github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch '0.10' into 0.11

pull/2225/head
sebres 2018-09-14 11:01:40 +02:00
parent 714fd8c915 08f3f12f10
commit 8a0c06ba9e
40 changed files with 89 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/action.d/abuseipdb.conf
View File

@ -48,13 +48,13 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = actionstop =

4
config/action.d/blocklist_de.conf
View File

@ -31,13 +31,13 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = actionstop =

4
config/action.d/bsd-ipfw.conf
View File

@ -11,14 +11,14 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = ipfw show | fgrep -c -m 1 -s 'table(<table>)' > /dev/null 2>&1 || ( ipfw show | awk 'BEGIN { b = <lowest_rule_num> } { if ($1 < b) {} else if ($1 == b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype> <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" ) actionstart = ipfw show | fgrep -c -m 1 -s 'table(<table>)' > /dev/null 2>&1 || ( ipfw show | awk 'BEGIN { b = <lowest_rule_num> } { if ($1 < b) {} else if ($1 == b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype> <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" )
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = [ ! -f <startstatefile> ] || ( read num < "<startstatefile>" <br> ipfw -q delete $num <br> rm "<startstatefile>" ) actionstop = [ ! -f <startstatefile> ] || ( read num < "<startstatefile>" <br> ipfw -q delete $num <br> rm "<startstatefile>" )

4
config/action.d/cloudflare.conf
View File

@ -15,13 +15,13 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = actionstop =

4
config/action.d/complain.conf
View File

@ -41,13 +41,13 @@ debug = 0
norestored = 1 norestored = 1
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = actionstop =

4
config/action.d/dshield.conf
View File

@ -32,13 +32,13 @@
norestored = 1 norestored = 1
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = if [ -f <tmpfile>.buffer ]; then actionstop = if [ -f <tmpfile>.buffer ]; then

4
config/action.d/dummy.conf
View File

@ -7,7 +7,7 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = if [ ! -z '<target>' ]; then touch <target>; fi; actionstart = if [ ! -z '<target>' ]; then touch <target>; fi;
@ -22,7 +22,7 @@ actionflush = printf %%b "-*\n" <to_target>
echo "%(debug)s clear all" echo "%(debug)s clear all"
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = if [ ! -z '<target>' ]; then rm -f <target>; fi; actionstop = if [ ! -z '<target>' ]; then rm -f <target>; fi;

4
config/action.d/hostsdeny.conf
View File

@ -8,13 +8,13 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = actionstop =

4
config/action.d/ipfilter.conf
View File

@ -9,7 +9,7 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
# enable IPF if not already enabled # enable IPF if not already enabled
@ -17,7 +17,7 @@ actionstart = /sbin/ipf -E
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
# don't disable IPF with "/sbin/ipf -D", there may be other filters in use # don't disable IPF with "/sbin/ipf -D", there may be other filters in use

4
config/action.d/ipfw.conf
View File

@ -8,14 +8,14 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = actionstop =

4
config/action.d/iptables-allports.conf
View File

@ -14,7 +14,7 @@ before = iptables-common.conf
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = <iptables> -N f2b-<name> actionstart = <iptables> -N f2b-<name>
@ -22,7 +22,7 @@ actionstart = <iptables> -N f2b-<name>
<iptables> -I <chain> -p <protocol> -j f2b-<name> <iptables> -I <chain> -p <protocol> -j f2b-<name>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name> actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>

4
config/action.d/iptables-ipset-proto4.conf
View File

@ -24,7 +24,7 @@ before = iptables-common.conf
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = ipset --create f2b-<name> iphash actionstart = ipset --create f2b-<name> iphash
@ -38,7 +38,7 @@ actionstart = ipset --create f2b-<name> iphash
actionflush = ipset --flush f2b-<name> actionflush = ipset --flush f2b-<name>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype> actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>

4
config/action.d/iptables-ipset-proto6-allports.conf
View File

@ -23,7 +23,7 @@ before = iptables-common.conf
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = ipset create <ipmset> hash:ip timeout <default-timeout><familyopt> actionstart = ipset create <ipmset> hash:ip timeout <default-timeout><familyopt>
@ -36,7 +36,7 @@ actionstart = ipset create <ipmset> hash:ip timeout <default-timeout><familyopt>
actionflush = ipset flush <ipmset> actionflush = ipset flush <ipmset>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = <iptables> -D <chain> -m set --match-set <ipmset> src -j <blocktype> actionstop = <iptables> -D <chain> -m set --match-set <ipmset> src -j <blocktype>

