* Added new time template matching named log entries

2007-07-30 02:31:35 +00:00 · 2007-07-30 02:31:35 +00:00 · 58ae2a5a75
parent 95d17ee318
commit 58ae2a5a75
4 changed files with 30 additions and 4 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -8,6 +8,7 @@ fail2ban (0.8.0-4) unstable; urgency=low
  * Added iptables-allports.
  * Use /var/run to keep socket file (closes: #425746)
  * Added a filter for named to catch refused/denied queries
  * Added new time template matching named log entries
  * jail.conf has specification of protocol (default to tcp) to be provided to
    banaction
  * Adjusted failregex for sshd filter:
--- a/debian/patches/00_named_logtimeformat.dpatch
+++ b/debian/patches/00_named_logtimeformat.dpatch
@ -0,0 +1,23 @@
 #! /bin/sh /usr/share/dpatch/dpatch-run
 ## 00_named_logtimeformat.dpatch by Yaroslav Halchenko <debian@onerussian.com>
 ##
 ## All lines beginning with `## DP:' are a description of the patch.
 ## DP: No description.
@DPATCH@
 diff -urNad trunk~/server/datedetector.py trunk/server/datedetector.py
 --- trunk~/server/datedetector.py	2007-04-01 16:42:08.000000000 -0400
 +++ trunk/server/datedetector.py	2007-07-29 22:28:52.000000000 -0400
@@ -80,6 +80,12 @@
 			template.setRegex("\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}")
 			template.setPattern("%Y-%m-%d %H:%M:%S")
 			self.__templates.append(template)
 +			# named 26-Jul-2007 15:20:52.252 
 +			template = DateStrptime()
 +			template.setName("Day-Month-Year Hour:Minute:Second[.Millisecond]")
 +			template.setRegex("\d{2}-\S{3}-\d{4} \d{2}:\d{2}:\d{2}")
 +			template.setPattern("%d-%b-%Y %H:%M:%S")
 +			self.__templates.append(template)
 			# TAI64N
 			template = DateTai64n()
 			template.setName("TAI64N")
--- a/debian/patches/00_named_refused.dpatch
+++ b/debian/patches/00_named_refused.dpatch
@ -7,8 +7,8 @@
@DPATCH@
 diff -urNad trunk~/config/filter.d/named-refused.conf trunk/config/filter.d/named-refused.conf
 --- trunk~/config/filter.d/named-refused.conf	1969-12-31 19:00:00.000000000 -0500
-+++ trunk/config/filter.d/named-refused.conf	2007-07-24 16:02:15.000000000 -0400
+++ trunk/config/filter.d/named-refused.conf	2007-07-29 22:31:22.000000000 -0400
-@@ -0,0 +1,33 @@
+@@ -0,0 +1,34 @@
 +# Fail2Ban configuration file for named (bind9). Trying to generalize the
 +#          structure which is general to capture general patterns in log
 +#          lines to cover different configurations/distributions
@ -32,7 +32,8 @@ diff -urNad trunk~/config/filter.d/named-refused.conf trunk/config/filter.d/name
 +__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
 +__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
 +#       hostname       daemon_id         spaces
-+__line_prefix=\s\S+ %(__daemon_combs_re)s\s+
+# this can be optional (for instance if we match named native log files)
 +__line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
 +
 +# Option: failregex
 +# Notes.: regex to match the password failures messages in the logfile.
@ -44,7 +45,7 @@ diff -urNad trunk~/config/filter.d/named-refused.conf trunk/config/filter.d/name
 +
 diff -urNad trunk~/config/filter.d/named-refused.examples trunk/config/filter.d/named-refused.examples
 --- trunk~/config/filter.d/named-refused.examples	1969-12-31 19:00:00.000000000 -0500
-+++ trunk/config/filter.d/named-refused.examples	2007-07-24 16:02:15.000000000 -0400
+++ trunk/config/filter.d/named-refused.examples	2007-07-29 22:30:29.000000000 -0400
@@ -0,0 +1,13 @@
 +Jul 15 18:42:00 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.14.208.5#53
 +Jul 15 18:42:01 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.14.208.4#53
--- a/debian/patches/00list
+++ b/debian/patches/00list
@ -7,3 +7,4 @@
 00_ssh_strong_re
 00_pam_generic
 00_named_refused
 00_named_logtimeformat