Commit Graph

91 Commits (d6ac7c29f46a8a3f7cf48eb002991767f3ca4e2b)

Author SHA1 Message Date
Steven Hiscocks 5630c56c75 ENH: Change logging levels and make info more verbose 2014-02-20 23:01:40 +00:00
Steven Hiscocks f68d85a6ac Merge branch 'master' into 0.9
Conflicts:
	ChangeLog
                Spelling correction of 0.8.13 fixed in master
	config/jail.conf
                Added nagios and duplicate php-url removal in master
                Just nagios added, duplicate not issue in 0.9
2014-02-13 20:14:40 +00:00
Daniel Black cc1a9cc45d BF: match up fail2ban-regex for datedetector/datetemplate changes 2014-01-28 06:59:01 +11:00
Daniel Black a650178bd1 MRG: merge from master 2014-01-19 2014-01-19 14:48:29 +11:00
Daniel Black 95add8a1c5 BF: datepattern handling in fail2ban-regex 2014-01-06 09:55:53 +11:00
Daniel Black 58a5983367 ENH: fix fail2ban-regex for filter arguement substition 2014-01-02 10:03:14 +11:00
Steven Hiscocks c80297045e ENH: Pass date time straight from systemd backend
Removes need to reparse the date time back from the ISO format
2013-12-28 18:02:16 +00:00
Daniel Black 7c0efc8ec8 MRG: merge so far - flushLogs not working yet 2013-12-16 15:08:34 +00:00
Steven Hiscocks 06a7b6534e DOC: Correct use of tab to spaces in fail2ban-regex help message 2013-12-14 17:21:56 +00:00
Steven Hiscocks d9afcc178a MINOR: PEP-8 tweaks for multiline-matches change set 2013-12-13 16:38:26 +00:00
Steven Hiscocks 60d298d898 BF: fail2ban-regex erroneously reporting multiple regexs had matched 2013-12-04 23:36:45 +00:00
Steven Hiscocks c886414e2e ENH+BF: Capture multiline matched lines into fail ticket
Previously only the last line of the match was being saved, not all
lines involved in matching.

Log lines are now broken into 3 part tuple, with the line pre-datetime,
the datetime, and post-datetime. Allows reformation of full line, but
also use of the line without the datetime present.
Attempting to use the term "tupleLine(s)" where possible, to avoid
confusion with normal read lines.

May also wish to consider that regexs could be made to capture more
lines of interest if some form of unique reference is available. This
may allow more lines of interest to be captured, which may not be picked
up by the traditional "grep <ip>" approach i.e. ones which do not have
the ip address in.

This also simplified the fail2ban-regex statistics for missed lines.
Also resolved bug with missed lines time extracted for debuggex having
some lines present which were captured in a multiline regex.
Also resolved independent issue with ignored line check including the
datetime, which raised assertion error in the rare case the datetime
matched the ignore regex, and the rest of line only matched a failregex
2013-12-04 22:26:22 +00:00
Daniel Black 47d35c9d80 MRG: 0.8.11 to 0.9
Epnoc of selinux is now true UTC

Merge multiline support and date detection in filter
2013-11-02 15:59:05 +11:00
Steven Hiscocks e07df3f7d4 ENH: fail2ban-regex uses ISO8601 when using journal backend
Also fix setting of date pattern occurring too early, before filter
being created.
2013-09-22 18:14:04 +01:00
Daniel Black 1f1a56174f MRG: merge from master 2013-09-08 21:02:35 +10:00
Daniel Black d5291517a7 MISC: merge from master 2013-07-28 19:43:54 +10:00
Steven Hiscocks 088e7f92aa ENH: fail2ban-regex uses iterable for files and journal access 2013-07-27 12:35:42 +01:00
Steven Hiscocks 72430e805d Merge branch 'datepatterns' into datepatterns-dateregex
Conflicts:
	bin/fail2ban-regex
	fail2ban/client/beautifier.py
	fail2ban/server/datedetector.py
2013-07-17 21:07:09 +01:00
Steven Hiscocks 05fac65a50 BF: fail2ban-regex multiline regex matches no longer in missed lines
Closes #263
Closes #282
2013-07-17 00:08:43 +01:00
Steven Hiscocks 1eea0dcec8 Merge branch 'master' into 0.9
Conflicts:
	ChangeLog
	bin/fail2ban-regex
	bin/fail2ban-testcases
	config/jail.conf
	fail2ban/server/failregex.py
	fail2ban/server/filter.py
	fail2ban/tests/files/logs/lighttpd
	fail2ban/tests/files/logs/mysqld.log
	fail2ban/tests/files/logs/wu-ftpd
	fail2ban/tests/filtertestcase.py
	fail2ban/tests/utils.py
	testcases/files/logs/lighttpd
	testcases/files/logs/lighttpd-auth
	testcases/files/logs/mysqld-auth
	testcases/files/logs/mysqld.log
	testcases/files/logs/wu-ftpd
	testcases/files/logs/wuftpd
2013-07-16 23:16:22 +01:00
Steven Hiscocks 3dbe2c04ca BF: fail2ban now don't print maxlines twice when using ignoreregex
Also read failregex first, as more natural place to get maxlines value
from.
2013-07-05 18:47:08 +01:00
Steven Hiscocks 1dbba35cd9 Merge branch 'master' into 0.9
Conflicts:
	fail2ban/client/jailreader.py
	fail2ban/tests/clientreadertestcase.py
	fail2ban/tests/files/logs/sshd
2013-06-29 20:31:26 +01:00
Steven Hiscocks 88bee24edb DOC: Neaten format for fail2ban-regex maxlines print 2013-06-29 19:14:42 +01:00
Steven Hiscocks d081a71759 BF: fail2ban-regex on python3+ 2013-06-29 13:57:12 +01:00
Steven Hiscocks 5ca6a9aeb6 Merge branch 'systemd-journal' into 0.9
Conflicts:
	bin/fail2ban-regex
	config/filter.d/sshd.conf

