github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge commit '0.8.6' into debian 

* commit '0.8.6':
  Changelog and version changes for 0.8.6
  Revert "ENH: server.py -- addLogPath with tail=True"
  DOC: updated contact information to direct to github and mailing list
  ENH: added custom timeformat with '.' as separator. Close gh-1
  BF: stop all communications before stopping the jails (Close gh-7)
  ENH: added logging while stopping the jails
  Add Date: header for sendmail*.conf actions
  BF: gentoo-initd assure /var/run dir + remove stale sock file
  ENH: fix of syntax for compatibility with Python 2.4
  ENH: stay compatible with python < 2.5 (use md5 if hashlib is N/A)
  BF: use hashlib instead of deprecated md5
  ENH: Remove obsolete code from gentoo init script. Bug gentoo#367819.
pull/23/head
Yaroslav Halchenko 2011-11-28 22:47:27 -05:00
parent 9faeecc67c 1efe1bc171
commit 2fd8be18e5
12 changed files with 128 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
ChangeLog
View File

@ -4,9 +4,52 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_| |_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================ ================================================================================
Fail2Ban (version 0.8.5) 2011/07/28 Fail2Ban (version 0.8.6) 2011/11/28
================================================================================ ================================================================================
ver. 0.8.6 (2011/11/28) - stable
----------
- Fixes:
Markos Chandras & Yaroslav Halchenko
* [492d8e5,bd658fc] Use hashlib (instead of deprecated md5) where available
Robert Trace & Michael Lorant
* [c48c2b1] gentoo-initd cleanup and fixes: assure /var/run + remove stale
sock file
Michael Saavedra
* [3a58d0e] Lock server's executeCmd to prevent racing among iptables calls:
see http://bugs.debian.org/554162
Yaroslav Halchenko
* [3eb5e3b] Allow for trailing spaces in sasl logs
* [1632244] Stop server-side communication before stopping the
jails (prevents lockup if actions use fail2ban-client upon
unban): see https://github.com/fail2ban/fail2ban/issues/7
* [5a2d518] Various changes to reincarnate unittests
Yehuda
* Wiki was cleaned from SPAM
- Enhancements:
Adam Spiers
* [3152afb] Recognise time-stamped kernel messages
Guido Bozzetto
* [713fea6] Added ipmasq rule file to restart fail2ban when iptables are
wiped out: see http://bugs.debian.org/461417
Łukasz
* [5f23542] Matching of month names in Polish (thanks michaelberg79
for QA)
Tom Hendrikx
* [9fa54cf] Added Date: header for sendmail*.conf actions
Yaroslav Halchenko & Tom Hendrikx
* [b52d420..22b7007] <matches> in action files now can be used
to provide matched loglines which triggered action
Yaroslav Halchenko
* [ed0bf3a] Removed duplicate entry for DataCha0s/2\.0 in badbots:
see http://bugs.debian.org/519557
* [dad91f7] sshd.conf: allow user names to have spaces and
trailing spaces in the line
* [a9be451] removed expansions for few Date and Revision SVN keywords
* [a33135c] set/getFile for ticket.py -- found in source distribution
of 0.8.4
* [fbce415] additional logging while stopping the jails
ver. 0.8.5 (2011/07/28) - stable ver. 0.8.5 (2011/07/28) - stable
---------- ----------
- Fix: use addfailregex instead of failregex while processing per-jail - Fix: use addfailregex instead of failregex while processing per-jail

20
README
View File

@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_| |_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================ ================================================================================
Fail2Ban (version 0.8.5) 2011/07/26 Fail2Ban (version 0.8.6) 2011/11/28
================================================================================ ================================================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many
@ -26,8 +26,8 @@ Optional:
To install, just do: To install, just do:
> tar xvfj fail2ban-0.8.5.tar.bz2 > tar xvfj fail2ban-0.8.6.tar.bz2
> cd fail2ban-0.8.5 > cd fail2ban-0.8.6
> python setup.py install > python setup.py install
This will install Fail2Ban into /usr/share/fail2ban. The executable scripts are This will install Fail2Ban into /usr/share/fail2ban. The executable scripts are
@ -54,12 +54,18 @@ to the website: http://www.fail2ban.org
Contact: Contact:
-------- --------
You need some new features, you found bugs or you just appreciate this program,
you can contact me at:
Website: http://www.fail2ban.org Website: http://www.fail2ban.org
Cyril Jaquier: <cyril.jaquier@fail2ban.org> You need some new features, you found bugs: visit
https://github.com/fail2ban/fail2ban/issues
and if your issue is not yet known -- file a bug report.
If you would like to troubleshoot or discuss: join the mailing list
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
If you just appreciate this program: send kudos to the original
author: Cyril Jaquier: <cyril.jaquier@fail2ban.org>
Thanks: Thanks:
------- -------

2
common/version.py
View File

@ -27,4 +27,4 @@ __date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011 Yaroslav Halchenko" __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011 Yaroslav Halchenko"
__license__ = "GPL" __license__ = "GPL"
version = "0.8.5" version = "0.8.6"

