github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch '0.10' into 0.11

pull/3242/head
sebres 2022-03-03 15:15:43 +01:00
parent 8ac49b5858 e2d50f38a6
commit 8c4d02403b
3 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fail2ban/client/fail2banregex.py
View File

@ -334,7 +334,7 @@ class Fail2banRegex(object):
fltFile = None fltFile = None
fltOpt = {} fltOpt = {}
if regextype == 'fail': if regextype == 'fail':
if re.search(r'^/{0,3}[\w/_\-.]+(?:\[.*\])?$', value): if re.search(r'^(?ms)/{0,3}[\w/_\-.]+(?:\[.*\])?$', value):
try: try:
fltName, fltOpt = extractOptions(value) fltName, fltOpt = extractOptions(value)
if "." in fltName[~5:]: if "." in fltName[~5:]:

2
fail2ban/server/filter.py
View File

@ -797,6 +797,8 @@ class Filter(JailThread):
# be sure we've correct current state ('nofail' and 'mlfgained' only from last failure) # be sure we've correct current state ('nofail' and 'mlfgained' only from last failure)
if mlfidGroups.pop('nofail', None): nfflgs |= 4 if mlfidGroups.pop('nofail', None): nfflgs |= 4
if mlfidGroups.pop('mlfgained', None): nfflgs |= 4 if mlfidGroups.pop('mlfgained', None): nfflgs |= 4
# gained resets all pending failures (retaining users to check it later)
if nfflgs & 8: mlfidGroups.pop('mlfpending', None)
# if we had no pending failures then clear the matches (they are already provided): # if we had no pending failures then clear the matches (they are already provided):
if (nfflgs & 4) == 0 and not mlfidGroups.get('mlfpending', 0): if (nfflgs & 4) == 0 and not mlfidGroups.get('mlfpending', 0):
mlfidGroups.pop("matches", None) mlfidGroups.pop("matches", None)

21
fail2ban/tests/fail2banregextestcase.py
View File

@ -457,6 +457,27 @@ class Fail2banRegexTest(LogCaptureTestCase):
'192.0.2.1, git, '+lines[-1], '192.0.2.1, git, '+lines[-1],
all=True) all=True)
def testOutputNoPendingFailuresAfterGained(self):
unittest.F2B.SkipIfCfgMissing(stock=True)
# connect finished without authorization must generate a failure, because
# connect started will produce pending failure which gets reset by gained
# connect authorized.
self.assertTrue(_test_exec('-o', 'failure from == <ip> ==',
'-c', CONFIG_DIR, '-d', '{NONE}',
'svc[1] connect started 192.0.2.3\n'
'svc[1] connect finished 192.0.2.3\n'
'svc[2] connect started 192.0.2.4\n'
'svc[2] connect authorized 192.0.2.4\n'
'svc[2] connect finished 192.0.2.4\n',
'common[prefregex="^svc\[<F-MLFID>\d+</F-MLFID>\] connect <F-CONTENT>.+</F-CONTENT>$"'
', failregex="'
'^started\n'
'^<F-NOFAIL><F-MLFFORGET>finished</F-MLFFORGET></F-NOFAIL> <ADDR>\n'
'^<F-MLFGAINED>authorized</F-MLFGAINED> <ADDR>'
'", maxlines=1]'
))
self.assertLogged('failure from == 192.0.2.3 ==')
self.assertNotLogged('failure from == 192.0.2.4 ==')
def testWrongFilterFile(self): def testWrongFilterFile(self):
# use test log as filter file to cover eror cases... # use test log as filter file to cover eror cases...