[Pkg-logwatch-general] r40 - in trunk: debian debian/dist.conf/logfiles debian/dist.conf/services patches

Tue May 2 15:27:42 UTC 2006

Author: willi-guest
Date: 2006-05-02 15:27:39 +0000 (Tue, 02 May 2006)
New Revision: 40

Added:
   trunk/debian/dist.conf/logfiles/fail2ban.conf
   trunk/debian/dist.conf/services/fail2ban.conf
   trunk/patches/00-addfail2ban.diff
Modified:
   trunk/debian/changelog
Log:
Add the fail2ban script


Modified: trunk/debian/changelog
===================================================================

--- trunk/debian/changelog	2006-04-29 11:39:59 UTC (rev 39)
+++ trunk/debian/changelog	2006-05-02 15:27:39 UTC (rev 40)
@@ -1,4 +1,4 @@
-logwatch (7.3-0test1) unstable; urgency=low
+logwatch (7.3-0test2) unstable; urgency=low
 
   * New upstream release
     - this should fix the reports about exim "Unmatched Entries". 
@@ -8,6 +8,7 @@
   * Add some unmatched lines for smartd. 
   * remove no longer needed debian-specific logfile definitions. merged
     upstream.
+  * add fail2ban scripts from Yaroslav Halchenko. closes: #359177
 
  -- Willi Mann <willi at wm1.at>  Sun, 19 Mar 2006 18:29:50 +0100
 

Added: trunk/debian/dist.conf/logfiles/fail2ban.conf
===================================================================
--- trunk/debian/dist.conf/logfiles/fail2ban.conf	2006-04-29 11:39:59 UTC (rev 39)
+++ trunk/debian/dist.conf/logfiles/fail2ban.conf	2006-05-02 15:27:39 UTC (rev 40)
@@ -0,0 +1,23 @@
+##########################################################################
+# $Id: $
+##########################################################################
+
+########################################################
+# Created by HMR 2/28/06
+# Modified by Yaroslav Halchenko <debian at onerussian.com>
+#
+# What actual file?  Defaults to LogPath if not absolute path....
+LogFile = fail2ban.log
+
+# If the archives are searched, here is one or more line
+# (optionally containing wildcards) that tell where they are...
+# Note: if these are gzipped, you need to end with a .gz even if
+#       you use wildcards...
+Archive = fail2ban.log.*
+Archive = fail2ban.log.*.gz
+Archive = archiv/fail2ban.log.*
+Archive = archiv/fail2ban.log.*.gz
+
+# HMR 3/1/06 use custom applyeurodate script to filter out European time stamps
+# ./scripts/shared/applyeurodate
+*ApplyEuroDate

Added: trunk/debian/dist.conf/services/fail2ban.conf
===================================================================
--- trunk/debian/dist.conf/services/fail2ban.conf	2006-04-29 11:39:59 UTC (rev 39)
+++ trunk/debian/dist.conf/services/fail2ban.conf	2006-05-02 15:27:39 UTC (rev 40)
@@ -0,0 +1,22 @@
+###########################################################################
+# $Id: $
+###########################################################################
+
+# You can put comments anywhere you want to.  They are effective for the
+# rest of the line.
+
+# this is in the format of <name> = <value>.  Whitespace at the beginning
+# and end of the lines is removed.  Whitespace before and after the = sign
+# is removed.  Everything is case *insensitive*.
+
+# Yes = True  = On  = 1
+# No  = False = Off = 0
+
+Title = fail2ban-messages
+
+# Which logfile group...
+LogFile = fail2ban
+
+*RemoveHeaders =
+
+

