diff --git a/conf/services/fail2ban.conf b/conf/services/fail2ban.conf
index 443232e..706c493 100644
--- a/conf/services/fail2ban.conf
+++ b/conf/services/fail2ban.conf
@@ -38,3 +38,7 @@ LogFile = messages
# Default length is 80.
# This can be disabled by setting the length to 0 or -1.
# $fail2ban_error_length = 80
+
+# Set this to true if actionflush is set to true to avoid the following message:
+# ERROR: Lost track of flushing services
+# $fail2ban_ignore_flushing = 1
diff --git a/scripts/services/dovecot b/scripts/services/dovecot
index b01f3de..00a3c7c 100644
--- a/scripts/services/dovecot
+++ b/scripts/services/dovecot
@@ -134,6 +134,7 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /discarded duplicate forward to/) or
($ThisLine =~ /discarding vacation response/) or
($ThisLine =~ /discarded vacation reply to/) or
+ ($ThisLine =~ /Warning: Shutting down logging/) or
($ThisLine =~ /Debug:/) or
($ThisLine =~ /Plaintext authentication disabled/) or
($ThisLine =~ /^$dovecottag imap\(\w+\): Mailbox renamed:/) or
diff --git a/scripts/services/fail2ban b/scripts/services/fail2ban
index 4f53f8f..175ab8c 100644
--- a/scripts/services/fail2ban
+++ b/scripts/services/fail2ban
@@ -29,6 +29,7 @@ use Logwatch ':all';
my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my $IgnoreHost = $ENV{'sshd_ignore_host'} || "";
+my $IgnoreFlushing = $ENV{'fail2ban_ignore_flushing'} || "";
my $ErrLen = $ENV{'fail2ban_error_length'} || 80;
my $DebugCounter = 0;
my $ReInitializations = 0;
@@ -40,7 +41,7 @@ my %WarningList = ();
my %InfoList = ();
my %NoticeList = ();
my %OtherList = ();
-my %Flushing = (); # keep track of which services being flushed
+my %Flushing = (); # keep track of which services being flushed
my %ServicesBans = ();
my %ServicesFound = ();
@@ -52,8 +53,8 @@ $Action, $Host, $Message,
$NumFailures, $Service
);
if ( $Debug >= 5 ) {
- print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n";
- $DebugCounter = 1;
+ print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n";
+ $DebugCounter = 1;
}
while (defined(my $ThisLine = <STDIN>)) {
@@ -88,12 +89,12 @@ while (defined(my $ThisLine = <STDIN>)) {
if ( $Debug >= 6 ) {
print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
}
- if (exists $Flushing{$Service}) {
- if ($Action =~ /Unban/) {
- $ServicesBans{$Service}{$Host}{'FlushUnban'}++;
+ if (exists $Flushing{$Service}) {
+ if ($Action =~ /Unban/) {
+ $ServicesBans{$Service}{$Host}{'FlushUnban'}++;
$ServicesBans{$Service}{"(all)"}{'FlushUnban'}++;
- } else {
- print STDERR "ERROR: Lost track of flushing services\n";
+ } elsif ( ! $IgnoreFlushing ) {
+ print STDERR "ERROR: Lost track of flushing services\n";
}
} else {
$ServicesBans{$Service}{$Host}{$Action}++;
@@ -115,7 +116,7 @@ while (defined(my $ThisLine = <STDIN>)) {
} elsif ($ThisLine =~ /ERROR.*returned \d+$/) {
push @ActionErrors, "$ThisLine\n";
} elsif (($ThisLine =~ /..,... WARNING: \#\S+ reinitialization of firewalls/) or
- ($ThisLine =~ / ERROR\s*Invariant check failed. Trying to restore a sane environment/)) {
+ ($ThisLine =~ / ERROR\s*Invariant check failed. Trying to restore a sane environment/)) {
$ReInitializations++;
} elsif ($ThisLine =~ /..,... WARNING: is not a valid IP address/) {
# just ignore - this will be fixed within fail2ban and is harmless warning
@@ -125,26 +126,26 @@ while (defined(my $ThisLine = <STDIN>)) {
