github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into debian-releases/experimental 

* origin/master:
  Clean up setup.py
  ENH: adding pruned with previous merge trailing \s* in nginx filter
  nginx-http-auth: match when "referrer" is present
  DOC: Update ChangeLog
  DOC: Fix jail.conf(5) man page which had duplicate {fail,ignore}regex
  Correct grammar
  DOC: add thanks for last commit
  DOC: nginx-http-auth filter
  nginx-http-auth filter: match server_name = ""
  ENH: Suppress configuration warnings if non-critical options are not set
  Update comments in shorewall.conf for new settings
  DOC: Improve error logging when specific backend set and fails
  BF: Fix getting jail name from exceptions in beautifier for Python 3+
  DOC: sphinx documentation
  BF: On jail restart reinstatement of bans, fetch one ticket per IP
  Fix 2 more typos that codespell didn't catch
  Add documentation link to systemd service file
debian-releases/experimental
Yaroslav Halchenko 2014-04-12 11:32:02 -04:00
parent c516e8a010 0c38e09d3d
commit 87703c4cfe
73 changed files with 1195 additions and 355 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -17,12 +17,15 @@ ver. 0.9.1 (2014/xx/xx) - better, faster, stronger
* journalmatch for recidive incorrect PRIORITY
* loglevel couldn't be changed in fail2ban.conf
* Handle case when no sqlite library is available for persistent database
* Only reban once per IP from database on fail2ban restart
* Nginx filter to support missing server_name. Closes gh-676
- New features:
- Enhancements
* Fail2ban-regex - add print-all-matched option. Closes gh-652
* Suppress fail2ban-client warnings for non-critical config options
ver. 0.9.0 (2014/03/14 - beta
----------

43
DEVELOP
View File

@ -1,4 +1,4 @@
__ _ _ ___ _
.. __ _ _ ___ _
/ _|__ _(_) |_ ) |__ __ _ _ _
| _/ _` | | |/ /| '_ \/ _` | ' \
|_| \__,_|_|_/___|_.__/\__,_|_||_|
@ -25,6 +25,7 @@ Pull Requests
=============
When submitting pull requests on GitHub we ask you to:
* Clearly describe the problem you're solving;
* Don't introduce regressions that will make it hard for systems administrators
to update;
@ -52,32 +53,32 @@ for more details.
Install the package python-coverage to visualise your test coverage. Run the
following (note: on Debian-based systems, the script is called
`python-coverage`):
`python-coverage`)::
coverage run bin/fail2ban-testcases
coverage html
coverage run bin/fail2ban-testcases
coverage html
Then look at htmlcov/index.html and see how much coverage your test cases
exert over the code base. Full coverage is a good thing however it may not be
complete. Try to ensure tests cover as many independent paths through the
code.
Manual Execution. To run in a development environment do:
Manual Execution. To run in a development environment do::
./fail2ban-client -c config/ -s /tmp/f2b.sock -i start
./fail2ban-client -c config/ -s /tmp/f2b.sock -i start
some quick commands:
some quick commands::
status
add test pyinotify
status test
set test addaction iptables
set test actionban iptables echo <ip> <cidr> >> /tmp/ban
set test actionunban iptables echo <ip> <cidr> >> /tmp/unban
get test actionban iptables
get test actionunban iptables
set test banip 192.168.2.2
status test
status
add test pyinotify
status test
set test addaction iptables
set test actionban iptables echo <ip> <cidr> >> /tmp/ban
set test actionunban iptables echo <ip> <cidr> >> /tmp/unban
get test actionban iptables
get test actionunban iptables
set test banip 192.168.2.2
status test
@ -130,10 +131,10 @@ Git
Use the following tags in your commit messages:
'BF:' for bug fixes
'DOC:' for documentation fixes
'ENH:' for enhancements
'TST:' for commits concerning tests only (thus not touching the main code-base)
* 'BF:' for bug fixes
* 'DOC:' for documentation fixes
* 'ENH:' for enhancements
* 'TST:' for commits concerning tests only (thus not touching the main code-base)
Multiple tags could be joined with +, e.g. "BF+TST:".

