diff --git a/ChangeLog b/ChangeLog index e9b3d638..964cdd87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,7 +18,7 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better - allow for ",milliseconds" in the custom date format of proftpd.log - allow for ", referer ..." in apache-* filter for apache error logs. - allow for spaces at the beginning of kernel messages. Closes gh-448 - - recidive jail to block all protocols. Closes gh-440. Thanks Ioan Indreias + - recidive jail to block all protocols. Closes gh-440. Thanksg Ioan Indreias - smtps not a IANA standard and has been removed from Arch. Replaced with 465. Thanks Stefan. Closes gh-447 - mysqld-syslog-iptables rule was too long. Part of gh-447. @@ -35,6 +35,8 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better resolve syslog(-ng) parsing problems. Closes Debian bug #730202. - added squid filter. Thanks Roman Gelfand. - updated check_fail2ban to return performance data for all jails. + - filter apache-noscript now includes php cgi scripts. + Thanks dani. Closes gh-503 - New Features: diff --git a/THANKS b/THANKS index b9b86043..4dc2776f 100644 --- a/THANKS +++ b/THANKS @@ -26,6 +26,7 @@ Christoph Haas Christos Psonis Cyril Jaquier Daniel B. Cid +Daniel B. Daniel Black David Nutter Eric Gerbier @@ -48,6 +49,7 @@ Justin Shore Kévin Drapel kjohnsonecl kojiro +Lee Clemens Manuel Arostegui Ramirez Marcel Dopita Mark Edgington diff --git a/config/action.d/complain-pwhois.conf b/config/action.d/complain-pwhois.conf index cd631773..f0be2961 100644 --- a/config/action.d/complain-pwhois.conf +++ b/config/action.d/complain-pwhois.conf @@ -3,6 +3,7 @@ # Author: Russell Odom # # Pwhois modifications added by Robb Ballard +# See doc/README.pwhois for more information. # # Sends a complaint e-mail to addresses listed in the whois record for an # offending IP address. diff --git a/config/action.d/sendmail-pwhois-lines.conf b/config/action.d/sendmail-pwhois-lines.conf index f46e6859..132511f1 100644 --- a/config/action.d/sendmail-pwhois-lines.conf +++ b/config/action.d/sendmail-pwhois-lines.conf @@ -3,6 +3,7 @@ # Author: Cyril Jaquier # # Pwhois modifications added by Robb Ballard +# See doc/README.pwhois for more information. # # diff --git a/config/action.d/sendmail-pwhois.conf b/config/action.d/sendmail-pwhois.conf index 14f861d5..7532d6c7 100644 --- a/config/action.d/sendmail-pwhois.conf +++ b/config/action.d/sendmail-pwhois.conf @@ -3,6 +3,7 @@ # Author: Cyril Jaquier # # Pwhois modifications added by Robb Ballard +# See doc/README.pwhois for more information. # # diff --git a/config/filter.d/apache-noscript.conf b/config/filter.d/apache-noscript.conf index 7ea257b2..9a591ca3 100644 --- a/config/filter.d/apache-noscript.conf +++ b/config/filter.d/apache-noscript.conf @@ -9,8 +9,8 @@ before = apache-common.conf [Definition] -failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)(, referer: \S+)?\s*$ - ^%(_apache_error_client)s script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat(, referer: \S+)?\s*$ +failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)(, referer: \S+)?\s*$ + ^%(_apache_error_client)s script '/\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)\S*' not found or unable to stat(, referer: \S+)?