mirror of https://github.com/fail2ban/fail2ban
Merge branch '0.10' into 0.11
sebres
commit
a3b7a0525a
|
|
@ -78,6 +78,7 @@ ver. 0.10.5-dev-1 (20??/??/??) - development edition
|
|||
### New Features
|
||||
* new failregex-flag tag `<F-MLFGAINED>` for failregex, signaled that the access to service was gained
|
||||
(ATM used similar to tag `<F-NOFAIL>`, but it does not add the log-line to matches, gh-2279)
|
||||
* `filter.d/traefik-auth.conf`: used to ban hosts, that were failed through traefik
|
||||
|
||||
### Enhancements
|
||||
* jail-reader extended (amend to gh-1622): actions support multi-line options now (interpolations
|
||||
|
|
|
|||
|
|
@ -159,25 +159,25 @@ class SMTPAction(ActionBase):
|
|||
try:
|
||||
self._logSys.debug("Connected to SMTP '%s', response: %i: %s",
|
||||
self.host, *smtp.connect(self.host))
|
||||
if self.user and self.password:
|
||||
if self.user and self.password: # pragma: no cover (ATM no tests covering that)
|
||||
smtp.login(self.user, self.password)
|
||||
failed_recipients = smtp.sendmail(
|
||||
self.fromaddr, self.toaddr.split(", "), msg.as_string())
|
||||
except smtplib.SMTPConnectError:
|
||||
except smtplib.SMTPConnectError: # pragma: no cover
|
||||
self._logSys.error("Error connecting to host '%s'", self.host)
|
||||
raise
|
||||
except smtplib.SMTPAuthenticationError:
|
||||
except smtplib.SMTPAuthenticationError: # pragma: no cover
|
||||
self._logSys.error(
|
||||
"Failed to authenticate with host '%s' user '%s'",
|
||||
self.host, self.user)
|
||||
raise
|
||||
except smtplib.SMTPException:
|
||||
except smtplib.SMTPException: # pragma: no cover
|
||||
self._logSys.error(
|
||||
"Error sending mail to host '%s' from '%s' to '%s'",
|
||||
self.host, self.fromaddr, self.toaddr)
|
||||
raise
|
||||
else:
|
||||
if failed_recipients:
|
||||
if failed_recipients: # pragma: no cover
|
||||
self._logSys.warning(
|
||||
"Email to '%s' failed to following recipients: %r",
|
||||
self.toaddr, failed_recipients)
|
||||
|
|
@ -186,7 +186,7 @@ class SMTPAction(ActionBase):
|
|||
try:
|
||||
self._logSys.debug("Disconnected from '%s', response %i: %s",
|
||||
self.host, *smtp.quit())
|
||||
except smtplib.SMTPServerDisconnected:
|
||||
except smtplib.SMTPServerDisconnected: # pragma: no cover
|
||||
pass # Not connected
|
||||
|
||||
def start(self):
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ failregex = ^Registration from '[^']*' failed for '<HOST>(:\d+)?' - (?:Wrong pas
|
|||
^No registration for peer '[^']*' \(from <HOST>\)$
|
||||
^hacking attempt detected '<HOST>'$
|
||||
^SecurityEvent="(?:FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)"(?:(?:,(?!RemoteAddress=)\w+="[^"]*")*|.*?),RemoteAddress="IPV[46]/(UDP|TCP|WS)/<HOST>/\d+"(?:,(?!RemoteAddress=)\w+="[^"]*")*$
|
||||
^"Rejecting unknown SIP connection from <HOST>"$
|
||||
^"Rejecting unknown SIP connection from <HOST>(?::\d+)?"$
|
||||
^Request (?:'[^']*' )?from '(?:[^']*|.*?)' failed for '<HOST>(?::\d+)?'\s\(callid: [^\)]*\) - (?:No matching endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to authenticate)\s*$
|
||||
|
||||
# FreePBX (todo: make optional in v.0.10):
|
||||
|
|
|
|||
|
|
@ -0,0 +1,56 @@
|
|||
# Fail2ban filter configuration for traefik :: auth
|
||||
# used to ban hosts, that were failed through traefik
|
||||
#
|
||||
# Author: CrazyMax
|
||||
#
|
||||
# To use 'traefik-auth' filter you have to configure your Traefik instance to write
|
||||
# the access logs as describe in https://docs.traefik.io/configuration/logs/#access-logs
|
||||
# into a log file on host and specifiy users for Basic Authentication
|
||||
# https://docs.traefik.io/configuration/entrypoints/#basic-authentication
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# version: "3.2"
|
||||
#
|
||||
# services:
|
||||
# traefik:
|
||||
# image: traefik:latest
|
||||
# command:
|
||||
# - "--loglevel=INFO"
|
||||
# - "--accesslog=true"
|
||||
# - "--accessLog.filePath=/var/log/access.log"
|
||||
# # - "--accessLog.filters.statusCodes=400-499"
|
||||
# - "--defaultentrypoints=http,https"
|
||||
# - "--entryPoints=Name:http Address::80"
|
||||
# - "--entryPoints=Name:https Address::443 TLS"
|
||||
# - "--docker.domain=example.com"
|
||||
# - "--docker.watch=true"
|
||||
# - "--docker.exposedbydefault=false"
|
||||
# - "--api=true"
|
||||
# - "--api.dashboard=true"
|
||||
# ports:
|
||||
# - target: 80
|
||||
# published: 80
|
||||
# protocol: tcp
|
||||
# mode: host
|
||||
# - target: 443
|
||||
# published: 443
|
||||
# protocol: tcp
|
||||
# mode: host
|
||||
# labels:
|
||||
# - "traefik.enable=true"
|
||||
# - "traefik.port=8080"
|
||||
# - "traefik.backend=traefik"
|
||||
# - "traefik.frontend.rule=Host:traefik.example.com"
|
||||
# - "traefik.frontend.auth.basic.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
# volumes:
|
||||
# - "/var/log/traefik:/var/log"
|
||||
# - "/var/run/docker.sock:/var/run/docker.sock"
|
||||
# restart: always
|
||||
#
|
||||
|
||||
[Definition]
|
||||
|
||||
failregex = ^<HOST> \- (?!- )\S+ \[\] \"(GET|POST|HEAD) [^\"]+\" 401\b
|
||||
|
||||
ignoreregex =
|
||||
|
|
@ -926,3 +926,8 @@ backend = %(syslog_backend)s
|
|||
port = http,https
|
||||
logpath = %(apache_error_log)s
|
||||
|
||||
[traefik-auth]
|
||||
# to use 'traefik-auth' filter you have to configure your Traefik instance,
|
||||
# see `filter.d/traefik-auth.conf` for details and service example.
|
||||
port = http,https
|
||||
logpath = /var/log/traefik/access.log
|
||||
|
|
|
|||
|
|
@ -35,7 +35,12 @@
|
|||
|
||||
# failJSON: { "time": "2013-11-11T14:33:38", "match": true , "host": "192.168.55.152" }
|
||||
[2013-11-11 14:33:38] WARNING[6756][C-0000001d] Ext. s: "Rejecting unknown SIP connection from 192.168.55.152"
|
||||
|
||||
# failJSON: { "time": "2013-11-11T14:33:38", "match": true , "host": "192.168.55.152" }
|
||||
[2013-11-11 14:33:38] WARNING[8447][C-00000244] Ext. s: "Rejecting unknown SIP connection from 192.168.55.152:52126"
|
||||
# failJSON: { "time": "2013-11-11T14:33:38", "match": true , "host": "2001:db8::1" }
|
||||
[2013-11-11 14:33:38] WARNING[12124][C-00000001] Ext. s: "Rejecting unknown SIP connection from 2001:db8::1"
|
||||
# failJSON: { "time": "2013-11-11T14:33:38", "match": true , "host": "2001:db8::1" }
|
||||
[2013-11-11 14:33:38] WARNING[12124][C-00000001] Ext. s: "Rejecting unknown SIP connection from [2001:db8::1]:5060"
|
||||
|
||||
# failJSON: { "time": "2004-11-04T18:30:40", "match": true , "host": "192.168.200.100" }
|
||||
Nov 4 18:30:40 localhost asterisk[32229]: NOTICE[32257]: chan_sip.c:23417 in handle_request_register: Registration from '<sip:301@example.com>' failed for '192.168.200.100:36998' - Wrong password
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
# failJSON: { "match": false }
|
||||
10.0.0.2 - - [18/Nov/2018:21:34:30 +0000] "GET /dashboard/ HTTP/2.0" 401 17 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0" 72 "Auth for frontend-Host-traefik-0" "/dashboard/" 0ms
|
||||
# failJSON: { "time": "2018-11-18T22:34:34", "match": true , "host": "10.0.0.2" }
|
||||
10.0.0.2 - username [18/Nov/2018:21:34:34 +0000] "GET /dashboard/ HTTP/2.0" 401 17 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0" 72 "Auth for frontend-Host-traefik-0" "/dashboard/" 0ms
|
||||
# failJSON: { "match": false }
|
||||
10.0.0.2 - username [27/Nov/2018:23:33:31 +0000] "GET /dashboard/ HTTP/2.0" 200 716 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0" 118 "Host-traefik-0" "/dashboard/" 4ms
|
||||
Loading…
Reference in New Issue