subject:"Bug#544232\: tentative \[PATCH\] issue5178\: use a temporary directory or file created with mktemp"

Bug#544232: tentative [PATCH] issue5178: use a temporary directory or file created with mktemp

2010-11-01 Thread Zbyszek Szmek

On Sun, Oct 31, 2010 at 08:30:23PM -0400, Yaroslav Halchenko wrote:
Hi Yaroslav,

> Hi Zbyszek,
> 
> thanks for looking into it ...
Thanks for the quick reply :)

> action.d/mynetwatchman.conf  changes -- should be ok
This parts is still valid...

> action.d/mail-buffered.conf -- I don't think it would work...
...but the other three won't work indeed. (I had some strange
notion that the mktemp would get executed tmpdir variable initialization,
but it just gets substituted into the final command like you said.

> 
> > +tmpdir = `mktemp --directory --suffix=-f2ban-dshield`
> > +tmpfile = /dshield
> 
> since this is just a Python config file, it would simply substitute
> `mktemp --directory --suffix=-f2ban-dshield`/dshield
> for every occurrence of  which would be not what is desired...
> am I correct?
> 
> 
> as a generic and simple resolution, I think, tmpfiles should simply be
> created under /var/run/fail2ban which belongs to root.  I think there
> was some discussion in some other bugreport... or it is deja vu
Yes, this is a much better solution! Is the /var/run/fail2ban/
directory exported as a variable so it can be used in action rules
without hardcoding the path?

> agreed?
Yeah, sorry for posting a complete untested patch ;(



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#544232: tentative [PATCH] issue5178: use a temporary directory or file created with mktemp

2010-10-31 Thread Yaroslav Halchenko

Hi Zbyszek,

thanks for looking into it ...

action.d/mynetwatchman.conf  changes -- should be ok
action.d/mail-buffered.conf -- I don't think it would work...

> +tmpdir = `mktemp --directory --suffix=-f2ban-dshield`
> +tmpfile = /dshield

since this is just a Python config file, it would simply substitute
`mktemp --directory --suffix=-f2ban-dshield`/dshield
for every occurrence of  which would be not what is desired...
am I correct?


as a generic and simple resolution, I think, tmpfiles should simply be
created under /var/run/fail2ban which belongs to root.  I think there
was some discussion in some other bugreport... or it is deja vu

agreed?

-- 
  .-.
=--   /v\  =
Keep in touch// \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko  /(   )\   ICQ#: 60653192
   Linux User^^-^^[17]





-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#544232: tentative [PATCH] issue5178: use a temporary directory or file created with mktemp

2010-10-31 Thread Zbyszek Jędrzejewski-Szmek

Using a directory is fine, as long as it is used only once: because
mktemp verifies that the directory didn't exists before when creating
it, the same temporary directory name cannot be safely used after
removing it. But actionstop which removes the temporary directory
should be run only once when closing fail2ban. If the configuration is
reloaded, a new temporary directory will be created, which is good.

Patch untested :(
---
 config/action.d/dshield.conf   |5 +++--
 config/action.d/mail-buffered.conf |4 +++-
 config/action.d/mynetwatchman.conf |9 ++---
 config/action.d/sendmail-buffered.conf |5 +++--
 4 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
index b80698b..8dba15f 100644
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@@ -44,6 +44,7 @@ actionstop = if [ -f .buffer ]; then
  date +%%s > .lastsent
  fi
  rm -f .buffer .first
+ rmdir 
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
@@ -206,5 +207,5 @@ dest = repo...@dshield.org
 # Notes.:  Base name of temporary files used for buffering
 # Values:  [ STRING ]  Default: /tmp/fail2ban-dshield
 #
-tmpfile = /tmp/fail2ban-dshield
-
+tmpdir = `mktemp --directory --suffix=-f2ban-dshield`
+tmpfile = /dshield
diff --git a/config/action.d/mail-buffered.conf 
b/config/action.d/mail-buffered.conf
index 8a33d0e..00b734f 100644
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@@ -29,6 +29,7 @@ actionstop = if [ -f  ]; then
  Fail2Ban"|mail -s "[Fail2Ban] : Summary" 
  rm 
  fi
+ rmdir 
  printf %%b "Hi,\n
  The jail  has been stopped.\n
  Regards,\n
@@ -81,7 +82,8 @@ lines = 5
 
