- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request #1283304

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@458 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.x
Cyril Jaquier 2006-11-12 14:52:36 +00:00
parent 1f64fadb7d
commit 90359ba523
18 changed files with 154 additions and 27 deletions

View File

@ -14,6 +14,8 @@ ver. 0.7.5 (2006/??/??) - ???
- The supported tags in "action(un)ban" are <ip>, <failures>
and <time>
- Fixed refactoring bug (getLastcommand -> getLastAction)
- Added option "ignoreregex" in filter scripts and jail.conf.
Feature Request #1283304
ver. 0.7.4 (2006/11/01) - beta
----------

View File

@ -69,6 +69,7 @@ class ConfigReader(SafeConfigParser):
# 0 -> the type of the option
# 1 -> the name of the option
# 2 -> the default value for the option
def getOptions(self, sec, options, pOptions = None):
values = dict()
for option in options:
@ -88,7 +89,8 @@ class ConfigReader(SafeConfigParser):
values[option[1]] = option[2]
except NoOptionError:
if not option[2] == None:
logSys.warn("No '" + option[1] + "' defined in '" + sec + "'")
logSys.warn("'%s' not defined in '%s'. Using default value"
% (option[1], sec))
values[option[1]] = option[2]
except ValueError:
logSys.warn("Wrong value for '" + option[1] + "' in '" + sec +

View File

@ -55,6 +55,7 @@ class FilterReader(ConfigReader):
def getOptions(self, pOpts):
opts = [["string", "timeregex", None],
["string", "timepattern", None],
["string", "ignoreregex", ""],
["string", "failregex", ""]]
self.__opts = ConfigReader.getOptions(self, "Definition", opts, pOpts)
@ -66,6 +67,8 @@ class FilterReader(ConfigReader):
elif opt == "timepattern":
stream.append(["set", self.__name, "timepattern", self.__opts[opt]])
elif opt == "failregex":
stream.append(["set", self.__name, "failregex", self.__opts[opt]])
stream.append(["set", self.__name, "failregex", self.__opts[opt]])
elif opt == "ignoreregex":
stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])
return stream

View File

@ -62,6 +62,8 @@ class JailReader(ConfigReader):
["int", "maxretry", 3],
["int", "maxtime", 600],
["int", "bantime", 600],
["string", "failregex", None],
["string", "ignoreregex", None],
["string", "ignoreip", None],
["string", "filter", ""],
["string", "action", ""]]
@ -115,6 +117,10 @@ class JailReader(ConfigReader):
stream.append(["set", self.__name, "maxtime", self.__opts[opt]])
elif opt == "bantime":
stream.append(["set", self.__name, "bantime", self.__opts[opt]])
elif opt == "failregex":
stream.append(["set", self.__name, "failregex", self.__opts[opt]])
elif opt == "ignoreregex":
stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])
stream.extend(self.__filter.convert())
for action in self.__actions:
stream.extend(action.convert())

View File

@ -12,3 +12,9 @@
# Values: TEXT
#
failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = user: myusername

View File

@ -12,3 +12,9 @@
# Values: TEXT
#
failregex = [[]client (?P<host>\S*)[]] File does not exist: .*(\.php|\.asp)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = user: myusername

View File

@ -13,3 +13,9 @@
# Values: TEXT
#
failregex = LOGIN FAILED, ip=\[::ffff:(?P<host>\S*)\]$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = user: myusername

View File

@ -12,3 +12,9 @@
# Values: TEXT
#
failregex = error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = user: myusername

View File

@ -12,3 +12,9 @@
# Values: TEXT
#
failregex = reject: RCPT from (.*)\[(?P<host>\S*)\]: 554
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = user: myusername

View File

@ -12,3 +12,9 @@
# Values: TEXT
#
failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = user: myusername

View File

@ -12,3 +12,9 @@
# Values: TEXT
#
failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )(?P<host>\S*)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = user: myusername

View File

@ -12,3 +12,9 @@
# Values: TEXT
#
failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = user: myusername

View File

@ -13,3 +13,8 @@
#
failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = user: myusername

View File

@ -12,3 +12,9 @@
# Values: TEXT
#
failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S*)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = user: myusername

View File

@ -66,15 +66,17 @@ action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/sshd.log
maxretry = 5
# Here we use TCP-Wrappers instead of Netfilter/Iptables.
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
# used to avoid banning the user "myuser".
[ssh-tcpwrapper]
enabled = false
filter = sshd
action = hostsdeny
mail-whois[name=SSH, dest=yourmail@mail.com]
logpath = /var/log/sshd.log
enabled = false
filter = sshd
action = hostsdeny
mail-whois[name=SSH, dest=yourmail@mail.com]
ignoreregex = for myuser from
logpath = /var/log/sshd.log
# This jail demonstrates the use of wildcards in "logpath".
# Moreover, it is possible to give other files on a new line.

