From owner-freebsd-stable@freebsd.org Fri Jun 22 20:29:28 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 506A71026380 for ; Fri, 22 Jun 2018 20:29:28 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9E15B800F3 for ; Fri, 22 Jun 2018 20:29:27 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: by mail-ed1-x535.google.com with SMTP id i16-v6so1907735eds.12 for ; Fri, 22 Jun 2018 13:29:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nuxi-nl.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=QtnPZ3X6nGbe2UhV46Z/WhGoIX/OsBi9qSJILCFSCvw=; b=vsosKbGzjwjMfPzKSndXe+zNGH07aBmqgYHHTBx52pUWW52zUKpcVZZM68Z21j7Yjz Wsqj4YiYHzUuthpy/blgDqCTdo6Sl3uMF61XW5jVpS7Snie9sxwe8L5H089u/eSiS8Hc EKN66LBWCbyi4hB5CbZ5T2rcxPKTDinpiiT4HgPCMiVsAGguIUrQJDIFRjAY0L2sPdKS PrSJbtZfn5J3ah5yblJBaxnN5MCh4+mGe0jRFEx06siczpTVp7nIw9ikpohK0CS7wBIS TtyEbprFVNA9MAE5jQwtzSdGwkxz35E1SQ9MsteoF8j4TxmDfPQR2MTK7RBYkNA9sh52 rRFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QtnPZ3X6nGbe2UhV46Z/WhGoIX/OsBi9qSJILCFSCvw=; b=RLHrAGN43fUEf18RtbcUlkTByc12Mpf8/3aedTS3nUE/FxJnGz/izNBtxU/AdlylBf mTLIO2UwFEGh3ZE9bSOIET04RVpEAMd2AOeJp+VnFNJyCLSCTVP2g05pfL0XSNQ7ypcl Qw8wfaq3+8cIybCyZSS8r337RX6IqOpRwKjh/8M5FpOmaUr2MG7l7VuDHgE9Vq+Suzmx NDOXH4z6uIvYNWZdLUNc2KIHJ1A7sSuE18me4z3yOQGDFxkH0DoNwxdzueYjxcw1YNtz ZdojpFEkPuEo032Se++Uq/bRVsKOmdU9tic007AiWdqoag3vdf57oeW+on+9jUN7T+rh xdVg== X-Gm-Message-State: APt69E3kR5go61GYBWET1eQHrtQX+8a8YlPiEO4dIFgC4nHiPgC3+s/p DhhY/X5ILgVNkLGf80H52knqsbUDFKekNDAZDhAmNw== X-Google-Smtp-Source: ADUXVKK2BfSHjPfSIvoxhVKTO3VXfjtB408jZv+lQJNfHuIWyzS3vfz/NKbPMQrFknApjsQ1EEzIFmB4+zQn/EM0/Io= X-Received: by 2002:a50:aba5:: with SMTP id u34-v6mr3003745edc.252.1529699366486; Fri, 22 Jun 2018 13:29:26 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a50:8e0d:0:0:0:0:0 with HTTP; Fri, 22 Jun 2018 13:28:55 -0700 (PDT) In-Reply-To: <1A5B44D8-28B0-49C9-B88D-EE6EBEE8788D@ellael.org> References: <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org> <20180622155922.GA61217@plan-b.pwste.edu.pl> <697FFEFE-6AFB-45CE-ADCD-4DB10286E68B@ellael.org> <851C065F-0E02-425C-B4AF-8FCE0E405F8E@ellael.org> <1A5B44D8-28B0-49C9-B88D-EE6EBEE8788D@ellael.org> From: Ed Schouten Date: Fri, 