diff --git a/ChangeLog b/ChangeLog index 3e5e4b6e..aea3269c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,6 +56,8 @@ configuration before relying on it. according to the XARF standard (v0.2). Close gh-105 * Support PyPy * Filter for stunnel + * Filter for Counter Strike 1.6. Thanks to onorua for logs. + Close gh-347 - Enhancements * Jail names increased to 26 characters and iptables prefix reduced diff --git a/MANIFEST b/MANIFEST index b30b602b..4da895b6 100644 --- a/MANIFEST +++ b/MANIFEST @@ -108,6 +108,7 @@ fail2ban/tests/files/logs/apache-noscript fail2ban/tests/files/logs/apache-overflows fail2ban/tests/files/logs/assp fail2ban/tests/files/logs/asterisk +fail2ban/tests/files/logs/counter-strike fail2ban/tests/files/logs/courier-auth fail2ban/tests/files/logs/courier-smtp fail2ban/tests/files/logs/cyrus-imap @@ -173,6 +174,7 @@ config/filter.d/apache-nohome.conf config/filter.d/apache-noscript.conf config/filter.d/apache-overflows.conf config/filter.d/nginx-http-auth.conf +config/filter.d/counter-strike.conf config/filter.d/courier-auth.conf config/filter.d/courier-smtp.conf config/filter.d/cyrus-imap.conf diff --git a/THANKS b/THANKS index fc2e4e58..7b2d12b8 100644 --- a/THANKS +++ b/THANKS @@ -66,6 +66,7 @@ Merijn Schering Michael C. Haller Michael Hanselmann Nick Munger +onorua Patrick Börjesson Raphaël Marichez RealRancor diff --git a/config/filter.d/counter-strike.conf b/config/filter.d/counter-strike.conf new file mode 100644 index 00000000..ef42db25 --- /dev/null +++ b/config/filter.d/counter-strike.conf @@ -0,0 +1,16 @@ +# Fail2Ban filter for failure attempts in Counter Strike-1.6 +# +# + +[Definition] + +failregex = ^: Bad Rcon: "rcon \d+ "\S+" sv_contact ".*?"" from ":\d+"$ + + +[Init] + +datepattern = ^L %%d/%%m/%%Y - %%H:%%M:%%S + + +# Author: Daniel Black + diff --git a/config/jail.conf b/config/jail.conf index 7a420d20..7a5560e4 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -793,3 +793,13 @@ logpath = /var/log/stunnel4/stunnel.log port = 5222 logpath = /var/log/ejabberd/ejabberd.log + + +[counter-strike] + +logpath = /opt/cstrike/logs/L[0-9]*.log +# Firewall: http://www.cstrike-planet.com/faq/6 +tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039 +udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015 +action = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] + %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] diff --git a/fail2ban/tests/files/logs/counter-strike b/fail2ban/tests/files/logs/counter-strike new file mode 100644 index 00000000..3432f823 --- /dev/null +++ b/fail2ban/tests/files/logs/counter-strike @@ -0,0 +1,4 @@ +# failJSON: { "time": "2014-01-01T01:25:17", "match": true, "host": "31.29.29.89" } +L 01/01/2014 - 01:25:17: Bad Rcon: "rcon 1146003691 "284" sv_contact "HLBrute 1.10"" from "31.29.29.89:57370" +# failJSON: { "time": "2014-01-01T04:17:01", "match": true, "host": "105.158.241.147" } +L 01/01/2014 - 04:17:01: Bad Rcon: "rcon 260639614 "admin" sv_contact "HLBrute 1.10"" from "105.158.241.147:53772" diff --git a/fail2ban/tests/samplestestcase.py b/fail2ban/tests/samplestestcase.py index 657d3d82..0a88af2a 100644 --- a/fail2ban/tests/samplestestcase.py +++ b/fail2ban/tests/samplestestcase.py @@ -78,6 +78,8 @@ def testSampleRegexsFactory(name): self.filter.setMaxLines(opt[3]) elif opt[2] == "addignoreregex": self.filter.addIgnoreRegex(opt[3]) + elif opt[2] == "datepattern": + self.filter.setDatePattern(opt[3]) self.assertTrue( os.path.isfile(os.path.join(TEST_FILES_DIR, "logs", name)),