github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: Move jail `maxlines` to filter config

pull/180/head
Steven Hiscocks 2013-04-18 22:11:41 +01:00
parent 01499ad0de
commit 9672e44d39
5 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/filter.d/guacamole.conf
View File

@ -16,3 +16,7 @@ failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" fa
# Values: TEXT # Values: TEXT
# #
ignoreregex = ignoreregex =
[Init]
# "maxlines" is number of log lines to buffer for multi-line regex searches
maxlines = 2

4
config/jail.conf
View File

@ -32,9 +32,6 @@ findtime = 600
# "maxretry" is the number of failures before a host get banned. # "maxretry" is the number of failures before a host get banned.
maxretry = 3 maxretry = 3
# "maxlines" is number of log lines to buffer for multi-line regex searches
maxlines = 1
# "backend" specifies the backend used to get files modification. # "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling" and "auto". # Available options are "pyinotify", "gamin", "polling" and "auto".
# This option can be overridden in each jail as well. # This option can be overridden in each jail as well.
@ -375,7 +372,6 @@ action = iptables-multiport[name=Guacmole, port="http,https"]
sendmail-whois[name=Guacamole, dest=root, sender=fail2ban@example.com] sendmail-whois[name=Guacamole, dest=root, sender=fail2ban@example.com]
logpath = /var/log/tomcat*/catalina.out logpath = /var/log/tomcat*/catalina.out
maxretry = 5 maxretry = 5
maxlines = 2
# Jail for more extended banning of persistent abusers # Jail for more extended banning of persistent abusers

3
fail2ban/client/filterreader.py
View File

@ -56,5 +56,8 @@ class FilterReader(OptionConfigReader):
# Do not send a command if the rule is empty. # Do not send a command if the rule is empty.
if regex != '': if regex != '':
stream.append(["set", self._name, "addignoreregex", regex]) stream.append(["set", self._name, "addignoreregex", regex])
if self._initOpts:
if 'maxlines' in self._initOpts:
stream.append(["set", self._name, "maxlines", self._initOpts["maxlines"]])
return stream return stream

1
fail2ban/client/jailreader.py
View File

@ -65,7 +65,6 @@ class JailReader(ConfigReader):
["string", "logencoding", "auto"], ["string", "logencoding", "auto"],
["string", "backend", "auto"], ["string", "backend", "auto"],
["int", "maxretry", 3], ["int", "maxretry", 3],
["int", "maxlines", 1],
["int", "findtime", 600], ["int", "findtime", 600],
["int", "bantime", 600], ["int", "bantime", 600],
["string", "usedns", "warn"], ["string", "usedns", "warn"],

5
man/jail.conf.5
View File

@ -140,6 +140,11 @@ Using Python "string interpolation" mechanisms, other definitions are allowed an
baduseragents = IE|wget baduseragents = IE|wget
failregex = useragent=%(baduseragents)s failregex = useragent=%(baduseragents)s
.PP
Similar to actions, filters have an [Init] section which can be overridden in \fIjail.conf/jail.local\fR. The filter [Init] section is limited to the following options:
.TP
\fBmaxlines\fR
specifies the maximum number of lines to buffer to match multi-line regexs. For some log formats this will not required to be changed. Other logs may require to increase this value if a particular log file is frequently written to.
.PP .PP
Filters can also have a section called [INCLUDES]. This is used to read other configuration files. Filters can also have a section called [INCLUDES]. This is used to read other configuration files.