github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,735 Commits
34 Branches
230 Tags
22 MiB
Commit Graph

773 Commits (0.9)

Author SHA1 Message Date
Yaroslav Halchenko 85b298e49c RF: try/except/finally in a single statement (while at it) 
since we support now python >= 2.6
 2015-09-12 12:59:37 -04:00
sebres 4cf3b576b9 Bugfix for dnsToIp resolver for fqdn with large list of IPs; 
closes #1164
 2015-09-08 18:20:48 +02:00
Konstantin Manna 7de78f4bb8 renamed <NAME> to correct <ACT> in protocol 2015-08-02 14:55:38 +02:00
Yaroslav Halchenko 9ebf01293b Post release tune ups 2015-08-01 09:17:31 -04:00
Yaroslav Halchenko 70ba5cb005 Release changes (too much of manual "labor"! ;)) 2015-07-31 21:32:13 -04:00
Yaroslav Halchenko cb101e9f4a Merge pull request #1136 from yarikoptic/bf-timeout-nested-commands-killpg 
WiP BF: kill the entire process group upon timeout (Close #1129)
 2015-07-27 22:30:09 -04:00
sebres 8a37a46fbb bug fix: option 'dbpurgeage' was never set (always default) by start of fail2ban, because of invalid sorting of options ('dbfile' should be always set before other database options) / closes #1048, closes #1050 2015-07-27 10:59:14 +02:00
Yaroslav Halchenko 17472a8b56 BF: guarantee order of dbfile to be before dbpurgeage (Closes #1048) 2015-07-27 10:18:29 +02:00
Yaroslav Halchenko 515ad6dc12 TST: test to verify killing stuck children processes 2015-07-26 21:52:38 -04:00
Yaroslav Halchenko 7112e4f6c6 BF: kill the entire process group upon timeout (Close #1129) 
Requires also establishing a new process group for a child
process, which changes previous behavior
 2015-07-26 20:41:43 -04:00
Lee Clemens 8822ed4144 Remove self.printlog() call 
This seems to have been used for debugging, while unittest method was disabled
 2015-07-24 15:13:37 -04:00
Lee Clemens 0ed1cb0aa6 Remove literal "TODO" from method's name 
Also need to change expected log message, since this test hasn't been executed, possibly ever.
 2015-07-24 13:57:59 -04:00
Viktor Szépe 586703dcc2 Test, changelog and fixes to pass2allow 2015-07-13 16:46:04 +02:00
sebres 95c2a2976f unbanip always deletes ip from database (independent of bantime, also if currently not banned or persistent); 
merged from #716 where it works;
closes gh-972, closes gh-768
 2015-07-10 13:56:26 +02:00
Yaroslav Halchenko 00d8779f87 Merge pull request #1104 from leeclemens/travis-rework 
Improve Travis setup and coverage reporting (all versions report)
 2015-07-09 19:39:20 -04:00
Lee Clemens 2c05e8d21d Prevent UserWarning: The version specified requires normalization, add 0 to version 2015-07-09 14:31:51 -04:00
Lee Clemens 675767ad4f Exclude coverage traceback in smoke test (misctestcase) 2015-07-09 10:12:40 -04:00
sebres 4aff396b05 deserialize "close" message not expected (was not serialized). 
closes #1103
 2015-07-08 11:10:05 +02:00
Viktor Szépe a3b8257b73 Add HEAD method verb to apache-badbots, nginx-badbots 2015-07-07 17:45:40 +02:00
sebres 4a4fe7d76a extending test cases (increase coverage) + changelog entry for #1099 2015-07-06 22:09:13 +02:00
sebres 3e47ce7f2a redefine protocol constants in protocol.py (prevent unnecessary duplication) 2015-07-06 17:37:12 +02:00
sebres 17502bd818 obsolete code removed (python <= 2.5) + test case extended 2015-07-06 13:08:13 +02:00
sebres 81e659b760 performance fix: minimizes connection overhead, using same socket by multiple commands without close it (ex.: 'start' sends several hundreds commands at once) 2015-07-06 12:23:53 +02:00
Yaroslav Halchenko e38b4b8cb3 Merge pull request #1051 from leeclemens/bf/roundcube 
Update regex to work with roundcube 1.0.5 and 1.1.1
 2015-07-05 21:35:49 -04:00
Lee Clemens b5d5a79845 Fix error logging - not enough arguments (tuple is 1 arg, need 2) 2015-07-05 10:30:45 -04:00
Yaroslav Halchenko 034a865c79 Merge pull request #1093 from leeclemens/pep8-e7 
Fix PEP8 E701, E703 and E712
 2015-07-05 00:05:48 -04:00
Lee Clemens fdc3172aec Fix PEP8 E302 expected 2 blank lines, found X 2015-07-04 13:47:40 -04:00
Lee Clemens fbeee8bb28 Fix PEP8 E303 too many blank lines 2015-07-04 13:25:20 -04:00
Lee Clemens 60c5c6951c Fix PEP8 E301 expected 1 blank line, found 0 2015-07-04 13:23:08 -04:00
Lee Clemens 31b34950f7 Fix pep8 E712 comparison to False should be 'if cond is False:' or 'if not cond:' 2015-07-04 12:39:42 -04:00
Lee Clemens fe5e7a023e Fix pep8 E701 multiple statements on one line (colon) 2015-07-04 12:39:42 -04:00
Lee Clemens 1a98e15328 Fix pep8 E703 statement ends with a semicolon 2015-07-04 12:39:42 -04:00
Lee Clemens f7444f16b8 Add optional session id prefix for roundcube 1.1.1 2015-07-04 11:06:51 -04:00
Lee Clemens 2796534a5d Update regex to work with roundcube 1.0.5 on CentOS 6 2015-07-04 11:02:04 -04:00
Lee Clemens 8e0145b947 Fix pep8 W604 "backticks are deprecated, use 'repr()'" 2015-06-27 13:57:09 -04:00
Lee Clemens 2310ac44c7 Fix pep8 W602 "deprecated form of raising exception" 2015-06-27 13:57:09 -04:00
