github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch '0.10' into 0.11

pull/2465/head
sebres 2019-06-26 17:29:08 +02:00
parent 5045c4bb00 4a2f4226b8
commit 80f97eaf02
13 changed files with 59 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/action.d/mail-whois-common.conf
View File

@ -17,7 +17,7 @@ _whois = whois <ip> || echo "missing whois program"
# character set before sending it to a mail program
# make sure you have 'file' and 'iconv' commands installed when opting for that
_whois_target_charset = UTF-8
_whois_convert_charset = whois <ip> |
_whois_convert_charset = (%(_whois)s) |
{ WHOIS_OUTPUT=$(cat) ; WHOIS_CHARSET=$(printf %%b "$WHOIS_OUTPUT" | file -b --mime-encoding -) ; printf %%b "$WHOIS_OUTPUT" | iconv -f $WHOIS_CHARSET -t %(_whois_target_charset)s//TRANSLIT - ; }
# choose between _whois and _whois_convert_charset in mail-whois-common.local

8
config/action.d/sendmail-buffered.conf
View File

@ -24,7 +24,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
The jail <name> has been started successfully.\n
Output will be buffered until <lines> lines are available.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" | <mailcmd>
# Option: actionstop
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
@ -38,7 +38,7 @@ actionstop = if [ -f <tmpfile> ]; then
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" | <mailcmd>
rm <tmpfile>
fi
printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname>
@ -47,7 +47,7 @@ actionstop = if [ -f <tmpfile> ]; then
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" | <mailcmd>
# Option: actioncheck
# Notes.: command executed once before each actionban command
@ -71,7 +71,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" | <mailcmd>
rm <tmpfile>
fi

8
config/action.d/sendmail-common.conf
View File

@ -21,7 +21,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" | <mailcmd>
# Option: actionstop
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
@ -34,7 +34,7 @@ actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname>
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" | <mailcmd>
# Option: actioncheck
# Notes.: command executed once before each actionban command
@ -60,6 +60,10 @@ actionunban =
[Init]
# Your system mail command
#
mailcmd = /usr/sbin/sendmail -f "<sender>" "<dest>"
# Recipient mail address
#
dest = root

4
config/action.d/sendmail-geoip-lines.conf
View File

@ -37,11 +37,11 @@ actionban = ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostn
Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "<ip>" | cut -d':' -f2-`
AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`
hostname: <ip-host>\n\n
Lines containing failures of <ip>\n";
Lines containing failures of <ip> (max <grepmax>)\n";
%(_grep_logs)s;
printf %%b "\n
Regards,\n
Fail2Ban" ) | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" ) | <mailcmd>
[Init]

5
config/action.d/sendmail-whois-ipjailmatches.conf
View File

@ -7,6 +7,7 @@
[INCLUDES]
before = sendmail-common.conf
mail-whois-common.conf
[Definition]
@ -27,11 +28,11 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostnam
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here is more information about <ip> :\n
`/usr/bin/whois <ip>`\n\n
`%(_whois_command)s`\n\n
Matches for <name> with <ipjailfailures> failures IP:<ip>\n
<ipjailmatches>\n\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" | <mailcmd>
[Init]

5
config/action.d/sendmail-whois-ipmatches.conf
View File

@ -7,6 +7,7 @@
[INCLUDES]
before = sendmail-common.conf
mail-whois-common.conf
[Definition]
@ -27,11 +28,11 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostnam
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here is more information about <ip> :\n
`/usr/bin/whois <ip>`\n\n
`%(_whois_command)s`\n\n
Matches with <ipfailures> failures IP:<ip>\n
<ipmatches>\n\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" | <mailcmd>
[Init]

9
config/action.d/sendmail-whois-lines.conf
View File

@ -7,6 +7,7 @@
[INCLUDES]
before = sendmail-common.conf
mail-whois-common.conf
helpers-common.conf
[Definition]
@ -27,13 +28,13 @@ actionban = ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostn
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here is more information about <ip> :\n
`/usr/bin/whois <ip> || echo missing whois program`\n\n
Lines containing failures of <ip>\n";
Here is more information about <ip> :\n"
%(_whois_command)s;
printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n";
%(_grep_logs)s;
printf %%b "\n
Regards,\n
Fail2Ban" ) | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" ) | <mailcmd>
[Init]

