From bc0806d4590fff8e122e7ddf858e34aa231ef9f4 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Thu, 21 Jun 2007 01:47:02 +0000 Subject: [PATCH] * Moved expansion into regex.py (closes: #429263). Thanks James Andrewartha. * Added optional regexp entry for process PID in some entries (closes: #426050). Thanks Roderick Schertler. --- debian/changelog | 9 ++++ debian/patches/00_HOST_ignoreregex.dpatch | 34 +++++++++++++++ debian/patches/00_daemon_pids.dpatch | 52 +++++++++++++++++++++++ debian/patches/00list | 2 + 4 files changed, 97 insertions(+) create mode 100755 debian/patches/00_HOST_ignoreregex.dpatch create mode 100755 debian/patches/00_daemon_pids.dpatch diff --git a/debian/changelog b/debian/changelog index 67a18d73..526ab807 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +fail2ban (0.8.0-3~pre1) unstable; urgency=low + + * Moved expansion into regex.py (closes: #429263). Thanks James + Andrewartha. + * Added optional regexp entry for process PID in some entries (closes: + #426050). Thanks Roderick Schertler. + + -- Yaroslav Halchenko Tue, 19 Jun 2007 23:04:02 -0400 + fail2ban (0.8.0-2) unstable; urgency=low * Manually changing the order of debhelper inserted scripts in prerm diff --git a/debian/patches/00_HOST_ignoreregex.dpatch b/debian/patches/00_HOST_ignoreregex.dpatch new file mode 100755 index 00000000..3284738b --- /dev/null +++ b/debian/patches/00_HOST_ignoreregex.dpatch @@ -0,0 +1,34 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 00_HOST_ignoreregex.dpatch by Yaroslav Halchenko +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad trunk~/server/failregex.py trunk/server/failregex.py +--- trunk~/server/failregex.py 2007-05-05 21:30:22.000000000 -0400 ++++ trunk/server/failregex.py 2007-06-19 23:00:45.000000000 -0400 +@@ -40,9 +40,7 @@ + # avoid construction of invalid object. + # @param value the regular expression + +- def __init__(self, value): +- # Replace "" with default regular expression for host. +- regex = value.replace("", "(?:::f{4,6}:)?(?P\S+)") ++ def __init__(self, regex): + # Initializes the parent. + Regex.__init__(self, regex) + # Check for group "host" +diff -urNad trunk~/server/regex.py trunk/server/regex.py +--- trunk~/server/regex.py 2007-05-05 21:30:22.000000000 -0400 ++++ trunk/server/regex.py 2007-06-19 23:00:21.000000000 -0400 +@@ -42,6 +42,9 @@ + + def __init__(self, regex): + self._matchCache = None ++ # Perform shortcuts expansions ++ # Replace "" with default regular expression for host. ++ regex = regex.replace("", "(?:::f{4,6}:)?(?P\S+)") + if regex.lstrip() == '': + raise RegexException("Cannot add empty regex") + try: diff --git a/debian/patches/00_daemon_pids.dpatch b/debian/patches/00_daemon_pids.dpatch new file mode 100755 index 00000000..8a36f5be --- /dev/null +++ b/debian/patches/00_daemon_pids.dpatch @@ -0,0 +1,52 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 00_daemon_pids.dpatch by Yaroslav Halchenko +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Optional PID entry which might not be present due to configuration. Also failregex for wu-ftpd got hardened with $ at the end. + +@DPATCH@ +diff -urNad trunk~/config/filter.d/pure-ftpd.conf trunk/config/filter.d/pure-ftpd.conf +--- trunk~/config/filter.d/pure-ftpd.conf 2007-05-05 21:30:21.000000000 -0400 ++++ trunk/config/filter.d/pure-ftpd.conf 2007-06-19 23:08:40.000000000 -0400 +@@ -19,7 +19,7 @@ + # (?:::f{4,6}:)?(?P\S+) + # Values: TEXT + # +-failregex = pure-ftpd: (.+?@) \[WARNING\] %(__errmsg)s \[.+\]$ ++failregex = pure-ftpd(?:\[\d+\])?: (.+?@) \[WARNING\] %(__errmsg)s \[.+\]$ + + # Option: ignoreregex + # Notes.: regex to ignore. If this regex matches, the line is ignored. +diff -urNad trunk~/config/filter.d/sshd-ddos.conf trunk/config/filter.d/sshd-ddos.conf +--- trunk~/config/filter.d/sshd-ddos.conf 2007-05-05 21:30:21.000000000 -0400 ++++ trunk/config/filter.d/sshd-ddos.conf 2007-06-19 23:09:56.000000000 -0400 +@@ -14,7 +14,7 @@ + # (?:::f{4,6}:)?(?P\S+) + # Values: TEXT + # +-failregex = sshd\[\S*\]: Did not receive identification string from ++failregex = sshd(?:\[\d+\])?: Did not receive identification string from $ + + # Option: ignoreregex + # Notes.: regex to ignore. If this regex matches, the line is ignored. +diff -urNad trunk~/config/filter.d/vsftpd.conf trunk/config/filter.d/vsftpd.conf +--- trunk~/config/filter.d/vsftpd.conf 2007-05-05 21:30:21.000000000 -0400 ++++ trunk/config/filter.d/vsftpd.conf 2007-06-19 23:10:26.000000000 -0400 +@@ -14,7 +14,7 @@ + # (?:::f{4,6}:)?(?P\S+) + # Values: TEXT + # +-failregex = vsftpd: .* authentication failure; .* rhost=$ ++failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=$ + \[.+\] FAIL LOGIN: Client ""$ + + # Option: ignoreregex +diff -urNad trunk~/config/filter.d/wuftpd.conf trunk/config/filter.d/wuftpd.conf +--- trunk~/config/filter.d/wuftpd.conf 2007-05-05 21:30:21.000000000 -0400 ++++ trunk/config/filter.d/wuftpd.conf 2007-06-19 23:11:59.000000000 -0400 +@@ -11,4 +11,4 @@ + # Notes.: regex to match the password failures messages in the logfile. + # Values: TEXT + # +-failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost= ++failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=$ diff --git a/debian/patches/00list b/debian/patches/00list index 7b3bdf7e..a43407a1 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -1,2 +1,4 @@ 00_mail-whois-lines +00_HOST_ignoreregex +00_daemon_pids 10_dbts_manpages