github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

* Made fail2ban-server tollerate multiple <HOST> entries in failregex

pull/3/head
Yaroslav Halchenko 2006-12-22 18:36:01 +00:00
parent ae96eaa40c
commit caf85bf265
4 changed files with 58 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
debian/changelog vendored
View File

@ -1,7 +1,8 @@
fail2ban (0.7.5-3~pre2) unstable; urgency=low fail2ban (0.7.5-3~pre3) unstable; urgency=low
* Fail2ban now bans vsftpd logins (corrected logfile path and failregex) * Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
(Closes: #404060) (Closes: #404060)
* Made fail2ban-server tollerate multiple <HOST> entries in failregex
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 21 Dec 2006 11:53:22 -0500 -- Yaroslav Halchenko <debian@onerussian.com> Thu, 21 Dec 2006 11:53:22 -0500

1
debian/patches/00list vendored
View File

@ -5,3 +5,4 @@ X00_rigid_python24
10_wuftpd_section 10_wuftpd_section
00_mail-whois-lines 00_mail-whois-lines
10_vsftpd_regex 10_vsftpd_regex
10_multiple_HOST_regexp

54
debian/patches/10_multiple_HOST_regexp.dpatch vendored Executable file
View File

@ -0,0 +1,54 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_multiple_HOST_regexp.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.5~/server/filter.py fail2ban-0.7.5/server/filter.py
--- fail2ban-0.7.5~/server/filter.py 2006-11-26 15:37:31.000000000 -0500
+++ fail2ban-0.7.5/server/filter.py 2006-12-22 13:30:25.000000000 -0500
@@ -170,8 +170,17 @@
self.__failRegex = value
self.__failRegexObj = None
else:
- # Replace "<HOST>" with default regular expression for host.
- regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
+ # Replace "<HOST>"s with regular expression for a hostname,
+ # naming groups hostX where X is a number starting with 1
+ regex = value
+ oldregex = ''; k = 0
+ while ( regex != oldregex ):
+ oldregex = regex
+ k += 1
+ regex = regex.replace("<HOST>",
+ "(?:::f{4,6}:)?(?P<host%d>\S+)" % k,
+ 1)
+
self.__failRegex = regex
self.__failRegexObj = re.compile(regex)
logSys.info("Set failregex = %s" % self.__failRegex)
@@ -435,12 +444,18 @@
+ "this format")
else:
try:
- ipMatch = DNSUtils.textToIp(match.group("host"))
- if ipMatch:
- for ip in ipMatch:
- failList.append([ip, date])
+ allGroups = match.groupdict()
+ hostRe = re.compile('host\d*$')
+ # Select only groups named host\d*
+ hostGroups = filter(lambda x: hostRe.match(x[0]) and x[1],
+ allGroups.iteritems())
+ for hostGroup, hostEntry in hostGroups:
+ ipMatch = DNSUtils.textToIp(hostEntry)
+ if ipMatch:
+ for ip in ipMatch:
+ failList.append([ip, date])
except IndexError:
- logSys.error("There is no 'host' group in the rule. " +
+ logSys.error("There is no 'hostX' group in the rule. " +
"Please correct your configuration.")
return failList

2
debian/patches/10_vsftpd_regex.dpatch vendored
View File

@ -13,7 +13,7 @@ diff -urNad fail2ban-0.7.5~/config/filter.d/vsftpd.conf fail2ban-0.7.5/config/fi
# Values: TEXT # Values: TEXT
# #
-failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST> -failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
+failregex = (?:vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>|\[.+\] FAIL LOGIN: Client "<HOST>")$ +failregex = (?:vsftpd: \(pam_unix\) authentication failure; .* rhost=(?:::f{4,6}:)?(?P<host>\S+)|\[.+\] FAIL LOGIN: Client "(?:::f{4,6}:)?(?P<host2>\S+)"$)
# Option: ignoreregex # Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored. # Notes.: regex to ignore. If this regex matches, the line is ignored.