mirror of https://github.com/fail2ban/fail2ban
- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request #1283304
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@458 a942ae1a-1317-0410-a47c-b1dcaea8d6050.x
parent
1f64fadb7d
commit
90359ba523
|
@ -14,6 +14,8 @@ ver. 0.7.5 (2006/??/??) - ???
|
||||||
- The supported tags in "action(un)ban" are <ip>, <failures>
|
- The supported tags in "action(un)ban" are <ip>, <failures>
|
||||||
and <time>
|
and <time>
|
||||||
- Fixed refactoring bug (getLastcommand -> getLastAction)
|
- Fixed refactoring bug (getLastcommand -> getLastAction)
|
||||||
|
- Added option "ignoreregex" in filter scripts and jail.conf.
|
||||||
|
Feature Request #1283304
|
||||||
|
|
||||||
ver. 0.7.4 (2006/11/01) - beta
|
ver. 0.7.4 (2006/11/01) - beta
|
||||||
----------
|
----------
|
||||||
|
|
|
@ -69,6 +69,7 @@ class ConfigReader(SafeConfigParser):
|
||||||
# 0 -> the type of the option
|
# 0 -> the type of the option
|
||||||
# 1 -> the name of the option
|
# 1 -> the name of the option
|
||||||
# 2 -> the default value for the option
|
# 2 -> the default value for the option
|
||||||
|
|
||||||
def getOptions(self, sec, options, pOptions = None):
|
def getOptions(self, sec, options, pOptions = None):
|
||||||
values = dict()
|
values = dict()
|
||||||
for option in options:
|
for option in options:
|
||||||
|
@ -88,7 +89,8 @@ class ConfigReader(SafeConfigParser):
|
||||||
values[option[1]] = option[2]
|
values[option[1]] = option[2]
|
||||||
except NoOptionError:
|
except NoOptionError:
|
||||||
if not option[2] == None:
|
if not option[2] == None:
|
||||||
logSys.warn("No '" + option[1] + "' defined in '" + sec + "'")
|
logSys.warn("'%s' not defined in '%s'. Using default value"
|
||||||
|
% (option[1], sec))
|
||||||
values[option[1]] = option[2]
|
values[option[1]] = option[2]
|
||||||
except ValueError:
|
except ValueError:
|
||||||
logSys.warn("Wrong value for '" + option[1] + "' in '" + sec +
|
logSys.warn("Wrong value for '" + option[1] + "' in '" + sec +
|
||||||
|
|
|
@ -55,6 +55,7 @@ class FilterReader(ConfigReader):
|
||||||
def getOptions(self, pOpts):
|
def getOptions(self, pOpts):
|
||||||
opts = [["string", "timeregex", None],
|
opts = [["string", "timeregex", None],
|
||||||
["string", "timepattern", None],
|
["string", "timepattern", None],
|
||||||
|
["string", "ignoreregex", ""],
|
||||||
["string", "failregex", ""]]
|
["string", "failregex", ""]]
|
||||||
self.__opts = ConfigReader.getOptions(self, "Definition", opts, pOpts)
|
self.__opts = ConfigReader.getOptions(self, "Definition", opts, pOpts)
|
||||||
|
|
||||||
|
@ -67,5 +68,7 @@ class FilterReader(ConfigReader):
|
||||||
stream.append(["set", self.__name, "timepattern", self.__opts[opt]])
|
stream.append(["set", self.__name, "timepattern", self.__opts[opt]])
|
||||||
elif opt == "failregex":
|
elif opt == "failregex":
|
||||||
stream.append(["set", self.__name, "failregex", self.__opts[opt]])
|
stream.append(["set", self.__name, "failregex", self.__opts[opt]])
|
||||||
|
elif opt == "ignoreregex":
|
||||||
|
stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])
|
||||||
return stream
|
return stream
|
||||||
|
|
|
@ -62,6 +62,8 @@ class JailReader(ConfigReader):
|
||||||
["int", "maxretry", 3],
|
["int", "maxretry", 3],
|
||||||
["int", "maxtime", 600],
|
["int", "maxtime", 600],
|
||||||
["int", "bantime", 600],
|
["int", "bantime", 600],
|
||||||
|
["string", "failregex", None],
|
||||||