4
config/action.d/iptables-ipset-proto6.conf
View File

@ -23,7 +23,7 @@ before = iptables-common.conf
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = ipset create <ipmset> hash:ip timeout <default-timeout><familyopt> actionstart = ipset create <ipmset> hash:ip timeout <default-timeout><familyopt>
@ -36,7 +36,7 @@ actionstart = ipset create <ipmset> hash:ip timeout <default-timeout><familyopt>
actionflush = ipset flush <ipmset> actionflush = ipset flush <ipmset>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype> actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype>

4
config/action.d/iptables-multiport-log.conf
View File

@ -16,7 +16,7 @@ before = iptables-common.conf
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = <iptables> -N f2b-<name> actionstart = <iptables> -N f2b-<name>
@ -34,7 +34,7 @@ actionflush = <iptables> -F f2b-<name>
<iptables> -F f2b-<name>-log <iptables> -F f2b-<name>-log
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name> actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>

4
config/action.d/iptables-multiport.conf
View File

@ -11,7 +11,7 @@ before = iptables-common.conf
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = <iptables> -N f2b-<name> actionstart = <iptables> -N f2b-<name>
@ -19,7 +19,7 @@ actionstart = <iptables> -N f2b-<name>
<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name> <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name> actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>

4
config/action.d/iptables-new.conf
View File

@ -13,7 +13,7 @@ before = iptables-common.conf
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = <iptables> -N f2b-<name> actionstart = <iptables> -N f2b-<name>
@ -21,7 +21,7 @@ actionstart = <iptables> -N f2b-<name>
<iptables> -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name> <iptables> -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = <iptables> -D <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name> actionstop = <iptables> -D <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>

4
config/action.d/iptables-xt_recent-echo.conf
View File

@ -12,7 +12,7 @@ before = iptables-common.conf
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
# Changing iptables rules requires root privileges. If fail2ban is # Changing iptables rules requires root privileges. If fail2ban is
@ -42,7 +42,7 @@ actionstart = if [ `id -u` -eq 0 ];then <iptables> -I <chain> -m recent --update
actionflush = actionflush =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = echo / > /proc/net/xt_recent/<iptname> actionstop = echo / > /proc/net/xt_recent/<iptname>

4
config/action.d/iptables.conf
View File

@ -11,7 +11,7 @@ before = iptables-common.conf
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = <iptables> -N f2b-<name> actionstart = <iptables> -N f2b-<name>
@ -19,7 +19,7 @@ actionstart = <iptables> -N f2b-<name>
<iptables> -I <chain> -p <protocol> --dport <port> -j f2b-<name> <iptables> -I <chain> -p <protocol> --dport <port> -j f2b-<name>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = <iptables> -D <chain> -p <protocol> --dport <port> -j f2b-<name> actionstop = <iptables> -D <chain> -p <protocol> --dport <port> -j f2b-<name>

4
config/action.d/mail-buffered.conf
View File

@ -10,7 +10,7 @@
norestored = 1 norestored = 1
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = printf %%b "Hi,\n actionstart = printf %%b "Hi,\n
@ -20,7 +20,7 @@ actionstart = printf %%b "Hi,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = if [ -f <tmpfile> ]; then actionstop = if [ -f <tmpfile> ]; then

4
config/action.d/mail-whois-lines.conf
View File

@ -15,7 +15,7 @@ before = mail-whois-common.conf
norestored = 1 norestored = 1
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = printf %%b "Hi,\n actionstart = printf %%b "Hi,\n
@ -24,7 +24,7 @@ actionstart = printf %%b "Hi,\n
Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on <fq-hostname>" <dest> Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = printf %%b "Hi,\n actionstop = printf %%b "Hi,\n

4
config/action.d/mail-whois.conf
View File

@ -14,7 +14,7 @@ before = mail-whois-common.conf
norestored = 1 norestored = 1
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = printf %%b "Hi,\n actionstart = printf %%b "Hi,\n
@ -23,7 +23,7 @@ actionstart = printf %%b "Hi,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = printf %%b "Hi,\n actionstop = printf %%b "Hi,\n

4
config/action.d/mail.conf
View File

@ -10,7 +10,7 @@
norestored = 1 norestored = 1
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = printf %%b "Hi,\n actionstart = printf %%b "Hi,\n
@ -19,7 +19,7 @@ actionstart = printf %%b "Hi,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = printf %%b "Hi,\n actionstop = printf %%b "Hi,\n

4
config/action.d/mynetwatchman.conf
View File

@ -28,13 +28,13 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = actionstop =