191
FILTERS
View File

@ -1,4 +1,4 @@
__ _ _ ___ _
.. __ _ _ ___ _
/ _|__ _(_) |_ ) |__ __ _ _ _
| _/ _` | | |/ /| '_ \/ _` | ' \
|_| \__,_|_|_/___|_.__/\__,_|_||_|
@ -7,10 +7,8 @@
Developing Filters
================================================================================
Filters
=======
Filters are tricky. They need to:
* work with a variety of the versions of the software that generates the logs;
* work with the range of logging configuration options available in the
software;
@ -31,10 +29,11 @@ what you have done, what is the hurdle, and we'll attempt to help (PR
will be automagically updated with future commits you would push to
complete it).
Filter test cases
-----------------
Filter Test Cases
=================
Purpose:
Purpose
-------
Start by finding the log messages that the application generates related to
some form of authentication failure. If you are adding to an existing filter
@ -49,7 +48,8 @@ and exim-spam at log messages related to spam.
Even if it is a new filter you may consider separating the log messages into
different filters based on purpose.
Cause:
Cause
-----
Are some of the log lines a result of the same action? For example, is a PAM
failure log message, followed by an application specific failure message the
@ -65,7 +65,8 @@ the log message be occurring due to the first step towards the application
asking for authentication? Could the log messages occur often? If some of
these are true make a note of this in the jail.conf example that you provide.
Samples:
Samples
-------
It is important to include log file samples so any future change in the regular
expression will still work with the log lines you have identified.
@ -93,21 +94,22 @@ If the mechanism to create the log message isn't obvious provide a
configuration and/or sample scripts testcases/files/config/{filtername} and
reference these in the comments above the log line.
FailJSON metadata:
FailJSON metadata
-----------------
A failJSON metadata is a comment immediately above the log message. It will
look like:
look like::
# failJSON: { "time": "2013-06-10T10:10:59", "match": true , "host": "93.184.216.119" }
# failJSON: { "time": "2013-06-10T10:10:59", "match": true , "host": "93.184.216.119" }
Time should match the time of the log message. It is in a specific format of
Year-Month-Day'T'Hour:minute:Second. If your log message does not include a
year, like the example below, the year should be listed as 2005, if before Sun
Aug 14 10am UTC, and 2004 if afterwards. Here is an example failJSON
line preceding a sample log line:
line preceding a sample log line::
# failJSON: { "time": "2005-03-24T15:25:51", "match": true , "host": "198.51.100.87" }
Mar 24 15:25:51 buffalo1 dropbear[4092]: bad password attempt for 'root' from 198.51.100.87:5543
# failJSON: { "time": "2005-03-24T15:25:51", "match": true , "host": "198.51.100.87" }
Mar 24 15:25:51 buffalo1 dropbear[4092]: bad password attempt for 'root' from 198.51.100.87:5543
The "host" in failJSON should contain the IP or domain that should be blocked.
@ -116,27 +118,28 @@ attacks) and any log lines to be excluded (see "Cause" section above), set
"match": false in the failJSON and describe the reason in the comment above.
After developing regexes, the following command will test all failJSON metadata
against the log lines in all sample log files
against the log lines in all sample log files::
./fail2ban-testcases testSampleRegex
./fail2ban-testcases testSampleRegex
Developing Filter Regular Expressions
-------------------------------------
=====================================
Date/Time:
Date/Time
---------
At the moment, Fail2Ban depends on log lines to have time stamps. That is why
before starting to develop failregex, check if your log line format known to
Fail2Ban. Copy the time component from the log line and append an IP address to
test with following command:
test with following command::
./fail2ban-regex "2013-09-19 02:46:12 1.2.3.4" "<HOST>"
./fail2ban-regex "2013-09-19 02:46:12 1.2.3.4" "<HOST>"
Output of such command should contain something like:
Output of such command should contain something like::
Date template hits:
|- [# of hits] date format
| [1] Year-Month-Day Hour:Minute:Second
Date template hits:
|- [# of hits] date format
| [1] Year-Month-Day Hour:Minute:Second
Ensure that the template description matches time/date elements in your log line
time stamp. If there is no matched format then date template needs to be added
@ -144,29 +147,31 @@ to server/datedetector.py. Ensure that a new template is added in the order
that more specific matches occur first and that there is no confusion between a
Day and a Month.
Filter file:
Filter file
-----------
The filter is specified in a config/filter.d/{filtername}.conf file. Filter file
can have sections INCLUDES (optional) and Definition as follows:
can have sections INCLUDES (optional) and Definition as follows::
[INCLUDES]
before = common.conf
after = filtername.local
[Definition]
failregex = ....
ignoreregex = ....
[INCLUDES]
before = common.conf
after = filtername.local
[Definition]
failregex = ....
ignoreregex = ....
This is also documented in the man page jail.conf (section 5). Other definitions
can be added to make failregex's more readable and maintainable to be used
through string Interpolations (see http://docs.python.org/2.7/library/configparser.html)
General rules:
General rules
-------------
Use "before" if you need to include a common set of rules, like syslog or if
there is a common set of regexes for multiple filters.
@ -178,33 +183,35 @@ Try to avoid using ignoreregex mainly for performance reasons. The case when you
would use it is if in trying to avoid using it, you end up with an unreadable
failregex.
Syslog:
Syslog
------
If your application logs to syslog you can take advantage of log line prefix
definitions present in common.conf. So as a base use:
definitions present in common.conf. So as a base use::
[INCLUDES]
before = common.conf
[Definition]
_daemon = app
failregex = ^%(__prefix_line)s
[INCLUDES]
before = common.conf
[Definition]
_daemon = app
failregex = ^%(__prefix_line)s
In this example common.conf defines __prefix_line which also contains the
_daemon name (in syslog terms the service) you have just specified. _daemon
can also be a regex.
For example, to capture following line _daemon should be set to "dovecot"
For example, to capture following line _daemon should be set to "dovecot"::
Dec 12 11:19:11 dunnart dovecot: pop3-login: Aborted login (tried to use disabled plaintext auth): rip=190.210.136.21, lip=113.212.99.193
Dec 12 11:19:11 dunnart dovecot: pop3-login: Aborted login (tried to use disabled plaintext auth): rip=190.210.136.21, lip=113.212.99.193
and then ^%(__prefix_line)s would match "Dec 12 11:19:11 dunnart dovecot:
and then ``^%(__prefix_line)s`` would match "Dec 12 11:19:11 dunnart dovecot:
". Note it matches the trailing space(s) as well.
Substitutions (AKA string interpolations):
Substitutions (AKA string interpolations)
-----------------------------------------
We have used string interpolations in above examples. They are useful for
making the regexes more readable, reuse generic patterns in multiple failregex
@ -213,7 +220,8 @@ to the user. General principle is that value of a _name variable replaces
occurrences of %(_name)s within the same section or anywhere in the config file
if defined in [DEFAULT] section.
Regular Expressions:
Regular Expressions
-------------------
Regular expressions (failregex, ignoreregex) assume that the date/time has been
removed from the log line (this is just how fail2ban works internally ATM).
@ -236,29 +244,33 @@ If you have only a basic knowledge of regular repressions we advise to read
http://docs.python.org/2/library/re.html first. It doesn't take long and would
remind you e.g. which characters you need to escape and which you don't.
Developing/testing a regex:
Developing/testing a regex
--------------------------
You can develop a regex in a file or using command line depending on your
