From b6d9f795dca4783c84cf57a9e56c551e4fa09905 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Boulogne?= Date: Sat, 24 Dec 2011 21:51:18 +0100 Subject: [PATCH 01/57] add filter for lighttpd mod_auth failure --- config/filter.d/lighttpd-auth.conf | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 config/filter.d/lighttpd-auth.conf diff --git a/config/filter.d/lighttpd-auth.conf b/config/filter.d/lighttpd-auth.conf new file mode 100644 index 00000000..4e5fc38f --- /dev/null +++ b/config/filter.d/lighttpd-auth.conf @@ -0,0 +1,19 @@ +# Fail2Ban configuration file +# +# Author: Francois Boulogne +# + +[Definition] + +# Option: failregex +# Notes.: regex to match wrong passwords as notified by lighttpd's auth Module +# Values: TEXT +# +failregex = .*http_auth.*password doesn\'t match.*IP: + + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = From a7cb20edacb31636e046e3fee7b232a4fc214250 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Boulogne?= Date: Sat, 24 Dec 2011 21:56:38 +0100 Subject: [PATCH 02/57] add lighttpd-auth jail --- config/jail.conf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/config/jail.conf b/config/jail.conf index 4fb14633..fec6b1bd 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -180,6 +180,18 @@ filter = lighttpd-fastcgi logpath = /var/log/lighttpd/error.log maxretry = 2 +# Same as above for mod_auth +# It catches wrong authentifications + +[lighttpd-auth] + +enabled = false +port = http,https +filter = lighttpd-auth +# adapt the following two items as needed +logpath = /var/log/lighttpd/error.log +maxretry = 2 + # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" # option is overridden in this jail. Moreover, the action "mail-whois" defines # the variable "name" which contains a comma using "". The characters '' are From 683d4f269d0b5995a9131a5c938a8141e7caf36b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Boulogne?= Date: Sat, 24 Dec 2011 22:24:08 +0100 Subject: [PATCH 03/57] modifications suggested by a referee (log ex+regexp) --- config/filter.d/lighttpd-auth.conf | 2 +- testcases/files/logs/lighttpd | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 testcases/files/logs/lighttpd diff --git a/config/filter.d/lighttpd-auth.conf b/config/filter.d/lighttpd-auth.conf index 4e5fc38f..891eafd3 100644 --- a/config/filter.d/lighttpd-auth.conf +++ b/config/filter.d/lighttpd-auth.conf @@ -9,7 +9,7 @@ # Notes.: regex to match wrong passwords as notified by lighttpd's auth Module # Values: TEXT # -failregex = .*http_auth.*password doesn\'t match.*IP: +failregex = .*http_auth.*password doesn\'t match.*IP: $ # Option: ignoreregex diff --git a/testcases/files/logs/lighttpd b/testcases/files/logs/lighttpd new file mode 100644 index 00000000..bf5224a1 --- /dev/null +++ b/testcases/files/logs/lighttpd @@ -0,0 +1,2 @@ +#authentification failure (mod_auth) +2011-12-24 18:43:32: (http_auth.c.875) password doesn't match for /gitweb/ username: foobar, IP: 11.11.11.11 From 4c76fb3b54c77657b416b0a21aade1947e83c392 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Sun, 25 Dec 2011 10:00:50 -0500 Subject: [PATCH 04/57] ENH: allow trailing white-spaces in lighttpd-auth.conf now catches the one in testcases/files/logs/lighttpd --- config/filter.d/lighttpd-auth.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/filter.d/lighttpd-auth.conf b/config/filter.d/lighttpd-auth.conf index 891eafd3..837cc501 100644 --- a/config/filter.d/lighttpd-auth.conf +++ b/config/filter.d/lighttpd-auth.conf @@ -9,7 +9,7 @@ # Notes.: regex to match wrong passwords as notified by lighttpd's auth Module # Values: TEXT # -failregex = .*http_auth.*password doesn\'t match.*IP: $ +failregex = .*http_auth.*password doesn\'t match.*IP: \s*$ # Option: ignoreregex From 115092956f65bb9c8bcee9c9c3c13e10e64f16c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Boulogne?= Date: Sun, 25 Dec 2011 20:15:57 +0100 Subject: [PATCH 05/57] Correction of the IP in testcase for lighttpd --- testcases/files/logs/lighttpd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testcases/files/logs/lighttpd b/testcases/files/logs/lighttpd index bf5224a1..1697a276 100644 --- a/testcases/files/logs/lighttpd +++ b/testcases/files/logs/lighttpd @@ -1,2 +1,2 @@ #authentification failure (mod_auth) -2011-12-24 18:43:32: (http_auth.c.875) password doesn't match for /gitweb/ username: foobar, IP: 11.11.11.11 +2011-12-25 17:09:20: (http_auth.c.875) password doesn't match for /gitweb/ username: francois, IP: 4.4.4.4 From 47c03a2c13c9401034f3ccfcc37830167540ae48 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Mon, 26 Dec 2011 12:49:47 -0500 Subject: [PATCH 06/57] files/nagios - spelling/grammar fixes --- files/nagios/check_fail2ban | 13 ++++++------- files/nagios/f2ban.txt | 2 +- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/files/nagios/check_fail2ban b/files/nagios/check_fail2ban index 6afa9d7d..2b38e8a9 100755 --- a/files/nagios/check_fail2ban +++ b/files/nagios/check_fail2ban @@ -45,9 +45,8 @@ check_processes_fail2ban() } ###################################################################### # first check in the Background, PID will be killed when no response -# after 10 seconds, might be possible, otherwise the scipt will be -# pressent in your memory all the time -# +# after 10 seconds, might be possible, otherwise the script will be +# present in your memory all the time ###################################################################### check_processes_fail2ban & @@ -68,7 +67,7 @@ fi done ###################################################################### -# when the Server response (doesent mean the FAIL2BAN is working) +# when the Server response (does not mean the FAIL2BAN is working) # in the first step, then it will run again and test the Service # and provide the real status ###################################################################### @@ -83,19 +82,19 @@ fi ###################################################################### -# Mainmenu +# Main Menu ###################################################################### final_exit=$exit_fail2ban if [ $final_exit -eq 0 ]; then - echo "SYSTEM OK - Fail2ban is working normaly" + echo "SYSTEM OK - Fail2ban is working normally" exitstatus=$STATE_OK elif [ $final_exit -ne "0" ]; then echo "SYSTEM WARNING - Fail2Ban is not working" ###################################################################### # If don't have a Nagios Server for monitoring, remove the comment and -# add your Mail Addres. You can check it with a Cron Job once a hour. +# add your Mail Address. You can check it with a Cron Job once an hour. # put a txt file on your server and describe how to fix the issue, this # could be attached to the mail. ###################################################################### diff --git a/files/nagios/f2ban.txt b/files/nagios/f2ban.txt index a811cd5d..0f048ff7 100644 --- a/files/nagios/f2ban.txt +++ b/files/nagios/f2ban.txt @@ -5,7 +5,7 @@ HELP: 1.) stop the Service /etc/init.d/fail2ban stop -2.) delete the socket if avalible +2.) delete the socket if available rm /tmp/fail2ban.sock 3.) start the Service From e442503133c86f5ef78dcc63cf1b90014213a22f Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Fri, 30 Dec 2011 00:18:52 -0500 Subject: [PATCH 07/57] Added pyinotify backend --- MANIFEST | 1 + config/jail.conf | 17 +++-- server/filterpyinotify.py | 148 ++++++++++++++++++++++++++++++++++++++ server/jail.py | 39 ++++++++-- 4 files changed, 194 insertions(+), 11 deletions(-) create mode 100644 server/filterpyinotify.py diff --git a/MANIFEST b/MANIFEST index 4c60f8e4..eef145b6 100644 --- a/MANIFEST +++ b/MANIFEST @@ -20,6 +20,7 @@ client/configurator.py client/csocket.py server/asyncserver.py server/filter.py +server/filterpyinotify.py server/filtergamin.py server/filterpoll.py server/iso8601.py diff --git a/config/jail.conf b/config/jail.conf index fec6b1bd..cdef1cb3 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -25,14 +25,17 @@ findtime = 600 # "maxretry" is the number of failures before a host get banned. maxretry = 3 -# "backend" specifies the backend used to get files modification. Available -# options are "gamin", "polling" and "auto". This option can be overridden in -# each jail too (use "gamin" for a jail and "polling" for another). +# "backend" specifies the