From 9b03a6d42e4085b42c9c635d94273a52ee58683b Mon Sep 17 00:00:00 2001 From: sebres <serg.brester@sebres.de> Date: Thu, 14 Jul 2016 12:19:46 +0200 Subject: [PATCH] 0.10 pre-release: MANIFEST RELEASE and man pages updates --- MANIFEST | 30 ++++++++++------ RELEASE | 2 +- man/fail2ban-client.1 | 76 +++++++++++++++++++++++++++------------- man/fail2ban-regex.1 | 21 ++++++----- man/fail2ban-server.1 | 53 +++++++++++++++++++--------- man/fail2ban-testcases.1 | 22 +++++++++--- 6 files changed, 138 insertions(+), 66 deletions(-) diff --git a/MANIFEST b/MANIFEST index cd250d3d..05e665b2 100644 --- a/MANIFEST +++ b/MANIFEST @@ -13,9 +13,12 @@ config/action.d/complain.conf config/action.d/dshield.conf config/action.d/dummy.conf config/action.d/firewallcmd-allports.conf +config/action.d/firewallcmd-common.conf config/action.d/firewallcmd-ipset.conf config/action.d/firewallcmd-multiport.conf config/action.d/firewallcmd-new.conf +config/action.d/firewallcmd-rich-logging.conf +config/action.d/firewallcmd-rich-rules.conf config/action.d/hostsdeny.conf config/action.d/ipfilter.conf config/action.d/ipfw.conf @@ -31,6 +34,7 @@ config/action.d/iptables-new.conf config/action.d/iptables-xt_recent-echo.conf config/action.d/mail-buffered.conf config/action.d/mail.conf +config/action.d/mail-whois-common.conf config/action.d/mail-whois.conf config/action.d/mail-whois-lines.conf config/action.d/mynetwatchman.conf @@ -52,6 +56,7 @@ config/action.d/sendmail-whois-ipmatches.conf config/action.d/sendmail-whois-lines.conf config/action.d/sendmail-whois-matches.conf config/action.d/shorewall.conf +config/action.d/shorewall-ipset-proto6.conf config/action.d/smtp.py config/action.d/symbiosis-blacklist-allports.conf config/action.d/ufw.conf @@ -67,6 +72,7 @@ config/filter.d/apache-modsecurity.conf config/filter.d/apache-nohome.conf config/filter.d/apache-noscript.conf config/filter.d/apache-overflows.conf +config/filter.d/apache-pass.conf config/filter.d/apache-shellshock.conf config/filter.d/assp.conf config/filter.d/asterisk.conf @@ -79,17 +85,18 @@ config/filter.d/cyrus-imap.conf config/filter.d/directadmin.conf config/filter.d/dovecot.conf config/filter.d/dropbear.conf +config/filter.d/drupal-auth.conf config/filter.d/ejabberd-auth.conf config/filter.d/exim-common.conf config/filter.d/exim.conf config/filter.d/exim-spam.conf config/filter.d/freeswitch.conf +config/filter.d/froxlor-auth.conf config/filter.d/groupoffice.conf config/filter.d/gssftpd.conf config/filter.d/guacamole.conf config/filter.d/haproxy-http-auth.conf config/filter.d/horde.conf -config/filter.d/ignorecommands config/filter.d/ignorecommands/apache-fakegooglebot config/filter.d/kerio.conf config/filter.d/lighttpd-auth.conf @@ -122,7 +129,6 @@ config/filter.d/selinux-common.conf config/filter.d/selinux-ssh.conf config/filter.d/sendmail-auth.conf config/filter.d/sendmail-reject.conf -config/filter.d/sendmail-spam.conf config/filter.d/sieve.conf config/filter.d/sogo-auth.conf config/filter.d/solid-pop3d.conf @@ -148,7 +154,6 @@ config/paths-osx.conf CONTRIBUTING.md COPYING DEVELOP -doc/run-rootless.txt fail2ban-2to3 fail2ban/client/actionreader.py fail2ban/client/beautifier.py @@ -185,7 +190,6 @@ fail2ban/server/filterpyinotify.py fail2ban/server/filtersystemd.py fail2ban/server/__init__.py fail2ban/server/ipdns.py -fail2ban/server/iso8601.py