From cad09d2df3f0a6f2fec52bdcf8b9dbb5f01eb593 Mon Sep 17 00:00:00 2001 From: sebres Date: Fri, 28 Nov 2014 03:17:47 +0100 Subject: [PATCH 1/5] BF: failregex declared direct in jail was joined to single line, (specifying of multiple expressions was not possible); feature request (gh-867): new options for jail introduced addfailregex/addignoreregex: extends regex specified in filter (opposite to failregex/ignoreregex that overwrites it); --- ChangeLog | 6 ++++++ fail2ban/client/jailreader.py | 11 ++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1cd21884..7c0c61c5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,8 +14,14 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released * $ typo in jail.conf. Thanks Skibbi. Debian bug #767255 * grep'ing for IP in *mail-whois-lines.conf should now match also at the begginning and EOL. Thanks Dean Lee + * failregex declared in jail was joined to single line (specifying of multiple + expressions was not possible). + - New Features: + - new options for jail introduced addfailregex/addignoreregex: extends regex + specified in filter (opposite to failregex/ignoreregex that overwrites it) + see gh-867. - Enhancements: * Enable multiport for firewallcmd-new action. Closes gh-834 diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py index 84cc5e2a..01186a1e 100644 --- a/fail2ban/client/jailreader.py +++ b/fail2ban/client/jailreader.py @@ -97,6 +97,8 @@ class JailReader(ConfigReader): ["string", "usedns", None], ["string", "failregex", None], ["string", "ignoreregex", None], + ["string", "addfailregex", None], + ["string", "addignoreregex", None], ["string", "ignorecommand", None], ["string", "ignoreip", None], ["string", "filter", ""], @@ -201,11 +203,14 @@ class JailReader(ConfigReader): stream.append(["set", self.__name, "bantime", self.__opts[opt]]) elif opt == "usedns": stream.append(["set", self.__name, "usedns", self.__opts[opt]]) - elif opt == "failregex": - stream.append(["set", self.__name, "addfailregex", self.__opts[opt]]) + elif opt in ("failregex", "addfailregex"): + for regex in self.__opts[opt].split('\n'): + # Do not send a command if the rule is empty. + if regex != '': + stream.append(["set", self.__name, "addfailregex", regex]) elif opt == "ignorecommand": stream.append(["set", self.__name, "ignorecommand", self.__opts[opt]]) - elif opt == "ignoreregex": + elif opt in ("ignoreregex", "addignoreregex"): for regex in self.__opts[opt].split('\n'): # Do not send a command if the rule is empty. if regex != '': From 143915212196a70d44b7ee30521977ff05c3be69 Mon Sep 17 00:00:00 2001 From: sebres Date: Fri, 28 Nov 2014 04:02:44 +0100 Subject: [PATCH 2/5] test cases extended (now correct) --- ChangeLog | 4 ++-- fail2ban/client/filterreader.py | 2 ++ fail2ban/tests/clientreadertestcase.py | 11 +++++++++++ fail2ban/tests/config/jail.conf | 14 ++++++++++++++ 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7c0c61c5..e466cec0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,8 +14,8 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released * $ typo in jail.conf. Thanks Skibbi. Debian bug #767255 * grep'ing for IP in *mail-whois-lines.conf should now match also at the begginning and EOL. Thanks Dean Lee - * failregex declared in jail was joined to single line (specifying of multiple - expressions was not possible). + * failregex declared direct in jail was joined to single line (specifying of + multiple expressions was not possible). - New Features: diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py index fe657025..aff04f3b 100644 --- a/fail2ban/client/filterreader.py +++ b/fail2ban/client/filterreader.py @@ -50,6 +50,8 @@ class FilterReader(DefinitionInitConfigReader): def convert(self): stream = list() combinedopts = dict(list(self._opts.items()) + list(self._initOpts.items())) + if