backend used to get files modification. +# Available options are "pyinotify", "gamin", "polling" and "auto". +# This option can be overridden in each jail as well. # -# gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin -# is not installed, Fail2ban will use polling. -# polling: uses a polling algorithm which does not require external libraries. -# auto: will choose Gamin if available and polling otherwise. +# pyinotify: requires pyinotify (a file alteration monitor) to be installed. +# If pyinotify is not installed, Fail2ban will use auto. +# gamin: requires Gamin (a file alteration monitor) to be installed. +# If Gamin is not installed, Fail2ban will use auto. +# polling: uses a polling algorithm which does not require external libraries. +# auto: will try to use the following backends, in order: +# pyinotify, gamin, polling. backend = auto diff --git a/server/filterpyinotify.py b/server/filterpyinotify.py new file mode 100644 index 00000000..c5e70e22 --- /dev/null +++ b/server/filterpyinotify.py @@ -0,0 +1,148 @@ +# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*- +# vi: set ft=python sts=4 ts=4 sw=4 noet : + +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# Author: Cyril Jaquier +# +# $Revision$ + +__author__ = "Cyril Jaquier" +__version__ = "$Revision$" +__date__ = "$Date$" +__copyright__ = "Copyright (c) 2004 Cyril Jaquier" +__license__ = "GPL" + +from failmanager import FailManagerEmpty +from filter import FileFilter +from mytime import MyTime + +import time, logging, pyinotify + + + +# Gets the instance of the logger. +logSys = logging.getLogger("fail2ban.filter") + +## +# Log reader class. +# +# This class reads a log file and detects login failures or anything else +# that matches a given regular expression. This class is instantiated by +# a Jail object. + +class ProcessPyinotify(pyinotify.ProcessEvent): + def __init__(self, FileFilter, **kargs): + super(ProcessPyinotify, self).__init__(**kargs) + self.__FileFilter = FileFilter + pass + + # just need default, since using mask on watch to limit events + def process_default(self, event): + logSys.debug("PYINOTIFY: Callback for Event: %s" % event) + self.__FileFilter.callback(event.pathname) + + +class FilterPyinotify(FileFilter): + # Constructor. + # + # Initialize the filter object with default values. + # @param jail the jail object + def __init__(self, jail): + FileFilter.__init__(self, jail) + self.__modified = False + self.monitor = pyinotify.WatchManager() + self.watches = dict() + + + def callback(self, path): + self.getFailures(path) + try: + while True: + ticket = self.failManager.toBan() + self.jail.putFailTicket(ticket) + except FailManagerEmpty: + self.failManager.cleanup(MyTime.time()) + self.dateDetector.sortTemplate() + self.__modified = False + + ## + # Add a log file path + # + # @param path log file path + def addLogPath(self, path, tail=False): + if self.containsLogPath(path): + logSys.error(path + " already exists") + else: + wd = self.monitor.add_watch(path, pyinotify.IN_MODIFY) + self.watches[path] = wd[path] + FileFilter.addLogPath(self, path, tail) + logSys.info("Added logfile = %s" % path) + + ## + # Delete a log path + # + # @param path the log file to delete + + def delLogPath(self, path): + if not self.containsLogPath(path): + logSys.error(path + " is not monitored") + else: + self.monitor.rm_watch(self.watches[path]) + FileFilter.delLogPath(self, path) + logSys.info("Removed logfile = %s" % path) + + ## + # Main loop. + # + # This function is the main loop of the thread. It checks if the + # file has been modified and looks for failures. + # @return True when the thread exits nicely + + def run(self): + self.setActive(True) + self.notifier = pyinotify.ThreadedNotifier(self.monitor, + ProcessPyinotify(self)) + self.notifier.start() + while self._isActive(): + if not self.getIdle(): + self.notifier.process_events() + # Convert sleep seconds to millis + if self.notifier.check_events(): + self.notifier.read_events() + else: + time.sleep(self.getSleepTime()) + # Cleanup pyinotify + self.__cleanup() + logSys.debug(self.jail.getName() + ": filter terminated") + return True + + ## + # Call super.stop() and then stop the 'Notifier' + + def stop(self): + # Call super to set __isRunning + super(FilterPyinotify, self).stop() + # Now stop the Notifier, otherwise we're deadlocked + self.notifier.stop() + + ## + # Deallocates the resources used by pyinotify. + + def __cleanup(self): + del self.notifier + del self.monitor diff --git a/server/jail.py b/server/jail.py index eefe69e5..16bdd088 100644 --- a/server/jail.py +++ b/server/jail.py @@ -41,13 +41,37 @@ class Jail: self.__queue = Queue.Queue() self.__filter = None logSys.info("Creating new jail '%s'" % self.__name) - if backend == "polling": - self.__initPoller() - else: + self.__setBackend = False + if backend == "auto": + # Quick-escape for auto (default/fall-back condition) + self.__setBackend = False + elif backend == "pyinotify": + try: + self.__initPyinotify() + self.__setBackend = True + except ImportError: + self.__setBackend = False + elif backend == "gamin": try: self.__initGamin() + self.__setBackend = True except ImportError: - self.__initPoller() + self.__setBackend = False + elif backend == "polling": + self.__initPoller() + self.__setBackend = True + + if not self.__setBackend: + # If auto, or unrecognized, or failed using an explicit value + try: + self.__initPyinotify() + except ImportError: + try: + self.__initGamin() + except ImportError: + self.__initPoller() + self.__setBackend = True + self.__action = Actions(self) def __initPoller(self): @@ -62,6 +86,13 @@ class Jail: from filtergamin import FilterGamin self.__filter = FilterGamin(self) + def __initPyinotify(self): + # Try to import pyinotify + import pyinotify + logSys.info("Jail '%s' uses pyinotify" % self.__name) + from filterpyinotify import FilterPyinotify + self.__filter = FilterPyinotify(self) + def setName(self, name): self.__name = name From d1050350db96703cf15a36c99f842e45623d17e5 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Fri, 30 Dec 2011 00:28:17 -0500 Subject: [PATCH 08/57] Added pyinotify backend --- server/filterpyinotify.py | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/server/filterpyinotify.py b/server/filterpyinotify.py index c5e70e22..9b7a6f09 100644 --- a/server/filterpyinotify.py +++ b/server/filterpyinotify.py @@ -31,9 +31,7 @@ from failmanager import FailManagerEmpty from filter import FileFilter from mytime import MyTime -import time, logging, pyinotify - - +import time, logging, pyinotify # Gets the instance of the logger. logSys = logging.getLogger("fail2ban.filter") @@ -45,28 +43,19 @@ logSys = logging.getLogger("fail2ban.filter") # that matches a given regular expression. This class is instantiated by # a Jail object. -class ProcessPyinotify(pyinotify.ProcessEvent): - def __init__(self, FileFilter, **kargs): - super(ProcessPyinotify, self).__init__(**kargs) - self.__FileFilter = FileFilter - pass - - # just need default, since using mask on watch to limit events - def process_default(self, event): - logSys.debug("PYINOTIFY: Callback for Event: %s" % event) - self.__FileFilter.callback(event.pathname) - - class FilterPyinotify(FileFilter): + ## # Constructor. # # Initialize the filter object with default values. # @param jail the jail object + def __init__(self, jail): FileFilter.__init__(self, jail) self.__modified = False + # Pyinotify watch manager self.monitor = pyinotify.WatchManager() - self.watches = dict() + logSys.debug("Created FilterPyinotify") def callback(self, path): @@ -84,12 +73,12 @@ class FilterPyinotify(FileFilter): # Add a log file path # # @param path log file path + def addLogPath(self, path, tail=False): if self.containsLogPath(path): logSys.error(path + " already exists") else: wd = self.monitor.add_watch(path, pyinotify.IN_MODIFY) - self.watches[path] = wd[path] FileFilter.addLogPath(self, path, tail) logSys.info("Added logfile = %s" % path) @@ -102,7 +91,6 @@ class FilterPyinotify(FileFilter): if not self.containsLogPath(path): logSys.error(path + " is not monitored") else: - self.monitor.rm_watch(self.watches[path]) FileFilter.delLogPath(self, path) logSys.info("Removed logfile = %s" % path) @@ -146,3 +134,15 @@ class FilterPyinotify(FileFilter): def __cleanup(self): del self.notifier del self.monitor + + +class ProcessPyinotify(pyinotify.ProcessEvent): + def __init__(self, FileFilter, **kargs): + super(ProcessPyinotify, self).