I also used non-greedy .*? for the login portion since not sure if space could
be there and trying to minimize possibility of reacting on injected "from
<HOST>" somewhere within the trailing .*
Otherwise <HOST> regexp might swallow period in the sentence right after the address.
I have decided to enforce alphanumeric instead of switching to non-greedy +? ... because
I think it is closer to what we actually want here
This avoids duplication of code across fail2ban-regex and samples test
cases. This also now more neatly resolves the issue of double counting
date templates matches in fail2ban-regex.
In addition, the samples test cases now also print a warning message
that not all regexs have samples for them, with future plan to change
this to an assertion.
* 'dovecot' of https://github.com/grooverdan/fail2ban:
ENH: remove non-capturing groups for readibility
BF: fix dovecot filter for when no TLS is enabled on pop/imap
Conflicts:
ChangeLog -- changelog entries. Also untabified few other spots
* 'exim' of https://github.com/grooverdan/fail2ban:
DOC: credits/blame to me for changes to exim
ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries
TST/ENH: Improve regex around exim
* '3proxy' of https://github.com/grooverdan/fail2ban:
BF: fix to proxy port in 3proxy example
ENH: sample log + more specific regex
BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
BF: need to anchor the start to avoid another repeat of DoS injection like Apache
ENH: stricter regex thanks to Steven Hiscocks (kwirk)
DOC: credits
Conflicts:
ChangeLog
* 'exim' of https://github.com/grooverdan/fail2ban:
BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
ENH: readibility thanks to Yaroslav
ENH/BF: exim improvements with sample
Conflicts:
ChangeLog
* 'proftpd' of https://github.com/grooverdan/fail2ban:
ENH: proftpd chan accept usernames with spaces
ENH: injection of fail data into USER field
ENH: proftp regex hardening and log messages
Conflicts:
ChangeLog
* 'bsd_logs' of https://github.com/grooverdan/fail2ban:
ENH: separate out regex and escape a .
BF: missed MANIFEST include
DOC: credits for bsd log
DOC: bsd syslog files thanks to Nick Hilliard
BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD
Conflicts:
config/filter.d/common.conf
Origin: from https://github.com/jamesstout/fail2ban
* 'OpenSolaris' of https://github.com/jamesstout/fail2ban:
ENH: Removed unused log line
BF: fail2ban.local needs section headers
ENH: Use .local config files for logtarget and jail
ENH+TST: ssh failure messages for OpenSolaris and OS X
ENH: fail message matching for OpenSolaris and OS X
ENH: extra daemon info regex
ENH: actionunban back to a sed command
Readme for config on Solaris
create socket/pid dir if needed
Extra patterns for Solaris
change sed to perl for Solaris
Conflicts:
config/filter.d/sshd.conf
Origin: https://github.com/lenrico/fail2ban
Squashing was done via rebase -i 1524b076d6
to eliminate massive assp sample log file originally added
fixed test date thx to steven
tight control of the filter for ASSP
as yaroslav wishes
as daniel desires
changed from DateASSPlike class to DateStrptime
fixed little things
added new date format support for ASSP SMTP Proxy
* 'master' of git://github.com/fail2ban/fail2ban:
BF: log error only if there were missed config files that couldn't be read
DOC: missing cinfo tags are ok. Log error for self referencing definitions
DOC: s/defination/definition/g learn to spell
ENH: remove stats of config files and use results of SafeConfigParserWithIncludes.read to facilitate meaningful error messages
DOC: ChangeLog for recursive tag substition
ENH: allow recursive tag substitution in action files.
* 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban:
Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
Added support for MySQL logfiles
Conflicts:
testcases/datedetectortestcase.py -- conflictde with other added test cases
* pr/117/head:
An example of failed logins against sogo
Update sogo-auth.conf
Update config/filter.d/sogo-auth.conf
Create sogo-auth.conf
Update config/jail.conf
Also to guarantee unique file names across tests -- append incremental
numeric suffix.
