github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #373 from kwirk/selinux-epoch 

ENH: Allow SE Linux epoch date detection
pull/369/merge
Daniel Black 2013-09-30 16:11:44 -07:00
parent eaba732d5b a8f2448349
commit c8e8478502
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server/datetemplate.py
View File

@ -78,8 +78,7 @@ class DateEpoch(DateTemplate):
def __init__(self): def __init__(self):
DateTemplate.__init__(self) DateTemplate.__init__(self)
# We already know the format for TAI64N self.setRegex("(?:^|(?P<selinux>(?<=audit\()))\d{10}(?:\.\d{3,6})?(?(selinux)(?=:\d+\)))")
self.setRegex("^\d{10}(\.\d{6})?")
def getDate(self, line): def getDate(self, line):
date = None date = None

1
testcases/datedetectortestcase.py
View File

@ -83,6 +83,7 @@ class DateDetectorTest(unittest.TestCase):
"<01/23/05@21:59:59>", "<01/23/05@21:59:59>",
"050123 21:59:59", # MySQL "050123 21:59:59", # MySQL
"Jan-23-05 21:59:59", # ASSP like "Jan-23-05 21:59:59", # ASSP like
"audit(1106513999.123:987)", # SELinux
): ):
log = sdate + "[sshd] error: PAM: Authentication failure" log = sdate + "[sshd] error: PAM: Authentication failure"
# exclude # exclude