github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #504 from kwirk/nsd 

ENH: Add nsd filter and amend DateEpoch to match date format
pull/514/head
Daniel Black 2013-12-19 01:30:14 -08:00
parent 42a51930dd d22716ab63
commit 56f54dc2eb
5 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -40,6 +40,8 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
Daniel Black Daniel Black
* filter.d/solid-pop3d -- added thanks to Jacques Lav!gnotte on mailinglist. * filter.d/solid-pop3d -- added thanks to Jacques Lav!gnotte on mailinglist.
Bas van den Dikkenberg & Steven Hiscocks
* filter.d/nsd.conf -- also amended Unix date template to match nsd format
- Enhancements: - Enhancements:
- loglines now also report "[PID]" after the name portion - loglines now also report "[PID]" after the name portion

1
THANKS
View File

@ -16,6 +16,7 @@ Andrey G. Grozin
Andy Fragen Andy Fragen
Arturo 'Buanzo' Busleiman Arturo 'Buanzo' Busleiman
Axel Thimm Axel Thimm
Bas van den Dikkenberg
Beau Raines Beau Raines
Bill Heaton Bill Heaton
Carlos Alberto Lopez Perez Carlos Alberto Lopez Perez

26
config/filter.d/nsd.conf Normal file
View File

@ -0,0 +1,26 @@
# Fail2Ban configuration file
#
# Author: Bas van den Dikkenberg
#
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = nsd
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
failregex = ^\[\]%(__prefix_line)sinfo: ratelimit block .* query <HOST> TYPE255$
^\[\]%(__prefix_line)sinfo: .* <HOST> refused, no acl matches\.$

2
server/datetemplate.py
View File

@ -78,7 +78,7 @@ class DateEpoch(DateTemplate):
def __init__(self): def __init__(self):
DateTemplate.__init__(self) DateTemplate.__init__(self)
self.setRegex("(?:^|(?P<selinux>(?<=audit\()))\d{10}(?:\.\d{3,6})?(?(selinux)(?=:\d+\)))") self.setRegex("(?:^|(?P<square>(?<=^\[))|(?P<selinux>(?<=audit\()))\d{10}(?:\.\d{3,6})?(?(selinux)(?=:\d+\))(?(square)(?=\])))")
def getDate(self, line): def getDate(self, line):
date = None date = None

4
testcases/files/logs/nsd Normal file
View File

@ -0,0 +1,4 @@
# failJSON: { "time": "2013-12-17T14:58:14", "match": true , "host": "192.0.2.105" }
[1387288694] nsd[7745]: info: ratelimit block example.com. type any target 192.0.2.0/24 query 192.0.2.105 TYPE255
# failJSON: { "time": "2013-12-18T07:42:15", "match": true , "host": "192.0.2.115" }
[1387348935] nsd[23600]: info: axfr for zone domain.nl. from client 192.0.2.115 refused, no acl matches.