not len(combinedopts): + return stream; opts = CommandAction.substituteRecursiveTags(combinedopts) if not opts: raise ValueError('recursive tag definitions unable to be resolved') diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py index 17a90cc8..31517f5d 100644 --- a/fail2ban/tests/clientreadertestcase.py +++ b/fail2ban/tests/clientreadertestcase.py @@ -425,6 +425,17 @@ class JailsReaderTest(LogCaptureTestCase): self.maxDiff = None self.assertEqual(sorted(comm_commands), sorted([['add', 'emptyaction', 'auto'], + ['add', 'test1addfailregex', 'auto'], + ['set', 'test1addfailregex', 'addfailregex', 'failure 1 '], + ['set', 'test1addfailregex', 'addfailregex', 'failure 2 '], + ['set', 'test1addfailregex', 'addignoreregex', 'ignore 1 '], + ['set', 'test1addfailregex', 'addignoreregex', 'ignore 2 '], + ['set', 'test1addfailregex', 'addfailregex', ''], + ['start', 'test1addfailregex'], + ['add', 'test2failregex', 'auto'], + ['set', 'test2failregex', 'addfailregex', 'failure 1 '], + ['set', 'test2failregex', 'addfailregex', 'failure 2 '], + ['start', 'test2failregex'], ['add', 'missinglogfiles', 'auto'], ['set', 'missinglogfiles', 'addfailregex', ''], ['add', 'brokenaction', 'auto'], diff --git a/fail2ban/tests/config/jail.conf b/fail2ban/tests/config/jail.conf index 0f6a28f0..c9ae6c54 100644 --- a/fail2ban/tests/config/jail.conf +++ b/fail2ban/tests/config/jail.conf @@ -13,6 +13,20 @@ failregex = ignoreregex = ignoreip = +[test1addfailregex] +enabled = true +filter = simple +addfailregex = failure 1 + failure 2 +addignoreregex = ignore 1 + ignore 2 + +[test2failregex] +enabled = true +filter = simple +failregex = failure 1 + failure 2 + [missinglogfiles] enabled = true logpath = /weapons/of/mass/destruction From d63b125877d56bff56a43c286d576a015d02c1f0 Mon Sep 17 00:00:00 2001 From: sebres Date: Fri, 28 Nov 2014 19:03:58 +0100 Subject: [PATCH 3/5] interpolation of config readers extended with `%(known/parameter)s`. (means last known option with name `parameter`). --- ChangeLog | 2 ++ fail2ban/client/configparserinc.py | 5 +++++ fail2ban/tests/clientreadertestcase.py | 5 +++++ fail2ban/tests/config/filter.d/test.conf | 6 ++++++ fail2ban/tests/config/filter.d/test.local | 7 +++++++ fail2ban/tests/config/jail.conf | 5 +++++ 6 files changed, 30 insertions(+) create mode 100644 fail2ban/tests/config/filter.d/test.conf create mode 100644 fail2ban/tests/config/filter.d/test.local diff --git a/ChangeLog b/ChangeLog index e466cec0..2f3bb9a9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,8 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released - New Features: + - new interpolation feature for config readers - `%(known/parameter)s`. + (means last known option with name `parameter`). - new options for jail introduced addfailregex/addignoreregex: extends regex specified in filter (opposite to failregex/ignoreregex that overwrites it) see gh-867. diff --git a/fail2ban/client/configparserinc.py b/fail2ban/client/configparserinc.py index d819281b..6299b906 100644 --- a/fail2ban/client/configparserinc.py +++ b/fail2ban/client/configparserinc.py @@ -226,6 +226,11 @@ after = 1.conf if isinstance(s, dict): s2 = alls.get(n) if isinstance(s2, dict): + # save previous known values, for possible using in local interpolations later: + for k, v in s2.iteritems(): + if not k.startswith('known/'): + s2['known/'+k] = v + # merge section s2.update(s) else: alls[n] = s.copy() diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py index 31517f5d..c684434d 100644 --- a/fail2ban/tests/clientreadertestcase.py +++ b/fail2ban/tests/clientreadertestcase.py @@ -436,6 +436,11 @@ class JailsReaderTest(LogCaptureTestCase): ['set', 'test2failregex', 'addfailregex', 'failure 1 '], ['set', 'test2failregex', 'addfailregex', 'failure 2 '], ['start', 'test2failregex'], + ['add', 