[Pkg-logwatch-general] r40 - in trunk: debian
debian/dist.conf/logfiles debian/dist.conf/services patches
Willi Mann
willi-guest at costa.debian.org
Tue May 2 15:27:42 UTC 2006
Author: willi-guest
Date: 2006-05-02 15:27:39 +0000 (Tue, 02 May 2006)
New Revision: 40
Added:
trunk/debian/dist.conf/logfiles/fail2ban.conf
trunk/debian/dist.conf/services/fail2ban.conf
trunk/patches/00-addfail2ban.diff
Modified:
trunk/debian/changelog
Log:
Add the fail2ban script
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2006-04-29 11:39:59 UTC (rev 39)
+++ trunk/debian/changelog 2006-05-02 15:27:39 UTC (rev 40)
@@ -1,4 +1,4 @@
-logwatch (7.3-0test1) unstable; urgency=low
+logwatch (7.3-0test2) unstable; urgency=low
* New upstream release
- this should fix the reports about exim "Unmatched Entries".
@@ -8,6 +8,7 @@
* Add some unmatched lines for smartd.
* remove no longer needed debian-specific logfile definitions. merged
upstream.
+ * add fail2ban scripts from Yaroslav Halchenko. closes: #359177
-- Willi Mann <willi at wm1.at> Sun, 19 Mar 2006 18:29:50 +0100
Added: trunk/debian/dist.conf/logfiles/fail2ban.conf
===================================================================
--- trunk/debian/dist.conf/logfiles/fail2ban.conf 2006-04-29 11:39:59 UTC (rev 39)
+++ trunk/debian/dist.conf/logfiles/fail2ban.conf 2006-05-02 15:27:39 UTC (rev 40)
@@ -0,0 +1,23 @@
+##########################################################################
+# $Id: $
+##########################################################################
+
+########################################################
+# Created by HMR 2/28/06
+# Modified by Yaroslav Halchenko <debian at onerussian.com>
+#
+# What actual file? Defaults to LogPath if not absolute path....
+LogFile = fail2ban.log
+
+# If the archives are searched, here is one or more line
+# (optionally containing wildcards) that tell where they are...
+# Note: if these are gzipped, you need to end with a .gz even if
+# you use wildcards...
+Archive = fail2ban.log.*
+Archive = fail2ban.log.*.gz
+Archive = archiv/fail2ban.log.*
+Archive = archiv/fail2ban.log.*.gz
+
+# HMR 3/1/06 use custom applyeurodate script to filter out European time stamps
+# ./scripts/shared/applyeurodate
+*ApplyEuroDate
Added: trunk/debian/dist.conf/services/fail2ban.conf
===================================================================
--- trunk/debian/dist.conf/services/fail2ban.conf 2006-04-29 11:39:59 UTC (rev 39)
+++ trunk/debian/dist.conf/services/fail2ban.conf 2006-05-02 15:27:39 UTC (rev 40)
@@ -0,0 +1,22 @@
+###########################################################################
+# $Id: $
+###########################################################################
+
+# You can put comments anywhere you want to. They are effective for the
+# rest of the line.
+
+# this is in the format of <name> = <value>. Whitespace at the beginning
+# and end of the lines is removed. Whitespace before and after the = sign
+# is removed. Everything is case *insensitive*.
+
+# Yes = True = On = 1
+# No = False = Off = 0
+
+Title = fail2ban-messages
+
+# Which logfile group...
+LogFile = fail2ban
+
+*RemoveHeaders =
+
+
Added: trunk/patches/00-addfail2ban.diff
===================================================================
--- trunk/patches/00-addfail2ban.diff 2006-04-29 11:39:59 UTC (rev 39)
+++ trunk/patches/00-addfail2ban.diff 2006-05-02 15:27:39 UTC (rev 40)
@@ -0,0 +1,148 @@
+diff -urN logwatch.b/scripts/services/fail2ban logwatch-7.3/scripts/services/fail2ban
+--- logwatch.b/scripts/services/fail2ban 1970-01-01 01:00:00.000000000 +0100
++++ logwatch-7.3/scripts/services/fail2ban 2006-05-01 18:09:08.000000000 +0200
+@@ -0,0 +1,103 @@
++#!/usr/bin/perl
++##########################################################################
++# $Id: $
++##########################################################################
++# $Log: $
++# Revision ?.?? 2005/10/19 05:48:39
++# Written by Yaroslav Halchenko <debian at onerussian.com> for fail2ban
++#
++# This script is licensed under the same terms as logwatch, ie under
++# permissive X11 license (see /usr/share/doc/logwatch/copyright for more
++# details)
++#
++##########################################################################
++
++use strict;
