Imported upstream version 0.8.2

CHANGELOG → ChangeLog

@@ -4,9 +4,46 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.8.1)                           2007/08/14
+Fail2Ban (version 0.8.2)                           2008/03/06
 =============================================================
 
+ver. 0.8.2 (2008/03/06) - stable
+----------
+- Fixed named filter. Thanks to Yaroslav Halchenko
+- Fixed wrong path for apache-auth in jail.conf. Thanks to
+  Vincent Deffontaines
+- Fixed timezone bug with epoch date template. Thanks to
+  Michael Hanselmann
+- Added "full line failregex" patch. Thanks to Yaroslav
+  Halchenko. It will be possible to create stronger failregex
+  against log injection
+- Fixed ipfw action script. Thanks to Nick Munger
+- Removed date from logging message when using SYSLOG. Thanks
+  to Iain Lea
+- Fixed "ignore IPs". Only the first value was taken into
+  account. Thanks to Adrien Clerc
+- Moved socket to /var/run/fail2ban.
+- Rewrote the communication server.
+- Refactoring. Reduced number of files.
+- Removed Python 2.4. Minimum required version is now Python
+  2.3.
+- New log rotation detection algorithm.
+- Print monitored files in status.
+- Create a PID file in /var/run/fail2ban/. Thanks to Julien
+  Perez.
+- Fixed "Feb 29" bug. Thanks to James Andrewartha who pointed
+  this out. Thanks to Yaroslav Halchenko for the fix.
+- "reload <jail>" reloads a single jail and the parameters in
+  fail2ban.conf.
+- Added Mac OS/X startup script. Thanks to Bill Heaton.
+- Absorbed some Debian patches. Thanks to Yaroslav Halchenko.
+- Replaced "echo" with "printf" in actions. Fix #1839673
+- Replaced "reject" with "drop" in shorwall action. Fix
+  #1854875
+- Fixed Debian bug #456567, #468477, #462060, #461426
+- readline is now optional in fail2ban-client (not needed in
+  fail2ban-server).
+
 ver. 0.8.1 (2007/08/14) - stable
 ----------
 - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid

PKG-INFO

@@ -1,10 +1,10 @@
 Metadata-Version: 1.0
 Name: fail2ban
-Version: 0.8.1
+Version: 0.8.2
 Summary: Ban IPs that make too many password failure
-Home-page: http://fail2ban.sourceforge.net
+Home-page: http://www.fail2ban.org
 Author: Cyril Jaquier
-Author-email: lostcontrol@users.sourceforge.net
+Author-email: cyril.jaquier@fail2ban.org
 License: GPL
 Description: 
         Fail2Ban scans log files like /var/log/pwdfail or

README

@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.8.1)                           2007/08/14
+Fail2Ban (version 0.8.2)                           2008/03/06
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -21,15 +21,15 @@ Installation:
 -------------
 
 Required:
-   >=python-2.4 (http://www.python.org)
+   >=python-2.3 (http://www.python.org)
 
 Optional:
    >=gamin-0.0.21 (http://www.gnome.org/~veillard/gamin)
 
 To install, just do:
 
-> tar xvfj fail2ban-0.8.1.tar.bz2
-> cd fail2ban-0.8.1
+> tar xvfj fail2ban-0.8.2.tar.bz2
+> cd fail2ban-0.8.2
 > python setup.py install
 
 This will install Fail2Ban into /usr/share/fail2ban. The
@@ -62,7 +62,7 @@ appreciate this program, you can contact me at:
 
 Website: http://www.fail2ban.org
 
-Cyril Jaquier: <lostcontrol@users.sourceforge.net>
+Cyril Jaquier: <cyril.jaquier@fail2ban.org>
 
 Thanks:
 -------
@@ -75,7 +75,8 @@ Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
 René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch,
 Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner,
 Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
-Delvit, Vaclav Misek
+Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann,
+Vincent Deffontaines, Bill Heaton and many others.
 