5
config/action.d/sendmail-whois-matches.conf
View File

@ -7,6 +7,7 @@
[INCLUDES]
before = sendmail-common.conf
mail-whois-common.conf
[Definition]
@ -27,11 +28,11 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostnam
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here is more information about <ip> :\n
`/usr/bin/whois <ip>`\n\n
`%(_whois_command)s`\n\n
Matches:\n
<matches>\n\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" | <mailcmd>
[Init]

5
config/action.d/sendmail-whois.conf
View File

@ -7,6 +7,7 @@
[INCLUDES]
before = sendmail-common.conf
mail-whois-common.conf
[Definition]
@ -27,9 +28,9 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostnam
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here is more information about <ip> :\n
`/usr/bin/whois <ip> || echo missing whois program`\n
`%(_whois_command)s`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" | <mailcmd>
[Init]

2
config/action.d/sendmail.conf
View File

@ -27,7 +27,7 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostnam
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
Fail2Ban" | <mailcmd>
[Init]

3
fail2ban/client/fail2banregex.py
View File

@ -293,7 +293,10 @@ class Fail2banRegex(object):
for k in ['logtype', 'datepattern'] + fltOpt.keys():
# combined options win, but they contain only a sub-set in filter expected keys,
# so get the rest from definition section:
try:
realopts[k] = combopts[k] if k in combopts else reader.get('Definition', k)
except NoOptionError: # pragma: no cover
pass
output("Real filter options : %r" % realopts)
def readRegex(self, value, regextype):

4
fail2ban/tests/filtertestcase.py
View File

@ -1872,10 +1872,10 @@ class DNSUtilsNetworkTests(unittest.TestCase):
def testIpToName(self):
unittest.F2B.SkipIfNoNetwork()
res = DNSUtils.ipToName('8.8.4.4')
self.assertEqual(res, 'google-public-dns-b.google.com')
self.assertTrue(res.endswith(('.google', '.google.com')))
# same as above, but with IPAddr:
res = DNSUtils.ipToName(IPAddr('8.8.4.4'))
self.assertEqual(res, 'google-public-dns-b.google.com')
self.assertTrue(res.endswith(('.google', '.google.com')))
# invalid ip (TEST-NET-1 according to RFC 5737)
res = DNSUtils.ipToName('192.0.2.0')
self.assertEqual(res, None)

24
fail2ban/tests/servertestcase.py
View File

@ -1941,8 +1941,8 @@ class ServerConfigReaderTests(LogCaptureTestCase):
cmd = realCmd
if isinstance(realCmd, list):
cmd = realCmd[0]
cmd = re.sub(r'\)\s*\|\s*mail\b([^\n]*)',
r') | cat; printf "\\n... | "; echo mail \1', cmd)
cmd = re.sub(r'\)\s*\|\s*(\S*mail\b[^\n]*)',
r') | cat; printf "\\n... | "; echo \1', cmd)
# replace abuse retrieving (possible no-network), just replace first occurrence of 'dig...':
cmd = re.sub(r'\bADDRESSES=\$\(dig\s[^\n]+',
lambda m: 'ADDRESSES="abuse-1@abuse-test-server, abuse-2@abuse-test-server"',
@ -1977,6 +1977,26 @@ class ServerConfigReaderTests(LogCaptureTestCase):
'testcase01a.log:Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10',
),
}),
# sendmail-whois-lines --
('j-sendmail-whois-lines',
'sendmail-whois-lines['
'''name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd='testmail -f "<sender>" "<dest>"', ''' +
# 2 logs to test grep from multiple logs:
'logpath="' + os.path.join(TEST_FILES_DIR, "testcase01.log") + '\n' +
' ' + os.path.join(TEST_FILES_DIR, "testcase01a.log") + '", '
'_whois_command="echo \'-- information about <ip> --\'"'
']',
{
'ip4-ban': (
'The IP 87.142.124.10 has just been banned by Fail2Ban after',
'100 attempts against j-sendmail-whois-lines.',
'Here is more information about 87.142.124.10 :',
'-- information about 87.142.124.10 --',
'Lines containing failures of 87.142.124.10 (max 2)',
'testcase01.log:Dec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10',
'testcase01a.log:Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10',
),
}),
# complain --
('j-complain-abuse',
'complain['