22 Jun 2018 22:28:55 +0200 Message-ID: Subject: Re: py-fail2ban turned silent after syslogd rollout (r335059, stable/11) To: Michael Grimm Cc: FreeBSD-STABLE Mailing List , theis@gmx.at, Gleb Smirnoff , "ed@FreeBSD.org" , Mailing List FreeBSD Ports Content-Type: multipart/mixed; boundary="0000000000005a72e8056f40e3c2" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2018 20:29:28 -0000 --0000000000005a72e8056f40e3c2 Content-Type: text/plain; charset="UTF-8" Hi Michael, 2018-06-22 22:06 GMT+02:00 Michael Grimm : > After applying your patch: > Jun 22 21:22:01 HOSTNAME [31033]: NOTICE [JAILNAME] Unban x.x.x.x > > Watch: 'fail2ban.actions' -the service- is missing. That's likely due to the fact that it now interprets the first word in the message as the remote hostname, which gets discarded. Attached is a somewhat refined patch that only tries to parse the hostname in remote messages if they are preceded by a timestamp. If the timestamp is missing, it assumes the entire payload is the message. Can you give this one a try? Thanks! -- Ed Schouten Nuxi, 's-Hertogenbosch, the Netherlands --0000000000005a72e8056f40e3c2 Content-Type: application/octet-stream; name="syslogd-optional-timestamp-v2.diff" Content-Disposition: attachment; filename="syslogd-optional-timestamp-v2.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jiqfgkxv0 SW5kZXg6IHVzci5zYmluL3N5c2xvZ2Qvc3lzbG9nZC5jCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHVzci5zYmlu L3N5c2xvZ2Qvc3lzbG9nZC5jCShyZXZpc2lvbiAzMzUzMTQpCisrKyB1c3Iuc2Jpbi9zeXNsb2dk L3N5c2xvZ2QuYwkod29ya2luZyBjb3B5KQpAQCAtMTE3Miw2OSArMTE3Miw3MSBAQAogCXNpemVf dCBpLCBtc2dsZW47CiAJY2hhciBsaW5lW01BWExJTkUgKyAxXTsKIAotCS8qIFBhcnNlIHRoZSB0 aW1lc3RhbXAgcHJvdmlkZWQgYnkgdGhlIHJlbW90ZSBzaWRlLiAqLwotCWlmIChzdHJwdGltZSht c2csIFJGQzMxNjRfREFURUZNVCwgJnRtX3BhcnNlZCkgIT0KLQkgICAgbXNnICsgUkZDMzE2NF9E QVRFTEVOIHx8IG1zZ1tSRkMzMTY0X0RBVEVMRU5dICE9ICcgJykgewotCQlkcHJpbnRmKCJGYWls ZWQgdG8gcGFyc2UgVElNRVNUQU1QIGZyb20gJXM6ICVzXG4iLCBmcm9tLCBtc2cpOwotCQlyZXR1 cm47Ci0JfQotCW1zZyArPSBSRkMzMTY0X0RBVEVMRU4gKyAxOworCS8qCisJICogUGFyc2UgdGhl IFRJTUVTVEFNUCBwcm92aWRlZCBieSB0aGUgcmVtb3RlIHNpZGUuIElmIG5vbmUgaXMKKwkgKiBm