|
["string", "ignoreregex", None],
|
||||||
["string", "ignoreip", None],
|
["string", "ignoreip", None],
|
||||||
["string", "filter", ""],
|
["string", "filter", ""],
|
||||||
["string", "action", ""]]
|
["string", "action", ""]]
|
||||||
|
@ -115,6 +117,10 @@ class JailReader(ConfigReader):
|
||||||
stream.append(["set", self.__name, "maxtime", self.__opts[opt]])
|
stream.append(["set", self.__name, "maxtime", self.__opts[opt]])
|
||||||
elif opt == "bantime":
|
elif opt == "bantime":
|
||||||
stream.append(["set", self.__name, "bantime", self.__opts[opt]])
|
stream.append(["set", self.__name, "bantime", self.__opts[opt]])
|
||||||
|
elif opt == "failregex":
|
||||||
|
stream.append(["set", self.__name, "failregex", self.__opts[opt]])
|
||||||
|
elif opt == "ignoreregex":
|
||||||
|
stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])
|
||||||
stream.extend(self.__filter.convert())
|
stream.extend(self.__filter.convert())
|
||||||
for action in self.__actions:
|
for action in self.__actions:
|
||||||
stream.extend(action.convert())
|
stream.extend(action.convert())
|
||||||
|
|
|
@ -12,3 +12,9 @@
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
|
failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#ignoreregex = user: myusername
|
||||||
|
|
|
@ -12,3 +12,9 @@
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = [[]client (?P<host>\S*)[]] File does not exist: .*(\.php|\.asp)
|
failregex = [[]client (?P<host>\S*)[]] File does not exist: .*(\.php|\.asp)
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#ignoreregex = user: myusername
|
||||||
|
|
|
@ -13,3 +13,9 @@
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = LOGIN FAILED, ip=\[::ffff:(?P<host>\S*)\]$
|
failregex = LOGIN FAILED, ip=\[::ffff:(?P<host>\S*)\]$
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#ignoreregex = user: myusername
|
||||||
|
|
|
@ -12,3 +12,9 @@
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown
|
failregex = error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#ignoreregex = user: myusername
|
||||||
|
|
|
@ -12,3 +12,9 @@
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = reject: RCPT from (.*)\[(?P<host>\S*)\]: 554
|
failregex = reject: RCPT from (.*)\[(?P<host>\S*)\]: 554
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#ignoreregex = user: myusername
|
||||||
|
|
|
@ -12,3 +12,9 @@
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
|
failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#ignoreregex = user: myusername
|
||||||
|
|
|
@ -12,3 +12,9 @@
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )(?P<host>\S*)
|
failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )(?P<host>\S*)
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#ignoreregex = user: myusername
|
||||||
|
|
|
@ -12,3 +12,9 @@
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
|
failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#ignoreregex = user: myusername
|
||||||
|
|
|
@ -13,3 +13,8 @@
|
||||||
#
|
#
|
||||||
failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)
|
failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#ignoreregex = user: myusername
|
||||||
|
|
|
@ -12,3 +12,9 @@
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S*)
|
failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S*)
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#ignoreregex = user: myusername
|
||||||
|
|
|
@ -66,7 +66,8 @@ action = iptables[name=SSH, port=ssh, protocol=tcp]