__init__(**kargs) + self.__FileFilter = FileFilter + pass + + # just need default, since using mask on watch to limit events + def process_default(self, event): + logSys.debug("PYINOTIFY: Callback for Event: %s" % event) + self.__FileFilter.callback(event.pathname) From 4bf4d4ddb517a1980c72f2c2def3483d3cebe7d7 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Fri, 30 Dec 2011 00:37:15 -0500 Subject: [PATCH 09/57] Removed wd assignment and irrelevant comment --- server/filterpyinotify.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/server/filterpyinotify.py b/server/filterpyinotify.py index 9b7a6f09..12317687 100644 --- a/server/filterpyinotify.py +++ b/server/filterpyinotify.py @@ -78,7 +78,7 @@ class FilterPyinotify(FileFilter): if self.containsLogPath(path): logSys.error(path + " already exists") else: - wd = self.monitor.add_watch(path, pyinotify.IN_MODIFY) + self.monitor.add_watch(path, pyinotify.IN_MODIFY) FileFilter.addLogPath(self, path, tail) logSys.info("Added logfile = %s" % path) @@ -109,7 +109,6 @@ class FilterPyinotify(FileFilter): while self._isActive(): if not self.getIdle(): self.notifier.process_events() - # Convert sleep seconds to millis if self.notifier.check_events(): self.notifier.read_events() else: From 4502adfe69816ec4e33e5b4e266de21ab5c212a5 Mon Sep 17 00:00:00 2001 From: Leonardo Chiquitto Date: Mon, 21 Nov 2011 09:18:47 -0300 Subject: [PATCH 10/57] Fix comments to reflect code Commit 638bb6652 changed some defaults but the comments still point to the previous values. --- config/action.d/dshield.conf | 2 +- config/action.d/mynetwatchman.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf index 8549a550..177329b2 100644 --- a/config/action.d/dshield.conf +++ b/config/action.d/dshield.conf @@ -204,7 +204,7 @@ dest = reports@dshield.org # Option: tmpfile # Notes.: Base name of temporary files used for buffering -# Values: [ STRING ] Default: /tmp/fail2ban-dshield +# Values: [ STRING ] Default: /var/run/fail2ban/tmp-dshield # tmpfile = /var/run/fail2ban/tmp-dshield diff --git a/config/action.d/mynetwatchman.conf b/config/action.d/mynetwatchman.conf index f0e55153..d4f8de1a 100644 --- a/config/action.d/mynetwatchman.conf +++ b/config/action.d/mynetwatchman.conf @@ -139,6 +139,6 @@ mnwurl = http://mynetwatchman.com/insertwebreport.asp # Option: tmpfile # Notes.: Base name of temporary files -# Values: [ STRING ] Default: /tmp/fail2ban-mynetwatchman +# Values: [ STRING ] Default: /var/run/fail2ban/tmp-mynetwatchman # tmpfile = /var/run/fail2ban/tmp-mynetwatchman From a7d47e8b368a419a8ab64f8cd3d9edfa8b7dcb69 Mon Sep 17 00:00:00 2001 From: Leonardo Chiquitto Date: Mon, 21 Nov 2011 09:20:20 -0300 Subject: [PATCH 11/57] Update Free Software Foundation's address The address has changed from "59 Temple Place, Suite 330, Boston, MA 02111-1307 USA" to "51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA" some time ago. --- client/__init__.py | 2 +- client/actionreader.py | 2 +- client/beautifier.py | 2 +- client/configparserinc.py | 2 +- client/configreader.py | 2 +- client/configurator.py | 2 +- client/csocket.py | 2 +- client/fail2banreader.py | 2 +- client/filterreader.py | 2 +- client/jailreader.py | 2 +- client/jailsreader.py | 2 +- common/__init__.py | 2 +- common/helpers.py | 2 +- common/protocol.py | 2 +- common/version.py | 2 +- fail2ban-client | 2 +- fail2ban-regex | 2 +- fail2ban-server | 2 +- fail2ban-testcases | 2 +- files/cacti/fail2ban_stats.sh | 2 +- files/gentoo-initd | 2 +- server/__init__.py | 2 +- server/action.py | 2 +- server/actions.py | 2 +- server/asyncserver.py | 2 +- server/banmanager.py | 2 +- server/datedetector.py | 2 +- server/datetemplate.py | 2 +- server/faildata.py | 2 +- server/failmanager.py | 2 +- server/failregex.py | 2 +- server/filter.py | 2 +- server/filtergamin.py | 2 +- server/filterpoll.py | 2 +- server/jail.py | 2 +- server/jails.py | 2 +- server/jailthread.py | 2 +- server/mytime.py | 2 +- server/server.py | 2 +- server/ticket.py | 2 +- server/transmitter.py | 2 +- setup.py | 2 +- testcases/__init__.py | 2 +- testcases/actiontestcase.py | 2 +- testcases/banmanagertestcase.py | 2 +- testcases/clientreadertestcase.py | 2 +- testcases/datedetectortestcase.py | 2 +- testcases/failmanagertestcase.py | 2 +- testcases/filtertestcase.py | 2 +- testcases/servertestcase.py | 2 +- 50 files changed, 50 insertions(+), 50 deletions(-) diff --git a/client/__init__.py b/client/__init__.py index 65ba9868..c448827b 100644 --- a/client/__init__.py +++ b/client/__init__.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/client/actionreader.py b/client/actionreader.py index 29672bca..581a1b3c 100644 --- a/client/actionreader.py +++ b/client/actionreader.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/client/beautifier.py b/client/beautifier.py index 104a239e..a75655e7 100644 --- a/client/beautifier.py +++ b/client/beautifier.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/client/configparserinc.py b/client/configparserinc.py index 12ac97a8..7ac8b4a5 100644 --- a/client/configparserinc.py +++ b/client/configparserinc.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Yaroslav Halchenko # Modified: Cyril Jaquier diff --git a/client/configreader.py b/client/configreader.py index 18ae9b9a..063484e8 100644 --- a/client/configreader.py +++ b/client/configreader.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # Modified by: Yaroslav Halchenko (SafeConfigParserWithIncludes) diff --git a/client/configurator.py b/client/configurator.py index 526f218b..0baff2d8 100644 --- a/client/configurator.py +++ b/client/configurator.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/client/csocket.py b/client/csocket.py index 4bfb0510..6e014e23 100644 --- a/client/csocket.py +++ b/client/csocket.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/client/fail2banreader.py b/client/fail2banreader.py index f4f2728f..ee097bd6 100644 --- a/client/fail2banreader.py +++ b/client/fail2banreader.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/client/filterreader.py b/client/filterreader.py index b20c6f83..b7a72f9c 100644 --- a/client/filterreader.py +++ b/client/filterreader.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/client/jailreader.py b/client/jailreader.py index 52d5f82c..81a077c9 100644 --- a/client/jailreader.py +++ b/client/jailreader.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/client/jailsreader.py b/client/jailsreader.py index 9e68dffe..bedc5a3c 100644 --- a/client/jailsreader.py +++ b/client/jailsreader.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/common/__init__.py b/common/__init__.py index 65ba9868..c448827b 100644 --- a/common/__init__.py +++ b/common/__init__.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/common/helpers.py b/common/helpers.py index 5afc3723..6115b971 100644 --- a/common/helpers.py +++ b/common/helpers.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # Author: Arturo 'Buanzo' Busleiman diff --git a/common/protocol.py b/common/protocol.py index 7f0ec9e1..092c32ae 100644 --- a/common/protocol.py +++ b/common/protocol.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/common/version.py b/common/version.py index a745be3c..d5055c14 100644 --- a/common/version.py +++ b/common/version.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/fail2ban-client b/fail2ban-client index 31dd48ca..7025d009 100755 --- a/fail2ban-client +++ b/fail2ban-client @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/fail2ban-regex b/fail2ban-regex index 08aaccaa..fa02a961 100755 --- a/fail2ban-regex +++ b/fail2ban-regex @@ -13,7 +13,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/fail2ban-server b/fail2ban-server index f66bbaf8..3b3c6e69 100755 --- a/fail2ban-server +++ b/fail2ban-server @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/fail2ban-testcases b/fail2ban-testcases index c05a64bd..1ade220d 100755 --- a/fail2ban-testcases +++ b/fail2ban-testcases @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/files/cacti/fail2ban_stats.sh b/files/cacti/fail2ban_stats.sh index afe52466..4d29854f 100644 --- a/files/cacti/fail2ban_stats.sh +++ b/files/cacti/fail2ban_stats.sh @@ -13,7 +13,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # This script can be used to collect data for Cacti. One parameter is needed, # the jail name. It must be a currently running jail. The script returns two diff --git a/files/gentoo-initd b/files/gentoo-initd index af4d8c34..f652d86c 100755 --- a/files/gentoo-initd +++ b/files/gentoo-initd @@ -13,7 +13,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # Author: Sireyessire, Cyril Jaquier # diff --git a/server/__init__.py b/server/__init__.py index 65ba9868..c448827b 100644 --- a/server/__init__.py +++ b/server/__init__.