'test3known-interp', 'auto'], + ['set', 'test3known-interp', 'addfailregex', 'failure test 1 (filter.d/test.conf) '], + ['set', 'test3known-interp', 'addfailregex', 'failure test 2 (filter.d/test.local) '], + ['set', 'test3known-interp', 'addfailregex', 'failure test 3 (jail.local) '], + ['start', 'test3known-interp'], ['add', 'missinglogfiles', 'auto'], ['set', 'missinglogfiles', 'addfailregex', ''], ['add', 'brokenaction', 'auto'], diff --git a/fail2ban/tests/config/filter.d/test.conf b/fail2ban/tests/config/filter.d/test.conf new file mode 100644 index 00000000..f09d3467 --- /dev/null +++ b/fail2ban/tests/config/filter.d/test.conf @@ -0,0 +1,6 @@ +#[INCLUDES] +#before = common.conf + +[Definition] +failregex = failure test 1 (filter.d/test.conf) + diff --git a/fail2ban/tests/config/filter.d/test.local b/fail2ban/tests/config/filter.d/test.local new file mode 100644 index 00000000..1b6cf55e --- /dev/null +++ b/fail2ban/tests/config/filter.d/test.local @@ -0,0 +1,7 @@ +#[INCLUDES] +#before = common.conf + +[Definition] +failregex = %(known/failregex)s + failure test 2 (filter.d/test.local) + diff --git a/fail2ban/tests/config/jail.conf b/fail2ban/tests/config/jail.conf index c9ae6c54..c79e255c 100644 --- a/fail2ban/tests/config/jail.conf +++ b/fail2ban/tests/config/jail.conf @@ -27,6 +27,11 @@ filter = simple failregex = failure 1 failure 2 +[test3known-interp] +enabled = true +filter = test +addfailregex = failure test 3 (jail.local) + [missinglogfiles] enabled = true logpath = /weapons/of/mass/destruction From 00c2ac4b034b68185926b0f7c8faaf9b3d021f18 Mon Sep 17 00:00:00 2001 From: sebres Date: Fri, 28 Nov 2014 19:50:52 +0100 Subject: [PATCH 4/5] python 2.6 compatibility: preventing RuntimeError: dictionary changed size during iteration. --- fail2ban/client/configparserinc.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fail2ban/client/configparserinc.py b/fail2ban/client/configparserinc.py index 6299b906..01fadb87 100644 --- a/fail2ban/client/configparserinc.py +++ b/fail2ban/client/configparserinc.py @@ -227,9 +227,11 @@ after = 1.conf s2 = alls.get(n) if isinstance(s2, dict): # save previous known values, for possible using in local interpolations later: + sk = {} for k, v in s2.iteritems(): if not k.startswith('known/'): - s2['known/'+k] = v + sk['known/'+k] = v + s2.update(sk) # merge section s2.update(s) else: From effdb450fc42ddf1169312b104e6f3678802442a Mon Sep 17 00:00:00 2001 From: sebres Date: Sat, 29 Nov 2014 04:09:53 +0100 Subject: [PATCH 5/5] better and scalable solution for gh-867 (and gh-868), using only name convention like %(known/failregex)s to add custom expressions, so no interface changes in jail.conf are necessary (for example see test-known-interp in test cases); --- ChangeLog | 8 ++--- fail2ban/client/configparserinc.py | 9 +++++ fail2ban/client/configreader.py | 4 +++ fail2ban/client/filterreader.py | 14 +++++--- fail2ban/client/jailreader.py | 28 ++++++++++----- fail2ban/tests/clientreadertestcase.py | 49 ++++++++++++-------------- fail2ban/tests/config/jail.conf | 19 ++-------- 7 files changed, 73 insertions(+), 58 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2f3bb9a9..fddf8751 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,10 +19,10 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released - New Features: - - new interpolation feature for config readers - `%(known/parameter)s`. - (means last known option with name `parameter`). - - new options for jail introduced addfailregex/addignoreregex: extends regex - specified in filter (opposite to failregex/ignoreregex that overwrites it) + - New interpolation feature for config readers - `%(known/parameter)s`. + (means last known option with name `parameter`). This interpolation makes + possible to extend a stock filter or jail regexp in .local file + (opposite