++use Logwatch ':all';
++
++my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
++my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
++my $IgnoreHost = $ENV{'sshd_ignore_host'} || "";
++my $DebugCounter = 0;
++
++my @OtherList = ();
++
++my %ServicesBans = ();
++
++if ( $Debug >= 5 ) {
++ print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n";
++ $DebugCounter = 1;
++}
++
++while (defined(my $ThisLine = <STDIN>)) {
++ if ( $Debug >= 5 ) {
++ print STDERR "DEBUG($DebugCounter): $ThisLine";
++ $DebugCounter++;
++ }
++ chomp($ThisLine);
++ if ( ($ThisLine =~ /..,... DEBUG: /) or
++ ($ThisLine =~ /..,... INFO: (Fail2Ban v.* is running|Exiting|Enabled sections:)/) or
++ ($ThisLine =~ /..,... WARNING: Verbose level is /) or
++ ($ThisLine =~ /..,... WARNING: Restoring firewall rules/)
++ )
++ {
++ if ( $Debug >= 6 ) {
++ print STDERR "DEBUG($DebugCounter): line ignored\n";
++ }
++ } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:\s(.*):\s(Ban|Unban)[^\.]* (\S+)/)) {
++ if ( $Debug >= 6 ) {
++ print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
++ }
++ $ServicesBans{$Service}{$Host}{$Action}++;
++ $ServicesBans{$Service}{"(all)"}{$Action}++;
++ } elsif ( my ($Service,$Host,$NumFailures) = ($ThisLine =~ m/INFO: (\S+): (.+) has (\d+) login failure\(s\). Banned./)) {
++ if ($Debug >= 4) {
++ print STDERR "DEBUG: Found host $Host trying to access $Service - failed $NumFailures times\n";
++ }
++ push @{$ServicesBans{$Service}{$Host}{'Failures'}}, $NumFailures;
++ } else
++ {
++ # Report any unmatched entries...
++ push @OtherList, "$ThisLine\n";
++ }
++}
++
++###########################################################
++
++
++if (keys %ServicesBans) {
++ printf("\nBanned services with Fail2Ban: Bans:Unbans\n");
++ foreach my $service (sort {$a cmp $b} keys %ServicesBans) {
++ printf(" %-55s [%3d:%-3d]\n", "$service:",
++ $ServicesBans{$service}{'(all)'}{'Ban'},
++ $ServicesBans{$service}{'(all)'}{'Unban'});
++ delete $ServicesBans{$service}{'(all)'};
++ my $totalSort = TotalCountOrder(%{$ServicesBans{$service}}, \&SortIP);
++ if ($Detail >= 5) {
++ foreach my $ip (sort $totalSort keys %{$ServicesBans{$service}}) {
++ my $name = LookupIP($ip);
++ printf(" %-53s %3d:%-3d\n",
++ $name,
++ $ServicesBans{$service}{$ip}{'Ban'},
++ $ServicesBans{$service}{$ip}{'Unban'});
++ if (($Detail >= 10) and ($ServicesBans{$service}{$ip}{'Failures'}>0)) {
++ print " Failed ";
++ foreach my $fails (@{$ServicesBans{$service}{$ip}{'Failures'}}) {
++ print " $fails";
++ }
++ print " times";
++ print "\n";
++ }
++ }
++ }
++ }
++}
++
++if ($Detail>0 and $#OtherList >= 0) {
++ print "\n**Unmatched Entries**\n";
++ print @OtherList;
++}
++
++exit(0);
++
++# vi: shiftwidth=3 tabstop=3 syntax=perl et
+diff -urN logwatch.b/scripts/shared/applyeurodate logwatch-7.3/scripts/shared/applyeurodate
+--- logwatch.b/scripts/shared/applyeurodate 1970-01-01 01:00:00.000000000 +0100
++++ logwatch-7.3/scripts/shared/applyeurodate 2006-05-01 18:15:09.000000000 +0200
+@@ -0,0 +1,37 @@
++#!/usr/bin/perl
++##########################################################################
++# $Id: $
++##########################################################################
++
++########################################################
++# This was originally written by
++# Yaroslav Halchenko <debian at onerussian.com>
++########################################################
++
++#
++## Modified from applystddate by yoh at onerussian.com to accept dates
++## as reported by fail2ban:
++#2006-03-17 05:17:19,757 WARNING: SSH: Unban 202.63.117.71
++#
++# This script is licensed under the same terms as logwatch, ie under
++# permissive X11 license (see /usr/share/doc/logwatch/copyright for more
++# details)
++#
++use Logwatch ':dates';
++
++my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
++
++$SearchDate = TimeFilter('%Y-%m-%d %H:%M:%S,...');
++
++if ( $Debug > 5 ) {
++ print STDERR "DEBUG: Inside ApplyEuroDate...\n";
++ print STDERR "DEBUG: Looking For: " . $SearchDate . "\n";
++}
++
++while (defined($ThisLine = <STDIN>)) {
++ if ($ThisLine =~ m/^$SearchDate /o) {
++ print $ThisLine;
++ }
++}
++
++# vi: shiftwidth=3 syntax=perl tabstop=3 et
More information about the Pkg-logwatch-general
mailing list