diff --git a/config/action.d/mail-whois-common.conf b/config/action.d/mail-whois-common.conf index b0d27afc..ecf3a5d9 100644 --- a/config/action.d/mail-whois-common.conf +++ b/config/action.d/mail-whois-common.conf @@ -17,7 +17,7 @@ _whois = whois || echo "missing whois program" # character set before sending it to a mail program # make sure you have 'file' and 'iconv' commands installed when opting for that _whois_target_charset = UTF-8 -_whois_convert_charset = whois | +_whois_convert_charset = (%(_whois)s) | { WHOIS_OUTPUT=$(cat) ; WHOIS_CHARSET=$(printf %%b "$WHOIS_OUTPUT" | file -b --mime-encoding -) ; printf %%b "$WHOIS_OUTPUT" | iconv -f $WHOIS_CHARSET -t %(_whois_target_charset)s//TRANSLIT - ; } # choose between _whois and _whois_convert_charset in mail-whois-common.local diff --git a/config/action.d/sendmail-buffered.conf b/config/action.d/sendmail-buffered.conf index 199c6ce5..13803f8b 100644 --- a/config/action.d/sendmail-buffered.conf +++ b/config/action.d/sendmail-buffered.conf @@ -24,7 +24,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] : started on The jail has been started successfully.\n Output will be buffered until lines are available.\n Regards,\n - Fail2Ban" | /usr/sbin/sendmail -f + Fail2Ban" | # Option: actionstop # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) @@ -38,7 +38,7 @@ actionstop = if [ -f ]; then These hosts have been banned by Fail2Ban.\n `cat ` Regards,\n - Fail2Ban" | /usr/sbin/sendmail -f + Fail2Ban" | rm fi printf %%b "Subject: [Fail2Ban] : stopped on @@ -47,7 +47,7 @@ actionstop = if [ -f ]; then Hi,\n The jail has been stopped.\n Regards,\n - Fail2Ban" | /usr/sbin/sendmail -f + Fail2Ban" | # Option: actioncheck # Notes.: command executed once before each actionban command @@ -71,7 +71,7 @@ actionban = printf %%b "`date`: ( failures)\n" >> These hosts have been banned by Fail2Ban.\n `cat ` Regards,\n - Fail2Ban" | /usr/sbin/sendmail -f + Fail2Ban" | rm fi diff --git a/config/action.d/sendmail-common.conf b/config/action.d/sendmail-common.conf index 9bf15054..1e31fadf 100644 --- a/config/action.d/sendmail-common.conf +++ b/config/action.d/sendmail-common.conf @@ -21,7 +21,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] : started on Hi,\n The jail has been started successfully.\n Regards,\n - Fail2Ban" | /usr/sbin/sendmail -f + Fail2Ban" | # Option: actionstop # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) @@ -34,7 +34,7 @@ actionstop = printf %%b "Subject: [Fail2Ban] : stopped on Hi,\n The jail has been stopped.\n Regards,\n - Fail2Ban" | /usr/sbin/sendmail -f + Fail2Ban" | # Option: actioncheck # Notes.: command executed once before each actionban command @@ -60,6 +60,10 @@ actionunban = [Init] +# Your system mail command +# +mailcmd = /usr/sbin/sendmail -f "" "" + # Recipient mail address # dest = root diff --git a/config/action.d/sendmail-geoip-lines.conf b/config/action.d/sendmail-geoip-lines.conf index b7c1bf36..b36e49a7 100644 --- a/config/action.d/sendmail-geoip-lines.conf +++ b/config/action.d/sendmail-geoip-lines.conf @@ -37,11 +37,11 @@ actionban = ( printf %%b "Subject: [Fail2Ban] : banned from " | cut -d':' -f2-` AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "" | cut -d':' -f2-` hostname: \n\n - Lines containing failures of \n"; + Lines containing failures of (max )\n"; %(_grep_logs)s; printf %%b "\n Regards,\n - Fail2Ban" ) | /usr/sbin/sendmail -f + Fail2Ban" ) | [Init] diff --git a/config/action.d/sendmail-whois-ipjailmatches.conf b/config/action.d/sendmail-whois-ipjailmatches.conf index 06ea3a3e..7790ec53 100644 --- a/config/action.d/sendmail-whois-ipjailmatches.conf +++ b/config/action.d/sendmail-whois-ipjailmatches.conf @@ -7,6 +7,7 @@ [INCLUDES] before = sendmail-common.conf + mail-whois-common.conf [Definition] @@ -27,11 +28,11 @@ actionban = printf %%b "Subject: [Fail2Ban] : banned from has just been banned by Fail2Ban after attempts against .