Merge is done with -X ours -- since I have implemented more generic handling
for config files, including now the ones under .d/ subdirectories.
* github_kwirk_fail2ban/upstream#24:
Fix up for warning/error for inaccessible config files
Warn if config file present but unreadable
Additional changes:
ENH: make basedir for Config's a kwarg to the constructor
ENH: improved analysis/reporting on presence/accessibility of config
files. Got carried away and forgot about existing work done by
Steven Hiscocks in the gh-115 -- will merge it in the next
commit for the fair ack of his work
Now for any X.conf configuration file we have following ways to
provide customizations
X.local -- read after .conf (kept for backward compatibility)
X.d/ -- directory to contain additional .conf files, sorted
alphabetically, e.g
X.d/01_enable.conf - to enable the jail
X.d/02_custom_port.conf - to change the port
X could be a 'jail' or 'fail2ban' or any other configuration file in
fail2ban.
Mention that all files still must contain the corresponding sections
(most of the time duplicating it across all of them).
* github_kwirk_fail2ban/multi-line:
Revert changes to man/fail2ban-client.1
Removed "common.local" include for FilterReader test
Added 'maxlines' option to fail2ban-regex
Regex get(Un)MatchedLines now returns whole lines only
Added FilterReader test
Added multiregex test for multi-line filter
ignoreregex now functions correctly with multiline
Minor typo in server/failregex.py
Added <SKIPLINES> regex applicable for multi-line
Sanitise testcase log 04
Changed multi-line test to provided example
Filter for multi-line now stores last time match
Simplify and change some filter line buffer
Initial changes and test for multi-line filtering
This is also not ideal, since if there happens to be some systemwide common.version -- we are doomed
but otherwise, we cannot keep extending comparison check to /bin, /sbin whatelse
* gh-yarikoptic/master:
ENH: Added login authenticator failed regexp for exim filter
DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333)
Ignore regexs are now only compared to lines that match the failregex.
Supporting test also added for multiline regex and overlapping
multiline regex matches.
sshd filter - avoid banning on pam failures since might be too early. Close gh-106
If desired to ban on pam -- enable pam-generic filter, possibly even tuning in pam-generic.local the value for caught ttys in case of more detailed control needed
Provided example was:
Jan 18 12:47:34 host sshd[23755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.123.123.123 user=myuser
Jan 18 12:47:34 host sshd[23755]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.123.123.123 user=myuser
Jan 18 12:47:34 host sshd[23755]: Accepted password for myuser from 123.123.123.123 port 50615 ssh2
Do not trigger sshd bans on pam_unix authentication failures, this will trigger on successful logins on systems that use non-pam_unix authentication (sssd, ldap, etc.).