Attachment #115549 for bug #157318

View | Details | Raw Unified | Return to bug 157318
Collapse All | Expand All




--- config/filter.d/common.conf.orig	2011-05-25 14:25:33.000000000 +0100
+++ config/filter.d/common.conf	2011-05-25 14:25:42.000000000 +0100
@@ -32,10 +32,13 @@
 # EXAMPLES: sshd[31607], pop(pam_unix)[4920]
 __daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
 
+# Logging facility and priority for BSD "-v" verbose mode
+__bsd_verbose_mode = (?:\s*\<\S+\.\S+\>\s*)
+
 #
 # Common line prefixes (beginnings) which could be used in filters
 #
 #       [hostname] [vserver tag] daemon_id spaces
 # this can be optional (for instance if we match named native log files)
-__prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
+__prefix_line = \s*%(__bsd_verbose_mode)s(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
 




--- /dev/null   2010-01-12 16:33:00.000000000 -0500
+++ ./config/action.d/pf.conf     2010-01-12 16:26:51.000000000 -0500
@@ -0,0 +1,56 @@
+# Fail2Ban configuration file
+#
+# OpenBSD pf ban/unban
+#
+# Author: Nick Hilliard <nick@foobar.org>
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+# we don't enable PF automatically, as it will be enabled elsewhere
+actionstart = 
+
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+# we don't disable PF automatically either
+actionstop = 
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = /sbin/pfctl -t fail2ban -T add <ip>/32
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+# note -r option used to remove matching rule
+actionunban = /sbin/pfctl -t fail2ban -T delete <ip>/32
+
+[Init]

Return to bug 157318

Line 0 Link Here

(-)py-fail2ban/files/patch-common.conf (+17 lines)
	1	--- config/filter.d/common.conf.orig 2011-05-25 14:25:33.000000000 +0100
	2	+++ config/filter.d/common.conf 2011-05-25 14:25:42.000000000 +0100
	3	@@ -32,10 +32,13 @@
	4	# EXAMPLES: sshd[31607], pop(pam_unix)[4920]
	5	__daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s\|%(__daemon_re)s%(__pid_re)s?:)
	6
	7	+# Logging facility and priority for BSD "-v" verbose mode
	8	+__bsd_verbose_mode = (?:\s\<\S+\.\S+\>\s)
	9	+
	10	#
	11	# Common line prefixes (beginnings) which could be used in filters
	12	#
	13	# [hostname] [vserver tag] daemon_id spaces
	14	# this can be optional (for instance if we match named native log files)
	15	-__prefix_line = \s(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s
	16	+__prefix_line = \s%(__bsd_verbose_mode)s(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s
	17

Line 0 Link Here

(-)py-fail2ban/files/patch-pf.conf (+59 lines)
	1	--- /dev/null 2010-01-12 16:33:00.000000000 -0500
	2	+++ ./config/action.d/pf.conf 2010-01-12 16:26:51.000000000 -0500
	3	@@ -0,0 +1,56 @@
	4	+# Fail2Ban configuration file
	5	+#
	6	+# OpenBSD pf ban/unban
	7	+#
	8	+# Author: Nick Hilliard <nick@foobar.org>
	9	+#
	10	+#
	11	+
	12	+[Definition]
	13	+
	14	+# Option: actionstart
	15	+# Notes.: command executed once at the start of Fail2Ban.
	16	+# Values: CMD
	17	+#
	18	+# we don't enable PF automatically, as it will be enabled elsewhere
	19	+actionstart =
	20	+
	21	+
	22	+# Option: actionstop
	23	+# Notes.: command executed once at the end of Fail2Ban
	24	+# Values: CMD
	25	+#
	26	+# we don't disable PF automatically either
	27	+actionstop =
	28	+
	29	+
	30	+# Option: actioncheck
	31	+# Notes.: command executed once before each actionban command
	32	+# Values: CMD
	33	+#
	34	+actioncheck =
	35	+
	36	+
	37	+# Option: actionban
	38	+# Notes.: command executed when banning an IP. Take care that the
	39	+# command is executed with Fail2Ban user rights.
	40	+# Tags: <ip> IP address
	41	+# <failures> number of failures
	42	+# <time> unix timestamp of the ban time
	43	+# Values: CMD
	44	+#
	45	+actionban = /sbin/pfctl -t fail2ban -T add <ip>/32
	46	+
	47	+
	48	+# Option: actionunban
	49	+# Notes.: command executed when unbanning an IP. Take care that the
	50	+# command is executed with Fail2Ban user rights.
	51	+# Tags: <ip> IP address
	52	+# <failures> number of failures
	53	+# <time> unix timestamp of the ban time
	54	+# Values: CMD
	55	+#
	56	+# note -r option used to remove matching rule
	57	+actionunban = /sbin/pfctl -t fail2ban -T delete <ip>/32
	58	+
	59	+[Init]