github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

* Added new time template matching named log entries

pull/3/head
Yaroslav Halchenko 2007-07-30 02:31:35 +00:00
parent 95d17ee318
commit 58ae2a5a75
4 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
debian/changelog vendored
View File

@ -8,6 +8,7 @@ fail2ban (0.8.0-4) unstable; urgency=low
* Added iptables-allports.
* Use /var/run to keep socket file (closes: #425746)
* Added a filter for named to catch refused/denied queries
* Added new time template matching named log entries
* jail.conf has specification of protocol (default to tcp) to be provided to
banaction
* Adjusted failregex for sshd filter:

23
debian/patches/00_named_logtimeformat.dpatch vendored Executable file
View File

@ -0,0 +1,23 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_named_logtimeformat.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad trunk~/server/datedetector.py trunk/server/datedetector.py
--- trunk~/server/datedetector.py 2007-04-01 16:42:08.000000000 -0400
+++ trunk/server/datedetector.py 2007-07-29 22:28:52.000000000 -0400
@@ -80,6 +80,12 @@
template.setRegex("\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}")
template.setPattern("%Y-%m-%d %H:%M:%S")
self.__templates.append(template)
+ # named 26-Jul-2007 15:20:52.252
+ template = DateStrptime()
+ template.setName("Day-Month-Year Hour:Minute:Second[.Millisecond]")
+ template.setRegex("\d{2}-\S{3}-\d{4} \d{2}:\d{2}:\d{2}")
+ template.setPattern("%d-%b-%Y %H:%M:%S")
+ self.__templates.append(template)
# TAI64N
template = DateTai64n()
template.setName("TAI64N")

9
debian/patches/00_named_refused.dpatch vendored
View File

@ -7,8 +7,8 @@
@DPATCH@
diff -urNad trunk~/config/filter.d/named-refused.conf trunk/config/filter.d/named-refused.conf
--- trunk~/config/filter.d/named-refused.conf 1969-12-31 19:00:00.000000000 -0500
+++ trunk/config/filter.d/named-refused.conf 2007-07-24 16:02:15.000000000 -0400
@@ -0,0 +1,33 @@
+++ trunk/config/filter.d/named-refused.conf 2007-07-29 22:31:22.000000000 -0400
@@ -0,0 +1,34 @@
+# Fail2Ban configuration file for named (bind9). Trying to generalize the
+# structure which is general to capture general patterns in log
+# lines to cover different configurations/distributions
@ -32,7 +32,8 @@ diff -urNad trunk~/config/filter.d/named-refused.conf trunk/config/filter.d/name
+__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
+__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
+# hostname daemon_id spaces
+__line_prefix=\s\S+ %(__daemon_combs_re)s\s+
+# this can be optional (for instance if we match named native log files)
+__line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
@ -44,7 +45,7 @@ diff -urNad trunk~/config/filter.d/named-refused.conf trunk/config/filter.d/name
+
diff -urNad trunk~/config/filter.d/named-refused.examples trunk/config/filter.d/named-refused.examples
--- trunk~/config/filter.d/named-refused.examples 1969-12-31 19:00:00.000000000 -0500
+++ trunk/config/filter.d/named-refused.examples 2007-07-24 16:02:15.000000000 -0400
+++ trunk/config/filter.d/named-refused.examples 2007-07-29 22:30:29.000000000 -0400
@@ -0,0 +1,13 @@
+Jul 15 18:42:00 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.14.208.5#53
+Jul 15 18:42:01 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.14.208.4#53

1
debian/patches/00list vendored
View File

@ -7,3 +7,4 @@
00_ssh_strong_re
00_pam_generic
00_named_refused
00_named_logtimeformat