|
[-]
[+]
|
Changed |
fail2ban.changes
|
|
|
|
[-]
[+]
|
Changed |
fail2ban.spec
^
|
|
|
|
[-]
[+]
|
Deleted |
fail2ban-0.8.4.tar.bz2/PKG-INFO
^
|
| @@ -1,15 +0,0 @@
-Metadata-Version: 1.0
-Name: fail2ban
-Version: 0.8.4
-Summary: Ban IPs that make too many password failure
-Home-page: http://www.fail2ban.org
-Author: Cyril Jaquier
-Author-email: cyril.jaquier@fail2ban.org
-License: GPL
-Description:
- Fail2Ban scans log files like /var/log/pwdfail or
- /var/log/apache/error_log and bans IP that makes
- too many password failures. It updates firewall rules
- to reject the IP address or executes user defined
- commands.
-Platform: Posix
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/.gitignore
^
|
| @@ -0,0 +1 @@
+*~
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/.project
^
|
| @@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>fail2ban-unstable</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.python.pydev.PyDevBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.python.pydev.pythonNature</nature>
+ </natures>
+</projectDescription>
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/.pydevproject
^
|
| @@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?eclipse-pydev version="1.0"?>
+
+<pydev_project>
+<pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.3</pydev_property>
+<pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
+<path>/fail2ban-0.8/client</path>
+<path>/fail2ban-0.8/server</path>
+<path>/fail2ban-0.8/testcases</path>
+<path>/fail2ban-0.8</path>
+</pydev_pathproperty>
+</pydev_project>
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/.pylintrc
^
|
| @@ -0,0 +1,37 @@
+# Custom pylint configuration for the Fail2Ban project
+#
+# Set your PYLINTRC environment variable to point to this file
+# e.g.
+# export PYLINTRC=$PWD/.pylintrc
+
+[FORMAT]
+indent-string='\t'
+
+[BASIC]
+# Fail2Ban uses non-conventional to Python world camel-casing
+# These regexps were originally borrowed from 0.4.x series of
+# PyMVPA which had similar conventions.
+
+# Regular expression which should only match correct module names
+module-rgx=(([a-z][a-z0-9_]*)|([A-Z][a-zA-Z0-9_]+))$
+
+attr-rgx=[a-z_][a-zA-Z0-9_]{2,30}
+
+# Regular expression which should only match correct class names
+class-rgx=[A-Z_]+[a-zA-Z0-9]+$
+
+# Regular expression which should only match correct function names
+function-rgx=[a-z_]+[a-z_][a-zA-Z0-9]*$
+
+# Regular expression which should only match correct method names
+method-rgx=([a-z_]|__)[a-zA-Z0-9]*(__)?$
+
+# Regular expression which should only match correct argument names
+argument-rgx=[a-z][a-zA-Z0-9]*_*[a-zA-Z0-9]*_*[a-zA-Z0-9]*_?$
+
+# Regular expression which should only match correct variable names
+variable-rgx=([a-z_]+[a-zA-Z0-9]*_*[a-zA-Z0-9]*_*[a-zA-Z0-9]*_?||(__.*__))$||[A-Z]
+
+# Regular expression which should only match correct module level names
+# Default: (([A-Z_][A-Z1-9_]*)|(__.*__))$
+const-rgx=([a-z_]+[a-zA-Z0-9]*_*[a-zA-Z0-9]*_*[a-zA-Z0-9]*_?|__.*__)$||[A-Z]
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/.travis.yml
^
|
| @@ -0,0 +1,11 @@
+# vim ft=yaml
+# travis-ci.org definition for Fail2Ban build
+language: python
+python:
+ - "2.5"
+ - "2.6"
+ - "2.7"
+install:
+ - "pip install pyinotify"
+script:
+ - python ./fail2ban-testcases
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/ChangeLog
^
|
| @@ -4,9 +4,196 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
-Fail2Ban (version 0.8.4) 2009/09/07
+Fail2Ban (version 0.8.8) 2012/12/06
================================================================================
+ver. 0.8.8 (2012/12/06) - stable
+----------
+- Fixes:
+ Alan Jenkins
+ * [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid
+ banning due to misconfigured DNS. Close gh-64
+ Yaroslav Halchenko
+ * [83109bc] IMPORTANT: escape the content of <matches> (if used in
+ custom action files) since its value could contain arbitrary
+ symbols. Thanks for discovery go to the NBS System security
+ team
+ * [0935566,5becaf8] Various python 2.4 and 2.5 compatibility fixes. Close gh-83
+ * [b159eab] do not enable pyinotify backend if pyinotify < 0.8.3
+ * [37a2e59] store IP as a base, non-unicode str to avoid spurious messages
+ in the console. Close gh-91
+- New features:
+ David Engeset
+ * [2d672d1,6288ec2] 'unbanip' command for the client + avoidance of touching
+ the log file to take 'banip' or 'unbanip' in effect. Close gh-81, gh-86
+ Yaroslav Halchenko
+- Enhancements:
+ * [2d66f31] replaced uninformative "Invalid command" message with warning log
+ exception why command actually failed
+ * [958a1b0] improved failregex to "support" auth.backend = "htdigest"
+ * [9e7a3b7] until we make it proper module -- adjusted sys.path only if
+ system-wide run
+ * [f52ba99] downgraded "already banned" from WARN to INFO level. Closes gh-79
+ * [f105379] added hints into the log on some failure return codes (e.g. 0x7f00
+ for this gh-87)
+ * Various others: travis-ci integration, script to run tests
+ against all available Python versions, etc
+
+ver. 0.8.7.1 (2012/07/31) - stable
+----------
+
+- Fixes:
+ Yaroslav Halchenko
+ * [e9762f3] Removed sneaked in comment on sys.path.insert
+
+ver. 0.8.7 (2012/07/31) - stable
+----------
+
+- Fixes:
+ Tom Hendrikx & Jeremy Olexa
+ * [0eaa4c2,444e4ac] Fix Gentoo init script: $opts variable is deprecated.
+ See http://forums.gentoo.org/viewtopic-t-899018.html
+ Chris Reffett
+ * [a018a26] Fixed addBannedIP to add enough failures to trigger a ban,
+ rather than just one failure.
+ Yaroslav Halchenko
+ * [4c76fb3] allow trailing white-spaces in lighttpd-auth.conf
+ * [25f1e8d] allow trailing whitespace in few missing it regexes for sshd.conf
+ * [ed16ecc] enforce "ip" field returned as str, not unicode so that log
+ message stays non-unicode. Close gh-32
+ * [b257be4] added %m-%d-%Y pattern + do not add %Y for Feb 29 fix if
+ already present in the pattern
+ * [47e956b] replace "|" with "_" in ipmasq-ZZZzzz|fail2ban.rul to be
+ friend to developers stuck with Windows (Closes gh-66)
+ * [80b191c] anchor grep regexp in actioncheck to not match partial names
+ of the jails (Closes: #672228) (Thanks Szépe Viktor for the report)
+- New features:
+ François Boulogne
+ * [a7cb20e..] add lighttpd-auth filter/jail
+ Lee Clemens & Yaroslav Halchenko
+ * [e442503] pyinotify backend (default if backend='auto' and pyinotify
+ is available)
+ * [d73a71f,3989d24] usedns parameter for the jails to allow disabling
+ use of DNS
+ Tom Hendrikx
+ * [f94a121..] 'recidive' filter/jail to monitor fail2ban.conf to ban
+ repeated offenders. Close gh-19
+ Xavier Devlamynck
+ * [7d465f9..] Add asterisk support
+ Zbigniew Jędrzejewski-Szmek
+ * [de502cf..] allow running fail2ban as non-root user (disabled by
+ default) via xt_recent. See doc/run-rootless.txt
+- Enhancements
+ Lee Clemens
+ * [47c03a2] files/nagios - spelling/grammar fixes
+ * [b083038] updated Free Software Foundation's address
+ * [9092a63] changed TLDs to invalid domains, in accordance with RFC 2606
+ * [642d9af,3282f86] reformated printing of jail's name to be consistent
+ with init's info messages
+ * [3282f86] uniform use of capitalized Jail in the messages
+ Leonardo Chiquitto
+ * [4502adf] Fix comments in dshield.conf and mynetwatchman.conf
+ to reflect code
+ * [a7d47e8] Update Free Software Foundation's address
+ Petr Voralek
+ * [4007751] catch failed ssh logins due to being listed in DenyUsers.
+ Close gh-47 (Closes: #669063)
+ Yaroslav Halchenko
+ * [MANY] extended and robustified unittests: test different backends
+ * [d9248a6] refactored Filter's to avoid duplicate functionality
+ * [7821174] direct users to issues on github
+ * [d2ffee0..] re-factored fail2ban-regex -- more condensed output by
+ default with -v to control verbosity
+ * [b4099da] adjusted header for config/*.conf to mention .local and way
+ to comment (Thanks Stefano Forli for the note)
+ * [6ad55f6] added failregex for wu-ftpd to match against syslog instead
+ of DoS-prone auth.log's rhost (Closes: #514239)
+ * [2082fee] match possibly present "pam_unix(sshd:auth):" portion for
+ sshd filter (Closes: #648020)
+ Yehuda Katz & Yaroslav Halchenko
+ * [322f53e,bd40cc7] ./DEVELOP -- documentation for developers
+
+ver. 0.8.6 (2011/11/28) - stable
+----------
+- Fixes:
+ Markos Chandras & Yaroslav Halchenko
+ * [492d8e5,bd658fc] Use hashlib (instead of deprecated md5) where available
+ Robert Trace & Michael Lorant
+ * [c48c2b1] gentoo-initd cleanup and fixes: assure /var/run + remove stale
+ sock file
+ Michael Saavedra
+ * [3a58d0e] Lock server's executeCmd to prevent racing among iptables calls:
+ see http://bugs.debian.org/554162
+ Yaroslav Halchenko
+ * [3eb5e3b] Allow for trailing spaces in sasl logs
+ * [1632244] Stop server-side communication before stopping the
+ jails (prevents lockup if actions use fail2ban-client upon
+ unban): see https://github.com/fail2ban/fail2ban/issues/7
+ * [5a2d518] Various changes to reincarnate unittests
+ Yehuda Katz
+ * Wiki was cleaned from SPAM
+- Enhancements:
+ Adam Spiers
+ * [3152afb] Recognise time-stamped kernel messages
+ Guido Bozzetto
+ * [713fea6] Added ipmasq rule file to restart fail2ban when iptables are
+ wiped out: see http://bugs.debian.org/461417
+ Łukasz
+ * [5f23542] Matching of month names in Polish (thanks michaelberg79
+ for QA)
+ Tom Hendrikx
+ * [9fa54cf] Added Date: header for sendmail*.conf actions
+ Yaroslav Halchenko & Tom Hendrikx
+ * [b52d420..22b7007] <matches> in action files now can be used
+ to provide matched loglines which triggered action
+ Yaroslav Halchenko
+ * [ed0bf3a] Removed duplicate entry for DataCha0s/2\.0 in badbots:
+ see http://bugs.debian.org/519557
+ * [dad91f7] sshd.conf: allow user names to have spaces and
+ trailing spaces in the line
+ * [a9be451] removed expansions for few Date and Revision SVN keywords
+ * [a33135c] set/getFile for ticket.py -- found in source distribution
+ of 0.8.4
+ * [fbce415] additional logging while stopping the jails
+
+ver. 0.8.5 (2011/07/28) - stable
+----------
+- Fix: use addfailregex instead of failregex while processing per-jail
+ "failregex" parameter (Fixed Debian bug #635830, LP: #635036). Thanks to
+ Marat Khayrullin for the patch and Daniel T Chen for forwarding to
+ Debian.
+- Fix: use os.path.join to generate full path - fixes includes in configs
+ given local filename (5 weeks ago) [yarikoptic]
+- Fix: allowed for trailing spaces in proftpd logs
+- Fix: escaped () in pure-ftpd filter. Thanks to Teodor
+- Fix: allowed space in the trailing of failregex for sasl.conf:
+ see http://bugs.debian.org/573314
+- Fix: use /var/run/fail2ban instead of /tmp for temp files in actions:
+ see http://bugs.debian.org/544232
+- Fix: Tai64N stores time in GMT, needed to convert to local time before
+ returning
+- Fix: disabled named-refused-udp jail entirely with a big fat warning
+- Fix: added time module. Bug reported in buanzo's blog:
+ see http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
+- Fix: Patch to make log file descriptors cloexec to stop leaking file
+ descriptors on fork/exec. Thanks to Jonathan Underwood:
+ see https://bugzilla.redhat.com/show_bug.cgi?id=230191#c24
+- Enhancement: added author for dovecot filter and pruned unneeded space
+ in the regexp
+- Enhancement: proftpd filter -- if login failed -- count regardless of the
+ reason for failure
+- Enhancement: added <chain> to action.d/iptables*. Thanks to Matthijs Kooijman:
+ see http://bugs.debian.org/515599
+- Enhancement: added filter.d/dovecot.conf from Martin Waschbuesch
+- Enhancement: made filter.d/apache-overflows.conf catch more:
+ see http://bugs.debian.org/574182
+- Enhancement: added dropbear filter from Francis Russell and Zak B. Elep:
+ see http://bugs.debian.org/546913
+- Enhancement: changed default ignoreip to ignore entire loopback zone (/8):
+ see http://bugs.debian.org/598200
+- Minor: spell-checked jail.conf. Thanks to Christoph Anton Mitterer
+- Few minor cosmetic changes
+
ver. 0.8.4 (2009/09/07) - stable
----------
- Check the inode number for rotation in addition to checking the first line of
@@ -252,7 +439,7 @@
- Added parsing of timestamp in TAI64N format (#1275325). Thanks to Mark
Edgington
- Added patch #1382936 (Default formatted syslog logging). Thanks to Patrick
- B�rjesson
+ Börjesson
- Removed 192.168.0.0/16 from ignoreip. Attacks could also come from the local
network.
- Robust startup: if iptables module does not get fully initialized after
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/DEVELOP
^
|
| @@ -0,0 +1,158 @@
+ __ _ _ ___ _
+ / _|__ _(_) |_ ) |__ __ _ _ _
+ | _/ _` | | |/ /| '_ \/ _` | ' \
+ |_| \__,_|_|_/___|_.__/\__,_|_||_|
+
+================================================================================
+How to develop for Fail2Ban
+================================================================================
+
+Fail2Ban uses GIT (http://git-scm.com/) distributed source control. This gives
+each developer their own complete copy of the entire repository. Developers can
+add and switch branches and commit changes when ever they want and then ask a
+maintainer to merge their changes.
+
+Fail2Ban uses GitHub (https://github.com/fail2ban/fail2ban) to manage access to
+the Git repository. GitHub provides free hosting for open-source projects as
+well as a web-based Git repository browser and an issue tracker.
+
+If you are familiar with Python and you have a bug fix or a feature that you
+would like to add to Fail2Ban, the best way to do so it to use the GitHub Pull
+Request feature. You can find more details on the Fail2Ban wiki
+(http://www.fail2ban.org/wiki/index.php/Get_Involved)
+
+Testing
+=======
+
+Existing tests can be run by executing `fail2ban-testcases`.
+
+Documentation about creating tests (when tests are required and some guidelines
+for creating good tests) will be added soon.
+
+Coding Standards
+================
+Coming Soon.
+
+
+Design
+======
+
+Fail2Ban was initially developed with Python 2.3 (IIRC). It should
+still be compatible with Python 2.4 and such compatibility assurance
+makes code ... old-fashioned in many places (RF-Note). In 0.7 the
+design went through major refactoring into client/server,
+a-thread-per-jail design which made it a bit difficult to follow.
+Below you can find a sketchy description of the main components of the
+system to orient yourself better.
+
+server/
+------
+
+Core classes hierarchy (feel welcome to draw a better/more complete
+one)::
+
+ -> inheritance
+ + delegation
+ * storage of multiple instances
+
+ RF-Note just a note which might be useful to address while doing RF
+
+ JailThread -> Filter -> FileFilter -> {FilterPoll, FilterPyinotify, ...}
+ | * FileContainer
+ + FailManager
+ + DateDetector
+ + Jail (provided in __init__) which contains this Filter
+ (used for passing tickets from FailManager to Jail's __queue)
+ Server
+ + Jails
+ * Jail
+ + Filter (in __filter)
+ * tickets (in __queue)
+ + Actions (in __action)
+ * Action
+ + BanManager
+
+
+failmanager.py
+~~~~~~~~~~~~~~
+
+FailManager
+
+ Keeps track of failures, recorded as 'tickets'. All operations are
+ done via acquiring a lock
+
+FailManagerEmpty(Exception)
+
+ raised by FailManager.toBan after reaching the list of tickets
+ (RF-Note: asks to become a generator ;) )
+
+
+filter.py
+~~~~~~~~~~
+
+Filter(JailThread)
+
+ Wraps (non-threaded) FailManager (and proxies to it quite a bit),
+ and provides all primary logic for processing new lines, what IPs to
+ ignore, etc
+
+ .failManager [FailManager]
+ .dateDetector [DateDetector]
+ .__failRegex [list]
+ .__ignoreRegex [list]
+ Contains regular expressions for failures and ignores
+ .__findTime [numeric]
+ Used in `processLineAndAdd` to skip old lines
+
+FileFilter(Filter):
+
+ Files-aware Filter
+
+ .__logPath [list]
+ keeps the tracked files (added 1-by-1 using addLogPath)
+ stored as FileContainer's
+ .getFailures
+ actually just returns
+ True
+ if managed to open and get lines (until empty)
+ False
+ if failed to open or absent container matching the filename
+
+FileContainer
+
+ Adapter for a file to deal with log rotation.
+
+ .open,.close,.readline
+ RF-Note: readline returns "" with handler absent... shouldn't it be None?
+ .__pos
+ Keeps the position pointer
+
+DNSUtils
+
+ Utility class for DNS and IP handling
+
+ RF-Note: convert to functions within a separate submodule
+
+
+filter*.py
+~~~~~~~~~~
+
+Implementations of FileFilter's for specific backends. Derived
+classes should provide an implementation of `run` and usually
+override `addLogPath`, `delLogPath` methods. In run() method they all
+one way or another provide
+
+ try:
+ while True:
+ ticket = self.failManager.toBan()
+ self.jail.putFailTicket(ticket)
+ except FailManagerEmpty:
+ self.failManager.cleanup(MyTime.time())
+
+thus channeling "ban tickets" from their failManager to the
+corresponding jail.
+
+action.py
+~~~~~~~~~
+
+Takes care about executing start/check/ban/unban/stop commands
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/MANIFEST
^
|
| @@ -0,0 +1,128 @@
+README
+ChangeLog
+TODO
+THANKS
+COPYING
+fail2ban-client
+fail2ban-server
+fail2ban-testcases
+fail2ban-regex
+client/configreader.py
+client/configparserinc.py
+client/jailreader.py
+client/fail2banreader.py
+client/jailsreader.py
+client/beautifier.py
+client/filterreader.py
+client/actionreader.py
+client/__init__.py
+client/configurator.py
+client/csocket.py
+server/asyncserver.py
+server/filter.py
+server/filterpyinotify.py
+server/filtergamin.py
+server/filterpoll.py
+server/iso8601.py
+server/server.py
+server/actions.py
+server/faildata.py
+server/failmanager.py
+server/datedetector.py
+server/jailthread.py
+server/transmitter.py
+server/action.py
+server/ticket.py
+server/jail.py
+server/jails.py
+server/__init__.py
+server/banmanager.py
+server/datetemplate.py
+server/mytime.py
+server/failregex.py
+testcases/banmanagertestcase.py
+testcases/failmanagertestcase.py
+testcases/clientreadertestcase.py
+testcases/filtertestcase.py
+testcases/__init__.py
+testcases/datedetectortestcase.py
+testcases/actiontestcase.py
+testcases/servertestcase.py
+testcases/files/testcase01.log
+testcases/files/testcase02.log
+testcases/files/testcase03.log
+testcases/files/testcase04.log
+setup.py
+setup.cfg
+common/__init__.py
+common/helpers.py
+common/version.py
+common/protocol.py
+config/jail.conf
+config/filter.d/common.conf
+config/filter.d/apache-auth.conf
+config/filter.d/apache-badbots.conf
+config/filter.d/apache-nohome.conf
+config/filter.d/apache-noscript.conf
+config/filter.d/apache-overflows.conf
+config/filter.d/courierlogin.conf
+config/filter.d/couriersmtp.conf
+config/filter.d/cyrus-imap.conf
+config/filter.d/exim.conf
+config/filter.d/gssftpd.conf
+config/filter.d/lighttpd-fastcgi.conf
+config/filter.d/named-refused.conf
+config/filter.d/postfix.conf
+config/filter.d/proftpd.conf
+config/filter.d/pure-ftpd.conf
+config/filter.d/qmail.conf
+config/filter.d/pam-generic.conf
+config/filter.d/php-url-fopen.conf
+config/filter.d/sasl.conf
+config/filter.d/sieve.conf
+config/filter.d/sshd.conf
+config/filter.d/sshd-ddos.conf
+config/filter.d/vsftpd.conf
+config/filter.d/webmin-auth.conf
+config/filter.d/wuftpd.conf
+config/filter.d/xinetd-fail.conf
+config/action.d/complain.conf
+config/action.d/dshield.conf
+config/action.d/hostsdeny.conf
+config/action.d/ipfw.conf
+config/action.d/ipfilter.conf
+config/action.d/iptables.conf
+config/action.d/iptables-allports.conf
+config/action.d/iptables-multiport.conf
+config/action.d/iptables-multiport-log.conf
+config/action.d/iptables-new.conf
+config/action.d/mail.conf
+config/action.d/mail-buffered.conf
+config/action.d/mail-whois.conf
+config/action.d/mail-whois-lines.conf
+config/action.d/mynetwatchman.conf
+config/action.d/sendmail.conf
+config/action.d/sendmail-buffered.conf
+config/action.d/sendmail-whois.conf
+config/action.d/sendmail-whois-lines.conf
+config/action.d/shorewall.conf
+config/fail2ban.conf
+man/fail2ban-client.1
+man/fail2ban-client.h2m
+man/fail2ban-server.1
+man/fail2ban-server.h2m
+man/fail2ban-regex.1
+man/fail2ban-regex.h2m
+man/generate-man
+files/gentoo-initd
+files/gentoo-confd
+files/redhat-initd
+files/macosx-initd
+files/solaris-fail2ban.xml
+files/solaris-svc-fail2ban
+files/suse-initd
+files/cacti/fail2ban_stats.sh
+files/cacti/cacti_host_template_fail2ban.xml
+files/cacti/README
+files/nagios/check_fail2ban
+files/nagios/f2ban.txt
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/README
^
|
| @@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
-Fail2Ban (version 0.8.4) 2009/09/07
+Fail2Ban (version 0.8.8) 2012/07/31
================================================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many
@@ -22,12 +22,17 @@
>=python-2.3 (http://www.python.org)
Optional:
- >=gamin-0.0.21 (http://www.gnome.org/~veillard/gamin)
+ pyinotify:
+ >=linux-2.6.13
+ >=python-2.4
+ >=pyinotify-0.8.3 (https://github.com/seb-m/pyinotify)
+ Gamin:
+ >=gamin-0.0.21 (http://www.gnome.org/~veillard/gamin)
To install, just do:
-> tar xvfj fail2ban-0.8.4.tar.bz2
-> cd fail2ban-0.8.4
+> tar xvfj fail2ban-0.8.8.tar.bz2
+> cd fail2ban-0.8.8
> python setup.py install
This will install Fail2Ban into /usr/share/fail2ban. The executable scripts are
@@ -54,25 +59,24 @@
Contact:
--------
-You need some new features, you found bugs or you just appreciate this program,
-you can contact me at:
-
Website: http://www.fail2ban.org
-Cyril Jaquier: <cyril.jaquier@fail2ban.org>
+You need some new features, you found bugs: visit
+https://github.com/fail2ban/fail2ban/issues
+and if your issue is not yet known -- file a bug report.
+
+If you would like to troubleshoot or discuss: join the mailing list
+https://lists.sourceforge.net/lists/listinfo/fail2ban-users
+
+If you just appreciate this program: send kudos to the original author
+(Cyril Jaquier: <cyril.jaquier@fail2ban.org>) or the mailing list
+https://lists.sourceforge.net/lists/listinfo/fail2ban-users
+
Thanks:
-------
-Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker, Tom Pike, Iain Lea,
-Andrey G. Grozin, Yaroslav Halchenko, Jonathan Kamens, Stephen Gildea, Markus
-Hoffmann, Mark Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler, Nick
-Munger, Christoph Haas, Justin Shore, Joël Bertrand, René Berber, mEDI, Axel
-Thimm, Eric Gerbier, Christian Rauch, Michael C. Haller, Jonathan Underwood,
-Hanno 'Rince' Wagner, Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
-Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann, Vincent Deffontaines,
-Bill Heaton, Russell Odom, Christos Psonis, Arturo 'Buanzo' Busleiman and many
-others.
