From c9ba695ba349db84fd4302e0c089e0d9a4423d3b Mon Sep 17 00:00:00 2001 From: sebres Date: Fri, 28 Dec 2018 00:04:15 +0100 Subject: [PATCH 1/4] minor, no cover for 3.x (2.6 only) --- fail2ban/server/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fail2ban/server/utils.py b/fail2ban/server/utils.py index 7104bb45..46bb33b8 100644 --- a/fail2ban/server/utils.py +++ b/fail2ban/server/utils.py @@ -111,7 +111,7 @@ class Utils(): if len(cache) >= self.maxCount: if OrderedDict is not dict: # first (older): cache.popitem(False) - else: + else: # pragma: 3.x no cover cache.popitem() cache[k] = (v, t + self.maxTime) From 67247999ff9aeb38ef376f53faffcc4c74a0919f Mon Sep 17 00:00:00 2001 From: "Sergey G. Brester" Date: Sun, 6 Jan 2019 17:03:09 +0100 Subject: [PATCH 2/4] closes #2313: missing dependency to nftables.service --- files/fail2ban.service.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/fail2ban.service.in b/files/fail2ban.service.in index 24dcb51e..f00a3a23 100644 --- a/files/fail2ban.service.in +++ b/files/fail2ban.service.in @@ -1,8 +1,8 @@ [Unit] Description=Fail2Ban Service Documentation=man:fail2ban(1) -After=network.target iptables.service firewalld.service ip6tables.service ipset.service -PartOf=iptables.service firewalld.service ip6tables.service ipset.service +After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service +PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service [Service] Type=simple From a13fdcf4f7ae0f1660ad047dddda3b92e25dcae2 Mon Sep 17 00:00:00 2001 From: sebres Date: Mon, 7 Jan 2019 01:34:12 +0100 Subject: [PATCH 3/4] closes gh-2314: extended regex for mysql 8.0.13 if used logging with details (e. g. log-error-verbosity = 3, so log output has few additional words enclosed in brackets after "[Note]"). --- config/filter.d/mysqld-auth.conf | 2 +- fail2ban/tests/files/logs/mysqld-auth | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/config/filter.d/mysqld-auth.conf b/config/filter.d/mysqld-auth.conf index 31bd2056..940298cc 100644 --- a/config/filter.d/mysqld-auth.conf +++ b/config/filter.d/mysqld-auth.conf @@ -17,7 +17,7 @@ before = common.conf _daemon = mysqld -failregex = ^%(__prefix_line)s(?:\d+ |\d{6} \s?\d{1,2}:\d{2}:\d{2} )?\[\w+\] Access denied for user '[^']+'@'' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$ +failregex = ^%(__prefix_line)s(?:\d+ |\d{6} \s?\d{1,2}:\d{2}:\d{2} )?\[\w+\] (?:\[[^\]]+\] )*Access denied for user '[^']+'@'' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$ ignoreregex = diff --git a/fail2ban/tests/files/logs/mysqld-auth b/fail2ban/tests/files/logs/mysqld-auth index ebb8c0c4..3f4c2436 100644 --- a/fail2ban/tests/files/logs/mysqld-auth +++ b/fail2ban/tests/files/logs/mysqld-auth @@ -25,3 +25,6 @@ Sep 16 21:30:32 catinthehat mysqld: 130916 21:30:32 [Warning] Access denied for # failJSON: { "time": "2016-02-24T15:26:18", "match": false , "host": "localhost", "desc": "A hypothetical example of injection having full log line first (for paranoid yoh)" } 2016-02-24T15:26:18.237955 6 [Note] Access denied for user 'root'@'localhost' (using password: YES) condition lead to a hypothetical failure + +# failJSON: { "time": "2019-01-03T09:50:04", "match": true , "host": "192.0.2.1", "desc": "mysql 8.0.13 logging with details, (log-error-verbosity = 3, gh-2314)" } +2019-01-03T08:50:04.634875Z 113 [Note] [MY-010926] [Server] Access denied for user 'root'@'192.0.2.1' (using password: NO) From 4108e04ab404cc9b2965669d0c9cab0909ecc018 Mon Sep 17 00:00:00 2001 From: "Sergey G. Brester" Date: Mon, 7 Jan 2019 01:50:44 +0100 Subject: [PATCH 4/4] Update ChangeLog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index ea71326d..f24c43ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,10 @@ ver. 0.10.5-dev-1 (20??/??/??) - development edition * `filter.d/sshd.conf`: - captures `Disconnecting ...: Change of username or service not allowed` (gh-2239, gh-2279) - captures `Disconnected from ... [preauth]` (`extra`/`aggressive` mode and preauth phase only, gh-2239, gh-2279) +* `filter.d/mysqld-auth.conf`: + - MYSQL 8.0.13 compatibility (log-error-verbosity = 3), log-format contains few additional words + enclosed in brackets after "[Note]" (gh-2314) +* `files/fail2ban.service.in`: fixed systemd-unit template - missing nftables dependency (gh-2313) ### New Features * new failregex-flag tag `` for failregex, signaled that the access to service was gained