preference. You can also use samples you have already created in the test cases
or test them one at a time.
The general tool for testing Fail2Ban regexes is fail2ban-regex. To see how to
use it run:
use it run::
./fail2ban-regex --help
./fail2ban-regex --help
Take note of -l heavydebug / -l debug and -v as they might be very useful.
TIP: Take a look at the source code of the application you are developing
.. TIP::
Take a look at the source code of the application you are developing
failregex for. You may see optional or extra log messages, or parts there
of, that need to form part of your regex. It may also reveal how some
parts are constrained and different formats depending on configuration or
less common usages.
TIP: For looking through source code - http://sourcecodebrowser.com/ . It has
.. TIP::
For looking through source code - http://sourcecodebrowser.com/ . It has
call graphs and can browse different versions.
TIP: Some applications log spaces at the end. If you are not sure add \s*$ as
.. TIP::
Some applications log spaces at the end. If you are not sure add \s*$ as
the end part of the regex.
If your regex is not matching, http://www.debuggex.com/?flavor=python can help
@ -277,13 +289,15 @@ When you have fixed the regex put it back into your filter file.
Please spread the good word about Debuggex - Serge Toarca is kindly continuing
its free availability to Open Source developers.
Finishing up:
Finishing up
------------
If you've added a new filter, add a new entry in config/jail.conf. The theory
here is that a user will create a jail.local with [filtername]\nenable=true to
enable your jail.
So more specifically in the [filter] section in jail.conf:
* ensure that you have "enabled = false" (users will enable as needed);
* use "filter =" set to your filter name;
* use a typical action to disable ports associated with the application;
@ -295,7 +309,7 @@ Submit github pull request (See "Pull Requests" above) for
github.com/fail2ban/fail2ban containing your great work.
Filter Security
---------------
===============
Poor filter regular expressions are susceptible to DoS attacks.
@ -321,33 +335,33 @@ Examples of poor filters
1. Too restrictive
We find a log message:
We find a log message::
Apr-07-13 07:08:36 Invalid command fial2ban from 1.2.3.4
We make a failregex
We make a failregex::
^Invalid command \S+ from <HOST>
Now think evil. The user does the command 'blah from 1.2.3.44'
The program diligently logs:
The program diligently logs::
Apr-07-13 07:08:36 Invalid command blah from 1.2.3.44 from 1.2.3.4
And fail2ban matches 1.2.3.44 as the IP that it ban. A DoS attack was successful.
The fix here is that the command can be anything so .* is appropriate.
The fix here is that the command can be anything so .* is appropriate::
^Invalid command .* from <HOST>
Here the .* will match until the end of the string. Then realise it has more to
match, i.e. "from <HOST>" and go back until it find this. Then it will ban
1.2.3.4 correctly. Since the <HOST> is always at the end, end the regex with a $.
1.2.3.4 correctly. Since the <HOST> is always at the end, end the regex with a $::
^Invalid command .* from <HOST>$
Note if we'd just had the expression:
Note if we'd just had the expression::
^Invalid command \S+ from <HOST>$
@ -359,16 +373,16 @@ banned.
From the Apache vulnerability CVE-2013-2178
( original ref: https://vndh.net/note:fail2ban-089-denial-service ).
An example bad regex for Apache:
An example bad regex for Apache::
failregex = [[]client <HOST>[]] user .* not found
Since the user can do a get request on:
Since the user can do a get request on::
GET /[client%20192.168.0.1]%20user%20root%20not%20found HTTP/1.0
Host: remote.site
Host: remote.site
Now the log line will be:
Now the log line will be::
[Sat Jun 01 02:17:42 2013] [error] [client 192.168.33.1] File does not exist: /srv/http/site/[client 192.168.0.1] user root not found
@ -379,27 +393,27 @@ regex and blocks 192.168.33.1 as a denial of service from the HTTP requester.
From: https://github.com/fail2ban/fail2ban/pull/426
An example ssh log (simplified)
An example ssh log (simplified)::
Sep 29 17:15:02 spaceman sshd[12946]: Failed password for user from 127.0.0.1 port 20000 ssh1: ruser remoteuser
As we assume username can include anything including spaces its prudent to put
.* here. The remote user can also exist as anything so lets not make assumptions again.
.* here. The remote user can also exist as anything so lets not make assumptions again::
failregex = ^%(__prefix_line)sFailed \S+ for .* from <HOST>( port \d*)?( ssh\d+)?(: ruser .*)?$
So this works. The problem is if the .* after remote user is injected by the
user to be 'from 1.2.3.4'. The resultant log line is.
user to be 'from 1.2.3.4'. The resultant log line is::
Sep 29 17:15:02 spaceman sshd[12946]: Failed password for user from 127.0.0.1 port 20000 ssh1: ruser from 1.2.3.4
Testing with:
Testing with::
fail2ban-regex -v 'Sep 29 17:15:02 Failed password for user from 127.0.0.1 port 20000 ssh1: ruser from 1.2.3.4' '^ Failed \S+ for .* from <HOST>( port \d*)?( ssh\d+)?(: ruser .*)?$'
TIP: I've removed the bit that matches __prefix_line from the regex and log.
.. TIP:: I've removed the bit that matches __prefix_line from the regex and log.
Shows:
Shows::
1) [1] ^ Failed \S+ for .* from <HOST>( port \d*)?( ssh\d+)?(: ruser .*)?$
1.2.3.4 Sun Sep 29 17:15:02 2013
@ -412,14 +426,14 @@ The result was that 1.2.3.4 was matched, injected by the user, and the wrong IP
was banned.
The solution here is to make the first .* non-greedy with .*?. Here it matches
as little as required and the fail2ban-regex tool shows the output:
as little as required and the fail2ban-regex tool shows the output::
fail2ban-regex -v 'Sep 29 17:15:02 Failed password for user from 127.0.0.1 port 20000 ssh1: ruser from 1.2.3.4' '^ Failed \S+ for .*? from <HOST>( port \d*)?( ssh\d+)?(: ruser .*)?$'
1) [1] ^ Failed \S+ for .*? from <HOST>( port \d*)?( ssh\d+)?(: ruser .*)?$
127.0.0.1 Sun Sep 29 17:15:02 2013
So the general case here is a log line that contains:
So the general case here is a log line that contains::
(fixed_data_1)<HOST>(fixed_data_2)(user_injectable_data)
@ -427,20 +441,21 @@ Where the regex that matches fixed_data_1 is gready and matches the entire
string, before moving backwards and user_injectable_data can match the entire
string.
Another case:
Another case
------------
ref: https://www.debuggex.com/r/CtAbeKMa2sDBEfA2/0
A webserver logs the following without URL escaping:
A webserver logs the following without URL escaping::
[error] 2865#0: *66647 user "xyz" was not found in "/file", client: 1.2.3.1, server: www.host.com, request: "GET ", client: 3.2.1.1, server: fake.com, request: "GET exploited HTTP/3.3", host: "injected.host", host: "www.myhost.com"
regex:
regex::
failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (?:password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ .+ HTTP/\d+\.\d+", host: "\S+"
The .* matches to the end of the string. Finds that it can't continue to match
", client ... so it moves from the back and find that the user injected web URL:
", client ... so it moves from the back and find that the user injected web URL::
", client: 3.2.1.1, server: fake.com, request: "GET exploited HTTP/3.3", host: "injected.host
@ -453,14 +468,14 @@ beyond <HOST>.
4. Application generates two identical log messages with different meanings
If the application generates the following two messages under different
circumstances:
circumstances::
client <IP>: authentication failed
client <USER>: authentication failed
Then it's obvious that a regex of "^client <HOST>: authentication
failed$" will still cause problems if the user can trigger the second
Then it's obvious that a regex of ``^client <HOST>: authentication
failed$`` will still cause problems if the user can trigger the second
log message with a <USER> of 123.1.1.1.
Here there's nothing to do except request/change the application so it logs

