From 9672e44d391d155a17627cbe38736ebb4b141045 Mon Sep 17 00:00:00 2001 From: Steven Hiscocks Date: Thu, 18 Apr 2013 22:11:41 +0100 Subject: [PATCH] ENH: Move jail `maxlines` to filter config --- config/filter.d/guacamole.conf | 4 ++++ config/jail.conf | 4 ---- fail2ban/client/filterreader.py | 3 +++ fail2ban/client/jailreader.py | 1 - man/jail.conf.5 | 5 +++++ 5 files changed, 12 insertions(+), 5 deletions(-) diff --git a/config/filter.d/guacamole.conf b/config/filter.d/guacamole.conf index 272460e3..49cecc5a 100644 --- a/config/filter.d/guacamole.conf +++ b/config/filter.d/guacamole.conf @@ -16,3 +16,7 @@ failregex = ^.*\nWARNING: Authentication attempt from for user "[^"]*" fa # Values: TEXT # ignoreregex = + +[Init] +# "maxlines" is number of log lines to buffer for multi-line regex searches +maxlines = 2 diff --git a/config/jail.conf b/config/jail.conf index 7ed1bbb6..e8d6db05 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -32,9 +32,6 @@ findtime = 600 # "maxretry" is the number of failures before a host get banned. maxretry = 3 -# "maxlines" is number of log lines to buffer for multi-line regex searches -maxlines = 1 - # "backend" specifies the backend used to get files modification. # Available options are "pyinotify", "gamin", "polling" and "auto". # This option can be overridden in each jail as well. @@ -375,7 +372,6 @@ action = iptables-multiport[name=Guacmole, port="http,https"] sendmail-whois[name=Guacamole, dest=root, sender=fail2ban@example.com] logpath = /var/log/tomcat*/catalina.out maxretry = 5 -maxlines = 2 # Jail for more extended banning of persistent abusers diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py index bdfba4d0..09f0e6a8 100644 --- a/fail2ban/client/filterreader.py +++ b/fail2ban/client/filterreader.py @@ -56,5 +56,8 @@ class FilterReader(OptionConfigReader): # Do not send a command if the rule is empty. if regex != '': stream.append(["set", self._name, "addignoreregex", regex]) + if self._initOpts: + if 'maxlines' in self._initOpts: + stream.append(["set", self._name, "maxlines", self._initOpts["maxlines"]]) return stream diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py index f6ac09b3..39acc446 100644 --- a/fail2ban/client/jailreader.py +++ b/fail2ban/client/jailreader.py @@ -65,7 +65,6 @@ class JailReader(ConfigReader): ["string", "logencoding", "auto"], ["string", "backend", "auto"], ["int", "maxretry", 3], - ["int", "maxlines", 1], ["int", "findtime", 600], ["int", "bantime", 600], ["string", "usedns", "warn"], diff --git a/man/jail.conf.5 b/man/jail.conf.5 index 552b0ac0..d571dc7b 100644 --- a/man/jail.conf.5 +++ b/man/jail.conf.5 @@ -140,6 +140,11 @@ Using Python "string interpolation" mechanisms, other definitions are allowed an baduseragents = IE|wget failregex = useragent=%(baduseragents)s +.PP +Similar to actions, filters have an [Init] section which can be overridden in \fIjail.conf/jail.local\fR. The filter [Init] section is limited to the following options: +.TP +\fBmaxlines\fR +specifies the maximum number of lines to buffer to match multi-line regexs. For some log formats this will not required to be changed. Other logs may require to increase this value if a particular log file is frequently written to. .PP Filters can also have a section called [INCLUDES]. This is used to read other configuration files.