github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #176 from kwirk/guacamole 

Guacamole filter and Apache Tomcat date format
pull/173/merge
Yaroslav Halchenko 2013-04-16 17:44:28 -07:00
parent 5aef036f54 4d80fad874
commit 8af32ed547
5 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
config/filter.d/guacamole.conf Normal file
View File

@ -0,0 +1,18 @@
# Fail2Ban configuration file for guacamole
#
# Author: Steven Hiscocks
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT
#
failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" failed\.$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

10
config/jail.conf
View File

@ -357,6 +357,16 @@ action = iptables[name=mysql, port=3306, protocol=tcp]
logpath = /var/log/mysqld.log logpath = /var/log/mysqld.log
maxretry = 5 maxretry = 5
[guacamole-iptables]
enabled = false
filter = guacamole
action = iptables-multiport[name=Guacmole, port="http,https"]
sendmail-whois[name=Guacamole, dest=root, sender=fail2ban@example.com]
logpath = /var/log/tomcat*/catalina.out
maxretry = 5
maxlines = 2
# Jail for more extended banning of persistent abusers # Jail for more extended banning of persistent abusers
# !!! WARNING !!! # !!! WARNING !!!

6
fail2ban/server/datedetector.py
View File

@ -161,6 +161,12 @@ class DateDetector:
template.setRegex("^\d{2}\d{2}\d{2} +\d{1,2}:\d{2}:\d{2}") template.setRegex("^\d{2}\d{2}\d{2} +\d{1,2}:\d{2}:\d{2}")
template.setPattern("%y%m%d %H:%M:%S") template.setPattern("%y%m%d %H:%M:%S")
self._appendTemplate(template) self._appendTemplate(template)
# Apache Tomcat
template = DateStrptime()
template.setName("MONTH Day, Year 12hour:Minute:Second AM/PM")
template.setRegex("\S{3}\s{1,2}\d{1,2}, \d{4} \d{1,2}:\d{2}:\d{2} [AP]M")
template.setPattern("%b %d, %Y %I:%M:%S %p")
self._appendTemplate(template)
finally: finally:
self.__lock.release() self.__lock.release()

1
fail2ban/tests/datedetectortestcase.py
View File

@ -86,6 +86,7 @@ class DateDetectorTest(unittest.TestCase):
"2005-01-23T21:59:59-05:00Z", #ISO 8601 with TZ "2005-01-23T21:59:59-05:00Z", #ISO 8601 with TZ
"<01/23/05@21:59:59>", "<01/23/05@21:59:59>",
"050123 21:59:59", # MySQL "050123 21:59:59", # MySQL
"Jan 23, 2005 9:59:59 PM", # Apache Tomcat
): ):
log = sdate + "[sshd] error: PAM: Authentication failure" log = sdate + "[sshd] error: PAM: Authentication failure"
# exclude # exclude

6
fail2ban/tests/files/logs/guacamole Normal file
View File

@ -0,0 +1,6 @@
apr 15, 2013 8:34:08 PM org.slf4j.impl.JCLLoggerAdapter warn
WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
apr 16, 2013 8:32:13 AM org.slf4j.impl.JCLLoggerAdapter warn
WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
apr 16, 2013 8:32:28 AM org.slf4j.impl.JCLLoggerAdapter warn
WARNING: Authentication attempt from 192.0.2.0 for user "pippo" failed.