Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Upgraded to fresh upstream 0.5.4

  • Loading branch information...
commit 7f0a3df4a4eb328d1f5d839864c5d1c505327a29 2 parents bb2cc0b + 1c3f233
@yarikoptic yarikoptic authored
View
15 CHANGELOG
@@ -4,9 +4,22 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-Fail2Ban (version 0.5.3) 2005/09/08
+Fail2Ban (version 0.5.4) 2005/09/13
=============================================================
+ver. 0.5.4 (2005/09/13) - beta
+----------
+- Fixed bug #1286222.
+- Propagated patches introduced by Debian maintainer
+ (Yaroslav Halchenko):
+ * Fixed handling of SYSLOG logging target. Now it can log
+ to any SYSLOG target and facility as directed by the
+ config
+ * Format of SYSLOG entries fixed to look closer to standard
+ * Fixed errata in config/gentoo-confd
+ * Introduced findtime configuration variable to control the
+ lifetime of caught "failed" log entries
+
ver. 0.5.3 (2005/09/08) - beta
----------
- Fixed a bug when overriding "maxfailures" or "bantime".
View
2  PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.0
Name: fail2ban
-Version: 0.5.3
+Version: 0.5.4
Summary: Ban IPs that make too many password failure
Home-page: http://fail2ban.sourceforge.net
Author: Cyril Jaquier
View
6 README
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
-Fail2Ban (version 0.5.3) 2005/09/08
+Fail2Ban (version 0.5.4) 2005/09/13
=============================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -58,8 +58,8 @@ Require: python-2.3 (http://www.python.org)
To install, just do:
-> tar xvfj fail2ban-0.5.3.tar.bz2
-> cd fail2ban-0.5.3
+> tar xvfj fail2ban-0.5.4.tar.bz2
+> cd fail2ban-0.5.4
> python setup.py install
This will install Fail2Ban into /usr/lib/fail2ban. The fail2ban
View
82 config/debian-initd
@@ -1,13 +1,14 @@
#! /bin/sh
#
-# skeleton example file to build /etc/init.d/ scripts.
-# This file should be used to construct scripts for /etc/init.d.
+# Fail2Ban init.d file - to be launched on boot
#
# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
-# Modified for Debian
-# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+# Modified for Debian
+# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+# Adjusted for Fail2Ban
+# by Yaroslav Halchenko <debian@onerussian.com>.
#
-# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl
+# Version: $Id: debian-initd,v 1.1.2.2 2005/09/11 15:42:32 yarikoptic Exp $
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
@@ -26,36 +27,47 @@ DAEMON_OPTS=$FAIL2BAN_OPTS
set -e
case "$1" in
- start)
- echo -n "Starting $DESC: "
- [ -f $PIDFILE ] && [ ! -d /proc/`cat $PIDFILE` ] && rm -f $PIDFILE
- start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
- -b --exec $DAEMON -- $DAEMON_OPTS
- echo "$NAME."
- ;;
- stop)
- echo -n "Stopping $DESC: "
- start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid
- rm -f $PIDFILE
- echo "$NAME."
- ;;
- restart|force-reload)
- #
- # If the "reload" option is implemented, move the "force-reload"
- # option to the "reload" entry above. If not, "force-reload" is
- # just the same as "restart".
- #
- echo -n "Restarting $DESC: "
- ( $0 stop )
- sleep 1
- $0 start
- ;;
- *)
- N=/etc/init.d/$NAME
- # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
- echo "Usage: $N {start|stop|restart|force-reload}" >&2
- exit 1
+ start)
+ echo -n "Starting $DESC: "
+ [ -f $PIDFILE ] && [ ! -d /proc/`cat $PIDFILE` ] && rm -f $PIDFILE
+ start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ -b --exec $DAEMON -- $DAEMON_OPTS
+ echo "$NAME."
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ start-stop-daemon --stop --quiet --pidfile $PIDFILE
+ echo "$NAME."
