mirror of https://github.com/fail2ban/fail2ban
- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request #1283304
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@458 a942ae1a-1317-0410-a47c-b1dcaea8d6050.x
parent
1f64fadb7d
commit
90359ba523
|
@ -14,6 +14,8 @@ ver. 0.7.5 (2006/??/??) - ???
|
|||
- The supported tags in "action(un)ban" are <ip>, <failures>
|
||||
and <time>
|
||||
- Fixed refactoring bug (getLastcommand -> getLastAction)
|
||||
- Added option "ignoreregex" in filter scripts and jail.conf.
|
||||
Feature Request #1283304
|
||||
|
||||
ver. 0.7.4 (2006/11/01) - beta
|
||||
----------
|
||||
|
|
|
@ -69,6 +69,7 @@ class ConfigReader(SafeConfigParser):
|
|||
# 0 -> the type of the option
|
||||
# 1 -> the name of the option
|
||||
# 2 -> the default value for the option
|
||||
|
||||
def getOptions(self, sec, options, pOptions = None):
|
||||
values = dict()
|
||||
for option in options:
|
||||
|
@ -88,7 +89,8 @@ class ConfigReader(SafeConfigParser):
|
|||
values[option[1]] = option[2]
|
||||
except NoOptionError:
|
||||
if not option[2] == None:
|
||||
logSys.warn("No '" + option[1] + "' defined in '" + sec + "'")
|
||||
logSys.warn("'%s' not defined in '%s'. Using default value"
|
||||
% (option[1], sec))
|
||||
values[option[1]] = option[2]
|
||||
except ValueError:
|
||||
logSys.warn("Wrong value for '" + option[1] + "' in '" + sec +
|
||||
|
|
|
@ -55,6 +55,7 @@ class FilterReader(ConfigReader):
|
|||
def getOptions(self, pOpts):
|
||||
opts = [["string", "timeregex", None],
|
||||
["string", "timepattern", None],
|
||||
["string", "ignoreregex", ""],
|
||||
["string", "failregex", ""]]
|
||||
self.__opts = ConfigReader.getOptions(self, "Definition", opts, pOpts)
|
||||
|
||||
|
@ -66,6 +67,8 @@ class FilterReader(ConfigReader):
|
|||
elif opt == "timepattern":
|
||||
stream.append(["set", self.__name, "timepattern", self.__opts[opt]])
|
||||
elif opt == "failregex":
|
||||
stream.append(["set", self.__name, "failregex", self.__opts[opt]])
|
||||
stream.append(["set", self.__name, "failregex", self.__opts[opt]])
|
||||
elif opt == "ignoreregex":
|
||||
stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])
|
||||
return stream
|
||||
|
|
@ -62,6 +62,8 @@ class JailReader(ConfigReader):
|
|||
["int", "maxretry", 3],
|
||||
["int", "maxtime", 600],
|
||||
["int", "bantime", 600],
|
||||
["string", "failregex", None],
|
||||
["string", "ignoreregex", None],
|
||||
["string", "ignoreip", None],
|
||||
["string", "filter", ""],
|
||||
["string", "action", ""]]
|
||||
|
@ -115,6 +117,10 @@ class JailReader(ConfigReader):
|
|||
stream.append(["set", self.__name, "maxtime", self.__opts[opt]])
|
||||
elif opt == "bantime":
|
||||
stream.append(["set", self.__name, "bantime", self.__opts[opt]])
|
||||
elif opt == "failregex":
|
||||
stream.append(["set", self.__name, "failregex", self.__opts[opt]])
|
||||
elif opt == "ignoreregex":
|
||||
stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])
|
||||
stream.extend(self.__filter.convert())
|
||||
for action in self.__actions:
|
||||
stream.extend(action.convert())
|
||||
|
|
|
@ -12,3 +12,9 @@
|
|||
# Values: TEXT
|
||||
#
|
||||
failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
#ignoreregex = user: myusername
|
||||
|
|
|
@ -12,3 +12,9 @@
|
|||
# Values: TEXT
|
||||
#
|
||||
failregex = [[]client (?P<host>\S*)[]] File does not exist: .*(\.php|\.asp)
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
#ignoreregex = user: myusername
|
||||
|
|
|
@ -13,3 +13,9 @@
|
|||
# Values: TEXT
|
||||
#
|
||||
failregex = LOGIN FAILED, ip=\[::ffff:(?P<host>\S*)\]$
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
#ignoreregex = user: myusername
|
||||
|
|
|
@ -12,3 +12,9 @@
|
|||
# Values: TEXT
|
||||
#
|
||||