$ServicesIgnored{$Service}{$Host}++;
# Generic messages
} elsif ( ($Message) = ($ThisLine =~ / ERROR (.*)$/)) {
- # Fail2ban can dump huge error messages in its logs
- if ($ErrLen > 3 && length($Message) > $ErrLen) {
+ # Fail2ban can dump huge error messages in its logs
+ if ($ErrLen > 3 && length($Message) > $ErrLen) {
$ErrorList{substr($Message,0,$ErrLen-3).'...'}++;
- } else {
+ } else {
$ErrorList{$Message}++;
}
} elsif ( ($Message) = ($ThisLine =~ / WARNING (.*)$/)) {
$WarningList{$Message}++;
} elsif ( ($Message) = ($ThisLine =~ / INFO (.*)$/)) {
$InfoList{$Message}++;
- if ( ($Service) = ($Message =~ /Jail \'(.*)\' stopped/)) {
- delete $Flushing{$Service};
+ if ( ($Service) = ($Message =~ /Jail \'(.*)\' stopped/)) {
+ delete $Flushing{$Service};
}
- if ( ($Service) = ($Message =~ /Stopping all jails|Exiting Fail2ban/)) {
- %Flushing = ();
+ if ( ($Service) = ($Message =~ /Stopping all jails|Exiting Fail2ban/)) {
+ %Flushing = ();
}
} elsif ( ($Message) = ($ThisLine =~ / NOTICE (.*)$/)) {
$NoticeList{$Message}++;
- if ( ($Service) = ($Message =~ /\[(.*)\] Flush ticket/)) {
- $Flushing{$Service} = 1;
+ if ( ($Service) = ($Message =~ /\[(.*)\] Flush ticket/)) {
+ $Flushing{$Service} = 1;
}
} else {
# Report any unmatched entries...
diff --git a/scripts/services/named b/scripts/services/named
index 2c94b30..6a85dee 100644
--- a/scripts/services/named
+++ b/scripts/services/named
@@ -129,6 +129,7 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /configuring command channel from/) or
($ThisLine =~ /interface ignored/) or
($ThisLine =~ /no IPv6 interfaces found/) or
+ ($ThisLine =~ /IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately/) or
($ThisLine =~ /using \d+ UDP listeners? per interface/) or
($ThisLine =~ /^running/) or
($ThisLine =~ /^exiting/) or
@@ -166,6 +167,7 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /zone .*: zone serial unchanged. zone may fail to transfer to slaves/) or
($ThisLine =~ /zone .*: loading from master file .* failed/) or
($ThisLine =~ /zone .*: NS '.*' has no address records/) or
+ ($ThisLine =~ /zone .* \(signed\): receive_secure_serial: unchanged/) or
($ThisLine =~ /.*: not a valid number$/) or
($ThisLine =~ /^(.*: )?unexpected end of input/) or
($ThisLine =~ /too many timeouts resolving '.*' .*: disabling EDNS/) or
@@ -173,7 +175,8 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /reloading zones succeeded/) or
($ThisLine =~ /generating session key/) or
($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or
- ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after reducing the advertised EDNS UDP packet size to 512 octets/) or
+ ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or
+ ($ThisLine =~ /success resolving '.*' after disabling qname minimization due to 'failure'/) or
($ThisLine =~ /the working directory is not writable/) or
($ThisLine =~ /using default UDP\/IPv[46] port range: \[[0-9]*, [0-9]*\]/) or
($ThisLine =~ /adjusted limit on open files from [0-9]* to [0-9]*/) or
@@ -205,7 +208,7 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /using built-in trusted-keys/) or
($ThisLine =~ /using built-in keys instead/) or
($ThisLine =~ /set up managed keys zone/) or
- ($ThisLine =~ /managed-keys-zone.*key now trusted/) or
+ ($ThisLine =~ /managed-keys-zone.*[Kk]ey .*now trusted/) or