+ ;;
+ restart|force-reload)
+ echo -n "Restarting $DESC: "
+ ( $0 stop )
+ sleep 1
+ $0 start
+ ;;
+ status)
+ echo -n "Status of $DESC: "
+ if [ ! -e "$PIDFILE" ]; then
+ echo "$NAME is not running."
+ exit 3
+ fi
+ if [ ! -r "$PIDFILE" ]; then
+ echo "$PIDFILE not readable, status of $NAME unknown."
+ exit 4
+ fi
+ if [ -d /proc/`cat "$PIDFILE"` ]; then
+ echo "$NAME is running."
+ exit 0
+ else
+ echo "$NAME is not running but $PIDFILE exists."
+ exit 1
+ fi
;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
+ exit 1
+ ;;
esac
-exit 0
+exit 0
View
28 config/fail2ban.conf.default
@@ -1,6 +1,6 @@
# Fail2Ban configuration file
#
-# $Revision: 1.8.2.11 $
+# $Revision: 1.8.2.13 $
#
# 2005.06.21 modified for readability Iain Lea iain@bricbrac.de
@@ -23,6 +23,18 @@ debug = false
#
logtargets = /var/log/fail2ban.log
+# Option: syslog-target
+# Notes.: where to find syslog facility if logtarget SYSLOG.
+# Values: SOCKET HOST HOST:PORT Default: /dev/log
+#
+syslog-target = /dev/log
+
+# Option: syslog-facility
+# Notes.: which syslog facility to use if logtarget SYSLOG.
+# Values: NUM Default: 1
+#
+syslog-facility = 1
+
# Option: pidlock
# Notes.: path of the PID lock file (must be able to write to file).
# Values: FILE Default: /var/run/fail2ban.pid
@@ -41,6 +53,12 @@ maxfailures = 5
#
bantime = 600
+# Option: findtime
+# Notes.: lifetime in seconds of a "failed" log entry.
+# Values: NUM Default: 600
+#
+findtime = 600
+
# Option: ignoreip
# Notes.: space separated list of IP's to be ignored by fail2ban.
# You can use CIDR mask in order to specify a range.
@@ -56,7 +74,7 @@ ignoreip = 192.168.0.0/16
cmdstart =
# Option: cmdend
-# Notes.: command executed once at the end of Fail2Ban
+# Notes.: command executed once at the end of Fail2Ban.
# Values: CMD Default:
#
cmdend =
@@ -114,7 +132,7 @@ subject = [Fail2Ban] Banned <ip>
# <failures> number of failures
# <failtime> unix timestamp of the last failure
# <br> new line
-# Values: TEXT Default:
+# Values: TEXT Default:
#
message = Hi,<br>
The IP <ip> has just been banned by Fail2Ban after
@@ -181,7 +199,7 @@ fwunban = iptables -D fail2ban-http -s <ip> -j DROP
# Option: timeregex
# Notes.: regex to match timestamp in Apache logfile.
-# Values: [Wed Jan 05 15:08:01 2005]
+# Values: [Wed Jan 05 15:08:01 2005]
# Default: \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
#
timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
@@ -253,7 +271,7 @@ fwunban = iptables -D fail2ban-ssh -s <ip> -j DROP
# Option: timeregex
# Notes.: regex to match timestamp in SSH logfile.
-# Values: [Mar 7 17:53:28]
+# Values: [Mar 7 17:53:28]
# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
#
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
View
4 config/gentoo-confd
@@ -16,8 +16,8 @@
#
# Author: Cyril Jaquier
#
-# $Revision: 1.1 $
+# $Revision: 1.1.2.1 $
-# Command line options for Fail2Ban. Refer to "fail2ban.py -h" for
+# Command line options for Fail2Ban. Refer to "fail2ban -h" for
# valid options.
FAIL2BAN_OPTS="-v"
View
78 fail2ban.py
@@ -15,12 +15,13 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# Author: Cyril Jaquier
+# Modified by: Yaroslav Halchenko (SYSLOG, findtime)
#
-# $Revision: 1.20.2.16 $
+# $Revision: 1.20.2.18 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 1.20.2.16 $"
-__date__ = "$Date: 2005/09/05 21:12:08 $"
+__version__ = "$Revision: 1.20.2.18 $"
+__date__ = "$Date: 2005/09/13 20:42:33 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
@@ -144,7 +145,8 @@ def main():
logSys.addHandler(stdout)
# Default formatter
- formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
+ formatterstring='%(levelname)s: %(message)s'
+ formatter = logging.Formatter('%(asctime)s ' + formatterstring)
stdout.setFormatter(formatter)
conf["verbose"] = 0
@@ -175,10 +177,13 @@ def main():
# Options
optionValues = (["bool", "background", False],
["str", "logtargets", "/var/log/fail2ban.log"],
+ ["str", "syslog-target", "/dev/log"],
+ ["int", "syslog-facility", 1],
["bool", "debug", False],
["str", "pidlock", "/var/run/fail2ban.pid"],
["int", "maxfailures", 5],
["int", "bantime", 600],
+ ["int", "findtime", 600],
["str", "ignoreip", ""],
["int", "polltime", 1],
["str", "cmdstart", ""],
@@ -226,9 +231,9 @@ def main():
# Set debug log level
if conf["debug"]:
logSys.setLevel(logging.DEBUG)
- formatter = logging.Formatter("%(asctime)s %(levelname)s " +
- "[%(filename)s (%(lineno)d)] " +
- "%(message)s")
+ formatterstring = ('%(levelname)s: [%(filename)s (%(lineno)d)] ' +
+ '%(message)s')
+ formatter = logging.Formatter("%(asctime)s " + formatterstring)
stdout.setFormatter(formatter)
logSys.warn("DEBUG MODE: FIREWALL COMMANDS ARE _NOT_ EXECUTED BUT " +
"ONLY DISPLAYED IN THE LOG MESSAGES")
@@ -238,10 +243,41 @@ def main():
# Bug fix for #1234699
os.umask(0077)
for target in conf["logtargets"].split():
+ # target formatter
+ # By default global formatter is taken. Is different for SYSLOG
+ tformatter = formatter
if target == "STDERR":
hdlr = logging.StreamHandler(sys.stderr)
elif target == "SYSLOG":
- hdlr = logging.handlers.SysLogHandler()
+ # SYSLOG target can be either
+ # a socket (file, so it starts with /)
+ # or hostname
+ # or hostname:port
+ syslogtargets = re.findall("(/[\w/]*)|([^/ ][^: ]*)(:(\d+)){,1}",
+ conf["syslog-target"])
+ # we are waiting for a single match
+ syslogtargets = syslogtargets[0]
+
+ # assign facility if it was defined
+ if conf["syslog-facility"] < 0:
+ facility = handlers.SysLogHandler.LOG_USER
+ else:
+ facility = conf["syslog-facility"]
+
+ if len(syslogtargets) == 0: # everything default
+ hdlr = logging.handlers.SysLogHandler()
+ else:
+ if not ( syslogtargets[0] == "" ): # got socket
+ syslogtarget = syslogtargets[0]
+ else: # got hostname and maybe a port
+ if syslogtargets[3] == "": # no port specified
+ port = 514
+ else:
+ port = int(syslogtargets[3])
+ syslogtarget = (syslogtargets[1], port)
+ hdlr = logging.handlers.SysLogHandler(syslogtarget, facility)
+ tformatter = logging.Formatter("fail2ban[%(process)d]: " +
+ formatterstring);
else:
# Target should be a file
try:
@@ -251,12 +287,12 @@ def main():
logSys.error("Unable to log to " + target)
continue
# Set formatter and add handler to logger
- hdlr.setFormatter(formatter)
+ hdlr.setFormatter(tformatter)
logSys.addHandler(hdlr)
# Ignores IP list
ignoreIPList = conf["ignoreip"].split(' ')
