github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'remotes/gh-upstream/0.10' into 0.11

pull/1913/head
sebres 2017-09-01 10:37:52 +02:00
parent b80692f602 d926e11a5c
commit 32058ed268
5 changed files with 96 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
config/filter.d/dovecot.conf
View File

@ -8,14 +8,27 @@ before = common.conf
[Definition]
_auth_worker = (?:dovecot: )?auth(?:-worker)?
_daemon = (dovecot(-auth)?|auth)
_daemon = (?:dovecot(?:-auth)?|auth)
prefregex = ^%(__prefix_line)s(%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_auth)s(?:\(dovecot:auth\))?: |(?:pop3|imap)-login: )?(?:Info: )?<F-CONTENT>.+</F-CONTENT>$
prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_auth)s(?:\(dovecot:auth\))?: |(?:pop3|imap)-login: )?(?:Info: )?<F-CONTENT>.+</F-CONTENT>$
failregex = ^authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(?:\s+user=\S*)?\s*$
^(?:Aborted login|Disconnected)(?::(?: [^ \(]+)+)? \((?:auth failed, \d+ attempts( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\):( user=<[^>]*>,)?( method=\S+,)? rip=<HOST>(?:, lip=\S+)?(?:, TLS(?: handshaking(?:: SSL_accept\(\) failed: error:[\dA-F]+:SSL routines:[TLS\d]+_GET_CLIENT_HELLO:unknown protocol)?)?(: Disconnected)?)?(, session=<\S+>)?\s*$
^pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\))\s*$
^(?:Aborted login|Disconnected)(?::(?: [^ \(]+)+)? \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth)\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
^pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (?:User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\))\s*$
^[a-z\-]{3,15}\(\S*,<HOST>(?:,\S*)?\): (?:unknown user|invalid credentials)\s*$
<mdre-<mode>>
mdre-aggressive = ^(?:Aborted login|Disconnected)(?::(?: [^ \(]+)+)? \((?:no auth attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
mdre-normal =
# Parameter `mode` - `normal` or `aggressive`.
# Aggressive mode can be used to match log-entries like:
# 'no auth attempts', 'disconnected before auth was ready', 'client didn't finish SASL auth'.
# Note it may produce lots of false positives on misconfigured MTAs.
# Ex.:
# filter = dovecot[mode=aggressive]
mode = normal
ignoreregex =
@ -27,8 +40,6 @@ datepattern = {^LN-BEG}TAI64N
# DEV Notes:
# * the first regex is essentially a copy of pam-generic.conf
# * Probably doesn't do dovecot sql/ldap backends properly (resolved in edit 21/03/2016)
# * Removed the 'no auth attempts' log lines from the matches because produces
# lots of false positives on misconfigured MTAs making regexp unusable
#
# Author: Martin Waschbuesch
# Daniel Black (rewrote with begin and end anchors)

16
fail2ban/tests/files/logs/dovecot
View File

@ -81,3 +81,19 @@ Mar 23 06:10:52 auth: Info: ldap(dog,52.37.139.121,): invalid credentials
Jul 26 11:11:21 hostname dovecot: imap-login: Disconnected: Too many invalid commands (tried to use disallowed plaintext auth): user=<test>, rip=192.0.2.1, lip=192.168.1.1, session=<S5dIdTFCDKUWWMbU>
# failJSON: { "time": "2005-07-26T11:12:19", "match": true , "host": "192.0.2.2" }
Jul 26 11:12:19 hostname dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts in 17 secs): user=<test>, method=PLAIN, rip=192.0.2.2, lip=192.168.1.1, TLS, session=<g3ZKeDECFqlWWMbU>
# failJSON: { "time": "2004-08-28T06:38:51", "match": true , "host": "192.0.2.3" }
Aug 28 06:38:51 s166-62-100-187 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 9 secs): user=<administrator@example.com>, method=PLAIN, rip=192.0.2.3, lip=192.168.1.2, TLS: Disconnected, TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
# ---------------------------------------
# Test-cases of aggressive mode:
# ---------------------------------------
# filterOptions: [{"mode": "aggressive"}]
# failJSON: { "time": "2004-08-29T16:06:58", "match": true , "host": "192.0.2.5" }
Aug 29 16:06:58 s166-62-100-187 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.0.2.5, lip=192.168.1.2, TLS handshaking: SSL_accept() syscall failed: Connection reset by peer
# failJSON: { "time": "2004-08-31T16:15:10", "match": true , "host": "192.0.2.6" }
Aug 31 16:15:10 s166-62-100-187 dovecot: imap-login: Disconnected (client didn't finish SASL auth, waited 2 secs): user=<>, method=PLAIN, rip=192.0.2.6, lip=192.168.1.2, TLS: SSL_read() syscall failed: Connection reset by peer, TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
# failJSON: { "time": "2004-08-31T16:21:53", "match": true , "host": "192.0.2.7" }
Aug 31 16:21:53 s166-62-100-187 dovecot: imap-login: Disconnected (no auth attempts in 4 secs): user=<>, rip=192.0.2.7, lip=192.168.1.2, TLS handshaking: SSL_accept() syscall failed: Connection reset by peer