Closes github #224
2013-06-29 13:00:40 +01:00
Steven Hiscocks f87c53fa52 BF: fail2ban-regex adding duplicate lines with each regex
This is another fix on top of e73b3dd to correctly resolve this issue
2013-06-19 20:03:19 +01:00
Steven Hiscocks 123ec3da13 BF: Incorrect import for 0.9 branch in fail2ban-regex 2013-06-19 20:02:49 +01:00
Yaroslav Halchenko 8487cb2e90 Merge commit '0.8.10-31-g1ab0f0f' into 0.9
* commit '0.8.10-31-g1ab0f0f': (24 commits)
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  DOC: Changelog for fail2ban-regex RF
  DOC: Changelog for asterisk hardening
  ENH: fail2ban-regex -- add specification of loglevels to enable
  RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs
  ENH: 'heavydebug' level == 5 for even more debugging in tricky cases
  ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
  BF: missed a space
  BF: [SSL-out] is optional in assp
  ENH: regex hardening on assp
  ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
  TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: dovecot regexs rewritten and extra failures
  ENH: proftp regex hardening and log messages
  ENH/BF: exim improvements with sample
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  ...

Conflicts: -- it was a messy merge/resolution.
	ChangeLog
	bin/fail2ban-regex
	fail2ban-testcases
	fail2ban/server/filter.py
2013-06-18 20:21:23 -04:00
Steven Hiscocks e73b3dd53e BF: fail2ban-regex adding duplicate lines with each regex
This issue was caused by the fact that every "line" is processed for each
regex, meaning each line was duplicated for every regex. This caused
duplicate fail matches and the buffer filling too quickly and possibly
missing failures.
2013-05-27 18:11:08 +01:00
Steven Hiscocks c08bd67f50 BF: fail2ban-regex systemd-journal field fix for __CURSOR 2013-05-12 13:05:21 +01:00
Steven Hiscocks f7d328195f NF: Add systemd journal backend 2013-05-10 00:15:07 +01:00
Steven Hiscocks c98b01bd1d BF: fail2ban-regex fix for maxlines init option reader 2013-05-09 23:37:52 +01:00
Steven Hiscocks 7371d2a271 ENH: Added datepattern option to fail2ban-regex 2013-05-04 17:15:47 +01:00
Yaroslav Halchenko b65205d4ad Merge branch 'master' into 0.9
* master:
  ENH: "is None" instead of "== None" + tune ups in headers
  BF: log error only if there were missed config files that couldn't be read
  DOC: missing cinfo tags are ok. Log error for self referencing definitions
  DOC: s/defination/definition/g learn to spell
  Changelog entry for the previous commit and some untabify
  BF: pyinotify backend should also handle IN_MOVED_TO events
  ENH: remove stats of config files and use results of SafeConfigParserWithIncludes.read to facilitate meaningful error messages
  DOC: credits for gh-70 fix
  BF: ensure dates in email are in the C locale. Thanks iGeorgeX
  DOC: ChangeLog for recursive tag substition
  ENH: allow recursive tag substitution in action files.
  DOC: document <br> tag
  DOC: ChangeLog for named-refused entry
  ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458
  DOC: release documentation and distributor contacts
  DOC: changelog entry for enhanced ssh filter
  BF: Rename mentioning of README to README.md (Fixes #187)
  updated README.md to hyperlink, add travis and coversall
  Moving README into a markup README.md for github's goodnesses

Conflicts:
	DEVELOP
	README.md
	fail2ban/client/configreader.py
	fail2ban/server/datedetector.py
2013-05-02 23:55:26 -04:00
Yaroslav Halchenko 1fcb5efbd7 ENH: make fail2ban-regex aware of possible maxlines in the filter config file 2013-04-22 00:01:30 -04:00
Steven Hiscocks 12df12f282 BF: Change logging instance logSys `warn` method to `warning`
`warn` is long time depreciated method, which may be dropped in
python3.4 http://bugs.python.org/issue13235
2013-04-21 10:21:54 +01:00
Steven Hiscocks 9e684abad7 TST: Move test gathering to function is test utils 2013-04-20 20:13:21 +01:00
Steven Hiscocks 4cc3a81cc1 TST: Move test TZ changes to setUp and tearDown methods 2013-04-20 20:09:44 +01:00
Steven Hiscocks fa0f8f9e6d Merge branch '0.9' into py3
Conflicts:
	.travis.yml
	MANIFEST
	bin/fail2ban-regex
	fail2ban/server/filter.py
	fail2ban/tests/servertestcase.py
	setup.py
2013-04-13 16:54:22 +01:00
Steven Hiscocks 8e0f5f8ea6 Merge branch '0.9' into module
Conflicts:
	fail2ban/tests/clientreadertestcase.py
	fail2ban/tests/filtertestcase.py
2013-04-06 09:57:44 +01:00
Steven Hiscocks a153653a27 ENH+TST: Move fail2ban-* scripts to bin/ 2013-04-01 19:06:13 +01:00