Date: Fri, 22 Jun 2018 22:28:55 +0200 From: Ed Schouten <ed@nuxi.nl> To: Michael Grimm <trashcan@ellael.org> Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, theis@gmx.at, Gleb Smirnoff <glebius@freebsd.org>, "ed@FreeBSD.org" <ed@freebsd.org>, Mailing List FreeBSD Ports <freebsd-ports@freebsd.org> Subject: Re: py-fail2ban turned silent after syslogd rollout (r335059, stable/11) Message-ID: <CABh_MKnGLVtaDZ0_0p2N2JEOBHrOV%2Bryz2bf_1yCJjQHoCJ9OQ@mail.gmail.com> In-Reply-To: <1A5B44D8-28B0-49C9-B88D-EE6EBEE8788D@ellael.org> References: <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org> <20180622155922.GA61217@plan-b.pwste.edu.pl> <697FFEFE-6AFB-45CE-ADCD-4DB10286E68B@ellael.org> <CABh_MKkdObTmbNXnKrudyHjkd8s3aukUUC=Vee%2BRShJepWpwNg@mail.gmail.com> <851C065F-0E02-425C-B4AF-8FCE0E405F8E@ellael.org> <1A5B44D8-28B0-49C9-B88D-EE6EBEE8788D@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000005a72e8056f40e3c2 Content-Type: text/plain; charset="UTF-8" Hi Michael, 2018-06-22 22:06 GMT+02:00 Michael Grimm <trashcan@ellael.org>: > After applying your patch: > Jun 22 21:22:01 HOSTNAME <daemon.notice> [31033]: NOTICE [JAILNAME] Unban x.x.x.x > > Watch: 'fail2ban.actions' -the service- is missing. That's likely due to the fact that it now interprets the first word in the message as the remote hostname, which gets discarded. Attached is a somewhat refined patch that only tries to parse the hostname in remote messages if they are preceded by a timestamp. If the timestamp is missing, it assumes the entire payload is the message. Can you give this one a try? Thanks! -- Ed Schouten <ed@nuxi.nl> Nuxi, 's-Hertogenbosch, the Netherlands --0000000000005a72e8056f40e3c2 Content-Type: application/octet-stream; name="syslogd-optional-timestamp-v2.diff" Content-Disposition: attachment; filename="syslogd-optional-timestamp-v2.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jiqfgkxv0 SW5kZXg6IHVzci5zYmluL3N5c2xvZ2Qvc3lzbG9nZC5jCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHVzci5zYmlu L3N5c2xvZ2Qvc3lzbG9nZC5jCShyZXZpc2lvbiAzMzUzMTQpCisrKyB1c3Iuc2Jpbi9zeXNsb2dk L3N5c2xvZ2QuYwkod29ya2luZyBjb3B5KQpAQCAtMTE3Miw2OSArMTE3Miw3MSBAQAogCXNpemVf dCBpLCBtc2dsZW47CiAJY2hhciBsaW5lW01BWExJTkUgKyAxXTsKIAotCS8qIFBhcnNlIHRoZSB0 aW1lc3RhbXAgcHJvdmlkZWQgYnkgdGhlIHJlbW90ZSBzaWRlLiAqLwotCWlmIChzdHJwdGltZSht c2csIFJGQzMxNjRfREFURUZNVCwgJnRtX3BhcnNlZCkgIT0KLQkgICAgbXNnICsgUkZDMzE2NF9E