\s*$ ignoreregex = diff --git a/fail2ban-testcases b/fail2ban-testcases index 21b8fda4..c1191d0e 100755 --- a/fail2ban-testcases +++ b/fail2ban-testcases @@ -177,6 +177,7 @@ if not opts.no_network: tests.addTest(unittest.makeSuite(filtertestcase.IgnoreIP)) tests.addTest(unittest.makeSuite(filtertestcase.BasicFilter)) tests.addTest(unittest.makeSuite(filtertestcase.LogFile)) +tests.addTest(unittest.makeSuite(filtertestcase.LogFileFilterPoll)) tests.addTest(unittest.makeSuite(filtertestcase.LogFileMonitor)) if not opts.no_network: tests.addTest(unittest.makeSuite(filtertestcase.GetFailures)) diff --git a/testcases/files/logs/apache-noscript b/testcases/files/logs/apache-noscript index 53e33baf..19fa408a 100644 --- a/testcases/files/logs/apache-noscript +++ b/testcases/files/logs/apache-noscript @@ -2,3 +2,14 @@ [Sun Jun 09 07:57:47 2013] [error] [client 192.0.43.10] script '/usr/lib/cgi-bin/gitweb.cgiwp-login.php' not found or unable to stat # failJSON: { "time": "2008-07-22T06:48:30", "match": true , "host": "198.51.100.86" } [Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] File does not exist: /home/southern/public_html/azenv.php + +# failJSON: { "time": "2008-07-22T06:48:30", "match": true , "host": "198.51.100.86" } +[Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] script not found or unable to stat: /home/e-smith/files/ibays/Primary/cgi-bin/php +# failJSON: { "time": "2008-07-22T06:48:30", "match": true , "host": "198.51.100.86" } +[Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] script not found or unable to stat: /home/e-smith/files/ibays/Primary/cgi-bin/php5 +# failJSON: { "time": "2008-07-22T06:48:30", "match": true , "host": "198.51.100.86" } +[Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] script not found or unable to stat: /home/e-smith/files/ibays/Primary/cgi-bin/php-cgi +# failJSON: { "time": "2008-07-22T06:48:30", "match": true , "host": "198.51.100.86" } +[Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] script not found or unable to stat: /home/e-smith/files/ibays/Primary/cgi-bin/php.cgi +# failJSON: { "time": "2008-07-22T06:48:30", "match": true , "host": "198.51.100.86" } +[Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] script not found or unable to stat: /home/e-smith/files/ibays/Primary/cgi-bin/php4 diff --git a/testcases/filtertestcase.py b/testcases/filtertestcase.py index 7b18c4bf..90f0f28a 100644 --- a/testcases/filtertestcase.py +++ b/testcases/filtertestcase.py @@ -215,15 +215,28 @@ class IgnoreIPDNS(IgnoreIP): self.assertFalse(self.filter.inIgnoreIPList("128.178.50.11")) self.assertFalse(self.filter.inIgnoreIPList("128.178.50.13")) +class LogFile(LogCaptureTestCase): -class LogFile(unittest.TestCase): + MISSING = 'testcases/missingLogFile' + + def setUp(self): + LogCaptureTestCase.setUp(self) + + def tearDown(self): + LogCaptureTestCase.tearDown(self) + + def testMissingLogFiles(self): + self.filter = FilterPoll(None) + self.assertRaises(IOError, self.filter.addLogPath, LogFile.MISSING) + +class LogFileFilterPoll(unittest.TestCase): FILENAME = "testcases/files/testcase01.log" def setUp(self): """Call before every test case.""" self.filter = FilterPoll(None) - self.filter.addLogPath(LogFile.FILENAME) + self.filter.addLogPath(LogFileFilterPoll.FILENAME) def tearDown(self): """Call after every test case.""" @@ -233,7 +246,8 @@ class LogFile(unittest.TestCase): # self.filter.openLogFile(LogFile.FILENAME) def testIsModified(self): - self.assertTrue(self.filter.isModified(LogFile.FILENAME)) + self.assertTrue(self.filter.isModified(LogFileFilterPoll.FILENAME)) + self.assertFalse(self.filter.isModified(LogFileFilterPoll.FILENAME)) class LogFileMonitor(LogCaptureTestCase): @@ -604,11 +618,11 @@ class GetFailures(unittest.TestCase): """Call after every test case.""" def testTail(self): - self.filter.addLogPath(LogFile.FILENAME, tail=True) + self.filter.addLogPath(GetFailures.FILENAME_01, tail=True) self.assertEqual(self.filter.getLogPath()[-1].getPos(), 1653) self.filter.getLogPath()[-1].close() self.assertEqual(self.filter.getLogPath()[-1].readline(), "") - self.filter.delLogPath(LogFile.FILENAME) + self.filter.delLogPath(GetFailures.FILENAME_01) self.assertEqual(self.filter.getLogPath(),[]) def testGetFailures01(self, filename=None, failures=None):