github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #517 from grooverdan/apache-2.4

Browse Source 
BF: apache-2.4 log format fix. Closes gh-516
pull/401/head
Steven Hiscocks 11 years ago
parent 7af58b9984 382d68f0fe
commit 2c6e4d9ace
4 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
ChangeLog
Unescape View File

@ -27,6 +27,8 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
- complain action - ensure where not matching other IPs in log sample. - complain action - ensure where not matching other IPs in log sample.
Closes gh-467 Closes gh-467
- Fix firewall-cmd actioncheck - patch from Adam Tkac. Redhat Bug #979622 - Fix firewall-cmd actioncheck - patch from Adam Tkac. Redhat Bug #979622
- Fix apache-common for apache-2.4 log file format. Thanks Mark White.
Closes gh-516
- Enhancements: - Enhancements:
- long names on jails documented based on iptables limit of 30 less - long names on jails documented based on iptables limit of 30 less

1
THANKS
Unescape View File

@ -54,6 +54,7 @@ Manuel Arostegui Ramirez
Marcel Dopita Marcel Dopita
Mark Edgington Mark Edgington
Mark McKinstry Mark McKinstry
Mark White
Markus Hoffmann Markus Hoffmann
Marvin Rouge Marvin Rouge
mEDI mEDI

3
config/filter.d/apache-common.conf
Unescape View File

@ -8,12 +8,13 @@ after = apache-common.local
[DEFAULT] [DEFAULT]
_apache_error_client = \[[^]]*\] \[(error|\S+:\S+)\]( \[pid \d+:\S+ \d+\])? \[client <HOST>(:\d{1,5})?\] _apache_error_client = \[[^]]*\] \[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client <HOST>(:\d{1,5})?\]
# Common prefix for [error] apache messages which also would include <HOST> # Common prefix for [error] apache messages which also would include <HOST>
# Depending on the version it could be # Depending on the version it could be
# 2.2: [Sat Jun 01 11:23:08 2013] [error] [client 1.2.3.4] # 2.2: [Sat Jun 01 11:23:08 2013] [error] [client 1.2.3.4]
# 2.4: [Thu Jun 27 11:55:44.569531 2013] [core:info] [pid 4101:tid 2992634688] [client 1.2.3.4:46652] # 2.4: [Thu Jun 27 11:55:44.569531 2013] [core:info] [pid 4101:tid 2992634688] [client 1.2.3.4:46652]
# 2.4 (perfork): [Mon Dec 23 07:49:01.981912 2013] [:error] [pid 3790] [client 204.232.202.107:46301] script '/var/www/timthumb.php' not found or unable to
# #
# Reference: https://github.com/fail2ban/fail2ban/issues/268 # Reference: https://github.com/fail2ban/fail2ban/issues/268
# #

3
testcases/files/logs/apache-noscript
Unescape View File

@ -13,3 +13,6 @@
[Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] script not found or unable to stat: /home/e-smith/files/ibays/Primary/cgi-bin/php.cgi [Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] script not found or unable to stat: /home/e-smith/files/ibays/Primary/cgi-bin/php.cgi
# failJSON: { "time": "2008-07-22T06:48:30", "match": true , "host": "198.51.100.86" } # failJSON: { "time": "2008-07-22T06:48:30", "match": true , "host": "198.51.100.86" }
[Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] script not found or unable to stat: /home/e-smith/files/ibays/Primary/cgi-bin/php4 [Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] script not found or unable to stat: /home/e-smith/files/ibays/Primary/cgi-bin/php4
# apache 2.4
# failJSON: { "time": "2013-12-23T07:49:01", "match": true , "host": "204.232.202.107" }
[Mon Dec 23 07:49:01.981912 2013] [:error] [pid 3790] [client 204.232.202.107:46301] script '/var/www/timthumb.php' not found or unable to stat

Write Preview
Loading…
Cancel
Save