From 7de78f4bb8540e391d67383af69e1c34bad786d4 Mon Sep 17 00:00:00 2001 From: Konstantin Manna Date: Sun, 2 Aug 2015 14:46:07 +0200 Subject: [PATCH 01/11] renamed to correct in protocol --- fail2ban/protocol.py | 2 +- man/fail2ban-client.1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fail2ban/protocol.py b/fail2ban/protocol.py index 2cace91f..5d9fdd65 100644 --- a/fail2ban/protocol.py +++ b/fail2ban/protocol.py @@ -89,7 +89,7 @@ protocol = [ ["set unbanip ", "manually Unban in "], ["set maxretry ", "sets the number of failures before banning the host for "], ["set maxlines ", "sets the number of to buffer for regex search for "], -["set addaction [ ]", "adds a new action named for . Optionally for a Python based action, a and can be specified, else will be a Command Action"], +["set addaction [ ]", "adds a new action named for . Optionally for a Python based action, a and can be specified, else will be a Command Action"], ["set delaction ", "removes the action from "], ["", "COMMAND ACTION CONFIGURATION", ""], ["set action actionstart ", "sets the start command of the action for "], diff --git a/man/fail2ban-client.1 b/man/fail2ban-client.1 index a43123da..39ac8bf6 100644 --- a/man/fail2ban-client.1 +++ b/man/fail2ban-client.1 @@ -229,7 +229,7 @@ sets the number of to buffer for regex search for .TP \fBset addaction [ ]\fR -adds a new action named for +adds a new action named for . Optionally for a Python based action, a and can be specified, From d278fbca306d8bdcc5b3ffe34b1cfc3cd8963f0b Mon Sep 17 00:00:00 2001 From: weberho Date: Wed, 26 Aug 2015 14:48:55 +0200 Subject: [PATCH 02/11] Fixed line suspected to be faulty --- config/jail.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/jail.conf b/config/jail.conf index f545ff13..b6f13840 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -348,7 +348,7 @@ logpath = %(lighttpd_error_log)s [roundcube-auth] port = http,https -logpath = logpath = %(roundcube_errors_log)s +logpath = %(roundcube_errors_log)s [openwebmail] From 60fbf7d7505ff1d20e3550152ea4aa7cac1ffe80 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Wed, 26 Aug 2015 09:03:23 -0400 Subject: [PATCH 03/11] changelog for freshly merged PR (roundcube-auth definition of logpath) --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index b07f876e..4fe225da 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released ----------- - Fixes: + * roundcube-auth jail typo for logpath - New Features: From 835b3ff483b0b62af6c48fdab3aff23730849d48 Mon Sep 17 00:00:00 2001 From: Edward Beckett Date: Sat, 5 Sep 2015 00:12:28 -0400 Subject: [PATCH 04/11] Update apache-badbots.conf Useragent strings including `+http` need to be escaped to be valid. --- config/filter.d/apache-badbots.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/filter.d/apache-badbots.conf b/config/filter.d/apache-badbots.conf index 75c0de03..48b30666 100644 --- a/config/filter.d/apache-badbots.conf +++ b/config/filter.d/apache-badbots.conf @@ -8,7 +8,7 @@ [Definition] badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider -badbots = Atomic_Email_Hunter/4\.0|atSpider/1\.0|autoemailspider|bwh3_user_agent|China Local Browse 2\.6|ContactBot/0\.2|ContentSmartz|DataCha0s/2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailSpider|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Guestbook Auto Submitter|Industry Program 1\.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsCrawl\.com/1\.0 +http\://letscrawl\.com/|Lincoln State Web Browser|LMQueueBot/0\.2|LWP\:\:Simple/5\.803|Mac Finder 1\.0\.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control - 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missigua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|MVAClient|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/3\.0 \(compatible; scan4mail \(advanced version\) http\://www\.peterspages\.net/?scan4mail\)|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)|NameOfAgent \(CMS Spider\)|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\.com|ShablastBot 1\.0|snap\.com beta crawler v0|Snapbot/1\.0|Snapbot/1\.0 \(Snap Shots, +http\://www\.snap\.com\)|sogou develop spider|Sogou Orion spider/3\.0\(+http\://www\.sogou\.com/docs/help/webmasters\.htm#07\)|sogou spider|Sogou web spider/3\.0\(+http\://www\.sogou\.com/docs/help/webmasters\.htm#07\)|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|VadixBot|WebVulnCrawl\.unknown/1\.0 libwww-perl/5\.803|Wells Search II|WEP Search 00 +badbots = Atomic_Email_Hunter/4\.0|atSpider/1\.0|autoemailspider|bwh3_user_agent|China Local Browse 2\.6|ContactBot/0\.2|ContentSmartz|DataCha0s/2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailSpider|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Guestbook Auto Submitter|Industry Program 1\.