failregex = error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
#ignoreregex = user: myusername
|
||||
|
|
|
@ -12,3 +12,9 @@
|
|||
# Values: TEXT
|
||||
#
|
||||
failregex = reject: RCPT from (.*)\[(?P<host>\S*)\]: 554
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
#ignoreregex = user: myusername
|
||||
|
|
|
@ -12,3 +12,9 @@
|
|||
# Values: TEXT
|
||||
#
|
||||
failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
#ignoreregex = user: myusername
|
||||
|
|
|
@ -12,3 +12,9 @@
|
|||
# Values: TEXT
|
||||
#
|
||||
failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )(?P<host>\S*)
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
#ignoreregex = user: myusername
|
||||
|
|
|
@ -12,3 +12,9 @@
|
|||
# Values: TEXT
|
||||
#
|
||||
failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
#ignoreregex = user: myusername
|
||||
|
|
|
@ -13,3 +13,8 @@
|
|||
#
|
||||
failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
#ignoreregex = user: myusername
|
||||
|
|
|
@ -12,3 +12,9 @@
|
|||
# Values: TEXT
|
||||
#
|
||||
failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S*)
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
#ignoreregex = user: myusername
|
||||
|
|
|
@ -66,15 +66,17 @@ action = iptables[name=SSH, port=ssh, protocol=tcp]
|
|||
logpath = /var/log/sshd.log
|
||||
maxretry = 5
|
||||
|
||||
# Here we use TCP-Wrappers instead of Netfilter/Iptables.
|
||||
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
|
||||
# used to avoid banning the user "myuser".
|
||||
|
||||
[ssh-tcpwrapper]
|
||||
|
||||
enabled = false
|
||||
filter = sshd
|
||||
action = hostsdeny
|
||||
mail-whois[name=SSH, dest=yourmail@mail.com]
|
||||
logpath = /var/log/sshd.log
|
||||
enabled = false
|
||||
filter = sshd
|
||||
action = hostsdeny
|
||||
mail-whois[name=SSH, dest=yourmail@mail.com]
|
||||
ignoreregex = for myuser from
|
||||
logpath = /var/log/sshd.log
|
||||
|
||||
# This jail demonstrates the use of wildcards in "logpath".
|
||||
# Moreover, it is possible to give other files on a new line.
|
||||
|
|
|
@ -64,6 +64,9 @@ class Filter(JailThread):
|
|||
## The regular expression matching the failure.
|
||||
self.__failRegex = ''
|
||||
self.__failRegexObj = None
|
||||
## The regular expression with expression to ignore.
|
||||
self.__ignoreRegex = ''
|
||||
self.__ignoreRegexObj = None
|
||||
## The amount of time to look back.
|
||||
self.__findTime = 6000
|
||||
## The ignore IP list.
|
||||
|
@ -163,7 +166,10 @@ class Filter(JailThread):
|
|||
|
||||
def setFailRegex(self, value):
|
||||
try:
|
||||
self.__failRegexObj = re.compile(value)
|
||||
if value.lstrip() == '':
|
||||
self.__failRegexObj = None
|
||||
else:
|
||||
self.__failRegexObj = re.compile(value)
|
||||
self.__failRegex = value
|
||||
logSys.info("Set failregex = %s" % value)
|
||||
except sre_constants.error:
|
||||
|
@ -177,6 +183,32 @@ class Filter(JailThread):
|
|||
def getFailRegex(self):
|
||||
return self.__failRegex
|
||||
|
||||
##
|
||||
# Set the regular expression which matches the failure.
|
||||
#
|
||||
# The regular expression can also match any other pattern than failures
|
||||
# and thus can be used for many purporse.
|
||||
# @param value the regular expression
|
||||
|
||||
def setIgnoreRegex(self, value):
|
||||
try:
|
||||
if value.lstrip() == '':
|
||||
self.__ignoreRegexObj = None
|
||||
else:
|
||||
self.__ignoreRegexObj = re.compile(value)
|
||||
self.__ignoreRegex = value
|
||||
logSys.info("Set ignoreregex = %s" % value)
|
||||
except sre_constants.error:
|
||||
logSys.error("Unable to compile regular expression " + value)
|
||||
|
||||
##
|
||||
# Get the regular expression which matches the failure.
|
||||
#
|
||||
# @return the regular expression
|
||||
|
||||
def getIgnoreRegex(self):
