Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Dropbear filter when logging to STDOUT #3597

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix Dropbear filter when logging to STDOUT #3597

wants to merge 1 commit into from

Conversation

MichaIng
Copy link

@MichaIng MichaIng commented Oct 6, 2023
edited

Since Debian Bookworm, the distribution ships Dropbear with a native systemd service instead of the default upstream init.d service, and accordingly use the -F and -E flags, to run it in foreground and have it logging to STDOUT instead of syslog.

As usual, timestamps and also the PID are now included by the log message emitted by Dropbear, in addition to the systemd journal log prefix.

The Dropbear filter hence does not match anymore. This commit adds the PID and timestamp as optional pattern between prefix and fail log text, to support Dropbear on Debian Bookworm and newer (and likely new versions of other distros) without breaking the old pattern when running Dropbear without -E flag.

Before submitting your PR, please review the following checklist:

  • CHOOSE CORRECT BRANCH: if filing a bugfix/enhancement
    against certain release version, choose 0.9, 0.10 or 0.11 branch,
    for dev-edition use master branch
  • CONSIDER adding a unit test if your PR resolves an issue
  • LIST ISSUES this PR resolves
  • MAKE SURE this PR doesn't break existing tests
  • KEEP PR small so it could be easily reviewed.
  • AVOID making unnecessary stylistic changes in unrelated code
  • ACCOMPANY each new failregex for filter X with sample log lines
    within fail2ban/tests/files/logs/X file

I can add a line to https://github.com/fail2ban/fail2ban/blob/master/fail2ban/tests/files/logs/dropbear, but is there a way to get this failJSON?

@MichaIng
Fix Dropbear filter when logging to STDOUT
628e159 
Since Debian Bookworm, the distribution ships Dropbear with a native systemd service instead of the default upstream init.d service, and accordingly use the `-F` and `-E` flags, to run it in foreground and have it logging to STDOUT instead of syslog.

As usual, timestamps and also the PID are not included by the log message emitted by Dropbear, in addition to the systemd journal log prefix.

The Dropbear filter hence does not match anymore. This commit adds the PID and timestamp as optional pattern between prefix and fail log text, so support Dropbear on Debian Bookworm and newer (and likely new versions of other distros) without breaking the old pattern when running Dropbear without `-E` flag.

Signed-off-by: MichaIng <micha@dietpi.com>
@MichaIng MichaIng mentioned this pull request Oct 6, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@MichaIng