github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch '0.10' into 0.11

pull/2465/head
sebres 2019-06-26 17:29:08 +02:00
parent 5045c4bb00 4a2f4226b8
commit 80f97eaf02
13 changed files with 59 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/action.d/mail-whois-common.conf
View File

@ -17,7 +17,7 @@ _whois = whois <ip> || echo "missing whois program"
# character set before sending it to a mail program # character set before sending it to a mail program
# make sure you have 'file' and 'iconv' commands installed when opting for that # make sure you have 'file' and 'iconv' commands installed when opting for that
_whois_target_charset = UTF-8 _whois_target_charset = UTF-8
_whois_convert_charset = whois <ip> | _whois_convert_charset = (%(_whois)s) |
{ WHOIS_OUTPUT=$(cat) ; WHOIS_CHARSET=$(printf %%b "$WHOIS_OUTPUT" | file -b --mime-encoding -) ; printf %%b "$WHOIS_OUTPUT" | iconv -f $WHOIS_CHARSET -t %(_whois_target_charset)s//TRANSLIT - ; } { WHOIS_OUTPUT=$(cat) ; WHOIS_CHARSET=$(printf %%b "$WHOIS_OUTPUT" | file -b --mime-encoding -) ; printf %%b "$WHOIS_OUTPUT" | iconv -f $WHOIS_CHARSET -t %(_whois_target_charset)s//TRANSLIT - ; }
# choose between _whois and _whois_convert_charset in mail-whois-common.local # choose between _whois and _whois_convert_charset in mail-whois-common.local

8
config/action.d/sendmail-buffered.conf
View File

@ -24,7 +24,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
The jail <name> has been started successfully.\n The jail <name> has been started successfully.\n
Output will be buffered until <lines> lines are available.\n Output will be buffered until <lines> lines are available.\n
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | <mailcmd>
# Option: actionstop # Option: actionstop
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
@ -38,7 +38,7 @@ actionstop = if [ -f <tmpfile> ]; then
These hosts have been banned by Fail2Ban.\n These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>` `cat <tmpfile>`
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | <mailcmd>
rm <tmpfile> rm <tmpfile>
fi fi
printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname> printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname>
@ -47,7 +47,7 @@ actionstop = if [ -f <tmpfile> ]; then
Hi,\n Hi,\n
The jail <name> has been stopped.\n The jail <name> has been stopped.\n
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | <mailcmd>
# Option: actioncheck # Option: actioncheck
# Notes.: command executed once before each actionban command # Notes.: command executed once before each actionban command
@ -71,7 +71,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
These hosts have been banned by Fail2Ban.\n These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>` `cat <tmpfile>`
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | <mailcmd>
rm <tmpfile> rm <tmpfile>
fi fi

8
config/action.d/sendmail-common.conf
View File

@ -21,7 +21,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
Hi,\n Hi,\n
The jail <name> has been started successfully.\n The jail <name> has been started successfully.\n
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | <mailcmd>
# Option: actionstop # Option: actionstop
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
@ -34,7 +34,7 @@ actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname>
Hi,\n Hi,\n
The jail <name> has been stopped.\n The jail <name> has been stopped.\n
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | <mailcmd>
# Option: actioncheck # Option: actioncheck
# Notes.: command executed once before each actionban command # Notes.: command executed once before each actionban command
@ -60,6 +60,10 @@ actionunban =
[Init] [Init]
# Your system mail command
#
mailcmd = /usr/sbin/sendmail -f "<sender>" "<dest>"
# Recipient mail address # Recipient mail address
# #
dest = root dest = root

4
config/action.d/sendmail-geoip-lines.conf
View File

@ -37,11 +37,11 @@ actionban = ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostn
Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "<ip>" | cut -d':' -f2-` Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "<ip>" | cut -d':' -f2-`
AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-` AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`
hostname: <ip-host>\n\n hostname: <ip-host>\n\n
Lines containing failures of <ip>\n"; Lines containing failures of <ip> (max <grepmax>)\n";
%(_grep_logs)s; %(_grep_logs)s;
printf %%b "\n printf %%b "\n
Regards,\n Regards,\n
Fail2Ban" ) | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" ) | <mailcmd>
[Init] [Init]

