diff --git a/ChangeLog b/ChangeLog index 0c1c3676..f568f02a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -142,6 +142,8 @@ releases. * Fixed test case "testSetupInstallRoot" for not default python version (also using direct call, out of virtualenv); * Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512); +* FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540) +* Monit config: scripting is not supported in path (gh-1556) * `filter.d/asterisk.conf` - Fixed to match different asterisk log prefix (source file: method:) * `filter.d/ignorecommands/apache-fakegooglebot` @@ -151,6 +153,9 @@ releases. - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494) * `filter.d/postfix-sasl.conf` - Allow for having no trailing space after 'failed:' (gh-1497) +* `filter.d/vsftpd.conf` + - Optional reason part in message after FAIL LOGIN (gh-1543) + ### New Features diff --git a/config/filter.d/vsftpd.conf b/config/filter.d/vsftpd.conf index 930b0d7e..2ecc44d3 100644 --- a/config/filter.d/vsftpd.conf +++ b/config/filter.d/vsftpd.conf @@ -14,7 +14,7 @@ __pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:? _daemon = vsftpd failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=(?:\s+user=.*)?\s*$ - ^ \[pid \d+\] \[.+\] FAIL LOGIN: Client ""\s*$ + ^ \[pid \d+\] \[[^\]]+\] FAIL LOGIN: Client ""(?:\s*$|,) ignoreregex = diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py index 13538c66..9b1aefd6 100644 --- a/fail2ban/server/filter.py +++ b/fail2ban/server/filter.py @@ -934,7 +934,12 @@ class FileFilter(Filter): try: import hashlib - md5sum = hashlib.md5 + try: + md5sum = hashlib.md5 + # try to use it (several standards like FIPS forbid it): + md5sum(' ').hexdigest() + except: # pragma: no cover + md5sum = hashlib.sha1 except ImportError: # pragma: no cover # hashlib was introduced in Python 2.5. For compatibility with those # elderly Pythons, import from md5 diff --git a/fail2ban/tests/files/logs/vsftpd b/fail2ban/tests/files/logs/vsftpd index bcd7f611..3205fac3 100644 --- a/fail2ban/tests/files/logs/vsftpd +++ b/fail2ban/tests/files/logs/vsftpd @@ -12,3 +12,6 @@ Fri Jan 19 12:20:33 2007 [pid 27202] [anonymous] FAIL LOGIN: Client "64.106.46.9 # failJSON: { "time": "2004-10-23T21:15:42", "match": true , "host": "58.254.172.161" } Oct 23 21:15:42 vps vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=58.254.172.161 + +# failJSON: { "time": "2016-09-08T00:39:49", "match": true , "host": "192.0.2.1" } +Thu Sep 8 00:39:49 2016 [pid 15019] [guest] FAIL LOGIN: Client "::ffff:192.0.2.1", "User is not in the allow user list." diff --git a/files/monit/fail2ban b/files/monit/fail2ban index 8e6c9419..7873dbe0 100644 --- a/files/monit/fail2ban +++ b/files/monit/fail2ban @@ -1,7 +1,7 @@ check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid group services start program = "/etc/init.d/fail2ban force-start" - stop program = "/etc/init.d/fail2ban stop || :" + stop program = "/etc/init.d/fail2ban stop" if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart if 5 restarts within 5 cycles then timeout