github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:fail2ban/fail2ban 

* 'master' of github.com:fail2ban/fail2ban:
  Update courier-smtp.conf
  I don't understand those years.
  added Jul 3 & Jul 4
  Update courier-smtp.conf
  named users + smtp atuh probes
  BF: Remove manually unbanned IPs from persistent database
  typo
pull/774/head
Yaroslav Halchenko 2014-07-28 10:14:40 -04:00
parent edfdeecfe6 f9cfbd66e6
commit effa1bc757
7 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -39,6 +39,8 @@ ver. 0.9.1 (2014/xx/xx) - better, faster, stronger
* Per-distribution paths to the exim's main log * Per-distribution paths to the exim's main log
* Ignored IPs are no longer banned when being restored from persistent * Ignored IPs are no longer banned when being restored from persistent
database database
* Manually unbanned IPs are now removed from persistent database, such they
wont be banned again when Fail2Ban is restarted
- New features: - New features:
- Added - Added

3
config/filter.d/courier-smtp.conf
View File

@ -12,7 +12,8 @@ before = common.conf
_daemon = courieresmtpd _daemon = courieresmtpd
failregex = ^%(__prefix_line)serror,relay=<HOST>,.*: 550 User unknown\.$ failregex = ^%(__prefix_line)serror,relay=<HOST>,.*: 550 User (<.*> )?unknown\.?$
^%(__prefix_line)serror,relay=<HOST>,msg="535 Authentication failed\.",cmd:( AUTH \S+)?( [0-9a-zA-Z\+/=]+)?$
ignoreregex = ignoreregex =

2
config/jail.conf
View File

@ -10,7 +10,7 @@
# #
# YOU SHOULD NOT MODIFY THIS FILE. # YOU SHOULD NOT MODIFY THIS FILE.
# #
# It will probably be overwitten or improved in a distribution update. # It will probably be overwritten or improved in a distribution update.
# #
# Provide customizations in a jail.local file or a jail.d/customisation.local. # Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the # For example to change the default bantime for all jails and to enable the

2
fail2ban/server/actions.py
View File

@ -197,6 +197,8 @@ class Actions(JailThread, Mapping):
if ticket is not None: if ticket is not None:
# Unban the IP. # Unban the IP.
self.__unBan(ticket) self.__unBan(ticket)
if self._jail.database is not None:
self._jail.database.delBan(self._jail, ticket)
else: else:
raise ValueError("IP %s is not banned" % ip) raise ValueError("IP %s is not banned" % ip)

17
fail2ban/server/database.py
View File

@ -368,10 +368,25 @@ class Fail2BanDb(object):
#TODO: Implement data parts once arbitrary match keys completed #TODO: Implement data parts once arbitrary match keys completed
cur.execute( cur.execute(
"INSERT INTO bans(jail, ip, timeofban, data) VALUES(?, ?, ?, ?)", "INSERT INTO bans(jail, ip, timeofban, data) VALUES(?, ?, ?, ?)",
(jail.name, ticket.getIP(), round(ticket.getTime()), (jail.name, ticket.getIP(), int(round(ticket.getTime())),
{"matches": ticket.getMatches(), {"matches": ticket.getMatches(),
"failures": ticket.getAttempt()})) "failures": ticket.getAttempt()}))
@commitandrollback
def delBan(self, cur, jail, ticket):
"""Delete a ban from the database.
Parameters
----------
jail : Jail
Jail in which the ban has occurred.
ticket : BanTicket
Ticket of the ban to be removed.
"""
cur.execute(
"DELETE FROM bans WHERE jail = ? AND ip = ? AND timeofban = ?",
(jail.name, ticket.getIP(), int(round(ticket.getTime()))))
@commitandrollback @commitandrollback
def _getBans(self, cur, jail=None, bantime=None, ip=None): def _getBans(self, cur, jail=None, bantime=None, ip=None):
query = "SELECT ip, timeofban, data FROM bans WHERE 1" query = "SELECT ip, timeofban, data FROM bans WHERE 1"

6
fail2ban/tests/databasetestcase.py
View File

@ -173,6 +173,12 @@ class DatabaseTest(unittest.TestCase):
self.assertTrue( self.assertTrue(
isinstance(self.db.getBans(jail=self.jail)[0], FailTicket)) isinstance(self.db.getBans(jail=self.jail)[0], FailTicket))
def testDelBan(self):
self.testAddBan()
ticket = self.db.getBans(jail=self.jail)[0]
self.db.delBan(self.jail, ticket)
self.assertEqual(len(self.db.getBans(jail=self.jail)), 0)
def testGetBansWithTime(self): def testGetBansWithTime(self):
if Fail2BanDb is None: # pragma: no cover if Fail2BanDb is None: # pragma: no cover
return return

4
fail2ban/tests/files/logs/courier-smtp
View File

@ -1,5 +1,9 @@
# failJSON: { "time": "2005-04-10T03:47:57", "match": true , "host": "1.2.3.4" } # failJSON: { "time": "2005-04-10T03:47:57", "match": true , "host": "1.2.3.4" }
Apr 10 03:47:57 web courieresmtpd: error,relay=::ffff:1.2.3.4,ident=tmf,from=<tmf@example.com>,to=<mailman-subscribe@example.com>: 550 User unknown. Apr 10 03:47:57 web courieresmtpd: error,relay=::ffff:1.2.3.4,ident=tmf,from=<tmf@example.com>,to=<mailman-subscribe@example.com>: 550 User unknown.
# failJSON: { "time": "2005-07-03T23:07:20", "match": true , "host": "1.2.3.4" }
Jul 3 23:07:20 szerver courieresmtpd: error,relay=::ffff:1.2.3.4,msg="535 Authentication failed.",cmd: YWRvYmVhZG9iZQ==
# failJSON: { "time": "2005-07-04T18:39:39", "match": true , "host": "1.2.3.4" }
Jul 4 18:39:39 mail courieresmtpd: error,relay=::ffff:1.2.3.4,from=<picaro@astroboymail.com>,to=<user@update.net>: 550 User <benny> unknown
# failJSON: { "time": "2005-07-06T03:42:28", "match": true , "host": "1.2.3.4" } # failJSON: { "time": "2005-07-06T03:42:28", "match": true , "host": "1.2.3.4" }
Jul 6 03:42:28 whistler courieresmtpd: error,relay=::ffff:1.2.3.4,from=<>,to=<admin at memcpy>: 550 User unknown. Jul 6 03:42:28 whistler courieresmtpd: error,relay=::ffff:1.2.3.4,from=<>,to=<admin at memcpy>: 550 User unknown.
# failJSON: { "time": "2004-11-21T23:16:17", "match": true , "host": "1.2.3.4" } # failJSON: { "time": "2004-11-21T23:16:17", "match": true , "host": "1.2.3.4" }