195
RELEASE
View File

@ -1,4 +1,4 @@
__ _ _ ___ _
.. __ _ _ ___ _
/ _|__ _(_) |_ ) |__ __ _ _ _
| _/ _` | | |/ /| '_ \/ _` | ' \
|_| \__,_|_|_/___|_.__/\__,_|_||_|
@ -7,7 +7,10 @@
How to do a release for Fail2Ban
================================================================================
# Check distribution patches and see if they can be included
Preparation
===========
* Check distribution patches and see if they can be included
* https://apps.fedoraproject.org/packages/fail2ban/sources
* http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/
@ -16,7 +19,8 @@ How to do a release for Fail2Ban
* http://sophie.zarb.org/sources/fail2ban (Mageia)
* https://trac.macports.org/browser/trunk/dports/security/fail2ban
# Check distribution outstanding bugs
* Check distribution outstanding bugs
* https://github.com/fail2ban/fail2ban/issues?sort=updated&state=open
* http://bugs.debian.org/cgi-bin/pkgreport.cgi?dist=unstable;package=fail2ban
@ -29,144 +33,165 @@ How to do a release for Fail2Ban
* https://bugs.mageia.org/buglist.cgi?quicksearch=fail2ban
* https://build.opensuse.org/package/requests/openSUSE:Factory/fail2ban
# Make sure the tests pass
* Make sure the tests pass::
./fail2ban-testcases-all
# Ensure the version is correct
* Ensure the version is correct in:
in:
* ./fail2ban/version.py
* top of ChangeLog
* README.md
# Ensure the MANIFEST is complete
Run:
* Ensure the MANIFEST is complete
* Run::
python setup.py sdist
Look for errors like:
'testcases/files/logs/mysqld.log' not a regular file -- skipping
* Look for errors like::
Which indicates that testcases/files/logs/mysqld.log has been moved or is a directory
'testcases/files/logs/mysqld.log' not a regular file -- skipping
tar -C /tmp -jxf dist/fail2ban-0.9.0.tar.bz2
* Which indicates that testcases/files/logs/mysqld.log has been moved or is a directory::
# clean up current direcory
tar -C /tmp -jxf dist/fail2ban-0.9.0.tar.bz2
diff -rul --exclude \*.pyc . /tmp/fail2ban-0.9.0/
* clean up current direcory::
# Only differences should be files that you don't want distributed.
diff -rul --exclude \*.pyc . /tmp/fail2ban-0.9.0/
# Ensure the tests work from the tarball
cd /tmp/fail2ban-0.9.0/ && export PYTHONPATH=`pwd` && bin/fail2ban-testcases
# Add/finalize the corresponding entry in the ChangeLog
To generate a list of committers use e.g.
git shortlog -sn 0.8.12.. | sed -e 's,^[ 0-9\t]*,,g' | tr '\n' '\|' | sed -e 's:|:, :g'
Ensure the top of the ChangeLog has the right version and current date.
Ensure the top entry of the ChangeLog has the right version and current date.
# Update man pages
(cd man ; ./generate-man )
git commit -m 'DOC/ENH: update man pages for release' man/*
# Cleanout TODO file with the finished stuff
# Prepare source and rpm binary distributions
python setup.py sdist
* Only differences should be files that you don't want distributed.
Broken for now: python setup.py bdist_rpm
Broken for now: python setup.py upload
* Ensure the tests work from the tarball::
# Tag the release by using a signed (and annotated) tag. Cut/paste
release ChangeLog entry as tag annotation
cd /tmp/fail2ban-0.9.0/ && export PYTHONPATH=`pwd` && bin/fail2ban-testcases
git tag -s 0.9.1
* Add/finalize the corresponding entry in the ChangeLog
# Prerelease (option)
* To generate a list of committers use e.g.::
# Provide a release sample to distributors
git shortlog -sn 0.8.12.. | sed -e 's,^[ 0-9\t]*,,g' | tr '\n' '\|' | sed -e 's:|:, :g'
* Ensure the top of the ChangeLog has the right version and current date.
* Ensure the top entry of the ChangeLog has the right version and current date.
* Update man pages::
(cd man ; ./generate-man )
git commit -m 'DOC/ENH: update man pages for release' man/*
* Cleanout TODO file with the finished stuff
* Prepare source and rpm binary distributions::
python setup.py sdist
* Broken for now: python setup.py bdist_rpm
* Broken for now: python setup.py upload
* Tag the release by using a signed (and annotated) tag. Cut/paste
release ChangeLog entry as tag annotation::
git tag -s 0.9.1
Pre Release
===========
* Provide a release sample to distributors
* Arch Linux:
https://www.archlinux.org/packages/community/any/fail2ban/
* https://www.archlinux.org/packages/community/any/fail2ban/
* Debian: Yaroslav Halchenko <debian@onerussian.com>
http://packages.qa.debian.org/f/fail2ban.html
* http://packages.qa.debian.org/f/fail2ban.html
* FreeBSD: Christoph Theis theis@gmx.at>, Nick Hilliard <nick@foobar.org>
http://svnweb.freebsd.org/ports/head/security/py-fail2ban/Makefile?view=markup
http://www.freebsd.org/cgi/query-pr-summary.cgi?text=fail2ban
* http://svnweb.freebsd.org/ports/head/security/py-fail2ban/Makefile?view=markup
* http://www.freebsd.org/cgi/query-pr-summary.cgi?text=fail2ban
* Fedora: Axel Thimm <Axel.Thimm@atrpms.net>
https://apps.fedoraproject.org/packages/fail2ban
http://pkgs.fedoraproject.org/cgit/fail2ban.git
https://admin.fedoraproject.org/pkgdb/acls/bugs/fail2ban
* https://apps.fedoraproject.org/packages/fail2ban
* http://pkgs.fedoraproject.org/cgit/fail2ban.git
* https://admin.fedoraproject.org/pkgdb/acls/bugs/fail2ban
* Gentoo: netmon@gentoo.org
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/metadata.xml?view=markup
https://bugs.gentoo.org/buglist.cgi?quicksearch=fail2ban
* http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/metadata.xml?view=markup
* https://bugs.gentoo.org/buglist.cgi?quicksearch=fail2ban
* openSUSE: Stephan Kulow <coolo@suse.com>
https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban
* https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban
* Mac Ports: @Malbrouck on github (gh-49)
https://trac.macports.org/browser/trunk/dports/security/fail2ban/Portfile
* https://trac.macports.org/browser/trunk/dports/security/fail2ban/Portfile
* Mageia:
https://bugs.mageia.org/buglist.cgi?quicksearch=fail2ban
An potentially to the fail2ban-users email list.
* https://bugs.mageia.org/buglist.cgi?quicksearch=fail2ban
# Wait for feedback from distributors
* An potentially to the fail2ban-users email list.
# Prepare a release notice https://github.com/fail2ban/fail2ban/releases/new
Upload the source/binaries from the dist directory and tag the release using the URL
* Wait for feedback from distributors
# Upload source/binaries to sourceforge http://sourceforge.net/projects/fail2ban/
* Prepare a release notice https://github.com/fail2ban/fail2ban/releases/new
# Run the following and update the wiki with output:
python -c 'import fail2ban.protocol; fail2ban.protocol.printWiki()'
* Upload the source/binaries from the dist directory and tag the release using the URL
* Upload source/binaries to sourceforge http://sourceforge.net/projects/fail2ban/
* Run the following and update the wiki with output::
python -c 'import fail2ban.protocol; fail2ban.protocol.printWiki()'
* page: http://www.fail2ban.org/wiki/index.php/Commands
page: http://www.fail2ban.org/wiki/index.php/Commands
* Update:
http://www.fail2ban.org/wiki/index.php?title=Template:Fail2ban_Versions&action=edit
http://www.fail2ban.org/wiki/index.php?title=Template:Fail2ban_News&action=edit
move old bits to:
http://www.fail2ban.org/wiki/index.php?title=Template:Fail2ban_OldNews&action=edit
* http://www.fail2ban.org/wiki/index.php?title=Template:Fail2ban_Versions&action=edit
http://www.fail2ban.org/wiki/index.php/ChangeLog
http://www.fail2ban.org/wiki/index.php/Requirements (Check requirement)
http://www.fail2ban.org/wiki/index.php/Features
* http://www.fail2ban.org/wiki/index.php?title=Template:Fail2ban_News&action=edit
* move old bits to http://www.fail2ban.org/wiki/index.php?title=Template:Fail2ban_OldNews&action=edit
* http://www.fail2ban.org/wiki/index.php/ChangeLog
* http://www.fail2ban.org/wiki/index.php/Requirements (Check requirement)
* http://www.fail2ban.org/wiki/index.php/Features
* See if any filters are upgraded:
http://www.fail2ban.org/wiki/index.php/Special:AllPages
# Email users and development list of release
* Email users and development list of release
# notify distributors
* notify distributors
Post Release
============
Add the following to the top of the ChangeLog
Add the following to the top of the ChangeLog::
ver. 0.9.1 (2014/XX/XXX) - wanna-be-released
-----------
- Fixes:
- New Features:
- Enhancements:
ver. 0.9.1 (2014/XX/XXX) - wanna-be-released
-----------
- Fixes:
- New Features:
- Enhancements:
Alter the git shortlog command in the previous section to refer to the just
released version.
and adjust common/version.py to carry .dev suffix to signal
and adjust fail2ban/version.py to carry .dev suffix to signal
a version under development.

3
THANKS
View File

@ -100,8 +100,9 @@ Vaclav Misek
Vincent Deffontaines
Yaroslav Halchenko
Winston Smith
ykimon
Yehuda Katz
ykimon
Yung-Chin Oei
Zbigniew Jędrzejewski-Szmek
zugeschmiert
Zurd

2
config/action.d/complain.conf
View File

@ -5,7 +5,7 @@
# offending IP address.
# This uses the https://abusix.com/contactdb.html to lookup abuse contacts.
#
# DEPENDANCIES:
# DEPENDENCIES:
# This requires the dig command from bind-utils
#
# You should provide the <logpath> in the jail config - lines from the log

4
config/action.d/shorewall.conf
View File

@ -9,7 +9,9 @@
# connections. So if the attempter goes on trying using the same connection
# he could even log in. In order to get the same behavior of the iptable
# action (so that the ban is immediate) the /etc/shorewall/shorewall.conf
# file should me modified with "BLACKLISTNEWONLY=No".
# file should me modified with "BLACKLISTNEWONLY=No". Note that as of
# Shorewall 4.5.13 BLACKLISTNEWONLY is deprecated; however the equivalent
# of BLACKLISTNEWONLY=No can now be achieved by setting BLACKLIST="ALL".
#
[Definition]

2
config/action.d/xarf-login-attack.conf
View File

@ -10,7 +10,7 @@
# password incorrectly.
# * For filters that have a low likelihood of receiving human errors
#
# DEPENDANCIES:
# DEPENDENCIES:
#
# This requires the dig command from bind-utils
#

2
config/fail2ban.conf
View File

@ -52,7 +52,7 @@ pidfile = /var/run/fail2ban/fail2ban.pid
# Options: dbfile
# Notes.: Set the file for the fail2ban persistent data to be stored.
# A value of ":memory:" means database is only stored in memory
# and data is lost once fail2ban is stops.
# and data is lost when fail2ban is stopped.
# A value of "None" disables the database.
# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
dbfile = /var/lib/fail2ban/fail2ban.sqlite3

2
config/filter.d/nginx-http-auth.conf
View File

@ -4,7 +4,7 @@
[Definition]
failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$
failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(, referrer: "\S+")?\s*$
ignoreregex =