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/action.py b/server/action.py index e8f6bd12..faf50653 100644 --- a/server/action.py +++ b/server/action.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/actions.py b/server/actions.py index e438ab7a..e8c7cdda 100644 --- a/server/actions.py +++ b/server/actions.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/asyncserver.py b/server/asyncserver.py index 3558a2dd..64ec8f39 100644 --- a/server/asyncserver.py +++ b/server/asyncserver.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/banmanager.py b/server/banmanager.py index 328ad032..214916b7 100644 --- a/server/banmanager.py +++ b/server/banmanager.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/datedetector.py b/server/datedetector.py index b4d0a471..faf9f45f 100644 --- a/server/datedetector.py +++ b/server/datedetector.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/datetemplate.py b/server/datetemplate.py index a561abbe..ddf7dc82 100644 --- a/server/datetemplate.py +++ b/server/datetemplate.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/faildata.py b/server/faildata.py index ee396cdb..1f0bda04 100644 --- a/server/faildata.py +++ b/server/faildata.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/failmanager.py b/server/failmanager.py index 73e5f242..82c2ed6f 100644 --- a/server/failmanager.py +++ b/server/failmanager.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/failregex.py b/server/failregex.py index 5bc1c401..8ce9597a 100644 --- a/server/failregex.py +++ b/server/failregex.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/filter.py b/server/filter.py index 3545ad2b..e18f5b7d 100644 --- a/server/filter.py +++ b/server/filter.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/filtergamin.py b/server/filtergamin.py index 0489a2ef..c1a6be3c 100644 --- a/server/filtergamin.py +++ b/server/filtergamin.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/filterpoll.py b/server/filterpoll.py index 618e4bac..05f766e9 100644 --- a/server/filterpoll.py +++ b/server/filterpoll.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/jail.py b/server/jail.py index eefe69e5..fa077f22 100644 --- a/server/jail.py +++ b/server/jail.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/jails.py b/server/jails.py index 1ff94e06..3be38f70 100644 --- a/server/jails.py +++ b/server/jails.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/jailthread.py b/server/jailthread.py index ac102ba3..343ea7e2 100644 --- a/server/jailthread.py +++ b/server/jailthread.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/mytime.py b/server/mytime.py index b64a2b75..286f3d2c 100644 --- a/server/mytime.py +++ b/server/mytime.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/server.py b/server/server.py index 0ecb0cce..950cf82b 100644 --- a/server/server.py +++ b/server/server.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/ticket.py b/server/ticket.py index 81bffa9d..644d3cd1 100644 --- a/server/ticket.py +++ b/server/ticket.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/server/transmitter.py b/server/transmitter.py index 27e966a6..bebba12b 100644 --- a/server/transmitter.py +++ b/server/transmitter.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/setup.py b/setup.py index aff89545..8cb17133 100755 --- a/setup.py +++ b/setup.py @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/testcases/__init__.py b/testcases/__init__.py index 65ba9868..c448827b 100644 --- a/testcases/__init__.py +++ b/testcases/__init__.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/testcases/actiontestcase.py b/testcases/actiontestcase.py index a537ab0c..9f89cfe6 100644 --- a/testcases/actiontestcase.py +++ b/testcases/actiontestcase.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/testcases/banmanagertestcase.py b/testcases/banmanagertestcase.py index 4ff76f41..7d389eed 100644 --- a/testcases/banmanagertestcase.py +++ b/testcases/banmanagertestcase.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/testcases/clientreadertestcase.py b/testcases/clientreadertestcase.py index 74993914..83121345 100644 --- a/testcases/clientreadertestcase.py +++ b/testcases/clientreadertestcase.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/testcases/datedetectortestcase.py b/testcases/datedetectortestcase.py index 074bdb88..e6f690ad 100644 --- a/testcases/datedetectortestcase.py +++ b/testcases/datedetectortestcase.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/testcases/failmanagertestcase.py b/testcases/failmanagertestcase.py index 3c1bce22..e5e0ccca 100644 --- a/testcases/failmanagertestcase.py +++ b/testcases/failmanagertestcase.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/testcases/filtertestcase.py b/testcases/filtertestcase.py index c004c7d2..416423b3 100644 --- a/testcases/filtertestcase.py +++ b/testcases/filtertestcase.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # diff --git a/testcases/servertestcase.py b/testcases/servertestcase.py index ab32eb92..54eac444 100644 --- a/testcases/servertestcase.py +++ b/testcases/servertestcase.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier # From adca2b87e8e1557bd0bc2dc6a5df78d2c98858d0 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Fri, 30 Dec 2011 17:20:58 -0500 Subject: [PATCH 12/57] Changed Copyright information --- server/filterpyinotify.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/server/filterpyinotify.py b/server/filterpyinotify.py index 12317687..1202eb41 100644 --- a/server/filterpyinotify.py +++ b/server/filterpyinotify.py @@ -18,13 +18,11 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Author: Cyril Jaquier -# -# $Revision$ -__author__ = "Cyril Jaquier" +__author__ = "Lee Clemens" __version__ = "$Revision$" __date__ = "$Date$" -__copyright__ = "Copyright (c) 2004 Cyril Jaquier" +__copyright__ = "Copyright (c) 2011 Lee Clemens" __license__ = "GPL" from failmanager import FailManagerEmpty From b0830385ed4e92fff7248cf664dbb02d576d2cef Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Sat, 31 Dec 2011 02:01:19 -0500 Subject: [PATCH 13/57] Update Free Software Foundation's address --- server/filterpyinotify.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/filterpyinotify.py b/server/filterpyinotify.py index 1202eb41..11c5f911 100644 --- a/server/filterpyinotify.py +++ b/server/filterpyinotify.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier From 4c130634980f2acc3b9d7352529d9f5a388435c1 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Sat, 31 Dec 2011 03:33:58 -0500 Subject: [PATCH 14/57] Added addLogPath and delLogPath functionality (adds/removes paths from the WatchManager) --- server/filterpyinotify.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/server/filterpyinotify.py b/server/filterpyinotify.py index 11c5f911..ec6f53da 100644 --- a/server/filterpyinotify.py +++ b/server/filterpyinotify.py @@ -54,6 +54,7 @@ class FilterPyinotify(FileFilter): # Pyinotify watch manager self.monitor = pyinotify.WatchManager() logSys.debug("Created FilterPyinotify") + self.__watches = dict() def callback(self, path): @@ -76,7 +77,8 @@ class FilterPyinotify(FileFilter): if self.containsLogPath(path): logSys.error(path + " already exists") else: - self.monitor.add_watch(path, pyinotify.IN_MODIFY) + wd = self.monitor.add_watch(path, pyinotify.IN_MODIFY) + self.__watches.update(wd) FileFilter.addLogPath(self, path, tail) logSys.info("Added logfile = %s" % path) @@ -89,8 +91,14 @@ class FilterPyinotify(FileFilter): if not self.containsLogPath(path): logSys.error(path + " is not monitored") else: - FileFilter.delLogPath(self, path) - logSys.info("Removed logfile = %s" % path) + wdInt = self.