 # Default temporary file
 #
-tmpfile = /tmp/fail2ban-mail.txt
+tmpdir = `mktemp --directory --suffix=-f2ban-mail`
+tmpfile = /buffer.txt
 
 # Destination/Addressee of the mail
 #
diff --git a/config/action.d/mynetwatchman.conf 
b/config/action.d/mynetwatchman.conf
index 15b91b1..9a1600f 100644
--- a/config/action.d/mynetwatchman.conf
+++ b/config/action.d/mynetwatchman.conf
@@ -66,7 +66,8 @@ actionban = MNWLOGIN=`perl -e 
'$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",or
PROTOCOL=`awk '{IGNORECASE=1;if($1==""){print $2;exit}}' 
/etc/protocols`
if [ -z "$PROTOCOL" ]; then PROTOCOL=; fi
DATETIME=`perl -e '@t=gmtime();printf 
"%%4d-%%02d-%%02d+%%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'`
- 
"?AT=2&AV=0&AgentEmail=$MNWLOGIN&AgentPassword=$MNWPASS&AttackerIP=&SrcPort=&ProtocolID=$PROTOCOL&DestPort=&AttackCount=&VictimIP=&AttackDateTime=$DATETIME"
 2>&1 >> .out && grep -q 'Attack Report Insert Successful' 
.out && rm -f .out
+TMPFILE=`mktemp --suffix -f2ban-mynetwatchman.out`
+ 
"?AT=2&AV=0&AgentEmail=$MNWLOGIN&AgentPassword=$MNWPASS&AttackerIP=&SrcPort=&ProtocolID=$PROTOCOL&DestPort=&AttackCount=&VictimIP=&AttackDateTime=$DATETIME"
 2>&1 >> "$TMPFILE" && grep -q 'Attack Report Insert Successful' "$TMPFILE" && 
rm -f "$TMPFILE"
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -136,9 +137,3 @@ srcport = 0
 # Values:  STRING  Default: http://mynetwatchman.com/insertwebreport.asp
 #
 mnwurl = http://mynetwatchman.com/insertwebreport.asp
-
-# Option:  tmpfile
-# Notes.:  Base name of temporary files
-# Values:  [ STRING ]  Default: /tmp/fail2ban-mynetwatchman
-#
-tmpfile = /tmp/fail2ban-mynetwatchman
diff --git a/config/action.d/sendmail-buffered.conf 
b/config/action.d/sendmail-buffered.conf
index de8166a..3a4e950 100644
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@@ -35,6 +35,7 @@ actionstop = if [ -f  ]; then
  Fail2Ban" | /usr/sbin/sendmail -f  
  rm 
  fi
+ rmdir 
  printf %%b "Subject: [Fail2Ban] : stopped
  From: Fail2Ban <>
  To: \n
@@ -101,5 +102,5 @@ lines = 5
 
 # Default temporary file
 #
-tmpfile = /tmp/fail2ban-mail.txt
-
+tmpdir = `mktemp --directory --suffix=-f2ban-mail`
+tmpfile = /buffer.txt
-- 
1.6.4.124.g27bb1




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#544232: tentative [PATCH] issue5178: use a temporary directory or file created with mktemp

Bug#544232: tentative [PATCH] issue5178: use a temporary directory or file created with mktemp

Bug#544232: tentative [PATCH] issue5178: use a temporary directory or file created with mktemp

3 matches

Site Navigation

Mail list logo

Footer information