|
||||||
logpath = /var/log/sshd.log
|
logpath = /var/log/sshd.log
|
||||||
maxretry = 5
|
maxretry = 5
|
||||||
|
|
||||||
# Here we use TCP-Wrappers instead of Netfilter/Iptables.
|
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
|
||||||
|
# used to avoid banning the user "myuser".
|
||||||
|
|
||||||
[ssh-tcpwrapper]
|
[ssh-tcpwrapper]
|
||||||
|
|
||||||
|
@ -74,6 +75,7 @@ enabled = false
|
||||||
filter = sshd
|
filter = sshd
|
||||||
action = hostsdeny
|
action = hostsdeny
|
||||||
mail-whois[name=SSH, dest=yourmail@mail.com]
|
mail-whois[name=SSH, dest=yourmail@mail.com]
|
||||||
|
ignoreregex = for myuser from
|
||||||
logpath = /var/log/sshd.log
|
logpath = /var/log/sshd.log
|
||||||
|
|
||||||
# This jail demonstrates the use of wildcards in "logpath".
|
# This jail demonstrates the use of wildcards in "logpath".
|
||||||
|
|
|
@ -64,6 +64,9 @@ class Filter(JailThread):
|
||||||
## The regular expression matching the failure.
|
## The regular expression matching the failure.
|
||||||
self.__failRegex = ''
|
self.__failRegex = ''
|
||||||
self.__failRegexObj = None
|
self.__failRegexObj = None
|
||||||
|
## The regular expression with expression to ignore.
|
||||||
|
self.__ignoreRegex = ''
|
||||||
|
self.__ignoreRegexObj = None
|
||||||
## The amount of time to look back.
|
## The amount of time to look back.
|
||||||
self.__findTime = 6000
|
self.__findTime = 6000
|
||||||
## The ignore IP list.
|
## The ignore IP list.
|
||||||
|
@ -163,6 +166,9 @@ class Filter(JailThread):
|
||||||
|
|
||||||
def setFailRegex(self, value):
|
def setFailRegex(self, value):
|
||||||
try:
|
try:
|
||||||
|
if value.lstrip() == '':
|
||||||
|
self.__failRegexObj = None
|
||||||
|
else:
|
||||||
self.__failRegexObj = re.compile(value)
|
self.__failRegexObj = re.compile(value)
|
||||||
self.__failRegex = value
|
self.__failRegex = value
|
||||||
logSys.info("Set failregex = %s" % value)
|
logSys.info("Set failregex = %s" % value)
|
||||||
|
@ -177,6 +183,32 @@ class Filter(JailThread):
|
||||||
def getFailRegex(self):
|
def getFailRegex(self):
|
||||||
return self.__failRegex
|
return self.__failRegex
|
||||||
|
|
||||||
|
##
|
||||||
|
# Set the regular expression which matches the failure.
|
||||||
|
#
|
||||||
|
# The regular expression can also match any other pattern than failures
|
||||||
|
# and thus can be used for many purporse.
|
||||||
|
# @param value the regular expression
|
||||||
|
|
||||||
|
def setIgnoreRegex(self, value):
|
||||||
|
try:
|
||||||
|
if value.lstrip() == '':
|
||||||
|
self.__ignoreRegexObj = None
|
||||||
|
else:
|
||||||
|
self.__ignoreRegexObj = re.compile(value)
|
||||||
|
self.__ignoreRegex = value
|
||||||
|
logSys.info("Set ignoreregex = %s" % value)
|
||||||
|
except sre_constants.error:
|
||||||
|
logSys.error("Unable to compile regular expression " + value)
|
||||||
|
|
||||||
|
##
|
||||||
|
# Get the regular expression which matches the failure.
|
||||||
|
#
|
||||||
|
# @return the regular expression
|
||||||
|
|
||||||
|
def getIgnoreRegex(self):
