github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch '0.10' into 0.11

pull/2116/head
sebres 2018-04-04 15:55:59 +02:00
parent 7dfd61f462 02bae2962d
commit f877980da9
5 changed files with 55 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -88,6 +88,8 @@ ver. 0.10.3-dev-1 (20??/??/??) - development edition
e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line. e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line.
* badips.py now uses https instead of plain http when requesting badips.com (gh-2057); * badips.py now uses https instead of plain http when requesting badips.com (gh-2057);
* add support for "any" badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056); * add support for "any" badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056);
* Introduced new parameter `padding` for logging within fail2ban-server (default on, excepting SYSLOG):
Usage `logtarget = target[padding=on|off]`
ver. 0.10.2 (2018/01/18) - nothing-burns-like-the-cold ver. 0.10.2 (2018/01/18) - nothing-burns-like-the-cold

9
fail2ban/helpers.py
View File

@ -143,7 +143,7 @@ def str2LogLevel(value):
raise ValueError("Invalid log level %r" % value) raise ValueError("Invalid log level %r" % value)
return ll return ll
def getVerbosityFormat(verbosity, fmt=' %(message)s', addtime=True): def getVerbosityFormat(verbosity, fmt=' %(message)s', addtime=True, padding=True):
"""Custom log format for the verbose runs """Custom log format for the verbose runs
""" """
if verbosity > 1: # pragma: no cover if verbosity > 1: # pragma: no cover
@ -155,6 +155,13 @@ def getVerbosityFormat(verbosity, fmt=' %(message)s', addtime=True):
fmt = ' %(thread)X %(levelname)-5.5s' + fmt fmt = ' %(thread)X %(levelname)-5.5s' + fmt
if addtime: if addtime:
fmt = ' %(asctime)-15s' + fmt fmt = ' %(asctime)-15s' + fmt
else: # default (not verbose):
fmt = "%(name)-23.23s [%(process)d]: %(levelname)-7s" + fmt
if addtime:
fmt = "%(asctime)s " + fmt
# remove padding if not needed:
if not padding:
fmt = re.sub(r'(?<=\))-?\d+(?:\.\d+)?s', lambda m: 's', fmt)
return fmt return fmt

20
fail2ban/server/server.py
View File

@ -587,10 +587,12 @@ class Server:
if systarget == "INHERITED": if systarget == "INHERITED":
self.__logTarget = target self.__logTarget = target
return True return True
padding = logOptions.get('padding')
# set a format which is simpler for console use # set a format which is simpler for console use
fmt = "%(name)-23.23s [%(process)d]: %(levelname)-7s %(message)s"
if systarget == "SYSLOG": if systarget == "SYSLOG":
facility = logOptions.get('facility', 'DAEMON').upper() facility = logOptions.get('facility', 'DAEMON').upper()
# backwards compatibility - default no padding for syslog handler:
if padding is None: padding = '0'
try: try:
facility = getattr(logging.handlers.SysLogHandler, 'LOG_' + facility) facility = getattr(logging.handlers.SysLogHandler, 'LOG_' + facility)
except AttributeError: # pragma: no cover except AttributeError: # pragma: no cover
@ -651,15 +653,19 @@ class Server:
addtime = addtime in ('1', 'on', 'true', 'yes') addtime = addtime in ('1', 'on', 'true', 'yes')
else: else:
addtime = systarget not in ("SYSLOG", "SYSOUT") addtime = systarget not in ("SYSLOG", "SYSOUT")
if padding is not None:
padding = padding in ('1', 'on', 'true', 'yes')
else:
padding = True
# If log-format is redefined in options: # If log-format is redefined in options:
if logOptions.get('format', '') != '': if logOptions.get('format', '') != '':
fmt = logOptions.get('format') fmt = logOptions.get('format')
# verbose log-format: else:
elif self.__verbose is not None and self.__verbose > 2: # pragma: no cover # verbose log-format:
fmt = getVerbosityFormat(self.__verbose-1, verbose = 0
addtime=addtime) if self.__verbose is not None and self.__verbose > 2: # pragma: no cover
elif addtime: verbose = self.__verbose-1
fmt = "%(asctime)s " + fmt fmt = getVerbosityFormat(verbose, addtime=addtime, padding=padding)
# tell the handler to use this format # tell the handler to use this format
hdlr.setFormatter(logging.Formatter(fmt)) hdlr.setFormatter(logging.Formatter(fmt))
logger.addHandler(hdlr) logger.addHandler(hdlr)

