From 47a62b60729e13b6811694dc52a07cb6a71cb539 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Mon, 22 Apr 2013 22:26:42 -0400 Subject: [PATCH] ENH: by default enable a single jail -- sshd --- config/jail.conf | 9 ++++++--- fail2ban/tests/clientreadertestcase.py | 9 +++++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/config/jail.conf b/config/jail.conf index 7a869b67..f7b3ee04 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -72,10 +72,12 @@ usedns = warn logencoding = auto # "enabled" enables the jails. -# By default all jails are disabled, and it should stay this way. -# Enable only relevant to your setup jails in your .local or jail.d/*.conf +# By default all (but sshd) jails are disabled. +# It is unlikely that the default value should ever be changed. +# Enable only relevant to your setup jails in your .local or jail.d/*.conf # -# Allowed values: true, false +# true: jail will be enabled and lofiles will get monitored for changes +# false: jail is not enabled enabled = false @@ -143,6 +145,7 @@ action = %(action_)s [sshd] +enabled = true port = ssh logpath = /var/log/auth.log /var/log/sshd.log diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py index f049c208..8ff45d76 100644 --- a/fail2ban/tests/clientreadertestcase.py +++ b/fail2ban/tests/clientreadertestcase.py @@ -115,7 +115,7 @@ class JailReaderTest(unittest.TestCase): jail = JailReader('sshd', basedir=CONFIG_DIR) # we are running tests from root project dir atm self.assertTrue(jail.read()) self.assertTrue(jail.getOptions()) - self.assertFalse(jail.isEnabled()) + self.assertTrue(jail.isEnabled()) self.assertEqual(jail.getName(), 'sshd') def testSplitOption(self): @@ -181,7 +181,12 @@ class JailsReaderTest(unittest.TestCase): comm_commands = jails.convert() # by default None of the jails is enabled and we get no # commands to communicate to the server - self.assertEqual(comm_commands, []) + #self.assertEqual(comm_commands, []) + # by default now we have sshd jail enabled (only) + # so the list of commands should start with + self.assertEqual(comm_commands[0], ['add', 'sshd', 'auto']) + # and end with + self.assertEqual(comm_commands[-1], ['start', 'sshd']) def testReadStockJailConfForceEnabled(self): # more of a smoke test to make sure that no obvious surprises