5
config/action.d/sendmail-whois-ipjailmatches.conf
View File

@ -7,6 +7,7 @@
[INCLUDES] [INCLUDES]
before = sendmail-common.conf before = sendmail-common.conf
mail-whois-common.conf
[Definition] [Definition]
@ -27,11 +28,11 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostnam
The IP <ip> has just been banned by Fail2Ban after The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n <failures> attempts against <name>.\n\n
Here is more information about <ip> :\n Here is more information about <ip> :\n
`/usr/bin/whois <ip>`\n\n `%(_whois_command)s`\n\n
Matches for <name> with <ipjailfailures> failures IP:<ip>\n Matches for <name> with <ipjailfailures> failures IP:<ip>\n
<ipjailmatches>\n\n <ipjailmatches>\n\n
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | <mailcmd>
[Init] [Init]

5
config/action.d/sendmail-whois-ipmatches.conf
View File

@ -7,6 +7,7 @@
[INCLUDES] [INCLUDES]
before = sendmail-common.conf before = sendmail-common.conf
mail-whois-common.conf
[Definition] [Definition]
@ -27,11 +28,11 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostnam
The IP <ip> has just been banned by Fail2Ban after The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n <failures> attempts against <name>.\n\n
Here is more information about <ip> :\n Here is more information about <ip> :\n
`/usr/bin/whois <ip>`\n\n `%(_whois_command)s`\n\n
Matches with <ipfailures> failures IP:<ip>\n Matches with <ipfailures> failures IP:<ip>\n
<ipmatches>\n\n <ipmatches>\n\n
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | <mailcmd>
[Init] [Init]

9
config/action.d/sendmail-whois-lines.conf
View File

@ -7,6 +7,7 @@
[INCLUDES] [INCLUDES]
before = sendmail-common.conf before = sendmail-common.conf
mail-whois-common.conf
helpers-common.conf helpers-common.conf
[Definition] [Definition]
@ -27,13 +28,13 @@ actionban = ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostn
Hi,\n Hi,\n
The IP <ip> has just been banned by Fail2Ban after The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n <failures> attempts against <name>.\n\n
Here is more information about <ip> :\n Here is more information about <ip> :\n"
`/usr/bin/whois <ip> || echo missing whois program`\n\n %(_whois_command)s;
Lines containing failures of <ip>\n"; printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n";
%(_grep_logs)s; %(_grep_logs)s;
printf %%b "\n printf %%b "\n
Regards,\n Regards,\n
Fail2Ban" ) | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" ) | <mailcmd>
[Init] [Init]

5
config/action.d/sendmail-whois-matches.conf
View File

@ -7,6 +7,7 @@
[INCLUDES] [INCLUDES]
before = sendmail-common.conf before = sendmail-common.conf
mail-whois-common.conf
[Definition] [Definition]
@ -27,11 +28,11 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostnam
The IP <ip> has just been banned by Fail2Ban after The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n <failures> attempts against <name>.\n\n
Here is more information about <ip> :\n Here is more information about <ip> :\n
`/usr/bin/whois <ip>`\n\n `%(_whois_command)s`\n\n
Matches:\n Matches:\n
<matches>\n\n <matches>\n\n
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | <mailcmd>
[Init] [Init]

5
config/action.d/sendmail-whois.conf
View File

@ -7,6 +7,7 @@
[INCLUDES] [INCLUDES]
before = sendmail-common.conf before = sendmail-common.conf
mail-whois-common.conf
[Definition] [Definition]
@ -27,9 +28,9 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostnam
The IP <ip> has just been banned by Fail2Ban after The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n <failures> attempts against <name>.\n\n
Here is more information about <ip> :\n Here is more information about <ip> :\n
`/usr/bin/whois <ip> || echo missing whois program`\n `%(_whois_command)s`\n
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | <mailcmd>
[Init] [Init]

2
config/action.d/sendmail.conf
View File

@ -27,7 +27,7 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostnam
The IP <ip> has just been banned by Fail2Ban after The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n <failures> attempts against <name>.\n
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | <mailcmd>
[Init] [Init]