20
fail2ban/tests/misctestcase.py
View File

@ -101,6 +101,22 @@ class SetupTest(unittest.TestCase):
"Seems to be running with python distribution %s"
" -- install can be tested only with system distribution %s" % (str(tuple(sys.version_info)), sysVer))
def testSetupInstallDryRun(self):
if not self.setup:
return # if verbose skip didn't work out
tmp = tempfile.mkdtemp()
# suppress stdout (and stderr) if not heavydebug
supdbgout = ' >/dev/null 2>&1' if unittest.F2B.log_level >= logging.DEBUG else '' # HEAVYDEBUG
try:
# try dry-run:
os.system("%s %s --dry-run install --disable-2to3 --root=%s%s"
% (sys.executable, self.setup , tmp, supdbgout))
# check nothing was created:
self.assertTrue(not os.listdir(tmp))
finally:
# clean up
shutil.rmtree(tmp)
def testSetupInstallRoot(self):
if not self.setup:
return # if verbose skip didn't work out
@ -108,8 +124,8 @@ class SetupTest(unittest.TestCase):
# suppress stdout (and stderr) if not heavydebug
supdbgout = ' >/dev/null' if unittest.F2B.log_level >= logging.DEBUG else '' # HEAVYDEBUG
try:
os.system("%s %s install --disable-2to3 --dry-run --root=%s%s"
% (sys.executable, self.setup, tmp, supdbgout))
self.assertEqual(os.system("%s %s install --disable-2to3 --root=%s%s"
% (sys.executable, self.setup, tmp, supdbgout)), 0)
def strippath(l):
return [x[len(tmp)+1:] for x in l]

8
files/fail2ban.service → files/fail2ban.service.in
View File

@ -7,11 +7,11 @@ PartOf=iptables.service firewalld.service
[Service]
Type=simple
ExecStartPre=/bin/mkdir -p /var/run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
ExecStart=@BINDIR@/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to stdout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=stdout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
# ExecStart=@BINDIR@/fail2ban-server -xf --logtarget=stdout start
ExecStop=@BINDIR@/fail2ban-client stop
ExecReload=@BINDIR@/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255

47
setup.py
View File

@ -50,6 +50,7 @@ except ImportError:
import os
from os.path import isfile, join, isdir, realpath
import re
import sys
import warnings
from glob import glob
@ -57,11 +58,25 @@ from glob import glob
from fail2ban.setup import updatePyExec
source_dir = os.path.realpath(os.path.dirname(
# __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
sys.argv[0] if os.path.basename(sys.argv[0]) == 'setup.py' else __file__
))
# Wrapper to install python binding (to current python version):
class install_scripts_f2b(install_scripts):
def get_outputs(self):
outputs = install_scripts.get_outputs(self)
# setup.py --dry-run install:
dry_run = not outputs
self.update_scripts(dry_run)
if dry_run:
#bindir = self.install_dir
bindir = self.build_dir
print('creating fail2ban-python binding -> %s (dry-run, real path can be different)' % (bindir,))
print('Copying content of %s to %s' % (self.build_dir, self.install_dir));
return outputs
fn = None
for fn in outputs:
if os.path.basename(fn) == 'fail2ban-server':
@ -71,6 +86,27 @@ class install_scripts_f2b(install_scripts):
updatePyExec(bindir)
return outputs
def update_scripts(self, dry_run=False):
buildroot = os.path.dirname(self.build_dir)
print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, self.install_dir))
with open(os.path.join(source_dir, 'files/fail2ban.service.in'), 'r') as fn:
lines = fn.readlines()
fn = None
if not dry_run:
fn = open(os.path.join(buildroot, 'fail2ban.service'), 'w')
try:
for ln in lines:
ln = re.sub(r'@BINDIR@', lambda v: self.install_dir, ln)
if dry_run:
sys.stdout.write(' | ' + ln)
continue
fn.write(ln)
finally:
if fn: fn.close()
if dry_run:
print(' `')
# Wrapper to specify fail2ban own options:
class install_command_f2b(install):
user_options = install.user_options + [
@ -94,11 +130,7 @@ class install_command_f2b(install):
# Update fail2ban-python env to current python version (where f2b-modules located/installed)
rootdir = os.path.realpath(os.path.dirname(
# __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
sys.argv[0] if os.path.basename(sys.argv[0]) == 'setup.py' else __file__
))
updatePyExec(os.path.join(rootdir, 'bin'))
updatePyExec(os.path.join(source_dir, 'bin'))
if setuptools and "test" in sys.argv:
import logging
@ -270,5 +302,8 @@ if isdir("/usr/lib/fail2ban"):
if sys.argv[1] == "install":
print("")
print("Please do not forget to update your configuration files.")
print("They are in /etc/fail2ban/.")
print("They are in \"/etc/fail2ban/\".")
print("")
print("You can also install systemd service-unit file from \"build/fail2ban.service\"")
print("resp. corresponding init script from \"files/*-initd\".")
print("")