Lee Clemens 3e3d1e0cf6 Fix pep8 W601 ".has_key() is deprecated, use 'in'" 2015-06-27 13:57:09 -04:00
Lee Clemens 7667712909 Fix pep8 E401 multiple imports on one line 2015-06-26 12:51:19 -04:00
sebres f2d0230a67 reload in interactive mode appends all the jails twice (#825) 2015-06-22 17:57:01 +02:00
sebres 2f283079f8 reload server/jail failed if database used (but was not changed) and some jail active (#1072) 2015-06-22 17:56:39 +02:00
Yaroslav Halchenko 345820d2aa Merge pull request #1056 from ipoddubny/asterisk_security_log 
Fix support for Asterisk security log
 2015-05-25 12:50:13 -04:00
Yaroslav Halchenko eb091d9b8c Merge remote-tracking branch 'origin/master' into pr-1039 
* origin/master:
  minor: no tripple empty lines
  add froxlor-auth filter and jail
  add froxlor-auth filter and jail 0
  add froxlor-auth filter and jail
  BF: Fix fail2ban-regex not parsing journalmatch correctly
 2015-05-25 10:50:34 -04:00
Joern Muehlencord 4296d1a9a9 add froxlor-auth filter and jail 2015-05-25 13:51:06 +02:00
Joern Muehlencord 964cdb5d9b add froxlor-auth filter and jail 2015-05-25 13:44:50 +02:00
Ivan Poddubny 38d9f3e609 Asterisk security log: add tests and update ChangeLog 2015-05-25 08:32:49 +03:00
Anton Shestakov 56e5821c06 Match unknown user in dovecot's passwd-file auth database 2015-04-30 16:53:10 +08:00
Yaroslav Halchenko fb336276d4 post-release tune ups 
Conflicts:
	ChangeLog
	README.md
 2015-04-29 09:02:48 -04:00
Yaroslav Halchenko 840fea9f71 Merge commit '0f75ed5e2ab1159e45a7771a7a4e90c877ec848e' 
* commit '0f75ed5e2ab1159e45a7771a7a4e90c877ec848e':
  Just use a system wide python in the tests digest.py
  DOC: Slight tune up to RELEASE doc -- no need for PYTHONPATH to run tests
  MANIFEST: updated for some new files, sorted all entries, removed some duplicates
  Initial changes for the release -- simplified ChangeLog header etc
 2015-04-28 23:51:32 -04:00
Yaroslav Halchenko c0e1333fe6 BF: if no /dev/log on Linux -- don't expect setting syslog to work 2015-04-28 23:51:00 -04:00
Lee Clemens 8f792f52fb Add drupal-auth filter and jail 2015-04-27 13:10:27 -04:00
Yaroslav Halchenko 0f75ed5e2a Just use a system wide python in the tests digest.py 
to stay inline with the other scripts
 2015-04-26 21:57:13 -04:00
Yaroslav Halchenko ca849b93dc Initial changes for the release -- simplified ChangeLog header etc 2015-04-26 21:39:54 -04:00
Lee Clemens b530d88eca Merge remote-tracking branch 'upstream/master' into bf/1000-asteriskBlocksSelf 
Conflicts:
	ChangeLog
 2015-04-26 15:13:59 -04:00
Markus Oesterle 6ba389c70c Fixed typo in filter description authentification instead of authentication 2015-04-16 23:43:57 +02:00
Markus Oesterle 7a1f1c6b0c Fixed the UTC -> CEST difference... 2015-04-16 21:54:57 +02:00
Markus Oesterle b9a09af914 Added changes to ChangeLog & updated sample test cases 2015-04-16 21:33:57 +02:00
Orion Poplawski aa8113c128 Do not run smtp tests if no_network set 2015-04-07 15:52:29 -06:00
Yaroslav Halchenko c926af1fce Merge pull request #1002 from sebres/_bf/fix-invalid-ip 
fix test for invalid IP (use TEST-NET-1 according to RFC 5737)
 2015-03-25 14:02:00 -04:00
Yaroslav Halchenko eb05cd7bd5 BF(OSX): apparently exceptions could not be compared for identity, use repr 2015-03-25 11:27:22 -04:00
sebres 6da0c4ad48 very long time resolving IP for address "abcdef" on some PDC, under NAT etc. - replaced via "abcdef.abcdef" to prevent searching in local domains; 2015-03-25 01:50:51 +01:00
sebres c5ba76aab8 fix test for invalid IP (use TEST-NET-1 according to RFC 5737): 
since fef031b3cd failed, because on some platforms like vm:debian 10.0.0.0 returns 'localhost' (intern network).
 2015-03-25 01:24:33 +01:00
Lee Clemens 72f4bcfbff Match hacking attempt IP instead of asterisk server IP (closes #1000) 2015-03-24 19:03:26 -04:00
Yaroslav Halchenko 9339293413 ENH: minor formatting, no functional changes 2015-03-23 21:26:17 -04:00
Yaroslav Halchenko 4a83741397 BF: do not expect setting logtarget to SYSLOG to work on non-Linuxes 
I have no BSD buildbots available for *BSDs etc, so can't speak for all, but
http://nipy.bic.berkeley.edu/builders/fail2ban-py2.6-osx-10.6_master/builds/151/steps/shell_1/logs/stdio
suggests that logically fails on OSX
 2015-03-21 22:30:58 -04:00
Yaroslav Halchenko 382e7f02ca BF: expect ['error'] as a value if no dns module available 
As many buildbots show:
e.g. http://nipy.bic.berkeley.edu/builders/fail2ban-py2.7-osx-10.8_master/builds/163/steps/shell_1/logs/stdio
 2015-03-21 16:04:34 -04:00
Yaroslav Halchenko 31d107d181 BF: asyncore.loop poll=True for recent (>=3.4) pythons too 
should avoid
  File /usr/lib/python3.4/asyncore.py, line 208, in loop
    poll_fun(timeout, map)
  File /usr/lib/python3.4/asyncore.py, line 145, in poll
    r, w, e = select.select(r, w, e, timeout)
OSError: [Errno 9] Bad file descriptor
 2015-03-05 22:52:40 -05:00
Yaroslav Halchenko daa2a9e5d8 Merge pull request #975 from sebres/gh-973-fix 
BF: binding parameter error (unsupported type) (closes gh-973) ...