+See THANKS file.
License:
--------
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/THANKS
^
|
| @@ -0,0 +1,47 @@
+Fail2Ban is an open source project with many contributions from its
+users community. Below is an alphabetically sorted partial list of the
+contributors to the project. If you have been left off, please let us
+know (preferably send a pull request on github with the "fix") and you
+will be added
+
+Adrien Clerc
+Andrey G. Grozin
+Arturo 'Buanzo' Busleiman
+Axel Thimm
+Bill Heaton
+Christian Rauch
+Christoph Haas
+Christos Psonis
+Daniel B. Cid
+David Nutter
+Eric Gerbier
+Guillaume Delvit
+Hanno 'Rince' Wagner
+Iain Lea
+Jonathan Kamens
+Jonathan Underwood
+Joël Bertrand
+Justin Shore
+Kévin Drapel
+kojiro
+Mark Edgington
+Markus Hoffmann
+Marvin Rouge
+mEDI
+Michael C. Haller
+Michael Hanselmann
+NickMunger
+Patrick Börjesson
+Raphaël Marichez
+René Berber
+Robert Edeker
+Russell Odom
+Sireyessire
+Stephen Gildea
+Tom Pike
+Tyler
+Vaclav Misek
+Vincent Deffontaines
+Yaroslav Halchenko
+Yehuda Katz
+zugeschmiert
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/TODO
^
|
| @@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
-ToDo $Revision: 732 $
+ToDo
================================================================================
Legend:
@@ -19,10 +19,8 @@
- Add timeout to external commands (signal alarm, watchdog thread, etc)
-- New backend: pyinotify
-
- Uniformize filters and actions name. Use the software name (openssh, postfix,
- proftp)
+ proftp) and possible qualifier (e.g. auth) after a '-'
- Added <USER> tag for failregex. Add features using this information. Maybe add
more tags
@@ -52,3 +50,5 @@
# better return values in function
# refactoring in server.py, actions.py, filter.py
+
+* New backend: pyinotify
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/client/__init__.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,14 +15,14 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 433 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 433 $"
-__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/client/actionreader.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 433 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 433 $"
-__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -87,4 +90,4 @@
stream.append(head + ["setcinfo", self.__file, p, self.__cInfo[p]])
return stream
-
\ No newline at end of file
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/client/beautifier.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 644 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 644 $"
-__date__ = "$Date: 2008-01-15 00:12:21 +0100 (Tue, 15 Jan 2008) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/client/configparserinc.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Yaroslav Halchenko
# Modified: Cyril Jaquier
-# $Revision: 656 $
+# $Revision$
__author__ = 'Yaroslav Halhenko'
-__revision__ = '$Revision: $'
-__date__ = '$Date: $'
+__revision__ = '$Revision$'
+__date__ = '$Date$'
__copyright__ = 'Copyright (c) 2007 Yaroslav Halchenko'
__license__ = 'GPL'
@@ -43,7 +46,7 @@
[INCLUDES]
before = 1.conf
- 3.conf
+ 3.conf
after = 1.conf
@@ -54,8 +57,8 @@
the tree.
I wasn't sure what would be the right way to implement generic (aka c++
- template) so we could base at any *configparser class... so I will
- leave it for the future
+ template) so we could base at any *configparser class... so I will
+ leave it for the future
"""
@@ -86,7 +89,7 @@
if os.path.isabs(newResource):
r = newResource
else:
- r = "%s/%s" % (resourceDir, newResource)
+ r = os.path.join(resourceDir, newResource)
if r in seen:
continue
s = seen + [resource]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/client/configreader.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
# Modified by: Yaroslav Halchenko (SafeConfigParserWithIncludes)
-# $Revision: 656 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 656 $"
-__date__ = "$Date: 2008-03-04 01:17:56 +0100 (Tue, 04 Mar 2008) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/client/configurator.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 655 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 655 $"
-__date__ = "$Date: 2008-03-04 01:13:39 +0100 (Tue, 04 Mar 2008) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -75,4 +78,4 @@
for opt in self.__streams["jails"]:
cmds.append(opt)
return cmds
-
\ No newline at end of file
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/client/csocket.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 635 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 635 $"
-__date__ = "$Date: 2007-12-16 22:38:04 +0100 (Sun, 16 Dec 2007) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/client/fail2banreader.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 407 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 407 $"
-__date__ = "$Date: 2006-10-09 20:05:13 +0200 (Mon, 09 Oct 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -55,4 +58,4 @@
elif opt == "logtarget":
stream.append(["set", "logtarget", self.__opts[opt]])
return stream
-
\ No newline at end of file
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/client/filterreader.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 711 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 711 $"
-__date__ = "$Date: 2008-08-13 00:05:13 +0200 (Wed, 13 Aug 2008) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -71,4 +74,4 @@
if regex != '':
stream.append(["set", self.__name, "addignoreregex", regex])
return stream
-
\ No newline at end of file
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/client/jailreader.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 690 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 690 $"
-__date__ = "$Date: 2008-05-12 10:34:42 +0200 (Mon, 12 May 2008) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -62,6 +65,7 @@
["int", "maxretry", 3],
["int", "findtime", 600],
["int", "bantime", 600],
+ ["string", "usedns", "warn"],
["string", "failregex", None],
["string", "ignoreregex", None],
["string", "ignoreip", None],
@@ -119,8 +123,10 @@
stream.append(["set", self.__name, "findtime", self.__opts[opt]])
elif opt == "bantime":
stream.append(["set", self.__name, "bantime", self.__opts[opt]])
+ elif opt == "usedns":
+ stream.append(["set", self.__name, "usedns", self.__opts[opt]])
elif opt == "failregex":
- stream.append(["set", self.__name, "failregex", self.__opts[opt]])
+ stream.append(["set", self.__name, "addfailregex", self.__opts[opt]])
elif opt == "ignoreregex":
for regex in self.__opts[opt].split('\n'):
# Do not send a command if the rule is empty.
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/client/jailsreader.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 655 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 655 $"
-__date__ = "$Date: 2008-03-04 01:13:39 +0100 (Tue, 04 Mar 2008) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -84,4 +87,4 @@
stream.append(["start", jail.getName()])
return stream
-
\ No newline at end of file
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/common/__init__.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,14 +15,14 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 504 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 504 $"
-__date__ = "$Date: 2006-12-23 17:37:17 +0100 (Sat, 23 Dec 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/common/helpers.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,27 +15,27 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
# Author: Arturo 'Buanzo' Busleiman
#
-# $Revision: 741 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 741 $"
-__date__ = "$Date: 2009-08-30 16:13:04 +0200 (Sun, 30 Aug 2009) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2009 Cyril Jaquier"
__license__ = "GPL"
def formatExceptionInfo():
- """ Author: Arturo 'Buanzo' Busleiman """
- import sys
- cla, exc = sys.exc_info()[:2]
- excName = cla.__name__
- try:
- excArgs = exc.__dict__["args"]
- except KeyError:
- excArgs = str(exc)
- return (excName, excArgs)
+ """ Author: Arturo 'Buanzo' Busleiman """
+ import sys
+ cla, exc = sys.exc_info()[:2]
+ excName = cla.__name__
+ try:
+ excArgs = exc.__dict__["args"]
+ except KeyError:
+ excArgs = str(exc)
+ return (excName, excArgs)
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/common/protocol.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 751 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 751 $"
-__date__ = "$Date: 2009-09-01 22:25:32 +0200 (Tue, 01 Sep 2009) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -59,7 +62,9 @@
["set <JAIL> delignoreregex <INDEX>", "removes the regular expression at <INDEX> for ignoreregex"],
["set <JAIL> findtime <TIME>", "sets the number of seconds <TIME> for which the filter will look back for <JAIL>"],
["set <JAIL> bantime <TIME>", "sets the number of seconds <TIME> a host will be banned for <JAIL>"],
+["set <JAIL> usedns <VALUE>", "sets the usedns mode for <JAIL>"],
["set <JAIL> banip <IP>", "manually Ban <IP> for <JAIL>"],
+["set <JAIL> unbanip <IP>", "manually Unban <IP> in <JAIL>"],
["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"],
["set <JAIL> addaction <ACT>", "adds a new action named <NAME> for <JAIL>"],
["set <JAIL> delaction <ACT>", "removes the action <NAME> from <JAIL>"],
@@ -77,6 +82,7 @@
["get <JAIL> ignoreregex", "gets the list of regular expressions which matches patterns to ignore for <JAIL>"],
["get <JAIL> findtime", "gets the time for which the filter will look back for failures for <JAIL>"],
["get <JAIL> bantime", "gets the time a host is banned for <JAIL>"],
+["get <JAIL> usedns", "gets the usedns setting for <JAIL>"],
["get <JAIL> maxretry", "gets the number of failures allowed for <JAIL>"],
["get <JAIL> addaction", "gets the last action which has been added for <JAIL>"],
["get <JAIL> actionstart <ACT>", "gets the start command for the action <ACT> for <JAIL>"],
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/common/version.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,16 +15,14 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 754 $
+# $Revision$
-__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 754 $"
-__date__ = "$Date: 2009-09-07 21:13:45 +0200 (Mon, 07 Sep 2009) $"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__author__ = "Cyril Jaquier, Yaroslav Halchenko"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2012 Yaroslav Halchenko"
__license__ = "GPL"
-version = "0.8.4"
+version = "0.8.8"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/complain.conf
^
|
| @@ -12,8 +12,22 @@
# any other addresses found in the whois record, with a few exceptions.
# If no addresses are found, no e-mail is sent.
#
-# $Revision: 717 $
+# WARNING
+# -------
#
+# Please do not use this action unless you are certain that fail2ban
+# does not result in "false positives" for your deployment. False
+# positive reports could serve a mis-favor to the original cause by
+# flooding corresponding contact addresses, and complicating the work
+# of administration personnel responsible for handling (verified) legit
+# complains.
+#
+# Please consider using e.g. sendmail-whois-lines.conf action which
+# would send the reports with relevant information to you, so the
+# report could be first reviewed and then forwarded to a corresponding
+# contact if legit.
+#
+
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/dshield.conf
^
|
| @@ -204,7 +204,7 @@
# Option: tmpfile
# Notes.: Base name of temporary files used for buffering
-# Values: [ STRING ] Default: /tmp/fail2ban-dshield
+# Values: [ STRING ] Default: /var/run/fail2ban/tmp-dshield
#
-tmpfile = /tmp/fail2ban-dshield
+tmpfile = /var/run/fail2ban/tmp-dshield
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/config/action.d/dummy.conf
^
|
| @@ -0,0 +1,52 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = touch /tmp/fail2ban.dummy
+ printf %%b "<init>\n" >> /tmp/fail2ban.dummy
+
+# Option: actionstop
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = rm -f /tmp/fail2ban.dummy
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = printf %%b "+<ip>\n" >> /tmp/fail2ban.dummy
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban = printf %%b "-<ip>\n" >> /tmp/fail2ban.dummy
+
+[Init]
+
+init = 123
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/hostsdeny.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 660 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/ipfw.conf
^
|
| @@ -3,7 +3,7 @@
# Author: Nick Munger
# Modified by: Cyril Jaquier
#
-# $Revision: 658 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/iptables-allports.conf
^
|
| @@ -4,7 +4,7 @@
# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
# made active on all ports from original iptables.conf
#
-# $Revision: 658 $
+# $Revision$
#
[Definition]
@@ -15,13 +15,13 @@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I INPUT -p <protocol> -j fail2ban-<name>
+ iptables -I <chain> -p <protocol> -j fail2ban-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D INPUT -p <protocol> -j fail2ban-<name>
+actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
@@ -29,7 +29,7 @@
# Notes.: command executed once before each actionban command
# Values: CMD
#
-actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
@@ -63,3 +63,8 @@
#
protocol = tcp
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/iptables-multiport-log.conf
^
|
| @@ -5,9 +5,9 @@
#
# make "fail2ban-<name>" chain to match drop IP
# make "fail2ban-<name>-log" chain to log and drop
-# insert a jump to fail2ban-<name> from -I INPUT if proto/port match
+# insert a jump to fail2ban-<name> from -I <chain> if proto/port match
#
-# $Revision: 668 $
+# $Revision$
#
[Definition]
@@ -18,7 +18,7 @@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I INPUT 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+ iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -N fail2ban-<name>-log
iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
iptables -A fail2ban-<name>-log -j DROP
@@ -27,7 +27,7 @@
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -F fail2ban-<name>-log
iptables -X fail2ban-<name>
@@ -76,3 +76,9 @@
# Values: [ tcp | udp | icmp | all ] Default: tcp
#
protocol = tcp
+
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/iptables-multiport.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
# Modified by Yaroslav Halchenko for multiport banning
-# $Revision: 658 $
+# $Revision$
#
[Definition]
@@ -13,13 +13,13 @@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+ iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
@@ -27,7 +27,7 @@
# Notes.: command executed once before each actionban command
# Values: CMD
#
-actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
@@ -67,3 +67,8 @@
#
protocol = tcp
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/iptables-new.conf
^
|
| @@ -4,7 +4,7 @@
# Copied from iptables.conf and modified by Yaroslav Halchenko
# to fullfill the needs of bugreporter dbts#350746.
#
-# $Revision: 658 $
+# $Revision$
#
[Definition]
@@ -15,13 +15,13 @@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+ iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+actionstop = iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
@@ -29,7 +29,7 @@
# Notes.: command executed once before each actionban command
# Values: CMD
#
-actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
@@ -69,3 +69,8 @@
#
protocol = tcp
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/config/action.d/iptables-xt_recent-echo.conf
^
|
| @@ -0,0 +1,76 @@
+# Fail2Ban configuration file
+#
+# Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+#
+# $Revision: 1 $
+#
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+# Changing iptables rules requires root priviledges. If fail2ban is
+# configured to run as root, firewall setup can be performed by
+# fail2ban automatically. However, if fail2ban is configured to run as
+# a normal user, the configuration must be done by some other means
+# (e.g. using static firewall configuration with the
+# iptables-persistent package).
+#
+# Explanation of the rule below:
+# Check if any packets coming from an IP on the fail2ban-<name>
+# list have been seen in the last 3600 seconds. If yes, update the
+# timestamp for this IP and drop the packet. If not, let the packet
+# through.
+#
+# Fail2ban inserts blacklisted hosts into the fail2ban-<name> list
+# and removes them from the list after some time, according to its
+# own rules. The 3600 second timeout is independent and acts as a
+# safeguard in case the fail2ban process dies unexpectedly. The
+# shorter of the two timeouts actually matters.
+actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j DROP
+
+# Option: actionstop
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = echo / > /proc/net/xt_recent/fail2ban-<name>
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck = test -e /proc/net/xt_recent/fail2ban-<name>
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = echo +<ip> > /proc/net/xt_recent/fail2ban-<name>
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban = echo -<ip> > /proc/net/xt_recent/fail2ban-<name>
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option: protocol
+# Notes.: internally used by config reader for interpolations.
+# Values: [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/iptables.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 658 $
+# $Revision$
#
[Definition]
@@ -13,13 +13,13 @@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
+ iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
+actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
@@ -27,7 +27,7 @@
# Notes.: command executed once before each actionban command
# Values: CMD
#
-actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
@@ -67,3 +67,8 @@
#
protocol = tcp
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/mail-buffered.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 701 $
+# $Revision$
#
[Definition]
@@ -81,7 +81,7 @@
# Default temporary file
#
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt
# Destination/Addressee of the mail
#
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/mail-whois-lines.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
# Modified-By: Yaroslav Halchenko to include grepping on IP over log files
-# $Revision: 660 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/mail-whois.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 660 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/mail.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 660 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/mynetwatchman.conf
^
|
| @@ -139,6 +139,6 @@
# Option: tmpfile
# Notes.: Base name of temporary files
-# Values: [ STRING ] Default: /tmp/fail2ban-mynetwatchman
+# Values: [ STRING ] Default: /var/run/fail2ban/tmp-mynetwatchman
#
-tmpfile = /tmp/fail2ban-mynetwatchman
+tmpfile = /var/run/fail2ban/tmp-mynetwatchman
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/sendmail-buffered.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 701 $
+# $Revision$
#
[Definition]
@@ -101,5 +101,5 @@
# Default temporary file
#
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/sendmail-whois-lines.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 660 $
+# $Revision$
#
[Definition]
@@ -12,6 +12,7 @@
# Values: CMD
#
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
+ Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -24,6 +25,7 @@
# Values: CMD
#
actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped
+ Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -46,6 +48,7 @@
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
+ Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/sendmail-whois.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 660 $
+# $Revision$
#
[Definition]
@@ -12,6 +12,7 @@
# Values: CMD
#
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
+ Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -24,6 +25,7 @@
# Values: CMD
#
actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped
+ Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -46,6 +48,7 @@
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
+ Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/sendmail.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 660 $
+# $Revision$
#
[Definition]
@@ -12,6 +12,7 @@
# Values: CMD
#
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
+ Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -24,6 +25,7 @@
# Values: CMD
#
actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped
+ Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
@@ -46,6 +48,7 @@
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
+ Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/action.d/shorewall.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 661 $
+# $Revision$
#
# The default Shorewall configuration is with "BLACKLISTNEWONLY=Yes" (see
# file /etc/shorewall/shorewall.conf). This means that when Fail2ban adds a
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/fail2ban.conf
^
|
| @@ -1,8 +1,12 @@
-# Fail2Ban configuration file
+# Fail2Ban main configuration file
#
-# Author: Cyril Jaquier
+# Comments: use '#' for comment lines and ';' for inline comments
#
-# $Revision: 629 $
+# Changes: in most of the cases you should not modify this
+# file, but provide customizations in fail2ban.local file, e.g.:
+#
+# [Definition]
+# loglevel = 4
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/apache-auth.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/apache-badbots.conf
^
|
| @@ -5,13 +5,13 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: 668 $
+# $Revision$
#
[Definition]
badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider
-badbots = atSpider/1\.0|autoemailspider|China Local Browse 2\.6|ContentSmartz|DataCha0s/2\.0|DataCha0s/2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Industry Program 1\.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsCrawl\.com/1\.0 +http\://letscrawl\.com/|Lincoln State Web Browser|LWP\:\:Simple/5\.803|Mac Finder 1\.0\.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control - 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missigua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)|MVAClient|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\.com|sogou spider|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|WebVulnCrawl\.blogspot\.com/1\.0 libwww-perl/5\.803|Wells Search II|WEP Search 00
+badbots = atSpider/1\.0|autoemailspider|China Local Browse 2\.6|ContentSmartz|DataCha0s/2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Industry Program 1\.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsCrawl\.com/1\.0 +http\://letscrawl\.com/|Lincoln State Web Browser|LWP\:\:Simple/5\.803|Mac Finder 1\.0\.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control - 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missigua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)|MVAClient|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\.com|sogou spider|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|WebVulnCrawl\.blogspot\.com/1\.0 libwww-perl/5\.803|Wells Search II|WEP Search 00
# Option: failregex
# Notes.: Regexp to catch known spambots and software alike. Please verify
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/apache-nohome.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Yaroslav O. Halchenko <debian@onerussian.com>
#
-# $Revision: 716 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/apache-noscript.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/apache-overflows.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Tim Connors
#
-# $Revision: 668 $
+# $Revision$
#
[Definition]
@@ -11,7 +11,7 @@
# Notes.: Regexp to catch Apache overflow attempts.
# Values: TEXT
#
-failregex = [[]client <HOST>[]] (Invalid method in request|request failed: URI too long|erroneous characters after protocol string)
+failregex = [[]client <HOST>[]] (Invalid (method|URI) in request|request failed: URI too long|erroneous characters after protocol string)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/config/filter.d/asterisk.conf
^
|
| @@ -0,0 +1,39 @@
+# Fail2Ban configuration file
+#
+# Author: Xavier Devlamynck
+#
+# $Revision$
+#
+
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+#
+failregex = NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Wrong password$
+ NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - No matching peer found$
+ NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch$
+ NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Device does not match ACL$
+ NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - Peer is not supposed to register$
+ NOTICE%(__pid_re)s .*: Registration from '.*' failed for '<HOST>' - ACL error (permit/deny)$
+ NOTICE%(__pid_re)s <HOST> failed to authenticate as '.*'$
+ NOTICE%(__pid_re)s .*: No registration for peer '.*' \(from <HOST>\)$
+ NOTICE%(__pid_re)s .*: Host <HOST> failed MD5 authentication for '.*' (.*)$
+ NOTICE%(__pid_re)s .*: Failed to authenticate user .*@<HOST>.*$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/common.conf
^
|
| @@ -3,7 +3,7 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: 728 $
+# $Revision$
#
[INCLUDES]
@@ -32,10 +32,16 @@
# EXAMPLES: sshd[31607], pop(pam_unix)[4920]
__daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
+# Some messages have a kernel prefix with a timestamp
+# EXAMPLES: kernel: [769570.846956]
+__kernel_prefix = kernel: \[\d+\.\d+\]
+
+__hostname = \S+
+
#
# Common line prefixes (beginnings) which could be used in filters
#
# [hostname] [vserver tag] daemon_id spaces
# this can be optional (for instance if we match named native log files)
-__prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
+__prefix_line = \s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/courierlogin.conf
^
|
| @@ -3,7 +3,7 @@
# Author: Christoph Haas
# Modified by: Cyril Jaquier
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/couriersmtp.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/cyrus-imap.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Jan Wagner <waja@cyconet.org>
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/config/filter.d/dovecot.conf
^
|
| @@ -0,0 +1,23 @@
+# Fail2Ban configuration file for dovcot
+#
+# Author: Martin Waschbuesch
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values: TEXT
+#
+failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/config/filter.d/dropbear.conf
^
|
| @@ -0,0 +1,52 @@
+# Fail2Ban configuration file
+#
+# Author: Francis Russell
+# Zak B. Elep
+#
+# $Revision$
+#
+# More information: http://bugs.debian.org/546913
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = dropbear
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+
+# These match the unmodified dropbear messages. It isn't possible to
+# match the source of the 'exit before auth' messages from dropbear.
+#
+failregex = ^%(__prefix_line)slogin attempt for nonexistent user ('.*' )?from <HOST>:.*\s*$
+ ^%(__prefix_line)sbad password attempt for .+ from <HOST>:.*\s*$
+
+# The only line we need to match with the modified dropbear.
+
+# NOTE: The failregex below is ONLY intended to work with a patched
+# version of Dropbear as described here:
+# http://www.unchartedbackwaters.co.uk/pyblosxom/static/patches
+#
+# The standard Dropbear output doesn't provide enough information to
+# ban all types of attack. The Dropbear patch adds IP address
+# information to the 'exit before auth' message which is always
+# produced for any form of non-successful login. It is that message
+# which this file matches.
+
+# failregex = ^%(__prefix_line)sexit before auth from <HOST>.*\s*$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/exim.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/gssftpd.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Kevin Zembower (copied from wsftpd.conf)
#
-# $Revision: 699 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/config/filter.d/lighttpd-auth.conf
^
|
| @@ -0,0 +1,18 @@
+# Fail2Ban configuration file
+#
+# Author: Francois Boulogne <fboulogne@april.org>
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match wrong passwords as notified by lighttpd's auth Module
+# Values: TEXT
+#
+failregex = .*http_auth.*(password doesn\'t match|wrong password).*IP: <HOST>\s*$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/named-refused.conf
^
|
| @@ -4,7 +4,7 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: 730 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/pam-generic.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/postfix.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/proftpd.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
@@ -14,10 +14,10 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
-failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
- \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
- \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
- \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
+failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+ *$
+ \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): .*$
+ \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\. *$
+ \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/pure-ftpd.conf
^
|
| @@ -3,7 +3,7 @@
# Author: Cyril Jaquier
# Modified: Yaroslav Halchenko for pure-ftpd
#
-# $Revision: 3$
+# $Revision$
#
[Definition]
@@ -19,7 +19,7 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
-failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
+failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/qmail.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/config/filter.d/recidive.conf
^
|
| @@ -0,0 +1,38 @@
+# Fail2Ban configuration file
+#
+# Author: Tom Hendrikx, modifications by Amir Caspi
+#
+# This filter monitors the fail2ban log file, and enables you to add long
+# time bans for ip addresses that get banned by fail2ban multiple times.
+# Reasons to use this: block very persistent attackers for a longer time,
+# stop receiving email notifications about the same attacker over and
+# over again.
+#
+# This jail is only useful if you set the 'findtime' and 'bantime' parameters
+# in jail.conf to a higher value than the other jails. Also, this jail has its
+# drawbacks, namely in that it works only with iptables, or if you use a
+# different blocking mechanism for this jail versus others (e.g. hostsdeny
+# for most jails, and shorewall for this one).
