github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

implements special datepattern `{NONE}` - allow to find failures without date-time in log messages (filter use now as timestamp) 

closes gh-2802
pull/2814/head
sebres 2020-08-20 20:27:39 +02:00
parent b82f584a96
commit f21c58dc72
3 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fail2ban/server/datedetector.py
View File

@ -282,6 +282,8 @@ class DateDetector(object):
elif "{DATE}" in key: elif "{DATE}" in key:
self.addDefaultTemplate(preMatch=pattern, allDefaults=False) self.addDefaultTemplate(preMatch=pattern, allDefaults=False)
return return
elif key == "{NONE}":
template = _getPatternTemplate('{UNB}^', key)
else: else:
template = _getPatternTemplate(pattern, key) template = _getPatternTemplate(pattern, key)

6
fail2ban/server/filter.py
View File

@ -625,6 +625,11 @@ class Filter(JailThread):
self.__lastDate = date self.__lastDate = date
else: else:
logSys.error("findFailure failed to parse timeText: %s", m) logSys.error("findFailure failed to parse timeText: %s", m)
else:
# matched empty value - date is optional or not available - set it to now:
date = MyTime.time()
self.__lastTimeText = ""
self.__lastDate = date
else: else:
tupleLine = ("", "", line) tupleLine = ("", "", line)
# still no date - try to use last known: # still no date - try to use last known:
@ -651,7 +656,6 @@ class Filter(JailThread):
else: else:
# in initialization (restore) phase, if too old - ignore: # in initialization (restore) phase, if too old - ignore:
if date is not None and date < MyTime.time() - self.getFindTime(): if date is not None and date < MyTime.time() - self.getFindTime():
print('**********')
# log time zone issue as warning once per day: # log time zone issue as warning once per day:
self._logWarnOnce("_next_ignByTimeWarn", self._logWarnOnce("_next_ignByTimeWarn",
("Ignore line since time %s < %s - %s", ("Ignore line since time %s < %s - %s",

19
fail2ban/tests/fail2banregextestcase.py
View File

@ -81,6 +81,7 @@ def _test_exec_command_line(*args):
return _exit_code return _exit_code
STR_00 = "Dec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 192.0.2.0" STR_00 = "Dec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 192.0.2.0"
STR_00_NODT = "[sshd] error: PAM: Authentication failure for kevin from 192.0.2.0"
RE_00 = r"(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>" RE_00 = r"(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>"
RE_00_ID = r"Authentication failure for <F-ID>.*?</F-ID> from <ADDR>$" RE_00_ID = r"Authentication failure for <F-ID>.*?</F-ID> from <ADDR>$"
@ -361,6 +362,24 @@ class Fail2banRegexTest(LogCaptureTestCase):
self.assertLogged('192.0.2.0, kevin, inet4') self.assertLogged('192.0.2.0, kevin, inet4')
self.pruneLog() self.pruneLog()
def testNoDateTime(self):
# datepattern doesn't match:
self.assertTrue(_test_exec('-d', '{^LN-BEG}EPOCH', '-o', 'Found-ID:<F-ID>', STR_00_NODT, RE_00_ID))
self.assertLogged(
"Found a match but no valid date/time found",
"Match without a timestamp:",
"Found-ID:kevin", all=True)
self.pruneLog()
# explicitly no datepattern:
self.assertTrue(_test_exec('-d', '{NONE}', '-o', 'Found-ID:<F-ID>', STR_00_NODT, RE_00_ID))
self.assertLogged(
"Found-ID:kevin", all=True)
self.assertNotLogged(
"Found a match but no valid date/time found",
"Match without a timestamp:", all=True)
self.pruneLog()
def testFrmtOutputWrapML(self): def testFrmtOutputWrapML(self):
unittest.F2B.SkipIfCfgMissing(stock=True) unittest.F2B.SkipIfCfgMissing(stock=True)
# complex substitution using tags and message (ip, user, msg): # complex substitution using tags and message (ip, user, msg):