Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban

* 'grep-m1k' of github.com:szepeviktor/fail2ban: Limit the number of log lines in *-lines.conf actions Conflicts: ChangeLog -- took both versions and adjusted the new one for -n 1000 change
9 years ago · c37009aec7
parent a80820e356 c8b3ee10a0
commit c37009aec7
4 changed files with 17 additions and 3 deletions
--- a/3
+++ b/3
@ -19,6 +19,9 @@ ver. 0.9.3 (2015/XX/XXX) - wanna-be-released
       useful under heavy load to avoid contesting on iptables calls.
       If you need to disable, define 'action.d/iptables-common.local'
       with empty value for 'lockingopt' in `[Init]` section.
+   * mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines
+     actions now include by default only the first 1000 log lines in
+	 the emails.  Adjust <grepopts> to augment the behavior.

 - Fixes:
   * reload in interactive mode appends all the jails twice (gh-825)
--- a/config/action.d/mail-whois-lines.conf
+++ b/config/action.d/mail-whois-lines.conf
@ -46,7 +46,7 @@ actionban = printf %%b "Hi,\n
            Here is more information about <ip> :\n
            `%(_whois_command)s`\n\n
            Lines containing IP:<ip> in <logpath>\n
-            `grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
+            `grep -E <grepopts> '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
            Regards,\n
            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from  `uname -n`" <dest>

@ -71,3 +71,7 @@ dest = root
 # Path to the log files which contain relevant lines for the abuser IP
 #
 logpath = /dev/null
+
+# Number of log lines to include in the email
+#
+grepopts = -m 1000
--- a/config/action.d/sendmail-geoip-lines.conf
+++ b/config/action.d/sendmail-geoip-lines.conf
@ -34,7 +34,7 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
            AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`
            hostname: `host -t A <ip> 2>&1`\n\n
            Lines containing IP:<ip> in <logpath>\n
-            `grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
+            `grep -E <grepopts> '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
            Regards,\n
            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

@ -47,3 +47,7 @@ name = default
 # Path to the log files which contain relevant lines for the abuser IP
 #
 logpath = /dev/null
+
+# Number of log lines to include in the email
+#
+grepopts = -m 1000
--- a/config/action.d/sendmail-whois-lines.conf
+++ b/config/action.d/sendmail-whois-lines.conf
@ -26,7 +26,7 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
            Here is more information about <ip> :\n
            `/usr/bin/whois <ip> || echo missing whois program`\n\n
            Lines containing IP:<ip> in <logpath>\n
-            `grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
+            `grep -E <grepopts> '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
            Regards,\n
            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

@ -40,3 +40,6 @@ name = default
 #
 logpath = /dev/null

+# Number of log lines to include in the email
+#
+grepopts = -m 1000