+#
+
+[Definition]
+
+# The name of the jail that this filter is used for. In jail.conf, name the
+# jail using this filter 'recidive', or change this line!
+_jailname = recidive
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+#
+failregex = fail2ban.actions:\s+WARNING\s+\[(?:.*)\]\s+Ban\s+<HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+# Ignore our own bans, to keep our counts exact.
+ignoreregex = fail2ban.actions:\s+WARNING\s+\[%(_jailname)s\]\s+Ban\s+<HOST>
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/sasl.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
@@ -14,7 +14,7 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
-failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
+failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/sieve.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Jan Wagner <waja@cyconet.org>
#
-# $Revision: 727 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/sshd-ddos.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/sshd.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 728 $
+# $Revision$
#
[INCLUDES]
@@ -25,14 +25,14 @@
#
failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
- ^%(__prefix_line)sFailed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
+ ^%(__prefix_line)sFailed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
- ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$
- ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+ ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$
+ ^%(__prefix_line)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*$
+ ^%(__prefix_line)s(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
- ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\s*$
- ^%(__prefix_line)sUser \S+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$
+ ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/vsftpd.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/webmin-auth.conf
^
|
| @@ -3,7 +3,7 @@
# Author: Cyril Jaquier
# Rule by : Delvit Guillaume
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/wuftpd.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Yaroslav Halchenko
#
-# $Revision: 699 $
+# $Revision$
#
[Definition]
@@ -12,6 +12,7 @@
# Values: TEXT
#
failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>$
+ wu-ftpd(?:\[\d+\])?: *failed login from .*\[<HOST>\] *$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/filter.d/xinetd-fail.conf
^
|
| @@ -2,7 +2,7 @@
#
# Author: Guido Bozzetto
#
-# $Revision: 728 $
+# $Revision$
#
[Definition]
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/config/jail.conf
^
|
| @@ -1,11 +1,18 @@
-# Fail2Ban configuration file
+# Fail2Ban jail specifications file
#
-# Author: Cyril Jaquier
+# Comments: use '#' for comment lines and ';' for inline comments
#
-# $Revision: 747 $
+# Changes: in most of the cases you should not modify this
+# file, but provide customizations in jail.local file, e.g.:
+#
+# [DEFAULT]
+# bantime = 3600
+#
+# [ssh-iptables]
+# enabled = true
#
-# The DEFAULT allows a global definition of the options. They can be override
+# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.
[DEFAULT]
@@ -13,7 +20,7 @@
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
-ignoreip = 127.0.0.1
+ignoreip = 127.0.0.1/8
# "bantime" is the number of seconds that a host is banned.
bantime = 600
@@ -25,16 +32,29 @@
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
-# "backend" specifies the backend used to get files modification. Available
-# options are "gamin", "polling" and "auto". This option can be overridden in
-# each jail too (use "gamin" for a jail and "polling" for another).
-#
-# gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin
-# is not installed, Fail2ban will use polling.
-# polling: uses a polling algorithm which does not require external libraries.
-# auto: will choose Gamin if available and polling otherwise.
+# "backend" specifies the backend used to get files modification.
+# Available options are "pyinotify", "gamin", "polling" and "auto".
+# This option can be overridden in each jail as well.
+#
+# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
+# If pyinotify is not installed, Fail2ban will use auto.
+# gamin: requires Gamin (a file alteration monitor) to be installed.
+# If Gamin is not installed, Fail2ban will use auto.
+# polling: uses a polling algorithm which does not require external libraries.
+# auto: will try to use the following backends, in order:
+# pyinotify, gamin, polling.
backend = auto
+# "usedns" specifies if jails should trust hostnames in logs,
+# warn when reverse DNS lookups are performed, or ignore all hostnames in logs
+#
+# yes: if a hostname is encountered, a reverse DNS lookup will be performed.
+# warn: if a hostname is encountered, a reverse DNS lookup will be performed,
+# but it will be logged as a warning.
+# no: if a hostname is encountered, will not be used for banning,
+# but it will be logged as info.
+usedns = warn
+
# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
@@ -45,7 +65,7 @@
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
- sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
+ sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
logpath = /var/log/sshd.log
maxretry = 5
@@ -54,7 +74,7 @@
enabled = false
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
- sendmail-whois[name=ProFTPD, dest=you@mail.com]
+ sendmail-whois[name=ProFTPD, dest=you@example.com]
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
@@ -66,7 +86,7 @@
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
- sendmail-whois[name=sasl, dest=you@mail.com]
+ sendmail-whois[name=sasl, dest=you@example.com]
logpath = /var/log/mail.log
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
@@ -77,7 +97,7 @@
enabled = false
filter = sshd
action = hostsdeny
- sendmail-whois[name=SSH, dest=you@mail.com]
+ sendmail-whois[name=SSH, dest=you@example.com]
ignoreregex = for myuser from
logpath = /var/log/sshd.log
@@ -101,7 +121,7 @@
enabled = false
filter = postfix
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
- sendmail[name=Postfix, dest=you@mail.com]
+ sendmail[name=Postfix, dest=you@example.com]
logpath = /var/log/postfix.log
bantime = 300
@@ -112,7 +132,7 @@
enabled = false
filter = vsftpd
-action = sendmail-whois[name=VSFTPD, dest=you@mail.com]
+action = sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
@@ -124,7 +144,7 @@
enabled = false
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
- sendmail-whois[name=VSFTPD, dest=you@mail.com]
+ sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
@@ -137,7 +157,7 @@
enabled = false
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
- sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com]
+ sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
logpath = /var/www/*/logs/access_log
bantime = 172800
maxretry = 1
@@ -149,7 +169,7 @@
enabled = false
filter = apache-noscript
action = shorewall
- sendmail[name=Postfix, dest=you@mail.com]
+ sendmail[name=Postfix, dest=you@example.com]
logpath = /var/log/apache2/error_log
# Ban attackers that try to use PHP's URL-fopen() functionality
@@ -180,6 +200,18 @@
logpath = /var/log/lighttpd/error.log
maxretry = 2
+# Same as above for mod_auth
+# It catches wrong authentifications
+
+[lighttpd-auth]
+
+enabled = false
+port = http,https
+filter = lighttpd-auth
+# adapt the following two items as needed
+logpath = /var/log/lighttpd/error.log
+maxretry = 2
+
# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
# option is overridden in this jail. Moreover, the action "mail-whois" defines
# the variable "name" which contains a comma using "". The characters '' are
@@ -190,7 +222,7 @@
enabled = false
filter = sshd
action = ipfw[localhost=192.168.0.1]
- sendmail-whois[name="SSH,IPFW", dest=you@mail.com]
+ sendmail-whois[name="SSH,IPFW", dest=you@example.com]
logpath = /var/log/auth.log
ignoreip = 168.192.0.1
@@ -211,14 +243,22 @@
# in your named.conf to provide proper logging.
# This jail blocks UDP traffic for DNS requests.
-[named-refused-udp]
-
-enabled = false
-filter = named-refused
-action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
- sendmail-whois[name=Named, dest=you@mail.com]
-logpath = /var/log/named/security.log
-ignoreip = 168.192.0.1
+# !!! WARNING !!!
+# Since UDP is connection-less protocol, spoofing of IP and imitation
+# of illegal actions is way too simple. Thus enabling of this filter
+# might provide an easy way for implementing a DoS against a chosen
+# victim. See
+# http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
+# Please DO NOT USE this jail unless you know what you are doing.
+#
+# [named-refused-udp]
+#
+# enabled = false
+# filter = named-refused
+# action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
+# sendmail-whois[name=Named, dest=you@example.com]
+# logpath = /var/log/named/security.log
+# ignoreip = 168.192.0.1
# This jail blocks TCP traffic for DNS requests.
@@ -227,7 +267,42 @@
enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
- sendmail-whois[name=Named, dest=you@mail.com]
+ sendmail-whois[name=Named, dest=you@example.com]
logpath = /var/log/named/security.log
ignoreip = 168.192.0.1
+# Multiple jails, 1 per protocol, are necessary ATM:
+# see https://github.com/fail2ban/fail2ban/issues/37
+[asterisk-tcp]
+
+enabled = false
+filter = asterisk
+action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
+ sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
+logpath = /var/log/asterisk/messages
+maxretry = 10
+
+[asterisk-udp]
+
+enabled = false
+filter = asterisk
+action = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
+ sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
+logpath = /var/log/asterisk/messages
+maxretry = 10
+
+# Jail for more extended banning of persistent abusers
+# !!! WARNING !!!
+# Make sure that your loglevel specified in fail2ban.conf/.local
+# is not at DEBUG level -- which might then cause fail2ban to fall into
+# an infinite loop constantly feeding itself with non-informative lines
+[recidive]
+
+enabled = false
+filter = recidive
+logpath = /var/log/fail2ban.log
+action = iptables-allports[name=recidive]
+ sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
+bantime = 604800 ; 1 week
+findtime = 86400 ; 1 day
+maxretry = 5
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/doc
^
|
| +(directory)
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/doc/Doxyfile
^
|
| @@ -0,0 +1,1237 @@
+# Doxyfile 1.4.6
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+# TAG = value [value, ...]
+# For lists items can also be appended using:
+# TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
+# by quotes) that should identify the project.
+
+PROJECT_NAME = Fail2Ban
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number.
+# This could be handy for archiving the generated documentation or
+# if some version control system is used.
+
+PROJECT_NUMBER = 0.7-SVN
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
+# base path where the generated documentation will be put.
+# If a relative path is entered, it will be relative to the location
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY =
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
+# 4096 sub-directories (in 2 levels) under the output directory of each output
+# format and will distribute the generated files over these directories.
+# Enabling this option can be useful when feeding doxygen a huge amount of
+# source files, where putting all generated files in the same directory would
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# The default language is English, other supported languages are:
+# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish,
+# Dutch, Finnish, French, German, Greek, Hungarian, Italian, Japanese,
+# Japanese-en (Japanese with English messages), Korean, Korean-en, Norwegian,
+# Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish,
+# Swedish, and Ukrainian.
+
+OUTPUT_LANGUAGE = English
+
+# This tag can be used to specify the encoding used in the generated output.
+# The encoding is not always determined by the language that is chosen,
+# but also whether or not the output is meant for Windows or non-Windows users.
+# In case there is a difference, setting the USE_WINDOWS_ENCODING tag to YES
+# forces the Windows encoding (this is the default for the Windows binary),
+# whereas setting the tag to NO uses a Unix-style encoding (the default for
+# all platforms other than Windows).
+
+USE_WINDOWS_ENCODING = NO
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
+# include brief member descriptions after the members that are listed in
+# the file and class documentation (similar to JavaDoc).
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
+# the brief description of a member or function before the detailed description.
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator
+# that is used to form the text in various listings. Each string
+# in this list, if found as the leading text of the brief description, will be
+# stripped from the text and the result after processing the whole list, is
+# used as the annotated text. Otherwise, the brief description is used as-is.
+# If left blank, the following values are used ("$name" is automatically
+# replaced with the name of the entity): "The $name class" "The $name widget"
+# "The $name file" "is" "provides" "specifies" "contains"
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF =
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# Doxygen will generate a detailed section even if there is only a brief
+# description.
+
+ALWAYS_DETAILED_SEC = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
+# inherited members of a class in the documentation of that class as if those
+# members were ordinary class members. Constructors, destructors and assignment
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
+# path before files name in the file list and in the header files. If set
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
+# can be used to strip a user-defined part of the path. Stripping is
+# only done if one of the specified strings matches the left-hand part of
+# the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the
+# path to strip.
+
+STRIP_FROM_PATH =
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
+# the path mentioned in the documentation of a class, which tells
+# the reader which header file to include in order to use a class.
+# If left blank only the name of the header file containing the class
+# definition is used. Otherwise one should specify the include paths that
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH =
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
+# (but less readable) file names. This can be useful is your file systems
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
+# will interpret the first line (until the first dot) of a JavaDoc-style
+# comment as the brief description. If set to NO, the JavaDoc
+# comments will behave just like the Qt-style comments (thus requiring an
+# explicit @brief command for a brief description.
+
+JAVADOC_AUTOBRIEF = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
+# treat a multi-line C++ special comment block (i.e. a block of //! or ///
+# comments) as a brief description. This used to be the default behaviour.
+# The new default is to treat a multi-line C++ comment block as a detailed
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member
+# documentation.
+
+DETAILS_AT_TOP = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
+# member inherits the documentation from any documented member that it
+# re-implements.
+
+INHERIT_DOCS = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
+# a new page for each member. If set to NO, the documentation of a member will
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab.
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE = 4
+
+# This tag can be used to specify a number of aliases that acts
+# as commands in the documentation. An alias has the form "name=value".
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to
+# put the command \sideeffect (or @sideeffect) in the documentation, which
+# will result in a user-defined paragraph with heading "Side Effects:".
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES =
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
+# sources only. Doxygen will then generate output that is more tailored for C.
+# For instance, some of the names that are used will be different. The list
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C = NO
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
+# sources only. Doxygen will then generate output that is more tailored for Java.
+# For instance, namespaces will be presented as packages, qualified scopes
+# will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA = NO
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to
+# include (a tag file for) the STL sources as input, then you should
+# set this tag to YES in order to let doxygen match functions declarations and
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
+# func(std::string) {}). This also make the inheritance and collaboration
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT = NO
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES, then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
+# the same type (for instance a group of public functions) to be put as a
+# subgroup of that type (e.g. under the Public Functions section). Set it to
+# NO to prevent subgrouping. Alternatively, this can be done per class using
+# the \nosubgrouping command.
+
+SUBGROUPING = YES
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
+# documentation are documented, even if no documentation was available.
+# Private class members and static file members will be hidden unless
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL = YES
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
+# will be included in the documentation.
+
+EXTRACT_PRIVATE = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file
+# will be included in the documentation.
+
+EXTRACT_STATIC = YES
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
+# defined locally in source files will be included in the documentation.
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES = YES
+
+# This flag is only useful for Objective-C code. When set to YES local
+# methods, which are defined in the implementation section but not in
+# the interface are included in the documentation.
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
+# undocumented members of documented classes, files or namespaces.
+# If set to NO (the default) these members will be included in the
+# various overviews, but no documentation section is generated.
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy.
+# If set to NO (the default) these classes will be included in the various
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
+# friend (class|struct|union) declarations.
+# If set to NO (the default) these declarations will be included in the
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
+# documentation blocks found inside the body of a function.
+# If set to NO (the default) these blocks will be appended to the
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS = NO
+
+# The INTERNAL_DOCS tag determines if documentation
+# that is typed after a \internal command is included. If the tag is set
+# to NO (the default) then the documentation will be excluded.
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
+# file names in lower-case letters. If set to YES upper-case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
+# will show members with their full class and namespace scopes in the
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
+# will put a list of the files that are included by a file in the documentation
+# of that file.
+
+SHOW_INCLUDE_FILES = YES
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
+# is inserted in the documentation for inline members.
+
+INLINE_INFO = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
+# will sort the (detailed) documentation of file and class members
+# alphabetically by member name. If set to NO the members will appear in
+# declaration order.
+
+SORT_MEMBER_DOCS = YES
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
+# brief documentation of file, namespace and class members alphabetically
+# by member name. If set to NO (the default) the members will appear in
+# declaration order.
+
+SORT_BRIEF_DOCS = YES
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
+# sorted by fully-qualified names, including namespaces. If set to
+# NO (the default), the class list will be sorted only by class name,
+# not including the namespace part.
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME = YES
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or
+# disable (NO) the todo list. This list is created by putting \todo
+# commands in the documentation.
+
+GENERATE_TODOLIST = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or
+# disable (NO) the test list. This list is created by putting \test
+# commands in the documentation.
+
+GENERATE_TESTLIST = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or
+# disable (NO) the bug list. This list is created by putting \bug
+# commands in the documentation.
+
+GENERATE_BUGLIST = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
+# disable (NO) the deprecated list. This list is created by putting
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
+# the initial value of a variable or define consists of for it to appear in
+# the documentation. If the initializer consists of more lines than specified
+# here it will be hidden. Use a value of 0 to hide initializers completely.
+# The appearance of the initializer of individual variables and defines in the
+# documentation can be controlled using \showinitializer or \hideinitializer
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
+# at the bottom of the documentation of classes and structs. If set to YES the
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES = YES
+
+# If the sources in your project are distributed over multiple directories
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
+# in the documentation. The default is NO.
+
+SHOW_DIRECTORIES = YES
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that
+# doxygen should invoke to get the current version for each file (typically from the
+# version control system). Doxygen will invoke the program by executing (via
+# popen()) the command <command> <input-file>, where <command> is the value of
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
+# provided by doxygen. Whatever the program writes to standard output
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER =
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated by doxygen. Possible values are YES and NO. If left blank
+# NO is used.
+
+WARNINGS = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some
+# parameters in a documented function, or documenting parameters that
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR = YES
+
+# This WARN_NO_PARAMDOC option can be abled to get warnings for
+# functions that are documented, but have no documentation for their parameters
+# or return value. If set to NO (the default) doxygen will only warn about
+# wrong or incomplete parameter documentation, but not about the absence of
+# documentation.
+
+WARN_NO_PARAMDOC = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that
+# doxygen can produce. The string should contain the $file, $line, and $text
+# tags, which will be replaced by the file and line number from which the
+# warning originated and the warning text. Optionally the format may contain
+# $version, which will be replaced by the version of the file (if it could
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning
+# and error messages should be written. If left blank the output is written
+# to stderr.
+
+WARN_LOGFILE =
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain
+# documented source files. You may enter file names like "myfile.cpp" or
+# directories like "/usr/src/myproject". Separate the files or directories
+# with spaces.
+
+INPUT = ../common ../server ../client ../testcases ../
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank the following patterns are tested:
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx
+# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py
+
+FILE_PATTERNS = *.py
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories
+# should be searched for input files as well. Possible values are YES and NO.
+# If left blank NO is used.
+
+RECURSIVE = NO
+
+# The EXCLUDE tag can be used to specify files and/or directories that should
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE =
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
+# directories that are symbolic links (a Unix filesystem feature) are excluded
+# from the input.
+
+EXCLUDE_SYMLINKS = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories. Note that the wildcards are matched
+# against the file with absolute path, so to exclude all test directories
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or
+# directories that contain example code fragments that are included (see
+# the \include command).
+
+EXAMPLE_PATH =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank all files are included.
+
+EXAMPLE_PATTERNS =
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude
+# commands irrespective of the value of the RECURSIVE tag.
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or
+# directories that contain image that are included in the documentation (see
+# the \image command).
+
+IMAGE_PATH =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command <filter> <input-file>, where <filter>
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
+# input file. Doxygen will then use the output that the filter program writes
+# to standard output. If FILTER_PATTERNS is specified, this tag will be
+# ignored.
+
+INPUT_FILTER =
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
+# basis. Doxygen will compare the file name with each pattern and apply the
+# filter if there is a match. The filters are a list of the form:
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER
+# is applied to all files.
+
+FILTER_PATTERNS =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will be used to filter the input files when producing source
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will
+# be generated. Documented entities will be cross-referenced with these sources.
+# Note: To get rid of all source code in the generated output, make sure also
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER = YES
+
+# Setting the INLINE_SOURCES tag to YES will include the body
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
+# doxygen to hide any special comment blocks from generated source code
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES (the default)
+# then for each documented function all documented
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES (the default)
+# then for each documented function all documented entities
+# called/used by that function will be listed.
+
+REFERENCES_RELATION = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code
+# will point to the HTML generated by the htags(1) tool instead of doxygen
+# built-in source browser. The htags tool is part of GNU's global source
+# tagging system (see http://www.gnu.org/software/global/global.html). You
+# will need version 4.8.6 or higher.
+
+USE_HTAGS = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
+# will generate a verbatim copy of the header file for each class for
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
+# of all compounds will be generated. Enable this if the project
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX = NO
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX = 5
+
+# In case all classes in a project start with a common prefix, all
+# classes will be put under the same header in the alphabetical index.
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX =
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
+# generate HTML output.
+
+GENERATE_HTML = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard header.
+
+HTML_HEADER =
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard footer.
+
+HTML_FOOTER =
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
+# style sheet that is used by each HTML page. It can be used to
+# fine-tune the look of the HTML output. If the tag is left blank doxygen
+# will generate a default style sheet. Note that doxygen will try to copy
+# the style sheet file to the HTML output directory, so don't put your own
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET =
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
+# files or namespaces will be aligned in HTML using tables. If set to
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files
+# will be generated that can be used as input for tools like the
+# Microsoft HTML help workshop to generate a compressed HTML help file (.chm)
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
+# be used to specify the file name of the resulting .chm file. You
+# can add a path in front of the file if the result should not be
+# written to the html output directory.
+
+CHM_FILE =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
+# be used to specify the location (absolute path including file name) of
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
+# controls if a separate .chi index file is generated (YES) or that
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
+# controls whether a binary table of contents is generated (YES) or a
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND = NO
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
+# top of each HTML page. The value NO (the default) enables the index and
+# the value YES disables it.
+
+DISABLE_INDEX = NO
+
+# This tag can be used to set the number of enum values (range [1..20])
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE = 4
+
+# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
+# generated containing a tree-like index structure (just like the one that
+# is generated for HTML Help). For this to work a browser that supports
+# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+,
+# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are
+# probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW = NO
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
+# used to set the initial width (in pixels) of the frame in which the tree
+# is shown.
+
+TREEVIEW_WIDTH = 250
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
+# generate Latex output.
+
+GENERATE_LATEX = NO
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
+# generate index for LaTeX. If left blank `makeindex' will be used as the
+# default command name.
+
+MAKEINDEX_CMD_NAME = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
+# LaTeX documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_LATEX = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used
+# by the printer. Possible values are: a4, a4wide, letter, legal and
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES =
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
+# the generated latex document. The header should contain everything until
+# the first chapter. If it is left blank doxygen will generate a
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER =
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will
+# contain links (just like the HTML output) instead of page references
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS = NO
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
+# plain latex in the generated Makefile. Set this option to YES to get a
+# higher quality PDF documentation.
+
+USE_PDFLATEX = NO
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
+# command to the generated LaTeX files. This will instruct LaTeX to keep
+# running if errors occur, instead of asking the user for help.
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not
+# include the index chapters (such as File Index, Compound Index, etc.)
+# in the output.
+
+LATEX_HIDE_INDICES = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
+# The RTF output is optimized for Word 97 and may not look very pretty with
+# other RTF readers or editors.
+
+GENERATE_RTF = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
+# RTF documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_RTF = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
+# will contain hyperlink fields. The RTF file will
+# contain links (just like the HTML output) instead of page references.
+# This makes the output suitable for online browsing using WORD or other
+# programs which support those fields.
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's
+# config file, i.e. a series of assignments. You only have to provide
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE =
+
+# Set optional variables used in the generation of an rtf document.
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE =
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
+# generate man pages
+
+GENERATE_MAN = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT = man
+
+# The MAN_EXTENSION tag determines the extension that is added to
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
+# then it will generate one additional man file for each entity
+# documented in the real man page(s). These additional files
+# only source the real man page, but without them the man command
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will
+# generate an XML file that captures the structure of
+# the code including all documentation.
+
+GENERATE_XML = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_SCHEMA =
+
+# The XML_DTD tag can be used to specify an XML DTD,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_DTD =
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
+# dump the program listings (including syntax highlighting
+# and cross-referencing information) to the XML output. Note that
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
+# generate an AutoGen Definitions (see autogen.sf.net) file
+# that captures the structure of the code including all
+# documentation. Note that this feature is still experimental
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will
+# generate a Perl module file that captures the structure of
+# the code including all documentation. Note that this
+# feature is still experimental and incomplete at the
+# moment.
+
+GENERATE_PERLMOD = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
+# nicely formatted so it can be parsed by a human reader. This is useful
+# if you want to understand what is going on. On the other hand, if this
+# tag is set to NO the size of the Perl module output will be much smaller
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY = YES
+
+# The names of the make variables in the generated doxyrules.make file
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
+# This is useful so different doxyrules.make files included by the same
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
+# evaluate all C-preprocessor directives found in the sources and include
+# files.
+
+ENABLE_PREPROCESSING = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
+# names in the source code. If set to NO (the default) only conditional
+# compilation will be performed. Macro expansion can be done in a controlled
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION = NO
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
+# then the macro expansion is limited to the macros specified with the
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that
+# contain include files that are not input files but should be processed by
+# the preprocessor.
+
+INCLUDE_PATH =
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
+# patterns (like *.h and *.hpp) to filter out the header-files in the
+# directories. If left blank, the patterns specified with FILE_PATTERNS will
+# be used.