3
config/action.d/sendmail-whois-lines.conf
View File

@ -12,6 +12,7 @@
# Values: CMD # Values: CMD
# #
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>> From: Fail2Ban <<sender>>
To: <dest>\n To: <dest>\n
Hi,\n Hi,\n
@ -24,6 +25,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
# Values: CMD # Values: CMD
# #
actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>> From: Fail2Ban <<sender>>
To: <dest>\n To: <dest>\n
Hi,\n Hi,\n
@ -46,6 +48,7 @@ actioncheck =
# Values: CMD # Values: CMD
# #
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>> From: Fail2Ban <<sender>>
To: <dest>\n To: <dest>\n
Hi,\n Hi,\n

3
config/action.d/sendmail-whois.conf
View File

@ -12,6 +12,7 @@
# Values: CMD # Values: CMD
# #
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>> From: Fail2Ban <<sender>>
To: <dest>\n To: <dest>\n
Hi,\n Hi,\n
@ -24,6 +25,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
# Values: CMD # Values: CMD
# #
actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>> From: Fail2Ban <<sender>>
To: <dest>\n To: <dest>\n
Hi,\n Hi,\n
@ -46,6 +48,7 @@ actioncheck =
# Values: CMD # Values: CMD
# #
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>> From: Fail2Ban <<sender>>
To: <dest>\n To: <dest>\n
Hi,\n Hi,\n

3
config/action.d/sendmail.conf
View File

@ -12,6 +12,7 @@
# Values: CMD # Values: CMD
# #
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>> From: Fail2Ban <<sender>>
To: <dest>\n To: <dest>\n
Hi,\n Hi,\n
@ -24,6 +25,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
# Values: CMD # Values: CMD
# #
actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>> From: Fail2Ban <<sender>>
To: <dest>\n To: <dest>\n
Hi,\n Hi,\n
@ -46,6 +48,7 @@ actioncheck =
# Values: CMD # Values: CMD
# #
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>> From: Fail2Ban <<sender>>
To: <dest>\n To: <dest>\n
Hi,\n Hi,\n

18
files/gentoo-initd
View File

@ -19,7 +19,7 @@
# #
# $Revision$ # $Revision$
opts="start stop restart reload showlog" opts="reload showlog"
FAIL2BAN="/usr/bin/fail2ban-client ${FAIL2BAN_OPTIONS}" FAIL2BAN="/usr/bin/fail2ban-client ${FAIL2BAN_OPTIONS}"
@ -31,6 +31,14 @@ depend() {
start() { start() {
ebegin "Starting fail2ban" ebegin "Starting fail2ban"
if [ ! -d /var/run/fail2ban ]; then
mkdir /var/run/fail2ban || return 1
fi
if [ -e /var/run/fail2ban/fail2ban.sock ]; then
# remove stalled sock file after system crash
# bug 347477
rm -rf /var/run/fail2ban/fail2ban.sock || return 1
fi
${FAIL2BAN} start &> /dev/null ${FAIL2BAN} start &> /dev/null
eend $? "Failed to start fail2ban" eend $? "Failed to start fail2ban"
} }
@ -41,14 +49,6 @@ stop() {
eend $? "Failed to stop fail2ban" eend $? "Failed to stop fail2ban"
} }
restart() {
if ! service_stopped "${SVCNAME}" ; then
svc_stop || return "$?"
sleep 1
fi
svc_start
}
reload() { reload() {
ebegin "Reloading fail2ban" ebegin "Reloading fail2ban"
${FAIL2BAN} reload > /dev/null ${FAIL2BAN} reload > /dev/null

6
server/datedetector.py
View File

@ -99,6 +99,12 @@ class DateDetector:
template.setRegex("\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}") template.setRegex("\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}")
template.setPattern("%Y-%m-%d %H:%M:%S") template.setPattern("%Y-%m-%d %H:%M:%S")
self.__templates.append(template) self.__templates.append(template)
# custom for syslog-ng 2006.12.21 06:43:20
template = DateStrptime()
template.setName("Year.Month.Day Hour:Minute:Second")
template.setRegex("\d{4}.\d{2}.\d{2} \d{2}:\d{2}:\d{2}")
template.setPattern("%Y.%m.%d %H:%M:%S")
self.__templates.append(template)
# named 26-Jul-2007 15:20:52.252 # named 26-Jul-2007 15:20:52.252
template = DateStrptime() template = DateStrptime()
template.setName("Day-MONTH-Year Hour:Minute:Second[.Millisecond]") template.setName("Day-MONTH-Year Hour:Minute:Second[.Millisecond]")

7
server/faildata.py
View File

@ -43,8 +43,11 @@ class FailData:
def setRetry(self, value): def setRetry(self, value):
self.__retry = value self.__retry = value
# keep only the last matches or reset entirely # keep only the last matches or reset entirely
self.__matches = self.__matches[-min(len(self.__matches, value)):] \ # Explicit if/else for compatibility with Python 2.4
if value else [] if value:
self.__matches = self.__matches[-min(len(self.__matches, value)):]
else:
self.__matches = []
def getRetry(self): def getRetry(self):
return self.__retry return self.__retry