__watches[path] + wd = self.monitor.rm_watch(wdInt) + if wd[wdInt]: + del self.__watches[path] + FileFilter.delLogPath(self, path) + logSys.info("Removed logfile = %s" % path) + else: + logSys.error("Failed to remove watch on path: %s", path) ## # Main loop. From 5c4ec6e7fb83022d7305c7fa83a71c2a637421e9 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Sat, 31 Dec 2011 03:37:43 -0500 Subject: [PATCH 15/57] Renamed Notifier and Watch Manager to start with __ prefix --- server/filterpyinotify.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/server/filterpyinotify.py b/server/filterpyinotify.py index ec6f53da..c5ca6b99 100644 --- a/server/filterpyinotify.py +++ b/server/filterpyinotify.py @@ -52,7 +52,7 @@ class FilterPyinotify(FileFilter): FileFilter.__init__(self, jail) self.__modified = False # Pyinotify watch manager - self.monitor = pyinotify.WatchManager() + self.__monitor = pyinotify.WatchManager() logSys.debug("Created FilterPyinotify") self.__watches = dict() @@ -77,7 +77,7 @@ class FilterPyinotify(FileFilter): if self.containsLogPath(path): logSys.error(path + " already exists") else: - wd = self.monitor.add_watch(path, pyinotify.IN_MODIFY) + wd = self.__monitor.add_watch(path, pyinotify.IN_MODIFY) self.__watches.update(wd) FileFilter.addLogPath(self, path, tail) logSys.info("Added logfile = %s" % path) @@ -92,7 +92,7 @@ class FilterPyinotify(FileFilter): logSys.error(path + " is not monitored") else: wdInt = self.__watches[path] - wd = self.monitor.rm_watch(wdInt) + wd = self.__monitor.rm_watch(wdInt) if wd[wdInt]: del self.__watches[path] FileFilter.delLogPath(self, path) @@ -109,14 +109,14 @@ class FilterPyinotify(FileFilter): def run(self): self.setActive(True) - self.notifier = pyinotify.ThreadedNotifier(self.monitor, + self.__notifier = pyinotify.ThreadedNotifier(self.__monitor, ProcessPyinotify(self)) - self.notifier.start() + self.__notifier.start() while self._isActive(): if not self.getIdle(): - self.notifier.process_events() - if self.notifier.check_events(): - self.notifier.read_events() + self.__notifier.process_events() + if self.__notifier.check_events(): + self.__notifier.read_events() else: time.sleep(self.getSleepTime()) # Cleanup pyinotify @@ -131,14 +131,14 @@ class FilterPyinotify(FileFilter): # Call super to set __isRunning super(FilterPyinotify, self).stop() # Now stop the Notifier, otherwise we're deadlocked - self.notifier.stop() + self.__notifier.stop() ## # Deallocates the resources used by pyinotify. def __cleanup(self): - del self.notifier - del self.monitor + del self.__notifier + del self.__monitor class ProcessPyinotify(pyinotify.ProcessEvent): From aa4514bffa36d296de0f9dd8dfc9193e178d33d4 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Sat, 31 Dec 2011 03:39:25 -0500 Subject: [PATCH 16/57] Removed PYINOTIFY prefix to debug statement for Callback for Event --- server/filterpyinotify.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/filterpyinotify.py b/server/filterpyinotify.py index c5ca6b99..94e2328c 100644 --- a/server/filterpyinotify.py +++ b/server/filterpyinotify.py @@ -149,5 +149,5 @@ class ProcessPyinotify(pyinotify.ProcessEvent): # just need default, since using mask on watch to limit events def process_default(self, event): - logSys.debug("PYINOTIFY: Callback for Event: %s" % event) + logSys.debug("Callback for Event: %s" % event) self.__FileFilter.callback(event.pathname) From 02894623cfcabef6773051ab43bd6ba10b2b351c Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Tue, 3 Jan 2012 20:14:24 -0500 Subject: [PATCH 17/57] Moved dict() above debug statement --- server/filterpyinotify.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/filterpyinotify.py b/server/filterpyinotify.py index 94e2328c..2f466960 100644 --- a/server/filterpyinotify.py +++ b/server/filterpyinotify.py @@ -53,8 +53,8 @@ class FilterPyinotify(FileFilter): self.__modified = False # Pyinotify watch manager self.__monitor = pyinotify.WatchManager() - logSys.debug("Created FilterPyinotify") self.__watches = dict() + logSys.debug("Created FilterPyinotify") def callback(self, path): From c9945db756f974a446a6d759cfe2fd92086b2cff Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Tue, 3 Jan 2012 21:30:55 -0500 Subject: [PATCH 18/57] Updated TODO --- TODO | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/TODO b/TODO index 2b17c916..ce40ebcf 100644 --- a/TODO +++ b/TODO @@ -19,8 +19,6 @@ Legend: - Add timeout to external commands (signal alarm, watchdog thread, etc) -- New backend: pyinotify - - Uniformize filters and actions name. Use the software name (openssh, postfix, proftp) @@ -52,3 +50,5 @@ Legend: # better return values in function # refactoring in server.py, actions.py, filter.py + +* New backend: pyinotify From 9092a63ce5ef90c0d135ed8a17b3f9e87d9a4ffd Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Thu, 5 Jan 2012 20:14:34 -0500 Subject: [PATCH 19/57] Changed TLDs to invalid domains, in accordance with RFC 2606 --- testcases/filtertestcase.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testcases/filtertestcase.py b/testcases/filtertestcase.py index 416423b3..6c29bdd6 100644 --- a/testcases/filtertestcase.py +++ b/testcases/filtertestcase.py @@ -223,11 +223,11 @@ class GetFailures(unittest.TestCase): class DNSUtilsTests(unittest.TestCase): def testTextToIp(self): + # Bogus addresses which should have no DNS matches bogus = [ - 'doh1.2.3.4.buga.xxxxx.yyy', - '1.2.3.4.buga.xxxxx.yyy', + 'doh1.2.3.4.buga.xxxxx.yyy.invalid', + '1.2.3.4.buga.xxxxx.yyy.invalid', ] - """Really bogus addresses which should have no matches""" for s in bogus: res = DNSUtils.textToIp(s) self.assertEqual(res, []) From 7821174da887b5072a54421c9f5afa86cb6e309f Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Sat, 7 Jan 2012 19:03:11 -0500 Subject: [PATCH 20/57] FIX: direct users to issues on github instead of bothering cyril --- man/fail2ban-client.1 | 2 +- man/fail2ban-regex.1 | 2 +- man/fail2ban-server.1 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/man/fail2ban-client.1 b/man/fail2ban-client.1 index d0217175..1bbddf09 100644 --- a/man/fail2ban-client.1 +++ b/man/fail2ban-client.1 @@ -251,7 +251,7 @@ action for Written by Cyril Jaquier . Many contributions by Yaroslav O. Halchenko . .SH "REPORTING BUGS" -Report bugs to +Report bugs on https://github.com/fail2ban/fail2ban/issues .SH COPYRIGHT Copyright \(co 2004-2008 Cyril Jaquier .br diff --git a/man/fail2ban-regex.1 b/man/fail2ban-regex.1 index 94acee74..0dac089d 100644 --- a/man/fail2ban-regex.1 +++ b/man/fail2ban-regex.1 @@ -42,7 +42,7 @@ path to a filter file (filter.d/sshd.conf) Written by Cyril Jaquier . Many contributions by Yaroslav O. Halchenko . .SH "REPORTING BUGS" -Report bugs to +Report bugs on https://github.com/fail2ban/fail2ban/issues .SH COPYRIGHT Copyright \(co 2004-2008 Cyril Jaquier .br diff --git a/man/fail2ban-server.1 b/man/fail2ban-server.1 index 7212bcdd..5f4f15b7 100644 --- a/man/fail2ban-server.1 +++ b/man/fail2ban-server.1 @@ -35,7 +35,7 @@ print the version Written by Cyril Jaquier . Many contributions by Yaroslav O. Halchenko . .SH "REPORTING BUGS" -Report bugs to +Report bugs on https://github.com/fail2ban/fail2ban/issues .SH COPYRIGHT Copyright \(co 2004-2008 Cyril Jaquier .br From 959146128fe71efdcc9714d2e1e98fe204cfa6e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 6 Jan 2012 00:52:43 +0100 Subject: [PATCH 21/57] DOC: add documentation for xt_recent-echo without root Conflicts: debian/docs -- was only for the debian/ branch --- doc/run-rootless.txt | 75 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 doc/run-rootless.txt diff --git a/doc/run-rootless.txt b/doc/run-rootless.txt new file mode 100644 index 00000000..1a04b6f7 --- /dev/null +++ b/doc/run-rootless.txt @@ -0,0 +1,75 @@ +Fail2ban normally requires root priviledges to insert iptables rules +through calls to /sbin/iptables and also to read the logfiles. +Fail2ban can run as an unpriviledged user provided that those two +capabilites are preserved. The idea is to run fail2ban as a normal +user (e.g. fail2ban) who belongs to a group which is allowed to read +logfiles. The user should also be allowed to write to +/proc/net/xt_recent/fail2ban- (name is specified in the iptables +rule). + +/proc/net/xt_recent/* is created by the xt_recent kernel module when +an iptables rule with '-m limit' is