to simply set failregex/ignoreregex that overwrites it), see gh-867. - Enhancements: diff --git a/fail2ban/client/configparserinc.py b/fail2ban/client/configparserinc.py index 01fadb87..387f0f2c 100644 --- a/fail2ban/client/configparserinc.py +++ b/fail2ban/client/configparserinc.py @@ -249,3 +249,12 @@ after = 1.conf return SafeConfigParser.read(self, fileNamesFull, encoding='utf-8') else: return SafeConfigParser.read(self, fileNamesFull) + + def merge_section(self, section, options, pref='known/'): + alls = self.get_sections() + sk = {} + for k, v in options.iteritems(): + if pref == '' or not k.startswith(pref): + sk[pref+k] = v + alls[section].update(sk) + diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py index b6c39628..ed1fbcde 100644 --- a/fail2ban/client/configreader.py +++ b/fail2ban/client/configreader.py @@ -116,6 +116,10 @@ class ConfigReader(): return self._cfg.has_section(sec) return False + def merge_section(self, *args, **kwargs): + if self._cfg is not None: + return self._cfg.merge_section(*args, **kwargs) + def options(self, *args): if self._cfg is not None: return self._cfg.options(*args) diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py index aff04f3b..669a5896 100644 --- a/fail2ban/client/filterreader.py +++ b/fail2ban/client/filterreader.py @@ -46,15 +46,21 @@ class FilterReader(DefinitionInitConfigReader): def getFile(self): return self.__file - - def convert(self): - stream = list() + + def getCombined(self): combinedopts = dict(list(self._opts.items()) + list(self._initOpts.items())) if not len(combinedopts): - return stream; + return {}; opts = CommandAction.substituteRecursiveTags(combinedopts) if not opts: raise ValueError('recursive tag definitions unable to be resolved') + return opts; + + def convert(self): + stream = list() + opts = self.getCombined() + if not len(opts): + return stream; for opt, value in opts.iteritems(): if opt == "failregex": for regex in value.split('\n'): diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py index 01186a1e..340508c0 100644 --- a/fail2ban/client/jailreader.py +++ b/fail2ban/client/jailreader.py @@ -87,6 +87,8 @@ class JailReader(ConfigReader): return pathList def getOptions(self): + opts1st = [["bool", "enabled", False], + ["string", "filter", ""]] opts = [["bool", "enabled", False], ["string", "logpath", None], ["string", "logencoding", None], @@ -97,13 +99,13 @@ class JailReader(ConfigReader): ["string", "usedns", None], ["string", "failregex", None], ["string", "ignoreregex", None], - ["string", "addfailregex", None], - ["string", "addignoreregex", None], ["string", "ignorecommand", None], ["string", "ignoreip", None], ["string", "filter", ""], ["string", "action", ""]] - self.__opts = ConfigReader.getOptions(self, self.__name, opts) + + # Read first options only needed for merge defaults ('known/...' from filter): + self.__opts = ConfigReader.getOptions(self, self.__name, opts1st) if not self.__opts: return False @@ -115,14 +117,24 @@ class JailReader(ConfigReader): self.__filter = FilterReader( filterName, self.__name, filterOpt, share_config=self.share_config, basedir=self.getBaseDir()) ret = self.__filter.read() - if ret: - self.__filter.getOptions(self.__opts) - else: + # merge options from filter as 'known/...': + self.__filter.getOptions(self.__opts) + ConfigReader.merge_section(self, self.__name, self.__filter.getCombined(), 'known/') + if not ret: logSys.error("Unable to read the filter") return False else: self.__filter = None logSys.warning("No filter set for jail %s" % self.__name) + + # Read second all options (so variables like %(known/param) can be interpolated): + self.__opts = ConfigReader.getOptions(self, self.__name, opts) + if not self.__opts: + return False + + # cumulate filter options again (ignore given in jail): + if self.__filter: + self.