GNU bug report logs - #56608
[PATCH] gnu: security: Add fail2ban-service-type.

Previous Next

Package: guix-patches;

Reported by: muradm <mail <at> muradm.net>

Date: Sun, 17 Jul 2022 02:33:01 UTC

Severity: normal

Tags: patch

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #35 received at 56608 <at> debbugs.gnu.org (full text, mbox):

From: muradm <mail <at> muradm.net>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 56608 <at> debbugs.gnu.org
Subject: Re: bug#56608: [PATCH v2 2/2] gnu: tests: Add fail2ban tests.
Date: Tue, 23 Aug 2022 23:19:34 +0300

[Message part 1 (text/plain, inline)]
muradm <mail <at> muradm.net> writes:

[...]

>>> +          (test-equal "fail2ban sshd jail running"
>>> +            '("Status for the jail: sshd"
>>> +              "|- Filter"
>>> +              "|  |- Currently failed:\t0"
>>> +              "|  |- Total failed:\t0"
>>> +              "|  `- File list:\t/var/log/secure"
>>> +              "`- Actions"
>>> +              "   |- Currently banned:\t0"
>>> +              "   |- Total banned:\t0"
>>> +              "   `- Banned IP list:\t"
>>> +              "")
>>> +            (marionette-eval
>>> +             '(begin
>>> +                (use-modules (ice-9 rdelim) (ice-9 popen) 
>>> (rnrs io
>>> ports))
>>> +                (let ((call-command
>>> +                       (lambda (cmd)
>>> +                         (let* ((err-cons (pipe))
>>> +                                (port (with-error-to-port 
>>> (cdr
>>> err-cons)
>>> +                                        (lambda ()
>>> (open-input-pipe cmd))))
>>> +                                (_ (setvbuf (car err-cons) 
>>> 'block
>>> +                                            (* 1024 1024 
>>> 16)))
>>> +                                (result (read-delimited "" 
>>> port)))
>>> +                           (close-port (cdr err-cons))
>>> +                           (values result (read-delimited "" 
>>> (car
>>> err-cons)))))))
>>> +                  (string-split
>>> +                   (call-command
>>> +                    (string-join (list #$%fail2ban-server-cmd
>>> "status" "sshd") " "))
>>> +                   #\newline)))
>>> +             marionette))
>>
>> Perhaps this could be turned into an Shepherd action, and the 
>> Guile
>> procedure could do the above to return the text output; to 
>> simplify
>> the
>> test and reduce boilerplate, while providing value to the user.
>>

Here I use a cli of fail2ban. It's arguments are very extended.
I'm not sure how it should be implemented in terms of
shepherd-action. I will continue thinking about it, but I
would prefer to skip this for now, if you don't mind.

thanks in advance,
muradm

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 2 years and 325 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.