inserted. This file contains a +dynamic list of IP addresses which can than be used in iptables rules. +Addresses can be matched against this list, with an optional timeout. +One way to use xt_recent is to insert IPs into this list from an +iptables rule, e.g. after connecting to the SSH port three times in a +minute. This is the standard usage described in iptables(3). + +Another way to use xt_recent is by inserting the rules by writing to +/proc/net/xt_recent/fail2ban-. This can be performed by a fail2ban +action. Files in /proc/net/xt_recent/ are protected by normal +filesystem rules, so can be chown'ed and chmod'ed to be writable by a +certain user. After the necessary iptables rules are inserted (which +requires root priviledges), blacklisting can be perfomed by an +unpriviledged user. + +Using fail2ban with xt_recent allows smarter filtering than normal +iptables rules with the xt_recent module can provide. + +The disadvantage is that fail2ban cannot perform the setup by itself, +which would require the priviledge to call /sbin/iptables, and it must +be done through other means. + +The primary advantage is obvious: it's generally better to run +services not as root. This setup is more robust, because xt_recent has +it's own memory management and should behave smartly in case a very +large amount of IPs is blocked. Also in case the fail2ban process dies +the rules expire automatically. In case of a large amount of blocked +IPs, traversing rules linearly for each SYN packet as fail2ban +normally inserts them will be slow, but xt_recent with the same number +of IPs would be much faster. (Didn't test this, so this is pure +handwaving, but it should really be this way ;)) From the +administrators point of view, a setup with xt_recent might also be +easier, because it's very simple to modify the permissions on +/proc/net/xt_recent/fail2ban- to be readable or writable by +some user and thus allow delisting IPs by helper administrators +without the ability to mess up other iptables rules. + +The xt_recent-echo jail can be used under the root user without +further configuration. To run not as root, futher setup is necessary: + +- add user fail2ban who can read /var/log/auth.log and other + necessary log files. Log files are owned by group 'adm', so + it is enough if this user belongs to this group. + + The user can be created e.g. with + useradd --system --no-create-home --home-dir / --groups adm fail2ban + +- put a rule to check the xt_recent list in the static firewall + initialization script, with a name like fail2ban-ssh. + + Sample invocation might be + iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban- -j DROP + with suitably replaced. + +- set FAIL2BAN_USER in /etc/default/fail2ban. + + This probably should be fail2ban. + +- make sure that logfiles of fail2ban itself are writable by the + fail2ban user. /etc/init.d/fail2ban will change the ownership at + startup, but it is also necessary to modify + /etc/logrotate.d/fail2ban. + + The simplest way is to replace '# create ...' with the following + # create 640 fail2ban adm From f3f80d49ce122ae95add1f79e04a0508db996742 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Sat, 7 Jan 2012 19:43:15 -0500 Subject: [PATCH 22/57] DOC: a bit extended and reordered run-rootless.txt --- doc/run-rootless.txt | 49 +++++++++++++++++++++++++++++--------------- 1 file changed, 33 insertions(+), 16 deletions(-) diff --git a/doc/run-rootless.txt b/doc/run-rootless.txt index 1a04b6f7..85a8f766 100644 --- a/doc/run-rootless.txt +++ b/doc/run-rootless.txt @@ -48,28 +48,45 @@ without the ability to mess up other iptables rules. The xt_recent-echo jail can be used under the root user without further configuration. To run not as root, futher setup is necessary: -- add user fail2ban who can read /var/log/auth.log and other - necessary log files. Log files are owned by group 'adm', so - it is enough if this user belongs to this group. +- Create user: - The user can be created e.g. with - useradd --system --no-create-home --home-dir / --groups adm fail2ban + - set FAIL2BAN_USER in /etc/default/fail2ban. -- put a rule to check the xt_recent list in the static firewall - initialization script, with a name like fail2ban-ssh. + This probably should be fail2ban. - Sample invocation might be - iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban- -j DROP - with suitably replaced. + - add user fail2ban who can read /var/log/auth.log and other + necessary log files. Log files are owned by group 'adm', so + it is enough if this user belongs to this group. -- set FAIL2BAN_USER in /etc/default/fail2ban. + The user can be created e.g. with - This probably should be fail2ban. + useradd --system --no-create-home --home-dir / --groups adm fail2ban -- make sure that logfiles of fail2ban itself are writable by the - fail2ban user. /etc/init.d/fail2ban will change the ownership at - startup, but it is also necessary to modify - /etc/logrotate.d/fail2ban. +- Statically initialize chains firewall: + + - put a rule to check the xt_recent list in the static firewall initialization + script, with names like fail2ban-ssh (action uses separate chains per each + jail, so define here the ones you need 1-per-jail) + + Sample invocation might be + + iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban- -j DROP + + with suitably replaced. + + - suppress actionstart for iptables-xt_recent-echo action by creating an override file + iptables-xt_recent-echo.local to accompany iptables-xt_recent-echo.conf with + + [Definition] + actionstart = + +- Permissions: + + make sure that configuration files under /etc/fail2ban are readable by + fail2ban user. Make sure that logfiles of fail2ban itself are writable + by the fail2ban user. /etc/init.d/fail2ban will change the ownership at + startup, but it is also necessary to modify /etc/logrotate.d/fail2ban. The simplest way is to replace '# create ...' with the following # create 640 fail2ban adm + From f9ccc0543f674dd5ab0ca362bfe41fb660396833 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Sun, 8 Jan 2012 14:27:00 -0500 Subject: [PATCH 23/57] Added pyinotify requirements to README --- README | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README b/README index 4b5048ed..556e2fac 100644 --- a/README +++ b/README @@ -22,7 +22,12 @@ Required: >=python-2.3 (http://www.python.org) Optional: - >=gamin-0.0.21 (http://www.gnome.org/~veillard/gamin) + pyinotify: + >=linux-2.6.13 + >=python-2.4 + >=pyinotify-0.8.3 (https://github.com/seb-m/pyinotify) + Gamin: + >=gamin-0.0.21 (http://www.gnome.org/~veillard/gamin) To install, just do: From 7413817f9acb239c2e4fd088d7a35d7819c8998f Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Sun, 8 Jan 2012 21:27:12 -0500 Subject: [PATCH 24/57] RF: for pyinotify's filter -- adjusted authors/copyright and avoided super() for old-style class --- server/filterpyinotify.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/server/filterpyinotify.py b/server/filterpyinotify.py index 2f466960..66d43e53 100644 --- a/server/filterpyinotify.py +++ b/server/filterpyinotify.py @@ -17,12 +17,10 @@ # along with Fail2Ban; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# Author: Cyril Jaquier +# Original author: Cyril Jaquier -__author__ = "Lee Clemens" -__version__ = "$Revision$" -__date__ = "$Date$" -__copyright__ = "Copyright (c) 2011 Lee Clemens" +__author__ = "Cyril Jaquier, Lee Clemens, Yaroslav Halchenko" +__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2012 Lee Clemens, 2012 Yaroslav Halchenko" __license__ = "GPL" from failmanager import FailManagerEmpty @@ -143,7 +141,11 @@ class FilterPyinotify(FileFilter): class ProcessPyinotify(pyinotify.ProcessEvent): def __init__(self, FileFilter, **kargs): - super(ProcessPyinotify, self).__init__(**kargs) + #super(ProcessPyinotify, self).__init__(**kargs) + # for some reason root class _ProcessEvent is old-style (is + # not derived from object), so to play safe let's avoid super + # for now, and call superclass directly + pyinotify.ProcessEvent.__init__(self, **kargs) self.