__filter.getOptions(self.__opts) # Read action for act in self.__opts["action"].split('\n'): @@ -203,14 +215,14 @@ class JailReader(ConfigReader): stream.append(["set", self.__name, "bantime", self.__opts[opt]]) elif opt == "usedns": stream.append(["set", self.__name, "usedns", self.__opts[opt]]) - elif opt in ("failregex", "addfailregex"): + elif opt == "failregex": for regex in self.__opts[opt].split('\n'): # Do not send a command if the rule is empty. if regex != '': stream.append(["set", self.__name, "addfailregex", regex]) elif opt == "ignorecommand": stream.append(["set", self.__name, "ignorecommand", self.__opts[opt]]) - elif opt in ("ignoreregex", "addignoreregex"): + elif opt == "ignoreregex": for regex in self.__opts[opt].split('\n'): # Do not send a command if the rule is empty. if regex != '': diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py index c684434d..4f77a698 100644 --- a/fail2ban/tests/clientreadertestcase.py +++ b/fail2ban/tests/clientreadertestcase.py @@ -155,12 +155,16 @@ c = d ;in line comment class JailReaderTest(LogCaptureTestCase): + def __init__(self, *args, **kwargs): + super(JailReaderTest, self).__init__(*args, **kwargs) + self.__share_cfg = {} + def testIncorrectJail(self): - jail = JailReader('XXXABSENTXXX', basedir=CONFIG_DIR) + jail = JailReader('XXXABSENTXXX', basedir=CONFIG_DIR, share_config = self.__share_cfg) self.assertRaises(ValueError, jail.read) def testJailActionEmpty(self): - jail = JailReader('emptyaction', basedir=IMPERFECT_CONFIG) + jail = JailReader('emptyaction', basedir=IMPERFECT_CONFIG, share_config = self.__share_cfg) self.assertTrue(jail.read()) self.assertTrue(jail.getOptions()) self.assertTrue(jail.isEnabled()) @@ -168,7 +172,7 @@ class JailReaderTest(LogCaptureTestCase): self.assertTrue(self._is_logged('No actions were defined for emptyaction')) def testJailActionFilterMissing(self): - jail = JailReader('missingbitsjail', basedir=IMPERFECT_CONFIG) + jail = JailReader('missingbitsjail', basedir=IMPERFECT_CONFIG, share_config = self.__share_cfg) self.assertTrue(jail.read()) self.assertFalse(jail.getOptions()) self.assertTrue(jail.isEnabled()) @@ -176,7 +180,7 @@ class JailReaderTest(LogCaptureTestCase): self.assertTrue(self._is_logged('Unable to read the filter')) def TODOtestJailActionBrokenDef(self): - jail = JailReader('brokenactiondef', basedir=IMPERFECT_CONFIG) + jail = JailReader('brokenactiondef', basedir=IMPERFECT_CONFIG, share_config = self.__share_cfg) self.assertTrue(jail.read()) self.assertFalse(jail.getOptions()) self.assertTrue(jail.isEnabled()) @@ -187,7 +191,7 @@ class JailReaderTest(LogCaptureTestCase): if STOCK: def testStockSSHJail(self): - jail = JailReader('sshd', basedir=CONFIG_DIR) # we are running tests from root project dir atm + jail = JailReader('sshd', basedir=CONFIG_DIR, share_config = self.__share_cfg) # we are running tests from root project dir atm self.assertTrue(jail.read()) self.assertTrue(jail.getOptions()) self.assertFalse(jail.isEnabled()) @@ -411,13 +415,17 @@ class JailsReaderTestCache(LogCaptureTestCase): class JailsReaderTest(LogCaptureTestCase): + def __init__(self, *args, **kwargs): + super(JailsReaderTest, self).__init__(*args, **kwargs) + self.__share_cfg = {} + def testProvidingBadBasedir(self): if not os.path.exists('/XXX'): reader = JailsReader(basedir='/XXX') self.assertRaises(ValueError, reader.read) def testReadTestJailConf(self): - jails = JailsReader(basedir=IMPERFECT_CONFIG) + jails = JailsReader(basedir=IMPERFECT_CONFIG, share_config=self.