|
||||||
|
return self.__ignoreRegex
|
||||||
|
|
||||||
##
|
##
|
||||||
# Set the time needed to find a failure.
|
# Set the time needed to find a failure.
|
||||||
#
|
#
|
||||||
|
@ -393,11 +425,20 @@ class Filter(JailThread):
|
||||||
|
|
||||||
def findFailure(self, line):
|
def findFailure(self, line):
|
||||||
failList = list()
|
failList = list()
|
||||||
|
# Checks if failregex is defined.
|
||||||
if self.__failRegexObj == None:
|
if self.__failRegexObj == None:
|
||||||
logSys.error("No failregex is set")
|
logSys.error("No failregex is set")
|
||||||
else:
|
return failList
|
||||||
|
# Checks if ignoreregex is defined.
|
||||||
|
if not self.__ignoreRegexObj == None:
|
||||||
|
match = self.__ignoreRegexObj.search(line)
|
||||||
|
if match:
|
||||||
|
# The ignoreregex matched. Return.
|
||||||
|
logSys.debug("Ignoring this line")
|
||||||
|
return failList
|
||||||
match = self.__failRegexObj.search(line)
|
match = self.__failRegexObj.search(line)
|
||||||
if match:
|
if match:
|
||||||
|
# The failregex matched.
|
||||||
date = self.dateDetector.getUnixTime(match.string)
|
date = self.dateDetector.getUnixTime(match.string)
|
||||||
if date == None:
|
if date == None:
|
||||||
logSys.debug("Found a match but no valid date/time found "
|
logSys.debug("Found a match but no valid date/time found "
|
||||||
|
|
|
@ -171,6 +171,12 @@ class Server:
|
||||||
def getFailRegex(self, name):
|
def getFailRegex(self, name):
|
||||||
return self.__jails.getFilter(name).getFailRegex()
|
return self.__jails.getFilter(name).getFailRegex()
|
||||||
|
|
||||||
|
def setIgnoreRegex(self, name, value):
|
||||||
|
self.__jails.getFilter(name).setIgnoreRegex(value)
|
||||||
|
|
||||||
|
def getIgnoreRegex(self, name):
|
||||||
|
return self.__jails.getFilter(name).getIgnoreRegex()
|
||||||
|
|
||||||
def setMaxRetry(self, name, value):
|
def setMaxRetry(self, name, value):
|
||||||
self.__jails.getFilter(name).setMaxRetry(value)
|
self.__jails.getFilter(name).setMaxRetry(value)
|
||||||
|
|
||||||
|
|
|
@ -147,6 +147,10 @@ class Transmitter:
|
||||||
value = command[2]
|
value = command[2]
|
||||||
self.__server.setFailRegex(name, value)
|
self.__server.setFailRegex(name, value)
|
||||||
return self.__server.getFailRegex(name)
|
return self.__server.getFailRegex(name)
|
||||||
|
elif command[1] == "ignoreregex":
|
||||||
|
value = command[2]
|
||||||
|
self.__server.setIgnoreRegex(name, value)
|
||||||
|
return self.__server.getIgnoreRegex(name)
|
||||||
elif command[1] == "maxtime":
|
elif command[1] == "maxtime":
|
||||||
value = command[2]
|
value = command[2]
|
||||||
self.__server.setMaxTime(name, int(value))
|
self.__server.setMaxTime(name, int(value))
|
||||||
|
@ -227,6 +231,8 @@ class Transmitter:
|
||||||
return self.__server.getTimePattern(name)
|
return self.__server.getTimePattern(name)
|
||||||
elif command[1] == "failregex":
|
elif command[1] == "failregex":
|
||||||
return self.__server.getFailRegex(name)
|
return self.__server.getFailRegex(name)
|
||||||
|
elif command[1] == "ignoreregex":
|
||||||
|
return self.__server.getIgnoreRegex(name)
|
||||||
elif command[1] == "maxtime":
|
elif command[1] == "maxtime":
|
||||||
return self.__server.getMaxTime(name)
|
return self.__server.getMaxTime(name)
|
||||||
elif command[1] == "findtime":
|
elif command[1] == "findtime":
|
||||||
|
|
Loading…
Reference in New Issue