 2015-03-05 22:47:45 -05:00
Yaroslav Halchenko 954075449d BF: fixed casing in __sigUSR1handler 2015-02-26 20:59:52 -05:00
Teubel György 0254cbf7fb Flush logs at USR1 signal 2015-02-26 23:23:10 +01:00
sebres 5ab30c88c2 more stable handling of json dump/load different encoded strings for older python versions; 
extended test cases (more precise, python version insensitive, etc.)
 2015-02-25 22:14:49 +01:00
sebres 2bfe22aa66 makes test case more precise; 2015-02-25 15:05:32 +01:00
sebres 6c788a32ee BF: binding parameter error (unsupported type) by writing json with invalid encoded lines into sqlite database (gh-973); 
especially python < 3.0; try to prevent occurring such errors in the future;
 2015-02-25 11:56:11 +01:00
Yaroslav Halchenko 82d5e6b840 ENH: explicitly hint on logencoding setting in jail (Close #909) 2015-02-18 21:00:35 -05:00
Lee Clemens 6268eb32be Use syslogsocket value "auto" to determine syslog socket's path 2015-02-06 19:14:09 -05:00
Lee Clemens 445fd7367f Configure Syslog Socket Path 2015-02-05 23:44:57 -05:00
Yaroslav Halchenko 40068f5f31 Merge pull request #933 from mrc0mmand/nginx-botsearch 
Add jail nginx-botsearch and refactor common with apache-botsearch regexes into botsearch-common
 2015-02-04 09:27:43 -05:00
Lee Clemens b28fea4d41 Clarify filter.DNSUtils functions' terminology and add unittests 2015-02-03 20:19:39 -05:00
František Šumšal eb0d086ed0 Merge branch 'master' into nginx-botsearch 2015-02-04 02:13:33 +01:00
Yaroslav Halchenko 991096e599 Merge pull request #930 from leeclemens/ENH/916-logCauseOfIgnore 
Conditionally log Ignore IP, and pass in reason (Closes #916)
 2015-02-03 19:24:59 -05:00
Yaroslav Halchenko 51333bb0a6 just a bit of description for a test case 2015-02-03 18:38:19 -05:00
Lee Clemens 50d18f68df fix typo (false positive test) 2015-02-03 18:18:09 -05:00
Lee Clemens c755138672 create OK and NOK methods 2015-02-03 18:11:49 -05:00
Lee Clemens 8233f21fc2 Remove duplicate unittests 2015-02-03 18:06:30 -05:00
Lee Clemens aa848a5f9e Combine ignore cause unitests 2015-02-03 18:02:42 -05:00
Orion Poplawski e7ff7e90b7 [postfix-sasl] update regexes 
- Add : to match "SASL LOGIN authentication failed: Password:"
- Add ignoreregex to ignore system authentication issues:
  "warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Connection lost to authentication server"
- Add test log messages for both
 2015-02-03 11:30:16 -07:00
Lee Clemens 3186df55e3 add Ignore DNS and IP test cases 2015-02-02 21:55:44 -05:00
Yaroslav Halchenko 1fbafa46c9 Merge pull request #918 from sebres/issue/161 
Issue/161
 2015-02-02 21:44:57 -05:00
Yaroslav Halchenko 73af02ffc6 Merge pull request #940 from leeclemens/ENH/ApacheFakeGoogleBot 
New jail: apache-fakegooglebot
 2015-02-02 21:44:04 -05:00
Yaroslav Halchenko 7ada96b4e9 Merge pull request #932 from opoplawski/dovecot 
Dovecot - dovecot auth failure from EL7
 2015-02-02 21:37:28 -05:00
Yaroslav Halchenko 767ac4ecac Merge branch 'master' of git://github.com/fail2ban/fail2ban 
* 'master' of git://github.com/fail2ban/fail2ban:
  Remove trailing semicolons
 2015-02-02 21:21:54 -05:00
Lee Clemens 2d266d96d5 Remove trailing semicolons 2015-02-02 19:03:43 -05:00
Lee Clemens eb17b68641 fix test for invalid IP 2015-02-02 14:03:35 -05:00
Lee Clemens fef031b3cd test ipToName Exception 2015-02-02 14:01:48 -05:00
Lee Clemens 4cfbb840ad move test to more sensible function name 2015-02-02 13:40:56 -05:00
Lee Clemens 0463518d28 Add testcase for DNSUtils.ipToName 2015-02-02 13:14:53 -05:00
Lee Clemens 841c476045 Merge branch 'enh/fakegooglebot' of https://github.com/yarikoptic/fail2ban into yarikoptic-enh/fakegooglebot 
Conflicts:
	config/filter.d/ignorecommands/apache-fakegooglebot
 2015-02-02 13:01:23 -05:00
Yaroslav Halchenko 15b65c7ad2 NF: apache-fakegooglebot ignorecommand + DNSUtils.ipToName 2015-02-02 12:19:20 -05:00
Lee Clemens af078532ac New jail: apache-fakegooglebot 
Detects fake googlebot user agents in apache access log
 2015-02-02 00:42:01 -05:00
František Šumšal c8e82f18b6 Add jail nginx-botsearch 
Jail blocks requests for predefined non-existent folders. Based on
apache-botsearch jail.
