* 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban:
Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
Added support for MySQL logfiles
Conflicts:
testcases/datedetectortestcase.py -- conflictde with other added test cases
* 'master' of https://github.com/labynocle/fail2ban:
change the license to GPLv2 + adapat text
fix the script name to check_fail2ban everywhere
Replace the check_fail2ban script by a new one which respects the Nagios specs (like status, output, perfdata, help...). Also add a README which includes the content of f2ban.txt (which is now removed)
* 001-fail2ban-server-socket-close-on-exec-no-leak.diff
Add code that marks server and client sockets with FD_CLOEXEC flags.
Avoid leaking file descriptors to processes spawned when handling
fail2ban actions (ex: iptables).
Unix sockets managed by fail2ban-server don't need to be passed to any
child process. Fail2ban already uses the FD_CLOEXEC flags in the filter
code.
This patch also avoids giving iptables access to fail2ban UNIX socket in
a SELinux environment (A sane SELinux policy should trigger an audit
event because "iptables" will be given read/write access to the fail2ban
control socket).
Some random references related to this bug:
http://sourceforge.net/tracker/?func=detail&atid=689044&aid=2086568&group_id=121032http://www.redhat.com/archives/fedora-selinux-list/2009-June/msg00124.htmlhttp://forums.fedoraforum.org/showthread.php?t=234230
* 002-fail2ban-filters-close-on-exec-typo-fix.diff
There is a typo in the fail2ban server/filter.py source code. The
FD_CLOEXEC is correctly set but additional *random* flags are also set.
It has no side-effect as long as the fd doesn't match a valid flag :)
"fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)" <== the 3rd
parameter should be flags, not a file descriptor.
* 003-fail2ban-gamin-socket-close-on-exec-no-leak.diff
Add code that marks the Gamin monitor file descriptor with FD_CLOEXEC
flags. Avoid leaking file descriptors to processes spawned when handling
fail2ban actions (ex: iptables).
---
File descriptors in action process before patches:
dr-x------ 2 root root 0 .
dr-xr-xr-x 8 root root 0 ..
lr-x------ 1 root root 64 0 -> /dev/null <== OK
l-wx------ 1 root root 64 1 -> /tmp/test.log <== used by test action
lrwx------ 1 root root 64 2 -> /dev/null <== OK
lrwx------ 1 root root 64 3 -> socket:[116361] <== NOK (fail2ban.sock leak)
lr-x------ 1 root root 64 4 -> /proc/20090/fd <== used by test action
l-wx------ 1 root root 64 5 -> /var/log/fail2ban.log <== OK
lrwx------ 1 root root 64 6 -> socket:[115608] <== NOK (gamin sock leak)
File descriptors in action process after patches:
dr-x------ 2 root root 0 .
dr-xr-xr-x 8 root root 0 ..
lr-x------ 1 root root 64 0 -> /dev/null <== OK
l-wx------ 1 root root 64 1 -> /tmp/test.log <== used by test action
lrwx------ 1 root root 64 2 -> /dev/null <== OK
lr-x------ 1 root root 64 3 -> /proc/18284/fd <== used by test action
l-wx------ 1 root root 64 5 -> /var/log/fail2ban.log <== OK
* commit '0.8.8-145-g72b0647': (114 commits)
ENH: Slight tune ups for fresh SOGo filter + comment into the sample log file
ENH: postfix filter -- react also on (450 4.7.1) with empty from/to. fixes#126
TST: basic testing of reading the shipped jail.conf (forcing all jails to be enabled)
ENH: allow to force enable all jails (for testing), do not crash for jails without actions (just warn)
ENH: minor -- add default value into the warning if option had none provided
ENH: _copy_lines_between_files -- read all needed, and only then write/flush at once
ENH: move pyinotify callback debug message into callback + delay string interpolations
ENH: adding ability to incorporate tracebacks into log lines while running tests
ENH: FailManager -- improve log message to report total # of detected failures as well
BF: allow to wait longer for FilterPoll in test_move_file
ENH: elaborated debug log message about already detected failures
BF: Remove custom __str__ for MonitorFailures and just adjust __name__ of the generated class
DOC: Added suggested by @beilber description of .d/ + added I formatting to all filenames
ENH: increase timeout to 20 sec from 10 sec in assert_correct_last_attempt
BF: fixing up for handling of TAI64N timestamps and adding some unittest for prev commit (not effective much though)
An example of failed logins against sogo
Update sogo-auth.conf
Added Daniel and Steven to THANKS
My improvements to manpages
PKG: change email that I want in RPMs
...
* pr/117/head:
An example of failed logins against sogo
Update sogo-auth.conf
Update config/filter.d/sogo-auth.conf
Create sogo-auth.conf
Update config/jail.conf
Now it should be evaluated only if logging mode is debug or "lower", and also
should happen not only on initial detections but for every added failure.
It also reports counts per each IP now