__share_cfg) self.assertTrue(jails.read()) self.assertFalse(jails.getOptions()) self.assertRaises(ValueError, jails.convert) @@ -425,22 +433,11 @@ class JailsReaderTest(LogCaptureTestCase): self.maxDiff = None self.assertEqual(sorted(comm_commands), sorted([['add', 'emptyaction', 'auto'], - ['add', 'test1addfailregex', 'auto'], - ['set', 'test1addfailregex', 'addfailregex', 'failure 1 '], - ['set', 'test1addfailregex', 'addfailregex', 'failure 2 '], - ['set', 'test1addfailregex', 'addignoreregex', 'ignore 1 '], - ['set', 'test1addfailregex', 'addignoreregex', 'ignore 2 '], - ['set', 'test1addfailregex', 'addfailregex', ''], - ['start', 'test1addfailregex'], - ['add', 'test2failregex', 'auto'], - ['set', 'test2failregex', 'addfailregex', 'failure 1 '], - ['set', 'test2failregex', 'addfailregex', 'failure 2 '], - ['start', 'test2failregex'], - ['add', 'test3known-interp', 'auto'], - ['set', 'test3known-interp', 'addfailregex', 'failure test 1 (filter.d/test.conf) '], - ['set', 'test3known-interp', 'addfailregex', 'failure test 2 (filter.d/test.local) '], - ['set', 'test3known-interp', 'addfailregex', 'failure test 3 (jail.local) '], - ['start', 'test3known-interp'], + ['add', 'test-known-interp', 'auto'], + ['set', 'test-known-interp', 'addfailregex', 'failure test 1 (filter.d/test.conf) '], + ['set', 'test-known-interp', 'addfailregex', 'failure test 2 (filter.d/test.local) '], + ['set', 'test-known-interp', 'addfailregex', 'failure test 3 (jail.local) '], + ['start', 'test-known-interp'], ['add', 'missinglogfiles', 'auto'], ['set', 'missinglogfiles', 'addfailregex', ''], ['add', 'brokenaction', 'auto'], @@ -463,7 +460,7 @@ class JailsReaderTest(LogCaptureTestCase): if STOCK: def testReadStockJailConf(self): - jails = JailsReader(basedir=CONFIG_DIR) # we are running tests from root project dir atm + jails = JailsReader(basedir=CONFIG_DIR, share_config=self.__share_cfg) # we are running tests from root project dir atm self.assertTrue(jails.read()) # opens fine self.assertTrue(jails.getOptions()) # reads fine comm_commands = jails.convert() @@ -524,7 +521,7 @@ class JailsReaderTest(LogCaptureTestCase): # Verify that all filters found under config/ have a jail def testReadStockJailFilterComplete(self): - jails = JailsReader(basedir=CONFIG_DIR, force_enable=True) + jails = JailsReader(basedir=CONFIG_DIR, force_enable=True, share_config=self.__share_cfg) self.assertTrue(jails.read()) # opens fine self.assertTrue(jails.getOptions()) # reads fine # grab all filter names @@ -541,7 +538,7 @@ class JailsReaderTest(LogCaptureTestCase): def testReadStockJailConfForceEnabled(self): # more of a smoke test to make sure that no obvious surprises # on users' systems when enabling shipped jails - jails = JailsReader(basedir=CONFIG_DIR, force_enable=True) # we are running tests from root project dir atm + jails = JailsReader(basedir=CONFIG_DIR, force_enable=True, share_config=self.__share_cfg) # we are running tests from root project dir atm self.assertTrue(jails.read()) # opens fine self.assertTrue(jails.getOptions()) # reads fine comm_commands = jails.convert(allow_no_files=True) @@ -636,7 +633,7 @@ action = testaction1[actname=test1] filter = testfilter1 """) jailfd.close() - jails = JailsReader(basedir=basedir) + jails = JailsReader(basedir=basedir, share_config=self.__share_cfg) self.assertTrue(jails.read()) self.assertTrue(jails.getOptions()) comm_commands = jails.convert(allow_no_files=True) diff --git a/fail2ban/tests/config/jail.conf b/fail2ban/tests/config/jail.conf index c79e255c..bf1dea45 100644 --- a/fail2ban/tests/config/jail.conf +++ b/fail2ban/tests/config/jail.conf @@ -13,24 +13,11 @@ failregex = ignoreregex = ignoreip = -[test1addfailregex] -enabled = true -filter = simple -addfailregex = failure 1 - failure 2 -addignoreregex = ignore 1 - ignore 2 - -[test2failregex] -enabled = true -filter = simple -failregex = failure 1 - failure 2 - -[test3known-interp] +[test-known-interp] enabled = true filter = test -addfailregex = failure test 3 (jail.local) +failregex = %(known/failregex)s + failure test 3 (jail.local) [missinglogfiles] enabled = true