 2015-01-29 17:57:52 +01:00
Orion Poplawski b4776a1ba0 Match dovecot unknown user line 2015-01-29 09:37:37 -07:00
Orion Poplawski 3bc92610f7 Add dovecot auth failure from EL7 2015-01-29 09:11:59 -07:00
Lee Clemens f4341999cd simplify/unify log message 2015-01-28 19:43:22 -05:00
Lee Clemens 076b103f97 Conditionally log Ignore IP, and pass in reason (ignoreip, ignorecommand) 2015-01-27 21:06:06 -05:00
Lee Clemens 887fa2a3a0 Update protocol with [FLAVOR] argument to status <JAIL> 2015-01-26 20:11:53 -05:00
Lee Clemens 297a32e6bb Update test since JailThread.action was changed from property to method 2015-01-26 20:02:49 -05:00
Lee Clemens 486214585e Update extended status to accept additional argument, flavor 
Default to as-in behavior, or flavor=="basic"
 2015-01-26 19:38:06 -05:00
Lee Clemens 735c51adae fix test of new banManager's instance 2015-01-24 12:45:42 -05:00
Lee Clemens a0debea56a test dnspython nxdomain returned 2015-01-24 12:45:42 -05:00
Lee Clemens 07a47179a7 conditionally import dnspython 2015-01-24 12:45:42 -05:00
Lee Clemens 405f363fe8 Conditionally test fail2ban-client status <JAIL> extended when dnspython is installed 2015-01-24 12:45:42 -05:00
Lee Clemens ba69969057 Add `pass` to empty methods 2015-01-24 12:45:42 -05:00
Lee Clemens 60ac0a1a17 Add extended info to status output using Cyrmu 2015-01-24 12:45:42 -05:00
sebres d0b932aaca code review + more test cases (embedded replace in a string) 2015-01-21 09:44:55 +01:00
sebres 6b42878b8c better recognition of embedded-recursive substitution to repeat interpolation 2015-01-20 17:31:17 +01:00
sebres 33e9e2174a recursive/embedded version of issue/907; 
test cases merged from remote-tracking branch 'yarikoptic:enh/embedded_tags' into issue/907
infinite busy loop on _escapedTags match in substituteRecursiveTags gh-907
 2015-01-20 17:18:25 +01:00
sebres 607af36ad3 workaround for the "Bad file descriptor" issue on Python 2.7, gh-161 : asyncore.loop() using poll 
by the way, prevents to write "'build/bdist.linux-x86_64' does not exist -- can't clean it" into stderr;
 2015-01-20 14:08:30 +01:00
sebres b04a51246f infinite busy loop on _escapedTags match in substituteRecursiveTags gh-907 2015-01-20 11:32:15 +01:00
Yaroslav Halchenko fdd93d1475 ENH: unittest to catch actions without Init or Definition section and all must have actionban at least 2015-01-08 21:51:52 -05:00
Yaroslav Halchenko c7edd9e67f Merge pull request #901 from leeclemens/ENH/PostfixRBL 
Create Jail for Postfix based on RBL
 2015-01-07 21:45:36 -05:00
Lee Clemens bda8dc1926 Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL 2015-01-03 15:29:42 -05:00
Lee Clemens 38641e741a Merge branch 'master' of github.com:fail2ban/fail2ban into BF/755-strptime 
Conflicts:
	ChangeLog
 2015-01-03 15:25:54 -05:00
Lee Clemens b26725f654 Move strptime workaround to fail2ban/__init__.py 2015-01-03 13:45:06 -05:00
Lee Clemens fe72a5585c Create Jail for Postfix based on RBL 
Use RBL blocks to ban addresses, unique Jail so maxretry can be set to 1 (vs postfix.conf)
 2014-12-30 19:06:17 -05:00
Lee Clemens e6ffa2e4a1 Update year in postfix logs test file 2014-12-30 18:10:19 -05:00
Lee Clemens 2d7429c47c Add 'Client host rejected error message' regex 
Not sure if it was reworded (using Postfix 2.6) or a slightly different error, but I only have "Client host rejected: cannot find your hostname"
 2014-12-30 18:05:19 -05:00
Yaroslav Halchenko bcfcefa203 Merge branch 'patch-2' of https://github.com/szepeviktor/fail2ban 
* 'patch-2' of https://github.com/szepeviktor/fail2ban:
  downcase example
  Added an item to "Fixes"
  postfix-sasl failregex case insensitive
 2014-12-30 16:35:09 -05:00
Yaroslav Halchenko cc89649d04 BF: adjusted for new IP of example.com 
Conflicts:
	fail2ban/tests/filtertestcase.py
 2014-12-21 21:45:30 -05:00
Viktor Szépe a9b6a3754b downcase example 2014-12-11 21:01:52 +01:00
Yaroslav Halchenko fb2b52af14 Merge pull request #879 from sebres/broken-test-setup_install_root 
testSetupInstallRoot will be always skipped, ...
 2014-12-05 11:20:31 -05:00
sebres a71a64733a clean all after test setup (removes a build directory in current root of fail2ban) 2014-12-05 16:39:17 +01:00
bes-internal ccc986b7d8 exim filter: correct failregex for exim with extended log options 
incoming_interface, incoming_port, outgoing_port
 2014-12-04 13:34:44 +03:00
sebres 7d4f071d4b small fix: no cover for failed case 2014-12-03 15:25:27 +01:00
sebres d62b046704 testSetupInstallRoot will be always skipped, because of "wrong" location of 'setup.py'; 2014-12-03 14:45:46 +01:00
sebres 80fb48c5b0 Merge remote-tracking branch 'remotes/upstream/master' into sebres:addfailregex-gh-867 2014-12-01 13:14:42 +01:00
Yaroslav Halchenko a170afcb76 Merge pull request #839 from sebres/fix-none-getattempt-lambda 
Fix none getattempt lambda (close #838,  close #848)
 2014-11-29 21:33:09 -05:00
sebres effdb450fc better and scalable solution for gh-867 (and gh-868), using only name convention like %(known/failregex)s to add custom expressions, so no interface changes in jail.conf are necessary (for example see test-known-interp in test cases); 2014-11-29 20:33:32 +01:00
sebres 00c2ac4b03 python 2.6 compatibility: preventing RuntimeError: dictionary changed size during iteration. 2014-11-28 19:50:52 +01:00
sebres d63b125877 interpolation of config readers extended with `%(known/parameter)s`. 
