Commit Graph

49 Commits (fa20b0aff2be0f0fff5ed796cd2bd31ec79f275f)

Author SHA1 Message Date
Alexander Koeppe 975608dfb6 no hardcoded python interpreter path 2016-05-15 21:08:32 +02:00
sebres 38f09b417a fail2ban-regex command line (after fail2ban-regex functionality moved to the client) 2015-11-10 13:26:34 +01:00
sebres 0877d66228 fail2ban-regex moved to the client + test cases for initial coverage added 2015-11-10 11:46:19 +01:00
sebres a42aa726ab fixed fail2ban-regex reads invalid character (in sense of given encoding); continuing to process line ignoring invalid characters (still has no test cases).
filter test cases added for same issue inside fail2ban-server / fail2ban-testcases;
closes gh-1248
2015-11-09 20:47:15 +01:00
Lee Clemens c7e203b20f Fix PEP8 E401 - multiple imports on one line 2015-07-03 13:02:50 -04:00
Steven Hiscocks 0c869910ea BF: Fix fail2ban-regex not parsing journalmatch correctly 2015-05-09 10:26:14 +01:00
sebres 74c6f6ac4b BF: fail2ban-regex does not read '.local' file of given filter (gh-954) 2015-02-13 15:36:00 +01:00
Steven Hiscocks 2d54161696 Merge branch 'kwirk/harmonize-log-msgs'
Conflicts:
	ChangeLog - Keep all additions
2014-06-22 12:57:49 +01:00
Steven Hiscocks 4fc7f1a831 ENH: Tweak naming of getF2BLogger, and ensure consistent use 2014-06-10 20:36:19 +01:00
Yaroslav Halchenko eb2487986c ENH: minor -- print time which was used to process lines 2014-05-15 21:17:43 -04:00
Yaroslav Halchenko 3471f13a84 Merge pull request #700 from kwirk/format-traceback-to-helpers
ENH: Move traceback formatter to from tests.utils to helpers
2014-05-07 09:09:01 -04:00
Steven Hiscocks 7cc64a14e0 BF: fail2ban-regex assertion error caused by miscounted "missed" lines
Caused when removing lines as part of multiline regex, which had been
previously considered missed.
2014-04-27 13:27:11 +01:00
Steven Hiscocks 6a740f684a ENH: Move traceback formatter to from tests.utils to helpers
Now allows for tests to be removed from package if desired
2014-04-18 23:27:30 +01:00
Hank Leininger 2d42b46a7c
Add a --print-all-matched option.
The default behavior, to not print any matched lines, is unchanged.
2014-03-17 00:50:04 -04:00
Steven Hiscocks e193e67718 BF: fail2ban-regex mix of tabs and spaces 2014-03-16 18:25:16 +00:00
Daniel Black aa7e8fb9ce DOC: Credits. close gh-644 2014-03-14 22:30:44 +11:00
Steven Hiscocks 5630c56c75 ENH: Change logging levels and make info more verbose 2014-02-20 23:01:40 +00:00
Daniel Black cc1a9cc45d BF: match up fail2ban-regex for datedetector/datetemplate changes 2014-01-28 06:59:01 +11:00
Daniel Black 95add8a1c5 BF: datepattern handling in fail2ban-regex 2014-01-06 09:55:53 +11:00
Daniel Black 58a5983367 ENH: fix fail2ban-regex for filter arguement substition 2014-01-02 10:03:14 +11:00
Steven Hiscocks c80297045e ENH: Pass date time straight from systemd backend
Removes need to reparse the date time back from the ISO format
2013-12-28 18:02:16 +00:00
Steven Hiscocks 06a7b6534e DOC: Correct use of tab to spaces in fail2ban-regex help message 2013-12-14 17:21:56 +00:00
Steven Hiscocks d9afcc178a MINOR: PEP-8 tweaks for multiline-matches change set 2013-12-13 16:38:26 +00:00
Steven Hiscocks 60d298d898 BF: fail2ban-regex erroneously reporting multiple regexs had matched 2013-12-04 23:36:45 +00:00
Steven Hiscocks c886414e2e ENH+BF: Capture multiline matched lines into fail ticket
Previously only the last line of the match was being saved, not all
lines involved in matching.

Log lines are now broken into 3 part tuple, with the line pre-datetime,
the datetime, and post-datetime. Allows reformation of full line, but
also use of the line without the datetime present.
Attempting to use the term "tupleLine(s)" where possible, to avoid
confusion with normal read lines.

May also wish to consider that regexs could be made to capture more
lines of interest if some form of unique reference is available. This
may allow more lines of interest to be captured, which may not be picked
up by the traditional "grep <ip>" approach i.e. ones which do not have
the ip address in.

This also simplified the fail2ban-regex statistics for missed lines.
Also resolved bug with missed lines time extracted for debuggex having
some lines present which were captured in a multiline regex.
Also resolved independent issue with ignored line check including the
datetime, which raised assertion error in the rare case the datetime
matched the ignore regex, and the rest of line only matched a failregex
2013-12-04 22:26:22 +00:00
Daniel Black 47d35c9d80 MRG: 0.8.11 to 0.9
Epnoc of selinux is now true UTC

