github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch '0.10' into 0.11 (version bump after r.0.10.4)

pull/2259/head
sebres 2018-10-04 13:08:25 +02:00
parent a462966cf6 0ae02ba2a1
commit f9f7e29295
8 changed files with 49 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -58,6 +58,17 @@ ver. 0.11.0-dev-0 (20??/??/??) - development nightly edition
ver. 0.10.4-dev-1 (20??/??/??) - development edition ver. 0.10.4-dev-1 (20??/??/??) - development edition
ver. 0.10.5-dev-1 (20??/??/??) - development edition
-----------
### Fixes
### New Features
### Enhancements
ver. 0.10.4 (2018/10/04) - ten-four-on-due-date-ten-four
----------- -----------
### Fixes ### Fixes

29
config/action.d/badips.py
View File

@ -32,6 +32,8 @@ else: # pragma: 3.x no cover
from urllib import urlencode from urllib import urlencode
from fail2ban.server.actions import ActionBase from fail2ban.server.actions import ActionBase
from fail2ban.helpers import str2LogLevel
class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
@ -70,6 +72,9 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
updateperiod : int, optional updateperiod : int, optional
Time in seconds between updating bad IPs blacklist. Time in seconds between updating bad IPs blacklist.
Default 900 (15 minutes) Default 900 (15 minutes)
loglevel : int/str, optional
Log level of the message when an IP is (un)banned.
Default `DEBUG`.
agent : str, optional agent : str, optional
User agent transmitted to server. User agent transmitted to server.
Default `Fail2Ban/ver.` Default `Fail2Ban/ver.`
@ -86,7 +91,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
return Request(url, headers={'User-Agent': self.agent}, **argv) return Request(url, headers={'User-Agent': self.agent}, **argv)
def __init__(self, jail, name, category, score=3, age="24h", key=None, def __init__(self, jail, name, category, score=3, age="24h", key=None,
banaction=None, bancategory=None, bankey=None, updateperiod=900, agent="Fail2Ban", banaction=None, bancategory=None, bankey=None, updateperiod=900, loglevel='DEBUG', agent="Fail2Ban",
timeout=TIMEOUT): timeout=TIMEOUT):
super(BadIPsAction, self).__init__(jail, name) super(BadIPsAction, self).__init__(jail, name)
@ -99,6 +104,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
self.banaction = banaction self.banaction = banaction
self.bancategory = bancategory or category self.bancategory = bancategory or category
self.bankey = bankey self.bankey = bankey
self.loglevel = str2LogLevel(loglevel)
self.updateperiod = updateperiod self.updateperiod = updateperiod
self._bannedips = set() self._bannedips = set()
@ -289,7 +295,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG) exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
else: else:
self._bannedips.add(ip) self._bannedips.add(ip)
self._logSys.debug( self._logSys.log(self.loglevel,
"Banned IP %s for jail '%s' with action '%s'", "Banned IP %s for jail '%s' with action '%s'",
ip, self._jail.name, self.banaction) ip, self._jail.name, self.banaction)
@ -304,12 +310,12 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
'ipjailmatches': "", 'ipjailmatches': "",
}) })
except Exception as e: except Exception as e:
self._logSys.info( self._logSys.error(
"Error unbanning IP %s for jail '%s' with action '%s': %s", "Error unbanning IP %s for jail '%s' with action '%s': %s",
ip, self._jail.name, self.banaction, e, ip, self._jail.name, self.banaction, e,
exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG) exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
else: else:
self._logSys.debug( self._logSys.log(self.loglevel,
"Unbanned IP %s for jail '%s' with action '%s'", "Unbanned IP %s for jail '%s' with action '%s'",
ip, self._jail.name, self.banaction) ip, self._jail.name, self.banaction)
finally: finally:
@ -337,13 +343,16 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
ips = self.getList( ips = self.getList(
self.bancategory, self.score, self.age, self.bankey) self.bancategory, self.score, self.age, self.bankey)
# Remove old IPs no longer listed # Remove old IPs no longer listed
self._unbanIPs(self._bannedips - ips) s = self._bannedips - ips
m = len(s)
self._unbanIPs(s)
# Add new IPs which are now listed # Add new IPs which are now listed
self._banIPs(ips - self._bannedips) s = ips - self._bannedips
p = len(s)
self._logSys.debug( self._banIPs(s)
"Updated IPs for jail '%s'. Update again in %i seconds", self._logSys.log(self.loglevel,
self._jail.name, self.updateperiod) "Updated IPs for jail '%s' (-%d/+%d). Update again in %i seconds",
self._jail.name, m, p, self.updateperiod)
finally: finally:
self._timer = threading.Timer(self.updateperiod, self.update) self._timer = threading.Timer(self.updateperiod, self.update)
self._timer.start() self._timer.start()