+
+INCLUDE_FILE_PATTERNS =
+
+# The PREDEFINED tag can be used to specify one or more macro names that
+# are defined before the preprocessor is started (similar to the -D option of
+# gcc). The argument of the tag is a list of macros of the form: name
+# or name=definition (no spaces). If the definition and the = are
+# omitted =1 is assumed. To prevent a macro definition from being
+# undefined via #undef or recursively expanded use the := operator
+# instead of the = operator.
+
+PREDEFINED =
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
+# this tag can be used to specify a list of macro names that should be expanded.
+# The macro definition that is found in the sources will be used.
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED =
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
+# doxygen's preprocessor will remove all function-like macros that are alone
+# on a line, have an all uppercase name, and do not end with a semicolon. Such
+# function macros are typically used for boiler-plate code, and will confuse
+# the parser if not removed.
+
+SKIP_FUNCTION_MACROS = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles.
+# Optionally an initial location of the external documentation
+# can be added for each tagfile. The format of a tag file without
+# this location is as follows:
+# TAGFILES = file1 file2 ...
+# Adding location for the tag files is done as follows:
+# TAGFILES = file1=loc1 "file2 = loc2" ...
+# where "loc1" and "loc2" can be relative or absolute paths or
+# URLs. If a location is present for each tag, the installdox tool
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES =
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE =
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed
+# in the class index. If set to NO only the inherited external classes
+# will be listed.
+
+ALLEXTERNALS = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
+# in the modules index. If set to NO, only the current project's groups will
+# be listed.
+
+EXTERNAL_GROUPS = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
+# or super classes. Setting the tag to NO turns the diagrams off. Note that
+# this option is superseded by the HAVE_DOT option below. This is only a
+# fallback. It is recommended to install and use dot, since it yields more
+# powerful graphs.
+
+CLASS_DIAGRAMS = YES
+
+# If set to YES, the inheritance and collaboration graphs will hide
+# inheritance and usage relations if the target is undocumented
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
+# available from the path. This tool is part of Graphviz, a graph visualization
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT = YES
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect inheritance relations. Setting this tag to YES will force the
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect implementation dependencies (inheritance, containment, and
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH = YES
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS = YES
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
+# collaboration diagrams in a style similar to the OMG's Unified Modeling
+# Language.
+
+UML_LOOK = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
+# tags are set to YES then doxygen will generate a graph for each documented
+# file showing the direct and indirect include dependencies of the file with
+# other documented files.
+
+INCLUDE_GRAPH = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
+# documented header file showing the documented files that directly or
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH = YES
+
+# If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will
+# generate a call dependency graph for every global function or class method.
+# Note that enabling this option will significantly increase the time of a run.
+# So in most cases it will be better to enable call graphs for selected
+# functions only using the \callgraph command.
+
+CALL_GRAPH = YES
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY = YES
+
+# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
+# then doxygen will show the dependencies a directory has on other directories
+# in a graphical way. The dependency relations are determined by the #include
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH =
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that
+# contain dot files that are included in the documentation (see the
+# \dotfile command).
+
+DOTFILE_DIRS =
+
+# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than
+# this value, doxygen will try to truncate the graph, so that it fits within
+# the specified constraint. Beware that most browsers cannot cope with very
+# large images.
+
+MAX_DOT_GRAPH_WIDTH = 1024
+
+# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than
+# this value, doxygen will try to truncate the graph, so that it fits within
+# the specified constraint. Beware that most browsers cannot cope with very
+# large images.
+
+MAX_DOT_GRAPH_HEIGHT = 1024
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
+# graphs generated by dot. A depth value of 3 means that only nodes reachable
+# from the root by following a path via at most 3 edges will be shown. Nodes
+# that lay further from the root node will be omitted. Note that setting this
+# option to 1 or 2 may greatly reduce the computation time needed for large
+# code bases. Also note that a graph may be further truncated if the graph's
+# image dimensions are not sufficient to fit the graph (see MAX_DOT_GRAPH_WIDTH
+# and MAX_DOT_GRAPH_HEIGHT). If 0 is used for the depth value (the default),
+# the graph is not depth-constrained.
+
+MAX_DOT_GRAPH_DEPTH = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
+# background. This is disabled by default, which results in a white background.
+# Warning: Depending on the platform used, enabling this option may lead to
+# badly anti-aliased labels on the edges of a graph (i.e. they become hard to
+# read).
+
+DOT_TRANSPARENT = YES
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
+# files in one run (i.e. multiple -o and -T options on the command line). This
+# makes dot run faster, but since only newer versions of dot (>1.8.10)
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS = YES
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
+# generate a legend page explaining the meaning of the various boxes and
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
+# remove the intermediate dot files that are used to generate
+# the various graphs.
+
+DOT_CLEANUP = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE = NO
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/doc/run-rootless.txt
^
|
| @@ -0,0 +1,92 @@
+Fail2ban normally requires root priviledges to insert iptables rules
+through calls to /sbin/iptables and also to read the logfiles.
+Fail2ban can run as an unpriviledged user provided that those two
+capabilites are preserved. The idea is to run fail2ban as a normal
+user (e.g. fail2ban) who belongs to a group which is allowed to read
+logfiles. The user should also be allowed to write to
+/proc/net/xt_recent/fail2ban-<name> (name is specified in the iptables
+rule).
+
+/proc/net/xt_recent/* is created by the xt_recent kernel module when
+an iptables rule with '-m limit' is inserted. This file contains a
+dynamic list of IP addresses which can than be used in iptables rules.
+Addresses can be matched against this list, with an optional timeout.
+One way to use xt_recent is to insert IPs into this list from an
+iptables rule, e.g. after connecting to the SSH port three times in a
+minute. This is the standard usage described in iptables(3).
+
+Another way to use xt_recent is by inserting the rules by writing to
+/proc/net/xt_recent/fail2ban-<name>. This can be performed by a fail2ban
+action. Files in /proc/net/xt_recent/ are protected by normal
+filesystem rules, so can be chown'ed and chmod'ed to be writable by a
+certain user. After the necessary iptables rules are inserted (which
+requires root priviledges), blacklisting can be perfomed by an
+unpriviledged user.
+
+Using fail2ban with xt_recent allows smarter filtering than normal
+iptables rules with the xt_recent module can provide.
+
+The disadvantage is that fail2ban cannot perform the setup by itself,
+which would require the priviledge to call /sbin/iptables, and it must
+be done through other means.
+
+The primary advantage is obvious: it's generally better to run
+services not as root. This setup is more robust, because xt_recent has
+it's own memory management and should behave smartly in case a very
+large amount of IPs is blocked. Also in case the fail2ban process dies
+the rules expire automatically. In case of a large amount of blocked
+IPs, traversing rules linearly for each SYN packet as fail2ban
+normally inserts them will be slow, but xt_recent with the same number
+of IPs would be much faster. (Didn't test this, so this is pure
+handwaving, but it should really be this way ;)) From the
+administrators point of view, a setup with xt_recent might also be
+easier, because it's very simple to modify the permissions on
+/proc/net/xt_recent/fail2ban-<name> to be readable or writable by
+some user and thus allow delisting IPs by helper administrators
+without the ability to mess up other iptables rules.
+
+The xt_recent-echo jail can be used under the root user without
+further configuration. To run not as root, futher setup is necessary:
+
+- Create user:
+
+ - set FAIL2BAN_USER in /etc/default/fail2ban.
+
+ This probably should be fail2ban.
+
+ - add user fail2ban who can read /var/log/auth.log and other
+ necessary log files. Log files are owned by group 'adm', so
+ it is enough if this user belongs to this group.
+
+ The user can be created e.g. with
+
+ useradd --system --no-create-home --home-dir / --groups adm fail2ban
+
+- Statically initialize chains firewall:
+
+ - put a rule to check the xt_recent list in the static firewall initialization
+ script, with names like fail2ban-ssh (action uses separate chains per each
+ jail, so define here the ones you need 1-per-jail)
+
+ Sample invocation might be
+
+ iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j DROP
+
+ with <name> suitably replaced.
+
+ - suppress actionstart for iptables-xt_recent-echo action by creating an override file
+ iptables-xt_recent-echo.local to accompany iptables-xt_recent-echo.conf with
+
+ [Definition]
+ actionstart =
+
+- Permissions:
+
+ make sure that configuration files under /etc/fail2ban are readable by
+ fail2ban user. Make sure that logfiles of fail2ban itself are writable
+ by the fail2ban user. /etc/init.d/fail2ban will change the ownership at
+ startup, but it is also necessary to modify /etc/logrotate.d/fail2ban.
+
+ The simplest way is to replace '# create ...' with the following
+ # create 640 fail2ban adm
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/fail2ban-client
^
|
| @@ -1,4 +1,7 @@
#!/usr/bin/python
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -13,15 +16,9 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-# Author: Cyril Jaquier
-#
-# $Revision: 672 $
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 672 $"
-__date__ = "$Date: 2008-03-06 00:18:06 +0100 (Thu, 06 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -30,7 +27,9 @@
# Inserts our own modules path first in the list
# fix for bug #343821
-sys.path.insert(1, "/usr/share/fail2ban")
+if os.path.abspath(__file__).startswith('/usr/'):
+ # makes sense to use system-wide library iff -client is also under /usr/
+ sys.path.insert(1, "/usr/share/fail2ban")
# Now we can import our modules
from common.version import version
@@ -66,7 +65,7 @@
def dispVersion(self):
print "Fail2Ban v" + version
print
- print "Copyright (c) 2004-2008 Cyril Jaquier"
+ print "Copyright (c) 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors"
print "Copyright of modifications held by their respective authors."
print "Licensed under the GNU General Public License v2 (GPL)."
print
@@ -98,7 +97,7 @@
printFormatted()
print
- print "Report bugs to <cyril.jaquier@fail2ban.org>"
+ print "Report bugs to https://github.com/fail2ban/fail2ban/issues"
def dispInteractive(self):
print "Fail2Ban v" + version + " reads log file that contains password failure report"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/fail2ban-regex
^
|
| @@ -13,23 +13,19 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-# Author: Cyril Jaquier
-#
-# $Revision: 672 $
-
-__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 672 $"
-__date__ = "$Date: 2008-03-06 00:18:06 +0100 (Thu, 06 Mar 2008) $"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__author__ = "Cyril Jaquier, Yaroslav Halchenko"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2012 Yaroslav Halchenko"
__license__ = "GPL"
import getopt, sys, time, logging, os
# Inserts our own modules path first in the list
# fix for bug #343821
-sys.path.insert(1, "/usr/share/fail2ban")
+if os.path.abspath(__file__).startswith('/usr/'):
+ # makes sense to use system-wide library iff -regex is also under /usr/
+ sys.path.insert(1, "/usr/share/fail2ban")
from client.configparserinc import SafeConfigParserWithIncludes
from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
@@ -72,6 +68,7 @@
self.__filter = Filter(None)
self.__ignoreregex = list()
self.__failregex = list()
+ self.__verbose = False
# Setup logging
logging.getLogger("fail2ban").handlers = []
self.__hdlr = logging.StreamHandler(Fail2banRegex.test)
@@ -79,6 +76,7 @@
formatter = logging.Formatter("%(message)s")
# tell the handler to use this format
self.__hdlr.setFormatter(formatter)
+ self.__logging_level = self.__verbose and logging.DEBUG or logging.WARN
logging.getLogger("fail2ban").addHandler(self.__hdlr)
logging.getLogger("fail2ban").setLevel(logging.ERROR)
@@ -106,6 +104,7 @@
print "Options:"
print " -h, --help display this help message"
print " -V, --version print the version"
+ print " -v, --verbose verbose output"
print
print "Log:"
print " string a string representing a log line"
@@ -119,7 +118,7 @@
print " string a string representing an 'ignoreregex'"
print " filename path to a filter file (filter.d/sshd.conf)"
print
- print "Report bugs to <cyril.jaquier@fail2ban.org>"
+ print "Report bugs to https://github.com/fail2ban/fail2ban/issues"
dispUsage = staticmethod(dispUsage)
def getCmdLineOptions(self, optList):
@@ -132,6 +131,8 @@
elif opt[0] in ["-V", "--version"]:
self.dispVersion()
sys.exit(0)
+ elif opt[0] in ["-v", "--verbose"]:
+ self.__verbose = True
#@staticmethod
def logIsFile(value):
@@ -199,7 +200,7 @@
def testIgnoreRegex(self, line):
found = False
for regex in self.__ignoreregex:
- logging.getLogger("fail2ban").setLevel(logging.DEBUG)
+ logging.getLogger("fail2ban").setLevel(self.__logging_level)
try:
self.__filter.addIgnoreRegex(regex.getFailRegex())
try:
@@ -211,7 +212,7 @@
return False
finally:
self.__filter.delIgnoreRegex(0)
- logging.getLogger("fail2ban").setLevel(logging.CRITICAL)
+ logging.getLogger("fail2ban").setLevel(self.__logging_level)
def testRegex(self, line):
found = False
@@ -248,54 +249,31 @@
print "Results"
print "======="
print
-
- # Print title
- cnt = 1
- print "Failregex"
- print "|- Regular expressions:"
- for failregex in self.__failregex:
- print "| [" + str(cnt) + "] " + failregex.getFailRegex()
- cnt += 1
- cnt = 1
-
- print "|"
-
- # Print stats
- cnt = 1
- total = 0
- print "`- Number of matches:"
- for failregex in self.__failregex:
- match = failregex.getStats()
- total += match
- print " [" + str(cnt) + "] " + str(match) + " match(es)"
- cnt += 1
-
- print
-
+
+ def print_failregexes(title, failregexes):
+ # Print title
+ total, out = 0, []
+ for cnt, failregex in enumerate(failregexes):
+ match = failregex.getStats()
+ total += match
+ if (match or self.__verbose):
+ out.append("| %d) [%d] %s" % (cnt+1, match, failregex.getFailRegex()))
+ print "%s: %d total" % (title, total)
+ if len(out):
+ print "|- #) [# of hits] regular expression"
+ print '\n'.join(out)
+ print '`-'
+ print
+ return total
+
# Print title
- cnt = 1
- print "Ignoreregex"
- print "|- Regular expressions:"
- for failregex in self.__ignoreregex:
- print "| [" + str(cnt) + "] " + failregex.getFailRegex()
- cnt += 1
- cnt = 1
-
- print "|"
-
- # Print stats
- cnt = 1
- print "`- Number of matches:"
- for failregex in self.__ignoreregex:
- match = failregex.getStats()
- print " [" + str(cnt) + "] " + str(match) + " match(es)"
- cnt += 1
-
- print
+ total = print_failregexes("Failregex", self.__failregex)
+ _ = print_failregexes("Ignoreregex", self.__ignoreregex)
+
print "Summary"
print "======="
print
-
+
if total == 0:
print "Sorry, no match"
print
@@ -304,26 +282,21 @@
return False
else:
# Print stats
- cnt = 1
print "Addresses found:"
- for failregex in self.__failregex:
- print "[" + str(cnt) + "]"
- for ip in failregex.getIPList():
- timeTuple = time.localtime(ip[1])
- timeString = time.strftime("%a %b %d %H:%M:%S %Y", timeTuple)
- if ip[2]:
- dup = " (already matched)"
- else:
- dup = ""
- print " " + ip[0] + " (" + timeString + ")" + dup
- cnt += 1
-
+ for cnt, failregex in enumerate(self.__failregex):
+ if self.__verbose or len(failregex.getIPList()):
+ print "[%d]" % (cnt+1)
+ for ip in failregex.getIPList():
+ timeTuple = time.localtime(ip[1])
+ timeString = time.strftime("%a %b %d %H:%M:%S %Y", timeTuple)
+ print " %s (%s)%s" % (
+ ip[0], timeString, ip[2] and " (already matched)" or "")
print
print "Date template hits:"
for template in self.__filter.dateDetector.getTemplates():
- print `template.getHits()` + " hit(s): " + template.getName()
-
+ if self.__verbose or template.getHits():
+ print `template.getHits()` + " hit(s): " + template.getName()
print
print "Success, the total number of match is " + str(total)
@@ -337,16 +310,17 @@
fail2banRegex = Fail2banRegex()
# Reads the command line options.
try:
- cmdOpts = 'hV'
- cmdLongOpts = ['help', 'version']
+ cmdOpts = 'hVcv'
+ cmdLongOpts = ['help', 'version', 'verbose']
optList, args = getopt.getopt(sys.argv[1:], cmdOpts, cmdLongOpts)
except getopt.GetoptError:
fail2banRegex.dispUsage()
sys.exit(-1)
# Process command line
fail2banRegex.getCmdLineOptions(optList)
- # We need exactly 3 parameters
- if not len(sys.argv) in (3, 4):
+
+ # We need 2 or 3 parameters
+ if not len(args) in (2, 3):
fail2banRegex.dispUsage()
sys.exit(-1)
else:
@@ -355,17 +329,17 @@
print "============="
print
- if len(sys.argv) == 4:
- if fail2banRegex.readIgnoreRegex(sys.argv[3]) == False:
- sys.exit(-1)
+ cmd_log, cmd_regex = args[:2]
+
+ if len(args) == 3:
+ fail2banRegex.readIgnoreRegex(args[2]) or sys.exit(-1)
- if fail2banRegex.readRegex(sys.argv[2]) == False:
- sys.exit(-1)
+ fail2banRegex.readRegex(cmd_regex) or sys.exit(-1)
- if fail2banRegex.logIsFile(sys.argv[1]):
+ if fail2banRegex.logIsFile(cmd_log):
try:
- hdlr = open(sys.argv[1])
- print "Use log file : " + sys.argv[1]
+ hdlr = open(cmd_log)
+ print "Use log file : " + cmd_log
print
for line in hdlr:
fail2banRegex.testIgnoreRegex(line)
@@ -376,15 +350,12 @@
sys.exit(-1)
else:
if len(sys.argv[1]) > 53:
- stripLog = sys.argv[1][0:50] + "..."
+ stripLog = cmd_log[0:50] + "..."
else:
- stripLog = sys.argv[1]
+ stripLog = cmd_log
print "Use single line: " + stripLog
print
- fail2banRegex.testIgnoreRegex(sys.argv[1])
- fail2banRegex.testRegex(sys.argv[1])
-
- if fail2banRegex.printStats():
- sys.exit(0)
- else:
- sys.exit(-1)
+ fail2banRegex.testIgnoreRegex(cmd_log)
+ fail2banRegex.testRegex(cmd_log)
+
+ fail2banRegex.printStats() or sys.exit(-1)
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/fail2ban-server
^
|
| @@ -1,4 +1,7 @@
#!/usr/bin/python
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -13,23 +16,19 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-# Author: Cyril Jaquier
-#
-# $Revision: 672 $
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 672 $"
-__date__ = "$Date: 2008-03-06 00:18:06 +0100 (Thu, 06 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
-import getopt, sys, logging
+import getopt, sys, logging, os
# Inserts our own modules path first in the list
# fix for bug #343821
-sys.path.insert(1, "/usr/share/fail2ban")
+if os.path.abspath(__file__).startswith('/usr/'):
+ # makes sense to use system-wide library iff -server is also under /usr/
+ sys.path.insert(1, "/usr/share/fail2ban")
from common.version import version
from server.server import Server
@@ -58,7 +57,7 @@
def dispVersion(self):
print "Fail2Ban v" + version
print
- print "Copyright (c) 2004-2008 Cyril Jaquier"
+ print "Copyright (c) 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors"
print "Copyright of modifications held by their respective authors."
print "Licensed under the GNU General Public License v2 (GPL)."
print
@@ -85,7 +84,7 @@
print " -h, --help display this help message"
print " -V, --version print the version"
print
- print "Report bugs to <cyril.jaquier@fail2ban.org>"
+ print "Report bugs to https://github.com/fail2ban/fail2ban/issues"
def __getCmdLineOptions(self, optList):
""" Gets the command line options
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/fail2ban-testcases
^
|
| @@ -1,4 +1,9 @@
#!/usr/bin/python
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+"""Script to run Fail2Ban tests battery
+"""
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -13,20 +18,14 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-# Author: Cyril Jaquier
-#
-# $Revision: 522 $
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 522 $"
-__date__ = "$Date: 2007-01-21 23:19:57 +0100 (Sun, 21 Jan 2007) $"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2012- Yaroslav Halchenko"
__license__ = "GPL"
-import unittest, logging, sys
+import unittest, logging, sys, time, os
from common.version import version
from testcases import banmanagertestcase
@@ -38,25 +37,74 @@
from testcases import actiontestcase
from server.mytime import MyTime
-# Set the time to a fixed, known value
-# Sun Aug 14 12:00:00 CEST 2005
-MyTime.setTime(1124013600)
+from optparse import OptionParser, Option
+
+def get_opt_parser():
+ # use module docstring for help output
+ p = OptionParser(
+ usage="%s [OPTIONS]\n" % sys.argv[0] + __doc__,
+ version="%prog " + version)
+
+ p.add_options([
+ Option('-l', "--log-level", type="choice",
+ dest="log_level",
+ choices=('debug', 'info', 'warn', 'error', 'fatal'),
+ default=None,
+ help="Log level for the logger to use during running tests"),
+ ])
+
+ return p
+
+parser = get_opt_parser()
+(opts, files) = parser.parse_args()
+assert(not len(files))
-# Gets the instance of the logger.
+#
+# Logging
+#
logSys = logging.getLogger("fail2ban")
+
+# Numerical level of verbosity corresponding to a log "level"
+verbosity = {'debug': 3,
+ 'info': 2,
+ 'warn': 1,
+ 'error': 1,
+ 'fatal': 0,
+ None: 1}[opts.log_level]
+
+if opts.log_level is not None:
+ # so we had explicit settings
+ logSys.setLevel(getattr(logging, opts.log_level.upper()))
+else:
+ # suppress the logging but it would leave unittests' progress dots
+ # ticking, unless like with '-l fatal' which would be silent
+ # unless error occurs
+ logSys.setLevel(getattr(logging, 'FATAL'))
+
# Add the default logging handler
stdout = logging.StreamHandler(sys.stdout)
+# Custom log format for the verbose tests runs
+if verbosity > 1:
+ stdout.setFormatter(logging.Formatter(' %(asctime)-15s %(thread)s %(message)s'))
+else:
+ # just prefix with the space
+ stdout.setFormatter(logging.Formatter(' %(message)s'))
logSys.addHandler(stdout)
-logSys.setLevel(logging.FATAL)
-print "Fail2ban " + version + " test suite. Please wait..."