3
fail2ban/client/fail2banregex.py
View File

@ -293,7 +293,10 @@ class Fail2banRegex(object):
for k in ['logtype', 'datepattern'] + fltOpt.keys(): for k in ['logtype', 'datepattern'] + fltOpt.keys():
# combined options win, but they contain only a sub-set in filter expected keys, # combined options win, but they contain only a sub-set in filter expected keys,
# so get the rest from definition section: # so get the rest from definition section:
try:
realopts[k] = combopts[k] if k in combopts else reader.get('Definition', k) realopts[k] = combopts[k] if k in combopts else reader.get('Definition', k)
except NoOptionError: # pragma: no cover
pass
output("Real filter options : %r" % realopts) output("Real filter options : %r" % realopts)
def readRegex(self, value, regextype): def readRegex(self, value, regextype):

4
fail2ban/tests/filtertestcase.py
View File

@ -1872,10 +1872,10 @@ class DNSUtilsNetworkTests(unittest.TestCase):
def testIpToName(self): def testIpToName(self):
unittest.F2B.SkipIfNoNetwork() unittest.F2B.SkipIfNoNetwork()
res = DNSUtils.ipToName('8.8.4.4') res = DNSUtils.ipToName('8.8.4.4')
self.assertEqual(res, 'google-public-dns-b.google.com') self.assertTrue(res.endswith(('.google', '.google.com')))
# same as above, but with IPAddr: # same as above, but with IPAddr:
res = DNSUtils.ipToName(IPAddr('8.8.4.4')) res = DNSUtils.ipToName(IPAddr('8.8.4.4'))
self.assertEqual(res, 'google-public-dns-b.google.com') self.assertTrue(res.endswith(('.google', '.google.com')))
# invalid ip (TEST-NET-1 according to RFC 5737) # invalid ip (TEST-NET-1 according to RFC 5737)
res = DNSUtils.ipToName('192.0.2.0') res = DNSUtils.ipToName('192.0.2.0')
self.assertEqual(res, None) self.assertEqual(res, None)

24
fail2ban/tests/servertestcase.py
View File

@ -1941,8 +1941,8 @@ class ServerConfigReaderTests(LogCaptureTestCase):
cmd = realCmd cmd = realCmd
if isinstance(realCmd, list): if isinstance(realCmd, list):
cmd = realCmd[0] cmd = realCmd[0]
cmd = re.sub(r'\)\s*\|\s*mail\b([^\n]*)', cmd = re.sub(r'\)\s*\|\s*(\S*mail\b[^\n]*)',
r') | cat; printf "\\n... | "; echo mail \1', cmd) r') | cat; printf "\\n... | "; echo \1', cmd)
# replace abuse retrieving (possible no-network), just replace first occurrence of 'dig...': # replace abuse retrieving (possible no-network), just replace first occurrence of 'dig...':
cmd = re.sub(r'\bADDRESSES=\$\(dig\s[^\n]+', cmd = re.sub(r'\bADDRESSES=\$\(dig\s[^\n]+',
lambda m: 'ADDRESSES="abuse-1@abuse-test-server, abuse-2@abuse-test-server"', lambda m: 'ADDRESSES="abuse-1@abuse-test-server, abuse-2@abuse-test-server"',
@ -1977,6 +1977,26 @@ class ServerConfigReaderTests(LogCaptureTestCase):
'testcase01a.log:Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10', 'testcase01a.log:Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10',
), ),
}), }),
# sendmail-whois-lines --
('j-sendmail-whois-lines',
'sendmail-whois-lines['
'''name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd='testmail -f "<sender>" "<dest>"', ''' +
# 2 logs to test grep from multiple logs:
'logpath="' + os.path.join(TEST_FILES_DIR, "testcase01.log") + '\n' +
' ' + os.path.join(TEST_FILES_DIR, "testcase01a.log") + '", '
'_whois_command="echo \'-- information about <ip> --\'"'
']',
{
'ip4-ban': (
'The IP 87.142.124.10 has just been banned by Fail2Ban after',
'100 attempts against j-sendmail-whois-lines.',
'Here is more information about 87.142.124.10 :',
'-- information about 87.142.124.10 --',
'Lines containing failures of 87.142.124.10 (max 2)',
'testcase01.log:Dec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10',
'testcase01a.log:Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10',
),
}),
# complain -- # complain --
('j-complain-abuse', ('j-complain-abuse',
'complain[' 'complain['