Added: trunk/patches/00-addfail2ban.diff
===================================================================
--- trunk/patches/00-addfail2ban.diff	2006-04-29 11:39:59 UTC (rev 39)
+++ trunk/patches/00-addfail2ban.diff	2006-05-02 15:27:39 UTC (rev 40)
@@ -0,0 +1,148 @@
+diff -urN logwatch.b/scripts/services/fail2ban logwatch-7.3/scripts/services/fail2ban
+--- logwatch.b/scripts/services/fail2ban	1970-01-01 01:00:00.000000000 +0100
++++ logwatch-7.3/scripts/services/fail2ban	2006-05-01 18:09:08.000000000 +0200
+@@ -0,0 +1,103 @@
++#!/usr/bin/perl
++##########################################################################
++# $Id: $
++##########################################################################
++# $Log:  $
++# Revision ?.??  2005/10/19 05:48:39  
++#  Written by Yaroslav Halchenko <debian at onerussian.com> for fail2ban
++#
++# This script is licensed under the same terms as logwatch, ie under
++# permissive X11 license (see /usr/share/doc/logwatch/copyright for more
++# details)
++#
++##########################################################################
++
++use strict;
++use Logwatch ':all';
++
++my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
++my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
++my $IgnoreHost = $ENV{'sshd_ignore_host'} || "";
++my $DebugCounter = 0;
++
++my @OtherList = ();
++
++my %ServicesBans = ();
++
++if ( $Debug >= 5 ) {
++	print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n";
++	$DebugCounter = 1;
++}
++
++while (defined(my $ThisLine = <STDIN>)) {
++	if ( $Debug >= 5 ) {
++		print STDERR "DEBUG($DebugCounter): $ThisLine";
++		$DebugCounter++;
++	}
++	chomp($ThisLine);
++	if ( ($ThisLine =~ /..,... DEBUG: /) or
++		 ($ThisLine =~ /..,... INFO: (Fail2Ban v.* is running|Exiting|Enabled sections:)/) or
++		 ($ThisLine =~ /..,... WARNING: Verbose level is /) or
++		 ($ThisLine =~ /..,... WARNING: Restoring firewall rules/)
++		 )
++	{
++		if ( $Debug >= 6 ) {
++			print STDERR "DEBUG($DebugCounter): line ignored\n";
++		}
++	} elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:\s(.*):\s(Ban|Unban)[^\.]* (\S+)/)) {
++		if ( $Debug >= 6 ) {
++			print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
++		}
++		$ServicesBans{$Service}{$Host}{$Action}++;
++		$ServicesBans{$Service}{"(all)"}{$Action}++;
++	} elsif ( my ($Service,$Host,$NumFailures) = ($ThisLine =~ m/INFO: (\S+): (.+) has (\d+) login failure\(s\). Banned./)) {
++	   if ($Debug >= 4) {
++		   print STDERR "DEBUG: Found host $Host trying to access $Service - failed $NumFailures times\n";
++	   }
++	   push @{$ServicesBans{$Service}{$Host}{'Failures'}}, $NumFailures;
++   } else
++   {
++	   # Report any unmatched entries...
++	   push @OtherList, "$ThisLine\n";
++   }
++}
++
++###########################################################
++
++
++if (keys %ServicesBans) {
++   printf("\nBanned services with Fail2Ban:                             Bans:Unbans\n");
++   foreach my $service (sort {$a cmp $b} keys %ServicesBans) {
++      printf("   %-55s [%3d:%-3d]\n", "$service:",
++			 $ServicesBans{$service}{'(all)'}{'Ban'},
++			 $ServicesBans{$service}{'(all)'}{'Unban'});
++	  delete $ServicesBans{$service}{'(all)'};
++      my $totalSort = TotalCountOrder(%{$ServicesBans{$service}}, \&SortIP);
++	  if ($Detail >= 5) {
++		  foreach my $ip (sort $totalSort keys %{$ServicesBans{$service}}) {
++			  my $name = LookupIP($ip);
++			  printf("      %-53s %3d:%-3d\n",
++					 $name,
++					 $ServicesBans{$service}{$ip}{'Ban'},
++					 $ServicesBans{$service}{$ip}{'Unban'});
++			  if (($Detail >= 10) and ($ServicesBans{$service}{$ip}{'Failures'}>0)) {
++				  print "        Failed ";
++				  foreach my $fails (@{$ServicesBans{$service}{$ip}{'Failures'}}) {
++					  print " $fails";
++				  }
++				  print " times";
++				  print "\n";
++			  }
++		  }
++	  }
++  }
++}
++
++if ($Detail>0 and $#OtherList >= 0) {
++   print "\n**Unmatched Entries**\n";
++   print @OtherList;
++}
++
++exit(0);
++
++# vi: shiftwidth=3 tabstop=3 syntax=perl et
+diff -urN logwatch.b/scripts/shared/applyeurodate logwatch-7.3/scripts/shared/applyeurodate
+--- logwatch.b/scripts/shared/applyeurodate	1970-01-01 01:00:00.000000000 +0100
++++ logwatch-7.3/scripts/shared/applyeurodate	2006-05-01 18:15:09.000000000 +0200
+@@ -0,0 +1,37 @@
++#!/usr/bin/perl
++##########################################################################
++# $Id: $
++##########################################################################
++
++########################################################
++# This was originally written by 
++#           Yaroslav Halchenko <debian at onerussian.com>
++########################################################
++
++#
++## Modified from applystddate by yoh at onerussian.com to accept dates
++## as reported by fail2ban:
++#2006-03-17 05:17:19,757 WARNING: SSH: Unban 202.63.117.71
++#
++# This script is licensed under the same terms as logwatch, ie under
++# permissive X11 license (see /usr/share/doc/logwatch/copyright for more
++# details)
++#
++use Logwatch ':dates';
++
++my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
++
++$SearchDate = TimeFilter('%Y-%m-%d %H:%M:%S,...');
++
++if ( $Debug > 5 ) {
++   print STDERR "DEBUG: Inside ApplyEuroDate...\n";
++   print STDERR "DEBUG: Looking For: " . $SearchDate . "\n";
++}
++
++while (defined($ThisLine = <STDIN>)) {
++   if ($ThisLine =~ m/^$SearchDate /o) {
++      print $ThisLine;
++   }
++}
++
++# vi: shiftwidth=3 syntax=perl tabstop=3 et


