* 'bsd_logs' of https://github.com/grooverdan/fail2ban:
  ENH: separate out regex and escape a .
  BF: missed MANIFEST include
  DOC: credits for bsd log
  DOC: bsd syslog files thanks to Nick Hilliard
  BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD

Conflicts:
	config/filter.d/common.conf
pull/218/head
Yaroslav Halchenko 2013-05-08 10:30:04 -04:00
commit 976a65bb89
6 changed files with 32 additions and 3 deletions

View File

@ -54,6 +54,8 @@ fail2ban-users mailing list and IRC.
gh-70. Thanks to iGeorgeX for the idea.
blotus
* [96eb8986] ' and " should also be escaped in action tags Closes gh-109
Christoph Theis, Nick Hilliard, Daniel Black
* [b3bd877d,cde71080] Make syslog -v and syslog -vv formats work on FreeBSD
- New features:
Yaroslav Halchenko
* [9ba27353] Add support for jail.d/{confilefile} and fail2ban.d/{configfile}

View File

@ -43,6 +43,9 @@ server/datetemplate.py
server/mytime.py
server/failregex.py
testcases/files/testcase-usedns.log
testcases/files/logs/bsd/syslog-plain.txt
testcases/files/logs/bsd/syslog-v.txt
testcases/files/logs/bsd/syslog-vv.txt
testcases/banmanagertestcase.py
testcases/failmanagertestcase.py
testcases/clientreadertestcase.py

View File

@ -41,10 +41,16 @@ __kernel_prefix = kernel: \[\d+\.\d+\]
__hostname = \S+
# bsdverbose is where syslogd is started with -v or -vv and results in <4.3> or
# <auth.info> appearing before the host as per testcases/files/logs/bsd/*.
__bsd_syslog_verbose = (<[^.]+\.[^.]+>)
#
# Common line prefixes (beginnings) which could be used in filters
#
# [hostname] [vserver tag] daemon_id spaces
# this can be optional (for instance if we match named native log files)
__prefix_line = \s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s%(__daemon_extra_re)s?\s*
# [bsdverbose]? [hostname] [vserver tag] daemon_id spaces
#
# This can be optional (for instance if we match named native log files)
__prefix_line = \s*%(__bsd_syslog_verbose)s?\s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s%(__daemon_extra_re)s?\s*

View File

@ -0,0 +1,3 @@
Apr 2 17:52:55 pancake sshd[55657]: Invalid user oracle from 192.0.2.100
Apr 2 17:53:01 pancake sshd[55657]: error: PAM: authentication error for illegal user oracle from test.example.com
Apr 2 17:53:01 pancake sshd[55657]: Failed keyboard-interactive/pam for invalid user oracle from 192.0.2.100 port 48856 ssh2

View File

@ -0,0 +1,10 @@
Apr 2 17:51:27 <4.3> pancake sshd[55624]: error: PAM: authentication error for nick from test.example.com
Apr 2 17:51:32 <4.6> pancake sshd[55628]: Invalid user r00t from 192.0.2.100
Apr 2 17:51:33 <4.3> pancake sshd[55628]: error: PAM: authentication error for illegal user r00t from test.example.com
Apr 2 17:51:33 <4.6> pancake sshd[55628]: Failed keyboard-interactive/pam for invalid user r00t from 192.0.2.100 port 46050 ssh2
Apr 2 17:51:34 <4.3> pancake sshd[55628]: error: PAM: authentication error for illegal user r00t from test.example.com
Apr 2 17:51:34 <4.6> pancake sshd[55628]: Failed keyboard-interactive/pam for invalid user r00t from 192.0.2.100 port 46050 ssh2
Apr 2 17:51:36 <4.3> pancake sshd[55628]: error: PAM: authentication error for illegal user r00t from test.example.com
Apr 2 17:51:36 <4.6> pancake sshd[55628]: Failed keyboard-interactive/pam for invalid user r00t from 192.0.2.100 port 46050 ssh2
Apr 2 17:52:06 <4.6> pancake sshd[55647]: Invalid user oracle from 192.0.2.100
Apr 2 17:52:07 <4.3> pancake sshd[55647]: error: PAM: authentication error for illegal user oracle from test.example.com

View File

@ -0,0 +1,5 @@
Mar 19 23:48:18 <auth.info> pancake sshd[55517]: Invalid user r00t from 183.60.159.20
Mar 19 23:48:20 <auth.info> pancake sshd[55519]: Invalid user r00t from 183.60.159.20
Mar 19 23:50:03 <auth.info> pancake sshd[55604]: Invalid user http from 183.60.159.20
Mar 19 23:50:05 <auth.info> pancake sshd[55606]: Invalid user kylix from 183.60.159.20
Mar 19 23:50:08 <auth.info> pancake sshd[55608]: Invalid user nagios from 183.60.159.20