fail2ban/server/jail.py fail2ban/server/jails.py fail2ban/server/jailthread.py @@ -203,21 +207,19 @@ fail2ban/tests/action_d/test_smtp.py fail2ban/tests/actionstestcase.py fail2ban/tests/actiontestcase.py fail2ban/tests/banmanagertestcase.py -fail2ban/tests/clientreadertestcase.py fail2ban/tests/clientbeautifiertestcase.py +fail2ban/tests/clientreadertestcase.py fail2ban/tests/config/action.d/brokenaction.conf fail2ban/tests/config/fail2ban.conf fail2ban/tests/config/filter.d/simple.conf fail2ban/tests/config/filter.d/test.conf fail2ban/tests/config/filter.d/test.local +fail2ban/tests/config/filter.d/zzz-generic-example.conf fail2ban/tests/config/jail.conf -fail2ban/tests/config/paths-common.conf -fail2ban/tests/config/paths-debian.conf -fail2ban/tests/config/paths-freebsd.conf -fail2ban/tests/config/paths-osx.conf fail2ban/tests/databasetestcase.py fail2ban/tests/datedetectortestcase.py fail2ban/tests/dummyjail.py +fail2ban/tests/fail2banclienttestcase.py fail2ban/tests/fail2banregextestcase.py fail2ban/tests/failmanagertestcase.py fail2ban/tests/files/action.d/action_checkainfo.py @@ -250,13 +252,13 @@ fail2ban/tests/files/ignorecommand.py fail2ban/tests/files/logs/3proxy fail2ban/tests/files/logs/apache-auth fail2ban/tests/files/logs/apache-badbots -fail2ban/tests/files/logs/apache-botscripts fail2ban/tests/files/logs/apache-botsearch fail2ban/tests/files/logs/apache-fakegooglebot fail2ban/tests/files/logs/apache-modsecurity fail2ban/tests/files/logs/apache-nohome fail2ban/tests/files/logs/apache-noscript fail2ban/tests/files/logs/apache-overflows +fail2ban/tests/files/logs/apache-pass fail2ban/tests/files/logs/apache-shellshock fail2ban/tests/files/logs/assp fail2ban/tests/files/logs/asterisk @@ -270,10 +272,12 @@ fail2ban/tests/files/logs/cyrus-imap fail2ban/tests/files/logs/directadmin fail2ban/tests/files/logs/dovecot fail2ban/tests/files/logs/dropbear +fail2ban/tests/files/logs/drupal-auth fail2ban/tests/files/logs/ejabberd-auth fail2ban/tests/files/logs/exim fail2ban/tests/files/logs/exim-spam fail2ban/tests/files/logs/freeswitch +fail2ban/tests/files/logs/froxlor-auth fail2ban/tests/files/logs/groupoffice fail2ban/tests/files/logs/gssftpd fail2ban/tests/files/logs/guacamole @@ -309,7 +313,6 @@ fail2ban/tests/files/logs/screensharingd fail2ban/tests/files/logs/selinux-ssh fail2ban/tests/files/logs/sendmail-auth fail2ban/tests/files/logs/sendmail-reject -fail2ban/tests/files/logs/sendmail-spam fail2ban/tests/files/logs/sieve fail2ban/tests/files/logs/sogo-auth fail2ban/tests/files/logs/solid-pop3d @@ -325,6 +328,7 @@ fail2ban/tests/files/logs/vsftpd fail2ban/tests/files/logs/webmin-auth fail2ban/tests/files/logs/wuftpd fail2ban/tests/files/logs/xinetd-fail +fail2ban/tests/files/logs/zzz-generic-example fail2ban/tests/files/testcase01.log fail2ban/tests/files/testcase02.log fail2ban/tests/files/testcase03.log @@ -356,6 +360,8 @@ files/gentoo-confd files/gentoo-initd files/ipmasq-ZZZzzz_fail2ban.rul files/logwatch/fail2ban +files/logwatch/fail2ban-0.8.log +files/logwatch/fail2ban-0.9.log files/macosx-initd files/monit/fail2ban files/nagios/check_fail2ban @@ -373,6 +379,8 @@ man/fail2ban-regex.1 man/fail2ban-regex.h2m man/fail2ban-server.1 man/fail2ban-server.h2m +man/fail2ban-testcases.1 +man/fail2ban-testcases.h2m man/generate-man man/jail.conf.5 README.md diff --git