. consistently. Closes gh-172.

1
THANKS
View File

@ -16,6 +16,7 @@ Daniel B. Cid
Daniel Black Daniel Black
David Nutter David Nutter
Eric Gerbier Eric Gerbier
Enrico Labedzki
Guillaume Delvit Guillaume Delvit
Hanno 'Rince' Wagner Hanno 'Rince' Wagner
Iain Lea Iain Lea

2
TODO
View File

@ -13,6 +13,8 @@ Legend:
# partially done # partially done
* done * done
- more detailed explaination in DEVELOP for new developers (eg. howto build this HEX numbers in ChangeLog)
- Run tests though all filters/examples files - (see sshd example file) as unit - Run tests though all filters/examples files - (see sshd example file) as unit
test test

30
config/filter.d/assp.conf Normal file
View File

@ -0,0 +1,30 @@
# Fail2Ban configuration file
# for Anti-Spam SMTP Proxy Server also known as ASSP
# Honmepage: http://www.magicvillage.de/~Fritz_Borgstedt/assp/0003D91C-8000001C/
# ProjektSite: http://sourceforge.net/projects/assp/?source=directory
#
# Author: Enrico Labedzki (enrico.labedzki@deiwos.de)
#
[Definition]
# Option: failregex
# Notes.: regex to match the SMTP failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
# Examples: Apr-27-13 02:33:09 Blocking 217.194.197.97 - too much AUTH errors (41);
# Dec-29-12 17:10:31 [SSL-out] 200.247.87.82 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
# Dec-30-12 04:01:47 [SSL-out] 81.82.232.66 max sender authentication errors (5) exceeded
failregex = <HOST> max sender authentication errors
<HOST> SSL negotiation with client failed
Blocking <HOST> - too much AUTH errors
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

View File

@ -89,6 +89,13 @@ action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=you@example.com] sendmail-whois[name=sasl, dest=you@example.com]
logpath = /var/log/mail.log logpath = /var/log/mail.log
# ASSP SMTP Proxy Jail
[assp]
enabled = false
port = 25,465,587
filter = assp
logpath = /root/path/to/assp/logs/maillog.txt
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
# used to avoid banning the user "myuser". # used to avoid banning the user "myuser".

View File

@ -29,7 +29,7 @@ __license__ = "GPL"
import time, logging import time, logging
from datetemplate import DateStrptime, DateTai64n, DateEpoch, DateISO8601 from datetemplate import DateStrptime, DateTai64n, DateEpoch, DateISO8601, DateASSPlike
from threading import Lock from threading import Lock
# Gets the instance of the logger. # Gets the instance of the logger.
@ -161,6 +161,11 @@ class DateDetector:
template.setRegex("^\d{2}\d{2}\d{2} +\d{1,2}:\d{2}:\d{2}") template.setRegex("^\d{2}\d{2}\d{2} +\d{1,2}:\d{2}:\d{2}")
template.setPattern("%y%m%d %H:%M:%S") template.setPattern("%y%m%d %H:%M:%S")
self._appendTemplate(template) self._appendTemplate(template)
# ASSP: Apr-27-13 02:33:06
template = DateASSPlike()
template.setName("ASSP like date format")
template.setRegex("^[a-zA-Z]{3}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}")
self._appendTemplate(template)
finally: finally:
self.__lock.release() self.__lock.release()

View File

@ -218,3 +218,15 @@ class DateISO8601(DateTemplate):
value = dateMatch.group() value = dateMatch.group()
date = list(iso8601.parse_date(value).timetuple()) date = list(iso8601.parse_date(value).timetuple())
return date return date
class DateASSPlike(DateTemplate):
def __init__(self):
DateTemplate.__init__(self)
def getDate(self, line):
# there is no need to parse the date.
# ASSP doesn't buffer the log output.
return MyTime.gmtime()

View File

@ -85,6 +85,7 @@ class DateDetectorTest(unittest.TestCase):
"2005-01-23T21:59:59-05:00Z", #ISO 8601 with TZ "2005-01-23T21:59:59-05:00Z", #ISO 8601 with TZ
"<01/23/05@21:59:59>", "<01/23/05@21:59:59>",
"050123 21:59:59", # MySQL "050123 21:59:59", # MySQL
"Apr-27-13 01:27:45", # ASSP like
): ):
log = sdate + "[sshd] error: PAM: Authentication failure" log = sdate + "[sshd] error: PAM: Authentication failure"
# exclude # exclude

3612
testcases/files/logs/assp Normal file

File diff suppressed because it is too large Load Diff