177
doc/Makefile Normal file
View File

@ -0,0 +1,177 @@
# Makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build2
PAPER =
BUILDDIR = ""build
# User-friendly check for sphinx-build2
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
endif
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " dirhtml to make HTML files named index.html in directories"
@echo " singlehtml to make a single large HTML file"
@echo " pickle to make pickle files"
@echo " json to make JSON files"
@echo " htmlhelp to make HTML files and a HTML help project"
@echo " qthelp to make HTML files and a qthelp project"
@echo " devhelp to make HTML files and a Devhelp project"
@echo " epub to make an epub"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " latexpdf to make LaTeX files and run them through pdflatex"
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
@echo " text to make text files"
@echo " man to make manual pages"
@echo " texinfo to make Texinfo files"
@echo " info to make Texinfo files and run them through makeinfo"
@echo " gettext to make PO message catalogs"
@echo " changes to make an overview of all changed/added/deprecated items"
@echo " xml to make Docutils-native XML files"
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
@echo " linkcheck to check all external links for integrity"
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
clean:
rm -rf $(BUILDDIR)/*
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
dirhtml:
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
singlehtml:
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
pickle:
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
json:
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
htmlhelp:
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
qthelp:
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Fail2Ban.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Fail2Ban.qhc"
devhelp:
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@echo "To view the help file:"
@echo "# mkdir -p $$HOME/.local/share/devhelp/Fail2Ban"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Fail2Ban"
@echo "# devhelp"
epub:
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
latexpdf:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
latexpdfja:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through platex and dvipdfmx..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
man:
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
texinfo:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
info:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
gettext:
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
changes:
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
linkcheck:
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
doctest:
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."
xml:
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
@echo
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
pseudoxml:
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
@echo
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."

260
doc/conf.py Normal file
View File

@ -0,0 +1,260 @@
# -*- coding: utf-8 -*-
import sys
import os
sys.path.insert(0, ".")
sys.path.insert(0, "..")
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#sys.path.insert(0, os.path.abspath('.'))
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
#needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
'sphinx.ext.autodoc',
'sphinx.ext.autosummary',
'numpydoc',
]
# Add any paths that contain templates here, relative to this directory.
templates_path = ['templates']
# The suffix of source filenames.
source_suffix = '.rst'
# The encoding of source files.
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = u'Fail2Ban'
copyright = u'2014'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
from fail2ban.version import version as fail2ban_version
from distutils.version import LooseVersion
fail2ban_loose_version = LooseVersion(fail2ban_version)
# The short X.Y version.
version = ".".join(str(_) for _ in fail2ban_loose_version.version[:2])
# The full version, including alpha/beta/rc tags.
release = fail2ban_version
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
#today = ''
# Else, today_fmt is used as the format for a strftime call.
#today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['build']
# The reST default role (used for this markup: `text`) to use for all
# documents.
#default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
#add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
#add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
#show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
#modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
#keep_warnings = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'default'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
#html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
#html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
#html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
#html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
#html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['static']
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
#html_extra_path = []
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
#html_last_updated_fmt = '%b %d, %Y'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
#html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
#html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
#html_additional_pages = {}
# If false, no module index is generated.
#html_domain_indices = True
# If false, no index is generated.
#html_use_index = True
# If true, the index is split into individual pages for each letter.
#html_split_index = False
# If true, links to the reST sources are added to the pages.
#html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
#html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
#html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
#html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
#html_file_suffix = None
# Output file base name for HTML help builder.
htmlhelp_basename = 'Fail2Bandoc'
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
#'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
#'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
#'preamble': '',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
('index', 'Fail2Ban.tex', u'Fail2Ban Developers\' Documentation',
u'', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
#latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#latex_use_parts = False
# If true, show page references after internal links.
#latex_show_pagerefs = False
# If true, show URL addresses after external links.
#latex_show_urls = False
# Documents to append as an appendix to all manuals.
#latex_appendices = []
# If false, no module index is generated.
#latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
('index', 'fail2ban', u'Fail2Ban Developers\' Documentation',
[u''], 1)
]
# If true, show URL addresses after external links.
#man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
('index', 'Fail2Ban', u'Fail2Ban Developers\' Documentation',
u'', 'Fail2Ban', 'One line description of project.',
'Miscellaneous'),
]
# Documents to append as an appendix to all manuals.
#texinfo_appendices = []
# If false, no module index is generated.
#texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
#texinfo_no_detailmenu = False
autodoc_default_flags = ['members', 'inherited-members', 'undoc-members', 'show-inheritance']

1
doc/develop.rst Normal file
View File

@ -0,0 +1 @@
.. include:: ../DEVELOP

7
doc/fail2ban.client.actionreader.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.client.actionreader module
===================================
.. automodule:: fail2ban.client.actionreader
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.client.beautifier.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.client.beautifier module
=================================
.. automodule:: fail2ban.client.beautifier
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.client.configparserinc.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.client.configparserinc module
======================================
.. automodule:: fail2ban.client.configparserinc
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.client.configreader.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.client.configreader module
===================================
.. automodule:: fail2ban.client.configreader
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.client.configurator.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.client.configurator module
===================================
.. automodule:: fail2ban.client.configurator
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.client.csocket.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.client.csocket module
==============================
.. automodule:: fail2ban.client.csocket
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.client.fail2banreader.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.client.fail2banreader module
=====================================
.. automodule:: fail2ban.client.fail2banreader
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.client.filterreader.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.client.filterreader module
===================================
.. automodule:: fail2ban.client.filterreader
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.client.jailreader.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.client.jailreader module
=================================
.. automodule:: fail2ban.client.jailreader
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.client.jailsreader.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.client.jailsreader module
==================================
.. automodule:: fail2ban.client.jailsreader
:members:
:undoc-members:
:show-inheritance:

15
doc/fail2ban.client.rst Normal file
View File

@ -0,0 +1,15 @@
fail2ban.client package
=======================
.. toctree::
fail2ban.client.actionreader
fail2ban.client.beautifier
fail2ban.client.configparserinc
fail2ban.client.configreader
fail2ban.client.configurator
fail2ban.client.csocket
fail2ban.client.fail2banreader
fail2ban.client.filterreader
fail2ban.client.jailreader
fail2ban.client.jailsreader

7
doc/fail2ban.exceptions.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.exceptions module
==========================
.. automodule:: fail2ban.exceptions
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.helpers.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.helpers module
=======================
.. automodule:: fail2ban.helpers
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.protocol.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.protocol module
========================
.. automodule:: fail2ban.protocol
:members:
:undoc-members:
:show-inheritance:

12
doc/fail2ban.rst Normal file
View File

@ -0,0 +1,12 @@
fail2ban package
================
.. toctree::
fail2ban.client
fail2ban.server
fail2ban.exceptions
fail2ban.helpers
fail2ban.protocol
fail2ban.version

7
doc/fail2ban.server.action.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.action module
=============================
.. automodule:: fail2ban.server.action
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.actions.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.actions module
==============================
.. automodule:: fail2ban.server.actions
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.asyncserver.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.asyncserver module
==================================
.. automodule:: fail2ban.server.asyncserver
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.banmanager.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.banmanager module
=================================
.. automodule:: fail2ban.server.banmanager
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.database.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.database module
===============================
.. automodule:: fail2ban.server.database
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.datedetector.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.datedetector module
===================================
.. automodule:: fail2ban.server.datedetector
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.datetemplate.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.datetemplate module
===================================
.. automodule:: fail2ban.server.datetemplate
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.faildata.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.faildata module
===============================
.. automodule:: fail2ban.server.faildata
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.failmanager.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.failmanager module
==================================
.. automodule:: fail2ban.server.failmanager
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.failregex.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.failregex module
================================
.. automodule:: fail2ban.server.failregex
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.filter.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.filter module
=============================
.. automodule:: fail2ban.server.filter
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.filtergamin.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.filtergamin module
==================================
.. automodule:: fail2ban.server.filtergamin
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.filterpoll.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.filterpoll module
=================================
.. automodule:: fail2ban.server.filterpoll
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.filterpyinotify.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.filterpyinotify module
======================================
.. automodule:: fail2ban.server.filterpyinotify
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.filtersystemd.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.filtersystemd module
====================================
.. automodule:: fail2ban.server.filtersystemd
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.jail.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.jail module
===========================
.. automodule:: fail2ban.server.jail
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.jails.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.jails module
============================
.. automodule:: fail2ban.server.jails
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.jailthread.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.jailthread module
=================================
.. automodule:: fail2ban.server.jailthread
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.mytime.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.mytime module
=============================
.. automodule:: fail2ban.server.mytime
:members:
:undoc-members:
:show-inheritance:

28
doc/fail2ban.server.rst Normal file
View File

@ -0,0 +1,28 @@
fail2ban.server package
=======================
.. toctree::
fail2ban.server.action
fail2ban.server.actions
fail2ban.server.asyncserver
fail2ban.server.banmanager
fail2ban.server.database
fail2ban.server.datedetector
fail2ban.server.datetemplate
fail2ban.server.faildata
fail2ban.server.failmanager
fail2ban.server.failregex
fail2ban.server.filter
fail2ban.server.filtergamin
fail2ban.server.filterpoll
fail2ban.server.filterpyinotify
fail2ban.server.filtersystemd
fail2ban.server.jail
fail2ban.server.jails
fail2ban.server.jailthread
fail2ban.server.mytime
fail2ban.server.server
fail2ban.server.strptime
fail2ban.server.ticket
fail2ban.server.transmitter

7
doc/fail2ban.server.server.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.server module
=============================
.. automodule:: fail2ban.server.server
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.strptime.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.strptime module
===============================
.. automodule:: fail2ban.server.strptime
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.ticket.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.ticket module
=============================
.. automodule:: fail2ban.server.ticket
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.server.transmitter.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.server.transmitter module
==================================
.. automodule:: fail2ban.server.transmitter
:members:
:undoc-members:
:show-inheritance:

7
doc/fail2ban.version.rst Normal file
View File

@ -0,0 +1,7 @@
fail2ban.version module
=======================
.. automodule:: fail2ban.version
:members:
:undoc-members:
:show-inheritance:

1
doc/filters.rst Normal file
View File

@ -0,0 +1 @@
.. include:: ../FILTERS

19
doc/index.rst Normal file
View File

@ -0,0 +1,19 @@
Welcome to Fail2Ban's developers documentation!
===============================================
Contents:
.. toctree::
:maxdepth: 2
develop
filters
release
fail2ban
Indices and tables
==================
* :ref:`genindex`
* :ref:`search`

1
doc/release.rst Normal file
View File

@ -0,0 +1 @@
.. include:: ../RELEASE

1
doc/requirements.txt Normal file
View File

@ -0,0 +1 @@
numpydoc

10
fail2ban/client/actionreader.py
View File

@ -34,11 +34,11 @@ logSys = logging.getLogger(__name__)
class ActionReader(DefinitionInitConfigReader):
_configOpts = [
["string", "actionstart", ""],
["string", "actionstop", ""],
["string", "actioncheck", ""],
["string", "actionban", ""],
["string", "actionunban", ""],
["string", "actionstart", None],
["string", "actionstop", None],
["string", "actioncheck", None],
["string", "actionban", None],
["string", "actionunban", None],
]
def __init__(self, file_, jailName, initOpts, **kwargs):

4
fail2ban/client/beautifier.py
View File

@ -188,9 +188,9 @@ class Beautifier:
logSys.debug("Beautify (error) " + `response` + " with " + `self.__inputCmd`)
msg = response
if isinstance(response, UnknownJailException):
msg = "Sorry but the jail '" + response[0] + "' does not exist"
msg = "Sorry but the jail '" + response.args[0] + "' does not exist"
elif isinstance(response, IndexError):
msg = "Sorry but the command is invalid"
elif isinstance(response, DuplicateJailException):
msg = "The jail '" + response[0] + "' already exists"
msg = "The jail '" + response.args[0] + "' already exists"
return msg

4
fail2ban/client/configreader.py
View File

@ -120,6 +120,10 @@ class ConfigReader(SafeConfigParserWithIncludes):
logSys.warning("'%s' not defined in '%s'. Using default one: %r"
% (option[1], sec, option[2]))
values[option[1]] = option[2]
else:
logSys.debug(
"Non essential option '%s' not defined in '%s'.",
option[1], sec)
except ValueError:
logSys.warning("Wrong value for '" + option[1] + "' in '" + sec +
"'. Using default one: '" + `option[2]` + "'")

2
fail2ban/client/filterreader.py
View File

@ -35,7 +35,7 @@ logSys = logging.getLogger(__name__)
class FilterReader(DefinitionInitConfigReader):
_configOpts = [
["string", "ignoreregex", ""],
["string", "ignoreregex", None],
["string", "failregex", ""],
]

17
fail2ban/client/jailreader.py
View File

@ -68,7 +68,8 @@ class JailReader(ConfigReader):
return out
def isEnabled(self):
return self.__force_enable or ( self.__opts and self.__opts["enabled"] )
return self.__force_enable or (
self.__opts and self.__opts.get("enabled", False))
@staticmethod
def _glob(path):
@ -85,14 +86,14 @@ class JailReader(ConfigReader):
return pathList
def getOptions(self):
opts = [["bool", "enabled", "false"],
["string", "logpath", "/var/log/messages"],
["string", "logencoding", "auto"],
opts = [["bool", "enabled", False],
["string", "logpath", None],
["string", "logencoding", None],
["string", "backend", "auto"],
["int", "maxretry", 3],
["int", "findtime", 600],
["int", "bantime", 600],
["string", "usedns", "warn"],
["int", "maxretry", None],
["int", "findtime", None],
["int", "bantime", None],
["string", "usedns", None],
["string", "failregex", None],
["string", "ignoreregex", None],
["string", "ignorecommand", None],

4
fail2ban/server/action.py
View File

@ -62,9 +62,7 @@ class CallingMap(MutableMapping):
Attributes
----------
data : dict
The dictionary data which can be accessed to obtain items
without callable values being called.
The dictionary data which can be accessed to obtain items uncalled
"""
def __init__(self, *args, **kwargs):

61
fail2ban/server/database.py
View File

@ -361,7 +361,10 @@ class Fail2BanDb(object):
ticket : BanTicket
Ticket of the ban to be added.
"""
self._bansMergedCache = {}
try:
del self._bansMergedCache[(ticket.getIP(), jail)]
except KeyError:
pass
#TODO: Implement data parts once arbitrary match keys completed
cur.execute(
"INSERT INTO bans(jail, ip, timeofban, data) VALUES(?, ?, ?, ?)",
@ -383,7 +386,7 @@ class Fail2BanDb(object):
if ip is not None:
query += " AND ip=?"
queryArgs.append(ip)
query += " ORDER BY timeofban"
query += " ORDER BY ip, timeofban"
return cur.execute(query, queryArgs)
@ -412,7 +415,7 @@ class Fail2BanDb(object):
tickets[-1].setAttempt(data['failures'])
return tickets
def getBansMerged(self, ip, jail=None, **kwargs):
def getBansMerged(self, ip=None, jail=None, bantime=None):
"""Get bans from the database, merged into single ticket.
This is the same as `getBans`, but bans merged into single
@ -430,22 +433,44 @@ class Fail2BanDb(object):
Returns
-------
Ticket
Single ticket representing bans stored in database.
list or Ticket
Single ticket representing bans stored in database per IP
in a list. When `ip` argument passed, a single `Ticket` is
returned.
"""
cacheKey = ip if jail is None else "%s|%s" % (ip, jail.name)
if cacheKey in self._bansMergedCache:
return self._bansMergedCache[cacheKey]
matches = []
failures = 0
for ip, timeofban, data in self._getBans(ip=ip, jail=jail, **kwargs):
#TODO: Implement data parts once arbitrary match keys completed
matches.extend(data['matches'])
failures += data['failures']
ticket = FailTicket(ip, timeofban, matches)
ticket.setAttempt(failures)
self._bansMergedCache[cacheKey] = ticket
return ticket
if bantime is None:
cacheKey = (ip, jail)
if cacheKey in self._bansMergedCache:
return self._bansMergedCache[cacheKey]
tickets = []
ticket = None
results = list(self._getBans(ip=ip, jail=jail, bantime=bantime))
if results:
prev_banip = results[0][0]
matches = []
failures = 0
for banip, timeofban, data in results:
#TODO: Implement data parts once arbitrary match keys completed
if banip != prev_banip:
ticket = FailTicket(prev_banip, prev_timeofban, matches)
ticket.setAttempt(failures)
tickets.append(ticket)
# Reset variables
prev_banip = banip
matches = []
failures = 0
matches.extend(data['matches'])
failures += data['failures']
prev_timeofban = timeofban
ticket = FailTicket(banip, prev_timeofban, matches)
ticket.setAttempt(failures)
tickets.append(ticket)
if bantime is None:
self._bansMergedCache[cacheKey] = tickets if ip is None else ticket
return tickets if ip is None else ticket
@commitandrollback
def purge(self, cur):