(means last known option with name `parameter`).
 2014-11-28 19:06:17 +01:00
sebres 1439152121 test cases extended (now correct) 2014-11-28 14:52:12 +01:00
sebres cad09d2df3 BF: failregex declared direct in jail was joined to single line, (specifying of multiple expressions was not possible); 
feature request (gh-867): new options for jail introduced addfailregex/addignoreregex: extends regex specified in filter (opposite to failregex/ignoreregex that overwrites it);
 2014-11-28 03:17:47 +01:00
Serg G. Brester 6dfddbcdf6 Bug fix in formatJournalEntry, gh-851 
Unhandled exception in fail2ban 0.9.1 #851
 2014-11-07 01:21:38 +01:00
sebres 92ba5ae09c few confusing merge info helper 2014-10-29 22:08:44 +01:00
sebres 46a8899f20 code review 2014-10-29 19:27:45 +01:00
sebres 8dbc04aa06 Test cases fixed: 
testFail2BanExceptHook - use local sys.__excepthook__ to check was really executed and prevent write error in stderr.
 2014-10-29 13:30:24 +01:00
sebres 518cc92ccc actions: bug fix in lambdas in checkBan, because getBansMerged could return None (purge resp. asynchronous addBan), make the logic all around more stable; 
test cases: extended with test to check action together with database functionality (ex.: to verify lambdas in checkBan);
database: getBansMerged should work within lock, using reentrant lock (cause call of getBans inside of getBansMerged);
 2014-10-29 12:36:21 +01:00
Yaroslav Halchenko 7acddcbe4a Post-release boost to .dev 2014-10-27 23:45:51 -04:00
Yaroslav Halchenko 987356d6c0 Changes for the 0.9.1 release versioning 2014-10-27 21:43:17 -04:00
Yaroslav Halchenko fc145eb795 Merge pull request #748 from pacop/master 
ENH: Add dateTime format for PortSentry
 2014-10-25 12:34:00 -04:00
Yaroslav Halchenko 8a453018a9 Merge pull request #830 from sebres/_tent/cache-config-read-fix1 
fix: fail2ban-regex with filter file failed
 2014-10-25 12:30:55 -04:00
pacop e3a037ee3f merge master 2014-10-25 18:15:34 +02:00
sebres 3dac765598 ConfigReader.touch renamed into protected _create_unshared 2014-10-25 17:20:01 +02:00
Yaroslav Halchenko e1a5decc00 DOC: adjust docs in mytime to place docs into docstrings 2014-10-25 09:34:37 -04:00
Yaroslav Halchenko caa6006a31 ENH: do use @staticmethod (we are well beyond support of 2.4 now) 2014-10-25 09:25:18 -04:00
sebres 07d4badfd0 testExecuteTimeout fixed: give a test still 1 second, because system could be too busy 2014-10-24 05:42:58 +02:00
sebres bef0502e6b coverage: no cover (for failed except) 2014-10-24 05:28:35 +02:00
sebres 0b0ea41f87 fix: fail2ban-regex with filter file failed (after merging #824, because test case missing); 
test case for 'readexplicit' added;
 2014-10-24 04:59:44 +02:00
Yaroslav Halchenko d4015d6566 ENH: remove obsolete code for python < 2.6 (we support >= 2.6) 2014-10-23 14:51:51 -04:00
Yaroslav Halchenko 78e1a13fad Merge branch '_tent/cache-config-read' of https://github.com/sebres/fail2ban 
* '_tent/cache-config-read' of https://github.com/sebres/fail2ban:
  code review, change log entries added;
  reset share/cache storage (if we use 'reload' in client with interactive mode)
  normalize tabs/spaces in docstrings;
  cache-config-read-v2 merged; logging normalized, set log level for loading (read or use shared) file(s) to INFO; prevent to read some files twice by read inside "_getIncludes" and by "read" self (occurred by only one file);
  code review; more stable config sharing, configurator always shares it config readers now;
  code review: use the same code (corresponding test cases - with sharing on and without it);
  rewritten caching resp. sharing of ConfigReader and SafeConfigParserWithIncludes (v.2, first and second level cache, without fingerprinting etc.);
  code review
  ConfigReader/ConfigWrapper renamed as suggested from @yarikoptic; + code clarifying (suggested also);
  Partially merge remote-tracking from 'sebres:cache-config-read-820': test cases extended, configurator.py adapted for test case.
  ENH: keep spitting out logging to the screen in LogCaptureTestCases if HEAVYDEBUG
  test case for check the read of config files will be cached;
  more precise by test
  ConfigWrapper class introduced: sharing of the same ConfigReader object between JailsReader and JailReader (don't read jail config each jail); sharing of the same DefinitionInitConfigReader (ActionReader, FilterReader) between all jails using that; cache of read a config files was optimized; test case extended for all types of config readers;
  config cache optimized - prevent to read the same config file inside different resources multiple times; test case: read jail file only once;
  test case for check the read of config files will be cached;
  caching of read config files, to make start of fail2ban faster, see issue #820
 2014-10-23 14:28:33 -04:00
Yaroslav Halchenko 86a5f42f73 BF: made tests util digest.py friendly to python3 2014-10-12 16:40:29 -04:00
sebres 7d3e6e9935 code review, change log entries added; 2014-10-10 20:06:58 +02:00
sebres 73a06d55a8 reset share/cache storage (if we use 'reload' in client with interactive mode) 2014-10-10 18:50:24 +02:00
sebres 7f5d4aa7a6 normalize tabs/spaces in docstrings; 2014-10-10 16:59:40 +02:00
sebres 95bdcdecaa cache-config-read-v2 merged; 
logging normalized, set log level for loading (read or use shared) file(s) to INFO;
prevent to read some files twice by read inside "_getIncludes" and by "read" self (occurred by only one file);
 2014-10-10 16:49:08 +02:00
sebres 02a46d0901 code review; 
more stable config sharing, configurator always shares it config readers now;
 2014-10-10 12:05:49 +02:00
sebres e0eb4f2358 code review: use the same code (corresponding test cases - with sharing on and without it); 2014-10-10 02:47:42 +02:00
sebres c35b4b24d2 rewritten caching resp. sharing of ConfigReader and SafeConfigParserWithIncludes (v.2, first and second level cache, without fingerprinting etc.); 2014-10-10 02:10:13 +02:00
sebres 37952ab75f code review 2014-10-09 19:51:53 +02:00
sebres f67053c2ec ConfigReader/ConfigWrapper renamed as suggested from @yarikoptic; 
+ code clarifying (suggested also);
 2014-10-09 19:01:49 +02:00
sebres f6723a12ff Merge branch 'cache-config-read-820' into _tent/cache-config-read 2014-10-09 18:01:31 +02:00
sebres b62ce14ccd Partially merge remote-tracking from 'sebres:cache-config-read-820': 
test cases extended, configurator.py adapted for test case.
