Browse Source

Merge pull request #3697 from remontti/patch-1

named-refused.conf: denied allows any reason in parenthesis as suffix
pull/3706/head
Sergey G. Brester 8 months ago committed by GitHub
parent
commit
b59fd2e7b5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 1
      ChangeLog
  2. 2
      config/filter.d/named-refused.conf
  3. 2
      fail2ban/tests/files/logs/named-refused

1
ChangeLog

@ -35,6 +35,7 @@ ver. 1.0.3-dev-1 (20??/??/??) - development nightly edition
- filter can bypass additional timestamp or pid that may be logged via systemd-journal or syslog-ng (gh-3060) - filter can bypass additional timestamp or pid that may be logged via systemd-journal or syslog-ng (gh-3060)
- rewrite host line regex for all varied exim's log_selector states (gh-3263) - rewrite host line regex for all varied exim's log_selector states (gh-3263)
- fixed "dropped: too many ..." regex, also matching unrecognized commands now (gh-3502) - fixed "dropped: too many ..." regex, also matching unrecognized commands now (gh-3502)
* `filter.d/named-refused.conf` - denied allows any reason in parenthesis as suffix (gh-3697)
* `filter.d/nginx-forbidden.conf` - new filter to ban forbidden locations, e. g. using `deny` directive (gh-2226) * `filter.d/nginx-forbidden.conf` - new filter to ban forbidden locations, e. g. using `deny` directive (gh-2226)
* `filter.d/sshd.conf`: * `filter.d/sshd.conf`:
- avoid double counting for "maximum authentication attempts exceeded" (gh-3502) - avoid double counting for "maximum authentication attempts exceeded" (gh-3502)

2
config/filter.d/named-refused.conf

@ -37,7 +37,7 @@ _category_re = (?:%(_category)s: )?
# this can be optional (for instance if we match named native log files) # this can be optional (for instance if we match named native log files)
__line_prefix=\s*(?:\S+ %(__daemon_combs_re)s\s+)?%(_category_re)s __line_prefix=\s*(?:\S+ %(__daemon_combs_re)s\s+)?%(_category_re)s
prefregex = ^%(__line_prefix)s(?:(?:error|info):\s*)?client(?: @\S*)? <HOST>#\S+(?: \([\S.]+\))?: <F-CONTENT>.+</F-CONTENT>\s(?:denied|\(NOTAUTH\))\s*$ prefregex = ^%(__line_prefix)s(?:(?:error|info):\s*)?client(?: @\S*)? <HOST>#\S+(?: \([\S.]+\))?: <F-CONTENT>.+</F-CONTENT>\s(?:denied(?: \([^\)]*\))?|\(NOTAUTH\))\s*$
failregex = ^(?:view (?:internal|external): )?query(?: \(cache\))? failregex = ^(?:view (?:internal|external): )?query(?: \(cache\))?
^zone transfer ^zone transfer

2
fail2ban/tests/files/logs/named-refused

@ -18,6 +18,8 @@ Aug 17 08:20:22 catinthehat named[2954]: client 223.252.23.219#56275: zone trans
# BIND9 ver: BIND 9.9.3-rpz2+rl.13208.13-P2-RedHat-9.9.3-4.P2.el6 (Extended Support Version) # BIND9 ver: BIND 9.9.3-rpz2+rl.13208.13-P2-RedHat-9.9.3-4.P2.el6 (Extended Support Version)
# failJSON: { "time": "2013-08-23T10:32:56", "match": true , "host": "82.207.95.42" } # failJSON: { "time": "2013-08-23T10:32:56", "match": true , "host": "82.207.95.42" }
23-Aug-2013 10:32:56.621 client 82.207.95.42#40278 (redginseng.com.ua): query (cache) 'redginseng.com.ua/A/IN' denied 23-Aug-2013 10:32:56.621 client 82.207.95.42#40278 (redginseng.com.ua): query (cache) 'redginseng.com.ua/A/IN' denied
# failJSON: { "time": "2013-08-23T18:41:28", "match": true , "host": "192.0.2.3", "desc": "denied with allow-query-cache did not match, gh-2697" }
23-Aug-2013 18:41:28.090 client @0x7f7c95c76968 192.0.2.3#60683 (example.com): query (cache) 'example.com/A/IN' denied (allow-query-cache did not match)
# failJSON: { "time": "2013-08-27T17:49:45", "match": true , "host": "59.167.242.100" } # failJSON: { "time": "2013-08-27T17:49:45", "match": true , "host": "59.167.242.100" }
27-Aug-2013 17:49:45.330 client 59.167.242.100#44281 (watt.kiev.ua): zone transfer 'watt.kiev.ua/AXFR/IN' denied 27-Aug-2013 17:49:45.330 client 59.167.242.100#44281 (watt.kiev.ua): zone transfer 'watt.kiev.ua/AXFR/IN' denied

Loading…
Cancel
Save