+#
+# Let know the version
+#
+if not opts.log_level or opts.log_level != 'fatal':
+ print "Fail2ban %s test suite. Python %s. Please wait..." \
+ % (version, str(sys.version).replace('\n', ''))
+
+
+#
+# Gather the tests
+#
tests = unittest.TestSuite()
-# Filter
-tests.addTest(unittest.makeSuite(filtertestcase.IgnoreIP))
-tests.addTest(unittest.makeSuite(filtertestcase.LogFile))
-tests.addTest(unittest.makeSuite(filtertestcase.GetFailures))
# Server
#tests.addTest(unittest.makeSuite(servertestcase.StartStop))
#tests.addTest(unittest.makeSuite(servertestcase.Transmitter))
@@ -67,9 +115,68 @@
tests.addTest(unittest.makeSuite(banmanagertestcase.AddFailure))
# ClientReader
tests.addTest(unittest.makeSuite(clientreadertestcase.JailReaderTest))
+
+# Filter
+tests.addTest(unittest.makeSuite(filtertestcase.IgnoreIP))
+tests.addTest(unittest.makeSuite(filtertestcase.LogFile))
+tests.addTest(unittest.makeSuite(filtertestcase.LogFileMonitor))
+tests.addTest(unittest.makeSuite(filtertestcase.GetFailures))
+tests.addTest(unittest.makeSuite(filtertestcase.DNSUtilsTests))
+tests.addTest(unittest.makeSuite(filtertestcase.JailTests))
+
# DateDetector
tests.addTest(unittest.makeSuite(datedetectortestcase.DateDetectorTest))
-# Tests runner
-testRunner = unittest.TextTestRunner()
-testRunner.run(tests)
+#
+# Extensive use-tests of different available filters backends
+#
+
+from server.filterpoll import FilterPoll
+filters = [FilterPoll] # always available
+
+# Additional filters available only if external modules are available
+# yoh: Since I do not know better way for parametric tests
+# with good old unittest
+try:
+ from server.filtergamin import FilterGamin
+ filters.append(FilterGamin)
+except Exception, e:
+ print "I: Skipping gamin backend testing. Got exception '%s'" % e
+
+try:
+ from server.filterpyinotify import FilterPyinotify
+ filters.append(FilterPyinotify)
+except Exception, e:
+ print "I: Skipping pyinotify backend testing. Got exception '%s'" % e
+
+for Filter_ in filters:
+ tests.addTest(unittest.makeSuite(
+ filtertestcase.get_monitor_failures_testcase(Filter_)))
+
+
+#
+# Run the tests
+#
+testRunner = unittest.TextTestRunner(verbosity=verbosity)
+
+try:
+ # Set the time to a fixed, known value
+ # Sun Aug 14 12:00:00 CEST 2005
+ # yoh: we need to adjust TZ to match the one used by Cyril so all the timestamps match
+ old_TZ = os.environ.get('TZ', None)
+ os.environ['TZ'] = 'Europe/Zurich'
+ time.tzset()
+ MyTime.setTime(1124013600)
+
+ tests_results = testRunner.run(tests)
+
+finally:
+ # Just for the sake of it reset the TZ
+ # yoh: move all this into setup/teardown methods within tests
+ os.environ.pop('TZ')
+ if old_TZ:
+ os.environ['TZ'] = old_TZ
+ time.tzset()
+
+if not tests_results.wasSuccessful():
+ sys.exit(1)
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/fail2ban-testcases-all
^
|
| @@ -0,0 +1,18 @@
+#!/bin/bash
+# Simple helper script to exercise unittests using all available
+# (under /usr/bin and /usr/local/bin python2.*)
+
+set -eu
+
+failed=
+for python in /usr/{,local/}bin/python2.[0-9]{,.*}{,-dbg}
+do
+ [ -e "$python" ] || continue
+ echo "Testing using $python"
+ $python ./fail2ban-testcases "$@" || failed+=" $python"
+done
+
+if [ ! -z "$failed" ]; then
+ echo "E: Failed with $failed"
+ exit 1
+fi
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/files/cacti/fail2ban_stats.sh
^
|
| @@ -13,7 +13,7 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# This script can be used to collect data for Cacti. One parameter is needed,
# the jail name. It must be a currently running jail. The script returns two
@@ -25,7 +25,7 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 527 $
+# $Revision$
FAIL2BAN="fail2ban-client"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/files/gentoo-initd
^
|
| @@ -13,13 +13,13 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# Author: Sireyessire, Cyril Jaquier
-#
-# $Revision: 559 $
+#
+# $Revision$
-opts="start stop restart reload showlog"
+extra_started_commands="reload showlog"
FAIL2BAN="/usr/bin/fail2ban-client ${FAIL2BAN_OPTIONS}"
@@ -31,6 +31,14 @@
start() {
ebegin "Starting fail2ban"
+ if [ ! -d /var/run/fail2ban ]; then
+ mkdir /var/run/fail2ban || return 1
+ fi
+ if [ -e /var/run/fail2ban/fail2ban.sock ]; then
+ # remove stalled sock file after system crash
+ # bug 347477
+ rm -rf /var/run/fail2ban/fail2ban.sock || return 1
+ fi
${FAIL2BAN} start &> /dev/null
eend $? "Failed to start fail2ban"
}
@@ -41,14 +49,6 @@
eend $? "Failed to stop fail2ban"
}
-restart() {
- if ! service_stopped "${SVCNAME}" ; then
- svc_stop || return "$?"
- sleep 1
- fi
- svc_start
-}
-
reload() {
ebegin "Reloading fail2ban"
${FAIL2BAN} reload > /dev/null
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/files/ipmasq-ZZZzzz_fail2ban.rul
^
|
| @@ -0,0 +1,31 @@
+#! /bin/sh
+#
+# ZZZzzz|fail2ban.rul
+#
+# Ultima modifica: 20060112 <Nauta@G-B.it> Creazione
+# Ultima modifica: 20071205 <Nauta@G-B.it> Verifica sia in esecuzione
+#
+# Riconfigura le regole di filtraggio relative a fail2ban alla fine
+# dell'inizializzazione delle regole.
+# Solo all'avvio del sistema mostra la (ri)esecuzione dello script
+
+_NAME=fail2ban
+_INITSCRIPT=/etc/init.d/$_NAME
+_CONFIG="/etc/$_NAME/$_NAME.local /etc/$_NAME/$_NAME.conf"
+
+if [ -s $_INITSCRIPT ]; then
+ SOCKFILE=`sed -n -e '/^[^#]*socket\s*=/{
+ s/.*socket\s*=\s*\(\S\+\).*/\1/p;q}' $_CONFIG 2>/dev/null`
+ [ -z "$SOCKFILE" ] && SOCKFILE="/tmp/$_NAME.sock"
+ if [ -S "$SOCKFILE" ]; then # Is daemon running ?
+ if [ "$SHOWRULES" = "yes" ]; then
+ echo "#: Reinitializing $_NAME"
+ echo $_INITSCRIPT force-reload
+ else
+ [ ! $runlevel ] && HIDEOUTPUT=true
+ fi
+ if [ "$NOACT" != "yes" ]; then
+ eval $_INITSCRIPT force-reload ${HIDEOUTPUT:+\>/dev/null 2\>&1}
+ fi
+ fi # SOCKFILE is a socket
+fi # _INITSCRIPT exist
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/files/nagios/check_fail2ban
^
|
| @@ -45,9 +45,8 @@
}
######################################################################
# first check in the Background, PID will be killed when no response
-# after 10 seconds, might be possible, otherwise the scipt will be
-# pressent in your memory all the time
-#
+# after 10 seconds, might be possible, otherwise the script will be
+# present in your memory all the time
######################################################################
check_processes_fail2ban &
@@ -68,7 +67,7 @@
done
######################################################################
-# when the Server response (doesent mean the FAIL2BAN is working)
+# when the Server response (does not mean the FAIL2BAN is working)
# in the first step, then it will run again and test the Service
# and provide the real status
######################################################################
@@ -83,23 +82,23 @@
######################################################################
-# Mainmenu
+# Main Menu
######################################################################
final_exit=$exit_fail2ban
if [ $final_exit -eq 0 ]; then
- echo "SYSTEM OK - Fail2ban is working normaly"
+ echo "SYSTEM OK - Fail2ban is working normally"
exitstatus=$STATE_OK
elif [ $final_exit -ne "0" ]; then
echo "SYSTEM WARNING - Fail2Ban is not working"
######################################################################
# If don't have a Nagios Server for monitoring, remove the comment and
-# add your Mail Addres. You can check it with a Cron Job once a hour.
+# add your Mail Address. You can check it with a Cron Job once an hour.
# put a txt file on your server and describe how to fix the issue, this
# could be attached to the mail.
######################################################################
-# mutt -s "FAIL2BAN NOT WORKING" your@email.com < /home/f2ban.txt
+# mutt -s "FAIL2BAN NOT WORKING" your@example.com < /home/f2ban.txt
exitstatus=$STATE_CRITICAL
fi
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/files/nagios/f2ban.txt
^
|
| @@ -5,7 +5,7 @@
1.) stop the Service
/etc/init.d/fail2ban stop
-2.) delete the socket if avalible
+2.) delete the socket if available
rm /tmp/fail2ban.sock
3.) start the Service
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/kill-server
^
|
| @@ -0,0 +1,2 @@
+#!/bin/bash
+kill `ps ax|grep fail2ban|grep -v grep|awk '{print $1}'`
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/man/fail2ban-client.1
^
|
| @@ -251,7 +251,7 @@
Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
.SH "REPORTING BUGS"
-Report bugs to <cyril.jaquier@fail2ban.org>
+Report bugs on https://github.com/fail2ban/fail2ban/issues
.SH COPYRIGHT
Copyright \(co 2004-2008 Cyril Jaquier
.br
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/man/fail2ban-regex.1
^
|
| @@ -42,7 +42,7 @@
Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
.SH "REPORTING BUGS"
-Report bugs to <cyril.jaquier@fail2ban.org>
+Report bugs on https://github.com/fail2ban/fail2ban/issues
.SH COPYRIGHT
Copyright \(co 2004-2008 Cyril Jaquier
.br
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/man/fail2ban-server.1
^
|
| @@ -35,7 +35,7 @@
Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
.SH "REPORTING BUGS"
-Report bugs to <cyril.jaquier@fail2ban.org>
+Report bugs on https://github.com/fail2ban/fail2ban/issues
.SH COPYRIGHT
Copyright \(co 2004-2008 Cyril Jaquier
.br
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/__init__.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,14 +15,14 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 433 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 433 $"
-__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/action.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,24 +15,39 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 682 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 682 $"
-__date__ = "$Date: 2008-04-08 00:25:16 +0200 (Tue, 08 Apr 2008) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
import logging, os
+import threading
#from subprocess import call
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban.actions.action")
+# Create a lock for running system commands
+_cmd_lock = threading.Lock()
+
+# Some hints on common abnormal exit codes
+_RETCODE_HINTS = {
+ 0x7f00: '"Command not found". Make sure that all commands in %(realCmd)r '
+ 'are in the PATH of fail2ban-server process '
+ '(grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). '
+ 'You may want to start '
+ '"fail2ban-server -f" separately, initiate it with '
+ '"fail2ban-client reload" in another shell session and observe if '
+ 'additional informative error messages appear in the terminals.'
+ }
+
##
# Execute commands.
#
@@ -223,7 +241,14 @@
def execActionStop(self):
stopCmd = Action.replaceTag(self.__actionStop, self.__cInfo)
return Action.executeCmd(stopCmd)
-
+
+ def escapeTag(tag):
+ for c in '\\#&;`|*?~<>^()[]{}$\n':
+ if c in tag:
+ tag = tag.replace(c, '\\' + c)
+ return tag
+ escapeTag = staticmethod(escapeTag)
+
##
# Replaces tags in query with property values in aInfo.
#
@@ -236,8 +261,13 @@
""" Replace tags in query
"""
string = query
- for tag in aInfo:
- string = string.replace('<' + tag + '>', str(aInfo[tag]))
+ for tag, value in aInfo.iteritems():
+ value = str(value) # assure string
+ if tag == 'matches':
+ # That one needs to be escaped since its content is
+ # out of our control
+ value = Action.escapeTag(value)
+ string = string.replace('<' + tag + '>', value)
# New line
string = string.replace("<br>", '\n')
return string
@@ -301,17 +331,25 @@
#@staticmethod
def executeCmd(realCmd):
logSys.debug(realCmd)
- try:
- # The following line gives deadlock with multiple jails
- #retcode = call(realCmd, shell=True)
- retcode = os.system(realCmd)
- if retcode == 0:
- logSys.debug("%s returned successfully" % realCmd)
- return True
- else:
- logSys.error("%s returned %x" % (realCmd, retcode))
- except OSError, e:
- logSys.error("%s failed with %s" % (realCmd, e))
+ _cmd_lock.acquire()
+ try: # Try wrapped within another try needed for python version < 2.5
+ try:
+ # The following line gives deadlock with multiple jails
+ #retcode = call(realCmd, shell=True)
+ retcode = os.system(realCmd)
+ if retcode == 0:
+ logSys.debug("%s returned successfully" % realCmd)
+ return True
+ else:
+ msg = _RETCODE_HINTS.get(retcode, None)
+ logSys.error("%s returned %x" % (realCmd, retcode))
+ if msg:
+ logSys.info("HINT on %x: %s"
+ % (retcode, msg % locals()))
+ except OSError, e:
+ logSys.error("%s failed with %s" % (realCmd, e))
+ finally:
+ _cmd_lock.release()
return False
executeCmd = staticmethod(executeCmd)
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/actions.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 567 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 567 $"
-__date__ = "$Date: 2007-03-26 23:17:31 +0200 (Mon, 26 Mar 2007) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -118,6 +121,19 @@
return self.__banManager.getBanTime()
##
+ # Remove a banned IP now, rather than waiting for it to expire, even if set to never expire.
+ #
+ # @return the IP string or 'None' if not unbanned.
+ def removeBannedIP(self, ip):
+ # Find the ticket with the IP.
+ ticket = self.__banManager.getTicketByIP(ip)
+ if ticket is not None:
+ # Unban the IP.
+ self.__unBan(ticket)
+ return ip
+ return 'None'
+
+ ##
# Main loop.
#
# This function is the main loop of the thread. It checks the Jail
@@ -158,13 +174,14 @@
aInfo["ip"] = bTicket.getIP()
aInfo["failures"] = bTicket.getAttempt()
aInfo["time"] = bTicket.getTime()
+ aInfo["matches"] = "".join(bTicket.getMatches())
if self.__banManager.addBanTicket(bTicket):
logSys.warn("[%s] Ban %s" % (self.jail.getName(), aInfo["ip"]))
for action in self.__actions:
action.execActionBan(aInfo)
return True
else:
- logSys.warn("[%s] %s already banned" % (self.jail.getName(),
+ logSys.info("[%s] %s already banned" % (self.jail.getName(),
aInfo["ip"]))
return False
@@ -198,6 +215,7 @@
aInfo["ip"] = ticket.getIP()
aInfo["failures"] = ticket.getAttempt()
aInfo["time"] = ticket.getTime()
+ aInfo["matches"] = "".join(ticket.getMatches())
logSys.warn("[%s] Unban %s" % (self.jail.getName(), aInfo["ip"]))
for action in self.__actions:
action.execActionUnban(aInfo)
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/asyncserver.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 567 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 567 $"
-__date__ = "$Date: 2007-03-26 23:17:31 +0200 (Mon, 26 Mar 2007) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/banmanager.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 638 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 638 $"
-__date__ = "$Date: 2007-12-17 21:00:36 +0100 (Mon, 17 Dec 2007) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -130,7 +133,7 @@
ip = ticket.getIP()
#lastTime = ticket.getTime()
lastTime = MyTime.time()
- banTicket = BanTicket(ip, lastTime)
+ banTicket = BanTicket(ip, lastTime, ticket.getMatches())
banTicket.setAttempt(ticket.getAttempt())
return banTicket
createBanTicket = staticmethod(createBanTicket)
@@ -205,7 +208,7 @@
return unBanList
finally:
self.__lock.release()
-
+
##
# Flush the ban list.
#
@@ -220,3 +223,21 @@
return uBList
finally:
self.__lock.release()
+
+ ##
+ # Gets the ticket for the specified IP.
+ #
+ # @return the ticket for the IP or False.
+ def getTicketByIP(self, ip):
+ try:
+ self.__lock.acquire()
+
+ # Find the ticket the IP goes with and return it
+ for i, ticket in enumerate(self.__banList):
+ if ticket.getIP() == ip:
+ # Return the ticket after removing (popping)
+ # if from the ban list.
+ return self.__banList.pop(i)
+ finally:
+ self.__lock.release()
+ return None # if none found
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/datedetector.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 722 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 722 $"
-__date__ = "$Date: 2009-01-28 00:21:55 +0100 (Wed, 28 Jan 2009) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -71,6 +74,13 @@
template.setRegex("\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}")
template.setPattern("%d/%m/%Y %H:%M:%S")
self.__templates.append(template)
+ # previous one but with year given by 2 digits
+ # (See http://bugs.debian.org/537610)
+ template = DateStrptime()
+ template.setName("Day/Month/Year Hour:Minute:Second")
+ template.setRegex("\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}")
+ template.setPattern("%d/%m/%y %H:%M:%S")
+ self.__templates.append(template)
# Apache format [31/Oct/2006:09:22:55 -0000]
template = DateStrptime()
template.setName("Day/MONTH/Year:Hour:Minute:Second")
@@ -89,6 +99,12 @@
template.setRegex("\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}")
template.setPattern("%Y-%m-%d %H:%M:%S")
self.__templates.append(template)
+ # custom for syslog-ng 2006.12.21 06:43:20
+ template = DateStrptime()
+ template.setName("Year.Month.Day Hour:Minute:Second")
+ template.setRegex("\d{4}.\d{2}.\d{2} \d{2}:\d{2}:\d{2}")
+ template.setPattern("%Y.%m.%d %H:%M:%S")
+ self.__templates.append(template)
# named 26-Jul-2007 15:20:52.252
template = DateStrptime()
template.setName("Day-MONTH-Year Hour:Minute:Second[.Millisecond]")
@@ -101,6 +117,12 @@
template.setRegex("\d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}")
template.setPattern("%d-%m-%Y %H:%M:%S")
self.__templates.append(template)
+ # 01-27-2012 16:22:44.252
+ template = DateStrptime()
+ template.setName("Month-Day-Year Hour:Minute:Second[.Millisecond]")
+ template.setRegex("\d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}")
+ template.setPattern("%m-%d-%Y %H:%M:%S")
+ self.__templates.append(template)
# TAI64N
template = DateTai64n()
template.setName("TAI64N")
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/datetemplate.py
^
|
| @@ -1,4 +1,6 @@
-# -*- coding: utf8 -*-
+# emacs: -*- mode: python; coding: utf-8; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -13,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 729 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 729 $"
-__date__ = "$Date: 2009-02-08 20:50:44 +0100 (Sun, 08 Feb 2009) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -30,6 +32,10 @@
from mytime import MyTime
import iso8601
+import logging
+logSys = logging.getLogger("fail2ban.datetemplate")
+
+
class DateTemplate:
def __init__(self):
@@ -76,7 +82,7 @@
dateMatch = self.matchDate(line)
if dateMatch:
# extract part of format which represents seconds since epoch
- date = list(time.localtime(float(dateMatch.group())))
+ date = list(MyTime.localtime(float(dateMatch.group())))
return date
@@ -86,20 +92,20 @@
# standard.
class DateStrptime(DateTemplate):
-
+
TABLE = dict()
- TABLE["Jan"] = []
- TABLE["Feb"] = [u"Fév"]
- TABLE["Mar"] = [u"Mär"]
- TABLE["Apr"] = ["Avr"]
- TABLE["May"] = ["Mai"]
- TABLE["Jun"] = []
- TABLE["Jul"] = []
- TABLE["Aug"] = ["Aou"]
- TABLE["Sep"] = []
- TABLE["Oct"] = ["Okt"]
- TABLE["Nov"] = []
- TABLE["Dec"] = [u"Déc", "Dez"]
+ TABLE["Jan"] = ["Sty"]
+ TABLE["Feb"] = [u"Fév", "Lut"]
+ TABLE["Mar"] = [u"Mär", "Mar"]
+ TABLE["Apr"] = ["Avr", "Kwi"]
+ TABLE["May"] = ["Mai", "Maj"]
+ TABLE["Jun"] = ["Lip"]
+ TABLE["Jul"] = ["Sie"]
+ TABLE["Aug"] = ["Aou", "Wrz"]
+ TABLE["Sep"] = ["Sie"]
+ TABLE["Oct"] = [u"Paź"]
+ TABLE["Nov"] = ["Lis"]
+ TABLE["Dec"] = [u"Déc", "Dez", "Gru"]
def __init__(self):
DateTemplate.__init__(self)
@@ -116,6 +122,8 @@
for t in DateStrptime.TABLE:
for m in DateStrptime.TABLE[t]:
if date.find(m) >= 0:
+ logSys.debug(u"Replacing %r with %r in %r" %
+ (m, t, date))
return date.replace(m, t)
return date
convertLocale = staticmethod(convertLocale)
@@ -132,12 +140,22 @@
conv = self.convertLocale(dateMatch.group())
try:
date = list(time.strptime(conv, self.getPattern()))
- except ValueError, e:
+ except (ValueError, re.error), e:
# Try to add the current year to the pattern. Should fix
# the "Feb 29" issue.
- conv += " %s" % MyTime.gmtime()[0]
- pattern = "%s %%Y" % self.getPattern()
- date = list(time.strptime(conv, pattern))
+ opattern = self.getPattern()
+ # makes sense only if %Y is not in already:
+ if not '%Y' in opattern:
+ pattern = "%s %%Y" % opattern
+ conv += " %s" % MyTime.gmtime()[0]
+ date = list(time.strptime(conv, pattern))
+ else:
+ # we are helpless here
+ raise ValueError(
+ "Given pattern %r does not match. Original "
+ "exception was %r and Feb 29 workaround could not "
+ "be tested due to already present year mark in the "
+ "pattern" % (opattern, e))
if date[0] < 2000:
# There is probably no year field in the logs
date[0] = MyTime.gmtime()[0]
@@ -145,6 +163,9 @@
# If the date is greater than the current time, we suppose
# that the log is not from this year but from the year before
if time.mktime(date) > MyTime.time():
+ logSys.debug(
+ u"Correcting deduced year from %d to %d since %f > %f" %
+ (date[0], date[0]-1, time.mktime(date), MyTime.time()))
date[0] -= 1
elif date[1] == 1 and date[2] == 1:
# If it is Jan 1st, it is either really Jan 1st or there
@@ -168,7 +189,8 @@
# extract part of format which represents seconds since epoch
value = dateMatch.group()
seconds_since_epoch = value[2:17]
- date = list(time.gmtime(int(seconds_since_epoch, 16)))
+ # convert seconds from HEX into local time stamp
+ date = list(MyTime.localtime(int(seconds_since_epoch, 16)))
return date
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/faildata.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 731 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 731 $"
-__date__ = "$Date: 2009-02-09 23:08:21 +0100 (Mon, 09 Feb 2009) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -35,16 +38,27 @@
self.__retry = 0
self.__lastTime = 0
self.__lastReset = 0
-
+ self.__matches = []
+
def setRetry(self, value):
self.__retry = value
-
+ # keep only the last matches or reset entirely
+ # Explicit if/else for compatibility with Python 2.4
+ if value:
+ self.__matches = self.__matches[-min(len(self.__matches, value)):]
+ else:
+ self.__matches = []
+
def getRetry(self):
return self.__retry
-
- def inc(self):
+
+ def getMatches(self):
+ return self.__matches
+
+ def inc(self, matches=None):
self.__retry += 1
-
+ self.__matches += matches or []
+
def setLastTime(self, value):
if value > self.__lastTime:
self.__lastTime = value
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/failmanager.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 731 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 731 $"
-__date__ = "$Date: 2009-02-09 23:08:21 +0100 (Mon, 09 Feb 2009) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -88,19 +91,22 @@
self.__lock.acquire()
ip = ticket.getIP()
unixTime = ticket.getTime()
+ matches = ticket.getMatches()
if self.__failList.has_key(ip):
fData = self.__failList[ip]
if fData.getLastReset() < unixTime - self.__maxTime:
fData.setLastReset(unixTime)
fData.setRetry(0)
- fData.inc()
+ fData.inc(matches)
fData.setLastTime(unixTime)
else:
fData = FailData()
- fData.inc()
+ fData.inc(matches)
fData.setLastReset(unixTime)
fData.setLastTime(unixTime)
self.__failList[ip] = fData
+ logSys.debug("Currently have failures from %d IPs: %s"
+ % (len(self.__failList), self.__failList.keys()))
self.__failTotal += 1
finally:
self.__lock.release()
@@ -134,7 +140,7 @@
if data.getRetry() >= self.__maxRetry:
self.__delFailure(ip)
# Create a FailTicket from BanData
- failTicket = FailTicket(ip, data.getLastTime())
+ failTicket = FailTicket(ip, data.getLastTime(), data.getMatches())
failTicket.setAttempt(data.getRetry())
return failTicket
raise FailManagerEmpty
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/failregex.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 728 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 728 $"
-__date__ = "$Date: 2009-02-08 18:31:24 +0100 (Sun, 08 Feb 2009) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/filter.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,18 +15,19 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
-#
-# $Revision: 752 $
+#
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 752 $"
-__date__ = "$Date: 2009-09-01 23:21:30 +0200 (Tue, 01 Sep 2009) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
+from failmanager import FailManagerEmpty
from failmanager import FailManager
from ticket import FailTicket
from jailthread import JailThread
@@ -31,7 +35,7 @@
from mytime import MyTime
from failregex import FailRegex, Regex, RegexException
-import logging, re, os
+import logging, re, os, fcntl, time
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban.filter")
@@ -50,8 +54,8 @@
#
# Initialize the filter object with default values.
# @param jail the jail object
-
- def __init__(self, jail):
+
+ def __init__(self, jail, useDns='warn'):
JailThread.__init__(self)
## The jail which contains this filter.
self.jail = jail
@@ -61,15 +65,20 @@
self.__failRegex = list()
## The regular expression list with expressions to ignore.
self.__ignoreRegex = list()
+ ## Use DNS setting
+ self.setUseDns(useDns)
## The amount of time to look back.
self.__findTime = 6000
## The ignore IP list.
self.__ignoreIpList = []
-
+
self.dateDetector = DateDetector()
self.dateDetector.addDefaultTemplate()
- logSys.debug("Created Filter")
+ logSys.debug("Created %s" % self)
+
+ def __repr__(self):
+ return "%s(%r)" % (self.__class__.__name__, self.jail)
##
# Add a regular expression which matches the failure.
@@ -77,14 +86,14 @@
# The regular expression can also match any other pattern than failures
# and thus can be used for many purporse.
# @param value the regular expression
-
+
def addFailRegex(self, value):
try:
regex = FailRegex(value)
self.__failRegex.append(regex)
except RegexException, e:
logSys.error(e)
-
+
def delFailRegex(self, index):
try:
@@ -92,87 +101,109 @@
except IndexError:
logSys.error("Cannot remove regular expression. Index %d is not "
"valid" % index)
-
+
##
# Get the regular expression which matches the failure.
#
# @return the regular expression
-
+
def getFailRegex(self):
failRegex = list()
for regex in self.__failRegex:
failRegex.append(regex.getRegex())
return failRegex
-
+
##
# Add the regular expression which matches the failure.
#
# The regular expression can also match any other pattern than failures
# and thus can be used for many purporse.
# @param value the regular expression
-
+
def addIgnoreRegex(self, value):
try:
regex = Regex(value)
self.__ignoreRegex.append(regex)
except RegexException, e:
logSys.error(e)
-
+
def delIgnoreRegex(self, index):
try:
del self.__ignoreRegex[index]
except IndexError:
logSys.error("Cannot remove regular expression. Index %d is not "
"valid" % index)
-
+
##
# Get the regular expression which matches the failure.
#
# @return the regular expression
-
+
def getIgnoreRegex(self):
ignoreRegex = list()
for regex in self.__ignoreRegex:
ignoreRegex.append(regex.getRegex())
return ignoreRegex
-
+
+ ##
+ # Set the Use DNS mode
+ # @param value the usedns mode
+
+ def setUseDns(self, value):
+ if isinstance(value, bool):
+ value = {True: 'yes', False: 'no'}[value]
+ value = value.lower() # must be a string by now
+ if not (value in ('yes', 'no', 'warn')):
+ logSys.error("Incorrect value %r specified for usedns. "
+ "Using safe 'no'" % (value,))
+ value = 'no'
+ logSys.debug("Setting usedns = %s for %s" % (value, self))
+ self.__useDns = value
+
+ ##
+ # Get the usedns mode
+ # @return the usedns mode
+
+ def getUseDns(self):
+ return self.__useDns
+
##
# Set the time needed to find a failure.
#
# This value tells the filter how long it has to take failures into
# account.
# @param value the time
-
+
def setFindTime(self, value):
self.__findTime = value
self.failManager.setMaxTime(value)
logSys.info("Set findtime = %s" % value)
-
+
##
# Get the time needed to find a failure.
#
# @return the time
-
+
def getFindTime(self):
return self.__findTime
-
+
##
# Set the maximum retry value.
#
# @param value the retry value
-
+
def setMaxRetry(self, value):
self.failManager.setMaxRetry(value)
logSys.info("Set maxRetry = %s" % value)
-
+
##
# Get the maximum retry value.
#
# @return the retry value
-
+
def getMaxRetry(self):
return self.failManager.getMaxRetry()
-
+
##
# Main loop.
#
@@ -182,36 +213,46 @@
def run(self):
raise Exception("run() is abstract")
-
+
##
# Ban an IP - http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
# Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
#
# to enable banip fail2ban-client BAN command
-
+
def addBannedIP(self, ip):
- unixTime = time.time()
- self.failManager.addFailure(FailTicket(ip, unixTime))
+ unixTime = MyTime.time()
+ for i in xrange(self.failManager.getMaxRetry()):
+ self.failManager.addFailure(FailTicket(ip, unixTime))
+
+ # Perform the banning of the IP now.