 License:
 --------

TODO

@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-ToDo                                         $Revision: 557 $
+ToDo                                         $Revision: 653 $
 =============================================================
 
 Legend:
@@ -15,9 +15,6 @@ Legend:
 
 - Removed relative imports
 
-- Discuss where Fail2ban should be installed (/usr/share,
-  /usr/lib/python/site-packages/, etc)
-
 - Cleanup fail2ban-client and fail2ban-server. Move code to
   server/ and client/
 
@@ -45,12 +42,8 @@ Legend:
 
 - Add gettext support (I18N)
 
-- Fix the cPickle issue with Python 2.5
-
 - Multiline log reading
 
-- Improve communication. (asyncore, asynchat??)
-
 - Improve execution of action. Why does subprocess.call
   deadlock with multi-jails?
 

client/beautifier.py

@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 547 $
+# $Revision: 644 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 547 $"
-__date__ = "$Date: 2007-02-12 00:21:56 +0100 (Mon, 12 Feb 2007) $"
+__version__ = "$Revision: 644 $"
+__date__ = "$Date: 2008-01-15 00:12:21 +0100 (Tue, 15 Jan 2008) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -72,9 +72,14 @@ def beautify(self, response):
 					ipList = ""
 					for ip in response[1][1][2][1]:
 						ipList += ip + " "
+					# Creates file list.
+					fileList = ""
+					for f in response[0][1][2][1]:
+						fileList += f + " "
 					# Display information
 					msg = "Status for the jail: " + inC[1] + "\n"
 					msg = msg + "|- " + response[0][0] + "\n"
+					msg = msg + "|  |- " + response[0][1][2][0] + ":\t" + fileList + "\n"
 					msg = msg + "|  |- " + response[0][1][0][0] + ":\t" + `response[0][1][0][1]` + "\n"
 					msg = msg + "|  `- " + response[0][1][1][0] + ":\t" + `response[0][1][1][1]` + "\n"
 					msg = msg + "`- " + response[1][0] + "\n"

client/configparserinc.py

@@ -0,0 +1,108 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Yaroslav Halchenko
+# Modified: Cyril Jaquier
+# $Revision: 656 $
+
+__author__ = 'Yaroslav Halhenko'
+__revision__ = '$Revision: $'
+__date__ = '$Date:  $'
+__copyright__ = 'Copyright (c) 2007 Yaroslav Halchenko'
+__license__ = 'GPL'
+
+import logging, os
+from ConfigParser import SafeConfigParser
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban.client.config")
+
+class SafeConfigParserWithIncludes(SafeConfigParser):
+	"""
+	Class adds functionality to SafeConfigParser to handle included
+	other configuration files (or may be urls, whatever in the future)
+
+	File should have section [includes] and only 2 options implemented
+	are 'files_before' and 'files_after' where files are listed 1 per
+	line.
+
+	Example:
+
+[INCLUDES]
+before = 1.conf
+			   3.conf
+
+after = 1.conf
+
+	It is a simple implementation, so just basic care is taken about
+	recursion. Includes preserve right order, ie new files are
+	inserted to the list of read configs before original, and their
+	includes correspondingly so the list should follow the leaves of
+	the tree.
+
+	I wasn't sure what would be the right way to implement generic (aka c++
+    template) so we could base at any *configparser class... so I will
+    leave it for the future
+
+	"""
+
+	SECTION_NAME = "INCLUDES"
+
+	#@staticmethod
+	def getIncludes(resource, seen = []):
+		"""
+		Given 1 config resource returns list of included files
+		(recursively) with the original one as well
+		Simple loops are taken care about
+		"""
+
+		# Use a short class name ;)
+		SCPWI = SafeConfigParserWithIncludes
+
+		parser = SafeConfigParser()
+		parser.read(resource)
+
+		resourceDir = os.path.dirname(resource)
+
+		newFiles = [ ('before', []), ('after', []) ]
+		if SCPWI.SECTION_NAME in parser.sections():
+			for option_name, option_list in newFiles:
+				if option_name in parser.options(SCPWI.SECTION_NAME):
+					newResources = parser.get(SCPWI.SECTION_NAME, option_name)
+					for newResource in newResources.split('\n'):
+						if os.path.isabs(newResource):
+							r = newResource
+						else:
+							r = "%s/%s" % (resourceDir, newResource)
+						if r in seen:
+							continue
+						s = seen + [resource]
+						option_list += SCPWI.getIncludes(r, s)
+		# combine lists
+		return newFiles[0][1] + [resource] + newFiles[1][1]
+		#print "Includes list for " + resource + " is " + `resources`
+	getIncludes = staticmethod(getIncludes)
+
+
+	def read(self, filenames):
+		fileNamesFull = []
+		if not isinstance(filenames, list):
+			filenames = [ filenames ]
+		for filename in filenames:
+			fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename)
+		logSys.debug("Reading files: %s" % fileNamesFull)
+		return SafeConfigParser.read(self, fileNamesFull)
+