QVRFTEVOIHx8IG1zZ1tSRkMzMTY0X0RBVEVMRU5dICE9ICcgJykgewotCQlkcHJpbnRmKCJGYWls ZWQgdG8gcGFyc2UgVElNRVNUQU1QIGZyb20gJXM6ICVzXG4iLCBmcm9tLCBtc2cpOwotCQlyZXR1 cm47Ci0JfQotCW1zZyArPSBSRkMzMTY0X0RBVEVMRU4gKyAxOworCS8qCisJICogUGFyc2UgdGhl IFRJTUVTVEFNUCBwcm92aWRlZCBieSB0aGUgcmVtb3RlIHNpZGUuIElmIG5vbmUgaXMKKwkgKiBm b3VuZCwgYXNzdW1lIHRoaXMgaXMgbm90IGFuIFJGQyAzMTY0IGZvcm1hdHRlZCBtZXNzYWdlLAor CSAqIG9ubHkgY29udGFpbmluZyBhIFRBRyBhbmQgYSBNU0cuCisJICovCisJdGltZXN0YW1wID0g TlVMTDsKKwlpZiAoc3RycHRpbWUobXNnLCBSRkMzMTY0X0RBVEVGTVQsICZ0bV9wYXJzZWQpID09 CisJICAgIG1zZyArIFJGQzMxNjRfREFURUxFTiAmJiBtc2dbUkZDMzE2NF9EQVRFTEVOXSA9PSAn ICcpIHsKKwkJbXNnICs9IFJGQzMxNjRfREFURUxFTiArIDE7CisJCWlmICghUmVtb3RlQWRkRGF0 ZSkgeworCQkJc3RydWN0IHRtIHRtX25vdzsKKwkJCXRpbWVfdCB0X25vdzsKKwkJCWludCB5ZWFy OwogCi0JaWYgKCFSZW1vdGVBZGREYXRlKSB7Ci0JCXN0cnVjdCB0bSB0bV9ub3c7Ci0JCXRpbWVf dCB0X25vdzsKLQkJaW50IHllYXI7CisJCQkvKgorCQkJICogQXMgdGhlIHRpbWVzdGFtcCBkb2Vz IG5vdCBjb250YWluIHRoZSB5ZWFyCisJCQkgKiBudW1iZXIsIGRheWxpZ2h0IHNhdmluZyB0aW1l IGluZm9ybWF0aW9uLCBub3IKKwkJCSAqIGEgdGltZSB6b25lLCBhdHRlbXB0IHRvIGluZmVyIGl0 LiBEdWUgdG8KKwkJCSAqIGNsb2NrIHNrZXdzLCB0aGUgdGltZXN0YW1wIG1heSBldmVuIGJlIHBh cnQKKwkJCSAqIG9mIHRoZSBuZXh0IHllYXIuIFVzZSB0aGUgbGFzdCB5ZWFyIGZvciB3aGljaAor CQkJICogdGhlIHRpbWVzdGFtcCBpcyBhdCBtb3N0IG9uZSB3ZWVrIGluIHRoZQorCQkJICogZnV0 dXJlLgorCQkJICoKKwkJCSAqIFRoaXMgbG9vcCBjYW4gb25seSBydW4gZm9yIGF0IG1vc3QgdGhy ZWUKKwkJCSAqIGl0ZXJhdGlvbnMgYmVmb3JlIHRlcm1pbmF0aW5nLgorCQkJICovCisJCQl0X25v dyA9IHRpbWUoTlVMTCk7CisJCQlsb2NhbHRpbWVfcigmdF9ub3csICZ0bV9ub3cpOworCQkJZm9y ICh5ZWFyID0gdG1fbm93LnRtX3llYXIgKyAxOzsgLS15ZWFyKSB7CisJCQkJYXNzZXJ0KHllYXIg Pj0gdG1fbm93LnRtX3llYXIgLSAxKTsKKwkJCQl0aW1lc3RhbXBfcmVtb3RlLnRtID0gdG1fcGFy c2VkOworCQkJCXRpbWVzdGFtcF9yZW1vdGUudG0udG1feWVhciA9IHllYXI7CisJCQkJdGltZXN0 YW1wX3JlbW90ZS50bS50bV9pc2RzdCA9IC0xOworCQkJCXRpbWVzdGFtcF9yZW1vdGUudXNlYyA9 IDA7CisJCQkJaWYgKG1rdGltZSgmdGltZXN0YW1wX3JlbW90ZS50bSkgPAorCQkJCSAgICB0X25v dyArIDcgKiAyNCAqIDYwICogNjApCisJCQkJCWJyZWFrOworCQkJfQorCQkJdGltZXN0YW1wID0g JnRpbWVzdGFtcF9yZW1vdGU7CisJCX0KIAogCQkvKgotCQkgKiBBcyB0aGUgdGltZXN0YW1wIGRv ZXMgbm90IGNvbnRhaW4gdGhlIHllYXIgbnVtYmVyLAotCQkgKiBkYXlsaWdodCBzYXZpbmcgdGlt ZSBpbmZvcm1hdGlvbiwgbm9yIGEgdGltZSB6b25lLAotCQkgKiBhdHRlbXB0IHRvIGluZmVyIGl0 LiBEdWUgdG8gY2xvY2sgc2tld3MsIHRoZQotCQkgKiB0aW1lc3RhbXAgbWF5IGV2ZW4gYmUgcGFy dCBvZiB0aGUgbmV4dCB5ZWFyLiBVc2UgdGhlCi0JCSAqIGxhc3QgeWVhciBmb3Igd2hpY2ggdGhl