b3VuZCwgYXNzdW1lIHRoaXMgaXMgbm90IGFuIFJGQyAzMTY0IGZvcm1hdHRlZCBtZXNzYWdlLAor CSAqIG9ubHkgY29udGFpbmluZyBhIFRBRyBhbmQgYSBNU0cuCisJICovCisJdGltZXN0YW1wID0g TlVMTDsKKwlpZiAoc3RycHRpbWUobXNnLCBSRkMzMTY0X0RBVEVGTVQsICZ0bV9wYXJzZWQpID09 CisJICAgIG1zZyArIFJGQzMxNjRfREFURUxFTiAmJiBtc2dbUkZDMzE2NF9EQVRFTEVOXSA9PSAn ICcpIHsKKwkJbXNnICs9IFJGQzMxNjRfREFURUxFTiArIDE7CisJCWlmICghUmVtb3RlQWRkRGF0 ZSkgeworCQkJc3RydWN0IHRtIHRtX25vdzsKKwkJCXRpbWVfdCB0X25vdzsKKwkJCWludCB5ZWFy OwogCi0JaWYgKCFSZW1vdGVBZGREYXRlKSB7Ci0JCXN0cnVjdCB0bSB0bV9ub3c7Ci0JCXRpbWVf dCB0X25vdzsKLQkJaW50IHllYXI7CisJCQkvKgorCQkJICogQXMgdGhlIHRpbWVzdGFtcCBkb2Vz IG5vdCBjb250YWluIHRoZSB5ZWFyCisJCQkgKiBudW1iZXIsIGRheWxpZ2h0IHNhdmluZyB0aW1l IGluZm9ybWF0aW9uLCBub3IKKwkJCSAqIGEgdGltZSB6b25lLCBhdHRlbXB0IHRvIGluZmVyIGl0 LiBEdWUgdG8KKwkJCSAqIGNsb2NrIHNrZXdzLCB0aGUgdGltZXN0YW1wIG1heSBldmVuIGJlIHBh cnQKKwkJCSAqIG9mIHRoZSBuZXh0IHllYXIuIFVzZSB0aGUgbGFzdCB5ZWFyIGZvciB3aGljaAor CQkJICogdGhlIHRpbWVzdGFtcCBpcyBhdCBtb3N0IG9uZSB3ZWVrIGluIHRoZQorCQkJICogZnV0 dXJlLgorCQkJICoKKwkJCSAqIFRoaXMgbG9vcCBjYW4gb25seSBydW4gZm9yIGF0IG1vc3QgdGhy ZWUKKwkJCSAqIGl0ZXJhdGlvbnMgYmVmb3JlIHRlcm1pbmF0aW5nLgorCQkJICovCisJCQl0X25v dyA9IHRpbWUoTlVMTCk7CisJCQlsb2NhbHRpbWVfcigmdF9ub3csICZ0bV9ub3cpOworCQkJZm9y ICh5ZWFyID0gdG1fbm93LnRtX3llYXIgKyAxOzsgLS15ZWFyKSB7CisJCQkJYXNzZXJ0KHllYXIg Pj0gdG1fbm93LnRtX3llYXIgLSAxKTsKKwkJCQl0aW1lc3RhbXBfcmVtb3RlLnRtID0gdG1fcGFy c2VkOworCQkJCXRpbWVzdGFtcF9yZW1vdGUudG0udG1feWVhciA9IHllYXI7CisJCQkJdGltZXN0 YW1wX3JlbW90ZS50bS50bV9pc2RzdCA9IC0xOworCQkJCXRpbWVzdGFtcF9yZW1vdGUudXNlYyA9 IDA7CisJCQkJaWYgKG1rdGltZSgmdGltZXN0YW1wX3JlbW90ZS50bSkgPAorCQkJCSAgICB0X25v dyArIDcgKiAyNCAqIDYwICogNjApCisJCQkJCWJyZWFrOworCQkJfQorCQkJdGltZXN0YW1wID0g JnRpbWVzdGFtcF9yZW1vdGU7CisJCX0KIAogCQkvKgotCQkgKiBBcyB0aGUgdGltZXN0YW1wIGRv ZXMgbm90IGNvbnRhaW4gdGhlIHllYXIgbnVtYmVyLAotCQkgKiBkYXlsaWdodCBzYXZpbmcgdGlt ZSBpbmZvcm1hdGlvbiwgbm9yIGEgdGltZSB6b25lLAotCQkgKiBhdHRlbXB0IHRvIGluZmVyIGl0 LiBEdWUgdG8gY2xvY2sgc2tld3MsIHRoZQotCQkgKiB0aW1lc3RhbXAgbWF5IGV2ZW4gYmUgcGFy dCBvZiB0aGUgbmV4dCB5ZWFyLiBVc2UgdGhlCi0JCSAqIGxhc3QgeWVhciBmb3Igd2hpY2ggdGhl IHRpbWVzdGFtcCBpcyBhdCBtb3N0IG9uZSB3ZWVrCi0JCSAqIGluIHRoZSBmdXR1cmUuCi0JCSAq Ci0JCSAqIFRoaXMgbG9vcCBjYW4gb25seSBydW4gZm9yIGF0IG1vc3QgdGhyZWUgaXRlcmF0aW9u