a/RELEASE b/RELEASE index fa89fc34..e570c9eb 100644 --- a/RELEASE +++ b/RELEASE @@ -190,7 +190,7 @@ Post Release Add the following to the top of the ChangeLog:: - ver. 0.9.6 (2016/XX/XXX) - wanna-be-released + ver. 0.10.0 (2016/XX/XXX) - wanna-be-released ----------- - Fixes: diff --git a/man/fail2ban-client.1 b/man/fail2ban-client.1 index ec5db2d2..0da5fb02 100644 --- a/man/fail2ban-client.1 +++ b/man/fail2ban-client.1 @@ -1,12 +1,12 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.2. -.TH FAIL2BAN-CLIENT "1" "March 2016" "fail2ban-client v0.9.4" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.44.1. +.TH FAIL2BAN-CLIENT "1" "July 2016" "fail2ban-client v0.10.0a1" "User Commands" .SH NAME fail2ban-client \- configure and control the server .SH SYNOPSIS .B fail2ban-client -[\fI\,OPTIONS\/\fR] \fI\,<COMMAND>\/\fR +[\fIOPTIONS\fR] \fI<COMMAND>\fR .SH DESCRIPTION -Fail2Ban v0.9.4 reads log file that contains password failure report +Fail2Ban v0.10.0a1 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. .SH OPTIONS .TP @@ -19,6 +19,13 @@ socket path \fB\-p\fR <FILE> pidfile path .TP +\fB\-\-loglevel\fR <LEVEL> +logging level +.HP +\fB\-\-logtarget\fR <FILE>|STDOUT|STDERR|SYSLOG +.HP +\fB\-\-syslogsocket\fR auto|<FILE> +.TP \fB\-d\fR dump configuration. For debugging .TP @@ -38,7 +45,13 @@ force execution of the server (remove socket file) start server in background (default) .TP \fB\-f\fR -start server in foreground (note that the client forks once itself) +start server in foreground +.TP +\fB\-\-async\fR +start server in async mode (for internal usage only, don't read configuration) +.TP +\fB\-\-timeout\fR +timeout to wait for the server (for internal usage only, don't read configuration) .TP \fB\-h\fR, \fB\-\-help\fR display this help message @@ -52,8 +65,12 @@ BASIC \fBstart\fR starts the server and the jails .TP +\fBrestart\fR +restarts the server +.TP \fBreload\fR -reloads the configuration +reloads the configuration without +restart .TP \fBreload <JAIL>\fR reloads the jail <JAIL> @@ -69,6 +86,10 @@ server \fBping\fR tests if the server is alive .TP +\fBecho\fR +for internal usage, returns back +and outputs a given string +.TP \fBhelp\fR return this output .TP @@ -227,8 +248,9 @@ for <JAIL> \fBset <JAIL> maxlines <LINES>\fR sets the number of <LINES> to buffer for regex search for <JAIL> -.TP -\fBset <JAIL> addaction <ACT>[ <PYTHONFILE> <JSONKWARGS>]\fR +.IP +set <JAIL> addaction <ACT>[ <PYTHONFILE> <JSONKWARGS>] +.IP adds a new action named <ACT> for <JAIL>. Optionally for a Python based action, a <PYTHONFILE> and @@ -240,38 +262,45 @@ removes the action <ACT> from <JAIL> .IP COMMAND ACTION CONFIGURATION -.TP -\fBset <JAIL> action <ACT> actionstart <CMD>\fR +.IP +set <JAIL> action <ACT> actionstart <CMD> +.IP sets the start command <CMD> of the action <ACT> for <JAIL> -.TP -\fBset <JAIL> action <ACT> actionstop <CMD> sets the stop command <CMD> of the\fR +.IP +set <JAIL> action <ACT> actionstop <CMD> sets the stop command <CMD> of the +.IP action <ACT> for <JAIL> -.TP -\fBset <JAIL> action <ACT> actioncheck <CMD>\fR +.IP +set <JAIL> action <ACT> actioncheck <CMD> +.IP sets the check command <CMD> of the action <ACT> for <JAIL> .TP \fBset <JAIL> action <ACT> actionban <CMD>\fR sets the ban command <CMD> of the action <ACT> for <JAIL> -.TP -\fBset <JAIL> action <ACT> actionunban <CMD>\fR +.IP +set <JAIL> action <ACT> actionunban <CMD> +.IP sets the unban command <CMD> of the action <ACT> for <JAIL> -.TP -\fBset <JAIL> action <ACT> timeout <TIMEOUT>\fR +.IP +set <JAIL> action <ACT> timeout <TIMEOUT> +.IP sets <TIMEOUT> as the command timeout in seconds for the action <ACT> for <JAIL> .IP GENERAL ACTION CONFIGURATION -.TP -\fBset <JAIL> action <ACT> <PROPERTY> <VALUE>\fR +.IP +set <JAIL> action <ACT> <PROPERTY> <VALUE> +.IP sets the <VALUE> of <PROPERTY> for the action <ACT> for <JAIL> -.TP -\fBset <JAIL> action <ACT> <METHOD>[ <JSONKWARGS>]\fR +.IP +set <JAIL> action <ACT> <METHOD>[ <JSONKWARGS>] +.IP calls the <METHOD> with <JSONKWARGS> for the action <ACT> for <JAIL> @@ -376,9 +405,6 @@ gets the value of <PROPERTY> for the action <ACT> for <JAIL> .SH FILES \fI/etc/fail2ban/*\fR -.SH AUTHOR -Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>. -Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>. .SH "REPORTING BUGS" Report bugs to https://github.com/fail2ban/fail2ban/issues .SH COPYRIGHT diff --git a/man/fail2ban-regex.1 b/man/fail2ban-regex.1 index 740b461c..f954cb3a 100644 --- a/man/fail2ban-regex.1 +++ b/man/fail2ban-regex.1 @@ -1,10 +1,10 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.2. -.TH FAIL2BAN-REGEX "1" "March 2016" "fail2ban-regex 0.9.4" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.44.1. +.TH FAIL2BAN-REGEX "1" "July 2016" "fail2ban-regex 0.10.0a1" "User Commands" .SH NAME fail2ban-regex \- test Fail2ban "failregex" option .SH SYNOPSIS .B fail2ban-regex -[\fI\,OPTIONS\/\fR] \fI\,<LOG> <REGEX> \/\fR[\fI\,IGNOREREGEX\/\fR] +[\fIOPTIONS\fR] \fI<LOG> <REGEX> \fR[\fIIGNOREREGEX\fR] .SH DESCRIPTION Fail2Ban reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. @@ -16,7 +16,7 @@ string a string representing a log line .TP filename -path to a log file (\fI\,/var/log/auth.log\/\fP) +path to a log file (\fI/var/log/auth.log\fP) .TP "systemd\-journal" search systemd journal (systemd\-python required) @@ -42,20 +42,23 @@ show program's version number and exit \fB\-h\fR, \fB\-\-help\fR show this help message and exit .TP -\fB\-d\fR DATEPATTERN, \fB\-\-datepattern\fR=\fI\,DATEPATTERN\/\fR +\fB\-d\fR DATEPATTERN, \fB\-\-datepattern\fR=\fIDATEPATTERN\fR set custom pattern used to match date/times .TP -\fB\-e\fR ENCODING, \fB\-\-encoding\fR=\fI\,ENCODING\/\fR +\fB\-e\fR ENCODING, \fB\-\-encoding\fR=\fIENCODING\fR File encoding. Default: system locale .TP -\fB\-L\fR MAXLINES, \fB\-\-maxlines\fR=\fI\,MAXLINES\/\fR +\fB\-r\fR, \fB\-\-raw\fR +Raw hosts, don't resolve dns +.TP +\fB\-L\fR MAXLINES, \fB\-\-maxlines\fR=\fIMAXLINES\fR maxlines for multi\-line regex .TP -\fB\-m\fR JOURNALMATCH, \fB\-\-journalmatch\fR=\fI\,JOURNALMATCH\/\fR +\fB\-m\fR JOURNALMATCH, \fB\-\-journalmatch\fR=\fIJOURNALMATCH\fR journalctl style matches overriding filter file. "systemd\-journal" only .TP -\fB\-l\fR LOG_LEVEL, \fB\-\-log\-level\fR=\fI\,LOG_LEVEL\/\fR +\fB\-l\fR LOG_LEVEL, \fB\-\-log\-level\fR=\fILOG_LEVEL\fR Log level for the Fail2Ban logger to use .TP \fB\-v\fR, \fB\-\-verbose\fR diff --git a/man/fail2ban-server.1 b/man/fail2ban-server.1 index 90ec1d80..3b970024 100644 --- a/man/fail2ban-server.1 +++ b/man/fail2ban-server.1 @@ -1,24 +1,17 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.2. -.TH FAIL2BAN-SERVER "1" "March 2016" "fail2ban-server v0.9.4" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.44.1. +.TH FAIL2BAN-SERVER "1" "July 2016" "fail2ban-server v0.10.0a1" "User Commands" .SH NAME fail2ban-server \- start the server .SH SYNOPSIS .B fail2ban-server -[\fI\,OPTIONS\/\fR] +[\fIOPTIONS\fR] .SH DESCRIPTION -Fail2Ban v0.9.4 reads log file that contains password failure report +Fail2Ban v0.10.0a1 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. -.PP -Only use this command for debugging purpose. Start the server with -fail2ban\-client instead. The default behaviour is to start the server -in background. .SH OPTIONS .TP -\fB\-b\fR -start in background -.TP -\fB\-f\fR -start in foreground +\fB\-c\fR <DIR> +configuration directory .TP \fB\-s\fR <FILE> socket path @@ -26,17 +19,45 @@ socket path \fB\-p\fR <FILE> pidfile path .TP +\fB\-\-loglevel\fR <LEVEL> +logging level +.HP +\fB\-\-logtarget\fR <FILE>|STDOUT|STDERR|SYSLOG +.HP +\fB\-\-syslogsocket\fR auto|<FILE> +.TP +\fB\-d\fR +dump configuration. For debugging +.TP +\fB\-i\fR +interactive mode +.TP +\fB\-v\fR +increase verbosity +.TP +\fB\-q\fR +decrease verbosity +.TP \fB\-x\fR force execution of the server (remove socket file) .TP +\fB\-b\fR +start server in background (default) +.TP +\fB\-f\fR +start server in foreground +.TP +\fB\-\-async\fR +start server in async mode (for internal usage only, don't read configuration) +.TP +\fB\-\-timeout\fR +timeout to wait for the server (for internal usage only, don't read configuration) +.TP \fB\-h\fR, \fB\-\-help\fR display this help message .TP \fB\-V\fR, \fB\-\-version\fR print the version -.SH AUTHOR -Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>. -Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>. .SH "REPORTING BUGS" Report bugs to https://github.com/fail2ban/fail2ban/issues .SH COPYRIGHT diff --git a/man/fail2ban-testcases.1 b/man/fail2ban-testcases.1 index dc0fee32..9089d1ed 100644 --- a/man/fail2ban-testcases.1 +++ b/man/fail2ban-testcases.1 @@ -1,10 +1,10 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.2. -.TH FAIL2BAN-TESTCASES "1" "March 2016" "fail2ban-testcases 0.9.4" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.44.1. +.TH FAIL2BAN-TESTCASES "1" "July 2016" "fail2ban-testcases 0.10.0a1" "User Commands" .SH NAME fail2ban-testcases \- run Fail2Ban unit-tests .SH SYNOPSIS .B fail2ban-testcases -[\fI\,OPTIONS\/\fR] [\fI\,regexps\/\fR] +[\fIOPTIONS\fR] [\fIregexps\fR] .SH DESCRIPTION Script to run Fail2Ban tests battery .SH OPTIONS @@ -15,12 +15,26 @@ show program's version number and exit \fB\-h\fR, \fB\-\-help\fR show this help message and exit .TP -\fB\-l\fR LOG_LEVEL, \fB\-\-log\-level\fR=\fI\,LOG_LEVEL\/\fR +\fB\-l\fR LOG_LEVEL, \fB\-\-log\-level\fR=\fILOG_LEVEL\fR Log level for the logger to use during running tests .TP \fB\-n\fR, \fB\-\-no\-network\fR Do not run tests that require the network .TP +\fB\-g\fR, \fB\-\-no\-gamin\fR +Do not run tests that require the gamin +.TP +\fB\-m\fR, \fB\-\-memory\-db\fR +Run database tests using memory instead of file +.TP +\fB\-f\fR, \fB\-\-fast\fR +Try to increase speed of the tests, decreasing of wait +intervals, memory database +.TP +\fB\-i\fR, \fB\-\-ignore\fR +negate [regexps] filter to ignore tests matched +specified regexps +.TP \fB\-t\fR, \fB\-\-log\-traceback\fR Enrich log\-messages with compressed tracebacks .TP