This should prevent unittest from not reporting specific unittest method names,
thus complicating the analysis of failures
It also fixes#115 since current implementation provides similarly informative
error messages. But see #153 for possible improvements
* _tent/conf_d:
Reincarnated removed (by mistake) test for SplitAction
ENH: made log messages while parsing files more informative + test for inaccessible file (Closes: gh-24)
NF: allow customization configuration under corresponding .d directories (Closes gh-114)
Fix up for warning/error for inaccessible config files
Warn if config file present but unreadable
Conflicts:
fail2ban-testcases
* 'datedetector-testcase' of https://github.com/kwirk/fail2ban:
Correct datedetector testcases for TAI64N format
Additional date/time formats for datedetector testcases
* 'socket-testcase' of https://github.com/kwirk/fail2ban:
Update MANIFEST with and author of testcases/sockettestcase.py
Added testcase for csocket and asyncserver
Also made a note that some workarounds for certain date/time formats
may cause week/year day to be incorrect. This does not affect
functionality of fail2ban so no urgency to fix.
Additional changes:
ENH: make basedir for Config's a kwarg to the constructor
ENH: improved analysis/reporting on presence/accessibility of config
files. Got carried away and forgot about existing work done by
Steven Hiscocks in the gh-115 -- will merge it in the next
commit for the fair ack of his work
Now for any X.conf configuration file we have following ways to
provide customizations
X.local -- read after .conf (kept for backward compatibility)
X.d/ -- directory to contain additional .conf files, sorted
alphabetically, e.g
X.d/01_enable.conf - to enable the jail
X.d/02_custom_port.conf - to change the port
X could be a 'jail' or 'fail2ban' or any other configuration file in
fail2ban.
Mention that all files still must contain the corresponding sections
(most of the time duplicating it across all of them).
Before, it would first do stable sort followed with explicit reverse.
Now reverse is given as an argument to sort, and it results in actually
preserving the order in case of e.g. no sorting needed
Otherwise it might lead to spurious characters dumped into the
terminal at few places, unless casted upon every use in the logs. To
prevent those issues in the source, store IP as a basic string if it
is a string at all
* needed additional sleeps for polling filter since that one relies on
time-stamps and too rapid changes would not be caught by the
PollFilter
* in python 2.4, time stamps are up to a second (int's) so sleeps longer
* test_new_bogus_file -- just to make sure that addition of new files
does not alter our monitoring
* gh-magicrhesus/master:
Add the INCLUDE section to use __pid_re feature
Disable asterisk jail by default
Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
Change NOTICE by NOTICE%(__pid_re)s
Remove custom bantime
Add sample log file for asterisk
Add $ at the end of the failregex
Add asterisk support
Conflicts:
config/jail.conf -- placed asterisk jails before recidive and added blank lines after the jail headers
although %m-%d-%Y is ambioius with %d-%m-%Y it comes after so it should not
be too dangerous (i.e. in upcoming days having smth like 02-01 should work as before matching
first one first) and proper fix to select between the two should follow some time
soon
following commits were squashed from feature branch use_dns
commit 068c105eb5
Author: Lee Clemens <java@leeclemens.net>
Date: Tue Jan 10 22:19:04 2012 -0500
Prevent warning when IP is read from log
commit 635ed36a8c
Author: Lee Clemens <java@leeclemens.net>
Date: Tue Jan 10 22:17:08 2012 -0500
Removed logDebug
commit 24656d2812
Merge: 7957fbec429f5c
Author: Lee Clemens <java@leeclemens.net>
Date: Tue Jan 10 21:13:11 2012 -0500
Merge branch 'enh/use_dns' of github:leeclemens/fail2ban into enh/use_dns
Conflicts:
testcases/filtertestcase.py
commit 7957fbe821
Author: Lee Clemens <java@leeclemens.net>
Date: Tue Jan 10 21:09:58 2012 -0500
filtertestcase fixes from yarikoptic
commit 6ce9d04640
Author: Yaroslav Halchenko <debian@onerussian.com>
Date: Tue Jan 10 19:26:05 2012 -0500
RF: for consistency use_dns -> usedns
I guess it was might fault of inconsistency suggesting that name.