2
fail2ban/server/filter.py
View File

@ -63,7 +63,7 @@ class Filter(JailThread):
## Use DNS setting
self.setUseDns(useDns)
## The amount of time to look back.
self.__findTime = 6000
self.__findTime = 600
## The ignore IP list.
self.__ignoreIpList = []
## Size of line buffer

6
fail2ban/server/jail.py
View File

@ -104,7 +104,9 @@ class Jail:
self.__actions = Actions(self)
return # we are done
except ImportError, e:
logSys.debug(
# Log debug if auto, but error if specific
logSys.log(
logging.DEBUG if backend == "auto" else logging.ERROR,
"Backend %r failed to initialize due to %s" % (b, e))
# log error since runtime error message isn't printed, INVALID COMMAND
logSys.error(
@ -209,7 +211,7 @@ class Jail:
self.actions.start()
# Restore any previous valid bans from the database
if self.database is not None:
for ticket in self.database.getBans(
for ticket in self.database.getBansMerged(
jail=self, bantime=self.actions.getBanTime()):
if not self.filter.inIgnoreIPList(ticket.getIP()):
self.__queue.put(ticket)

37
fail2ban/tests/clientreadertestcase.py
View File

@ -349,31 +349,9 @@ class JailsReaderTest(LogCaptureTestCase):
self.maxDiff = None
self.assertEqual(sorted(comm_commands),
sorted([['add', 'emptyaction', 'auto'],
['set', 'emptyaction', 'usedns', 'warn'],
['set', 'emptyaction', 'maxretry', 3],
['set', 'emptyaction', 'findtime', 600],
['set', 'emptyaction', 'logencoding', 'auto'],
['set', 'emptyaction', 'bantime', 600],
['add', 'special', 'auto'],
['set', 'special', 'usedns', 'warn'],
['set', 'special', 'maxretry', 3],
['set', 'special', 'addfailregex', '<IP>'],
['set', 'special', 'findtime', 600],
['set', 'special', 'logencoding', 'auto'],
['set', 'special', 'bantime', 600],
['add', 'missinglogfiles', 'auto'],
['set', 'missinglogfiles', 'usedns', 'warn'],
['set', 'missinglogfiles', 'maxretry', 3],
['set', 'missinglogfiles', 'findtime', 600],
['set', 'missinglogfiles', 'logencoding', 'auto'],
['set', 'missinglogfiles', 'bantime', 600],
['set', 'missinglogfiles', 'addfailregex', '<IP>'],
['add', 'brokenaction', 'auto'],
['set', 'brokenaction', 'usedns', 'warn'],
['set', 'brokenaction', 'maxretry', 3],
['set', 'brokenaction', 'findtime', 600],
['set', 'brokenaction', 'logencoding', 'auto'],
['set', 'brokenaction', 'bantime', 600],
['set', 'brokenaction', 'addfailregex', '<IP>'],
['set', 'brokenaction', 'addaction', 'brokenaction'],
['set',
@ -382,23 +360,9 @@ class JailsReaderTest(LogCaptureTestCase):
'brokenaction',
'actionban',
'hit with big stick <ip>'],
['set', 'brokenaction', 'action', 'brokenaction',
'actionstop', ''],
['set', 'brokenaction', 'action', 'brokenaction',
'actionstart', ''],
['set', 'brokenaction', 'action', 'brokenaction',
'actionunban', ''],
['set', 'brokenaction', 'action', 'brokenaction',
'actioncheck', ''],
['add', 'parse_to_end_of_jail.conf', 'auto'],
['set', 'parse_to_end_of_jail.conf', 'usedns', 'warn'],
['set', 'parse_to_end_of_jail.conf', 'maxretry', 3],
['set', 'parse_to_end_of_jail.conf', 'findtime', 600],
['set', 'parse_to_end_of_jail.conf', 'logencoding', 'auto'],
['set', 'parse_to_end_of_jail.conf', 'bantime', 600],
['set', 'parse_to_end_of_jail.conf', 'addfailregex', '<IP>'],
['start', 'emptyaction'],
['start', 'special'],
['start', 'missinglogfiles'],
['start', 'brokenaction'],
['start', 'parse_to_end_of_jail.conf'],]))
@ -572,6 +536,7 @@ class JailsReaderTest(LogCaptureTestCase):
jailfd = open(os.path.join(basedir, "jail.conf"), 'w')
jailfd.write("""
[testjail1]
enabled = true
action = testaction1[actname=test1]
testaction1[actname=test2]
testaction.py

2
fail2ban/tests/config/jail.conf
View File

@ -14,6 +14,7 @@ ignoreregex =
ignoreip =
[missinglogfiles]
enabled = true
logpath = /weapons/of/mass/destruction
[brokenactiondef]
@ -25,6 +26,7 @@ enabled = true
action = brokenaction
[missingbitsjail]
enabled = true
filter = catchallthebadies
action = thefunkychickendance

34
fail2ban/tests/databasetestcase.py
View File

@ -190,16 +190,16 @@ class DatabaseTest(unittest.TestCase):
jail2 = DummyJail()
self.db.addJail(jail2)
ticket = FailTicket("127.0.0.1", 10, ["abc\n"])
ticket = FailTicket("127.0.0.1", MyTime.time() - 40, ["abc\n"])
ticket.setAttempt(10)
self.db.addBan(self.jail, ticket)
ticket = FailTicket("127.0.0.1", 20, ["123\n"])
ticket = FailTicket("127.0.0.1", MyTime.time() - 30, ["123\n"])
ticket.setAttempt(20)
self.db.addBan(self.jail, ticket)
ticket = FailTicket("127.0.0.2", 30, ["ABC\n"])
ticket = FailTicket("127.0.0.2", MyTime.time() - 20, ["ABC\n"])
ticket.setAttempt(30)
self.db.addBan(self.jail, ticket)
ticket = FailTicket("127.0.0.1", 40, ["ABC\n"])
ticket = FailTicket("127.0.0.1", MyTime.time() - 10, ["ABC\n"])
ticket.setAttempt(40)
self.db.addBan(jail2, ticket)
@ -220,7 +220,15 @@ class DatabaseTest(unittest.TestCase):
id(ticket),
id(self.db.getBansMerged("127.0.0.1", jail=self.jail)))
newTicket = FailTicket("127.0.0.1", 40, ["ABC\n"])
newTicket = FailTicket("127.0.0.2", MyTime.time() - 20, ["ABC\n"])
ticket.setAttempt(40)
# Add ticket, but not for same IP, so cache still valid
self.db.addBan(self.jail, newTicket)
self.assertEqual(
id(ticket),
id(self.db.getBansMerged("127.0.0.1", jail=self.jail)))
newTicket = FailTicket("127.0.0.1", MyTime.time() - 10, ["ABC\n"])
ticket.setAttempt(40)
self.db.addBan(self.jail, newTicket)
# Added ticket, so cache should have been cleared
@ -228,6 +236,22 @@ class DatabaseTest(unittest.TestCase):
id(ticket),
id(self.db.getBansMerged("127.0.0.1", jail=self.jail)))
tickets = self.db.getBansMerged()
self.assertEqual(len(tickets), 2)
self.assertEqual(
sorted(list(set(ticket.getIP() for ticket in tickets))),
sorted([ticket.getIP() for ticket in tickets]))
tickets = self.db.getBansMerged(jail=jail2)
self.assertEqual(len(tickets), 1)
tickets = self.db.getBansMerged(bantime=25)
self.assertEqual(len(tickets), 2)
tickets = self.db.getBansMerged(bantime=15)
self.assertEqual(len(tickets), 1)
tickets = self.db.getBansMerged(bantime=5)
self.assertEqual(len(tickets), 0)
def testPurge(self):
if Fail2BanDb is None: # pragma: no cover
return

