Orion Poplawski
10 years ago
commit
a623fb662a
@ -0,0 +1,26 @@
|
||||
From d8867807f560838e70375cc9ca90585179700fe6 Mon Sep 17 00:00:00 2001
|
||||
From: Orion Poplawski <orion@cora.nwra.com>
|
||||
Date: Fri, 28 Nov 2014 22:04:09 -0700
|
||||
Subject: [PATCH] Separate php-url-fopen logpath by newline
|
||||
|
||||
---
|
||||
config/jail.conf | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/config/jail.conf b/config/jail.conf
|
||||
index d119d22..6a95aa1 100644
|
||||
--- a/config/jail.conf
|
||||
+++ b/config/jail.conf
|
||||
@@ -302,7 +302,8 @@ logpath = %(nginx_error_log)s
|
||||
[php-url-fopen]
|
||||
|
||||
port = http,https
|
||||
-logpath = %(nginx_access_log)s %(apache_access_log)s
|
||||
+logpath = %(nginx_access_log)s
|
||||
+ %(apache_access_log)s
|
||||
|
||||
|
||||
[suhosin]
|
||||
--
|
||||
2.1.0
|
||||
|
||||
@ -1,21 +0,0 @@
|
||||
commit 1470e3c01d49841335e11ed7ca7898516d1b8be8
|
||||
Author: Steven Hiscocks <steven@hiscocks.me.uk>
|
||||
Date: Wed Mar 19 19:09:07 2014 +0000
|
||||
|
||||
BF: fail2ban.conf reader expected "int" type for `loglevel`
|
||||
|
||||
Closes #657
|
||||
|
||||
diff --git a/fail2ban/client/fail2banreader.py b/fail2ban/client/fail2banreader.py
|
||||
index f17ff92..251c698 100644
|
||||
--- a/fail2ban/client/fail2banreader.py
|
||||
+++ b/fail2ban/client/fail2banreader.py
|
||||
@@ -45,7 +45,7 @@ class Fail2banReader(ConfigReader):
|
||||
return ConfigReader.getOptions(self, "Definition", opts)
|
||||
|
||||
def getOptions(self):
|
||||
- opts = [["int", "loglevel", "INFO" ],
|
||||
+ opts = [["string", "loglevel", "INFO" ],
|
||||
["string", "logtarget", "STDERR"],
|
||||
["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"],
|
||||
["int", "dbpurgeage", 86400]]
|
||||
@ -1,53 +0,0 @@
|
||||
diff -up fail2ban-0.9/config/jail.conf.logpath fail2ban-0.9/config/jail.conf
|
||||
--- fail2ban-0.9/config/jail.conf.logpath 2014-08-08 13:29:40.101582649 -0600
|
||||
+++ fail2ban-0.9/config/jail.conf 2014-08-08 13:33:56.376307236 -0600
|
||||
@@ -370,7 +370,7 @@ logpath = /var/log/tomcat*/catalina.out
|
||||
[webmin-auth]
|
||||
|
||||
port = 10000
|
||||
-logpath = /var/log/auth.log
|
||||
+logpath = %(syslog_authpriv)s
|
||||
|
||||
|
||||
#
|
||||
@@ -423,7 +423,7 @@ maxretry = 6
|
||||
|
||||
[vsftpd]
|
||||
# or overwrite it in jails.local to be
|
||||
-# logpath = /var/log/auth.log
|
||||
+# logpath = %(syslog_authpriv)s
|
||||
# if you want to rely on PAM failed login attempts
|
||||
# vsftpd's failregex should match both of those formats
|
||||
port = ftp,ftp-data,ftps,ftps-data
|
||||
@@ -533,7 +533,7 @@ logpath = %(postfix_log)s
|
||||
[perdition]
|
||||
|
||||
port = imap3,imaps,pop3,pop3s
|
||||
-logpath = /var/log/maillog
|
||||
+logpath = %(syslog_mail)s
|
||||
|
||||
|
||||
[squirrelmail]
|
||||
@@ -657,13 +657,13 @@ maxretry = 5
|
||||
[pam-generic]
|
||||
# pam-generic filter can be customized to monitor specific subset of 'tty's
|
||||
banaction = iptables-allports
|
||||
-logpath = /var/log/auth.log
|
||||
+logpath = %(syslog_authpriv)s
|
||||
|
||||
|
||||
[xinetd-fail]
|
||||
|
||||
banaction = iptables-multiport-log
|
||||
-logpath = /var/log/daemon.log
|
||||
+logpath = %(syslog_daemon)s
|
||||
maxretry = 2
|
||||
|
||||
|
||||
@@ -693,5 +693,5 @@ action = %(banaction)s[name=%(__name__)
|
||||
[nagios]
|
||||
|
||||
enabled = false
|
||||
-logpath = /var/log/messages ; nrpe.cfg may define a different log_facility
|
||||
+logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility
|
||||
maxretry = 1
|
||||
@ -1,20 +0,0 @@
|
||||
