Merge pull request #572 from grooverdan/counterstrike

ENH: Counter Strike filter
2014-01-08 12:47:10 -08:00 · 2014-01-08 12:47:10 -08:00 · 7e8da15fc6
parent 6532a2e2f7 b6676dbadc
commit 7e8da15fc6
7 changed files with 37 additions and 0 deletions
--- a/2
+++ b/2
@ -56,6 +56,8 @@ configuration before relying on it.
     according to the XARF standard (v0.2). Close gh-105
   * Support PyPy
   * Filter for stunnel
+   * Filter for Counter Strike 1.6. Thanks to onorua for logs.
+     Close gh-347

 - Enhancements
   * Jail names increased to 26 characters and iptables prefix reduced
--- a/2
+++ b/2
@ -108,6 +108,7 @@ fail2ban/tests/files/logs/apache-noscript
 fail2ban/tests/files/logs/apache-overflows
 fail2ban/tests/files/logs/assp
 fail2ban/tests/files/logs/asterisk
+fail2ban/tests/files/logs/counter-strike
 fail2ban/tests/files/logs/courier-auth
 fail2ban/tests/files/logs/courier-smtp
 fail2ban/tests/files/logs/cyrus-imap
@ -173,6 +174,7 @@ config/filter.d/apache-nohome.conf
 config/filter.d/apache-noscript.conf
 config/filter.d/apache-overflows.conf
 config/filter.d/nginx-http-auth.conf
+config/filter.d/counter-strike.conf
 config/filter.d/courier-auth.conf
 config/filter.d/courier-smtp.conf
 config/filter.d/cyrus-imap.conf
--- a/1
+++ b/1
@ -66,6 +66,7 @@ Merijn Schering
 Michael C. Haller
 Michael Hanselmann
 Nick Munger
+onorua
 Patrick Börjesson
 Raphaël Marichez
 RealRancor
--- a/config/filter.d/counter-strike.conf
+++ b/config/filter.d/counter-strike.conf
@ -0,0 +1,16 @@
+# Fail2Ban filter for failure attempts in Counter Strike-1.6
+#
+#
+
+[Definition]
+
+failregex = ^: Bad Rcon: "rcon \d+ "\S+"  sv_contact ".*?"" from "<HOST>:\d+"$
+
+
+[Init]
+
+datepattern = ^L %%d/%%m/%%Y - %%H:%%M:%%S
+
+
+# Author: Daniel Black
+
--- a/config/jail.conf
+++ b/config/jail.conf
@ -793,3 +793,13 @@ logpath = /var/log/stunnel4/stunnel.log

 port    = 5222
 logpath = /var/log/ejabberd/ejabberd.log
+
+
+[counter-strike]
+
+logpath = /opt/cstrike/logs/L[0-9]*.log
+# Firewall: http://www.cstrike-planet.com/faq/6
+tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039
+udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015
+action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
+           %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
--- a/fail2ban/tests/files/logs/counter-strike
+++ b/fail2ban/tests/files/logs/counter-strike
@ -0,0 +1,4 @@
+# failJSON: { "time": "2014-01-01T01:25:17", "match": true, "host": "31.29.29.89" }
+L 01/01/2014 - 01:25:17: Bad Rcon: "rcon 1146003691 "284"  sv_contact "HLBrute 1.10"" from "31.29.29.89:57370"
+# failJSON: { "time": "2014-01-01T04:17:01", "match": true, "host": "105.158.241.147" }
+L 01/01/2014 - 04:17:01: Bad Rcon: "rcon 260639614 "admin"  sv_contact "HLBrute 1.10"" from "105.158.241.147:53772"
--- a/fail2ban/tests/samplestestcase.py
+++ b/fail2ban/tests/samplestestcase.py
@ -78,6 +78,8 @@ def testSampleRegexsFactory(name):
 				self.filter.setMaxLines(opt[3])
 			elif opt[2] == "addignoreregex":
 				self.filter.addIgnoreRegex(opt[3])
+			elif opt[2] == "datepattern":
+				self.filter.setDatePattern(opt[3])

 		self.assertTrue(
 			os.path.isfile(os.path.join(TEST_FILES_DIR, "logs", name)),