Commit Graph

275 Commits (976a65bb890009aaad52769933a8a9910a3d25ab)

Author SHA1 Message Date
Daniel Black 495f2dd877 DOC: purge of svn tags 2013-05-03 16:03:38 +10:00
Yaroslav Halchenko 89adcd7ff7 Merge branch PR #193 ASSP SMTP Proxy support (with some manual squashing)
Origin: https://github.com/lenrico/fail2ban

Squashing was done via rebase -i 1524b076d6
to eliminate massive assp sample log file originally added

  fixed test date thx to steven
  tight control of the filter for ASSP
  as yaroslav wishes
  as daniel desires
  changed from DateASSPlike class to DateStrptime
  fixed little things
  added new date format support for ASSP SMTP Proxy
2013-05-03 00:57:49 -04:00
Enrico Labedzki e27385e873 as yaroslav wishes 2013-05-03 00:56:53 -04:00
Enrico Labedzki 9185c070eb changed from DateASSPlike class to DateStrptime 2013-05-03 00:56:52 -04:00
Enrico Labedzki ba8f012637 fixed little things 2013-05-03 00:56:52 -04:00
Enrico Labedzki 24a8d07c20 added new date format support for ASSP SMTP Proxy 2013-05-03 00:56:46 -04:00
Yaroslav Halchenko 7c409dd24f Merge branch 'master' of git://github.com/fail2ban/fail2ban
* 'master' of git://github.com/fail2ban/fail2ban:
  BF: log error only if there were missed config files that couldn't be read
  DOC: missing cinfo tags are ok. Log error for self referencing definitions
  DOC: s/defination/definition/g learn to spell
  ENH: remove stats of config files and use results of SafeConfigParserWithIncludes.read to facilitate meaningful error messages
  DOC: ChangeLog for recursive tag substition
  ENH: allow recursive tag substitution in action files.
2013-05-02 23:28:18 -04:00
Yaroslav Halchenko 8e63d4c6da ENH: "is None" instead of "== None" + tune ups in headers
is None is generally faster than == and from looking at those places
should be adequate.

Also while at those files removed unneded duplicate author listing +
expanded copyright/authors with myself where applicable
2013-05-02 23:25:43 -04:00
Daniel Black d7862266d6 DOC: missing cinfo tags are ok. Log error for self referencing definitions 2013-04-30 08:14:50 +10:00
Daniel Black d28f3fa285 DOC: s/defination/definition/g learn to spell 2013-04-30 08:07:21 +10:00
Yaroslav Halchenko f21566049c BF: pyinotify backend should also handle IN_MOVED_TO events 2013-04-29 13:54:14 -04:00
Daniel Black 1d9abd1b39 ENH: allow recursive tag substitution in action files. 2013-04-29 12:37:16 +10:00
Steven Hiscocks 3d6791fe3e ENH: Minor change to action for consistency of execStart/Stop 2013-04-14 15:57:37 +01:00
Steven Hiscocks 28e9acf86a TST: no cover additions to server, primarily daemon creation 2013-04-14 15:55:18 +01:00
Yaroslav Halchenko ffe48741e3 DOC: thanks @kwirk for spotting the typos in exception message 2013-04-13 22:20:57 -04:00
Yaroslav Halchenko 301460f451 Merge remote-tracking branch 'pr/167/head': FD_CLOEXEC bug fixes (filters) + support (actions). Avoid sockets descriptors leak.
* pr/167/head:
  FD_CLOEXEC support
2013-04-11 15:05:56 -04:00
Yaroslav Halchenko 3e6be243bf Merge branch 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban
* 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban:
  Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
  Added support for MySQL logfiles

Conflicts:
	testcases/datedetectortestcase.py -- conflictde with other added test cases
2013-04-09 17:55:14 -04:00
Nicolas Collignon 39667ff6f7 FD_CLOEXEC support
* 001-fail2ban-server-socket-close-on-exec-no-leak.diff

Add code that marks server and client sockets with FD_CLOEXEC flags.
Avoid leaking file descriptors to processes spawned when handling
fail2ban actions (ex: iptables).

Unix sockets managed by fail2ban-server don't need to be passed to any
child process. Fail2ban already uses the FD_CLOEXEC flags in the filter
code.

This patch also avoids giving iptables access to fail2ban UNIX socket in
a SELinux environment (A sane SELinux policy should trigger an audit
event because "iptables" will be given read/write access to the fail2ban
control socket).