__FileFilter = FileFilter pass From f90d53fc2616d38b7ee2d65ba13ee7c0f1463b0c Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Sun, 8 Jan 2012 21:29:43 -0500 Subject: [PATCH 25/57] RF: traverse known backends in a loop should now be - easier to comprehend - more scalable happens new backends come - more informative with all the info and debug messages NB not sure why __setBackend was instance's attribute, now there is a method _setBackend --- server/jail.py | 82 +++++++++++++++++++++++++------------------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/server/jail.py b/server/jail.py index ff7f4e25..4307db78 100644 --- a/server/jail.py +++ b/server/jail.py @@ -18,13 +18,9 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Author: Cyril Jaquier -# -# $Revision$ -__author__ = "Cyril Jaquier" -__version__ = "$Revision$" -__date__ = "$Date$" -__copyright__ = "Copyright (c) 2004 Cyril Jaquier" +__author__ = "Cyril Jaquier, Lee Celemens, Yaroslav Halchenko" +__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2012 Lee Clemens, 2012 Yaroslav Halchenko" __license__ = "GPL" import Queue, logging @@ -35,58 +31,62 @@ from actions import Actions logSys = logging.getLogger("fail2ban.jail") class Jail: - + + _BACKENDS = ('pyinotify', 'gamin', 'pull') + """Known backends. Each backend should have corresponding + __initBackend method + """ + def __init__(self, name, backend = "auto"): self.__name = name self.__queue = Queue.Queue() self.__filter = None logSys.info("Creating new jail '%s'" % self.__name) - self.__setBackend = False - if backend == "auto": - # Quick-escape for auto (default/fall-back condition) - self.__setBackend = False - elif backend == "pyinotify": - try: - self.__initPyinotify() - self.__setBackend = True - except ImportError: - self.__setBackend = False - elif backend == "gamin": - try: - self.__initGamin() - self.__setBackend = True - except ImportError: - self.__setBackend = False - elif backend == "polling": - self.__initPoller() - self.__setBackend = True + self._setBackend(backend) - if not self.__setBackend: - # If auto, or unrecognized, or failed using an explicit value - try: - self.__initPyinotify() - except ImportError: - try: - self.__initGamin() - except ImportError: - self.__initPoller() - self.__setBackend = True + def _setBackend(self, backend): + backend = backend.lower() # to assure consistent matching - self.__action = Actions(self) - - def __initPoller(self): + backends = self._BACKENDS + if backend != 'auto': + # we have got strict specification of the backend to use + if not (backend in self._BACKENDS): + raise ValueError("Unknown backend %s. Must be among %s or 'auto'" + % (backend, backends)) + # so explore starting from it till the 'end' + backends = backends[backends.index(backend):] + + for b in backends: + initmethod = getattr(self, '_init%s' % b.capitalize()) + try: + initmethod() + if backend != 'auto' and b != backend: + logSys.warning("Could only initiated %r backend whenever " + "%r was requested" % (b, backend)) + else: + logSys.info("Initiated %r backend" % b) + self.__action = Actions(self) + return # we are done + except ImportError, e: + logSys.debug( + "Backend %r failed to initialize due to %s" % (b, e)) + raise RuntimeError( + "We should have initialized at least 'polling' backend") + + + def _initPoller(self): logSys.info("Jail '%s' uses poller" % self.__name) from filterpoll import FilterPoll self.__filter = FilterPoll(self) - def __initGamin(self): + def _initGamin(self): # Try to import gamin import gamin logSys.info("Jail '%s' uses Gamin" % self.__name) from filtergamin import FilterGamin self.__filter = FilterGamin(self) - def __initPyinotify(self): + def _initPyinotify(self): # Try to import pyinotify import pyinotify logSys.info("Jail '%s' uses pyinotify" % self.__name) From b7adb290887644a23927d5ffd27bf34ef2ba0d1a Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Mon, 9 Jan 2012 19:30:49 -0500 Subject: [PATCH 26/57] Spelling, Changed docstring to comment --- server/jail.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/server/jail.py b/server/jail.py index 4307db78..dd179a30 100644 --- a/server/jail.py +++ b/server/jail.py @@ -19,7 +19,7 @@ # Author: Cyril Jaquier -__author__ = "Cyril Jaquier, Lee Celemens, Yaroslav Halchenko" +__author__ = "Cyril Jaquier, Lee Clemens, Yaroslav Halchenko" __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2012 Lee Clemens, 2012 Yaroslav Halchenko" __license__ = "GPL" @@ -32,10 +32,8 @@ logSys = logging.getLogger("fail2ban.jail") class Jail: - _BACKENDS = ('pyinotify', 'gamin', 'pull') - """Known backends. Each backend should have corresponding - __initBackend method - """ + #Known backends. Each backend should have corresponding __initBackend method + _BACKENDS = ('pyinotify', 'gamin', 'polling') def __init__(self, name, backend = "auto"): self.__name = name From 7d465f98c109801d6162ecb01d301aee7fbe2d8c Mon Sep 17 00:00:00 2001 From: Xavier Devlamynck Date: Wed, 11 Jan 2012 16:35:40 +0100 Subject: [PATCH 27/57] Add asterisk support --- config/filter.d/asterisk.conf | 32 ++++++++++++++++++++++++++++++++ config/jail.conf | 8 ++++++++ 2 files changed, 40 insertions(+) create mode 100644 config/filter.d/asterisk.conf diff --git a/config/filter.d/asterisk.conf b/config/filter.d/asterisk.conf new file mode 100644 index 00000000..6d493f13 --- /dev/null +++ b/config/filter.d/asterisk.conf @@ -0,0 +1,32 @@ +# Fail2Ban configuration file +# +# Author: Xavier Devlamynck +# +# $Revision$ +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P\S+) +# Values: TEXT +# +failregex = NOTICE.* .*: Registration from '.*' failed for '' - Wrong password + NOTICE.* .*: Registration from '.*' failed for '' - No matching peer found + NOTICE.* .*: Registration from '.*' failed for '' - Username/auth name mismatch + NOTICE.* .*: Registration from '.*' failed for '' - Device does not match ACL + NOTICE.* .*: Registration from '.*' failed for '' - Peer is not supposed to register + NOTICE.* .*: Registration from '.*' failed for '' - ACL error (permit/deny) + NOTICE.* failed to authenticate as '.*'$ + NOTICE.* .*: No registration for peer '.*' \(from \) + NOTICE.* .*: Host failed MD5 authentication for '.*' (.*) + NOTICE.* .*: Failed to authenticate user .*@.* + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/config/jail.conf b/config/jail.conf index cdef1cb3..6ebb223b 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -254,3 +254,11 @@ action = iptables-multiport[name=Named, port="domain,953", protocol=tcp] logpath = /var/log/named/security.log ignoreip = 168.192.0.1 +[asterisk] +enabled = true +filter = asterisk +action = iptables-multiport[name=Asterisk, port="5060", protocol="tcp,udp"] + sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com] +logpath = /var/log/asterisk/messages +maxretry = 5 +bantime = 259200 From 29c8e43354740e98cec0a8e36e2f44be764fac2e Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Wed, 11 Jan 2012 17:20:07 -0500 Subject: [PATCH 28/57] BF: must be named _initPolling to be consistent with the 'polling' value --- server/jail.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/jail.py b/server/jail.py index dd179a30..8e249bff 100644 --- a/server/jail.py +++ b/server/jail.py @@ -72,7 +72,7 @@ class Jail: "We should have initialized at least 'polling' backend") - def _initPoller(self): + def _initPolling(self): logSys.info("Jail '%s' uses poller" % self.__name) from filterpoll import FilterPoll self.__filter = FilterPoll(self) From a1898b18401af16bc045dc1d27b18167246e58bd Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Thu, 12 Jan 2012 00:29:36 -0500 Subject: [PATCH 29/57] Fixed and added error message if no backends initialized. INVALID COMMAND is printed when RuntimeError is raised, so we don't get to see the error's message --- server/jail.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server/jail.py b/server/jail.py index 8e249bff..4e105f8e 100644 --- a/server/jail.py +++ b/server/jail.py @@ -68,8 +68,11 @@ class Jail: except ImportError, e: logSys.debug( "Backend %r failed to initialize due to %s" % (b, e)) + # log error since runtime error message isn't printed, INVALID COMMAND + logSys.error( + "Failed to initialize any backend for jail %s" % self.__name) raise RuntimeError( - "We should have initialized at least 'polling' backend") + "Failed to initialize any backend for jail %s" % self.__name) def _initPolling(self): From 642d9afb9af5aef7e2dcb6edbe7b91e28ceecf2e Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Thu, 12 Jan 2012 00:32:37 -0500 Subject: [PATCH 30/57] Reformated printing of jail's name to be consistent with init's info messages --- server/jail.