github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

- Allow comma in action options. The value of the option must be escaped with " or '. Thanks to Yaroslav Halchenko 

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@509 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.x
Cyril Jaquier 2007-01-04 11:58:58 +00:00
parent ba833a57ad
commit 7719c00d37
4 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG
View File

@ -18,6 +18,8 @@ ver. 0.7.6 (200?/??/??) - ???
- Several "failregex" and "ignoreregex" are now accepted. - Several "failregex" and "ignoreregex" are now accepted.
Creation of rules should be easier now. Creation of rules should be easier now.
- Added license in COPYING. Thanks to Axel Thimm - Added license in COPYING. Thanks to Axel Thimm
- Allow comma in action options. The value of the option must
be escaped with " or '. Thanks to Yaroslav Halchenko
ver. 0.7.5 (2006/12/07) - beta ver. 0.7.5 (2006/12/07) - beta
---------- ----------

2
TODO
View File

@ -13,6 +13,8 @@ Legend:
# partially done # partially done
* done * done
- Improve parsing of the action parameters in jailreader.py
- Better handling of the protocol in transmitter.py - Better handling of the protocol in transmitter.py
- Add gettext support (I18N) - Add gettext support (I18N)

26
client/jailreader.py
View File

@ -134,7 +134,31 @@ class JailReader(ConfigReader):
m = JailReader.actionCRE.match(action) m = JailReader.actionCRE.match(action)
d = dict() d = dict()
if not m.group(2) == None: if not m.group(2) == None:
for param in m.group(2).split(','): # Huge bad hack :( This method really sucks. TODO Reimplement it.
actions = ""
escapeChar = None
allowComma = False
for c in m.group(2):
if c in ('"', "'") and not allowComma:
# Start
escapeChar = c
allowComma = True
elif c == escapeChar:
# End
escapeChar = None
allowComma = False
else:
if c == ',' and allowComma:
actions += "<COMMA>"
else:
actions += c
# Split using ,
actionsSplit = actions.split(',')
# Replace the tag <COMMA> with ,
actionsSplit = [n.replace("<COMMA>", ',') for n in actionsSplit]
for param in actionsSplit:
p = param.split('=') p = param.split('=')
try: try:
d[p[0].strip()] = p[1].strip() d[p[0].strip()] = p[1].strip()

6
config/jail.conf
View File

@ -141,13 +141,15 @@ action = shorewall
logpath = /var/log/apache2/error_log logpath = /var/log/apache2/error_log
# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
# option is overridden in this jail. # option is overridden in this jail. Moreover, the action "mail-whois" defines
# the variable "name" which contains a comma using "". The characters '' are
# valid too.
[ssh-ipfw] [ssh-ipfw]
enabled = false enabled = false
filter = sshd filter = sshd
action = ipfw[localhost=192.168.0.1] action = ipfw[localhost=192.168.0.1]
mail-whois[name=SSH, dest=yourmail@mail.com] mail-whois[name="SSH,IPFW", dest=yourmail@mail.com]
logpath = /var/log/auth.log logpath = /var/log/auth.log
ignoreip = 168.192.0.1 ignoreip = 168.192.0.1