Other options/commands do not have _ in the names, so let it be
consistent with the rest for now
commit cfb2c75b49
Author: Lee Clemens <java@leeclemens.net>
Date: Tue Jan 10 19:18:41 2012 -0500
Updated DNSUtilsTests to test use_dns and added positive test to testTextToIp
commit f6186eff14
Author: Lee Clemens <java@leeclemens.net>
Date: Tue Jan 10 19:02:04 2012 -0500
Changed wording of 'DNS Reverse lookup used' message
commit 82c62d29dc
Author: Lee Clemens <java@leeclemens.net>
Date: Tue Jan 10 18:53:17 2012 -0500
Removed extraneous "n"
commit dc0ae21932
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 23:07:59 2012 -0500
ENH: use_dns - removed debugging statements
commit 594e25818c
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 22:53:39 2012 -0500
Added use_dns protocol to set and get per jail during runtime
commit 48ff80ffac
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 22:41:18 2012 -0500
Completed use_dns for initial startup - with debugging statements
commit 0bdab4c2d7
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 20:05:35 2012 -0500
ENH: Added use_dns option
commit 6d6b734ea5
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 20:01:34 2012 -0500
ENH: Added use_dns option
commit 11ad2b6125
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 19:17:30 2012 -0500
Added useDns flag to testcase
commit b48fa9b6af
Author: Lee Clemens <java@leeclemens.net>
Date: Sun Jan 8 15:13:27 2012 -0500
Added use_dns option in jail.conf
commit c429f5c91a
Merge: 4b18afb0021906
Author: leeclemens <java@leeclemens.net>
Date: Tue Jan 10 16:32:22 2012 -0800
Merge pull request #3 from yarikoptic/enh/use_dns
let's be consistent ;-)
commit 0021906358
Author: Yaroslav Halchenko <debian@onerussian.com>
Date: Tue Jan 10 19:26:05 2012 -0500
RF: for consistency use_dns -> usedns
I guess it was might fault of inconsistency suggesting that name.
Other options/commands do not have _ in the names, so let it be
consistent with the rest for now
commit 4b18afb28a
Author: Lee Clemens <java@leeclemens.net>
Date: Tue Jan 10 19:18:41 2012 -0500
Updated DNSUtilsTests to test use_dns and added positive test to testTextToIp
commit 4fae37e46f
Author: Lee Clemens <java@leeclemens.net>
Date: Tue Jan 10 19:02:04 2012 -0500
Changed wording of 'DNS Reverse lookup used' message
commit e94806ce48
Author: Lee Clemens <java@leeclemens.net>
Date: Tue Jan 10 18:53:17 2012 -0500
Removed extraneous "n"
commit 4d30c52907
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 23:07:59 2012 -0500
ENH: use_dns - removed debugging statements
commit 76696d452a
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 22:53:39 2012 -0500
Added use_dns protocol to set and get per jail during runtime
commit 0631618087
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 22:41:18 2012 -0500
Completed use_dns for initial startup - with debugging statements
commit d23d495547
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 20:05:35 2012 -0500
ENH: Added use_dns option
commit 9538553bc5
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 20:01:34 2012 -0500
ENH: Added use_dns option
commit ae1e857e53
Author: Lee Clemens <java@leeclemens.net>
Date: Mon Jan 9 19:17:30 2012 -0500
Added useDns flag to testcase
commit ace43eb941
Author: Lee Clemens <java@leeclemens.net>
Date: Sun Jan 8 15:13:27 2012 -0500
Added use_dns option in jail.conf
The address has changed from "59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA" to "51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301, USA" some time ago.