4
config/action.d/nftables-common.conf
View File

@ -25,7 +25,7 @@ after = nftables-common.local
nftables_mode = <protocol> dport \{ <port> \} nftables_mode = <protocol> dport \{ <port> \}
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = <nftables> add set <nftables_family> <nftables_table> <set_name> \{ type <nftables_type>\; \} actionstart = <nftables> add set <nftables_family> <nftables_table> <set_name> \{ type <nftables_type>\; \}
@ -35,7 +35,7 @@ _nft_list = <nftables> --handle --numeric list chain <nftables_family> <nftables
_nft_get_handle_id = grep -m1 '<address_family> saddr @<set_name> <blocktype> # handle' | grep -oe ' handle [0-9]*' _nft_get_handle_id = grep -m1 '<address_family> saddr @<set_name> <blocktype> # handle' | grep -oe ' handle [0-9]*'
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = HANDLE_ID=$(%(_nft_list)s | %(_nft_get_handle_id)s) actionstop = HANDLE_ID=$(%(_nft_list)s | %(_nft_get_handle_id)s)

4
config/action.d/npf.conf
View File

@ -9,7 +9,7 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
# we don't enable NPF automatically, as it will be enabled elsewhere # we don't enable NPF automatically, as it will be enabled elsewhere
@ -17,7 +17,7 @@ actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
# we don't disable NPF automatically either # we don't disable NPF automatically either

4
config/action.d/nsupdate.conf
View File

@ -42,14 +42,14 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = actionstop =

4
config/action.d/osx-ipfw.conf
View File

@ -9,14 +9,14 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = actionstop =

4
config/action.d/pf.conf
View File

@ -10,7 +10,7 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
# we don't enable PF automatically; to enable run pfctl -e # we don't enable PF automatically; to enable run pfctl -e
@ -35,7 +35,7 @@ actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f-
actionstart_on_demand = false actionstart_on_demand = false
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
# we only disable PF rules we've installed prior # we only disable PF rules we've installed prior

4
config/action.d/sendmail-buffered.conf
View File

@ -14,7 +14,7 @@ before = sendmail-common.conf
norestored = 1 norestored = 1
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname> actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
@ -27,7 +27,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = if [ -f <tmpfile> ]; then actionstop = if [ -f <tmpfile> ]; then

4
config/action.d/sendmail-common.conf
View File

@ -11,7 +11,7 @@ after = sendmail-common.local
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname> actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
@ -24,7 +24,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname> actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname>

4
config/action.d/shorewall-ipset-proto6.conf
View File

@ -47,7 +47,7 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null; actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null;
@ -55,7 +55,7 @@ actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null;
fi fi
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = ipset flush f2b-<name> actionstop = ipset flush f2b-<name>

4
config/action.d/shorewall.conf
View File

@ -17,13 +17,13 @@
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = actionstop =

4
config/action.d/symbiosis-blacklist-allports.conf
View File

@ -10,13 +10,13 @@ before = iptables-common.conf
[Definition] [Definition]
# Option: actionstart # Option: actionstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD # Values: CMD
# #
actionstart = actionstart =
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD # Values: CMD
# #
actionstop = actionstop =

4
fail2ban/client/fail2banclient.py
View File

@ -69,7 +69,7 @@ class Fail2banClient(Fail2banCmdLine, Thread):
# Print a new line because we probably come from wait # Print a new line because we probably come from wait
output("") output("")
logSys.warning("Caught signal %d. Exiting" % signum) logSys.warning("Caught signal %d. Exiting" % signum)
exit(-1) exit(255)
def __ping(self, timeout=0.1): def __ping(self, timeout=0.1):
return self.__processCmd([["ping"] + ([timeout] if timeout != -1 else [])], return self.__processCmd([["ping"] + ([timeout] if timeout != -1 else [])],
@ -500,5 +500,5 @@ def exec_command_line(argv):
if client.start(argv): if client.start(argv):
exit(0) exit(0)
else: else:
exit(-1) exit(255)

4
fail2ban/client/fail2banregex.py
View File

@ -668,7 +668,7 @@ def exec_command_line(*args):
if errors: if errors:
sys.stderr.write("\n".join(errors) + "\n\n") sys.stderr.write("\n".join(errors) + "\n\n")
parser.print_help() parser.print_help()
sys.exit(-1) sys.exit(255)
output( "" ) output( "" )
output( "Running tests" ) output( "Running tests" )
@ -696,4 +696,4 @@ def exec_command_line(*args):
fail2banRegex = Fail2banRegex(opts) fail2banRegex = Fail2banRegex(opts)
if not fail2banRegex.start(args): if not fail2banRegex.start(args):
sys.exit(-1) sys.exit(255)

