diff --git a/config/fail2ban.conf b/config/fail2ban.conf index abed5159..89e2538e 100644 --- a/config/fail2ban.conf +++ b/config/fail2ban.conf @@ -36,8 +36,9 @@ logtarget = /var/log/fail2ban.log # Option: syslogsocket # Notes: Set the syslog socket file. Only used when logtarget is SYSLOG -# Values: [ FILE ] Default: /dev/log -syslogsocket = /dev/log +# auto uses platform.system() to determine predefined paths +# Values: [ auto | FILE ] Default: auto +syslogsocket = auto # Option: socket # Notes.: Set the socket file. This is used to communicate with the daemon. Do diff --git a/fail2ban/client/fail2banreader.py b/fail2ban/client/fail2banreader.py index 09b39d8d..c2f71d06 100644 --- a/fail2ban/client/fail2banreader.py +++ b/fail2ban/client/fail2banreader.py @@ -46,7 +46,7 @@ class Fail2banReader(ConfigReader): def getOptions(self): opts = [["string", "loglevel", "INFO" ], ["string", "logtarget", "STDERR"], - ["string", "syslogsocket", "/dev/log"], + ["string", "syslogsocket", "auto"], ["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"], ["int", "dbpurgeage", 86400]] self.__opts = ConfigReader.getOptions(self, "Definition", opts) diff --git a/fail2ban/protocol.py b/fail2ban/protocol.py index 3b9cf412..9218b736 100644 --- a/fail2ban/protocol.py +++ b/fail2ban/protocol.py @@ -44,7 +44,7 @@ protocol = [ ["get loglevel", "gets the logging level"], ["set logtarget ", "sets logging target to . Can be STDOUT, STDERR, SYSLOG or a file"], ["get logtarget", "gets logging target"], -["set syslogsocket ", "sets the syslog socket path to . Only used if logtarget is SYSLOG"], +["set syslogsocket auto|", "sets the syslog socket path to auto or . Only used if logtarget is SYSLOG"], ["get syslogsocket", "gets syslog socket path"], ["flushlogs", "flushes the logtarget if a file and reopens it. For log rotation."], ['', "DATABASE", ""], diff --git a/fail2ban/server/server.py b/fail2ban/server/server.py index f6b30ef0..bb9d28c7 100644 --- a/fail2ban/server/server.py +++ b/fail2ban/server/server.py @@ -56,10 +56,16 @@ class Server: self.__logLevel = None self.__logTarget = None self.__syslogSocket = None + self.__autoSyslogSocketPaths = { + 'Darwin': '/var/run/syslog', + 'FreeBSD': '/var/run/log', + 'Linux': '/dev/log', + } # Set logging level self.setLogLevel("INFO") self.setLogTarget("STDOUT") - self.setSyslogSocket("/dev/log") + self.setSyslogSocket("auto") + def __sigTERMhandler(self, signum, frame): logSys.debug("Caught signal %d. Exiting" % signum) @@ -362,7 +368,7 @@ class Server: return self.__logLevel finally: self.__loggingLock.release() - + ## # Sets the logging target. # @@ -378,7 +384,12 @@ class Server: # Syslog daemons already add date to the message. formatter = logging.Formatter("%(name)s[%(process)d]: %(levelname)s %(message)s") facility = logging.handlers.SysLogHandler.LOG_DAEMON - if os.path.exists(self.__syslogSocket)\ + if self.__syslogSocket == "auto": + import platform + self.__syslogSocket = self.__autoSyslogSocketPaths.get( + platform.system()) + if self.__syslogSocket is not None\ + and os.path.exists(self.__syslogSocket)\ and stat.S_ISSOCK(os.stat( self.__syslogSocket).st_mode): hdlr = logging.handlers.SysLogHandler( diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py index 81c803e7..941116fd 100644 --- a/fail2ban/tests/clientreadertestcase.py +++ b/fail2ban/tests/clientreadertestcase.py @@ -624,7 +624,7 @@ class JailsReaderTest(LogCaptureTestCase): ['set', 'dbpurgeage', 86400], ['set', 'loglevel', "INFO"], ['set', 'logtarget', '/var/log/fail2ban.log'], - ['set', 'syslogsocket', '/dev/log']]) + ['set', 'syslogsocket', 'auto']]) # and if we force change configurator's fail2ban's baseDir # there should be an error message (test visually ;) -- diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py index 970068d8..2475fa99 100644 --- a/fail2ban/tests/servertestcase.py +++ b/fail2ban/tests/servertestcase.py @@ -739,7 +739,7 @@ class TransmitterLogging(TransmitterBase): self.server = Server() self.server.setLogTarget("/dev/null") self.server.setLogLevel("CRITICAL") - self.server.setSyslogSocket("/dev/log") + self.server.setSyslogSocket("auto") super(TransmitterLogging, self).setUp() def testLogTarget(self): @@ -767,7 +767,9 @@ class TransmitterLogging(TransmitterBase): raise unittest.SkipTest("'/dev/log' not present") elif not os.path.exists("/dev/log"): return + self.assertTrue(self.server.getSyslogSocket(), "auto") self.setGetTest("logtarget", "SYSLOG") + self.assertTrue(self.server.getSyslogSocket(), "/dev/log") def testSyslogSocket(self): self.setGetTest("syslogsocket", "/dev/log/NEW/PATH")