From 37acc6b8323230d3f314daeeb9c233e694461de9 Mon Sep 17 00:00:00 2001 From: pacop Date: Mon, 30 Jun 2014 14:29:57 +0200 Subject: [PATCH 1/3] ENH: Add dateTime format for PortSentry Added dateTime format for PortSentry with EPOCH format --- fail2ban/tests/datedetectortestcase.py | 1 + 1 file changed, 1 insertion(+) diff --git a/fail2ban/tests/datedetectortestcase.py b/fail2ban/tests/datedetectortestcase.py index 726e73f83..c82f92ba5 100644 --- a/fail2ban/tests/datedetectortestcase.py +++ b/fail2ban/tests/datedetectortestcase.py @@ -86,6 +86,7 @@ class DateDetectorTest(unittest.TestCase): (False, "23-Jan-2005 21:59:59.02"), (False, "23-Jan-2005 21:59:59 +0100"), (False, "23-01-2005 21:59:59"), + (True, "1106513999"), # Portsetry (False, "01-23-2005 21:59:59.252"), # reported on f2b, causes Feb29 fix to break (False, "@4000000041f4104f00000000"), # TAI64N (False, "2005-01-23T20:59:59.252Z"), #ISO 8601 (UTC) From ce4f2d1c88f448b303adda8a19b6e7ae23cd8411 Mon Sep 17 00:00:00 2001 From: pacop Date: Sat, 4 Oct 2014 15:08:12 +0200 Subject: [PATCH 2/3] added filter for PortSentry with jail and samples --- config/filter.d/portsentry.conf | 10 ++++++++++ config/jail.conf | 5 +++++ fail2ban/tests/files/logs/portsentry | 4 ++++ 3 files changed, 19 insertions(+) create mode 100644 config/filter.d/portsentry.conf create mode 100644 fail2ban/tests/files/logs/portsentry diff --git a/config/filter.d/portsentry.conf b/config/filter.d/portsentry.conf new file mode 100644 index 000000000..1ee9531cd --- /dev/null +++ b/config/filter.d/portsentry.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for failure attempts in Counter Strike-1.6 +# +# + +[Definition] + +failregex = \/ Port\: [0-9]+ (TCP|UDP) Blocked$ + +# Author: Pacop + diff --git a/config/jail.conf b/config/jail.conf index c42952d8b..2fe3dea29 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -709,3 +709,8 @@ enabled = false logpath = /opt/sun/comms/messaging64/log/mail.log_current maxretry = 6 banaction = iptables-allports + +[portsentry] +enabled = false +logpath = /var/lib/portsentry/portsentry.history +maxretry = 1 diff --git a/fail2ban/tests/files/logs/portsentry b/fail2ban/tests/files/logs/portsentry new file mode 100644 index 000000000..19c917a0d --- /dev/null +++ b/fail2ban/tests/files/logs/portsentry @@ -0,0 +1,4 @@ +# failJSON: { "time": "2014-06-27T17:51:19", "match": true , "host": "192.168.56.1" } +1403884279 - 06/27/2014 17:51:19 Host: 192.168.56.1/192.168.56.1 Port: 1 TCP Blocked +# failJSON: { "time": "2014-06-27T17:51:19", "match": true , "host": "192.168.56.1" } +1403884279 - 06/27/2014 17:51:19 Host: 192.168.56.1/192.168.56.1 Port: 1 UDP Blocked \ No newline at end of file From b60e2bf42f888f7a5421731a12742c0b8c74ccb9 Mon Sep 17 00:00:00 2001 From: pacop Date: Sat, 25 Oct 2014 18:17:57 +0200 Subject: [PATCH 3/3] Add portsentry to changelog --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index ad92a55e2..3e9d99b43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -81,6 +81,7 @@ ver. 0.9.1 (2014/xx/xx) - better, faster, stronger not affect SYSLOG output * Log unhandled exceptions * cyrus-imap: catch "user not found" attempts + * Add support for Portsentry ver. 0.9.0 (2014/03/14) - beta ----------