($ThisLine =~ /forwarding update for zone/) or
($ThisLine =~ /forwarded dynamic update: master [^ ]* returned: (NXRRSET|YXDOMAIN)/) or
($ThisLine =~ /using .* as GeoIP directory/) or
@@ -416,28 +419,28 @@ while (defined(my $ThisLine = <STDIN>)) {
} elsif (($Client,$Net,$Zone,$Response) = ($ThisLine =~/client ([^#]+)(?:#\d+)? \(.*\): (?:view \w+: )?rate limit slip response to (\S+)(?: for (\S+))? (.*) +\(/)) {
$Zone = "None" unless defined($Zone);
$LimitSlip{$Zone}{$Response}{$Net}{$Client}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) {
$DNSSECInsec{'__Total__'}++;
$DNSSECInsec{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) {
$DNSSECInvalid{'__Total__'}++;
$DNSSECInvalid{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) {
$DNSSECBadCache{'__Total__'}++;
$DNSSECBadCache{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): verify failed due to bad signature/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): verify failed due to bad signature/)) {
$DNSSECInvalid{'__Total__'}++;
$DNSSECInvalid{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): got insecure response; parent indicates it should be secure/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): got insecure response; parent indicates it should be secure/)) {
$DNSSECInsec{'__Total__'}++;
$DNSSECInsec{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): no valid signature found/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): no valid signature found/)) {
$DNSSECInvalid{'__Total__'}++;
$DNSSECInvalid{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): verify failed due to bad signature/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): verify failed due to bad signature/)) {
$DNSSECInvalid{'__Total__'}++;
$DNSSECInvalid{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): bad cache hit/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): bad cache hit/)) {
$DNSSECBadCache{'__Total__'}++;
$DNSSECBadCache{$Zone}{$RR}++;
} elsif (($Error,$Host) = ($ThisLine =~ /^(?:error \()?(.*)\)? resolving '([^']+)':/)) {
diff --git a/scripts/services/nut b/scripts/services/nut
index a55a764..c31e291 100644
--- a/scripts/services/nut
+++ b/scripts/services/nut
@@ -64,7 +64,9 @@ while (defined(my $ThisLine = <STDIN>)) {
or $ThisLine =~ /^upsdrvctl: Using subdriver:/
or $ThisLine =~ /^upsdrvctl: using '.*' to set battery low state/
or $ThisLine =~ /^upsd: listening on /
+ or $ThisLine =~ /^upsd: mainloop: Interrupted system call/
or $ThisLine =~ /^upsd: Network UPS Tools upsd/
+ or $ThisLine =~ /^upsd: fopen \S+\/upsd.pid: No such file or directory/
or $ThisLine =~ /^upsmon: Connected to/
or $ThisLine =~ /^upsmon: Connecting in SSL to/
or $ThisLine =~ /^upsmon: Certificate verification is disabled/
diff --git a/scripts/services/systemd b/scripts/services/systemd
index 3ba8ab7..e3d63a3 100644
--- a/scripts/services/systemd
+++ b/scripts/services/systemd
@@ -84,6 +84,7 @@ while (defined(my $ThisLine = <STDIN>)) {
# Extransous scope messages with LanSweeper - revisit with EL8.4
$ThisLine =~ /: Failed to add PIDs to scope's control group: No such process/ or
$ThisLine =~ /scope: Failed with result 'resources'/ or
+ $ThisLine =~ /session-[[:xdigit:]]+\.scope: Deactivated successfully\./ or
$ThisLine =~ /^Found device / or
$ThisLine =~ /Found dependency on / or
