changeset 192:893391e42d94 puppet-3.6

Update logwatch fail2ban handling for v0.10 log changes * Ignore "Flush tickets" * Tighten regex so "[rule] Restore Ban" doesn't become separate "rule] Restore"
author IBBoard <dev@ibboard.co.uk>
date Tue, 12 Feb 2019 21:04:51 +0000
parents 8fa6623f1e5f
children 9de3c4d597e9
files common/logwatch/services-fail2ban
diffstat 1 files changed, 6 insertions(+), 1 deletions(-) [+]
line diff
     1.1 --- a/common/logwatch/services-fail2ban	Sun Feb 10 19:30:34 2019 +0000
     1.2 +++ b/common/logwatch/services-fail2ban	Tue Feb 12 21:04:51 2019 +0000
     1.3 @@ -2,6 +2,9 @@
     1.4  # $Id: fail2ban 226 2014-09-09 11:07:27Z stefjakobs $
     1.5  ##########################################################################
     1.6  # $Log: fail2ban,v $
     1.7 +# Revision 1.5b - IBBoard
     1.8 +# Patched up to cover fail2ban 0.10
     1.9 +#
    1.10  # Revision 1.5a - IBBoard
    1.11  # Patched up to what we see on CentOS 6 w/fail2ban-0.9.2
    1.12  #
    1.13 @@ -89,7 +92,7 @@
    1.14  	if ( $Debug >= 6 ) {
    1.15  	    print STDERR "DEBUG($DebugCounter): line ignored\n";
    1.16  	}
    1.17 -    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {
    1.18 +    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s+\[?(.*?)[]:]?\s(?:Restore )?(Ban|Unban)[^\.]* (\S+)/)) {
    1.19  	if ( $Debug >= 6 ) {
    1.20  	    print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
    1.21  	}
    1.22 @@ -115,6 +118,8 @@
    1.23  	    $ReInitializations++;
    1.24      } elsif ($ThisLine =~ /..,... WARNING:  is not a valid IP address/) {
    1.25  	# just ignore - this will be fixed within fail2ban and is harmless warning
    1.26 +    } elsif ($ThisLine =~ /Flush ticket\(s\)/) {
    1.27 +        # just ignore - this is fail2ban 0.10 doing a quick shutdown/restart
    1.28      }
    1.29      else
    1.30      {