Some random references related to this bug:
 http://sourceforge.net/tracker/?func=detail&atid=689044&aid=2086568&group_id=121032
 http://www.redhat.com/archives/fedora-selinux-list/2009-June/msg00124.html
 http://forums.fedoraforum.org/showthread.php?t=234230

 * 002-fail2ban-filters-close-on-exec-typo-fix.diff

There is a typo in the fail2ban server/filter.py source code. The
FD_CLOEXEC is correctly set but additional *random* flags are also set.
It has no side-effect as long as the fd doesn't match a valid flag :)
"fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)" <== the 3rd
parameter should be flags, not a file descriptor.

 * 003-fail2ban-gamin-socket-close-on-exec-no-leak.diff

Add code that marks the Gamin monitor file descriptor with FD_CLOEXEC
flags. Avoid leaking file descriptors to processes spawned when handling
fail2ban actions (ex: iptables).

---

File descriptors in action process before patches:
dr-x------ 2 root root  0 .
dr-xr-xr-x 8 root root  0 ..
lr-x------ 1 root root 64 0 -> /dev/null        <== OK
l-wx------ 1 root root 64 1 -> /tmp/test.log    <== used by test action
lrwx------ 1 root root 64 2 -> /dev/null        <== OK
lrwx------ 1 root root 64 3 -> socket:[116361]  <== NOK (fail2ban.sock leak)
lr-x------ 1 root root 64 4 -> /proc/20090/fd   <== used by test action
l-wx------ 1 root root 64 5 -> /var/log/fail2ban.log <== OK
lrwx------ 1 root root 64 6 -> socket:[115608]  <== NOK (gamin sock leak)

File descriptors in action process after patches:
dr-x------ 2 root root  0 .
dr-xr-xr-x 8 root root  0 ..
lr-x------ 1 root root 64 0 -> /dev/null        <== OK
l-wx------ 1 root root 64 1 -> /tmp/test.log    <== used by test action
lrwx------ 1 root root 64 2 -> /dev/null        <== OK
lr-x------ 1 root root 64 3 -> /proc/18284/fd   <== used by test action
l-wx------ 1 root root 64 5 -> /var/log/fail2ban.log <== OK
2013-04-02 19:11:59 +02:00
Yaroslav Halchenko 33a31e096a RF+TST: bring inBanList back from private to protected and enabled its rudimentary unittests 2013-03-29 15:33:08 -04:00
Yaroslav Halchenko ba042c6e3a ENH: move pyinotify callback debug message into callback + delay string interpolations 2013-03-25 23:05:55 -04:00
Yaroslav Halchenko c29553354b ENH: FailManager -- improve log message to report total # of detected failures as well 2013-03-25 23:05:47 -04:00
Yaroslav Halchenko 5ea2ab14e6 ENH: elaborated debug log message about already detected failures
Now it should be evaluated only if logging mode is debug or "lower", and also
should happen not only on initial detections but for every added failure.
It also reports counts per each IP now
2013-03-25 23:05:47 -04:00
Yaroslav Halchenko 3b4084d471 BF: fixing up for handling of TAI64N timestamps and adding some unittest for prev commit (not effective much though) 2013-03-25 10:41:13 -04:00
Yaroslav Halchenko 7813340e1c Merge branch 'master' of https://github.com/sebres/fail2ban
* 'master' of https://github.com/sebres/fail2ban:
  invalid date recognition, irregular because of sorting template list, now via setRegex
  invalid date recognition, irregular because of sorting template list (sometimes not reproducible by fail2ban-regex, cause will be not sorted)
2013-03-25 10:00:55 -04:00
Artur Penttinen 29d0df58be Added support for MySQL logfiles 2013-03-24 16:52:58 +02:00
Yaroslav Halchenko e3d3a6ac02 Merge branch 'datedetector-testcase' of https://github.com/kwirk/fail2ban
* 'datedetector-testcase' of https://github.com/kwirk/fail2ban:
  Correct datedetector testcases for TAI64N format
  Additional date/time formats for datedetector testcases
2013-03-22 20:27:39 -04:00
Steven Hiscocks 7a442f079f BF: When changing log target with python2.{4,5} handle KeyError 2013-03-22 21:19:31 +00:00
Steven Hiscocks 883892a683 Additional date/time formats for datedetector testcases
Also made a note that some workarounds for certain date/time formats
may cause week/year day to be incorrect. This does not affect
functionality of fail2ban so no urgency to fix.
2013-03-16 17:55:22 +00:00
sebres b6bb2f88c1 invalid date recognition, irregular because of sorting template list, now via setRegex 2013-03-11 13:52:31 +01:00
Yaroslav Halchenko be42522bba Merge branch 'transmitter-testcase' of https://github.com/kwirk/fail2ban
* 'transmitter-testcase' of https://github.com/kwirk/fail2ban:
  Added additional Transmitter tests, and some associated fixes
2013-03-10 21:23:04 -04:00
Yaroslav Halchenko 5e5eaaf838 Merge pull request #134 from grooverdan/misc-fixes
BF: fail2ban client can't handle multi word setcinfo or action[*] values
2013-03-10 18:01:17 -07:00
Pascal Borreli a2b29b4875 Fixed typos 2013-03-10 22:05:33 +00:00
Steven Hiscocks 4bbbc07872 Added additional Transmitter tests, and some associated fixes
This includes some tweaks such that errors are raised for certain
commands
2013-03-10 14:55:39 +00:00
Daniel Black 23bbc60b1c do catch all exception 2013-03-10 17:10:40 +11:00
Daniel Black f0610c01d5 BF: allow more than single word for command action[start,stop,ban,unban,check] and for setcinfo too 2013-03-10 15:29:48 +11:00
Daniel Black c8c7b0b984 BF: general Exception catch was excessive. Only IOError and OSError are possible and has different meanings 2013-03-10 15:29:27 +11:00
Daniel Black 3665e6dc44 Add development documentation and framework for code coverage measurement 2013-03-10 15:18:42 +11:00
sebres d17b415371 invalid date recognition, irregular because of sorting template list (sometimes not reproducible by fail2ban-regex, cause will be not sorted)
date in following log line (from nginx) will be wrong detected:
2012/10/11 02:37:17 [error] 18434#0: *947 user "test" was not found in "/www/...", client: 192.168.1.5, ...

