diff options
| author | sebres <serg.brester@sebres.de> | 2018-07-18 15:23:56 +0200 |
|---|---|---|
| committer | sebres <serg.brester@sebres.de> | 2018-07-18 15:23:56 +0200 |
| commit | d92381aaa92129ef73d622a59d09e4901b14d677 (patch) | |
| tree | 2331afb9cc76a1cb24b1074afd92f0af661849d9 | |
| parent | 8fe07e29ad7a2b3c5b0749c4f2a63aa97766275e (diff) | |
| download | fail2ban-d92381aaa92129ef73d622a59d09e4901b14d677.tar.gz | |
fail2ban-regex: ignore lines having not empty match of `<F-NOFAIL>` from failregex (not a failure, so count as ignored and not as matched).
| -rw-r--r-- | fail2ban/client/fail2banregex.py | 19 | ||||
| -rw-r--r-- | fail2ban/tests/fail2banregextestcase.py | 2 |
2 files changed, 14 insertions, 7 deletions
diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py index 6add0eaa..68b7b7c3 100644 --- a/fail2ban/client/fail2banregex.py +++ b/fail2ban/client/fail2banregex.py @@ -411,17 +411,23 @@ class Fail2banRegex(object): def testRegex(self, line, date=None): orgLineBuffer = self._filter._Filter__lineBuffer fullBuffer = len(orgLineBuffer) >= self._filter.getMaxLines() + is_ignored = False try: - ret = self._filter.processLine(line, date) + found = self._filter.processLine(line, date) lines = [] line = self._filter.processedLine() - for match in ret: + ret = [] + for match in found: # Append True/False flag depending if line was matched by # more than one regex match.append(len(ret)>1) regex = self._failregex[match[0]] regex.inc() regex.appendIP(match) + if not match[3].get('nofail'): + ret.append(match) + else: + is_ignored = True except RegexException as e: # pragma: no cover output( 'ERROR: %s' % e ) return False @@ -447,13 +453,13 @@ class Fail2banRegex(object): if lines: # pre-lines parsed in multiline mode (buffering) lines.append(line) line = "\n".join(lines) - return line, ret + return line, ret, is_ignored def process(self, test_lines): t0 = time.time() for line in test_lines: if isinstance(line, tuple): - line_datetimestripped, ret = self.testRegex( + line_datetimestripped, ret, is_ignored = self.testRegex( line[0], line[1]) line = "".join(line[0]) else: @@ -461,8 +467,9 @@ class Fail2banRegex(object): if line.startswith('#') or not line: # skip comment and empty lines continue - line_datetimestripped, ret = self.testRegex(line) - is_ignored = self.testIgnoreRegex(line_datetimestripped) + line_datetimestripped, ret, is_ignored = self.testRegex(line) + if not is_ignored: + is_ignored = self.testIgnoreRegex(line_datetimestripped) if is_ignored: self._line_stats.ignored += 1 diff --git a/fail2ban/tests/fail2banregextestcase.py b/fail2ban/tests/fail2banregextestcase.py index c3919230..44acfd35 100644 --- a/fail2ban/tests/fail2banregextestcase.py +++ b/fail2ban/tests/fail2banregextestcase.py @@ -209,7 +209,7 @@ class Fail2banRegexTest(LogCaptureTestCase): def testVerboseFullSshd(self): (opts, args, fail2banRegex) = _Fail2banRegex( "-l", "notice", # put down log-level, because of too many debug-messages - "-v", "--verbose-date", "--print-all-matched", + "-v", "--verbose-date", "--print-all-matched", "--print-all-ignored", "-c", CONFIG_DIR, Fail2banRegexTest.FILENAME_SSHD, "sshd" ) |