fail2ban-regex: reports wrong time during DST with ISO 8601 timestamps

Kenyon Ralph Sat, 09 Jul 2011 02:53:25 -0700

Package: fail2ban
Version: 0.8.4-3
Severity: normal
File: /usr/bin/fail2ban-regex
Tags: patch upstream


I noticed that fail2ban-regex reports the wrong time for matches with
ISO 8601 timestamps, as used by rsyslog by default.

Example:

$ fail2ban-regex "2011-07-03T08:22:22.129317+00:00 darwin sshd[461]: Invalid 
user git from 199.17.59.5" /etc/fail2ban/filter.d/sshd.conf
[...]
[5]
    199.17.59.5 (Sun Jul 03 09:22:22 2011)

Notice that the time is an hour ahead of that given on the command
line. This is because iso8601.py disregards the current state of DST
and instead gives a fixed-offset tzinfo in the datetime object it
returns.

A patch that works for me is attached.

-- System Information:
Debian Release: 6.0.2
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages fail2ban depends on:
ii  lsb-base                3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii  python                  2.6.6-3+squeeze6 interactive high-level object-orie
ii  python-central          0.6.16+nmu1      register and build utility for Pyt

Versions of packages fail2ban recommends:
ii  iptables                      1.4.8-3    administration tools for packet fi
ii  whois                         5.0.10     an intelligent whois client

Versions of packages fail2ban suggests:
ii  bsd-mailx [mailx]  8.1.2-0.20100314cvs-1 simple mail user agent
pn  python-gamin       <none>                (no description available)

-- no debconf information

>From d1cb97899934431b821b02ac6273baf42b996707 Mon Sep 17 00:00:00 2001
From: Kenyon Ralph <ken...@kenyonralph.com>
Date: Sat, 9 Jul 2011 01:34:43 -0700
Subject: [PATCH] preserve the local value of Daylight Saving Time

This fixes fail2ban-regex reporting of matches using ISO 8601
timestamps, which previously would be shown incorrect by the DST
offset due to iso8601.py not preserving DST in the datetime object if
given a timestamp with a fixed timezone offset.
---
 server/datetemplate.py |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/server/datetemplate.py b/server/datetemplate.py
index e8c1a5a..561a6a0 100644
--- a/server/datetemplate.py
+++ b/server/datetemplate.py
@@ -189,4 +189,5 @@ class DateISO8601(DateTemplate):
                        # Parses the date.
                        value = dateMatch.group()
                        date = list(iso8601.parse_date(value).timetuple())
+                       date[-1] = time.localtime().tm_isdst
                return date
-- 
1.7.2.5

Bug#633223: /usr/bin/fail2ban-regex: reports wrong time during DST with ISO 8601 timestamps

Reply via email to