6
fail2ban/client/fail2banserver.py
View File

@ -212,7 +212,7 @@ class Fail2banServer(Fail2banCmdLine):
if not phase.get('done', False): if not phase.get('done', False):
if server: # pragma: no cover if server: # pragma: no cover
server.quit() server.quit()
exit(-1) exit(255)
if background: if background:
logSys.debug('Starting server done') logSys.debug('Starting server done')
@ -223,7 +223,7 @@ class Fail2banServer(Fail2banCmdLine):
logSys.error(e) logSys.error(e)
if server: # pragma: no cover if server: # pragma: no cover
server.quit() server.quit()
exit(-1) exit(255)
return True return True
@ -238,4 +238,4 @@ def exec_command_line(argv):
if server.start(argv): if server.start(argv):
exit(0) exit(0)
else: else:
exit(-1) exit(255)

2
fail2ban/server/transmitter.py
View File

@ -116,7 +116,7 @@ class Transmitter:
elif command[0] == "echo": elif command[0] == "echo":
return command[1:] return command[1:]
elif command[0] == "server-status": elif command[0] == "server-status":
logSys.debug("Server ready") logSys.debug("Status: ready")
return "Server ready" return "Server ready"
elif command[0] == "sleep": elif command[0] == "sleep":
value = command[1] value = command[1]

4
fail2ban/tests/fail2banclienttestcase.py
View File

@ -612,7 +612,7 @@ class Fail2banClientTest(Fail2banClientServerBase):
# test reload missing jail (direct): # test reload missing jail (direct):
self.execCmd(FAILED, startparams, "reload", "~~unknown~jail~fail~~") self.execCmd(FAILED, startparams, "reload", "~~unknown~jail~fail~~")
self.assertLogged("Failed during configuration: No section: '~~unknown~jail~fail~~'") self.assertLogged("Failed during configuration: No section: '~~unknown~jail~fail~~'")
self.assertLogged("Exit with code -1") self.assertLogged("Exit with code 255")
self.pruneLog() self.pruneLog()
finally: finally:
self.pruneLog() self.pruneLog()
@ -836,7 +836,7 @@ class Fail2banServerTest(Fail2banClientServerBase):
"norestored = %(_exec_once)s", "norestored = %(_exec_once)s",
"restore = ", "restore = ",
"info = ", "info = ",
"_use_flush_ = echo [<name>] <actname>: -- flushing IPs", "_use_flush_ = echo '[%(name)s] %(actname)s: -- flushing IPs'",
"actionstart = echo '[%(name)s] %(actname)s: ** start'", start, "actionstart = echo '[%(name)s] %(actname)s: ** start'", start,
"actionreload = echo '[%(name)s] %(actname)s: .. reload'", reload, "actionreload = echo '[%(name)s] %(actname)s: .. reload'", reload,
"actionban = echo '[%(name)s] %(actname)s: ++ ban <ip> %(restore)s%(info)s'", ban, "actionban = echo '[%(name)s] %(actname)s: ++ ban <ip> %(restore)s%(info)s'", ban,

15
files/debian-initd
View File

@ -180,10 +180,17 @@ do_reload() {
# #
log_end_msg_wrapper() log_end_msg_wrapper()
{ {
if [ $1 != 0 ] && [ $1 != $2 ]; then
value=1
else
value=0
fi
if [ "$3" != "no" ]; then if [ "$3" != "no" ]; then
[ $1 -lt $2 ] && value=0 || value=1
log_end_msg $value log_end_msg $value
fi fi
if [ $value != "0" ]; then
exit $1
fi
} }
command="$1" command="$1"
@ -191,13 +198,13 @@ case "$command" in
start|force-start) start|force-start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start "$command" do_start "$command"
log_end_msg_wrapper $? 2 "$VERBOSE" log_end_msg_wrapper $? 255 "$VERBOSE"
;; ;;
stop) stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop do_stop
log_end_msg_wrapper $? 2 "$VERBOSE" log_end_msg_wrapper $? 255 "$VERBOSE"
;; ;;
restart|force-reload) restart|force-reload)
@ -206,7 +213,7 @@ case "$command" in
case "$?" in case "$?" in
0|1) 0|1)
do_start do_start
log_end_msg_wrapper $? 1 "always" log_end_msg_wrapper $? 0 "always"
;; ;;
*) *)
# Failed to stop # Failed to stop