client/configreader.py

@@ -15,46 +15,48 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
 # Author: Cyril Jaquier
-# 
-# $Revision: 458 $
+# Modified by: Yaroslav Halchenko (SafeConfigParserWithIncludes)
+# $Revision: 656 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 458 $"
-__date__ = "$Date: 2006-11-12 15:52:36 +0100 (Sun, 12 Nov 2006) $"
+__version__ = "$Revision: 656 $"
+__date__ = "$Date: 2008-03-04 01:17:56 +0100 (Tue, 04 Mar 2008) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
 import logging, os
-from ConfigParser import SafeConfigParser
+from configparserinc import SafeConfigParserWithIncludes
 from ConfigParser import NoOptionError, NoSectionError
 
 # Gets the instance of the logger.
 logSys = logging.getLogger("fail2ban.client.config")
 
-class ConfigReader(SafeConfigParser):
+class ConfigReader(SafeConfigParserWithIncludes):
 
 	BASE_DIRECTORY = "/etc/fail2ban/"
 
 	def __init__(self):
-		SafeConfigParser.__init__(self)
+		SafeConfigParserWithIncludes.__init__(self)
 		self.__opts = None
 
-	@staticmethod
+	#@staticmethod
 	def setBaseDir(folderName):
 		path = folderName.rstrip('/')
 		ConfigReader.BASE_DIRECTORY = path + '/'
+	setBaseDir = staticmethod(setBaseDir)
 
-	@staticmethod
+	#@staticmethod
 	def getBaseDir():
 		return ConfigReader.BASE_DIRECTORY
+	getBaseDir = staticmethod(getBaseDir)
 
 	def read(self, filename):
 		basename = ConfigReader.BASE_DIRECTORY + filename
 		logSys.debug("Reading " + basename)
 		bConf = basename + ".conf"
 		bLocal = basename + ".local"
 		if os.path.exists(bConf) or os.path.exists(bLocal):
-			SafeConfigParser.read(self, [bConf, bLocal])
+			SafeConfigParserWithIncludes.read(self, [bConf, bLocal])
 			return True
 		else:
 			logSys.error(bConf + " and " + bLocal + " do not exist")

client/configurator.py

@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 518 $
+# $Revision: 655 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 518 $"
-__date__ = "$Date: 2007-01-08 22:15:47 +0100 (Mon, 08 Jan 2007) $"
+__version__ = "$Revision: 655 $"
+__date__ = "$Date: 2008-03-04 01:13:39 +0100 (Tue, 04 Mar 2008) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -40,27 +40,29 @@ def __init__(self):
 		self.__fail2ban = Fail2banReader()
 		self.__jails = JailsReader()
 
-	@staticmethod
+	#@staticmethod
 	def setBaseDir(folderName):
 		ConfigReader.setBaseDir(folderName)
+	setBaseDir = staticmethod(setBaseDir)
 
-	@staticmethod
+	#@staticmethod
 	def getBaseDir():
 		return ConfigReader.getBaseDir()
+	getBaseDir = staticmethod(getBaseDir)
 
 	def readEarly(self):
 		self.__fail2ban.read()
 
 	def readAll(self):
 		self.readEarly()
 		self.__jails.read()
-		
+
 	def getEarlyOptions(self):
 		return self.__fail2ban.getEarlyOptions()
-	
-	def getAllOptions(self):
+
+	def getOptions(self, jail = None):
 		self.__fail2ban.getOptions()
-		return self.__jails.getOptions()
+		return self.__jails.getOptions(jail)
 
 	def convertToProtocol(self):
 		self.__streams["general"] = self.__fail2ban.convert()