[Pkg-logwatch-general] r42 - in trunk: debian patches
Willi Mann
willi-guest at costa.debian.org
Thu May 25 16:26:59 UTC 2006
Author: willi-guest
Date: 2006-05-25 16:26:59 +0000 (Thu, 25 May 2006)
New Revision: 42
Added:
trunk/patches/01-fail2banv2.diff
Modified:
trunk/debian/changelog
trunk/debian/control
Log:
7.3-1test1:
* Update fail2ban script to recognise some more messages from Yaroslav
Halchenko.
* Update standards version to 3.7.2. No changes.
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2006-05-03 16:51:45 UTC (rev 41)
+++ trunk/debian/changelog 2006-05-25 16:26:59 UTC (rev 42)
@@ -1,3 +1,11 @@
+logwatch (7.3-1test1) unstable; urgency=low
+
+ * Update fail2ban script to recognise some more messages from Yaroslav
+ Halchenko.
+ * Update standards version to 3.7.2. No changes.
+
+ -- Willi Mann <willi at wm1.at> Thu, 25 May 2006 17:37:58 +0200
+
logwatch (7.3-1) unstable; urgency=low
* New upstream release
Modified: trunk/debian/control
===================================================================
--- trunk/debian/control 2006-05-03 16:51:45 UTC (rev 41)
+++ trunk/debian/control 2006-05-25 16:26:59 UTC (rev 42)
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Willi Mann <willi at wm1.at>
Build-Depends-Indep: debhelper (>> 3.0.0)
-Standards-Version: 3.7.0.0
+Standards-Version: 3.7.2.0
Package: logwatch
Architecture: all
Added: trunk/patches/01-fail2banv2.diff
===================================================================
--- trunk/patches/01-fail2banv2.diff 2006-05-03 16:51:45 UTC (rev 41)
+++ trunk/patches/01-fail2banv2.diff 2006-05-25 16:26:59 UTC (rev 42)
@@ -0,0 +1,170 @@
+diff -ur logwatch-7.3.b/scripts/services/fail2ban logwatch-7.3/scripts/services/fail2ban
+--- logwatch-7.3.b/scripts/services/fail2ban 2006-05-25 17:35:02.000000000 +0200
++++ logwatch-7.3/scripts/services/fail2ban 2006-05-25 17:36:47.000000000 +0200
+@@ -19,7 +19,9 @@
+ my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
+ my $IgnoreHost = $ENV{'sshd_ignore_host'} || "";
+ my $DebugCounter = 0;
+-
++my $ReInitializations = 0;
++my @IptablesErrors = ();
++my $NotValidIP = 0; # reported invalid IPs number
+ my @OtherList = ();
+
+ my %ServicesBans = ();
+@@ -30,72 +32,98 @@
+ }
+
+ while (defined(my $ThisLine = <STDIN>)) {
+- if ( $Debug >= 5 ) {
+- print STDERR "DEBUG($DebugCounter): $ThisLine";
+- $DebugCounter++;
++ if ( $Debug >= 5 ) {
++ print STDERR "DEBUG($DebugCounter): $ThisLine";
++ $DebugCounter++;
++ }
++ chomp($ThisLine);
++ if ( ($ThisLine =~ /..,... DEBUG: /) or
++ ($ThisLine =~ /..,... INFO: (Fail2Ban v.* is running|Exiting|Enabled sections:)/) or
++ ($ThisLine =~ /..,... WARNING: Verbose level is /) or
++ ($ThisLine =~ /..,... WARNING: Restoring firewall rules/)
++ )
++ {
++ if ( $Debug >= 6 ) {
++ print STDERR "DEBUG($DebugCounter): line ignored\n";
+ }
+- chomp($ThisLine);
+- if ( ($ThisLine =~ /..,... DEBUG: /) or
+- ($ThisLine =~ /..,... INFO: (Fail2Ban v.* is running|Exiting|Enabled sections:)/) or
+- ($ThisLine =~ /..,... WARNING: Verbose level is /) or
+- ($ThisLine =~ /..,... WARNING: Restoring firewall rules/)
+- )
+- {
+- if ( $Debug >= 6 ) {
+- print STDERR "DEBUG($DebugCounter): line ignored\n";
+- }
+- } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:\s(.*):\s(Ban|Unban)[^\.]* (\S+)/)) {
+- if ( $Debug >= 6 ) {
+- print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
+- }
+- $ServicesBans{$Service}{$Host}{$Action}++;
+- $ServicesBans{$Service}{"(all)"}{$Action}++;
+- } elsif ( my ($Service,$Host,$NumFailures) = ($ThisLine =~ m/INFO: (\S+): (.+) has (\d+) login failure\(s\). Banned./)) {
+- if ($Debug >= 4) {
+- print STDERR "DEBUG: Found host $Host trying to access $Service - failed $NumFailures times\n";
+- }
+- push @{$ServicesBans{$Service}{$Host}{'Failures'}}, $NumFailures;
+- } else
+- {
+- # Report any unmatched entries...