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/jail.py b/server/jail.py index 4e105f8e..61545791 100644 --- a/server/jail.py +++ b/server/jail.py @@ -70,9 +70,9 @@ class Jail: "Backend %r failed to initialize due to %s" % (b, e)) # log error since runtime error message isn't printed, INVALID COMMAND logSys.error( - "Failed to initialize any backend for jail %s" % self.__name) + "Failed to initialize any backend for Jail %r" % self.__name) raise RuntimeError( - "Failed to initialize any backend for jail %s" % self.__name) + "Failed to initialize any backend for jail %r" % self.__name) def _initPolling(self): From 3282f8665173dfe4d37b4d1364ade5a7054d0733 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Thu, 12 Jan 2012 00:33:12 -0500 Subject: [PATCH 31/57] capitalized Jail --- server/jail.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/jail.py b/server/jail.py index 61545791..f5fd3b04 100644 --- a/server/jail.py +++ b/server/jail.py @@ -72,7 +72,7 @@ class Jail: logSys.error( "Failed to initialize any backend for Jail %r" % self.__name) raise RuntimeError( - "Failed to initialize any backend for jail %r" % self.__name) + "Failed to initialize any backend for Jail %r" % self.__name) def _initPolling(self): From e7dce7cc5a6c4b62f2133e7e5985ebfe4eadf49c Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Thu, 12 Jan 2012 01:05:51 -0500 Subject: [PATCH 32/57] BF: Added logging above ValueError, since only INVALID COMMAND is printed by calling method --- server/jail.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/server/jail.py b/server/jail.py index f5fd3b04..53048b98 100644 --- a/server/jail.py +++ b/server/jail.py @@ -49,8 +49,10 @@ class Jail: if backend != 'auto': # we have got strict specification of the backend to use if not (backend in self._BACKENDS): + logSys.error("Unknown backend %s. Must be among %s or 'auto'" + % (backend, backends)) raise ValueError("Unknown backend %s. Must be among %s or 'auto'" - % (backend, backends)) + % (backend, backends)) # so explore starting from it till the 'end' backends = backends[backends.index(backend):] From d73a71f5cf8437744091c8cff834600da7a27af5 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Thu, 12 Jan 2012 23:23:41 -0500 Subject: [PATCH 33/57] ENH: Add usedns parameter for the jails following commits were squashed from feature branch use_dns commit 068c105eb58b85aaf5ad9df02e7f4122a4efea81 Author: Lee Clemens Date: Tue Jan 10 22:19:04 2012 -0500 Prevent warning when IP is read from log commit 635ed36a8c7280658d501318d882f6e9dd426343 Author: Lee Clemens Date: Tue Jan 10 22:17:08 2012 -0500 Removed logDebug commit 24656d2812c18e0f9312ce36d42ef51ecb68b354 Merge: 7957fbe c429f5c Author: Lee Clemens Date: Tue Jan 10 21:13:11 2012 -0500 Merge branch 'enh/use_dns' of github:leeclemens/fail2ban into enh/use_dns Conflicts: testcases/filtertestcase.py commit 7957fbe821b0cebf162f64b4627a345db551c2d0 Author: Lee Clemens Date: Tue Jan 10 21:09:58 2012 -0500 filtertestcase fixes from yarikoptic commit 6ce9d04640789c1eb587454d2ec95d61f7b67ce8 Author: Yaroslav Halchenko Date: Tue Jan 10 19:26:05 2012 -0500 RF: for consistency use_dns -> usedns I guess it was might fault of inconsistency suggesting that name. Other options/commands do not have _ in the names, so let it be consistent with the rest for now commit cfb2c75b49942b127fff6da4e4e349c667606b5d Author: Lee Clemens Date: Tue Jan 10 19:18:41 2012 -0500 Updated DNSUtilsTests to test use_dns and added positive test to testTextToIp commit f6186eff14ff1ff9da42f30c7f6268fd792104e6 Author: Lee Clemens Date: Tue Jan 10 19:02:04 2012 -0500 Changed wording of 'DNS Reverse lookup used' message commit 82c62d29dc49582594ff86fb24dc710654ea6269 Author: Lee Clemens Date: Tue Jan 10 18:53:17 2012 -0500 Removed extraneous "n" commit dc0ae2193227cbf8e837bdd173403edbd68afd9a Author: Lee Clemens Date: Mon Jan 9 23:07:59 2012 -0500 ENH: use_dns - removed debugging statements commit 594e25818cd6b5dd366194d7e74af99294c5a394 Author: Lee Clemens Date: Mon Jan 9 22:53:39 2012 -0500 Added use_dns protocol to set and get per jail during runtime commit 48ff80ffac25d8c3d538e5c05678514f6c9628f6 Author: Lee Clemens Date: Mon Jan 9 22:41:18 2012 -0500 Completed use_dns for initial startup - with debugging statements commit 0bdab4c2d7f0d0c29d4999e70db5f748b51fe1b5 Author: Lee Clemens Date: Mon Jan 9 20:05:35 2012 -0500 ENH: Added use_dns option commit 6d6b734ea51a2f2792ed34d9a4227bb7a3361adb Author: Lee Clemens Date: Mon Jan 9 20:01:34 2012 -0500 ENH: Added use_dns option commit 11ad2b61254ee03fa761e0c3a7e4905dd89bc54a Author: Lee Clemens Date: Mon Jan 9 19:17:30 2012 -0500 Added useDns flag to testcase commit b48fa9b6af242fc04c1d1fe1ddf8f7bc1c8fdeed Author: Lee Clemens Date: Sun Jan 8 15:13:27 2012 -0500 Added use_dns option in jail.conf commit c429f5c91ae935b359e28376b2120eb3d6ea0ad7 Merge: 4b18afb 0021906 Author: leeclemens Date: Tue Jan 10 16:32:22 2012 -0800 Merge pull request #3 from yarikoptic/enh/use_dns let's be consistent ;-) commit 0021906358e50c9f53d2fa98ba853a16f6388078 Author: Yaroslav Halchenko Date: Tue Jan 10 19:26:05 2012 -0500 RF: for consistency use_dns -> usedns I guess it was might fault of inconsistency suggesting that name. Other options/commands do not have _ in the names, so let it be consistent with the rest for now commit 4b18afb28a5be525913ad552459bfb3287ccfda5 Author: Lee Clemens Date: Tue Jan 10 19:18:41 2012 -0500 Updated DNSUtilsTests to test use_dns and added positive test to testTextToIp commit 4fae37e46fef62058738040325a3c9cd2be11d45 Author: Lee Clemens Date: Tue Jan 10 19:02:04 2012 -0500 Changed wording of 'DNS Reverse lookup used' message commit e94806ce4804ff3bdc124a0f5265602987245525 Author: Lee Clemens Date: Tue Jan 10 18:53:17 2012 -0500 Removed extraneous "n" commit 4d30c5290725b7d92b0a8f49c1eb5a6a2d12b32e Author: Lee Clemens Date: Mon Jan 9 23:07:59 2012 -0500 ENH: use_dns - removed debugging statements commit 76696d452ae59e0fa161e1f85e31c6411352f966 Author: Lee Clemens Date: Mon Jan 9 22:53:39 2012 -0500 Added use_dns protocol to set and get per jail during runtime commit 06316180870a0349630e27f7ef078624c6f006cd Author: Lee Clemens Date: Mon Jan 9 22:41:18 2012 -0500 Completed use_dns for initial startup - with debugging statements commit d23d495547fe382ea6669c30eeac5033284b4c5f Author: Lee Clemens Date: Mon Jan 9 20:05:35 2012 -0500 ENH: Added use_dns option commit 9538553bc5a71faf23b5b810b83d7acb133c8d56 Author: Lee Clemens Date: Mon Jan 9 20:01:34 2012 -0500 ENH: Added use_dns option commit ae1e857e53e0c014da5b717976536be172a37dc1 Author: Lee Clemens Date: Mon Jan 9 19:17:30 2012 -0500 Added useDns flag to testcase commit ace43eb94128f32538182472fd35e97c220bbf34 Author: Lee Clemens Date: Sun Jan 8 15:13:27 2012 -0500 Added use_dns option in jail.conf --- client/jailreader.py | 3 +++ common/protocol.py | 2 ++ config/jail.conf | 10 +++++++ server/filter.py | 53 ++++++++++++++++++++++++++----------- server/server.py | 6 +++++ server/transmitter.py | 6 +++++ testcases/filtertestcase.py | 22 +++++++++++---- 7 files changed, 82 insertions(+), 20 deletions(-) diff --git a/client/jailreader.py b/client/jailreader.py index 81a077c9..f66dc010 100644 --- a/client/jailreader.py +++ b/client/jailreader.py @@ -65,6 +65,7 @@ class JailReader(ConfigReader): ["int", "maxretry", 3], ["int", "findtime", 600], ["int", "bantime", 600], + ["string", "usedns", "warn"], ["string", "failregex", None], ["string", "ignoreregex", None], ["string", "ignoreip", None], @@ -122,6 +123,8 @@ class JailReader(ConfigReader): stream.append(["set", self.__name, "findtime", self.__opts[opt]]) elif opt == "bantime": stream.append(["set", self.__name, "bantime", self.__opts[opt]]) + elif opt == "usedns": + stream.append(["set", self.__name, "usedns", self.__opts[opt]]) elif opt == "failregex": stream.append(["set", self.__name, "addfailregex", self.__opts[opt]]) elif opt == "ignoreregex": diff --git a/common/protocol.py b/common/protocol.py index 092c32ae..db2b07eb 100644 --- a/common/protocol.py +++ b/common/protocol.py @@ -62,6 +62,7 @@ protocol = [ ["set delignoreregex ", "removes the regular expression at for ignoreregex"], ["set findtime