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsCrawl\.com/1\.0 \+http\://letscrawl\.com/|Lincoln State Web Browser|LMQueueBot/0\.2|LWP\:\:Simple/5\.803|Mac Finder 1\.0\.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control - 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missigua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|MVAClient|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/3\.0 \(compatible; scan4mail \(advanced version\) http\://www\.peterspages\.net/?scan4mail\)|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)|NameOfAgent \(CMS Spider\)|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\.com|ShablastBot 1\.0|snap\.com beta crawler v0|Snapbot/1\.0|Snapbot/1\.0 \(Snap Shots, \+http\://www\.snap\.com\)|sogou develop spider|Sogou Orion spider/3\.0\(\+http\://www\.sogou\.com/docs/help/webmasters\.htm#07\)|sogou spider|Sogou web spider/3\.0\(\+http\://www\.sogou\.com/docs/help/webmasters\.htm#07\)|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|VadixBot|WebVulnCrawl\.unknown/1\.0 libwww-perl/5\.803|Wells Search II|WEP Search 00 failregex = ^ -.*"(GET|POST|HEAD).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$ From 03460d5ed0be3f6b22fd396710ac71f731e1a830 Mon Sep 17 00:00:00 2001 From: Edward Beckett Date: Sun, 6 Sep 2015 01:05:52 -0400 Subject: [PATCH 05/11] Update gen_badbots Added plus char to the regex for escaping user-agent strings. --- files/gen_badbots | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/gen_badbots b/files/gen_badbots index 278058f7..52732317 100755 --- a/files/gen_badbots +++ b/files/gen_badbots @@ -42,7 +42,7 @@ done \ | grep -h -B4 'S '\ | sed -e 's/ //g' \ | awk '/^--/{getline; gsub(" ",""); print $0}' \ -| sed -e 's/\([.\:|()]\)/\\\1/g' \ +| sed -e 's/\([.\:|()+]\)/\\\1/g' \ | uniq \ | tr '\n' '|' \ | sed -e 's/|$//g' From 4bd7991573c266f8d674706b27c816f137676c0d Mon Sep 17 00:00:00 2001 From: Edward Beckett Date: Sun, 6 Sep 2015 01:12:19 -0400 Subject: [PATCH 06/11] Added apache-badbots.conf --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4fe225da..f27e7dfc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,8 @@ ver. 0.9.3 (2015/08/01) - lets-all-stay-friends * filter.d/roundcube-auth.conf - Updated regex to work with 'errors' log (1.0.5 and 1.1.1) - Added regex to work with 'userlogins' log + * filter.d/apache-badbots.conf + - Updated useragent string regex * action.d/sendmail*.conf - use LC_ALL (superseeding LC_TIME) to override locale on systems with customized LC_ALL * performance fix: minimizes connection overhead, close socket only at From 4cf3b576b9feb0525719aa5d0a614d397bb569ea Mon Sep 17 00:00:00 2001 From: sebres Date: Tue, 8 Sep 2015 11:14:46 +0200 Subject: [PATCH 07/11] Bugfix for dnsToIp resolver for fqdn with large list of IPs; closes #1164 --- ChangeLog | 1 + fail2ban/server/filter.py | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f27e7dfc..d49ee82a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,7 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released - Fixes: * roundcube-auth jail typo for logpath + * Fix dnsToIp resolver for fqdn with large list of IPs (gh-1164) - New Features: diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py index 18afb135..6fc2cd6c 100644 --- a/fail2ban/server/filter.py +++ b/fail2ban/server/filter.py @@ -855,8 +855,9 @@ class DNSUtils: """ Convert a DNS into an IP address using the Python socket module. Thanks to Kevin Drapel. """ + # retrieve ip (todo: use AF_INET6 for IPv6) try: - return set(socket.gethostbyname_ex(dns)[2]) + return