View File

@ -64,6 +64,9 @@ class Filter(JailThread):
## The regular expression matching the failure.
self.__failRegex = ''
self.__failRegexObj = None
## The regular expression with expression to ignore.
self.__ignoreRegex = ''
self.__ignoreRegexObj = None
## The amount of time to look back.
self.__findTime = 6000
## The ignore IP list.
@ -163,7 +166,10 @@ class Filter(JailThread):
def setFailRegex(self, value):
try:
self.__failRegexObj = re.compile(value)
if value.lstrip() == '':
self.__failRegexObj = None
else:
self.__failRegexObj = re.compile(value)
self.__failRegex = value
logSys.info("Set failregex = %s" % value)
except sre_constants.error:
@ -177,6 +183,32 @@ class Filter(JailThread):
def getFailRegex(self):
return self.__failRegex
##
# Set the regular expression which matches the failure.
#
# The regular expression can also match any other pattern than failures
# and thus can be used for many purporse.
# @param value the regular expression
def setIgnoreRegex(self, value):
try:
if value.lstrip() == '':
self.__ignoreRegexObj = None
else:
self.__ignoreRegexObj = re.compile(value)
self.__ignoreRegex = value
logSys.info("Set ignoreregex = %s" % value)
except sre_constants.error:
logSys.error("Unable to compile regular expression " + value)
##
# Get the regular expression which matches the failure.
#
# @return the regular expression
def getIgnoreRegex(self):
return self.__ignoreRegex
##
# Set the time needed to find a failure.
#
@ -393,26 +425,35 @@ class Filter(JailThread):
def findFailure(self, line):
failList = list()
# Checks if failregex is defined.
if self.__failRegexObj == None:
logSys.error("No failregex is set")
else:
match = self.__failRegexObj.search(line)
return failList
# Checks if ignoreregex is defined.
if not self.__ignoreRegexObj == None:
match = self.__ignoreRegexObj.search(line)
if match:
date = self.dateDetector.getUnixTime(match.string)
if date == None:
logSys.debug("Found a match but no valid date/time found "
+ "for " + match.string + ". Please contact "
+ "the author in order to get support for "
+ "this format")
else:
try:
ipMatch = DNSUtils.textToIp(match.group("host"))
if ipMatch:
for ip in ipMatch:
failList.append([ip, date])
except IndexError:
logSys.error("There is no 'host' group in the rule. " +
"Please correct your configuration.")
# The ignoreregex matched. Return.
logSys.debug("Ignoring this line")
return failList
match = self.__failRegexObj.search(line)
if match:
# The failregex matched.
date = self.dateDetector.getUnixTime(match.string)
if date == None:
logSys.debug("Found a match but no valid date/time found "
+ "for " + match.string + ". Please contact "
+ "the author in order to get support for "
+ "this format")
else:
try:
ipMatch = DNSUtils.textToIp(match.group("host"))
if ipMatch:
for ip in ipMatch:
failList.append([ip, date])
except IndexError:
logSys.error("There is no 'host' group in the rule. " +
"Please correct your configuration.")
return failList
@ -424,7 +465,7 @@ class Filter(JailThread):
# @return a list with tuple
def status(self):
ret = [("Currently failed", self.failManager.size()),
ret = [("Currently failed", self.failManager.size()),
("Total failed", self.failManager.getFailTotal())]
return ret

View File

@ -171,6 +171,12 @@ class Server:
def getFailRegex(self, name):
return self.__jails.getFilter(name).getFailRegex()
def setIgnoreRegex(self, name, value):
self.__jails.getFilter(name).setIgnoreRegex(value)
def getIgnoreRegex(self, name):
return self.__jails.getFilter(name).getIgnoreRegex()
def setMaxRetry(self, name, value):
self.__jails.getFilter(name).setMaxRetry(value)

View File

@ -147,6 +147,10 @@ class Transmitter:
value = command[2]
self.__server.setFailRegex(name, value)
return self.__server.getFailRegex(name)
elif command[1] == "ignoreregex":
value = command[2]
self.__server.setIgnoreRegex(name, value)
return self.__server.getIgnoreRegex(name)
elif command[1] == "maxtime":
value = command[2]
self.__server.setMaxTime(name, int(value))
@ -227,6 +231,8 @@ class Transmitter:
return self.__server.getTimePattern(name)
elif command[1] == "failregex":
return self.__server.getFailRegex(name)
elif command[1] == "ignoreregex":
return self.__server.getIgnoreRegex(name)
elif command[1] == "maxtime":
return self.__server.getMaxTime(name)
elif command[1] == "findtime":