fail2ban icon indicating copy to clipboard operation
fail2ban copied to clipboard

Published 20 hours ago verified publisher icon fail2ban

Add excludepath config option

Open pschultz opened this issue 7 years ago • 7 comments

Add a new jail option "excludepath". Files that match any logpath pattern and also any excludepath pattern are ignored. We were looking for a way to exclude certain webserver logs. The "create a new directory with a bunch of symlinks" solution doesn't work well for us. We'd much rather have a blacklist than a whitelist.

[my-jail]
enabled = true
...
logpath = /var/log/nginx/*-access.log
excludepath = /var/log/nginx/api*

The PR does not break compatibility; only the client's jail reader is affected.

Mentioning #796 because it shows up on Google when searching "fail2ban exclude logfiles".

pschultz avatar Apr 20 '17 12:04 pschultz

Codecov Report

Merging #1756 into 0.10 will decrease coverage by 0.6%. The diff coverage is 91.66%.

Impacted file tree graph

@@            Coverage Diff             @@
##             0.10    #1756      +/-   ##
==========================================
- Coverage   95.49%   94.89%   -0.61%     
==========================================
  Files          76       77       +1     
  Lines       13063    12000    -1063     
  Branches     2082     1871     -211     
==========================================
- Hits        12475    11387    -1088     
- Misses        318      345      +27     
+ Partials      270      268       -2
Impacted Files Coverage Δ
fail2ban/tests/clientreadertestcase.py 97.11% <100%> (-0.62%) :arrow_down:
fail2ban/client/jailreader.py 93.14% <88.88%> (-0.78%) :arrow_down:
fail2ban/server/asyncserver.py 87.8% <0%> (-10.82%) :arrow_down:
fail2ban/server/filterpyinotify.py 85.58% <0%> (-10.66%) :arrow_down:
fail2ban/client/configparserinc.py 90.9% <0%> (-4.15%) :arrow_down:
fail2ban/server/failregex.py 87.5% <0%> (-3.97%) :arrow_down:
fail2ban/client/csocket.py 97.61% <0%> (-2.39%) :arrow_down:
fail2ban/server/strptime.py 94.53% <0%> (-1.84%) :arrow_down:
fail2ban/server/filterpoll.py 83.95% <0%> (-1.77%) :arrow_down:
fail2ban/tests/banmanagertestcase.py 98.29% <0%> (-1.71%) :arrow_down:
... and 40 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 8069eef...d6d9d6e. Read the comment docs.

codecov-io avatar Apr 20 '17 13:04 codecov-io

Coverage Status

Coverage decreased (-0.02%) to 97.125% when pulling 6e8b1a5e548fdb7db7f66ca68a7a57f4768e77d1 on classmarkets:excludepath into 36814c4274a27718530f68b0dc8b7485f49dfbc5 on fail2ban:0.10.

coveralls avatar Apr 20 '17 13:04 coveralls

I've planned a redesign of the log-file handling (in #1379), so the whole logic round about wildcards should be moved to the server/jail-backend (allows dynamically "filtering" during the runtime, and not as now by the start only). But I'll take a look here later to see how it can be useful together with planned arrangements. At least as interim solution it would be good. Thanks!

sebres avatar Apr 20 '17 13:04 sebres

and not as now by the start only

Does that imply that newly created files are not picked up by fail2ban unless it is restarted?

pschultz avatar Apr 20 '17 13:04 pschultz

I guess it can't pick up new files, since the server never sees the globs. That didn't occur to me yet. Quite unexpected I must say.

pschultz avatar Apr 20 '17 13:04 pschultz

Coverage Status

Coverage decreased (-0.02%) to 97.117% when pulling d6d9d6e5b785e3048555c7e00837054c4d2ad65e on classmarkets:excludepath into 17922b621c2d8dc99120470647ece16c56f298d8 on fail2ban:0.10.

coveralls avatar Apr 20 '17 13:04 coveralls

Quite unexpected I must say.

You're right, that's why I want to "fix" it.

sebres avatar Apr 20 '17 13:04 sebres