diff --git a/ChangeLog b/ChangeLog index 95727168..59c71b01 100644 --- a/ChangeLog +++ b/ChangeLog @@ -77,11 +77,13 @@ ver. 0.10.5-dev-1 (20??/??/??) - development edition * `filter.d/named-refused.conf`: - support BIND 9.11.0 log format (includes an additional field @0xXXX..., gh-2406); - `prefregex` extended, more selective now (denied/NOTAUTH suffix moved from failregex, so no catch-all there anymore) +* all filters would accept square brackets around IPv4 addresses also (e. g. monit-filter, gh-2494) ### New Features * new replacement tags for failregex to match subnets in form of IP-addresses with CIDR mask (gh-2559): - `` - helper regex to match CIDR (simple integer form of net-mask); - `` - regex to match sub-net adresses (in form of IP/CIDR, also single IP is matched, so part /CIDR is optional); +* grouped tags (``, ``, ``) recognize IP addresses enclosed in square brackets * new failregex-flag tag `` for failregex, signaled that the access to service was gained (ATM used similar to tag ``, but it does not add the log-line to matches, gh-2279) * filters: introduced new configuration parameter `logtype` (default `file` for file-backends, and diff --git a/fail2ban/server/failregex.py b/fail2ban/server/failregex.py index bb8a2b29..f7dafbef 100644 --- a/fail2ban/server/failregex.py +++ b/fail2ban/server/failregex.py @@ -37,8 +37,6 @@ R_HOST = [ r"""(?:::f{4,6}:)?(?P%s)""" % (IPAddr.IP_4_RE,), # separated ipv6: r"""(?P%s)""" % (IPAddr.IP_6_RE,), - # place-holder for ipv6 enclosed in optional [] (used in addr-, host-regex) - "", # separated dns: r"""(?P[\w\-.^_]*\w)""", # place-holder for ADDR tag-replacement (joined): @@ -52,17 +50,15 @@ R_HOST = [ ] RI_IPV4 = 0 RI_IPV6 = 1 -RI_IPV6BR = 2 -RI_DNS = 3 -RI_ADDR = 4 -RI_HOST = 5 -RI_CIDR = 6 -RI_SUBNET = 7 +RI_DNS = 2 +RI_ADDR = 3 +RI_HOST = 4 +RI_CIDR = 5 +RI_SUBNET = 6 -R_HOST[RI_IPV6BR] = r"""\[?%s\]?""" % (R_HOST[RI_IPV6],) -R_HOST[RI_ADDR] = "(?:%s|%s)" % (R_HOST[RI_IPV4], R_HOST[RI_IPV6BR],) -R_HOST[RI_HOST] = "(?:%s|%s|%s)" % (R_HOST[RI_IPV4], R_HOST[RI_IPV6BR], R_HOST[RI_DNS],) -R_HOST[RI_SUBNET] = r"""(?:%s|%s)(?:/%s)?""" % (R_HOST[RI_IPV4], R_HOST[RI_IPV6], R_HOST[RI_CIDR],) +R_HOST[RI_ADDR] = r"\[?(?:%s|%s)\]?" % (R_HOST[RI_IPV4], R_HOST[RI_IPV6],) +R_HOST[RI_HOST] = r"(?:%s|%s)" % (R_HOST[RI_ADDR], R_HOST[RI_DNS],) +R_HOST[RI_SUBNET] = r"\[?(?:%s|%s)(?:/%s)?\]?" % (R_HOST[RI_IPV4], R_HOST[RI_IPV6], R_HOST[RI_CIDR],) RH4TAG = { # separated ipv4 (self closed, closed): diff --git a/fail2ban/tests/files/logs/monit b/fail2ban/tests/files/logs/monit index 57437046..8dbddaf6 100644 --- a/fail2ban/tests/files/logs/monit +++ b/fail2ban/tests/files/logs/monit @@ -19,3 +19,6 @@ Mar 9 09:18:32 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3 Mar 9 09:18:33 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3.4: unknown user 'test1' # failJSON: { "time": "2005-03-09T09:18:34", "match": true, "host": "1.2.3.4", "desc": "wrong password try" } Mar 9 09:18:34 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3.4: wrong password for user 'test2' + +# failJSON: { "time": "2005-08-06T10:14:52", "match": true, "host": "192.168.1.85", "desc": "IP in brackets, gh-2494" } +[CEST Aug 6 10:14:52] error : HttpRequest: access denied -- client [192.168.1.85]: wrong password for user 'root'