+- push @OtherList, "$ThisLine\n";
+- }
++ } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:\s(.*):\s(Ban|Unban)[^\.]* (\S+)/)) {
++ if ( $Debug >= 6 ) {
++ print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
++ }
++ $ServicesBans{$Service}{$Host}{$Action}++;
++ $ServicesBans{$Service}{"(all)"}{$Action}++;
++ } elsif ( my ($Service,$Host,$NumFailures) = ($ThisLine =~ m/INFO: (\S+): (.+) has (\d+) login failure\(s\). Banned./)) {
++ if ($Debug >= 4) {
++ print STDERR "DEBUG: Found host $Host trying to access $Service - failed $NumFailures times\n";
++ }
++ push @{$ServicesBans{$Service}{$Host}{'Failures'}}, $NumFailures;
++ } elsif ( my ($Service,$Host) = ($ThisLine =~ m/ ERROR:\s(.*):\s(\S+)\salready in ban list/)) {
++ $ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++;
++ } elsif ( my ($Service,$Host) = ($ThisLine =~ m/ WARNING:\s(.*):\sReBan (\S+)/)) {
++ $ServicesBans{$Service}{$Host}{'ReBan'}++;
++ } elsif ($ThisLine =~ /..,... ERROR: (Execution of command )?\'iptables/) {
++ push @IptablesErrors, "$ThisLine\n";
++ } elsif ($ThisLine =~ /..,... WARNING: \#\S+ reinitialization of firewalls/) {
++ $ReInitializations++;
++ } elsif ($ThisLine =~ /..,... WARNING: is not a valid IP address/) {
++ # just ignore - this will be fixed within fail2ban and is harmless warning
++ }
++ else
++ {
++ # Report any unmatched entries...
++ push @OtherList, "$ThisLine\n";
++ }
+ }
+
+ ###########################################################
+
+
+ if (keys %ServicesBans) {
+- printf("\nBanned services with Fail2Ban: Bans:Unbans\n");
+- foreach my $service (sort {$a cmp $b} keys %ServicesBans) {
+- printf(" %-55s [%3d:%-3d]\n", "$service:",
+- $ServicesBans{$service}{'(all)'}{'Ban'},
+- $ServicesBans{$service}{'(all)'}{'Unban'});
+- delete $ServicesBans{$service}{'(all)'};
+- my $totalSort = TotalCountOrder(%{$ServicesBans{$service}}, \&SortIP);
+- if ($Detail >= 5) {
+- foreach my $ip (sort $totalSort keys %{$ServicesBans{$service}}) {
+- my $name = LookupIP($ip);
+- printf(" %-53s %3d:%-3d\n",
+- $name,
+- $ServicesBans{$service}{$ip}{'Ban'},
+- $ServicesBans{$service}{$ip}{'Unban'});
+- if (($Detail >= 10) and ($ServicesBans{$service}{$ip}{'Failures'}>0)) {
+- print " Failed ";
+- foreach my $fails (@{$ServicesBans{$service}{$ip}{'Failures'}}) {
+- print " $fails";
+- }
+- print " times";
+- print "\n";
+- }
+- }
+- }
+- }
++ printf("\nBanned services with Fail2Ban: Bans:Unbans\n");
++ foreach my $service (sort {$a cmp $b} keys %ServicesBans) {
++ printf(" %-55s [%3d:%-3d]\n", "$service:",
++ $ServicesBans{$service}{'(all)'}{'Ban'},
++ $ServicesBans{$service}{'(all)'}{'Unban'});
++ delete $ServicesBans{$service}{'(all)'};
++ my $totalSort = TotalCountOrder(%{$ServicesBans{$service}}, \&SortIP);
++ if ($Detail >= 5) {
++ foreach my $ip (sort $totalSort keys %{$ServicesBans{$service}}) {
++ my $name = LookupIP($ip);
++ printf(" %-53s %3d:%-3d\n",
++ $name,
++ $ServicesBans{$service}{$ip}{'Ban'},
++ $ServicesBans{$service}{$ip}{'Unban'});
++ if (($Detail >= 10) and ($ServicesBans{$service}{$ip}{'Failures'}>0)) {
++ print " Failed ";
++ foreach my $fails (@{$ServicesBans{$service}{$ip}{'Failures'}}) {
++ print " $fails";
++ }
++ print " times";
++ printf("\n %d Duplicate Ban attempts", $ServicesBans{$service}{$ip}{'AlreadyInTheList'}) ;
++ printf("\n %d ReBans due to rules reinitilizations", $ServicesBans{$service}{$ip}{'ReBan'}) ;
++ print "\n";
++ }
++ }
++ }
++ }
+ }
+
+-if ($Detail>0 and $#OtherList >= 0) {
+- print "\n**Unmatched Entries**\n";
+- print @OtherList;
++
++if ($Detail>0) {
++ if ($#IptablesErrors > 0) {
++ printf("\n%d faulty iptables invocation(s)", $#IptablesErrors);
++ if ($Detail > 5) {
++ print ":\n";
++ print @IptablesErrors ;
++ }
++ }
++ if ($ReInitializations > 0) {
++ printf("\n%d fail2ban rules reinitialization(s)", $ReInitializations);
++ }
++ if ($#OtherList >= 0) {
++ print "\n**Unmatched Entries**\n";
++ print @OtherList;
++ }
+ }
+
+ exit(0);
More information about the Pkg-logwatch-general
mailing list