Merge pull request #176 from kwirk/guacamole

Guacamole filter and Apache Tomcat date format
2013-04-16 17:44:28 -07:00 · 2013-04-16 17:44:28 -07:00 · 8af32ed547
parent 5aef036f54 4d80fad874
commit 8af32ed547
5 changed files with 41 additions and 0 deletions
--- a/config/filter.d/guacamole.conf
+++ b/config/filter.d/guacamole.conf
@ -0,0 +1,18 @@
+# Fail2Ban configuration file for guacamole
+#
+# Author: Steven Hiscocks
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT
+#
+failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" failed\.$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
--- a/config/jail.conf
+++ b/config/jail.conf
@ -357,6 +357,16 @@ action   = iptables[name=mysql, port=3306, protocol=tcp]
 logpath  = /var/log/mysqld.log
 maxretry = 5

+[guacamole-iptables]
+
+enabled  = false
+filter   = guacamole
+action   = iptables-multiport[name=Guacmole, port="http,https"]
+           sendmail-whois[name=Guacamole, dest=root, sender=fail2ban@example.com]
+logpath  = /var/log/tomcat*/catalina.out
+maxretry = 5
+maxlines = 2
+

 # Jail for more extended banning of persistent abusers
 # !!! WARNING !!!
--- a/fail2ban/server/datedetector.py
+++ b/fail2ban/server/datedetector.py
@ -161,6 +161,12 @@ class DateDetector:
 			template.setRegex("^\d{2}\d{2}\d{2} +\d{1,2}:\d{2}:\d{2}")
 			template.setPattern("%y%m%d %H:%M:%S")
 			self._appendTemplate(template)
+			# Apache Tomcat
+			template = DateStrptime()
+			template.setName("MONTH Day, Year 12hour:Minute:Second AM/PM")
+			template.setRegex("\S{3}\s{1,2}\d{1,2}, \d{4} \d{1,2}:\d{2}:\d{2} [AP]M")
+			template.setPattern("%b %d, %Y %I:%M:%S %p")
+			self._appendTemplate(template)
 		finally:
 			self.__lock.release()
 	
--- a/fail2ban/tests/datedetectortestcase.py
+++ b/fail2ban/tests/datedetectortestcase.py
@ -86,6 +86,7 @@ class DateDetectorTest(unittest.TestCase):
 			"2005-01-23T21:59:59-05:00Z", #ISO 8601 with TZ
 			"<01/23/05@21:59:59>",
 			"050123 21:59:59", # MySQL
+			"Jan 23, 2005 9:59:59 PM", # Apache Tomcat
 			):
 			log = sdate + "[sshd] error: PAM: Authentication failure"
 			# exclude
--- a/fail2ban/tests/files/logs/guacamole
+++ b/fail2ban/tests/files/logs/guacamole
@ -0,0 +1,6 @@
+apr 15, 2013 8:34:08 PM org.slf4j.impl.JCLLoggerAdapter warn
+WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
+apr 16, 2013 8:32:13 AM org.slf4j.impl.JCLLoggerAdapter warn
+WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
+apr 16, 2013 8:32:28 AM org.slf4j.impl.JCLLoggerAdapter warn
+WARNING: Authentication attempt from 192.0.2.0 for user "pippo" failed.