set([i[4][0] for i in socket.getaddrinfo(dns, None, socket.AF_INET, 0, socket.IPPROTO_TCP)]) except socket.error, e: logSys.warning("Unable to find a corresponding IP address for %s: %s" % (dns, e)) From f5b88bd377baca4f08ed93bc7d93468eb1565d69 Mon Sep 17 00:00:00 2001 From: Edward Beckett Date: Fri, 11 Sep 2015 10:12:57 -0400 Subject: [PATCH 08/11] Updated Changelog --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d49ee82a..2fec408a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released - Fixes: * roundcube-auth jail typo for logpath * Fix dnsToIp resolver for fqdn with large list of IPs (gh-1164) + * filter.d/apache-badbots.conf + - Updated useragent string regex adding escape for `+` - New Features: @@ -45,8 +47,6 @@ ver. 0.9.3 (2015/08/01) - lets-all-stay-friends * filter.d/roundcube-auth.conf - Updated regex to work with 'errors' log (1.0.5 and 1.1.1) - Added regex to work with 'userlogins' log - * filter.d/apache-badbots.conf - - Updated useragent string regex * action.d/sendmail*.conf - use LC_ALL (superseeding LC_TIME) to override locale on systems with customized LC_ALL * performance fix: minimizes connection overhead, close socket only at From 63c7ceb81d2a3e46c916a2e3c530fa7ec83f8c56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Sun, 13 Sep 2015 10:57:51 +0300 Subject: [PATCH 09/11] logrotate: Remove outdated Fedora comment --- files/fail2ban-logrotate | 3 --- 1 file changed, 3 deletions(-) diff --git a/files/fail2ban-logrotate b/files/fail2ban-logrotate index a09870af..ef4da852 100644 --- a/files/fail2ban-logrotate +++ b/files/fail2ban-logrotate @@ -4,9 +4,6 @@ # # Debian: # https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.logrotate -# -# Fedora view: -# http://pkgs.fedoraproject.org/cgit/fail2ban.git/tree/fail2ban-logrotate /var/log/fail2ban.log { rotate 7 From 67a94733a9b3eec7e325dcdbbf411473770d36bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Sun, 13 Sep 2015 11:01:22 +0300 Subject: [PATCH 10/11] logrotate: Do not rotate empty logs As a useful side effect, prevents "Unable to contact server. Is it running?" mails from cron when fail2ban hasn't been (intentionally) running nor thus logging anything either. --- ChangeLog | 1 + files/fail2ban-logrotate | 1 + 2 files changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 2fec408a..811473e7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,7 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released - New Features: - Enhancements: + * Do not rotate empty log files ver. 0.9.3 (2015/08/01) - lets-all-stay-friends ---------- diff --git a/files/fail2ban-logrotate b/files/fail2ban-logrotate index ef4da852..8d94a8b3 100644 --- a/files/fail2ban-logrotate +++ b/files/fail2ban-logrotate @@ -8,6 +8,7 @@ /var/log/fail2ban.log { rotate 7 missingok + notifempty compress postrotate /usr/bin/fail2ban-client flushlogs 1>/dev/null || true From 943efdb1a073668096613d6abc4ade4985928b6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Sun, 13 Sep 2015 11:08:04 +0300 Subject: [PATCH 11/11] Comment spelling fixes --- fail2ban/tests/actiontestcase.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fail2ban/tests/actiontestcase.py b/fail2ban/tests/actiontestcase.py index febbc619..0749edc7 100644 --- a/fail2ban/tests/actiontestcase.py +++ b/fail2ban/tests/actiontestcase.py @@ -224,7 +224,7 @@ class CommandActionTest(LogCaptureTestCase): # First test if can kill the bastard self.assertRaises( RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1) - # Verify that the proccess itself got killed + # Verify that the process itself got killed self.assertFalse(pid_exists(getnastypid())) # process should have been killed self.assertTrue(self._is_logged('timed out')) self.assertTrue(self._is_logged('killed with SIGTERM')) @@ -233,7 +233,7 @@ class CommandActionTest(LogCaptureTestCase): self.assertRaises( RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename, timeout=.2) - # Verify that the proccess itself got killed + # Verify that the process itself got killed self.assertFalse(pid_exists(getnastypid())) self.assertTrue(self._is_logged('timed out')) self.assertTrue(self._is_logged('killed with SIGTERM'))