 2014-10-09 18:00:45 +02:00
Yaroslav Halchenko 0c5f11079c ENH: keep spitting out logging to the screen in LogCaptureTestCases if HEAVYDEBUG 2014-10-09 10:47:00 -04:00
sebres f31607ded1 test case for check the read of config files will be cached; 
Conflicts:
	fail2ban/tests/clientreadertestcase.py -- removed not needed
        time in imports
 2014-10-09 10:30:17 -04:00
sebres 51cae63bf0 more precise by test 2014-10-09 15:39:58 +02:00
sebres 4244c87802 ConfigWrapper class introduced: sharing of the same ConfigReader object between JailsReader and JailReader (don't read jail config each jail); 
sharing of the same DefinitionInitConfigReader (ActionReader, FilterReader) between all jails using that;
cache of read a config files was optimized;
test case extended for all types of config readers;
 2014-10-09 14:51:08 +02:00
sebres 2a54e61238 config cache optimized - prevent to read the same config file inside different resources multiple times; 
test case: read jail file only once;
 2014-10-08 15:44:32 +02:00
sebres af4b48e841 test case for check the read of config files will be cached; 2014-10-07 14:37:40 +02:00
pacop ce4f2d1c88 added filter for PortSentry with jail and samples 2014-10-04 15:08:12 +02:00
pacop 37acc6b832 ENH: Add dateTime format for PortSentry 
Added dateTime format for PortSentry with EPOCH format
 2014-10-04 14:55:22 +02:00
sebres d00af327c5 caching of read config files, to make start of fail2ban faster, see issue #820 2014-10-03 02:11:55 +02:00
Yaroslav Halchenko 05fcb1f104 Merge pull request #813 from schaal/tests-configdir-env-variable 
tests: Add function to utils to calculate CONFIG_DIR
 2014-10-01 14:19:26 -04:00
Daniel Schaal 270ea363d3 tests: define CONFIG_DIR in utils. 2014-10-01 19:50:03 +02:00
SlowRiot 5d526bbeb1 forgot to add test case to last commit 2014-09-29 00:49:22 +01:00
Nick Weeds 2c158fe168 Add apache filter for AH01630 client denied by server configuration 2014-09-14 21:54:05 +01:00
Yaroslav Halchenko 0e1f8f7f39 RF: remove those two additional failregexes for the postfix 
see comment
https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426
 2014-09-13 10:25:27 -04:00
Paul Traina 249e169d8e Update test cases and also suport smtps per request. 2014-09-08 11:53:51 -07:00
Yaroslav Halchenko f756278fe5 ENH: just a bit more descriptive exception ;-) 2014-08-12 11:53:54 -04:00
Yaroslav Halchenko b2a1032f57 ENH/BF(TST): making permissions restrictive is not sufficient -- really remove file to test 2014-08-12 11:31:42 -04:00
Yaroslav Halchenko 6fc04c2256 Merge branch 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban (with some tune up to Changelog entry) 
* 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban:
  ENH: cyrus-imap -- catch also 'user not found' attempts
  BF: cyrus-imaps -- catch also for secured daemons

Conflicts:
	ChangeLog
 2014-08-11 13:09:43 -04:00
Yaroslav Halchenko f9cfbd66e6 Merge pull request #771 from szepeviktor/patch-1 
named users + smtp auth probes
 2014-07-28 10:14:18 -04:00
Yaroslav Halchenko 81c98f77ca Merge pull request #769 from kwirk/unban-database 
BF: Remove manually unbanned IPs from persistent database
 2014-07-27 21:54:44 -04:00
Yaroslav Halchenko 45c1095606 Merge pull request #750 from niorg/master 
Added Directadmin filter, jail and log test
 2014-07-27 21:47:07 -04:00
Yaroslav Halchenko 3339dc8d84 ENH: cyrus-imap -- catch also 'user not found' attempts 2014-07-25 10:13:04 -04:00
Yaroslav Halchenko 3e5c598b79 BF: cyrus-imaps -- catch also for secured daemons 2014-07-25 10:02:40 -04:00
Szépe Viktor 68bf5a1c36 I don't understand those years. 2014-07-20 21:23:57 +02:00
Szépe Viktor 9c4f9a3de8 added Jul 3 & Jul 4 2014-07-20 21:13:55 +02:00
Steven Hiscocks 01d02ca5e6 BF: Remove manually unbanned IPs from persistent database 
Stops them being restored when Fail2Ban is restarted. Particularly this
is an issue with bantime < 0

Fixes gh-768
 2014-07-19 15:17:32 +01:00
Steven Hiscocks 8e0a59f04d Merge pull request #763 from Sean-Der/round-banip-time 
BF: Round timeofban before inserting into the persistant database
 2014-07-19 14:56:32 +01:00
Sean DuBois ac9fa90625 BF: Round timeofban before inserting into the persistant database 2014-07-17 21:57:52 +00:00
Sean DuBois 84b7e93a47 ENH: Add version command to protocol 
TST: Add test for version server command
 2014-07-15 06:19:13 +00:00
Cyril Roos add8e61036 Added Directadmin filter, jail and log test 2014-07-02 13:52:06 +02:00