\n\n Here is more information about :\n - `/usr/bin/whois `\n\n + `%(_whois_command)s`\n\n Matches for with failures IP:\n \n\n Regards,\n - Fail2Ban" | /usr/sbin/sendmail -f + Fail2Ban" | [Init] diff --git a/config/action.d/sendmail-whois-ipmatches.conf b/config/action.d/sendmail-whois-ipmatches.conf index 83bff1b4..e4717ca1 100644 --- a/config/action.d/sendmail-whois-ipmatches.conf +++ b/config/action.d/sendmail-whois-ipmatches.conf @@ -7,6 +7,7 @@ [INCLUDES] before = sendmail-common.conf + mail-whois-common.conf [Definition] @@ -27,11 +28,11 @@ actionban = printf %%b "Subject: [Fail2Ban] : banned from has just been banned by Fail2Ban after attempts against .\n\n Here is more information about :\n - `/usr/bin/whois `\n\n + `%(_whois_command)s`\n\n Matches with failures IP:\n \n\n Regards,\n - Fail2Ban" | /usr/sbin/sendmail -f + Fail2Ban" | [Init] diff --git a/config/action.d/sendmail-whois-lines.conf b/config/action.d/sendmail-whois-lines.conf index 4b947cb2..47ec6ed5 100644 --- a/config/action.d/sendmail-whois-lines.conf +++ b/config/action.d/sendmail-whois-lines.conf @@ -7,6 +7,7 @@ [INCLUDES] before = sendmail-common.conf + mail-whois-common.conf helpers-common.conf [Definition] @@ -27,13 +28,13 @@ actionban = ( printf %%b "Subject: [Fail2Ban] : banned from has just been banned by Fail2Ban after attempts against .\n\n - Here is more information about :\n - `/usr/bin/whois || echo missing whois program`\n\n - Lines containing failures of \n"; + Here is more information about :\n" + %(_whois_command)s; + printf %%b "\nLines containing failures of (max )\n"; %(_grep_logs)s; printf %%b "\n Regards,\n - Fail2Ban" ) | /usr/sbin/sendmail -f + Fail2Ban" ) | [Init] diff --git a/config/action.d/sendmail-whois-matches.conf b/config/action.d/sendmail-whois-matches.conf index 01520135..08215ea7 100644 --- a/config/action.d/sendmail-whois-matches.conf +++ b/config/action.d/sendmail-whois-matches.conf @@ -7,6 +7,7 @@ [INCLUDES] before = sendmail-common.conf + mail-whois-common.conf [Definition] @@ -27,11 +28,11 @@ actionban = printf %%b "Subject: [Fail2Ban] : banned from has just been banned by Fail2Ban after attempts against .\n\n Here is more information about :\n - `/usr/bin/whois `\n\n + `%(_whois_command)s`\n\n Matches:\n \n\n Regards,\n - Fail2Ban" | /usr/sbin/sendmail -f + Fail2Ban" | [Init] diff --git a/config/action.d/sendmail-whois.conf b/config/action.d/sendmail-whois.conf index 2fb01ed3..9e93cd32 100644 --- a/config/action.d/sendmail-whois.conf +++ b/config/action.d/sendmail-whois.conf @@ -7,6 +7,7 @@ [INCLUDES] before = sendmail-common.conf + mail-whois-common.conf [Definition] @@ -27,9 +28,9 @@ actionban = printf %%b "Subject: [Fail2Ban] : banned from has just been banned by Fail2Ban after attempts against .\n\n Here is more information about :\n - `/usr/bin/whois || echo missing whois program`\n + `%(_whois_command)s`\n Regards,\n - Fail2Ban" | /usr/sbin/sendmail -f + Fail2Ban" | [Init] diff --git a/config/action.d/sendmail.conf b/config/action.d/sendmail.conf index cf420915..ad9e8d79 100644 --- a/config/action.d/sendmail.conf +++ b/config/action.d/sendmail.conf @@ -27,7 +27,7 @@ actionban = printf %%b "Subject: [Fail2Ban] : banned from has just been banned by Fail2Ban after attempts against .