From 586703dcc27ca2d98bb94bbeb4e6f0fce20909e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Mon, 13 Jul 2015 16:46:04 +0200 Subject: [PATCH] Test, changelog and fixes to pass2allow --- ChangeLog | 9 ++++++--- config/jail.conf | 9 +++------ fail2ban/tests/files/logs/apache-pass | 2 ++ 3 files changed, 11 insertions(+), 9 deletions(-) create mode 100644 fail2ban/tests/files/logs/apache-pass diff --git a/ChangeLog b/ChangeLog index ac61693f..de3de7f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,11 +32,14 @@ ver. 0.9.3 (2015/XX/XXX) - wanna-be-released currently not banned or persistent) - New Features: + * RETURN iptables target is now a variable: + * New type of operation: pass2allow, use fail2ban for "knocking", + opening a closed port by swapping blocktype and returntype * New filters: - froxlor-auth Thanks Joern Muehlencord - * New type of operation: - - pass2allow: use fail2ban for "knocking", opening a closed port - (apache-pass filter, allow-iptables-multiport action) + - apache-pass - filter Apache access log for successfull authentication + * New jails: + - pass2allow-ftp - allows FTP traffic after successful HTTP authentication - Enhancements: * action.d/cloudflare.conf - improved documentation on how to allow diff --git a/config/jail.conf b/config/jail.conf index c416c076..350582fc 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -768,17 +768,14 @@ enabled = false logpath = /var/lib/portsentry/portsentry.history maxretry = 1 -[pass2allow] -# allow FTP traffic after successful HTTP auth -enabled = false +[pass2allow-ftp] +# this pass2allow example allows FTP traffic after successful HTTP authentication filter = apache-pass -banaction = iptables-multiport blocktype = RETURN returntype = DROP # access log of the website with HTTP auth -logpath = /var/log/apache2/access.log +logpath = %(apache_access_log)s port = ftp,ftp-data,ftps,ftps-data -protocol = tcp bantime = 3600 maxretry = 1 findtime = 1 diff --git a/fail2ban/tests/files/logs/apache-pass b/fail2ban/tests/files/logs/apache-pass new file mode 100644 index 00000000..cb8d3454 --- /dev/null +++ b/fail2ban/tests/files/logs/apache-pass @@ -0,0 +1,2 @@ +# failJSON: { "time": "2013-06-27T11:55:44", "match": true , "host": "192.0.2.12" } +192.0.2.12 - user1 [27/Jun/2013:11:55:44] "GET /knocking/ HTTP/1.1" 200 266 "http://domain.net/hello-world/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:40.0) Gecko/20100101 Firefox/40.0"