From d92381aaa92129ef73d622a59d09e4901b14d677 Mon Sep 17 00:00:00 2001 From: sebres Date: Wed, 18 Jul 2018 15:23:56 +0200 Subject: [PATCH] fail2ban-regex: ignore lines having not empty match of `` from failregex (not a failure, so count as ignored and not as matched). --- fail2ban/client/fail2banregex.py | 19 +++++++++++++------ fail2ban/tests/fail2banregextestcase.py | 2 +- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py index 6add0eaa..68b7b7c3 100644 --- a/fail2ban/client/fail2banregex.py +++ b/fail2ban/client/fail2banregex.py @@ -411,17 +411,23 @@ class Fail2banRegex(object): def testRegex(self, line, date=None): orgLineBuffer = self._filter._Filter__lineBuffer fullBuffer = len(orgLineBuffer) >= self._filter.getMaxLines() + is_ignored = False try: - ret = self._filter.processLine(line, date) + found = self._filter.processLine(line, date) lines = [] line = self._filter.processedLine() - for match in ret: + ret = [] + for match in found: # Append True/False flag depending if line was matched by # more than one regex match.append(len(ret)>1) regex = self._failregex[match[0]] regex.inc() regex.appendIP(match) + if not match[3].get('nofail'): + ret.append(match) + else: + is_ignored = True except RegexException as e: # pragma: no cover output( 'ERROR: %s' % e ) return False @@ -447,13 +453,13 @@ class Fail2banRegex(object): if lines: # pre-lines parsed in multiline mode (buffering) lines.append(line) line = "\n".join(lines) - return line, ret + return line, ret, is_ignored def process(self, test_lines): t0 = time.time() for line in test_lines: if isinstance(line, tuple): - line_datetimestripped, ret = self.testRegex( + line_datetimestripped, ret, is_ignored = self.testRegex( line[0], line[1]) line = "".join(line[0]) else: @@ -461,8 +467,9 @@ class Fail2banRegex(object): if line.startswith('#') or not line: # skip comment and empty lines continue - line_datetimestripped, ret = self.testRegex(line) - is_ignored = self.testIgnoreRegex(line_datetimestripped) + line_datetimestripped, ret, is_ignored = self.testRegex(line) + if not is_ignored: + is_ignored = self.testIgnoreRegex(line_datetimestripped) if is_ignored: self._line_stats.ignored += 1 diff --git a/fail2ban/tests/fail2banregextestcase.py b/fail2ban/tests/fail2banregextestcase.py index c3919230..44acfd35 100644 --- a/fail2ban/tests/fail2banregextestcase.py +++ b/fail2ban/tests/fail2banregextestcase.py @@ -209,7 +209,7 @@ class Fail2banRegexTest(LogCaptureTestCase): def testVerboseFullSshd(self): (opts, args, fail2banRegex) = _Fail2banRegex( "-l", "notice", # put down log-level, because of too many debug-messages - "-v", "--verbose-date", "--print-all-matched", + "-v", "--verbose-date", "--print-all-matched", "--print-all-ignored", "-c", CONFIG_DIR, Fail2banRegexTest.FILENAME_SSHD, "sshd" )