Merge branch 'master' of https://github.com/fail2ban/fail2ban

2013-10-22 18:31:19 +03:00 · 2013-10-22 18:31:19 +03:00 · 6eb57b7f49
parent 7bbfe5c67c b61fe0f12d
commit 6eb57b7f49
10 changed files with 111 additions and 54 deletions
--- a/5
+++ b/5
@ -49,6 +49,9 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
     to Should- rc init fields
 - New Features:
  Edgar Hoch
 	 * action.d/firewall-cmd-direct-new.conf - action for firewalld
     from https://bugzilla.redhat.com/show_bug.cgi?id=979622
  Andy Fragen and Daniel Black
   * filter.d/osx-ipfw.conf - ipfw action for OSX based on random rule
     numbers.
@ -86,6 +89,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
   * filter.d/gssftpd - anchored regex at start
   * filter.d/sogo-auth - anchor regex at start
   * filter.d/mysqld-auth.conf - mysql can use syslog
   * filter.d/postfix-sasl - renamed from sasl, anchor at start and base on
     syslog
   * fail2ban-regex - now generates http://www.debuggex.com urls for debugging
 	 	 regular expressions with the -D parameter.
   * filter.d/sshd - regex enhancements to support openssh-6.3. Closes Debian
--- a/config/action.d/complain.conf
+++ b/config/action.d/complain.conf
@ -78,7 +78,7 @@ logpath = /dev/null
 # Option:  mailcmd
 # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
-# Values:  CMD  Default: mail -s
+# Values:  CMD
 #
 mailcmd = mail -s
@ -89,7 +89,7 @@ mailcmd = mail -s
 #          Appear to come from a different address - the '--' indicates
 #          arguments to be passed to Sendmail:
 #              -- -f me@example.com
-# Values:  [ STRING ]  Default: (empty)
+# Values:  [ STRING ]
 #
 mailargs =
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@ -106,7 +106,7 @@ actionunban = if [ -f <tmpfile>.first ]; then
 # Option:  port
 # Notes.:  The target port for the attack (numerical). MUST be provided in the
 #          jail config, as it cannot be detected here.
-# Values:  [ NUM ]  Default: ???
+# Values:  [ NUM ]
 #
 port = ???
@ -114,7 +114,7 @@ port = ???
 # Notes.:  Your DShield user ID. Should be provided either in the jail config or
 #          in a .local file.
 #          Register at https://secure.dshield.org/register.html
-# Values:  [ NUM ]  Default: 0
+# Values:  [ NUM ]
 #
 userid = 0
@ -137,7 +137,7 @@ protocol = tcp
 # Notes.:  How many lines to buffer before making a report. Regardless of this,
 #          reports are sent a minimum of <minreportinterval> apart, or if the
 #          buffer contains an event over <maxbufferage> old, or on shutdown
-# Values:  [ NUM ]  Default: 50
+# Values:  [ NUM ]
 #
 lines = 50
@ -145,7 +145,7 @@ lines = 50
 # Notes.:  Minimum period (in seconds) that must elapse before we submit another
 #          batch of reports. DShield request a minimum of 1 hour (3600 secs)
 #          between reports.
-# Values:  [ NUM ]  Default: 3600
+# Values:  [ NUM ]
 #
 minreportinterval = 3600
@ -154,27 +154,27 @@ minreportinterval = 3600
 #          submit the batch, even if we haven't reached <lines> yet. Note that
 #          this is only checked on each ban/unban, and that we always send
 #          anything in the buffer on shutdown. Must be greater than
-# Values:  [ NUM ]  Default: 21600 (6 hours)
+# Values:  [ NUM ]
 #
 maxbufferage = 21600
 # Option:  srcport
 # Notes.:  The source port of the attack. You're unlikely to have this info, so
 #          you can leave the default
-# Values:  [ NUM ]  Default: ???
+# Values:  [ NUM ]
 #
 srcport = ???
 # Option:  tcpflags
 # Notes.:  TCP flags on attack. You're unlikely to have this info, so you can
 #          leave empty
-# Values:  [ STRING ]  Default: (empty)
+# Values:  [ STRING ]
 #
 tcpflags =
 # Option:  mailcmd
 # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
-# Values:  CMD  Default: mail -s
+# Values:  CMD
 #
 mailcmd = mail -s
@ -186,19 +186,19 @@ mailcmd = mail -s
 #          the one configured at DShield - the '--' indicates arguments to be
 #          passed to Sendmail):
 #              -- -f me@example.com
-# Values:  [ STRING ]  Default: (empty)
+# Values:  [ STRING ]
 #
 mailargs =
 # Option:  dest
 # Notes.:  Destination e-mail address for reports
-# Values:  [ STRING ]  Default: reports@dshield.org
+# Values:  [ STRING ]
 #
 dest = reports@dshield.org
 # Option:  tmpfile
 # Notes.:  Base name of temporary files used for buffering
-# Values:  [ STRING ]  Default: /var/run/fail2ban/tmp-dshield
+# Values:  [ STRING ]
