github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

amend to #1622: jail-reader supports now multi-line option for multi-line action parameter: 

logpath = a.log
            b.log
            c.log
  action  = ban[...]
          = log[logpath="%(logpath)s"]
closes gh-2341, ultimate fix for gh-976
pull/2348/head
sebres 2019-02-11 11:54:58 +01:00
parent 89c611064d
commit e651bc7866
5 changed files with 53 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config/jail.conf
View File

@ -177,19 +177,19 @@ action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port
# ban & send an e-mail with whois report and relevant log lines # ban & send an e-mail with whois report and relevant log lines
# to the destemail. # to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action # See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
# #
# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines # ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
# to the destemail. # to the destemail.
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"] xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"]
# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines # ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
# to the destemail. # to the destemail.
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
# Report block via blocklist.de fail2ban reporting service API # Report block via blocklist.de fail2ban reporting service API
# #

11
fail2ban/client/jailreader.py
View File

@ -151,12 +151,21 @@ class JailReader(ConfigReader):
self.__filter.getOptions(self.__opts) self.__filter.getOptions(self.__opts)
# Read action # Read action
for act in self.__opts["action"].split('\n'): prevln = ''
actlst = self.__opts["action"].split('\n')
for n, act in enumerate(actlst):
try: try:
if not act: # skip empty actions if not act: # skip empty actions
continue continue
# join with previous line if needed (consider possible new-line):
if prevln: act = prevln + '\n' + act
actName, actOpt = extractOptions(act) actName, actOpt = extractOptions(act)
prevln = ''
if not actName: if not actName:
# consider possible new-line, so repeat with joined next line's:
if n < len(actlst) - 1:
prevln = act
continue
raise JailDefError("Invalid action definition %r" % act) raise JailDefError("Invalid action definition %r" % act)
if actName.endswith(".py"): if actName.endswith(".py"):
self.__actions.append([ self.__actions.append([

24
fail2ban/tests/clientreadertestcase.py
View File

@ -353,6 +353,30 @@ class JailReaderTest(LogCaptureTestCase):
) )
self.assertEqual(expected2, result) self.assertEqual(expected2, result)
def testMultiLineOption(self):
jail = JailReader('multi-log', force_enable=True, basedir=IMPERFECT_CONFIG, share_config=IMPERFECT_CONFIG_SHARE_CFG)
self.assertTrue(jail.read())
self.assertTrue(jail.getOptions())
self.assertEqual(jail.options['logpath'], 'a.log\nb.log\nc.log')
self.assertEqual(jail.options['action'], 'action[actname=\'ban\']\naction[actname=\'log\', logpath="a.log\nb.log\nc.log\nd.log"]\naction[actname=\'test\']')
self.assertSortedEqual([a.convert() for a in jail._JailReader__actions], [
[['set', 'multi-log', 'addaction', 'ban'], ['multi-set', 'multi-log', 'action', 'ban', [
['actionban', 'echo "name: ban, ban: <ip>, logs: a.log\nb.log\nc.log"'],
['actname', 'ban'],
['name', 'multi-log']
]]],
[['set', 'multi-log', 'addaction', 'log'], ['multi-set', 'multi-log', 'action', 'log', [
['actionban', 'echo "name: log, ban: <ip>, logs: a.log\nb.log\nc.log\nd.log"'],
['actname', 'log'],
['logpath', 'a.log\nb.log\nc.log\nd.log'], ['name', 'multi-log']
]]],
[['set', 'multi-log', 'addaction', 'test'], ['multi-set', 'multi-log', 'action', 'test', [
['actionban', 'echo "name: test, ban: <ip>, logs: a.log\nb.log\nc.log"'],
['actname', 'test'],
['name', 'multi-log']
]]]
])
def testVersionAgent(self): def testVersionAgent(self):
unittest.F2B.SkipIfCfgMissing(stock=True) unittest.F2B.SkipIfCfgMissing(stock=True)
jail = JailReader('blocklisttest', force_enable=True, basedir=CONFIG_DIR) jail = JailReader('blocklisttest', force_enable=True, basedir=CONFIG_DIR)

4
fail2ban/tests/config/action.d/action.conf Normal file
View File

@ -0,0 +1,4 @@
[Definition]
actionban = echo "name: <actname>, ban: <ip>, logs: %(logpath)s"

12
fail2ban/tests/config/jail.conf
View File

@ -51,3 +51,15 @@ action =
[tz_correct] [tz_correct]
enabled = true enabled = true
logtimezone = UTC+0200 logtimezone = UTC+0200
[multi-log]
enabled = false
filter =
logpath = a.log
b.log
c.log
log2nd = %(logpath)s
d.log
action = action[actname='ban']
action[actname='log', logpath="%(log2nd)s"]
action[actname='test']