github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1551 from fail2ban/sebres-patch-fips-gh-1540 

filter.py: FIPS compliant fix (use sha1 instead of md5 if not allowed)
pull/1556/head
Serg G. Brester 2016-09-21 09:35:25 +02:00 committed by GitHub
parent fad953ade6 0f1d1a0d4d
commit 28e286cd2d
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -23,6 +23,7 @@ releases.
* Fixed test case "testSetupInstallRoot" for not default python version (also * Fixed test case "testSetupInstallRoot" for not default python version (also
using direct call, out of virtualenv); using direct call, out of virtualenv);
* Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512); * Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512);
* FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540)
* `filter.d/asterisk.conf` * `filter.d/asterisk.conf`
- Fixed to match different asterisk log prefix (source file: method:) - Fixed to match different asterisk log prefix (source file: method:)
* `filter.d/ignorecommands/apache-fakegooglebot` * `filter.d/ignorecommands/apache-fakegooglebot`

5
fail2ban/server/filter.py
View File

@ -742,7 +742,12 @@ class FileFilter(Filter):
try: try:
import hashlib import hashlib
try:
md5sum = hashlib.md5 md5sum = hashlib.md5
# try to use it (several standards like FIPS forbid it):
md5sum(' ').hexdigest()
except: # pragma: no cover
md5sum = hashlib.sha1
except ImportError: # pragma: no cover except ImportError: # pragma: no cover
# hashlib was introduced in Python 2.5. For compatibility with those # hashlib was introduced in Python 2.5. For compatibility with those
# elderly Pythons, import from md5 # elderly Pythons, import from md5