 #
 tmpfile = /var/run/fail2ban/tmp-dshield
--- a/config/action.d/firewall-cmd-direct-new.conf
+++ b/config/action.d/firewall-cmd-direct-new.conf
@ -0,0 +1,58 @@
 # Fail2Ban configuration file
 #
 # Author: Edgar Hoch
 # Copied from iptables-new.conf and modified for use with firewalld by Edgar Hoch.
 #  It uses "firewall-cmd" instead of "iptables".
 #  firewall-cmd is based on the command of version firewalld-0.3.4-1.fc19.
 [INCLUDES]
 before = iptables-blocktype.conf
 [Definition]
 actionstart = firewall-cmd --direct --add-chain ipv4 filter fail2ban-<name>
              firewall-cmd --direct --add-rule ipv4 filter fail2ban-<name> 1000 -j RETURN
              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
 # The following rule does not work, because firewalld keeps its own database of firewall rules.
 # firewall-cmd --direct --passthrough ipv4 -F fail2ban-<name>
 # The better rule would be the following, but firewall-cmd has not implemented this command with firewalld-0.3.3-2.fc19 .
 # firewall-cmd --direct --flush-chain ipv4 filter fail2ban-<name>
 # The following is a workaround using a loop to implement the --flush-chain command.
 # https://fedorahosted.org/firewalld/ticket/10
 actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
             ( IFS='|' ; for r in $( firewall-cmd --direct --get-rules ipv4 filter fail2ban-<name> | tr '\n' '|' ) ; do eval firewall-cmd --direct --remove-rule ipv4 filter fail2ban-<name> $r ; done )
             firewall-cmd --direct --remove-chain ipv4 filter fail2ban-<name>
 actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -q 'fail2ban-<name>[ \t]'
 actionban = firewall-cmd --direct --add-rule ipv4 filter fail2ban-<name> 0 -s <ip> -j <blocktype>
 actionunban = firewall-cmd --direct --remove-rule ipv4 filter fail2ban-<name> 0 -s <ip> -j <blocktype>
 [Init]
 # Default name of the chain
 #
 name = default
 # Option:  port
 # Notes.:  specifies port to monitor
 # Values:  [ NUM | STRING ]
 #
 port = ssh
 # Option:  protocol
 # Notes.:  internally used by config reader for interpolations.
 # Values:  [ tcp | udp | icmp | all ]
 #
 protocol = tcp
 # Option:  chain
 # Notes    specifies the iptables chain to which the fail2ban rules should be
 #          added
 # Values:  [ STRING ]
 #
 chain = INPUT_direct
--- a/config/action.d/pf.conf
+++ b/config/action.d/pf.conf
@ -56,7 +56,7 @@ actionunban = /sbin/pfctl -t <tablename> -T delete <ip>/32
 [Init]
 # Option:  tablename
 # Notes.:  The pf table name.
-# Values:  [ STRING ]  Default: fail2ban
+# Values:  [ STRING ]
 #
 tablename = fail2ban
--- a/config/fail2ban.conf
+++ b/config/fail2ban.conf
@ -17,7 +17,7 @@
 #         2 = WARN
 #         3 = INFO
 #         4 = DEBUG
-# Values:  NUM  Default:  3
+# Values: [ NUM ]  Default: 1
 #
 loglevel = 3
@ -28,7 +28,7 @@ loglevel = 3
 #         using logrotate -- also adjust or disable rotation in the
 #         corresponding configuration file
 #         (e.g. /etc/logrotate.d/fail2ban on Debian systems)
-# Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
+# Values: [ STDOUT | STDERR | SYSLOG | FILE ]  Default: STDERR
 #
 logtarget = /var/log/fail2ban.log
@ -36,14 +36,14 @@ logtarget = /var/log/fail2ban.log
 # Notes.: Set the socket file. This is used to communicate with the daemon. Do
 #         not remove this file when Fail2ban runs. It will not be possible to
 #         communicate with the server afterwards.
-# Values: FILE  Default:  /var/run/fail2ban/fail2ban.sock
+# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.sock
 #
 socket = /var/run/fail2ban/fail2ban.sock
 # Option: pidfile
 # Notes.: Set the PID file. This is used to store the process ID of the
 #         fail2ban server.
-# Values: FILE  Default:  /var/run/fail2ban/fail2ban.pid
+# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.pid
 #
 pidfile = /var/run/fail2ban/fail2ban.pid
--- a/config/filter.d/postfix-sasl.conf
+++ b/config/filter.d/postfix-sasl.conf
@ -0,0 +1,16 @@
 # Fail2Ban configuration file
 #
 # Author: Yaroslav Halchenko
 #
 #
 [INCLUDES]
 before = common.conf
 [Definition]
 _daemon = postfix/smtpd
 failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
--- a/config/filter.d/sasl.conf
+++ b/config/filter.d/sasl.conf
@ -1,22 +0,0 @@
 # Fail2Ban configuration file
 #
 # Author: Yaroslav Halchenko
 #
 #
 [Definition]
 # Option: failregex
 # Notes.: regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values: TEXT
 #
 failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex = 
--- a/config/jail.conf
+++ b/config/jail.conf
@ -92,7 +92,7 @@ maxretry = 6
 [sasl-iptables]
 enabled  = false
-filter   = sasl
+filter   = postfix-sasl
 backend  = polling
 action   = iptables[name=sasl, port=smtp, protocol=tcp]
           sendmail-whois[name=sasl, dest=you@example.com]
--- a/testcases/files/logs/postfix-sasl
+++ b/testcases/files/logs/postfix-sasl