-
+
# Checks for root user. This is necessary because log files
# are owned by root and firewall needs root access.
if not checkForRoot():
@@ -277,6 +313,7 @@ def main():
logSys.debug("ConfFile is " + conf["conffile"])
logSys.debug("BanTime is " + `conf["bantime"]`)
+ logSys.debug("FindTime is " + `conf["findtime"]`)
logSys.debug("MaxFailure is " + `conf["maxfailures"]`)
# Options
@@ -302,8 +339,9 @@ def main():
# Options
optionValues = (["bool", "enabled", False],
["str", "logfile", "/dev/null"],
- ["int", "maxfailures", None],
- ["int", "bantime", None],
+ ["int", "maxfailures", conf["maxfailures"]],
+ ["int", "bantime", conf["bantime"]],
+ ["int", "findtime", conf["findtime"]],
["str", "timeregex", ""],
["str", "timepattern", ""],
["str", "failregex", ""],
@@ -316,23 +354,11 @@ def main():
for t in confReader.getSections():
l = confReader.getLogOptions(t, optionValues)
if l["enabled"]:
- # Override maxfailures option
- if not l["maxfailures"] == None:
- maxFailures = l["maxfailures"]
- else:
- maxFailures = conf["maxfailures"]
-
- # Override bantime option
- if not l["bantime"] == None:
- banTime = l["bantime"]
- else:
- banTime = conf["bantime"]
-
# Creates a logreader object
lObj = LogReader(l["logfile"], l["timeregex"], l["timepattern"],
- l["failregex"], maxFailures, banTime)
+ l["failregex"], l["maxfailures"], l["findtime"])
# Creates a firewall object
- fObj = Firewall(l["fwban"], l["fwunban"], banTime)
+ fObj = Firewall(l["fwban"], l["fwunban"], l["bantime"])
# Links them into a list. I'm not really happy
# with this :/
logFwList.append([t, lObj, fObj, dict(), l])
View
13 utils/mail.py
@@ -16,17 +16,18 @@
# Author: Cyril Jaquier
#
-# $Revision: 1.1.2.3 $
+# $Revision: 1.1.2.4 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 1.1.2.3 $"
-__date__ = "$Date: 2005/09/08 18:05:59 $"
+__version__ = "$Revision: 1.1.2.4 $"
+__date__ = "$Date: 2005/09/12 14:42:08 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
import logging, smtplib
from utils.strings import replaceTag
+from time import strftime, gmtime
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban")
@@ -55,8 +56,10 @@ def sendmail(self, subject, message, aInfo):
subj = replaceTag(subject, aInfo)
msg = replaceTag(message, aInfo)
- mail = ("From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" %
- (self.fromAddr, ", ".join(self.toAddr), subj)) + msg
+ mail = ("From: %s\r\nTo: %s\r\nDate: %s\r\nSubject: %s\r\n\r\n" %
+ (self.fromAddr, ", ".join(self.toAddr),
+ strftime("%a, %d %b %Y %H:%M:%S +0000", gmtime()),
+ subj)) + msg
try:
server = smtplib.SMTP(self.host, self.port)
View
8 version.py
@@ -16,12 +16,12 @@
# Author: Cyril Jaquier
#
-# $Revision: 1.12.2.8 $
+# $Revision: 1.12.2.10 $
__author__ = "Cyril Jaquier"
-__version__ = "$Revision: 1.12.2.8 $"
-__date__ = "$Date: 2005/09/08 18:20:51 $"
+__version__ = "$Revision: 1.12.2.10 $"
+__date__ = "$Date: 2005/09/13 20:43:00 $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__license__ = "GPL"
-version = "0.5.3"
+version = "0.5.4"
Please sign in to comment.
Something went wrong with that request. Please try again.