13
server/filter.py
View File

@ -446,7 +446,14 @@ class FileFilter(Filter):
# In order to detect log rotation, the hash (MD5) of the first line of the file # In order to detect log rotation, the hash (MD5) of the first line of the file
# is computed and compared to the previous hash of this line. # is computed and compared to the previous hash of this line.
import md5 try:
import hashlib
md5sum = hashlib.md5
except ImportError:
# hashlib was introduced in Python 2.5. For compatibility with those
# elderly Pythons, import from md5
import md5
md5sum = md5.new
class FileContainer: class FileContainer:
@ -461,7 +468,7 @@ class FileContainer:
try: try:
firstLine = handler.readline() firstLine = handler.readline()
# Computes the MD5 of the first line. # Computes the MD5 of the first line.
self.__hash = md5.new(firstLine).digest() self.__hash = md5sum(firstLine).digest()
# Start at the beginning of file if tail mode is off. # Start at the beginning of file if tail mode is off.
if tail: if tail:
handler.seek(0, 2) handler.seek(0, 2)
@ -481,7 +488,7 @@ class FileContainer:
fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC) fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)
firstLine = self.__handler.readline() firstLine = self.__handler.readline()
# Computes the MD5 of the first line. # Computes the MD5 of the first line.
myHash = md5.new(firstLine).digest() myHash = md5sum(firstLine).digest()
stats = os.fstat(self.__handler.fileno()) stats = os.fstat(self.__handler.fileno())
# Compare hash and inode # Compare hash and inode
if self.__hash != myHash or self.__ino != stats.st_ino: if self.__hash != myHash or self.__ino != stats.st_ino:

14
server/server.py
View File

@ -107,9 +107,15 @@ class Server:
self.__loggingLock.release() self.__loggingLock.release()
def quit(self): def quit(self):
self.stopAllJail() # Stop communication first because if jail's unban action
# Stop communication # tries to communicate via fail2ban-client we get a lockup
# among threads. So the simplest resolution is to stop all
# communications first (which should be ok anyways since we
# are exiting)
# See https://github.com/fail2ban/fail2ban/issues/7
self.__asyncServer.stop() self.__asyncServer.stop()
# Now stop all the jails
self.stopAllJail()
def addJail(self, name, backend): def addJail(self, name, backend):
self.__jails.add(name, backend) self.__jails.add(name, backend)
@ -126,6 +132,7 @@ class Server:
self.__lock.release() self.__lock.release()
def stopJail(self, name): def stopJail(self, name):
logSys.debug("Stopping jail %s" % name)
try: try:
self.__lock.acquire() self.__lock.acquire()
if self.isAlive(name): if self.isAlive(name):
@ -135,6 +142,7 @@ class Server:
self.__lock.release() self.__lock.release()
def stopAllJail(self): def stopAllJail(self):
logSys.info("Stopping all jails")
try: try:
self.__lock.acquire() self.__lock.acquire()
for jail in self.__jails.getAll(): for jail in self.__jails.getAll():
@ -163,7 +171,7 @@ class Server:
return self.__jails.getFilter(name).getIgnoreIP() return self.__jails.getFilter(name).getIgnoreIP()
def addLogPath(self, name, fileName): def addLogPath(self, name, fileName):
self.__jails.getFilter(name).addLogPath(fileName, True) self.__jails.getFilter(name).addLogPath(fileName)
def delLogPath(self, name, fileName): def delLogPath(self, name, fileName):
self.__jails.getFilter(name).delLogPath(fileName) self.__jails.getFilter(name).delLogPath(fileName)

20
testcases/datedetectortestcase.py
View File

@ -57,6 +57,26 @@ class DateDetectorTest(unittest.TestCase):
self.assertEqual(self.__datedetector.getTime(log), date) self.assertEqual(self.__datedetector.getTime(log), date)
self.assertEqual(self.__datedetector.getUnixTime(log), dateUnix) self.assertEqual(self.__datedetector.getUnixTime(log), dateUnix)
def testVariousTimes(self):
"""Test detection of various common date/time formats f2b should understand
"""
date = [2005, 1, 23, 21, 59, 59, 1, 23, -1]
dateUnix = 1106513999.0
for sdate in (
"Jan 23 21:59:59",
"2005.01.23 21:59:59",
"23/01/2005 21:59:59",
):
log = sdate + "[sshd] error: PAM: Authentication failure"
# exclude
# TODO (Yarik is confused): figure out why for above it is
# "1" as day of the week which would be Tue, although it
# was Sun
self.assertEqual(self.__datedetector.getTime(log)[:6], date[:6])
self.assertEqual(self.__datedetector.getUnixTime(log), dateUnix)
# def testDefaultTempate(self): # def testDefaultTempate(self):
# self.__datedetector.setDefaultRegex("^\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}") # self.__datedetector.setDefaultRegex("^\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
# self.__datedetector.setDefaultPattern("%b %d %H:%M:%S") # self.__datedetector.setDefaultPattern("%b %d %H:%M:%S")