+ try:
+ while True:
+ ticket = self.failManager.toBan()
+ self.jail.putFailTicket(ticket)
+ except FailManagerEmpty:
+ self.failManager.cleanup(MyTime.time())
+
return ip
-
+
##
# Add an IP/DNS to the ignore list.
#
# IP addresses in the ignore list are not taken into account
# when finding failures. CIDR mask and DNS are also accepted.
# @param ip IP address to ignore
-
+
def addIgnoreIP(self, ip):
logSys.debug("Add " + ip + " to ignore list")
self.__ignoreIpList.append(ip)
-
+
def delIgnoreIP(self, ip):
logSys.debug("Remove " + ip + " from ignore list")
self.__ignoreIpList.remove(ip)
-
+
def getIgnoreIP(self):
return self.__ignoreIpList
-
+
##
# Check if IP address/DNS is in the ignore list.
#
@@ -219,7 +260,7 @@
# mask in the ignore list.
# @param ip IP address
# @return True if IP address is in ignore list
-
+
def inIgnoreIPList(self, ip):
for i in self.__ignoreIpList:
# An empty string is always false
@@ -243,9 +284,11 @@
if a == b:
return True
return False
-
+
def processLine(self, line):
+ """Split the time portion from log msg and return findFailures on them
+ """
try:
# Decode line to UTF-8
l = line.decode('utf-8')
@@ -265,16 +308,22 @@
return self.findFailure(timeLine, logLine)
def processLineAndAdd(self, line):
+ """Processes the line for failures and populates failManager
+ """
for element in self.processLine(line):
ip = element[0]
unixTime = element[1]
+ logSys.debug("Processing line with time:%s and ip:%s"
+ % (unixTime, ip))
if unixTime < MyTime.time() - self.getFindTime():
+ logSys.debug("Ignore line since time %s < %s - %s"
+ % (unixTime, MyTime.time(), self.getFindTime()))
break
if self.inIgnoreIPList(ip):
logSys.debug("Ignore %s" % ip)
continue
logSys.debug("Found %s" % ip)
- self.failManager.addFailure(FailTicket(ip, unixTime))
+ self.failManager.addFailure(FailTicket(ip, unixTime, [line]))
##
# Returns true if the line should be ignored.
@@ -310,15 +359,15 @@
# The failregex matched.
date = self.dateDetector.getUnixTime(timeLine)
if date == None:
- logSys.debug("Found a match for '" + logLine +"' but no "
- + "valid date/time found for '"
- + timeLine + "'. Please contact the "
- + "author in order to get support for this "
- + "format")
+ logSys.debug("Found a match for %r but no valid date/time "
+ "found for %r. Please file a detailed issue on"
+ " https://github.com/fail2ban/fail2ban/issues "
+ "in order to get support for this format."
+ % (logLine, timeLine))
else:
try:
host = failRegex.getHost()
- ipMatch = DNSUtils.textToIp(host)
+ ipMatch = DNSUtils.textToIp(host, self.__useDns)
if ipMatch:
for ip in ipMatch:
failList.append([ip, date])
@@ -327,7 +376,7 @@
except RegexException, e:
logSys.error(e)
return failList
-
+
##
# Get the status of the filter.
@@ -335,73 +384,91 @@
# Get some informations about the filter state such as the total
# number of failures.
# @return a list with tuple
-
+
def status(self):
- ret = [("Currently failed", self.failManager.size()),
- ("Total failed", self.failManager.getFailTotal())]
+ ret = [("Currently failed", self.failManager.size()),
+ ("Total failed", self.failManager.getFailTotal())]
return ret
class FileFilter(Filter):
-
- def __init__(self, jail):
- Filter.__init__(self, jail)
+
+ def __init__(self, jail, **kwargs):
+ Filter.__init__(self, jail, **kwargs)
## The log file path.
self.__logPath = []
-
+
##
# Add a log file path
#
# @param path log file path
def addLogPath(self, path, tail = False):
- container = FileContainer(path, tail)
- self.__logPath.append(container)
-
+ if self.containsLogPath(path):
+ logSys.error(path + " already exists")
+ else:
+ container = FileContainer(path, tail)
+ self.__logPath.append(container)
+ logSys.info("Added logfile = %s" % path)
+ self._addLogPath(path) # backend specific
+
+ def _addLogPath(self, path):
+ # nothing to do by default
+ # to be overriden by backends
+ pass
+
+
##
# Delete a log path
#
# @param path the log file to delete
-
+
def delLogPath(self, path):
for log in self.__logPath:
if log.getFileName() == path:
self.__logPath.remove(log)
+ logSys.info("Removed logfile = %s" % path)
+ self._delLogPath(path)
return
+ def _delLogPath(self, path):
+ # nothing to do by default
+ # to be overriden by backends
+ pass
+
##
# Get the log file path
#
# @return log file path
-
+
def getLogPath(self):
return self.__logPath
-
+
##
# Check whether path is already monitored.
#
# @param path The path
# @return True if the path is already monitored else False
-
+
def containsLogPath(self, path):
for log in self.__logPath:
if log.getFileName() == path:
return True
return False
-
+
def getFileContainer(self, path):
for log in self.__logPath:
if log.getFileName() == path:
return log
return None
-
+
##
# Gets all the failure in the log file.
#
# Gets all the failure in the log file which are newer than
# MyTime.time()-self.findTime. When a failure is detected, a FailTicket
# is created and is added to the FailManager.
-
+
def getFailures(self, filename):
container = self.getFileContainer(filename)
if container == None:
@@ -414,18 +481,16 @@
logSys.error("Unable to open %s" % filename)
logSys.exception(e)
return False
-
- line = container.readline()
- while not line == "":
- if not self._isActive():
- # The jail has been stopped
+
+ while True:
+ line = container.readline()
+ if (line == "") or not self._isActive():
+ # The jail reached the bottom or has been stopped
break
self.processLineAndAdd(line)
- # Read a new line.
- line = container.readline()
container.close()
return True
-
+
def status(self):
ret = Filter.status(self)
path = [m.getFileName() for m in self.getLogPath()]
@@ -439,10 +504,17 @@
# In order to detect log rotation, the hash (MD5) of the first line of the file
# is computed and compared to the previous hash of this line.
-import md5
+try:
+ import hashlib
+ md5sum = hashlib.md5
+except ImportError:
+ # hashlib was introduced in Python 2.5. For compatibility with those
+ # elderly Pythons, import from md5
+ import md5
+ md5sum = md5.new
class FileContainer:
-
+
def __init__(self, filename, tail = False):
self.__filename = filename
self.__tail = tail
@@ -454,7 +526,7 @@
try:
firstLine = handler.readline()
# Computes the MD5 of the first line.
- self.__hash = md5.new(firstLine).digest()
+ self.__hash = md5sum(firstLine).digest()
# Start at the beginning of file if tail mode is off.
if tail:
handler.seek(0, 2)
@@ -463,15 +535,18 @@
self.__pos = 0
finally:
handler.close()
-
+
def getFileName(self):
return self.__filename
-
+
def open(self):
self.__handler = open(self.__filename)
+ # Set the file descriptor to be FD_CLOEXEC
+ fd = self.__handler.fileno()
+ fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)
firstLine = self.__handler.readline()
# Computes the MD5 of the first line.
- myHash = md5.new(firstLine).digest()
+ myHash = md5sum(firstLine).digest()
stats = os.fstat(self.__handler.fileno())
# Compare hash and inode
if self.__hash != myHash or self.__ino != stats.st_ino:
@@ -481,12 +556,12 @@
self.__pos = 0
# Sets the file pointer to the last position.
self.__handler.seek(self.__pos)
-
+
def readline(self):
if self.__handler == None:
return ""
return self.__handler.readline()
-
+
def close(self):
if not self.__handler == None:
# Saves the last position.
@@ -506,9 +581,9 @@
import socket, struct
class DNSUtils:
-
+
IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$")
-
+
#@staticmethod
def dnsToIp(dns):
""" Convert a DNS into an IP address using the Python socket module.
@@ -521,7 +596,7 @@
% dns)
return list()
dnsToIp = staticmethod(dnsToIp)
-
+
#@staticmethod
def searchIP(text):
""" Search if an IP address if directly available and return
@@ -533,7 +608,7 @@
else:
return None
searchIP = staticmethod(searchIP)
-
+
#@staticmethod
def isValidIP(string):
""" Return true if str is a valid IP
@@ -545,26 +620,31 @@
except socket.error:
return False
isValidIP = staticmethod(isValidIP)
-
+
#@staticmethod
- def textToIp(text):
+ def textToIp(text, useDns):
""" Return the IP of DNS found in a given text.
"""
ipList = list()
# Search for plain IP
plainIP = DNSUtils.searchIP(text)
- if not plainIP == None:
+ if not plainIP is None:
plainIPStr = plainIP.group(0)
if DNSUtils.isValidIP(plainIPStr):
ipList.append(plainIPStr)
- if not ipList:
+
+ # If we are allowed to resolve -- give it a try if nothing was found
+ if useDns in ("yes", "warn") and not ipList:
# Try to get IP from possible DNS
ip = DNSUtils.dnsToIp(text)
- for e in ip:
- ipList.append(e)
+ ipList.extend(ip)
+ if ip and useDns == "warn":
+ logSys.warning("Determined IP using DNS Reverse Lookup: %s = %s",
+ text, ipList)
+
return ipList
textToIp = staticmethod(textToIp)
-
+
#@staticmethod
def cidr(i, n):
""" Convert an IP address string with a CIDR mask into a 32-bit
@@ -574,14 +654,14 @@
MASK = 0xFFFFFFFFL
return ~(MASK >> n) & MASK & DNSUtils.addr2bin(i)
cidr = staticmethod(cidr)
-
+
#@staticmethod
def addr2bin(string):
""" Convert a string IPv4 address into an unsigned integer.
"""
return struct.unpack("!L", socket.inet_aton(string))[0]
addr2bin = staticmethod(addr2bin)
-
+
#@staticmethod
def bin2addr(addr):
""" Convert a numeric IPv4 address into string n.n.n.n form.
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/filtergamin.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,16 +15,12 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Author: Cyril Jaquier, Yaroslav Halchenko
-# Author: Cyril Jaquier
-#
-# $Revision: 696 $
-
-__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 696 $"
-__date__ = "$Date: 2008-05-19 23:05:32 +0200 (Mon, 19 May 2008) $"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__author__ = "Cyril Jaquier, Yaroslav Halchenko"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2012 Yaroslav Halchenko"
__license__ = "GPL"
from failmanager import FailManagerEmpty
@@ -47,7 +46,7 @@
#
# Initialize the filter object with default values.
# @param jail the jail object
-
+
def __init__(self, jail):
FileFilter.__init__(self, jail)
self.__modified = False
@@ -60,36 +59,43 @@
logSys.debug("Got event: " + `event` + " for " + path)
if event in (gamin.GAMCreated, gamin.GAMChanged, gamin.GAMExists):
logSys.debug("File changed: " + path)
- self.getFailures(path)
self.__modified = True
+ self._process_file(path)
+
+
+ def _process_file(self, path):
+ """Process a given file
+
+ TODO -- RF:
+ this is a common logic and must be shared/provided by FileFilter
+ """
+ self.getFailures(path)
+ try:
+ while True:
+ ticket = self.failManager.toBan()
+ self.jail.putFailTicket(ticket)
+ except FailManagerEmpty:
+ self.failManager.cleanup(MyTime.time())
+ self.dateDetector.sortTemplate()
+ self.__modified = False
##
# Add a log file path
#
# @param path log file path
- def addLogPath(self, path, tail = False):
- if self.containsLogPath(path):
- logSys.error(path + " already exists")
- else:
- self.monitor.watch_file(path, self.callback)
- FileFilter.addLogPath(self, path, tail)
- logSys.info("Added logfile = %s" % path)
-
+ def _addLogPath(self, path):
+ self.monitor.watch_file(path, self.callback)
+
##
# Delete a log path
#
# @param path the log file to delete
-
- def delLogPath(self, path):
- if not self.containsLogPath(path):
- logSys.error(path + " is not monitored")
- else:
- self.monitor.stop_watch(path)
- FileFilter.delLogPath(self, path)
- logSys.info("Removed logfile = %s" % path)
-
+
+ def _delLogPath(self, path):
+ self.monitor.stop_watch(path)
+
##
# Main loop.
#
@@ -99,30 +105,22 @@
def run(self):
self.setActive(True)
+ # Gamin needs a loop to collect and dispatch events
while self._isActive():
if not self.getIdle():
# We cannot block here because we want to be able to
# exit.
if self.monitor.event_pending():
self.monitor.handle_events()
-
- if self.__modified:
- try:
- while True:
- ticket = self.failManager.toBan()
- self.jail.putFailTicket(ticket)
- except FailManagerEmpty:
- self.failManager.cleanup(MyTime.time())
- self.dateDetector.sortTemplate()
- self.__modified = False
- time.sleep(self.getSleepTime())
- else:
- time.sleep(self.getSleepTime())
- # Cleanup Gamin
- self.__cleanup()
+ time.sleep(self.getSleepTime())
logSys.debug(self.jail.getName() + ": filter terminated")
return True
+
+ def stop(self):
+ super(FilterGamin, self).stop()
+ self.__cleanup()
+
##
# Desallocates the resources used by Gamin.
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/filterpoll.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,16 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Author: Cyril Jaquier, Yaroslav Halchenko
+#
-# Author: Cyril Jaquier
-#
-# $Revision: 696 $
-
-__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 696 $"
-__date__ = "$Date: 2008-05-19 23:05:32 +0200 (Mon, 19 May 2008) $"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__author__ = "Cyril Jaquier, Yaroslav Halchenko"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier; 2012 Yaroslav Halchenko"
__license__ = "GPL"
from failmanager import FailManagerEmpty
@@ -47,7 +49,7 @@
#
# Initialize the filter object with default values.
# @param jail the jail object
-
+
def __init__(self, jail):
FileFilter.__init__(self, jail)
self.__modified = False
@@ -61,29 +63,19 @@
#
# @param path log file path
- def addLogPath(self, path, tail = False):
- if self.containsLogPath(path):
- logSys.error(path + " already exists")
- else:
- self.__lastModTime[path] = 0
- self.__file404Cnt[path] = 0
- FileFilter.addLogPath(self, path, tail)
- logSys.info("Added logfile = %s" % path)
-
+ def _addLogPath(self, path):
+ self.__lastModTime[path] = 0
+ self.__file404Cnt[path] = 0
+
##
# Delete a log path
#
# @param path the log file to delete
-
- def delLogPath(self, path):
- if not self.containsLogPath(path):
- logSys.error(path + " is not monitored")
- else:
- del self.__lastModTime[path]
- del self.__file404Cnt[path]
- FileFilter.delLogPath(self, path)
- logSys.info("Removed logfile = %s" % path)
-
+
+ def _delLogPath(self, path):
+ del self.__lastModTime[path]
+ del self.__file404Cnt[path]
+
##
# Main loop.
#
@@ -97,8 +89,9 @@
if not self.getIdle():
# Get file modification
for container in self.getLogPath():
- if self.isModified(container.getFileName()):
- self.getFailures(container.getFileName())
+ filename = container.getFileName()
+ if self.isModified(filename):
+ self.getFailures(filename)
self.__modified = True
if self.__modified:
@@ -113,7 +106,8 @@
time.sleep(self.getSleepTime())
else:
time.sleep(self.getSleepTime())
- logSys.debug(self.jail.getName() + ": filter terminated")
+ logSys.debug((self.jail and self.jail.getName() or "jailless") +
+ " filter terminated")
return True
##
@@ -121,7 +115,7 @@
#
# Checks if the log file has been modified using os.stat().
# @return True if log file has been modified
-
+
def isModified(self, filename):
try:
logStats = os.stat(filename)
@@ -132,11 +126,15 @@
logSys.debug(filename + " has been modified")
self.__lastModTime[filename] = logStats.st_mtime
return True
- except OSError:
- logSys.error("Unable to get stat on " + filename)
- self.__file404Cnt[filename] = self.__file404Cnt[filename] + 1
+ except OSError, e:
+ logSys.error("Unable to get stat on %s because of: %s"
+ % (filename, e))
+ self.__file404Cnt[filename] += 1
if self.__file404Cnt[filename] > 2:
- logSys.warn("Too much read error. Set the jail idle")
- self.jail.setIdle(True)
+ logSys.warn("Too many errors. Setting the jail idle")
+ if self.jail:
+ self.jail.setIdle(True)
+ else:
+ logSys.warn("No jail is assigned to %s" % self)
self.__file404Cnt[filename] = 0
return False
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/server/filterpyinotify.py
^
|
| @@ -0,0 +1,201 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Original author: Cyril Jaquier
+
+__author__ = "Cyril Jaquier, Lee Clemens, Yaroslav Halchenko"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2012 Lee Clemens, 2012 Yaroslav Halchenko"
+__license__ = "GPL"
+
+from distutils.version import LooseVersion
+
+from failmanager import FailManagerEmpty
+from filter import FileFilter
+from mytime import MyTime
+
+import time, logging, pyinotify
+
+if not hasattr(pyinotify, '__version__') \
+ or LooseVersion(pyinotify.__version__) < '0.8.3':
+ raise ImportError("Fail2Ban requires pyinotify >= 0.8.3")
+
+from os.path import dirname, sep as pathsep
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.filter")
+
+##
+# Log reader class.
+#
+# This class reads a log file and detects login failures or anything else
+# that matches a given regular expression. This class is instantiated by
+# a Jail object.
+
+class FilterPyinotify(FileFilter):
+ ##
+ # Constructor.
+ #
+ # Initialize the filter object with default values.
+ # @param jail the jail object
+
+ def __init__(self, jail):
+ FileFilter.__init__(self, jail)
+ self.__modified = False
+ # Pyinotify watch manager
+ self.__monitor = pyinotify.WatchManager()
+ self.__watches = dict()
+ logSys.debug("Created FilterPyinotify")
+
+
+ def callback(self, event):
+ path = event.pathname
+ if event.mask == pyinotify.IN_CREATE:
+ # check if that is a file we care about
+ if not path in self.__watches:
+ logSys.debug("Ignoring creation of %s we do not monitor" % path)
+ return
+ else:
+ # we need to substitute the watcher with a new one, so first
+ # remove old one
+ self._delFileWatcher(path)
+ # place a new one
+ self._addFileWatcher(path)
+
+ self._process_file(path)
+
+
+ def _process_file(self, path):
+ """Process a given file
+
+ TODO -- RF:
+ this is a common logic and must be shared/provided by FileFilter
+ """
+ self.getFailures(path)
+ try:
+ while True:
+ ticket = self.failManager.toBan()
+ self.jail.putFailTicket(ticket)
+ except FailManagerEmpty:
+ self.failManager.cleanup(MyTime.time())
+ self.dateDetector.sortTemplate()
+ self.__modified = False
+
+
+ def _addFileWatcher(self, path):
+ wd = self.__monitor.add_watch(path, pyinotify.IN_MODIFY)
+ self.__watches.update(wd)
+ logSys.debug("Added file watcher for %s" % path)
+ # process the file since we did get even
+ self._process_file(path)
+
+
+ def _delFileWatcher(self, path):
+ wdInt = self.__watches[path]
+ wd = self.__monitor.rm_watch(wdInt)
+ if wd[wdInt]:
+ del self.__watches[path]
+ logSys.debug("Removed file watcher for %s" % path)
+ return True
+ else:
+ return False
+
+ ##
+ # Add a log file path
+ #
+ # @param path log file path
+
+ def _addLogPath(self, path):
+ path_dir = dirname(path)
+ if not (path_dir in self.__watches):
+ # we need to watch also the directory for IN_CREATE
+ self.__watches.update(
+ self.__monitor.add_watch(path_dir, pyinotify.IN_CREATE))
+ logSys.debug("Added monitor for the parent directory %s" % path_dir)
+
+ self._addFileWatcher(path)
+
+
+ ##
+ # Delete a log path
+ #
+ # @param path the log file to delete
+
+ def _delLogPath(self, path):
+ if not self._delFileWatcher(path):
+ logSys.error("Failed to remove watch on path: %s", path)
+
+ path_dir = dirname(path)
+ if not len([k for k in self.__watches
+ if k.startswith(path_dir + pathsep)]):
+ # Remove watches for the directory
+ # since there is no other monitored file under this directory
+ wdInt = self.__watches.pop(path_dir)
+ _ = self.__monitor.rm_watch(wdInt)
+ logSys.debug("Removed monitor for the parent directory %s" % path_dir)
+
+
+ ##
+ # Main loop.
+ #
+ # Since all detection is offloaded to pyinotifier -- no manual
+ # loop is necessary
+
+ def run(self):
+ self.setActive(True)
+ self.__notifier = pyinotify.ThreadedNotifier(self.__monitor,
+ ProcessPyinotify(self))
+ self.__notifier.start()
+ logSys.debug("pyinotifier started for %s." % self.jail.getName())
+ # TODO: verify that there is nothing really to be done for
+ # idle jails
+ return True
+
+ ##
+ # Call super.stop() and then stop the 'Notifier'
+
+ def stop(self):
+ super(FilterPyinotify, self).stop()
+
+ # Stop the notifier thread
+ self.__notifier.stop()
+ self.__notifier.join() # to not exit before notifier does
+ self.__cleanup() # for pedantic ones
+
+ ##
+ # Deallocates the resources used by pyinotify.