cwotCQkgKiBiZWZvcmUgdGVybWluYXRpbmcuCisJCSAqIEEgc2luZ2xlIHNwYWNlIGNoYXJhY3Rl ciBNVVNUIGFsc28gZm9sbG93IHRoZSBIT1NUTkFNRSBmaWVsZC4KIAkJICovCi0JCXRfbm93ID0g dGltZShOVUxMKTsKLQkJbG9jYWx0aW1lX3IoJnRfbm93LCAmdG1fbm93KTsKLQkJZm9yICh5ZWFy ID0gdG1fbm93LnRtX3llYXIgKyAxOzsgLS15ZWFyKSB7Ci0JCQlhc3NlcnQoeWVhciA+PSB0bV9u b3cudG1feWVhciAtIDEpOwotCQkJdGltZXN0YW1wX3JlbW90ZS50bSA9IHRtX3BhcnNlZDsKLQkJ CXRpbWVzdGFtcF9yZW1vdGUudG0udG1feWVhciA9IHllYXI7Ci0JCQl0aW1lc3RhbXBfcmVtb3Rl LnRtLnRtX2lzZHN0ID0gLTE7Ci0JCQl0aW1lc3RhbXBfcmVtb3RlLnVzZWMgPSAwOwotCQkJaWYg KG1rdGltZSgmdGltZXN0YW1wX3JlbW90ZS50bSkgPAotCQkJICAgIHRfbm93ICsgNyAqIDI0ICog NjAgKiA2MCkKKwkJbXNnbGVuID0gc3RybGVuKG1zZyk7CisJCWZvciAoaSA9IDA7IGkgPCBNSU4o TUFYSE9TVE5BTUVMRU4sIG1zZ2xlbik7IGkrKykgeworCQkJaWYgKG1zZ1tpXSA9PSAnICcpIHsK KwkJCQlpZiAoUmVtb3RlSG9zdG5hbWUpIHsKKwkJCQkJbXNnW2ldID0gJ1wwJzsKKwkJCQkJZnJv bSA9IG1zZzsKKwkJCQl9CisJCQkJbXNnICs9IGkgKyAxOwogCQkJCWJyZWFrOwotCQl9Ci0JCXRp bWVzdGFtcCA9ICZ0aW1lc3RhbXBfcmVtb3RlOwotCX0gZWxzZQotCQl0aW1lc3RhbXAgPSBOVUxM OwotCi0JLyoKLQkgKiBBIHNpbmdsZSBzcGFjZSBjaGFyYWN0ZXIgTVVTVCBhbHNvIGZvbGxvdyB0 aGUgSE9TVE5BTUUgZmllbGQuCi0JICovCi0JbXNnbGVuID0gc3RybGVuKG1zZyk7Ci0JZm9yIChp ID0gMDsgaSA8IE1JTihNQVhIT1NUTkFNRUxFTiwgbXNnbGVuKTsgaSsrKSB7Ci0JCWlmIChtc2db aV0gPT0gJyAnKSB7Ci0JCQlpZiAoUmVtb3RlSG9zdG5hbWUpIHsKLQkJCQltc2dbaV0gPSAnXDAn OwotCQkJCWZyb20gPSBtc2c7CiAJCQl9Ci0JCQltc2cgKz0gaSArIDE7Ci0JCQlicmVhazsKKwkJ CS8qCisJCQkgKiBTdXBwb3J0IG5vbiBSRkMgY29tcGxpYW50IG1lc3NhZ2VzLCB3aXRob3V0IGhv c3RuYW1lLgorCQkJICovCisJCQlpZiAobXNnW2ldID09ICc6JykKKwkJCQlicmVhazsKIAkJfQot CQkvKgotCQkgKiBTdXBwb3J0IG5vbiBSRkMgY29tcGxpYW50IG1lc3NhZ2VzLCB3aXRob3V0IGhv c3RuYW1lLgotCQkgKi8KLQkJaWYgKG1zZ1tpXSA9PSAnOicpCi0JCQlicmVhazsKKwkJaWYgKGkg PT0gTUlOKE1BWEhPU1ROQU1FTEVOLCBtc2dsZW4pKSB7CisJCQlkcHJpbnRmKCJJbnZhbGlkIEhP U1ROQU1FIGZyb20gJXM6ICVzXG4iLCBmcm9tLCBtc2cpOworCQkJcmV0dXJuOworCQl9CiAJfQot CWlmIChpID09IE1JTihNQVhIT1NUTkFNRUxFTiwgbXNnbGVuKSkgewotCQlkcHJpbnRmKCJJbnZh bGlkIEhPU1ROQU1FIGZyb20gJXM6ICVzXG4iLCBmcm9tLCBtc2cpOwotCQlyZXR1cm47Ci0JfQog CiAJLyogUmVtb3ZlIHRoZSBUQUcsIGlmIHByZXNlbnQuICovCiAJcGFyc2Vtc2dfcmZjMzE2NF9h cHBfbmFtZV9wcm9jaWQoJm1zZywgJmFwcF9uYW1lLCAmcHJvY2lkKTsK --0000000000005a72e8056f40e3c2--