github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

fail2ban-regex: ignore lines having not empty match of `<F-NOFAIL>` from failregex (not a failure, so count as ignored and not as matched).

pull/2189/head
sebres 2018-07-18 15:23:56 +02:00
parent 8fe07e29ad
commit d92381aaa9
2 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
fail2ban/client/fail2banregex.py
View File

@ -411,17 +411,23 @@ class Fail2banRegex(object):
def testRegex(self, line, date=None): def testRegex(self, line, date=None):
orgLineBuffer = self._filter._Filter__lineBuffer orgLineBuffer = self._filter._Filter__lineBuffer
fullBuffer = len(orgLineBuffer) >= self._filter.getMaxLines() fullBuffer = len(orgLineBuffer) >= self._filter.getMaxLines()
is_ignored = False
try: try:
ret = self._filter.processLine(line, date) found = self._filter.processLine(line, date)
lines = [] lines = []
line = self._filter.processedLine() line = self._filter.processedLine()
for match in ret: ret = []
for match in found:
# Append True/False flag depending if line was matched by # Append True/False flag depending if line was matched by
# more than one regex # more than one regex
match.append(len(ret)>1) match.append(len(ret)>1)
regex = self._failregex[match[0]] regex = self._failregex[match[0]]
regex.inc() regex.inc()
regex.appendIP(match) regex.appendIP(match)
if not match[3].get('nofail'):
ret.append(match)
else:
is_ignored = True
except RegexException as e: # pragma: no cover except RegexException as e: # pragma: no cover
output( 'ERROR: %s' % e ) output( 'ERROR: %s' % e )
return False return False
@ -447,13 +453,13 @@ class Fail2banRegex(object):
if lines: # pre-lines parsed in multiline mode (buffering) if lines: # pre-lines parsed in multiline mode (buffering)
lines.append(line) lines.append(line)
line = "\n".join(lines) line = "\n".join(lines)
return line, ret return line, ret, is_ignored
def process(self, test_lines): def process(self, test_lines):
t0 = time.time() t0 = time.time()
for line in test_lines: for line in test_lines:
if isinstance(line, tuple): if isinstance(line, tuple):
line_datetimestripped, ret = self.testRegex( line_datetimestripped, ret, is_ignored = self.testRegex(
line[0], line[1]) line[0], line[1])
line = "".join(line[0]) line = "".join(line[0])
else: else:
@ -461,8 +467,9 @@ class Fail2banRegex(object):
if line.startswith('#') or not line: if line.startswith('#') or not line:
# skip comment and empty lines # skip comment and empty lines
continue continue
line_datetimestripped, ret = self.testRegex(line) line_datetimestripped, ret, is_ignored = self.testRegex(line)
is_ignored = self.testIgnoreRegex(line_datetimestripped) if not is_ignored:
is_ignored = self.testIgnoreRegex(line_datetimestripped)
if is_ignored: if is_ignored:
self._line_stats.ignored += 1 self._line_stats.ignored += 1

2
fail2ban/tests/fail2banregextestcase.py
View File

@ -209,7 +209,7 @@ class Fail2banRegexTest(LogCaptureTestCase):
def testVerboseFullSshd(self): def testVerboseFullSshd(self):
(opts, args, fail2banRegex) = _Fail2banRegex( (opts, args, fail2banRegex) = _Fail2banRegex(
"-l", "notice", # put down log-level, because of too many debug-messages "-l", "notice", # put down log-level, because of too many debug-messages
"-v", "--verbose-date", "--print-all-matched", "-v", "--verbose-date", "--print-all-matched", "--print-all-ignored",
"-c", CONFIG_DIR, "-c", CONFIG_DIR,
Fail2banRegexTest.FILENAME_SSHD, "sshd" Fail2banRegexTest.FILENAME_SSHD, "sshd"
) )