+
+ def __cleanup(self):
+ self.__notifier = None
+ self.__monitor = None
+
+
+class ProcessPyinotify(pyinotify.ProcessEvent):
+ def __init__(self, FileFilter, **kargs):
+ #super(ProcessPyinotify, self).__init__(**kargs)
+ # for some reason root class _ProcessEvent is old-style (is
+ # not derived from object), so to play safe let's avoid super
+ # for now, and call superclass directly
+ pyinotify.ProcessEvent.__init__(self, **kargs)
+ self.__FileFilter = FileFilter
+ pass
+
+ # just need default, since using mask on watch to limit events
+ def process_default(self, event):
+ logSys.debug("Callback for Event: %s" % event)
+ self.__FileFilter.callback(event)
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/iso8601.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: nil -*-
+# vi: set ft=python sts=4 ts=4 sw=4 et:
+
# Copyright (c) 2007 Michael Twomey
#
# Permission is hereby granted, free of charge, to any person obtaining a
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/jail.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,16 +15,12 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
-#
-# $Revision: 696 $
-__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 696 $"
-__date__ = "$Date: 2008-05-19 23:05:32 +0200 (Mon, 19 May 2008) $"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__author__ = "Cyril Jaquier, Lee Clemens, Yaroslav Halchenko"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2012 Lee Clemens, 2012 Yaroslav Halchenko"
__license__ = "GPL"
import Queue, logging
@@ -32,33 +31,76 @@
logSys = logging.getLogger("fail2ban.jail")
class Jail:
-
+
+ #Known backends. Each backend should have corresponding __initBackend method
+ # yoh: stored in a list instead of a tuple since only
+ # list had .index until 2.6
+ _BACKENDS = ['pyinotify', 'gamin', 'polling']
+
def __init__(self, name, backend = "auto"):
self.__name = name
self.__queue = Queue.Queue()
self.__filter = None
logSys.info("Creating new jail '%s'" % self.__name)
- if backend == "polling":
- self.__initPoller()
- else:
+ self._setBackend(backend)
+
+ def __repr__(self):
+ return "%s(%r)" % (self.__class__.__name__, self.__name)
+
+ def _setBackend(self, backend):
+ backend = backend.lower() # to assure consistent matching
+
+ backends = self._BACKENDS
+ if backend != 'auto':
+ # we have got strict specification of the backend to use
+ if not (backend in self._BACKENDS):
+ logSys.error("Unknown backend %s. Must be among %s or 'auto'"
+ % (backend, backends))
+ raise ValueError("Unknown backend %s. Must be among %s or 'auto'"
+ % (backend, backends))
+ # so explore starting from it till the 'end'
+ backends = backends[backends.index(backend):]
+
+ for b in backends:
+ initmethod = getattr(self, '_init%s' % b.capitalize())
try:
- self.__initGamin()
- except ImportError:
- self.__initPoller()
- self.__action = Actions(self)
-
- def __initPoller(self):
+ initmethod()
+ if backend != 'auto' and b != backend:
+ logSys.warning("Could only initiated %r backend whenever "
+ "%r was requested" % (b, backend))
+ else:
+ logSys.info("Initiated %r backend" % b)
+ self.__action = Actions(self)
+ return # we are done
+ except ImportError, e:
+ logSys.debug(
+ "Backend %r failed to initialize due to %s" % (b, e))
+ # log error since runtime error message isn't printed, INVALID COMMAND
+ logSys.error(
+ "Failed to initialize any backend for Jail %r" % self.__name)
+ raise RuntimeError(
+ "Failed to initialize any backend for Jail %r" % self.__name)
+
+
+ def _initPolling(self):
logSys.info("Jail '%s' uses poller" % self.__name)
from filterpoll import FilterPoll
self.__filter = FilterPoll(self)
- def __initGamin(self):
+ def _initGamin(self):
# Try to import gamin
import gamin
logSys.info("Jail '%s' uses Gamin" % self.__name)
from filtergamin import FilterGamin
self.__filter = FilterGamin(self)
+ def _initPyinotify(self):
+ # Try to import pyinotify
+ import pyinotify
+ logSys.info("Jail '%s' uses pyinotify" % self.__name)
+ from filterpyinotify import FilterPyinotify
+ self.__filter = FilterPyinotify(self)
+
def setName(self, name):
self.__name = name
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/jails.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 504 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 504 $"
-__date__ = "$Date: 2006-12-23 17:37:17 +0100 (Sat, 23 Dec 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/jailthread.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 567 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 567 $"
-__date__ = "$Date: 2007-03-26 23:17:31 +0200 (Mon, 26 Mar 2007) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/mytime.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 635 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 635 $"
-__date__ = "$Date: 2007-12-16 22:38:04 +0100 (Sun, 16 Dec 2007) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -76,4 +79,10 @@
else:
return time.gmtime(MyTime.myTime)
gmtime = staticmethod(gmtime)
-
\ No newline at end of file
+
+ def localtime(x=None):
+ if MyTime.myTime == None or x is not None:
+ return time.localtime(x)
+ else:
+ return time.localtime(MyTime.myTime)
+ localtime = staticmethod(localtime)
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/server.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 748 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 748 $"
-__date__ = "$Date: 2009-08-31 16:14:02 +0200 (Mon, 31 Aug 2009) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -104,9 +107,15 @@
self.__loggingLock.release()
def quit(self):
- self.stopAllJail()
- # Stop communication
+ # Stop communication first because if jail's unban action
+ # tries to communicate via fail2ban-client we get a lockup
+ # among threads. So the simplest resolution is to stop all
+ # communications first (which should be ok anyways since we
+ # are exiting)
+ # See https://github.com/fail2ban/fail2ban/issues/7
self.__asyncServer.stop()
+ # Now stop all the jails
+ self.stopAllJail()
def addJail(self, name, backend):
self.__jails.add(name, backend)
@@ -123,6 +132,7 @@
self.__lock.release()
def stopJail(self, name):
+ logSys.debug("Stopping jail %s" % name)
try:
self.__lock.acquire()
if self.isAlive(name):
@@ -132,6 +142,7 @@
self.__lock.release()
def stopAllJail(self):
+ logSys.info("Stopping all jails")
try:
self.__lock.acquire()
for jail in self.__jails.getAll():
@@ -160,7 +171,7 @@
return self.__jails.getFilter(name).getIgnoreIP()
def addLogPath(self, name, fileName):
- self.__jails.getFilter(name).addLogPath(fileName, True)
+ self.__jails.getFilter(name).addLogPath(fileName)
def delLogPath(self, name, fileName):
self.__jails.getFilter(name).delLogPath(fileName)
@@ -193,6 +204,12 @@
def getIgnoreRegex(self, name):
return self.__jails.getFilter(name).getIgnoreRegex()
+ def setUseDns(self, name, value):
+ self.__jails.getFilter(name).setUseDns(value)
+
+ def getUseDns(self, name):
+ return self.__jails.getFilter(name).getUseDns()
+
def setMaxRetry(self, name, value):
self.__jails.getFilter(name).setMaxRetry(value)
@@ -224,6 +241,9 @@
def setBanIP(self, name, value):
return self.__jails.getFilter(name).addBannedIP(value)
+ def setUnbanIP(self, name, value):
+ return self.__jails.getAction(name).removeBannedIP(value)
+
def getBanTime(self, name):
return self.__jails.getAction(name).getBanTime()
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/ticket.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 638 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 638 $"
-__date__ = "$Date: 2007-12-17 21:00:36 +0100 (Mon, 17 Dec 2007) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -31,13 +34,29 @@
class Ticket:
- def __init__(self, ip, time):
- self.__ip = ip
+ def __init__(self, ip, time, matches=None):
+ """Ticket constructor
+
+ @param ip the IP address
+ @param time the ban time
+ @param matches (log) lines caused the ticket
+ """
+
+ self.setIP(ip)
self.__time = time
self.__attempt = 0
self.__file = None
+ self.__matches = matches or []
+
+ def __str__(self):
+ return "%s: ip=%s time=%s #attempts=%d" % \
+ (self.__class__, self.__ip, self.__time, self.__attempt)
+
def setIP(self, value):
+ if isinstance(value, basestring):
+ # guarantee using regular str instead of unicode for the IP
+ value = str(value)
self.__ip = value
def getIP(self):
@@ -61,11 +80,12 @@
def getAttempt(self):
return self.__attempt
+ def getMatches(self):
+ return self.__matches
+
class FailTicket(Ticket):
-
- def __init__(self, ip, time):
- Ticket.__init__(self, ip, time)
+ pass
##
@@ -74,14 +94,4 @@
# This class extends the Ticket class. It is mainly used by the BanManager.
class BanTicket(Ticket):
-
- ##
- # Constructor.
- #
- # Call the Ticket (parent) constructor and initialize default
- # values.
- # @param ip the IP address
- # @param time the ban time
-
- def __init__(self, ip, time):
- Ticket.__init__(self, ip, time)
+ pass
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/server/transmitter.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 745 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 745 $"
-__date__ = "$Date: 2009-08-30 20:26:15 +0200 (Sun, 30 Aug 2009) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -52,7 +55,8 @@
ret = self.__commandHandler(command)
ack = 0, ret
except Exception, e:
- logSys.warn("Invalid command: " + `command`)
+ logSys.warn("Command %r has failed. Received %r"
+ % (command, e))
ack = 1, e
return ack
@@ -151,6 +155,10 @@
value = int(command[2])
self.__server.delIgnoreRegex(name, value)
return self.__server.getIgnoreRegex(name)
+ elif command[1] == "usedns":
+ value = command[2]
+ self.__server.setUseDns(name, value)
+ return self.__server.getUseDns(name)
elif command[1] == "findtime":
value = command[2]
self.__server.setFindTime(name, int(value))
@@ -167,6 +175,9 @@
elif command[1] == "banip":
value = command[2]
return self.__server.setBanIP(name,value)
+ elif command[1] == "unbanip":
+ value = command[2]
+ return self.__server.setUnbanIP(name,value)
elif command[1] == "addaction":
value = command[2]
self.__server.addAction(name, value)
@@ -228,6 +239,8 @@
return self.__server.getFailRegex(name)
elif command[1] == "ignoreregex":
return self.__server.getIgnoreRegex(name)
+ elif command[1] == "usedns":
+ return self.__server.getUseDns(name)
elif command[1] == "findtime":
return self.__server.getFindTime(name)
elif command[1] == "maxretry":
@@ -261,4 +274,4 @@
name = command[0]
return self.__server.statusJail(name)
raise Exception("Invalid command (no status)")
-
\ No newline at end of file
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/setup.py
^
|
| @@ -1,4 +1,6 @@
#!/usr/bin/python
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
# This file is part of Fail2Ban.
#
@@ -14,15 +16,9 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-# Author: Cyril Jaquier
-#
-# $Revision: 678 $
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 678 $"
-__date__ = "$Date: 2008-03-10 23:34:46 +0100 (Mon, 10 Mar 2008) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/testcases/__init__.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,14 +15,14 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 253 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 253 $"
-__date__ = "$Date: 2006-07-17 00:21:58 +0200 (Mon, 17 Jul 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
-__license__ = "GPL"
\ No newline at end of file
+__license__ = "GPL"
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/testcases/actiontestcase.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,20 +15,22 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 504 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 504 $"
-__date__ = "$Date: 2006-12-23 17:37:17 +0100 (Sat, 23 Dec 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
import unittest, time
+import logging, sys
from server.action import Action
+from StringIO import StringIO
class ExecuteAction(unittest.TestCase):
@@ -33,15 +38,43 @@
"""Call before every test case."""
self.__action = Action("Test")
+ # For extended testing of what gets output into logging
+ # system, we will redirect it to a string
+ logSys = logging.getLogger("fail2ban")
+
+ # Keep old settings
+ self._old_level = logSys.level
+ self._old_handlers = logSys.handlers
+ # Let's log everything into a string
+ self._log = StringIO()
+ logSys.handlers = [logging.StreamHandler(self._log)]
+ logSys.setLevel(getattr(logging, 'DEBUG'))
+
def tearDown(self):
"""Call after every test case."""
+ # print "O: >>%s<<" % self._log.getvalue()
+ logSys = logging.getLogger("fail2ban")
+ logSys.handlers = self._old_handlers
+ logSys.level = self._old_level
self.__action.execActionStop()
-
+
+ def _is_logged(self, s):
+ return s in self._log.getvalue()
+
def testExecuteActionBan(self):
self.__action.setActionStart("touch /tmp/fail2ban.test")
self.__action.setActionStop("rm -f /tmp/fail2ban.test")
self.__action.setActionBan("echo -n")
self.__action.setActionCheck("[ -e /tmp/fail2ban.test ]")
-
+
+ self.assertFalse(self._is_logged('returned'))
+ # no action was actually executed yet
+
self.assertTrue(self.__action.execActionBan(None))
-
\ No newline at end of file
+ self.assertTrue(self._is_logged('Invariant check failed'))
+ self.assertTrue(self._is_logged('returned successfully'))
+
+
+ def testExecuteIncorrectCmd(self):
+ Action.executeCmd('/bin/ls >/dev/null\nbogusXXX now 2>/dev/null')
+ self.assertTrue(self._is_logged('HINT on 7f00: "Command not found"'))
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/testcases/banmanagertestcase.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 638 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 638 $"
-__date__ = "$Date: 2007-12-17 21:00:36 +0100 (Mon, 17 Dec 2007) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -53,4 +56,4 @@
def _testInListNOK(self):
ticket = BanTicket('111.111.1.111', 1167605999.0)
self.assertFalse(self.__banManager.inBanList(ticket))
-
\ No newline at end of file
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/testcases/clientreadertestcase.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 504 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 504 $"
-__date__ = "$Date: 2006-12-23 17:37:17 +0100 (Sat, 23 Dec 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -40,4 +43,4 @@
expected = ['mail-whois', {'name': 'SSH'}]
result = JailReader.splitAction(action)
self.assertEquals(expected, result)
-
\ No newline at end of file
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/testcases/datedetectortestcase.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 650 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 650 $"
-__date__ = "$Date: 2008-02-02 21:07:06 +0100 (Sat, 02 Feb 2008) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -54,6 +57,27 @@
self.assertEqual(self.__datedetector.getTime(log), date)
self.assertEqual(self.__datedetector.getUnixTime(log), dateUnix)
+ def testVariousTimes(self):
+ """Test detection of various common date/time formats f2b should understand
+ """
+ date = [2005, 1, 23, 21, 59, 59, 1, 23, -1]
+ dateUnix = 1106513999.0
+
+ for sdate in (
+ "Jan 23 21:59:59",
+ "2005.01.23 21:59:59",
+ "23/01/2005 21:59:59",
+ "01-23-2005 21:59:59.252", # reported on f2b, causes Feb29 fix to break
+ ):
+ log = sdate + "[sshd] error: PAM: Authentication failure"
+ # exclude
+
+ # TODO (Yarik is confused): figure out why for above it is
+ # "1" as day of the week which would be Tue, although it
+ # was Sun
+ self.assertEqual(self.__datedetector.getTime(log)[:6], date[:6])
+ self.assertEqual(self.__datedetector.getUnixTime(log), dateUnix)
+
# def testDefaultTempate(self):
# self.__datedetector.setDefaultRegex("^\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
# self.__datedetector.setDefaultPattern("%b %d %H:%M:%S")
@@ -64,4 +88,4 @@
#
# self.assertEqual(self.__datedetector.getTime(log), date)
# self.assertEqual(self.__datedetector.getUnixTime(log), dateUnix)
-
\ No newline at end of file
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/testcases/failmanagertestcase.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 731 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 731 $"
-__date__ = "$Date: 2009-02-09 23:08:21 +0100 (Mon, 09 Feb 2009) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -32,11 +35,11 @@
def setUp(self):
"""Call before every test case."""
- self.__items = [['193.168.0.128', 1167605999.0],
- ['193.168.0.128', 1167605999.0],
- ['193.168.0.128', 1167605999.0],
- ['193.168.0.128', 1167605999.0],
- ['193.168.0.128', 1167605999.0],
+ self.__items = [[u'193.168.0.128', 1167605999.0],
+ [u'193.168.0.128', 1167605999.0],
+ [u'193.168.0.128', 1167605999.0],
+ [u'193.168.0.128', 1167605999.0],
+ [u'193.168.0.128', 1167605999.0],
['87.142.124.10', 1167605999.0],
['87.142.124.10', 1167605999.0],
['87.142.124.10', 1167605999.0],
@@ -77,6 +80,7 @@
#ticket = FailTicket('193.168.0.128', None)
ticket = self.__failManager.toBan()
self.assertEqual(ticket.getIP(), "193.168.0.128")
+ self.assertTrue(isinstance(ticket.getIP(), str))
def testbanNOK(self):
self.__failManager.setMaxRetry(10)
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs
^
|
| +(directory)
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/apache-overflows
^
|
| @@ -0,0 +1,2 @@
+[Tue Mar 16 15:39:29 2010] [error] [client 58.179.109.179] Invalid URI in request \xf9h\xa9\xf3\x88\x8cXKj \xbf-l*4\x87n\xe4\xfe\xd4\x1d\x06\x8c\xf8m\\rS\xf6n\xeb\x8
+[Mon Mar 15 15:44:47 2010] [error] [client 121.222.2.133] Invalid URI in request n\xed*\xbe*\xab\xefd\x80\xb5\xae\xf6\x01\x10M?\xf2\xce\x13\x9c\xd7\xa0N\xa7\xdb%0\xde\xe0\xfc\xd2\xa0\xfe\xe9w\xee\xc4`v\x9b[{\x0c:\xcb\x93\xc6\xa0\x93\x9c`l\\\x8d\xc9
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/asterisk
^
|
| @@ -0,0 +1,11 @@
+# Sample log files for asterisk
+[2012-02-13 17:21:54] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - Wrong password
+[2012-02-13 17:18:22] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - No matching peer found
+[2012-02-13 17:21:21] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - Username/auth name mismatch
+[2012-02-13 17:32:01] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - Device does not match ACL
+[2012-02-13 17:34:10] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - Peer is not supposed to register
+[2012-02-13 17:36:23] NOTICE[1638] chan_sip.c: Registration from '<sip:301@asclepios.eyepea.be>' failed for '1.2.3.4' - ACL error (permit/deny)
+[2012-02-13 17:53:59] NOTICE[1638] chan_iax2.c: Host 1.2.3.4 failed to authenticate as 'Fail2ban'
+[2012-02-13 17:39:20] NOTICE[1638] chan_iax2.c: No registration for peer 'Fail2ban' (from 1.2.3.4)
+[2012-02-13 17:44:26] NOTICE[1638] chan_iax2.c: Host 1.2.3.4 failed MD5 authentication for 'Fail2ban' (e7df7cd2ca07f4f1ab415d457a6e1c13 != 53ac4bc41ee4ec77888ed4aa50677247)
+[2012-02-13 17:37:07] NOTICE[1638] chan_sip.c: Failed to authenticate user "Fail2ban" <sip:301@1.2.3.4>;tag=1r698745234
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/dovecot
^
|
| @@ -0,0 +1 @@
+@400000004c91b044077a9e94 imap-login: Info: Aborted login (auth failed, 1 attempts): user=<martin@waschbuesch.de>, method=CRAM-MD5, rip=80.187.101.33, lip=80.254.129.240, TLS
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/lighttpd
^
|
| @@ -0,0 +1,3 @@
+#authentification failure (mod_auth)
+2011-12-25 17:09:20: (http_auth.c.875) password doesn't match for /gitweb/ username: francois, IP: 4.4.4.4
+2012-09-26 10:24:35: (http_auth.c.1136) digest: auth failed for xxx : wrong password, IP: 4.4.4.4
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/named-refused
^
|
| @@ -0,0 +1,5 @@
+Jul 24 14:16:55 raid5 named[3935]: client 194.145.196.18#4795: query 'ricreig.com/NS/IN' denied
+Jul 24 14:16:56 raid5 named[3935]: client 62.123.164.113#32768: query 'ricreig.com/NS/IN' denied
+Jul 24 14:17:13 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'geo-mueller.de/NS/IN' denied
+Jul 24 14:20:25 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'shivaree.de/NS/IN' denied
+Jul 24 14:23:36 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'mietberatung.de/NS/IN' denied
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/pam-generic
^
|
| @@ -0,0 +1,7 @@
+Feb 7 15:10:42 example pure-ftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=sample-user rhost=192.168.1.1
+May 12 09:47:54 vaio sshd[16004]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com user=root
+May 12 09:48:03 vaio sshd[16021]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com
+May 15 18:02:12 localhost proftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=66.232.129.62 user=mark
+Nov 25 17:12:13 webmail pop(pam_unix)[4920]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.10.3 user=mailuser
+Jul 19 18:11:26 srv2 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com
+Jul 19 18:11:26 srv2 vsftpd: pam_unix: authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/proftpd
^
|
| @@ -0,0 +1,5 @@
+Jan 10 00:00:00 myhost proftpd[12345] myhost.domain.com (123.123.123.123[123.123.123.123]): USER username (Login failed): User in /etc/ftpusers
+Feb 1 00:00:00 myhost proftpd[12345] myhost.domain.com (123.123.123.123[123.123.123.123]): USER username: no such user found from 123.123.123.123 [123.123.123.123] to 234.234.234.234:21
+
+
+
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/pure-ftpd
^
|
| @@ -0,0 +1,2 @@
+Jan 31 16:54:07 desktop pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator]
+Nov 5 18:54:02 pure-ftpd: (?@server202181210195.ixlink.net) [WARNING] Authentication failed for user [Administrator]
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/sasl
^
|
| @@ -0,0 +1,5 @@
+#1 Example from postfix from dbts #507990
+Dec 2 22:24:22 hel postfix/smtpd[7676]: warning: 114-44-142-233.dynamic.hinet.net[114.44.142.233]: SASL CRAM-MD5 authentication failed: PDc3OTEwNTkyNTEyMzA2NDIuMTIyODI1MzA2MUBoZWw+
+#2 Example from postfix from dbts #573314
+Mar 10 13:33:30 gandalf postfix/smtpd[3937]: warning: HOSTNAME[1.1.1.1]: SASL LOGIN authentication failed: authentication failure
+
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/sshd
^
|
| @@ -0,0 +1,33 @@
+#1
+Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6
+May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from www.onerussian.com
+
+#2
+Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.69 port 50273 ssh2
+Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.70 port 12345
+
+#3
+Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4
+Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM ::ffff:1.2.3.4
+
+#4
+Jul 20 14:42:11 localhost sshd[22708]: Invalid user ftp from 211.114.51.213
+
+
+#5 new filter introduced after looking at 44087D8C.9090407@bluewin.ch
+Mar 3 00:17:22 [sshd] User root from 210.188.220.49 not allowed because not listed in AllowUsers
+Feb 25 14:34:11 belka sshd[31607]: User root from ferrari.inescn.pt not allowed because not listed in AllowUsers
+
+#6 ew filter introduced thanks to report Guido Bozzetto <reportbug@G-B.it>
+Nov 11 23:33:27 Server sshd[5174]: refused connect from _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161 (::ffff:218.249.210.161)
+
+#7 added exclamation mark to BREAK-IN
+# Now should be a negative since we decided not to catch those
+Oct 15 19:51:35 server sshd[7592]: Address 1.2.3.4 maps to 1234.bbbbbb.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT
+Oct 15 19:51:35 server sshd[7592]: Address 1.2.3.4 maps to 1234.bbbbbb.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
+
+#8 DenyUsers https://github.com/fail2ban/fail2ban/issues/47
+Apr 16 22:01:15 al-ribat sshd[5154]: User root from 46.45.128.3 not allowed because listed in DenyUsers
+
+# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648020
+Nov 8 11:19:38 bar sshd[25427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.2.3.6
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/vsftpd
^
|
| @@ -0,0 +1,7 @@
+#1 PAM based
+Oct 11 01:06:47 ServerJV vsftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=209.67.1.67
+Feb 6 12:02:29 server vsftpd(pam_unix)[15522]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=64.168.103.1 user=user1
+
+#2 Internal
+Fri Jan 19 12:20:33 2007 [pid 27202] [anonymous] FAIL LOGIN: Client "64.106.46.98"
+
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/logs/wu-ftpd
^
|
| @@ -0,0 +1,2 @@
+# This login line is from syslog
+Oct 6 09:59:26 myserver wu-ftpd[18760]: failed login from hj-145-173-a8.bta.net.cn [202.108.145.173]
|
|
[-]
[+]
|
Added |
fail2ban-0.8.8.tar.bz2/testcases/files/testcase-usedns.log
^
|
| @@ -0,0 +1,2 @@
+Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2
+Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/testcases/filtertestcase.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,29 +15,123 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Fail2Ban developers
-# Author: Cyril Jaquier
-#
-# $Revision: 728 $
-
-__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 728 $"
-__date__ = "$Date: 2009-02-08 18:31:24 +0100 (Sun, 08 Feb 2009) $"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier; 2012 Yaroslav Halchenko"
__license__ = "GPL"
import unittest
+import os
+import sys
+import time
+import tempfile
+
+from server.jail import Jail
from server.filterpoll import FilterPoll
-from server.filter import FileFilter
+from server.filter import FileFilter, DNSUtils
from server.failmanager import FailManager
from server.failmanager import FailManagerEmpty
+#
+# Useful helpers
+#
+
+def _killfile(f, name):
+ try:
+ f.close()
+ except:
+ pass
+ try:
+ os.unlink(name)
+ except:
+ pass
+
+def _sleep_4_poll():
+ """PollFilter relies on file timestamps - so we might need to
+ sleep to guarantee that they differ
+ """
+ if sys.version_info[:2] <= (2,4):
+ # on old Python st_mtime is int, so we should give
+ # at least 1 sec so polling filter could detect
+ # the change
+ time.sleep(1.)
