From e651bc7866f7c0cc32db1fe01d7c93abebd303c5 Mon Sep 17 00:00:00 2001 From: sebres Date: Mon, 11 Feb 2019 11:54:58 +0100 Subject: [PATCH 1/2] amend to #1622: jail-reader supports now multi-line option for multi-line action parameter: logpath = a.log b.log c.log action = ban[...] = log[logpath="%(logpath)s"] closes gh-2341, ultimate fix for gh-976 --- config/jail.conf | 6 +++--- fail2ban/client/jailreader.py | 11 +++++++++- fail2ban/tests/clientreadertestcase.py | 24 ++++++++++++++++++++++ fail2ban/tests/config/action.d/action.conf | 4 ++++ fail2ban/tests/config/jail.conf | 12 +++++++++++ 5 files changed, 53 insertions(+), 4 deletions(-) create mode 100644 fail2ban/tests/config/action.d/action.conf diff --git a/config/jail.conf b/config/jail.conf index 8b7d3d9b..daebf48b 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -177,19 +177,19 @@ action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port # ban & send an e-mail with whois report and relevant log lines # to the destemail. action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] - %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] + %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] # See the IMPORTANT note in action.d/xarf-login-attack for when to use this action # # ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines # to the destemail. action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] - xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"] + xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"] # ban IP on CloudFlare & send an e-mail with whois report and relevant log lines # to the destemail. action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] - %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] + %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] # Report block via blocklist.de fail2ban reporting service API # diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py index b06ba72d..b8a89380 100644 --- a/fail2ban/client/jailreader.py +++ b/fail2ban/client/jailreader.py @@ -151,12 +151,21 @@ class JailReader(ConfigReader): self.__filter.getOptions(self.__opts) # Read action - for act in self.__opts["action"].split('\n'): + prevln = '' + actlst = self.__opts["action"].split('\n') + for n, act in enumerate(actlst): try: if not act: # skip empty actions continue + # join with previous line if needed (consider possible new-line): + if prevln: act = prevln + '\n' + act actName, actOpt = extractOptions(act) + prevln = '' if not actName: + # consider possible new-line, so repeat with joined next line's: + if n < len(actlst) - 1: + prevln = act + continue raise JailDefError("Invalid action definition %r" % act) if actName.endswith(".py"): self.__actions.append([ diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py index 96e6c7a4..9854417d 100644 --- a/fail2ban/tests/clientreadertestcase.py +++ b/fail2ban/tests/clientreadertestcase.py @@ -353,6 +353,30 @@ class JailReaderTest(LogCaptureTestCase): ) self.assertEqual(expected2, result) + def testMultiLineOption(self): + jail = JailReader('multi-log', force_enable=True, basedir=IMPERFECT_CONFIG, share_config=IMPERFECT_CONFIG_SHARE_CFG) + self.assertTrue(jail.read()) + self.assertTrue(jail.getOptions()) + self.assertEqual(jail.options['logpath'], 'a.log\nb.log\nc.log') + self.assertEqual(jail.options['action'], 'action[actname=\'ban\']\naction[actname=\'log\', logpath="a.log\nb.log\nc.log\nd.log"]\naction[actname=\'test\']') + self.assertSortedEqual([a.convert() for a in jail._JailReader__actions], [ + [['set', 'multi-log', 'addaction', 'ban'], ['multi-set', 'multi-log', 'action', 'ban', [ + ['actionban', 'echo "name: ban, ban: , logs: a.log\nb.log\nc.log"'], + ['actname', 'ban'], + ['name', 'multi-log'] + ]]], + [['set', 'multi-log', 'addaction', 'log'], ['multi-set', 'multi-log', 'action', 'log', [ + ['actionban', 'echo "name: log, ban: , logs: a.log\nb.log\nc.log\nd.log"'], + ['actname', 'log'], + ['logpath', 'a.log\nb.log\nc.log\nd.log'], ['name', 'multi-log'] + ]]], + [['set', 'multi-log', 'addaction', 'test'], ['multi-set', 'multi-log', 'action', 'test', [ + ['actionban', 'echo "name: test, ban: , logs: a.log\nb.log\nc.log"'], + ['actname', 'test'], + ['name', 'multi-log'] + ]]] + ]) + def testVersionAgent(self): unittest.F2B.SkipIfCfgMissing(stock=True) jail = JailReader('blocklisttest', force_enable=True, basedir=CONFIG_DIR) diff --git a/fail2ban/tests/config/action.d/action.conf b/fail2ban/tests/config/action.d/action.conf new file mode 100644 index 00000000..b26c00b8 --- /dev/null +++ b/fail2ban/tests/config/action.d/action.conf @@ -0,0 +1,4 @@ + +[Definition] + +actionban = echo "name: , ban: , logs: %(logpath)s" diff --git a/fail2ban/tests/config/jail.conf b/fail2ban/tests/config/jail.conf index 3dcbf634..6539adc1 100644 --- a/fail2ban/tests/config/jail.conf +++ b/fail2ban/tests/config/jail.conf @@ -51,3 +51,15 @@ action = [tz_correct] enabled = true logtimezone = UTC+0200 + +[multi-log] +enabled = false +filter = +logpath = a.log + b.log + c.log +log2nd = %(logpath)s + d.log +action = action[actname='ban'] + action[actname='log', logpath="%(log2nd)s"] + action[actname='test'] \ No newline at end of file From c819a18a0a0fa4eafcaadd6edcdcab8732b930c6 Mon Sep 17 00:00:00 2001 From: "Sergey G. Brester" Date: Mon, 11 Feb 2019 19:15:11 +0100 Subject: [PATCH 2/2] Update ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index f24c43ae..f45718d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,12 +44,15 @@ ver. 0.10.5-dev-1 (20??/??/??) - development edition - MYSQL 8.0.13 compatibility (log-error-verbosity = 3), log-format contains few additional words enclosed in brackets after "[Note]" (gh-2314) * `files/fail2ban.service.in`: fixed systemd-unit template - missing nftables dependency (gh-2313) +* several `action.d/mail*`: fixed usage with multiple log files (ultimate fix for gh-976, gh-2341) ### New Features * new failregex-flag tag `` for failregex, signaled that the access to service was gained (ATM used similar to tag ``, but it does not add the log-line to matches, gh-2279) ### Enhancements +* jail-reader extended (amend to gh-1622): actions support multi-line options now (interpolations + containing new-line); ver. 0.10.4 (2018/10/04) - ten-four-on-due-date-ten-four