IHRpbWVzdGFtcCBpcyBhdCBtb3N0IG9uZSB3ZWVrCi0JCSAqIGluIHRoZSBmdXR1cmUuCi0JCSAq Ci0JCSAqIFRoaXMgbG9vcCBjYW4gb25seSBydW4gZm9yIGF0IG1vc3QgdGhyZWUgaXRlcmF0aW9u cwotCQkgKiBiZWZvcmUgdGVybWluYXRpbmcuCisJCSAqIEEgc2luZ2xlIHNwYWNlIGNoYXJhY3Rl ciBNVVNUIGFsc28gZm9sbG93IHRoZSBIT1NUTkFNRSBmaWVsZC4KIAkJICovCi0JCXRfbm93ID0g dGltZShOVUxMKTsKLQkJbG9jYWx0aW1lX3IoJnRfbm93LCAmdG1fbm93KTsKLQkJZm9yICh5ZWFy ID0gdG1fbm93LnRtX3llYXIgKyAxOzsgLS15ZWFyKSB7Ci0JCQlhc3NlcnQoeWVhciA+PSB0bV9u b3cudG1feWVhciAtIDEpOwotCQkJdGltZXN0YW1wX3JlbW90ZS50bSA9IHRtX3BhcnNlZDsKLQkJ CXRpbWVzdGFtcF9yZW1vdGUudG0udG1feWVhciA9IHllYXI7Ci0JCQl0aW1lc3RhbXBfcmVtb3Rl LnRtLnRtX2lzZHN0ID0gLTE7Ci0JCQl0aW1lc3RhbXBfcmVtb3RlLnVzZWMgPSAwOwotCQkJaWYg KG1rdGltZSgmdGltZXN0YW1wX3JlbW90ZS50bSkgPAotCQkJICAgIHRfbm93ICsgNyAqIDI0ICog NjAgKiA2MCkKKwkJbXNnbGVuID0gc3RybGVuKG1zZyk7CisJCWZvciAoaSA9IDA7IGkgPCBNSU4o TUFYSE9TVE5BTUVMRU4sIG1zZ2xlbik7IGkrKykgeworCQkJaWYgKG1zZ1tpXSA9PSAnICcpIHsK KwkJCQlpZiAoUmVtb3RlSG9zdG5hbWUpIHsKKwkJCQkJbXNnW2ldID0gJ1wwJzsKKwkJCQkJZnJv bSA9IG1zZzsKKwkJCQl9CisJCQkJbXNnICs9IGkgKyAxOwogCQkJCWJyZWFrOwotCQl9Ci0JCXRp bWVzdGFtcCA9ICZ0aW1lc3RhbXBfcmVtb3RlOwotCX0gZWxzZQotCQl0aW1lc3RhbXAgPSBOVUxM OwotCi0JLyoKLQkgKiBBIHNpbmdsZSBzcGFjZSBjaGFyYWN0ZXIgTVVTVCBhbHNvIGZvbGxvdyB0 aGUgSE9TVE5BTUUgZmllbGQuCi0JICovCi0JbXNnbGVuID0gc3RybGVuKG1zZyk7Ci0JZm9yIChp ID0gMDsgaSA8IE1JTihNQVhIT1NUTkFNRUxFTiwgbXNnbGVuKTsgaSsrKSB7Ci0JCWlmIChtc2db aV0gPT0gJyAnKSB7Ci0JCQlpZiAoUmVtb3RlSG9zdG5hbWUpIHsKLQkJCQltc2dbaV0gPSAnXDAn OwotCQkJCWZyb20gPSBtc2c7CiAJCQl9Ci0JCQltc2cgKz0gaSArIDE7Ci0JCQlicmVhazsKKwkJ CS8qCisJCQkgKiBTdXBwb3J0IG5vbiBSRkMgY29tcGxpYW50IG1lc3NhZ2VzLCB3aXRob3V0IGhv c3RuYW1lLgorCQkJICovCisJCQlpZiAobXNnW2ldID09ICc6JykKKwkJCQlicmVhazsKIAkJfQot CQkvKgotCQkgKiBTdXBwb3J0IG5vbiBSRkMgY29tcGxpYW50IG1lc3NhZ2VzLCB3aXRob3V0IGhv c3RuYW1lLgotCQkgKi8KLQkJaWYgKG1zZ1tpXSA9PSAnOicpCi0JCQlicmVhazsKKwkJaWYgKGkg PT0gTUlOKE1BWEhPU1ROQU1FTEVOLCBtc2dsZW4pKSB7CisJCQlkcHJpbnRmKCJJbnZhbGlkIEhP U1ROQU1FIGZyb20gJXM6ICVzXG4iLCBmcm9tLCBtc2cpOworCQkJcmV0dXJuOworCQl9CiAJfQot CWlmIChpID09IE1JTihNQVhIT1NUTkFNRUxFTiwgbXNnbGVuKSkgewotCQlkcHJpbnRmKCJJbnZh bGlkIEhPU1ROQU1FIGZyb20gJXM6ICVzXG4iLCBmcm9tLCBtc2cpOwotCQlyZXR1cm47Ci0JfQog CiAJLyogUmVtb3ZlIHRoZSBUQUcsIGlmIHByZXNlbnQuICovCiAJcGFyc2Vtc2dfcmZjMzE2NF9h cHBfbmFtZV9wcm9jaWQoJm1zZywgJmFwcF9uYW1lLCAmcHJvY2lkKTsK --0000000000005a72e8056f40e3c2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABh_MKnGLVtaDZ0_0p2N2JEOBHrOV%2Bryz2bf_1yCJjQHoCJ9OQ>