45
fail2ban/tests/filtertestcase.py
View File

@ -25,6 +25,7 @@ __license__ = "GPL"
from __builtin__ import open as fopen from __builtin__ import open as fopen
import unittest import unittest
import os import os
import re
import sys import sys
import time, datetime import time, datetime
import tempfile import tempfile
@ -43,7 +44,7 @@ from ..server.ipdns import DNSUtils, IPAddr
from ..server.mytime import MyTime from ..server.mytime import MyTime
from ..server.utils import Utils, uni_decode from ..server.utils import Utils, uni_decode
from .utils import setUpMyTime, tearDownMyTime, mtimesleep, with_tmpdir, LogCaptureTestCase, \ from .utils import setUpMyTime, tearDownMyTime, mtimesleep, with_tmpdir, LogCaptureTestCase, \
CONFIG_DIR as STOCK_CONF_DIR logSys as DefLogSys, CONFIG_DIR as STOCK_CONF_DIR
from .dummyjail import DummyJail from .dummyjail import DummyJail
TEST_FILES_DIR = os.path.join(os.path.dirname(__file__), "files") TEST_FILES_DIR = os.path.join(os.path.dirname(__file__), "files")
@ -424,19 +425,35 @@ class IgnoreIPDNS(LogCaptureTestCase):
self.jail = DummyJail() self.jail = DummyJail()
self.filter = FileFilter(self.jail) self.filter = FileFilter(self.jail)
def testIgnoreIPDNSOK(self): def testIgnoreIPDNS(self):
self.filter.addIgnoreIP("www.epfl.ch") for dns in ("www.epfl.ch", "example.com"):
self.assertTrue(self.filter.inIgnoreIPList("128.178.222.69")) self.filter.addIgnoreIP(dns)
self.filter.addIgnoreIP("example.com") ips = DNSUtils.dnsToIp(dns)
self.assertTrue(self.filter.inIgnoreIPList("93.184.216.34")) self.assertTrue(len(ips) > 0)
self.assertTrue(self.filter.inIgnoreIPList("2606:2800:220:1:248:1893:25c8:1946")) # for each ip from dns check ip ignored:
for ip in ips:
def testIgnoreIPDNSNOK(self): ip = str(ip)
# Test DNS DefLogSys.debug(' ++ positive case for %s', ip)
self.filter.addIgnoreIP("www.epfl.ch") self.assertTrue(self.filter.inIgnoreIPList(ip))
self.assertFalse(self.filter.inIgnoreIPList("127.178.222.69")) # check another ips (with increment/decrement of first/last part) not ignored:
self.assertFalse(self.filter.inIgnoreIPList("128.178.222.68")) iparr = []
self.assertFalse(self.filter.inIgnoreIPList("128.178.222.70")) ip2 = re.search(r'^([^.:]+)([.:])(.*?)([.:])([^.:]+)$', ip)
if ip2:
ip2 = ip2.groups()
for o in (0, 4):
for i in (1, -1):
ipo = list(ip2)
if ipo[1] == '.':
ipo[o] = str(int(ipo[o])+i)
else:
ipo[o] = '%x' % (int(ipo[o], 16)+i)
ipo = ''.join(ipo)
if ipo not in ips:
iparr.append(ipo)
self.assertTrue(len(iparr) > 0)
for ip in iparr:
DefLogSys.debug(' -- negative case for %s', ip)
self.assertFalse(self.filter.inIgnoreIPList(str(ip)))
def testIgnoreCmdApacheFakegooglebot(self): def testIgnoreCmdApacheFakegooglebot(self):
unittest.F2B.SkipIfCfgMissing(stock=True) unittest.F2B.SkipIfCfgMissing(stock=True)

2
fail2ban/tests/servertestcase.py
View File

@ -832,7 +832,7 @@ class TransmitterLogging(TransmitterBase):
os.remove(logTarget) os.remove(logTarget)
self.setGetTest("logtarget", 'STDOUT[format="%(message)s"]', 'STDOUT') self.setGetTest("logtarget", 'STDOUT[format="%(message)s"]', 'STDOUT')
self.setGetTest("logtarget", 'STDERR[datetime=off]', 'STDERR') self.setGetTest("logtarget", 'STDERR[datetime=off, padding=off]', 'STDERR')
def testLogTargetSYSLOG(self): def testLogTargetSYSLOG(self):
if not os.path.exists("/dev/log"): if not os.path.exists("/dev/log"):