\n Regards,\n - Fail2Ban" | /usr/sbin/sendmail -f + Fail2Ban" | [Init] diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py index d80af23f..9279174c 100644 --- a/fail2ban/client/fail2banregex.py +++ b/fail2ban/client/fail2banregex.py @@ -293,7 +293,10 @@ class Fail2banRegex(object): for k in ['logtype', 'datepattern'] + fltOpt.keys(): # combined options win, but they contain only a sub-set in filter expected keys, # so get the rest from definition section: - realopts[k] = combopts[k] if k in combopts else reader.get('Definition', k) + try: + realopts[k] = combopts[k] if k in combopts else reader.get('Definition', k) + except NoOptionError: # pragma: no cover + pass output("Real filter options : %r" % realopts) def readRegex(self, value, regextype): diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py index 2a005502..1add524d 100644 --- a/fail2ban/tests/filtertestcase.py +++ b/fail2ban/tests/filtertestcase.py @@ -1872,10 +1872,10 @@ class DNSUtilsNetworkTests(unittest.TestCase): def testIpToName(self): unittest.F2B.SkipIfNoNetwork() res = DNSUtils.ipToName('8.8.4.4') - self.assertEqual(res, 'google-public-dns-b.google.com') + self.assertTrue(res.endswith(('.google', '.google.com'))) # same as above, but with IPAddr: res = DNSUtils.ipToName(IPAddr('8.8.4.4')) - self.assertEqual(res, 'google-public-dns-b.google.com') + self.assertTrue(res.endswith(('.google', '.google.com'))) # invalid ip (TEST-NET-1 according to RFC 5737) res = DNSUtils.ipToName('192.0.2.0') self.assertEqual(res, None) diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py index 8a8ab600..e5278edd 100644 --- a/fail2ban/tests/servertestcase.py +++ b/fail2ban/tests/servertestcase.py @@ -1941,8 +1941,8 @@ class ServerConfigReaderTests(LogCaptureTestCase): cmd = realCmd if isinstance(realCmd, list): cmd = realCmd[0] - cmd = re.sub(r'\)\s*\|\s*mail\b([^\n]*)', - r') | cat; printf "\\n... | "; echo mail \1', cmd) + cmd = re.sub(r'\)\s*\|\s*(\S*mail\b[^\n]*)', + r') | cat; printf "\\n... | "; echo \1', cmd) # replace abuse retrieving (possible no-network), just replace first occurrence of 'dig...': cmd = re.sub(r'\bADDRESSES=\$\(dig\s[^\n]+', lambda m: 'ADDRESSES="abuse-1@abuse-test-server, abuse-2@abuse-test-server"', @@ -1977,6 +1977,26 @@ class ServerConfigReaderTests(LogCaptureTestCase): 'testcase01a.log:Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10', ), }), + # sendmail-whois-lines -- + ('j-sendmail-whois-lines', + 'sendmail-whois-lines[' + '''name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd='testmail -f "" ""', ''' + + # 2 logs to test grep from multiple logs: + 'logpath="' + os.path.join(TEST_FILES_DIR, "testcase01.log") + '\n' + + ' ' + os.path.join(TEST_FILES_DIR, "testcase01a.log") + '", ' + '_whois_command="echo \'-- information about --\'"' + ']', + { + 'ip4-ban': ( + 'The IP 87.142.124.10 has just been banned by Fail2Ban after', + '100 attempts against j-sendmail-whois-lines.', + 'Here is more information about 87.142.124.10 :', + '-- information about 87.142.124.10 --', + 'Lines containing failures of 87.142.124.10 (max 2)', + 'testcase01.log:Dec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10', + 'testcase01a.log:Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10', + ), + }), # complain -- ('j-complain-abuse', 'complain['