Yaroslav Halchenko 0adb10f653 Merge branch 'ainfo-copy' of https://github.com/kwirk/fail2ban 
* 'ainfo-copy' of https://github.com/kwirk/fail2ban:
  TST: actions modifying aInfo test more robust
  TST: Test for actions modifying (un)ban aInfo
  BF: aInfo could be modified by actions, causing unexpected behaviour
 2014-06-22 10:53:30 -04:00
Steven Hiscocks dd3ab858dd TST: actions modifying aInfo test more robust 2014-06-22 13:56:32 +01:00
Steven Hiscocks 7640aa0918 TST: Test for actions modifying (un)ban aInfo 2014-06-22 13:47:25 +01:00
Steven Hiscocks 2d54161696 Merge branch 'kwirk/harmonize-log-msgs' 
Conflicts:
	ChangeLog - Keep all additions
 2014-06-22 12:57:49 +01:00
Steven Hiscocks 94232d7c31 Merge pull request #726 from pmarrapese/master 
Minor improvement to sshd filter
 2014-06-17 23:43:42 +01:00
Steven Hiscocks 8268c1641f BF: aInfo could be modified by actions, causing unexpected behaviour 
A separate copy of aInfo is passed to each action
 2014-06-17 23:24:23 +01:00
Yaroslav Halchenko 4190a4030c Merge branch 'sebres-strptime-bug' of https://github.com/kwirk/fail2ban 
* 'sebres-strptime-bug' of https://github.com/kwirk/fail2ban:
  DOC: Tweak ChangeLog and THANKS
  DOC: Update docs in reference to time zone related fix
  TST: Fix tests due to @sebres fix and based from gh-349 reverts
  strptime bug fix: if gmtoff is None we have 1 hour increment of time (through utctimetuple), compare: >>>> datetime.datetime.fromtimestamp(time.mktime(datetime.datetime.now().timetuple())).strftime("%Y-%m-%d %H:%M:%S") '2014-04-29 17:26:31' >>>> datetime.datetime.fromtimestamp(time.mktime(datetime.datetime.now().utctimetuple())).strftime("%Y-%m-%d %H:%M:%S") '2014-04-29 18:26:37'

Conflicts:
	ChangeLog
 2014-06-16 09:28:41 -04:00
Steven Hiscocks 664f1db0ba BF: Fix getLogger for single level log level names 2014-06-10 20:58:57 +01:00
Steven Hiscocks 9764c78415 ENH: Rename fail2ban_excepthook to excepthook 2014-06-10 20:38:18 +01:00
Steven Hiscocks 4fc7f1a831 ENH: Tweak naming of getF2BLogger, and ensure consistent use 2014-06-10 20:36:19 +01:00
Steven Hiscocks f7da091437 ENH: Log unhandled exceptions to Fail2Ban log 2014-06-09 22:27:51 +01:00
Steven Hiscocks e8131475cd ENH: Realign and harmonise log messages with getF2BLogger helper 2014-06-09 22:17:00 +01:00
JoelSnyder 54317d7c3b Create test for oracleims filter 
This test file shows configuration information for the application, three log lines that DO match the pattern, and one log line that does NOT match the pattern (the first one).
 2014-06-02 22:58:39 -07:00
pmarrapese 96918acee4 more explicit match for sshd filter & added test 2014-05-19 20:47:16 -07:00
Steven Hiscocks 0ca97431a0 ENH: Clearer warning with lines which failed to decode correctly 2014-05-15 22:48:03 +01:00
sebres 213c4315c3 fix a TypeError bugs like "Failed to execute ban jail 'pam-generic' action 'iptables-allports'" 
getAttempt returns not a list (numeric), so by call of both lambda we have a TypeError except;
simplifying code;
 2014-05-15 19:41:00 +02:00
Steven Hiscocks 8843423c8f TST: Fix tests due to @sebres fix and based from gh-349 reverts 2014-05-14 23:01:14 +01:00
sebres 2bf0b4a50c strptime bug fix: if gmtoff is None we have 1 hour increment of time (through utctimetuple), compare: 
>>>> datetime.datetime.fromtimestamp(time.mktime(datetime.datetime.now().timetuple())).strftime("%Y-%m-%d %H:%M:%S")
'2014-04-29 17:26:31'
>>>> datetime.datetime.fromtimestamp(time.mktime(datetime.datetime.now().utctimetuple())).strftime("%Y-%m-%d %H:%M:%S")
'2014-04-29 18:26:37'
 2014-05-14 22:29:06 +01:00
Yaroslav Halchenko 2526dbae92 Merge branch 'recursive-tag-fix' of https://github.com/kwirk/fail2ban 
* 'recursive-tag-fix' of https://github.com/kwirk/fail2ban:
  ENH: explicitly define tags which should be escaped
  DOC: ChangeLog update for recursive tag bug fix
  BF: Tags not fully recursively substituted

Conflicts:
	ChangeLog -- kept all as is
 2014-05-13 11:23:30 -04:00
Steven Hiscocks 1e586fb0e9 ENH: explicitly define tags which should be escaped 2014-05-11 14:49:49 +01:00
Yaroslav Halchenko c619202d6f Merge branch 'master' of github.com:fail2ban/fail2ban 
* 'master' of github.com:fail2ban/fail2ban:
  ENH: Match non "Bye Bye" for sshd locked accounts failregex
  Even stricter monit regex, now covers entire line
  Tidy up filter.d/monit.conf, make regex more complete. Add ChangeLog / THANKS entry. Add test cases.
