Merge pull request #176 from kwirk/guacamole

Guacamole filter and Apache Tomcat date format
12 years ago · 8af32ed547
parent 5aef036f54 4d80fad874
commit 8af32ed547
5 changed files with 41 additions and 0 deletions
--- a/config/filter.d/guacamole.conf
+++ b/config/filter.d/guacamole.conf
@ -0,0 +1,18 @@
 # Fail2Ban configuration file for guacamole
 #
 # Author: Steven Hiscocks
 #
 [Definition]
 # Option: failregex
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT
 #
 failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" failed\.$
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex = 
--- a/config/jail.conf
+++ b/config/jail.conf
@ -357,6 +357,16 @@ action   = iptables[name=mysql, port=3306, protocol=tcp]
 logpath  = /var/log/mysqld.log
 maxretry = 5
 [guacamole-iptables]
 enabled  = false
 filter   = guacamole
 action   = iptables-multiport[name=Guacmole, port="http,https"]
           sendmail-whois[name=Guacamole, dest=root, sender=fail2ban@example.com]
 logpath  = /var/log/tomcat*/catalina.out
 maxretry = 5
 maxlines = 2
 # Jail for more extended banning of persistent abusers
 # !!! WARNING !!!
--- a/fail2ban/server/datedetector.py
+++ b/fail2ban/server/datedetector.py
@ -161,6 +161,12 @@ class DateDetector:
 			template.setRegex("^\d{2}\d{2}\d{2} +\d{1,2}:\d{2}:\d{2}")
 			template.setPattern("%y%m%d %H:%M:%S")
 			self._appendTemplate(template)
 			# Apache Tomcat
 			template = DateStrptime()
 			template.setName("MONTH Day, Year 12hour:Minute:Second AM/PM")
 			template.setRegex("\S{3}\s{1,2}\d{1,2}, \d{4} \d{1,2}:\d{2}:\d{2} [AP]M")
 			template.setPattern("%b %d, %Y %I:%M:%S %p")
 			self._appendTemplate(template)
 		finally:
 			self.__lock.release()
--- a/fail2ban/tests/datedetectortestcase.py
+++ b/fail2ban/tests/datedetectortestcase.py
@ -86,6 +86,7 @@ class DateDetectorTest(unittest.TestCase):
 			"2005-01-23T21:59:59-05:00Z", #ISO 8601 with TZ
 			"<01/23/05@21:59:59>",
 			"050123 21:59:59", # MySQL
 			"Jan 23, 2005 9:59:59 PM", # Apache Tomcat
 			):
 			log = sdate + "[sshd] error: PAM: Authentication failure"
 			# exclude
--- a/fail2ban/tests/files/logs/guacamole
+++ b/fail2ban/tests/files/logs/guacamole
@ -0,0 +1,6 @@
 apr 15, 2013 8:34:08 PM org.slf4j.impl.JCLLoggerAdapter warn
 WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
 apr 16, 2013 8:32:13 AM org.slf4j.impl.JCLLoggerAdapter warn
 WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
 apr 16, 2013 8:32:28 AM org.slf4j.impl.JCLLoggerAdapter warn
 WARNING: Authentication attempt from 192.0.2.0 for user "pippo" failed.