|
||||
return self.__ignoreRegex
|
||||
|
||||
##
|
||||
# Set the time needed to find a failure.
|
||||
#
|
||||
|
@ -393,26 +425,35 @@ class Filter(JailThread):
|
|||
|
||||
def findFailure(self, line):
|
||||
failList = list()
|
||||
# Checks if failregex is defined.
|
||||
if self.__failRegexObj == None:
|
||||
logSys.error("No failregex is set")
|
||||
else:
|
||||
match = self.__failRegexObj.search(line)
|
||||
return failList
|
||||
# Checks if ignoreregex is defined.
|
||||
if not self.__ignoreRegexObj == None:
|
||||
match = self.__ignoreRegexObj.search(line)
|
||||
if match:
|
||||
date = self.dateDetector.getUnixTime(match.string)
|
||||
if date == None:
|
||||
logSys.debug("Found a match but no valid date/time found "
|
||||
+ "for " + match.string + ". Please contact "
|
||||
+ "the author in order to get support for "
|
||||
+ "this format")
|
||||
else:
|
||||
try:
|
||||
ipMatch = DNSUtils.textToIp(match.group("host"))
|
||||
if ipMatch:
|
||||
for ip in ipMatch:
|
||||
failList.append([ip, date])
|
||||
except IndexError:
|
||||
logSys.error("There is no 'host' group in the rule. " +
|
||||
"Please correct your configuration.")
|
||||
# The ignoreregex matched. Return.
|
||||
logSys.debug("Ignoring this line")
|
||||
return failList
|
||||
match = self.__failRegexObj.search(line)
|
||||
if match:
|
||||
# The failregex matched.
|
||||
date = self.dateDetector.getUnixTime(match.string)
|
||||
if date == None:
|
||||
logSys.debug("Found a match but no valid date/time found "
|
||||
+ "for " + match.string + ". Please contact "
|
||||
+ "the author in order to get support for "
|
||||
+ "this format")
|
||||
else:
|
||||
try:
|
||||
ipMatch = DNSUtils.textToIp(match.group("host"))
|
||||
if ipMatch:
|
||||
for ip in ipMatch:
|
||||
failList.append([ip, date])
|
||||
except IndexError:
|
||||
logSys.error("There is no 'host' group in the rule. " +
|
||||
"Please correct your configuration.")
|
||||
return failList
|
||||
|
||||
|
||||
|
@ -424,7 +465,7 @@ class Filter(JailThread):
|
|||
# @return a list with tuple
|
||||
|
||||
def status(self):
|
||||
ret = [("Currently failed", self.failManager.size()),
|
||||
ret = [("Currently failed", self.failManager.size()),
|
||||
("Total failed", self.failManager.getFailTotal())]
|
||||
return ret
|
||||
|
||||
|
|
|
@ -171,6 +171,12 @@ class Server:
|
|||
def getFailRegex(self, name):
|
||||
return self.__jails.getFilter(name).getFailRegex()
|
||||
|
||||
def setIgnoreRegex(self, name, value):
|
||||
self.__jails.getFilter(name).setIgnoreRegex(value)
|
||||
|
||||
def getIgnoreRegex(self, name):
|
||||
return self.__jails.getFilter(name).getIgnoreRegex()
|
||||
|
||||
def setMaxRetry(self, name, value):
|
||||
self.__jails.getFilter(name).setMaxRetry(value)
|
||||
|
||||
|
|
|
@ -147,6 +147,10 @@ class Transmitter:
|
|||
value = command[2]
|
||||
self.__server.setFailRegex(name, value)
|
||||
return self.__server.getFailRegex(name)
|
||||
elif command[1] == "ignoreregex":
|
||||
value = command[2]
|
||||
self.__server.setIgnoreRegex(name, value)
|
||||
return self.__server.getIgnoreRegex(name)
|
||||
elif command[1] == "maxtime":
|
||||
value = command[2]
|
||||
self.__server.setMaxTime(name, int(value))
|
||||
|
@ -227,6 +231,8 @@ class Transmitter:
|
|||
return self.__server.getTimePattern(name)
|
||||
elif command[1] == "failregex":
|
||||
return self.__server.getFailRegex(name)
|
||||
elif command[1] == "ignoreregex":
|
||||
return self.__server.getIgnoreRegex(name)
|
||||
elif command[1] == "maxtime":
|
||||
return self.__server.getMaxTime(name)
|
||||
elif command[1] == "findtime":
|
||||
|
|
Loading…
Reference in New Issue