* Moved <HOST> expansion into regex.py (closes: #429263). Thanks James

Andrewartha. * Added optional regexp entry for process PID in some entries (closes: #426050). Thanks Roderick Schertler.
2007-06-21 01:47:02 +00:00 · 2007-06-21 01:47:02 +00:00 · bc0806d459
parent cc5ec4dcde
commit bc0806d459
4 changed files with 97 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,12 @@
+fail2ban (0.8.0-3~pre1) unstable; urgency=low
+
+  * Moved <HOST> expansion into regex.py (closes: #429263). Thanks James
+    Andrewartha.
+  * Added optional regexp entry for process PID in some entries (closes:
+    #426050). Thanks Roderick Schertler.
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 19 Jun 2007 23:04:02 -0400
+
 fail2ban (0.8.0-2) unstable; urgency=low

  * Manually changing the order of debhelper inserted scripts in prerm
--- a/debian/patches/00_HOST_ignoreregex.dpatch
+++ b/debian/patches/00_HOST_ignoreregex.dpatch
@ -0,0 +1,34 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_HOST_ignoreregex.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad trunk~/server/failregex.py trunk/server/failregex.py
+--- trunk~/server/failregex.py	2007-05-05 21:30:22.000000000 -0400
+++ trunk/server/failregex.py	2007-06-19 23:00:45.000000000 -0400
+@@ -40,9 +40,7 @@
+ 	# avoid construction of invalid object.
+ 	# @param value the regular expression
+ 	
+-	def __init__(self, value):
+-		# Replace "<HOST>" with default regular expression for host.
+-		regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
+	def __init__(self, regex):
+ 		# Initializes the parent.
+ 		Regex.__init__(self, regex)
+ 		# Check for group "host"
+diff -urNad trunk~/server/regex.py trunk/server/regex.py
+--- trunk~/server/regex.py	2007-05-05 21:30:22.000000000 -0400
+++ trunk/server/regex.py	2007-06-19 23:00:21.000000000 -0400
+@@ -42,6 +42,9 @@
+ 	
+ 	def __init__(self, regex):
+ 		self._matchCache = None
+		# Perform shortcuts expansions
+		# Replace "<HOST>" with default regular expression for host.
+		regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
+ 		if regex.lstrip() == '':
+ 			raise RegexException("Cannot add empty regex")
+ 		try:
--- a/debian/patches/00_daemon_pids.dpatch
+++ b/debian/patches/00_daemon_pids.dpatch
@ -0,0 +1,52 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_daemon_pids.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Optional PID entry which might not be present due to configuration. Also failregex for wu-ftpd got hardened with $ at the end.
+
+@DPATCH@
+diff -urNad trunk~/config/filter.d/pure-ftpd.conf trunk/config/filter.d/pure-ftpd.conf
+--- trunk~/config/filter.d/pure-ftpd.conf	2007-05-05 21:30:21.000000000 -0400
+++ trunk/config/filter.d/pure-ftpd.conf	2007-06-19 23:08:40.000000000 -0400
+@@ -19,7 +19,7 @@
+ #         (?:::f{4,6}:)?(?P<host>\S+)
+ # Values: TEXT
+ #
+-failregex = pure-ftpd: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
+failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
+ 
+ # Option:  ignoreregex
+ # Notes.:  regex to ignore. If this regex matches, the line is ignored.
+diff -urNad trunk~/config/filter.d/sshd-ddos.conf trunk/config/filter.d/sshd-ddos.conf
+--- trunk~/config/filter.d/sshd-ddos.conf	2007-05-05 21:30:21.000000000 -0400
+++ trunk/config/filter.d/sshd-ddos.conf	2007-06-19 23:09:56.000000000 -0400
+@@ -14,7 +14,7 @@
+ #          (?:::f{4,6}:)?(?P<host>\S+)
+ # Values:  TEXT
+ #
+-failregex = sshd\[\S*\]: Did not receive identification string from <HOST>
+failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
+ 
+ # Option:  ignoreregex
+ # Notes.:  regex to ignore. If this regex matches, the line is ignored.
+diff -urNad trunk~/config/filter.d/vsftpd.conf trunk/config/filter.d/vsftpd.conf
+--- trunk~/config/filter.d/vsftpd.conf	2007-05-05 21:30:21.000000000 -0400
+++ trunk/config/filter.d/vsftpd.conf	2007-06-19 23:10:26.000000000 -0400
+@@ -14,7 +14,7 @@
+ #          (?:::f{4,6}:)?(?P<host>\S+)
+ # Values: TEXT
+ #
+-failregex = vsftpd: .* authentication failure; .* rhost=<HOST>$
+failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>$
+             \[.+\] FAIL LOGIN: Client "<HOST>"$
+ 
+ # Option:  ignoreregex
+diff -urNad trunk~/config/filter.d/wuftpd.conf trunk/config/filter.d/wuftpd.conf
+--- trunk~/config/filter.d/wuftpd.conf	2007-05-05 21:30:21.000000000 -0400
+++ trunk/config/filter.d/wuftpd.conf	2007-06-19 23:11:59.000000000 -0400
+@@ -11,4 +11,4 @@
+ # Notes.: regex to match the password failures messages in the logfile.
+ # Values: TEXT
+ #
+-failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>
+failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>$
--- a/debian/patches/00list
+++ b/debian/patches/00list
@ -1,2 +1,4 @@
 00_mail-whois-lines
+00_HOST_ignoreregex
+00_daemon_pids
 10_dbts_manpages