commit 175c5934620adb600fe4435732a3887855320669
|
||||
Author: Steven Hiscocks <steven@hiscocks.me.uk>
|
||||
Date: Wed Mar 19 19:30:48 2014 +0000
|
||||
|
||||
TST: Skip badips.py test is no network option set
|
||||
|
||||
diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py
|
||||
index 456a829..85c1d92 100644
|
||||
--- a/fail2ban/tests/utils.py
|
||||
+++ b/fail2ban/tests/utils.py
|
||||
@@ -209,6 +209,9 @@ def gatherTests(regexps=None, no_network=False):
|
||||
for file_ in os.listdir(
|
||||
os.path.abspath(os.path.dirname(action_d.__file__))):
|
||||
if file_.startswith("test_") and file_.endswith(".py"):
|
||||
+ if no_network and file_ in ['test_badips.py']: #pragma: no cover
|
||||
+ # Test required network
|
||||
+ continue
|
||||
tests.addTest(testloader.loadTestsFromName(
|
||||
"%s.%s" % (action_d.__name__, os.path.splitext(file_)[0])))
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
commit 75325da09091f3ae800a2efbcde1a016617e5f1a
|
||||
Author: Steven Hiscocks <steven@hiscocks.me.uk>
|
||||
Date: Wed Mar 19 19:21:23 2014 +0000
|
||||
|
||||
TST: Skip SYSLOG log target test if '/dev/log' not present
|
||||
|
||||
diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
|
||||
index 231aecd..c4163db 100644
|
||||
--- a/fail2ban/tests/servertestcase.py
|
||||
+++ b/fail2ban/tests/servertestcase.py
|
||||
@@ -678,6 +678,12 @@ class TransmitterLogging(TransmitterBase):
|
||||
|
||||
self.setGetTest("logtarget", "STDOUT")
|
||||
self.setGetTest("logtarget", "STDERR")
|
||||
+
|
||||
+ def testLogTargetSYSLOG(self):
|
||||
+ if not os.path.exists("/dev/log") and sys.version_info >= (2, 7):
|
||||
+ raise unittest.SkipTest("'/dev/log' not present")
|
||||
+ elif not os.path.exists("/dev/log"):
|
||||
+ return
|
||||
self.setGetTest("logtarget", "SYSLOG")
|
||||
|
||||
def testLogLevel(self):
|
||||
@ -1,41 +0,0 @@
|
||||
commit b2a1032f5738575f1c368360ba93fc7da5991225
|
||||
Author: Yaroslav Halchenko <debian@onerussian.com>
|
||||
Date: Tue Aug 12 11:31:42 2014 -0400
|
||||
|
||||
ENH/BF(TST): making permissions restrictive is not sufficient -- really remove file to test
|
||||
|
||||
diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
|
||||
index c02e861..1fa3116 100644
|
||||
--- a/fail2ban/tests/filtertestcase.py
|
||||
+++ b/fail2ban/tests/filtertestcase.py
|
||||
@@ -24,6 +24,7 @@ __license__ = "GPL"
|
||||
|
||||
from __builtin__ import open as fopen
|
||||
import unittest
|
||||
+import getpass
|
||||
import os
|
||||
import sys
|
||||
import time
|
||||
@@ -349,10 +350,20 @@ class LogFileMonitor(LogCaptureTestCase):
|
||||
# shorter wait time for not modified status
|
||||
return not self.isModified(0.4)
|
||||
|
||||
- def testNoLogFile(self):
|
||||
+ def testUnaccessibleLogFile(self):
|
||||
os.chmod(self.name, 0)
|
||||
self.filter.getFailures(self.name)
|
||||
- self.assertTrue(self._is_logged('Unable to open %s' % self.name))
|
||||
+ failure_was_logged = self._is_logged('Unable to open %s' % self.name)
|
||||
+ is_root = getpass.getuser() == 'root'
|
||||
+ # If ran as root, those restrictive permissions would not
|
||||
+ # forbid log to be read.
|
||||
+ self.assertTrue(failure_was_logged != is_root)
|
||||
+
|
||||
+ def testNoLogFile(self):
|
||||
+ _killfile(self.file, self.name)
|
||||
+ self.filter.getFailures(self.name)
|
||||
+ failure_was_logged = self._is_logged('Unable to open %s' % self.name)
|
||||
+ self.assertTrue(failure_was_logged)
|
||||
|
||||
def testRemovingFailRegex(self):
|
||||
self.filter.delFailRegex(0)
|
||||
Loading…
Reference in new issue