Attachment 948123 Details for Bug 1048639 – Proposed patch

[patch] Proposed patch

fail2ban.patch (text/plain), 3.52 KB, created by Alan Hamilton on 2014-10-18 19:15:38 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Alan Hamilton

Created: 2014-10-18 19:15:38 UTC

Size: 3.52 KB

patch

obsolete

>diff -uNr logwatch-svn242/conf/services/fail2ban.conf logwatchp/conf/services/fail2ban.conf
>--- logwatch-svn242/conf/services/fail2ban.conf	2014-09-08 12:15:49.000000000 -0700
>+++ logwatchp/conf/services/fail2ban.conf	2014-10-14 10:43:44.190844016 -0700
>@@ -22,9 +22,9 @@
> # Which logfile group...
> LogFile = fail2ban
> 
>-# Only give lines pertaining to the fail2ban service...
>+# Only give lines pertaining to the fail2ban service. Don't use
>+# OnlyService because fail2ban does not use the syslog format.
> # Note: fail2ban logs using "service" names fail2ban, fail2ban.jail,
>-# fail2ban.filter, and many more.  We want to exclude fail2ban-client
>-# so we accept either fail2ban or fail2ban\..+
>-*OnlyService = fail2ban(|\..+)
>-*RemoveHeaders
>+# fail2ban.filter, and many more. We want to exclude fail2ban-client
>+# so we reject fail2ban-
>+*OnlyContains = fail2ban[^-]
>diff -uNr logwatch-svn242/scripts/services/fail2ban logwatchp/scripts/services/fail2ban
>--- logwatch-svn242/scripts/services/fail2ban	2014-09-09 04:07:27.000000000 -0700
>+++ logwatchp/scripts/services/fail2ban	2014-10-14 09:01:35.864718203 -0700
>@@ -66,8 +66,8 @@
>     if ( ($ThisLine =~ /..,... DEBUG: /) or
> 	 ($ThisLine =~ /..,... \S*\s*: DEBUG /) or # syntax of 0.7.? fail2ban
> 	 ($ThisLine =~ /..,... INFO: (Fail2Ban v.* is running|Exiting|Enabled sections:)/) or
>-	 ($ThisLine =~ /INFO\s+Log rotation detected for/) or
>-	 ($ThisLine =~ /INFO\s+Jail.+(?:stopped|started|uses poller|uses pyinotify)/) or
>+	 ($ThisLine =~ /INFO\s+(Log rotation detected for|rollover performed on)/) or
>+	 ($ThisLine =~ /INFO\s+Jail.+(?:stopped|started|uses poller|uses pyinotify|is not a)/) or
> 	 ($ThisLine =~ /INFO\s+Changed logging target to/) or
> 	 ($ThisLine =~ /INFO\s+Creating new jail/) or
> 	 ($ThisLine =~ /..,... \S+\s*: INFO\s+(Set |Socket|Exiting|Gamin|Created|Added|Using)/) or # syntax of 0.7.? fail2ban
>@@ -76,13 +76,15 @@
> 	 ($ThisLine =~ /WARNING Determined IP using DNS Lookup: [^ ]+ = \['[^']+'\]/) or
> 	 ($ThisLine =~ /INFO\s+(Stopping all jails|Exiting Fail2ban)/) or
> 	 ($ThisLine =~ /INFO\s+Initiated 'pyinotify' backend/) or
>-	 ($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/)
>+	 ($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/) or
>+         ($ThisLine =~ m/INFO\s+\[?(.*?)[]:]?\sFound[^\.]* (\S+)/) or
>+         ($ThisLine =~ m/INFO\s+Connected to fail2ban persistent database/)
>        )
>     {
> 	if ( $Debug >= 6 ) {
> 	    print STDERR "DEBUG($DebugCounter): line ignored\n";
> 	}
>-    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {
>+    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {
> 	if ( $Debug >= 6 ) {
> 	    print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
> 	}
>@@ -95,7 +97,7 @@
> 	push @{$ServicesBans{$Service}{$Host}{'Failures'}}, $NumFailures;
>     } elsif ( my ($Service,$Host) = ($ThisLine =~ m/ ERROR:\s(.*):\s(\S+)\salready in ban list/)) {
>    	 $ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++;
>-    } elsif ( my ($Service,$Host) = ($ThisLine =~ m/(?:INFO|WARNING)\s*\[(.*)\]\s*(\S+)\s*already banned/)) {
>+    } elsif ( my ($Service,$Host) = ($ThisLine =~ m/(?:INFO|WARNING|NOTICE)\s*\[(.*)\]\s*(\S+)\s*already banned/)) {
>        $ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++;
>     } elsif ( my ($Service,$Host) = ($ThisLine =~ m/ WARNING:\s(.*):\sReBan (\S+)/)) {
> 	    $ServicesBans{$Service}{$Host}{'ReBan'}++;

Actions: View | Diff

Attachments on bug 1048639: 845873 | 948123