2
fail2ban/version.py
View File

@ -24,7 +24,7 @@ __author__ = "Cyril Jaquier, Yaroslav Halchenko, Steven Hiscocks, Daniel Black"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2005-2016 Yaroslav Halchenko, 2013-2014 Steven Hiscocks, Daniel Black" __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2005-2016 Yaroslav Halchenko, 2013-2014 Steven Hiscocks, Daniel Black"
__license__ = "GPL-v2+" __license__ = "GPL-v2+"
version = "0.11.0.dev2" version = "0.11.0.dev3"
def normVersion(): def normVersion():
""" Returns fail2ban version in normalized machine-readable format""" """ Returns fail2ban version in normalized machine-readable format"""

20
man/fail2ban-client.1
View File

@ -1,12 +1,12 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH FAIL2BAN-CLIENT "1" "April 2018" "fail2ban-client v0.11.0.dev2" "User Commands" .TH FAIL2BAN-CLIENT "1" "October 2018" "fail2ban-client v0.11.0.dev3" "User Commands"
.SH NAME .SH NAME
fail2ban-client \- configure and control the server fail2ban-client \- configure and control the server
.SH SYNOPSIS .SH SYNOPSIS
.B fail2ban-client .B fail2ban-client
[\fI\,OPTIONS\/\fR] \fI\,<COMMAND>\/\fR [\fI\,OPTIONS\/\fR] \fI\,<COMMAND>\/\fR
.SH DESCRIPTION .SH DESCRIPTION
Fail2Ban v0.11.0.dev2 reads log file that contains password failure report Fail2Ban v0.11.0.dev3 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules. and bans the corresponding IP addresses using firewall rules.
.SH OPTIONS .SH OPTIONS
.TP .TP
@ -67,7 +67,7 @@ convert time abbreviation format to seconds
display this help message display this help message
.TP .TP
\fB\-V\fR, \fB\-\-version\fR \fB\-V\fR, \fB\-\-version\fR
print the version print the version (\fB\-V\fR returns machine\-readable short format)
.SH COMMAND .SH COMMAND
.IP .IP
BASIC BASIC
@ -210,6 +210,12 @@ adds <IP> to the ignore list of
removes <IP> from the ignore list removes <IP> from the ignore list
of <JAIL> of <JAIL>
.TP .TP
\fBset <JAIL> ignorecommand <VALUE>\fR
sets ignorecommand of <JAIL>
.TP
\fBset <JAIL> ignorecache <VALUE>\fR
sets ignorecache of <JAIL>
.TP
\fBset <JAIL> addlogpath <FILE> ['tail']\fR \fBset <JAIL> addlogpath <FILE> ['tail']\fR
adds <FILE> to the monitoring list adds <FILE> to the monitoring list
of <JAIL>, optionally starting at of <JAIL>, optionally starting at
@ -241,9 +247,6 @@ for <JAIL>
removes the regular expression at removes the regular expression at
<INDEX> for failregex <INDEX> for failregex
.TP .TP
\fBset <JAIL> ignorecommand <VALUE>\fR
sets ignorecommand of <JAIL>
.TP
\fBset <JAIL> addignoreregex <REGEX>\fR \fBset <JAIL> addignoreregex <REGEX>\fR
adds the regular expression adds the regular expression
<REGEX> which should match pattern <REGEX> which should match pattern
@ -438,11 +441,6 @@ the action <ACT> for <JAIL>
\fI/etc/fail2ban/*\fR \fI/etc/fail2ban/*\fR
.SH "REPORTING BUGS" .SH "REPORTING BUGS"
Report bugs to https://github.com/fail2ban/fail2ban/issues Report bugs to https://github.com/fail2ban/fail2ban/issues
.SH COPYRIGHT
Copyright \(co 2004\-2008 Cyril Jaquier, 2008\- Fail2Ban Contributors
.br
Copyright of modifications held by their respective authors.
Licensed under the GNU General Public License v2 (GPL).
.SH "SEE ALSO" .SH "SEE ALSO"
.br .br
fail2ban-server(1) fail2ban-server(1)