4
fail2ban/tests/files/logs/nginx-http-auth
View File

@ -3,4 +3,8 @@
2012/04/09 11:53:29 [error] 2865#0: *66647 user "xyz" was not found in "/var/www/.htpasswd", client: 192.0.43.10, server: www.myhost.com, request: "GET / HTTP/1.1", host: "www.myhost.com"
# failJSON: { "time": "2012-04-09T11:53:36", "match": true , "host": "192.0.43.10" }
2012/04/09 11:53:36 [error] 2865#0: *66647 user "xyz": password mismatch, client: 192.0.43.10, server: www.myhost.com, request: "GET / HTTP/1.1", host: "www.myhost.com"
# failJSON: { "time": "2014-04-01T22:20:38", "match": true, "host": "10.0.2.2" }
2014/04/01 22:20:38 [error] 30708#0: *3 user "scribendio": password mismatch, client: 10.0.2.2, server: , request: "GET / HTTP/1.1", host: "localhost:8443"
# failJSON: { "time": "2014-04-02T12:37:58", "match": true, "host": "10.0.2.2" }
2014/04/02 12:37:58 [error] 6563#0: *1861 user "scribendio": password mismatch, client: 10.0.2.2, server: scribend.io, request: "GET /admin HTTP/1.1", host: "scribend.io", referrer: "https://scribend.io/admin"

1
files/fail2ban.service
View File

@ -1,5 +1,6 @@
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service
[Service]

11
man/jail.conf.5
View File

@ -297,12 +297,12 @@ There are two filter definitions used in the [Definition] section:
.TP
.B failregex
is the regex (\fBreg\fRular \fBex\fRpression) that will match failed attempts. The tag \fI<HOST>\fR is used as part of the regex and is itself a regex
for IPv4 addresses and hostnames. fail2ban will work out which one of these it actually is.
for IPv4 addresses (and hostnames if \fBusedns\fR). Fail2Ban will work out which one of these it actually is.
For multiline regexs the tag \fI<SKIPLINES>\fR should be used to separate lines. This allows lines between the matched lines to continue to be searched for other failures. The tag can be used multiple times.
.TP
.B ignoreregex
is the regex to identify log entries that should be ignored by fail2ban, even if they match failregex.
is the regex to identify log entries that should be ignored by Fail2Ban, even if they match failregex.
.PP
@ -331,13 +331,6 @@ indicates that this file is read before the [Definition] section.
\fBafter\fR
indicates that this file is read after the [Definition] section.
.B failregex
regex that will match failed attempts. The tag <HOST> is used as part of the regex and is itself a regex
for IPv4 addresses (and hostnames if \fBusedns\fR). Fail2Ban will work out which one of these it actually is.
.TP
.B ignoreregex
regex to identify log entries that should be ignored by Fail2Ban, even if they match failregex.
.SH AUTHOR
Fail2ban was originally written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
At the moment it is maintained and further developed by Yaroslav O. Halchenko <debian@onerussian.com>, Daniel Black <daniel.subs@internode.on.net> and Steven Hiscocks <steven-fail2ban@hiscocks.me.uk> along with a number of contributors. See \fBTHANKS\fR file shipped with Fail2Ban for a full list.

130
setup.py
View File

@ -92,77 +92,77 @@ setup(
license = "GPL",
platforms = "Posix",
cmdclass = {'build_py': build_py, 'build_scripts': build_scripts},
scripts = [
'bin/fail2ban-client',
'bin/fail2ban-server',
'bin/fail2ban-regex',
'bin/fail2ban-testcases',
],
packages = [
'fail2ban',
'fail2ban.client',
'fail2ban.server',
'fail2ban.tests',
'fail2ban.tests.action_d',
],
package_data = {
'fail2ban.tests':
[ join(w[0], f).replace("fail2ban/tests/", "", 1)
for w in os.walk('fail2ban/tests/files')
for f in w[2]] +
[ join(w[0], f).replace("fail2ban/tests/", "", 1)
for w in os.walk('fail2ban/tests/config')
for f in w[2]] +
[ join(w[0], f).replace("fail2ban/tests/", "", 1)
for w in os.walk('fail2ban/tests/action_d')
for f in w[2]]
},
data_files = [
('/etc/fail2ban',
glob("config/*.conf")
),
('/etc/fail2ban/filter.d',
glob("config/filter.d/*.conf")
),
('/etc/fail2ban/action.d',
glob("config/action.d/*.conf") +
glob("config/action.d/*.py")
),
('/etc/fail2ban/fail2ban.d',
''
),
('/etc/fail2ban/jail.d',
''
),
('/var/lib/fail2ban',
''
),
('/usr/share/doc/fail2ban',
['README.md', 'README.Solaris', 'DEVELOP', 'FILTERS',
'doc/run-rootless.txt']
)
],
scripts = [
'bin/fail2ban-client',
'bin/fail2ban-server',
'bin/fail2ban-regex',
'bin/fail2ban-testcases',
],
packages = [
'fail2ban',
'fail2ban.client',
'fail2ban.server',
'fail2ban.tests',
'fail2ban.tests.action_d',
],
package_data = {
'fail2ban.tests':
[ join(w[0], f).replace("fail2ban/tests/", "", 1)
for w in os.walk('fail2ban/tests/files')
for f in w[2]] +
[ join(w[0], f).replace("fail2ban/tests/", "", 1)
for w in os.walk('fail2ban/tests/config')
for f in w[2]] +
[ join(w[0], f).replace("fail2ban/tests/", "", 1)
for w in os.walk('fail2ban/tests/action_d')
for f in w[2]]
},
data_files = [
('/etc/fail2ban',
glob("config/*.conf")
),
('/etc/fail2ban/filter.d',
glob("config/filter.d/*.conf")
),
('/etc/fail2ban/action.d',
glob("config/action.d/*.conf") +
glob("config/action.d/*.py")
),
('/etc/fail2ban/fail2ban.d',
''
),
('/etc/fail2ban/jail.d',
''
),
('/var/lib/fail2ban',
''
),
('/usr/share/doc/fail2ban',
['README.md', 'README.Solaris', 'DEVELOP', 'FILTERS',
'doc/run-rootless.txt']
)
],
**setup_extra
)
# Do some checks after installation
# Search for obsolete files.
obsoleteFiles = []
elements = {
"/etc/":
[
"fail2ban.conf"
],
"/usr/bin/":
[
"fail2ban.py"
],
"/usr/lib/fail2ban/":
[
"version.py",
"protocol.py"
]
}
elements = {
"/etc/":
[
"fail2ban.conf"
],
"/usr/bin/":
[
"fail2ban.py"
],
"/usr/lib/fail2ban/":
[
"version.py",
"protocol.py"
]
}
for directory in elements:
for f in elements[directory]: