github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into bf/1000-asteriskBlocksSelf 

Conflicts:
	ChangeLog
pull/1001/head
Lee Clemens 2015-04-26 15:13:59 -04:00
parent 72f4bcfbff 878cbd008e
commit b530d88eca
7 changed files with 28 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -18,7 +18,7 @@ install:
- if [[ $TRAVIS_PYTHON_VERSION == 2.7 ]]; then travis_retry sudo apt-get install -qq python-gamin; cp /usr/share/pyshared/gamin.py /usr/lib/pyshared/python2.7/_gamin.so $VIRTUAL_ENV/lib/python2.7/site-packages/; fi - if [[ $TRAVIS_PYTHON_VERSION == 2.7 ]]; then travis_retry sudo apt-get install -qq python-gamin; cp /usr/share/pyshared/gamin.py /usr/lib/pyshared/python2.7/_gamin.so $VIRTUAL_ENV/lib/python2.7/site-packages/; fi
- if [[ $TRAVIS_PYTHON_VERSION == 2.7 ]]; then cd ..; travis_retry pip install -q coveralls; cd -; fi - if [[ $TRAVIS_PYTHON_VERSION == 2.7 ]]; then cd ..; travis_retry pip install -q coveralls; cd -; fi
# overcome buggy pypy # overcome buggy pypy
- if [[ $TRAVIS_PYTHON_VERSION == pypy ]] ; then dpkg --compare-versions $(pypy --version 2>&1 | awk '/PyPy/{print $2;}') ge 2.5.1 || { cd /tmp; wget http://buildbot.pypy.org/nightly/trunk/pypy-c-jit-latest-linux64.tar.bz2; tar -xjvf pypy*bz2; cd pypy-*/bin/; export PATH=$PWD:$PATH; cd -; } ; fi - if [[ $TRAVIS_PYTHON_VERSION == pypy ]] ; then dpkg --compare-versions $(pypy --version 2>&1 | awk '/PyPy/{print $2;}') ge 2.5.1 || { d=$PWD; cd /tmp; wget http://buildbot.pypy.org/nightly/trunk/pypy-c-jit-latest-linux64.tar.bz2; tar -xjvf pypy*bz2; cd pypy-*/bin/; export PATH=$PWD:$PATH; cd $d; } ; fi
script: script:
- if [[ $TRAVIS_PYTHON_VERSION == 2.7 ]]; then coverage run --rcfile=.travis_coveragerc setup.py test; else python setup.py test; fi - if [[ $TRAVIS_PYTHON_VERSION == 2.7 ]]; then coverage run --rcfile=.travis_coveragerc setup.py test; else python setup.py test; fi
# test installation # test installation

5
ChangeLog
View File

@ -40,7 +40,10 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released
* firewallcmd-* actions: split output into separate lines for grepping (gh-908) * firewallcmd-* actions: split output into separate lines for grepping (gh-908)
* Guard unicode encode/decode issues while storing records in the database. * Guard unicode encode/decode issues while storing records in the database.
Fixes "binding parameter error (unsupported type)" (gh-973), thanks to kot for reporting Fixes "binding parameter error (unsupported type)" (gh-973), thanks to kot for reporting
* filter.d/asterisk.conf - Match hacking attempt IP instead of asterisk server IP * filter.d/sshd added regex for matching openSUSE ssh authentication failure
* filter.d/asterisk.conf - Dropped "Sending fake auth rejection" failregex since it incorrectly targets the asterisk server itself
* filter.d/asterisk.conf - Added matching "hacking attempt detected" logs
- New Features: - New Features:
- New filters: - New filters:

1
config/filter.d/sshd.conf
View File

@ -33,6 +33,7 @@ failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|erro
^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked<SKIPLINES>(?P=__prefix)(?:error: )?Received disconnect from <HOST>: 11: .+ \[preauth\]$ ^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked<SKIPLINES>(?P=__prefix)(?:error: )?Received disconnect from <HOST>: 11: .+ \[preauth\]$
^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? \[preauth\]<SKIPLINES>(?P=__prefix)(?:error: )?Connection closed by <HOST> \[preauth\]$ ^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? \[preauth\]<SKIPLINES>(?P=__prefix)(?:error: )?Connection closed by <HOST> \[preauth\]$
^(?P<__prefix>%(__prefix_line)s)Connection from <HOST> port \d+(?: on \S+ port \d+)?<SKIPLINES>(?P=__prefix)Disconnecting: Too many authentication failures for .+? \[preauth\]$ ^(?P<__prefix>%(__prefix_line)s)Connection from <HOST> port \d+(?: on \S+ port \d+)?<SKIPLINES>(?P=__prefix)Disconnecting: Too many authentication failures for .+? \[preauth\]$
^%(__prefix_line)spam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$
ignoreregex = ignoreregex =

5
fail2ban/tests/files/logs/sshd
View File

@ -148,3 +148,8 @@ Apr 27 13:02:04 host sshd[29116]: User root not allowed because account is locke
Apr 27 13:02:04 host sshd[29116]: input_userauth_request: invalid user root [preauth] Apr 27 13:02:04 host sshd[29116]: input_userauth_request: invalid user root [preauth]
# failJSON: { "time": "2005-04-27T13:02:04", "match": true , "host": "1.2.3.4", "desc": "No Bye-Bye" } # failJSON: { "time": "2005-04-27T13:02:04", "match": true , "host": "1.2.3.4", "desc": "No Bye-Bye" }
Apr 27 13:02:04 host sshd[29116]: Received disconnect from 1.2.3.4: 11: Normal Shutdown, Thank you for playing [preauth] Apr 27 13:02:04 host sshd[29116]: Received disconnect from 1.2.3.4: 11: Normal Shutdown, Thank you for playing [preauth]
# Match sshd auth errors on OpenSUSE systems
# failJSON: { "time": "2015-04-16T20:02:50", "match": true , "host": "222.186.21.217", "desc": "Authentication for user failed" }
2015-04-16T18:02:50.321974+00:00 host sshd[2716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.21.217 user=root

5
fail2ban/tests/filtertestcase.py
View File

@ -224,7 +224,7 @@ class IgnoreIP(LogCaptureTestCase):
self.assertTrue(self.filter.inIgnoreIPList(ip)) self.assertTrue(self.filter.inIgnoreIPList(ip))
def testIgnoreIPNOK(self): def testIgnoreIPNOK(self):
ipList = "", "999.999.999.999", "abcdef", "192.168.0." ipList = "", "999.999.999.999", "abcdef.abcdef", "192.168.0."
for ip in ipList: for ip in ipList:
self.filter.addIgnoreIP(ip) self.filter.addIgnoreIP(ip)
self.assertFalse(self.filter.inIgnoreIPList(ip)) self.assertFalse(self.filter.inIgnoreIPList(ip))
@ -1023,7 +1023,8 @@ class DNSUtilsTests(unittest.TestCase):
def testIpToName(self): def testIpToName(self):
res = DNSUtils.ipToName('66.249.66.1') res = DNSUtils.ipToName('66.249.66.1')
self.assertEqual(res, 'crawl-66-249-66-1.googlebot.com') self.assertEqual(res, 'crawl-66-249-66-1.googlebot.com')
res = DNSUtils.ipToName('10.0.0.0') # invalid ip (TEST-NET-1 according to RFC 5737)
res = DNSUtils.ipToName('192.0.2.0')
self.assertEqual(res, None) self.assertEqual(res, None)
def testAddr2bin(self): def testAddr2bin(self):

18
fail2ban/tests/servertestcase.py
View File

@ -71,19 +71,24 @@ class TransmitterBase(unittest.TestCase):
"""Call after every test case.""" """Call after every test case."""
self.server.quit() self.server.quit()
def setGetTest(self, cmd, inValue, outValue=None, outCode=0, jail=None): def setGetTest(self, cmd, inValue, outValue=None, outCode=0, jail=None, repr_=False):
setCmd = ["set", cmd, inValue] setCmd = ["set", cmd, inValue]
getCmd = ["get", cmd] getCmd = ["get", cmd]
if jail is not None: if jail is not None:
setCmd.insert(1, jail) setCmd.insert(1, jail)
getCmd.insert(1, jail) getCmd.insert(1, jail)
if outValue is None: if outValue is None:
outValue = inValue outValue = inValue
self.assertEqual(self.transm.proceed(setCmd), (outCode, outValue)) def v(x):
"""Prepare value for comparison"""
return (repr(x) if repr_ else x)
self.assertEqual(v(self.transm.proceed(setCmd)), v((outCode, outValue)))
if not outCode: if not outCode:
# if we expected to get it set without problem, check new value # if we expected to get it set without problem, check new value
self.assertEqual(self.transm.proceed(getCmd), (0, outValue)) self.assertEqual(v(self.transm.proceed(getCmd)), v((0, outValue)))
def setGetTestNOK(self, cmd, inValue, jail=None): def setGetTestNOK(self, cmd, inValue, jail=None):
setCmd = ["set", cmd, inValue] setCmd = ["set", cmd, inValue]
@ -794,8 +799,11 @@ class TransmitterLogging(TransmitterBase):
**{True: {}, # should work on Linux **{True: {}, # should work on Linux
False: dict( # expect to fail otherwise False: dict( # expect to fail otherwise
outCode=1, outCode=1,
outValue=Exception('Failed to change log target'))} outValue=Exception('Failed to change log target'),
[platform.system() in ('Linux',)]) repr_=True # Exceptions are not comparable apparently
)
}[platform.system() in ('Linux',)]
)
def testLogLevel(self): def testLogLevel(self):
self.setGetTest("loglevel", "HEAVYDEBUG") self.setGetTest("loglevel", "HEAVYDEBUG")

2
fail2ban/tests/utils.py
View File

@ -153,7 +153,7 @@ def gatherTests(regexps=None, no_network=False):
for file_ in os.listdir( for file_ in os.listdir(
os.path.abspath(os.path.dirname(action_d.__file__))): os.path.abspath(os.path.dirname(action_d.__file__))):
if file_.startswith("test_") and file_.endswith(".py"): if file_.startswith("test_") and file_.endswith(".py"):
if no_network and file_ in ['test_badips.py']: #pragma: no cover if no_network and file_ in ['test_badips.py','test_smtp.py']: #pragma: no cover
# Test required network # Test required network
continue continue
tests.addTest(testloader.loadTestsFromName( tests.addTest(testloader.loadTestsFromName(