+ else:
+ time.sleep(0.1)
+
+def _assert_equal_entries(utest, found, output, count=None):
+ """Little helper to unify comparisons with the target entries
+
+ and report helpful failure reports instead of millions of seconds ;)
+ """
+ utest.assertEqual(found[0], output[0]) # IP
+ utest.assertEqual(found[1], count or output[1]) # count
+ found_time, output_time = \
+ time.localtime(found[2]),\
+ time.localtime(output[2])
+ utest.assertEqual(found_time, output_time)
+ if len(output) > 3 and count is None: # match matches
+ # do not check if custom count (e.g. going through them twice)
+ utest.assertEqual(repr(found[3]), repr(output[3]))
+
+def _assert_correct_last_attempt(utest, filter_, output, count=None):
+ """Additional helper to wrap most common test case
+
+ Test filter to contain target ticket
+ """
+ if isinstance(filter_, DummyJail):
+ ticket = filter_.getFailTicket()
+ else:
+ # when we are testing without jails
+ ticket = filter_.failManager.toBan()
+
+ attempts = ticket.getAttempt()
+ date = ticket.getTime()
+ ip = ticket.getIP()
+ matches = ticket.getMatches()
+ found = (ip, attempts, date, matches)
+
+ _assert_equal_entries(utest, found, output, count)
+
+def _copy_lines_between_files(fin, fout, n=None, skip=0, mode='a', terminal_line=""):
+ """Copy lines from one file to another (which might be already open)
+
+ Returns open fout
+ """
+ if sys.version_info[:2] <= (2,4):
+ # on old Python st_mtime is int, so we should give at least 1 sec so
+ # polling filter could detect the change
+ time.sleep(1)
+ if isinstance(fin, str):
+ fin = open(fin, 'r')
+ if isinstance(fout, str):
+ fout = open(fout, mode)
+ # Skip
+ for i in xrange(skip):
+ _ = fin.readline()
+ # Read/Write
+ i = 0
+ while n is None or i < n:
+ l = fin.readline()
+ if terminal_line is not None and l == terminal_line:
+ break
+ fout.write(l)
+ fout.flush()
+ i += 1
+ # to give other threads possibly some time to crunch
+ time.sleep(0.1)
+ return fout
+
+#
+# Actual tests
+#
+
class IgnoreIP(unittest.TestCase):
def setUp(self):
"""Call before every test case."""
- self.__filter = FileFilter(None)
+ self.filter = FileFilter(None)
def tearDown(self):
"""Call after every test case."""
@@ -42,20 +139,22 @@
def testIgnoreIPOK(self):
ipList = "127.0.0.1", "192.168.0.1", "255.255.255.255", "99.99.99.99"
for ip in ipList:
- self.__filter.addIgnoreIP(ip)
- self.assertTrue(self.__filter.inIgnoreIPList(ip))
+ self.filter.addIgnoreIP(ip)
+
+ self.assertTrue(self.filter.inIgnoreIPList(ip))
# Test DNS
- self.__filter.addIgnoreIP("www.epfl.ch")
- self.assertTrue(self.__filter.inIgnoreIPList("128.178.50.12"))
-
+ self.filter.addIgnoreIP("www.epfl.ch")
+
+ self.assertTrue(self.filter.inIgnoreIPList("128.178.50.12"))
+
def testIgnoreIPNOK(self):
ipList = "", "999.999.999.999", "abcdef", "192.168.0."
for ip in ipList:
- self.__filter.addIgnoreIP(ip)
- self.assertFalse(self.__filter.inIgnoreIPList(ip))
+ self.filter.addIgnoreIP(ip)
+ self.assertFalse(self.filter.inIgnoreIPList(ip))
# Test DNS
- self.__filter.addIgnoreIP("www.epfl.ch")
- self.assertFalse(self.__filter.inIgnoreIPList("127.177.50.10"))
+ self.filter.addIgnoreIP("www.epfl.ch")
+ self.assertFalse(self.filter.inIgnoreIPList("127.177.50.10"))
class LogFile(unittest.TestCase):
@@ -64,17 +163,333 @@
def setUp(self):
"""Call before every test case."""
- self.__filter = FilterPoll(None)
- self.__filter.addLogPath(LogFile.FILENAME)
+ self.filter = FilterPoll(None)
+ self.filter.addLogPath(LogFile.FILENAME)
def tearDown(self):
"""Call after every test case."""
-
+ pass
+
#def testOpen(self):
- # self.__filter.openLogFile(LogFile.FILENAME)
-
+ # self.filter.openLogFile(LogFile.FILENAME)
+
def testIsModified(self):
- self.assertTrue(self.__filter.isModified(LogFile.FILENAME))
+ self.assertTrue(self.filter.isModified(LogFile.FILENAME))
+
+
+class LogFileMonitor(unittest.TestCase):
+ """Few more tests for FilterPoll API
+ """
+ def setUp(self):
+ """Call before every test case."""
+ self.filter = self.name = 'NA'
+ _, self.name = tempfile.mkstemp('fail2ban', 'monitorfailures')
+ self.file = open(self.name, 'a')
+ self.filter = FilterPoll(None)
+ self.filter.addLogPath(self.name)
+ self.filter.setActive(True)
+ self.filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")
+
+ def tearDown(self):
+ _killfile(self.file, self.name)
+ pass
+
+ def isModified(self, delay=2.):
+ """Wait up to `delay` sec to assure that it was modified or not
+ """
+ time0 = time.time()
+ while time.time() < time0 + delay:
+ if self.filter.isModified(self.name):
+ return True
+ time.sleep(0.1)
+ return False
+
+ def notModified(self):
+ # shorter wait time for not modified status
+ return not self.isModified(0.4)
+
+ def testNewChangeViaIsModified(self):
+ # it is a brand new one -- so first we think it is modified
+ self.assertTrue(self.isModified())
+ # but not any longer
+ self.assertTrue(self.notModified())
+ self.assertTrue(self.notModified())
+ _sleep_4_poll() # to guarantee freshier mtime
+ for i in range(4): # few changes
+ # unless we write into it
+ self.file.write("line%d\n" % i)
+ self.file.flush()
+ self.assertTrue(self.isModified())
+ self.assertTrue(self.notModified())
+ _sleep_4_poll() # to guarantee freshier mtime
+ os.rename(self.name, self.name + '.old')
+ # we are not signaling as modified whenever
+ # it gets away
+ self.assertTrue(self.notModified())
+ f = open(self.name, 'a')
+ self.assertTrue(self.isModified())
+ self.assertTrue(self.notModified())
+ _sleep_4_poll()
+ f.write("line%d\n" % i)
+ f.flush()
+ self.assertTrue(self.isModified())
+ self.assertTrue(self.notModified())
+ _killfile(f, self.name)
+ _killfile(self.name, self.name + '.old')
+ pass
+
+ def testNewChangeViaGetFailures_simple(self):
+ # suck in lines from this sample log file
+ self.filter.getFailures(self.name)
+ self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
+
+ # Now let's feed it with entries from the file
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.file, n=5)
+ self.filter.getFailures(self.name)
+ self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
+ # and it should have not been enough
+
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.file, skip=5)
+ self.filter.getFailures(self.name)
+ _assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01)
+
+ def testNewChangeViaGetFailures_rewrite(self):
+ #
+ # if we rewrite the file at once
+ self.file.close()
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.name)
+ self.filter.getFailures(self.name)
+ _assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01)
+
+ # What if file gets overridden
+ # yoh: skip so we skip those 2 identical lines which our
+ # filter "marked" as the known beginning, otherwise it
+ # would not detect "rotation"
+ self.file = _copy_lines_between_files(GetFailures.FILENAME_01, self.name,
+ skip=3, mode='w')
+ self.filter.getFailures(self.name)
+ #self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
+ _assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01)
+
+ def testNewChangeViaGetFailures_move(self):
+ #
+ # if we move file into a new location while it has been open already
+ self.file = _copy_lines_between_files(GetFailures.FILENAME_01, self.name,
+ n=14, mode='w')
+ self.filter.getFailures(self.name)
+ self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
+ self.assertEqual(self.filter.failManager.getFailTotal(), 2)
+
+ # move aside, but leaving the handle still open...
+ os.rename(self.name, self.name + '.bak')
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.name, skip=14)
+ self.filter.getFailures(self.name)
+ _assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01)
+ self.assertEqual(self.filter.failManager.getFailTotal(), 3)
+
+
+from threading import Lock
+class DummyJail(object):
+ """A simple 'jail' to suck in all the tickets generated by Filter's
+ """
+ def __init__(self):
+ self.lock = Lock()
+ self.queue = []
+
+ def __len__(self):
+ try:
+ self.lock.acquire()
+ return len(self.queue)
+ finally:
+ self.lock.release()
+
+ def putFailTicket(self, ticket):
+ try:
+ self.lock.acquire()
+ self.queue.append(ticket)
+ finally:
+ self.lock.release()
+
+ def getFailTicket(self):
+ try:
+ self.lock.acquire()
+ return self.queue.pop()
+ finally:
+ self.lock.release()
+
+ def getName(self):
+ return "DummyJail #%s with %d tickets" % (id(self), len(self))
+
+def get_monitor_failures_testcase(Filter_):
+ """Generator of TestCase's for different filters/backends
+ """
+
+ class MonitorFailures(unittest.TestCase):
+ def setUp(self):
+ """Call before every test case."""
+ self.filter = self.name = 'NA'
+ _, self.name = tempfile.mkstemp('fail2ban', 'monitorfailures')
+ self.file = open(self.name, 'a')
+ self.jail = DummyJail()
+ self.filter = Filter_(self.jail)
+ self.filter.addLogPath(self.name)
+ self.filter.setActive(True)
+ self.filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")
+ self.filter.start()
+ # If filter is polling it would sleep a bit to guarantee that
+ # we have initial time-stamp difference to trigger "actions"
+ self._sleep_4_poll()
+ #print "D: started filter %s" % self.filter
+
+
+ def tearDown(self):
+ #print "D: SLEEPING A BIT"
+ #import time; time.sleep(5)
+ #print "D: TEARING DOWN"
+ self.filter.stop()
+ #print "D: WAITING FOR FILTER TO STOP"
+ self.filter.join() # wait for the thread to terminate
+ #print "D: KILLING THE FILE"
+ _killfile(self.file, self.name)
+ pass
+
+ def __str__(self):
+ return "MonitorFailures%s(%s)" \
+ % (Filter_, hasattr(self, 'name') and self.name or 'tempfile')
+
+ def isFilled(self, delay=2.):
+ """Wait up to `delay` sec to assure that it was modified or not
+ """
+ time0 = time.time()
+ while time.time() < time0 + delay:
+ if len(self.jail):
+ return True
+ time.sleep(0.1)
+ return False
+
+ def _sleep_4_poll(self):
+ # Since FilterPoll relies on time stamps and some
+ # actions might be happening too fast in the tests,
+ # sleep a bit to guarantee reliable time stamps
+ if isinstance(self.filter, FilterPoll):
+ _sleep_4_poll()
+
+ def isEmpty(self, delay=0.4):
+ # shorter wait time for not modified status
+ return not self.isFilled(delay)
+
+ def assert_correct_last_attempt(self, failures, count=None):
+ self.assertTrue(self.isFilled(10)) # give Filter a chance to react
+ _assert_correct_last_attempt(self, self.jail, failures, count=count)
+
+
+ def test_grow_file(self):
+ # suck in lines from this sample log file
+ self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
+
+ # Now let's feed it with entries from the file
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.file, n=5)
+ self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
+ # and our dummy jail is empty as well
+ self.assertFalse(len(self.jail))
+ # since it should have not been enough
+
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.file, skip=5)
+ self.assertTrue(self.isFilled(6))
+ # so we sleep for up to 2 sec for it not to become empty,
+ # and meanwhile pass to other thread(s) and filter should
+ # have gathered new failures and passed them into the
+ # DummyJail
+ self.assertEqual(len(self.jail), 1)
+ # and there should be no "stuck" ticket in failManager
+ self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01)
+ self.assertEqual(len(self.jail), 0)
+
+ #return
+ # just for fun let's copy all of them again and see if that results
+ # in a new ban
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.file, n=100)
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01)
+
+ def test_rewrite_file(self):
+ # if we rewrite the file at once
+ self.file.close()
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.name)
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01)
+
+ # What if file gets overridden
+ # yoh: skip so we skip those 2 identical lines which our
+ # filter "marked" as the known beginning, otherwise it
+ # would not detect "rotation"
+ self.file = _copy_lines_between_files(GetFailures.FILENAME_01, self.name,
+ skip=3, mode='w')
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01)
+
+
+ def test_move_file(self):
+ # if we move file into a new location while it has been open already
+ self.file = _copy_lines_between_files(GetFailures.FILENAME_01, self.name,
+ n=14, mode='w')
+ self.assertTrue(self.isEmpty(2))
+ self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
+ self.assertEqual(self.filter.failManager.getFailTotal(), 2) # Fails with Poll from time to time
+
+ # move aside, but leaving the handle still open...
+ os.rename(self.name, self.name + '.bak')
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.name, skip=14)
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01)
+ self.assertEqual(self.filter.failManager.getFailTotal(), 3)
+
+ # now remove the moved file
+ _killfile(None, self.name + '.bak')
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.name, n=100)
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01)
+ self.assertEqual(self.filter.failManager.getFailTotal(), 6)
+
+
+ def test_new_bogus_file(self):
+ # to make sure that watching whole directory does not effect
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.name, n=100)
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01)
+
+ # create a bogus file in the same directory and see if that doesn't affect
+ open(self.name + '.bak2', 'w').write('')
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.name, n=100)
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01)
+ self.assertEqual(self.filter.failManager.getFailTotal(), 6)
+ _killfile(None, self.name + '.bak2')
+
+
+ def test_delLogPath(self):
+ # Smoke test for removing of the path from being watched
+
+ # basic full test
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.file, n=100)
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01)
+
+ # and now remove the LogPath
+ self.filter.delLogPath(self.name)
+
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.file, n=100)
+ # so we should get no more failures detected
+ self.assertTrue(self.isEmpty(2))
+
+ # but then if we add it back again
+ self.filter.addLogPath(self.name)
+ # Tricky catch here is that it should get them from the
+ # tail written before, so let's not copy anything yet
+ #_copy_lines_between_files(GetFailures.FILENAME_01, self.name, n=100)
+ # we should detect the failures
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01, count=6) # was needed if we write twice above
+
+ # now copy and get even more
+ _copy_lines_between_files(GetFailures.FILENAME_01, self.file, n=100)
+ # yoh: not sure why count here is not 9... TODO
+ self.assert_correct_last_attempt(GetFailures.FAILURES_01)#, count=9)
+
+
+ return MonitorFailures
class GetFailures(unittest.TestCase):
@@ -83,115 +498,139 @@
FILENAME_02 = "testcases/files/testcase02.log"
FILENAME_03 = "testcases/files/testcase03.log"
FILENAME_04 = "testcases/files/testcase04.log"
+ FILENAME_USEDNS = "testcases/files/testcase-usedns.log"
+
+ # so that they could be reused by other tests
+ FAILURES_01 = ('193.168.0.128', 3, 1124013599.0,
+ ['Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128\n']*3)
def setUp(self):
"""Call before every test case."""
- self.__filter = FileFilter(None)
- self.__filter.setActive(True)
+ self.filter = FileFilter(None)
+ self.filter.setActive(True)
# TODO Test this
- #self.__filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
- #self.__filter.setTimePattern("%b %d %H:%M:%S")
+ #self.filter.setTimeRegex("\S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}")
+ #self.filter.setTimePattern("%b %d %H:%M:%S")
def tearDown(self):
"""Call after every test case."""
-
+
+
+
def testGetFailures01(self):
- output = ('193.168.0.128', 3, 1124013599.0)
-
- self.__filter.addLogPath(GetFailures.FILENAME_01)
- self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")
-
- self.__filter.getFailures(GetFailures.FILENAME_01)
-
- ticket = self.__filter.failManager.toBan()
-
- attempts = ticket.getAttempt()
- date = ticket.getTime()
- ip = ticket.getIP()
- found = (ip, attempts, date)
-
- self.assertEqual(found, output)
-
- def testGetFailures02(self):
- output = ('141.3.81.106', 4, 1124013539.0)
+ self.filter.addLogPath(GetFailures.FILENAME_01)
+ self.filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")
+ self.filter.getFailures(GetFailures.FILENAME_01)
+ _assert_correct_last_attempt(self, self.filter, GetFailures.FAILURES_01)
- self.__filter.addLogPath(GetFailures.FILENAME_02)
- self.__filter.addFailRegex("Failed .* from <HOST>")
-
- self.__filter.getFailures(GetFailures.FILENAME_02)
-
- ticket = self.__filter.failManager.toBan()
-
- attempts = ticket.getAttempt()
- date = ticket.getTime()
- ip = ticket.getIP()
- found = (ip, attempts, date)
-
- self.assertEqual(found, output)
+
+ def testGetFailures02(self):
+ output = ('141.3.81.106', 4, 1124013539.0,
+ ['Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2\n'
+ % m for m in 53, 54, 57, 58])
+
+ self.filter.addLogPath(GetFailures.FILENAME_02)
+ self.filter.addFailRegex("Failed .* from <HOST>")
+ self.filter.getFailures(GetFailures.FILENAME_02)
+ _assert_correct_last_attempt(self, self.filter, output)
def testGetFailures03(self):
output = ('203.162.223.135', 6, 1124013544.0)
- self.__filter.addLogPath(GetFailures.FILENAME_03)
- self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown")
-
- self.__filter.getFailures(GetFailures.FILENAME_03)
-
- ticket = self.__filter.failManager.toBan()
-
- attempts = ticket.getAttempt()
- date = ticket.getTime()
- ip = ticket.getIP()
- found = (ip, attempts, date)
-
- self.assertEqual(found, output)
+ self.filter.addLogPath(GetFailures.FILENAME_03)
+ self.filter.addFailRegex("error,relay=<HOST>,.*550 User unknown")
+ self.filter.getFailures(GetFailures.FILENAME_03)
+ _assert_correct_last_attempt(self, self.filter, output)
def testGetFailures04(self):
output = [('212.41.96.186', 4, 1124013600.0),
('212.41.96.185', 4, 1124013598.0)]
- self.__filter.addLogPath(GetFailures.FILENAME_04)
- self.__filter.addFailRegex("Invalid user .* <HOST>")
-
- self.__filter.getFailures(GetFailures.FILENAME_04)
+ self.filter.addLogPath(GetFailures.FILENAME_04)
+ self.filter.addFailRegex("Invalid user .* <HOST>")
+ self.filter.getFailures(GetFailures.FILENAME_04)
try:
- for i in range(2):
- ticket = self.__filter.failManager.toBan()
- attempts = ticket.getAttempt()
- date = ticket.getTime()
- ip = ticket.getIP()
- found = (ip, attempts, date)
- self.assertEqual(found, output[i])
+ for i, out in enumerate(output):
+ _assert_correct_last_attempt(self, self.filter, out)
except FailManagerEmpty:
pass
-
+
+ def testGetFailuresUseDNS(self):
+ # We should still catch failures with usedns = no ;-)
+ output_yes = ('192.0.43.10', 2, 1124013539.0,
+ ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2\n',
+ 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n'])
+
+ output_no = ('192.0.43.10', 1, 1124013539.0,
+ ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:192.0.43.10 port 51332 ssh2\n'])
+
+ # Actually no exception would be raised -- it will be just set to 'no'
+ #self.assertRaises(ValueError,
+ # FileFilter, None, useDns='wrong_value_for_useDns')
+
+ for useDns, output in (('yes', output_yes),
+ ('no', output_no),
+ ('warn', output_yes)):
+ filter_ = FileFilter(None, useDns=useDns)
+ filter_.setActive(True)
+ filter_.failManager.setMaxRetry(1) # we might have just few failures
+
+ filter_.addLogPath(GetFailures.FILENAME_USEDNS)
+ filter_.addFailRegex("Failed .* from <HOST>")
+ filter_.getFailures(GetFailures.FILENAME_USEDNS)
+ _assert_correct_last_attempt(self, filter_, output)
+
+
+
def testGetFailuresMultiRegex(self):
output = ('141.3.81.106', 8, 1124013541.0)
- self.__filter.addLogPath(GetFailures.FILENAME_02)
- self.__filter.addFailRegex("Failed .* from <HOST>")
- self.__filter.addFailRegex("Accepted .* from <HOST>")
-
- self.__filter.getFailures(GetFailures.FILENAME_02)
-
- ticket = self.__filter.failManager.toBan()
-
- attempts = ticket.getAttempt()
- date = ticket.getTime()
- ip = ticket.getIP()
- found = (ip, attempts, date)
-
- self.assertEqual(found, output)
-
+ self.filter.addLogPath(GetFailures.FILENAME_02)
+ self.filter.addFailRegex("Failed .* from <HOST>")
+ self.filter.addFailRegex("Accepted .* from <HOST>")
+ self.filter.getFailures(GetFailures.FILENAME_02)
+ _assert_correct_last_attempt(self, self.filter, output)
+
def testGetFailuresIgnoreRegex(self):
output = ('141.3.81.106', 8, 1124013541.0)
- self.__filter.addLogPath(GetFailures.FILENAME_02)
- self.__filter.addFailRegex("Failed .* from <HOST>")
- self.__filter.addFailRegex("Accepted .* from <HOST>")
- self.__filter.addIgnoreRegex("for roehl")
-
- self.__filter.getFailures(GetFailures.FILENAME_02)
-
- self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)
+ self.filter.addLogPath(GetFailures.FILENAME_02)
+ self.filter.addFailRegex("Failed .* from <HOST>")
+ self.filter.addFailRegex("Accepted .* from <HOST>")
+ self.filter.addIgnoreRegex("for roehl")
+
+ self.filter.getFailures(GetFailures.FILENAME_02)
+
+ self.assertRaises(FailManagerEmpty, self.filter.failManager.toBan)
+
+class DNSUtilsTests(unittest.TestCase):
+
+ def testUseDns(self):
+ res = DNSUtils.textToIp('www.example.com', 'no')
+ self.assertEqual(res, [])
+ res = DNSUtils.textToIp('www.example.com', 'warn')
+ self.assertEqual(res, ['192.0.43.10'])
+ res = DNSUtils.textToIp('www.example.com', 'yes')
+ self.assertEqual(res, ['192.0.43.10'])
+
+ def testTextToIp(self):
+ # Test hostnames
+ hostnames = [
+ 'www.example.com',
+ 'doh1.2.3.4.buga.xxxxx.yyy.invalid',
+ '1.2.3.4.buga.xxxxx.yyy.invalid',
+ ]
+ for s in hostnames:
+ res = DNSUtils.textToIp(s, 'yes')
+ if s == 'www.example.com':
+ self.assertEqual(res, ['192.0.43.10'])
+ else:
+ self.assertEqual(res, [])
+
+class JailTests(unittest.TestCase):
+
+ def testSetBackend_gh83(self):
+ # smoke test
+ jail = Jail('test', backend='polling') # Must not fail to initiate
+
|
|
[-]
[+]
|
Changed |
fail2ban-0.8.8.tar.bz2/testcases/servertestcase.py
^
|
| @@ -1,3 +1,6 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
@@ -12,15 +15,15 @@
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Author: Cyril Jaquier
#
-# $Revision: 382 $
+# $Revision$
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 382 $"
-__date__ = "$Date: 2006-09-25 19:03:48 +0200 (Mon, 25 Sep 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -124,4 +127,4 @@
jail = self.__server.jails[name]
self.assertEqual(jail.getFilter().failManager.size(), 0)
self.assertEqual(jail.getAction().banManager.size(), 2)
-
\ No newline at end of file
+
|