  ENH: Move traceback formatter to from tests.utils to helpers
  Block brute-force attempts against the Monit gui
 2014-05-10 20:02:47 -04:00
Steven Hiscocks 904b362215 DOC: ChangeLog update for recursive tag bug fix 
Also minor typo fixes in comments
 2014-05-09 20:25:44 +01:00
Steven Hiscocks 77ba065571 Merge pull request #697 from jhmartin/monit_admin_hack 
Block brute-force attempts against the Monit gui
 2014-05-07 22:23:01 +01:00
Yaroslav Halchenko 3471f13a84 Merge pull request #700 from kwirk/format-traceback-to-helpers 
ENH: Move traceback formatter to from tests.utils to helpers
 2014-05-07 09:09:01 -04:00
Yaroslav Halchenko 1f8b554d31 Merge branch 'database-persistent-bans' of https://github.com/kwirk/fail2ban 
* 'database-persistent-bans' of https://github.com/kwirk/fail2ban:
  BF: bantime < 0 database should return all bans, as they are persistent

Conflicts:
	ChangeLog - kept all ;)
 2014-05-05 23:29:35 -04:00
Yaroslav Halchenko 3eabf4a7bd Merge pull request #708 from kwirk/ssh-bye-bye 
ENH: Match non "Bye Bye" for sshd locked accounts failregex
 2014-05-05 23:22:57 -04:00
Steven Hiscocks b3266ba44d BF: Tags not fully recursively substituted 
Note: recursive check ignored for "matches", as tags would be escaped,
and hence shouldn't match "<%s>" as "<ip>" would become "\<ip\>". This
therefore maintains advantage of delayed call for {ip,jail,}matches.

Fixes gh-713
 2014-05-03 14:28:13 +01:00
Steven Hiscocks cf3a6015f0 BF: Avoid closing "/dev/urandom" for Python 3.4.0 
Upstream bug: http://bugs.python.org/issue21207

Closes gh-687
 2014-05-03 12:44:03 +01:00
Steven Hiscocks bc10b64c69 ENH: Match non "Bye Bye" for sshd locked accounts failregex 2014-04-27 13:35:55 +01:00
Steven Hiscocks bbcbefd494 BF: bantime < 0 database should return all bans, as they are persistent 2014-04-22 19:20:44 +01:00
Steven Hiscocks a7766d3316 DOC: Add notice message for systemd backend when no journal match 2014-04-20 17:59:41 +01:00
Jason Martin 72bfd14330 Tidy up filter.d/monit.conf, make regex more complete. 
Add ChangeLog / THANKS entry.
Add test cases.
 2014-04-19 13:04:03 -07:00
Steven Hiscocks 03d90c2f42 BF: recidive filter and samples at wrong log level: WARNING->NOTICE 2014-04-19 18:07:23 +01:00
Steven Hiscocks 6a740f684a ENH: Move traceback formatter to from tests.utils to helpers 
Now allows for tests to be removed from package if desired
 2014-04-18 23:27:30 +01:00
Yaroslav Halchenko 5e179f5dcb TST: skip the test if a known problem with Python 2.6 is detected 
As was original "discovered" while running tests on OSX with python2.6:
http://nipy.bic.berkeley.edu/builders/fail2ban-py2.7-osx-10.6_master/builds/6/steps/shell_2/logs/stdio
 2014-04-17 22:23:20 -04:00
Yaroslav Halchenko 16077a2771 add .dev to 0.9.0 version 2014-04-17 14:08:43 -04:00
Yaroslav Halchenko 3c0d6a77d2 BF: testDatabase -- close and unlink the created test db file 2014-04-17 10:40:37 -04:00
Steven Hiscocks 9d6fc6eca2 ENH: For syslog use SYSLOG_PID over _PID in systemd journal log format 2014-04-16 23:58:00 +01:00
Yaroslav Halchenko c2289bc8fe ENH(TST): relax test of sleep to "1" places from "2" 
The reason is that internally it does round, so even 1.005 then would not
be equal to 1.  Making it spaces==1 should be sufficient for up to 1.05
i.e. we would allow 50ms "drift"
 2014-04-16 15:52:18 -04:00
Steven Hiscocks 1369701f87 ENH: Log trace info for failed action events when in DEBUG 2014-04-12 11:27:05 +01:00
Yung-Chin Oei 941a38ea8e nginx-http-auth: match when "referrer" is present 
A sample log-line is provided.  The updated regex successfully matches
this line.

Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>
 2014-04-04 01:27:39 +01:00
Steven Hiscocks 100b5e61f5 Merge 'kwirk/config-warnings' (early part) 2014-04-03 18:36:56 +01:00
yungchin 6e8c1b2871 nginx-http-auth filter: match server_name = "" 
As documented at
http://nginx.org/en/docs/http/server_names.html#miscellaneous_names "If
no server_name is defined in a server block then nginx uses the empty
name as the server name."  This regex change allows us to match error
output for such a configuration.

The log line added to the tests was lifted from our logs verbatim; it
did not match without the patched regex.

Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>
 2014-04-03 11:04:21 +01:00
Steven Hiscocks 638c013557 ENH: Suppress configuration warnings if non-critical options are not set 2014-04-02 18:30:21 +01:00
Daniel Black ce982debae Merge pull request #670 from kwirk/reban-once-per-ip 
BF: On jail restart reinstatement of bans, fetch one ticket per IP
 2014-03-31 18:36:06 +11:00
Daniel Black 73fb716920 Merge pull request #671 from kwirk/sphinx 
DOC: sphinx documentation
 2014-03-31 18:32:37 +11:00
Steven Hiscocks 953ebd62c6 DOC: Improve error logging when specific backend set and fails 2014-03-29 23:08:37 +00:00
Steven Hiscocks 3781ff845a BF: Fix getting jail name from exceptions in beautifier for Python 3+ 2014-03-29 22:54:06 +00:00
Steven Hiscocks baeff6141e DOC: sphinx documentation 2014-03-29 22:07:33 +00:00
Steven Hiscocks dc24d3d494 BF: On jail restart reinstatement of bans, fetch one ticket per IP 
Closes gh-664
 2014-03-29 21:44:39 +00:00