2
man/fail2ban-python.1
View File

@ -1,5 +1,5 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH FAIL2BAN-PYTHON "1" "April 2018" "fail2ban-python f2bversion" "User Commands" .TH FAIL2BAN-PYTHON "1" "October 2018" "fail2ban-python f2bversion" "User Commands"
.SH NAME .SH NAME
fail2ban-python \- a helper for Fail2Ban to assure that the same Python is used fail2ban-python \- a helper for Fail2Ban to assure that the same Python is used
.SH DESCRIPTION .SH DESCRIPTION

5
man/fail2ban-regex.1
View File

@ -1,5 +1,5 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH FAIL2BAN-REGEX "1" "April 2018" "fail2ban-regex 0.11.0.dev2" "User Commands" .TH FAIL2BAN-REGEX "1" "October 2018" "fail2ban-regex 0.11.0.dev3" "User Commands"
.SH NAME .SH NAME
fail2ban-regex \- test Fail2ban "failregex" option fail2ban-regex \- test Fail2ban "failregex" option
.SH SYNOPSIS .SH SYNOPSIS
@ -72,6 +72,9 @@ journalctl style matches overriding filter file.
\fB\-l\fR LOG_LEVEL, \fB\-\-log\-level\fR=\fI\,LOG_LEVEL\/\fR \fB\-l\fR LOG_LEVEL, \fB\-\-log\-level\fR=\fI\,LOG_LEVEL\/\fR
Log level for the Fail2Ban logger to use Log level for the Fail2Ban logger to use
.TP .TP
\fB\-V\fR
get version in machine\-readable short format
.TP
\fB\-v\fR, \fB\-\-verbose\fR \fB\-v\fR, \fB\-\-verbose\fR
Increase verbosity Increase verbosity
.TP .TP

11
man/fail2ban-server.1
View File

@ -1,12 +1,12 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH FAIL2BAN-SERVER "1" "April 2018" "fail2ban-server v0.11.0.dev2" "User Commands" .TH FAIL2BAN-SERVER "1" "October 2018" "fail2ban-server v0.11.0.dev3" "User Commands"
.SH NAME .SH NAME
fail2ban-server \- start the server fail2ban-server \- start the server
.SH SYNOPSIS .SH SYNOPSIS
.B fail2ban-server .B fail2ban-server
[\fI\,OPTIONS\/\fR] [\fI\,OPTIONS\/\fR]
.SH DESCRIPTION .SH DESCRIPTION
Fail2Ban v0.11.0.dev2 reads log file that contains password failure report Fail2Ban v0.11.0.dev3 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules. and bans the corresponding IP addresses using firewall rules.
.SH OPTIONS .SH OPTIONS
.TP .TP
@ -67,14 +67,9 @@ convert time abbreviation format to seconds
display this help message display this help message
.TP .TP
\fB\-V\fR, \fB\-\-version\fR \fB\-V\fR, \fB\-\-version\fR
print the version print the version (\fB\-V\fR returns machine\-readable short format)
.SH "REPORTING BUGS" .SH "REPORTING BUGS"
Report bugs to https://github.com/fail2ban/fail2ban/issues Report bugs to https://github.com/fail2ban/fail2ban/issues
.SH COPYRIGHT
Copyright \(co 2004\-2008 Cyril Jaquier, 2008\- Fail2Ban Contributors
.br
Copyright of modifications held by their respective authors.
Licensed under the GNU General Public License v2 (GPL).
.SH "SEE ALSO" .SH "SEE ALSO"
.br .br
fail2ban-client(1) fail2ban-client(1)

2
man/fail2ban-testcases.1
View File

@ -1,5 +1,5 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH FAIL2BAN-TESTCASES "1" "April 2018" "fail2ban-testcases 0.11.0.dev2" "User Commands" .TH FAIL2BAN-TESTCASES "1" "October 2018" "fail2ban-testcases 0.11.0.dev3" "User Commands"
.SH NAME .SH NAME
fail2ban-testcases \- run Fail2Ban unit-tests fail2ban-testcases \- run Fail2Ban unit-tests
.SH SYNOPSIS .SH SYNOPSIS