$ThisLine =~ /Got automount request for \/proc\// or
@@ -115,7 +116,7 @@ while (defined(my $ThisLine = <STDIN>)) {
$ThisLine =~ /^systemd .* running in system mode/ or
# This is preceeded by a more descriptive message
$ThisLine =~ /^This usually indicates unclean termination of a previous run, or service implementation deficiencies\.$/ or
- $ThisLine =~ /Transaction is destructive\./ or
+ $ThisLine =~ /Transaction (for .*)?is destructive/ or
$ThisLine =~ /^Unit .* is bound to inactive unit .*\. Stopping, too\./ or
$ThisLine =~ /Unit (.* is )?not needed anymore\. Stopping\./ or
$ThisLine =~ /[Ss]tart(-pre)? operation timed out\. Terminating\./ or
@@ -191,7 +192,7 @@ while (defined(my $ThisLine = <STDIN>)) {
} elsif (($target) = ($ThisLine =~ /^Reached target (.*)\.$/)) {
$Target{$target}++;
$LastTarget = $target;
- } elsif (($session, $user) = ($ThisLine =~ /^Started Session ([[:xdigit:]]+) of [uU]ser (.*)\.$/)) {
+ } elsif (($session, $user) = ($ThisLine =~ /^Started (?:session-[[:xdigit:]]+\.scope - )?Session ([[:xdigit:]]+) of [uU]ser (.*)\.$/)) {
$UserSession{$user}->{$session}++;
} elsif (($service) = ($ThisLine =~ /^Activated (.*)\.$/)) {
$Activated{$service}++;
diff --git a/scripts/services/xntpd b/scripts/services/xntpd
index 0e6c330..ad40274 100644
--- a/scripts/services/xntpd
+++ b/scripts/services/xntpd
@@ -89,6 +89,13 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ m/0\.0\.0\.0 [[:xdigit:]]{4} [[:xdigit:]]{2} /) or # startup
($ThisLine =~ m/Soliciting .*server/) or # startup
($ThisLine =~ m/kernel reports .*: Clock Unsynchronized/) or # startup
+ ($ThisLine =~ m/Starting/) or # startup
+ ($ThisLine =~ m/(Built|Running) with /) or # startup
+ ($ThisLine =~ m/successfully locked into RAM/) or # startup
+ ($ThisLine =~ m/Using SO_TIMESTAMPNS/) or # startup
+ ($ThisLine =~ m/MRU \d+ entries, \d+ hash bits, \d+ bytes/) or # startup
+ ($ThisLine =~ m/readconfig: parsing file:/) or # startup
+ ($ThisLine =~ m/Using system default root certificates\./) or # startup
($ThisLine =~ m/select([^\)]) error: Interrupted system call/) or
($ThisLine =~ m/signal_no_reset: signal \d+ had flags \d+/) or
($ThisLine =~ /Deleting interface \#[0-9]+ [^,]*, [^,]*, interface stats: received=.*, sent=.*, dropped=.*, active_time=.* secs/) or
@@ -99,6 +106,11 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /.* interface .* -> .*/) or
($ThisLine =~ /.* local addr .* -> .*/) or
($ThisLine =~ /Deferring DNS for/) or
+ ($ThisLine =~ /DNS: dns_take_status: /) or
+ ($ThisLine =~ /DNS: dns_probe: \S+, cast_flags:.+, flags:/) or
+ ($ThisLine =~ /DNS: dns_check: processing /) or
+ ($ThisLine =~ /DNS: (Server|Pool) taking: /) or
+ ($ThisLine =~ /SYNC: Found \d+ servers, suggest minsane /) or
($ThisLine =~ /ntp_io: estimated max descriptors: \d*, initial socket boundary: \d*/) or
($ThisLine =~ /peers refreshed$/) or
($ThisLine =~ /restrict: error in address/) or
@@ -119,6 +131,8 @@ while (defined(my $ThisLine = <STDIN>)) {
push @TimeReset, $TimeStep;
} elsif ( (undef,$TimeStep) = ($ThisLine =~ /(step|adjust) time server [^ ]+ offset ([^ ]+) sec$/ )) {
push @TimeReset, $TimeStep;
+ } elsif ( ($TimeStep) = ($ThisLine =~ /time stepped by ([^ ]+)$/ )) {
+ push @TimeReset, $TimeStep;
} elsif ( ($TimeStep) = ($ThisLine =~ /adjusting local clock by ([^ ]+)s$/ )) {
# Jacob Joseph (12/8/06)
push @TimeReset, $TimeStep;