Browse Source

* make jail filter optional

master
Alex 'AdUser' Z 4 years ago
parent
commit
2691da780a
  1. 2
      docs/configuration.md
  2. 1
      filters/empty.preg
  3. 6
      src/jail.c
  4. 1
      src/jail.h

2
docs/configuration.md

@ -164,7 +164,7 @@ Now let's see real configs. This is modified sample from section `General notes`
[jail:actor1] [jail:actor1]
enabled = yes enabled = yes
source = redis:ssh source = redis:ssh
filter = preg:/etc/f2b/filters/empty.preg ; no "filter" line here
backend = exec-ipset:banned backend = exec-ipset:banned
Now, if "sensor1" detects some malicious activity it sends notify with redis PUBLISH command on channel f2b-banned-ssh. Now, if "sensor1" detects some malicious activity it sends notify with redis PUBLISH command on channel f2b-banned-ssh.

1
filters/empty.preg

@ -1 +0,0 @@
<HOST>

6
src/jail.c

@ -119,6 +119,7 @@ f2b_jail_apply_config(f2b_jail_t *jail, f2b_config_section_t *section) {
if (strcmp(param->name, "filter") == 0) { if (strcmp(param->name, "filter") == 0) {
f2b_jail_parse_compound_value(param->value, name, init); f2b_jail_parse_compound_value(param->value, name, init);
jail->filter = f2b_filter_create(name, init); jail->filter = f2b_filter_create(name, init);
jail->flags |= JAIL_HAS_FILTER;
continue; continue;
} }
if (strcmp(param->name, "backend") == 0) { if (strcmp(param->name, "backend") == 0) {
@ -248,8 +249,13 @@ f2b_jail_process(f2b_jail_t *jail) {
while (f2b_source_next(jail->source, line, sizeof(line), reset)) { while (f2b_source_next(jail->source, line, sizeof(line), reset)) {
reset = false; reset = false;
if (jail->flags & JAIL_HAS_FILTER) {
if (!f2b_filter_match(jail->filter, line, matchbuf, sizeof(matchbuf))) if (!f2b_filter_match(jail->filter, line, matchbuf, sizeof(matchbuf)))
continue; continue;
} else {
/* without filter: 1) value always matches, 2) passed as-is */
memcpy(matchbuf, line, sizeof(matchbuf));
}
/* some regex matches the line */ /* some regex matches the line */
jail->stats.matches++; jail->stats.matches++;
addr = f2b_addrlist_lookup(jail->ipaddrs, matchbuf); addr = f2b_addrlist_lookup(jail->ipaddrs, matchbuf);

1
src/jail.h

@ -24,6 +24,7 @@
/* jail flags */ /* jail flags */
#define JAIL_ENABLED 0x01 #define JAIL_ENABLED 0x01
#define JAIL_HAS_STATE 0x02 #define JAIL_HAS_STATE 0x02
#define JAIL_HAS_FILTER 0x04
/** jail metadata struct */ /** jail metadata struct */
typedef struct f2b_jail_t { typedef struct f2b_jail_t {

Loading…
Cancel
Save