Merge multiline support and date detection in filter
2013-11-02 15:59:05 +11:00
Steven Hiscocks e07df3f7d4 ENH: fail2ban-regex uses ISO8601 when using journal backend
Also fix setting of date pattern occurring too early, before filter
being created.
2013-09-22 18:14:04 +01:00
Daniel Black d5291517a7 MISC: merge from master 2013-07-28 19:43:54 +10:00
Steven Hiscocks 088e7f92aa ENH: fail2ban-regex uses iterable for files and journal access 2013-07-27 12:35:42 +01:00
Steven Hiscocks 72430e805d Merge branch 'datepatterns' into datepatterns-dateregex
Conflicts:
	bin/fail2ban-regex
	fail2ban/client/beautifier.py
	fail2ban/server/datedetector.py
2013-07-17 21:07:09 +01:00
Steven Hiscocks 05fac65a50 BF: fail2ban-regex multiline regex matches no longer in missed lines
Closes #263
Closes #282
2013-07-17 00:08:43 +01:00
Steven Hiscocks 1eea0dcec8 Merge branch 'master' into 0.9
Conflicts:
	ChangeLog
	bin/fail2ban-regex
	bin/fail2ban-testcases
	config/jail.conf
	fail2ban/server/failregex.py
	fail2ban/server/filter.py
	fail2ban/tests/files/logs/lighttpd
	fail2ban/tests/files/logs/mysqld.log
	fail2ban/tests/files/logs/wu-ftpd
	fail2ban/tests/filtertestcase.py
	fail2ban/tests/utils.py
	testcases/files/logs/lighttpd
	testcases/files/logs/lighttpd-auth
	testcases/files/logs/mysqld-auth
	testcases/files/logs/mysqld.log
	testcases/files/logs/wu-ftpd
	testcases/files/logs/wuftpd
2013-07-16 23:16:22 +01:00
Steven Hiscocks 3dbe2c04ca BF: fail2ban now don't print maxlines twice when using ignoreregex
Also read failregex first, as more natural place to get maxlines value
from.
2013-07-05 18:47:08 +01:00
Steven Hiscocks 1dbba35cd9 Merge branch 'master' into 0.9
Conflicts:
	fail2ban/client/jailreader.py
	fail2ban/tests/clientreadertestcase.py
	fail2ban/tests/files/logs/sshd
2013-06-29 20:31:26 +01:00
Steven Hiscocks 88bee24edb DOC: Neaten format for fail2ban-regex maxlines print 2013-06-29 19:14:42 +01:00
Steven Hiscocks d081a71759 BF: fail2ban-regex on python3+ 2013-06-29 13:57:12 +01:00
Steven Hiscocks 5ca6a9aeb6 Merge branch 'systemd-journal' into 0.9
Conflicts:
	bin/fail2ban-regex
	config/filter.d/sshd.conf

Closes github #224
2013-06-29 13:00:40 +01:00
Steven Hiscocks f87c53fa52 BF: fail2ban-regex adding duplicate lines with each regex
This is another fix on top of e73b3dd to correctly resolve this issue
2013-06-19 20:03:19 +01:00
Steven Hiscocks 123ec3da13 BF: Incorrect import for 0.9 branch in fail2ban-regex 2013-06-19 20:02:49 +01:00
Yaroslav Halchenko 8487cb2e90 Merge commit '0.8.10-31-g1ab0f0f' into 0.9
* commit '0.8.10-31-g1ab0f0f': (24 commits)
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  DOC: Changelog for fail2ban-regex RF
  DOC: Changelog for asterisk hardening
  ENH: fail2ban-regex -- add specification of loglevels to enable
  RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs
  ENH: 'heavydebug' level == 5 for even more debugging in tricky cases
  ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
  BF: missed a space
  BF: [SSL-out] is optional in assp
  ENH: regex hardening on assp
  ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
  TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: dovecot regexs rewritten and extra failures
  ENH: proftp regex hardening and log messages
  ENH/BF: exim improvements with sample
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  ...

Conflicts: -- it was a messy merge/resolution.
	ChangeLog
	bin/fail2ban-regex
	fail2ban-testcases
	fail2ban/server/filter.py
2013-06-18 20:21:23 -04:00
Steven Hiscocks e73b3dd53e BF: fail2ban-regex adding duplicate lines with each regex
This issue was caused by the fact that every "line" is processed for each
regex, meaning each line was duplicated for every regex. This caused
duplicate fail matches and the buffer filling too quickly and possibly
missing failures.
2013-05-27 18:11:08 +01:00
Steven Hiscocks c08bd67f50 BF: fail2ban-regex systemd-journal field fix for __CURSOR 2013-05-12 13:05:21 +01:00
Steven Hiscocks f7d328195f NF: Add systemd journal backend 2013-05-10 00:15:07 +01:00
Steven Hiscocks c98b01bd1d BF: fail2ban-regex fix for maxlines init option reader 2013-05-09 23:37:52 +01:00
Steven Hiscocks 7371d2a271 ENH: Added datepattern option to fail2ban-regex 2013-05-04 17:15:47 +01:00
Yaroslav Halchenko 1fcb5efbd7 ENH: make fail2ban-regex aware of possible maxlines in the filter config file 2013-04-22 00:01:30 -04:00
Steven Hiscocks fa0f8f9e6d Merge branch '0.9' into py3
Conflicts:
	.travis.yml
	MANIFEST
	bin/fail2ban-regex
	fail2ban/server/filter.py
	fail2ban/tests/servertestcase.py
	setup.py
2013-04-13 16:54:22 +01:00
Steven Hiscocks 8e0f5f8ea6 Merge branch '0.9' into module
Conflicts:
	fail2ban/tests/clientreadertestcase.py
	fail2ban/tests/filtertestcase.py
2013-04-06 09:57:44 +01:00
Steven Hiscocks a153653a27 ENH+TST: Move fail2ban-* scripts to bin/ 2013-04-01 19:06:13 +01:00