sometimes it is [correct] - 2012/10/11 (%Y/%m/%d) = 1349919861.71
sometimes it is [invalid] -   12/10/11 (%d/%m/%y) = 1349915838.06
and older as now - 1800 seconds (therefore will be not found)

solution: regular expression fixed, cause date in log used always after non symbol (\W) character, so r"\d{2}/\d{2}/\d{2}" will be r"(?<!\w)\d{2}/\d{2}/\d{2}".
2013-03-05 00:02:39 +01:00
Yaroslav Halchenko 59c35bc44a Downgrade log rotation detection message to DEBUG level from INFO. Closes: gh-129
This message useful only when debugging problems so it is more reasonable
to have it suppressed otherwise
2013-03-01 19:57:56 -05:00
Yaroslav Halchenko 154aa38e3f BF: do not shutdown logging until all jails stop -- so move into Server.quit()
Together with previous commit it should resolve failures with the server tests on python < 2.6
2013-02-21 20:59:46 -05:00
Yaroslav Halchenko 012264dce1 BF: safeguard closing of log handlers + close in reverse order
otherwise there might be "stuck" handler in the queue. and closing
exceptions can occur -- even stock logging guards in recent versions
2013-02-21 20:58:27 -05:00
Steven Hiscocks b36835f6f0 Added transmitter get cinfo option for action 2013-02-20 23:33:39 +00:00
Steven Hiscocks b6a68f5138 Fix for missing value in transmitter delaction 2013-02-20 23:24:46 +00:00
Steven Hiscocks ce3ab34dd8 Added ability to specify PID file 2013-02-17 22:14:01 +00:00
Yaroslav Halchenko f8983872ad BF: return str(host) to avoid spurious characters in the logs (Close gh-113)
thanks to opoplawski@github
2013-02-01 16:24:04 -05:00
Yaroslav Halchenko acab23bdfe RF: move exceptions used by both client and server into common/exceptions.py
this prevents importing of server while operating with client only
2013-01-28 09:46:50 -05:00
Yaroslav Halchenko 6b2e76ba7f BF: pyinotify - use bitwise op on masks and do not try tracking newly created directories 2013-01-25 16:06:41 -05:00
blotus 96eb8986cc Escape ' and " in matches tag 2013-01-25 13:37:22 +01:00
Daniel Black fd7929863b name -> IP is a normal DNS lookup not a reverse 2012-12-12 21:59:01 +11:00
Yaroslav Halchenko 67145d8b78 ENH: assure that all date templates have unique names 2012-12-11 11:18:52 -05:00