github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,195 Commits
33 Branches
229 Tags
20 MiB
Commit Graph

331 Commits (0782b28460057a913ac7ef7bf2fcf6bdc2debc58)

Author SHA1 Message Date
Serg G. Brester 6c030c5e10 Merge pull request #1717 from szepeviktor/patch-11 
Updated xarf-specification repo URL in xarf action
 2017-07-12 09:54:15 +02:00
sebres 33fcf8d809 Merge branch 'master' into 0.10 2017-07-03 12:43:48 +02:00
Serg G. Brester f27e053592 Update bsd-ipfw.conf 
increased starting rule number (lowest_rule_num = 111)
 2017-07-01 17:10:53 +02:00
Serg G. Brester 80cc47b75f Update helpers-common.conf 
fixed grep pattern: escape dot-char in search-IP and more restrictive boundaries (IPv6-capable)
 2017-05-30 09:14:43 +02:00
Viktor Szépe 5bb6be0163 IPv6 address may overlap 2017-05-30 02:05:38 +02:00
sebres 99344d28c8 Introduces new tags with hostname: 
- `<fq-hostname>` - fully-qualified name of host (the same as `$(hostname -f)`)
- `<sh-hostname>` - short hostname (the same as `$(uname -n)`)

Execution of `uname -n` replaced in all mail actions with most interesting fully-qualified `<fq-hostname>`.
 2017-04-24 21:17:55 +02:00
Peter van der Does bb79e7f413
Parameter not needed 
The parameter '-s' causes an error as the <mailcmd> already has the parameter.
 2017-04-11 11:13:58 -04:00
sebres 97e8b42d34 dummy action extended with more examples and test-covered now 2017-03-30 13:02:37 +02:00
sebres d03872fbbf bulk unban: add new command `actionflush` default for several iptables/iptables-ipset actions (and common include): 
iptables-common
  iptables
  iptables-allports
  iptables-multiport-log
  iptables-multiport
  iptables-new
  iptables-ipset-proto4
  iptables-ipset-proto6
  iptables-ipset-proto6-allports

executing `actionflush` command covered for this actions now
 2017-03-29 23:24:11 +02:00
sebres 8bf79fa483 implemented execution of `actionstart` on demand, if action depends on `family` (closes gh-1741); 
new action parameter "actionstart_on_demand" (bool) can be set to prevent/allow starting action on demand (default retrieved automatically, if some conditional parameter `param?family=...` presents in action properties);
 2017-03-29 17:44:15 +02:00
Viktor Szépe d79267c424 Updated xarf-specification repo URL in xarf action 2017-03-14 20:47:31 +01:00
Serg G. Brester d042981954 Merge pull request #1655 from ajcollett/0.10 
Added config for AbuseIPDB
 2017-03-09 15:15:26 +01:00
Serg G. Brester b1f5ac9484 Update abuseipdb.conf 2017-03-09 13:33:11 +01:00
sebres 6a2c95da95 `action.d/sendmail-geoip-lines.conf` fixed using new tag `<ip-host>` (dns-cache and without external command execution); 
changelog updated;
 2017-03-08 16:51:08 +01:00
sebres d2a3d093c6 rewritten CallingMap: performance optimized, immutable, self-referencing, template possibility (used in new ActionInfo objects); 
new ActionInfo handling: saves content between actions, without interim copying (save original on demand, recoverable via reset);
test cases extended
 2017-02-24 11:54:24 +01:00
Serg G. Brester 2fa18a74c4 Merge branch 'master' into master 2017-02-17 09:06:09 +01:00
sebres 4bf09bf297 provides new tag `<ip-rev>` for PTR reversed representation of IP address; 
[action.d/complain.conf] fixed using this new tag;
 2017-02-16 13:38:20 +01:00
Christoph Theis 861ce4177c #1689: Make lowest rule number in action.d/bsd-ipfw.conf configurable 2017-02-14 18:31:42 +01:00
Jan Grewe 58c68b75f0 Remove double-quotes from email addresses 2017-02-08 14:16:13 +01:00
Jan Grewe 1bcf0de7c1 Update complain.conf 2017-02-07 21:39:46 +01:00
Jan Grewe 901eeff53d Make Abusix lookup compatible with Dash 2017-02-06 22:04:36 +01:00
sebres e8a1556562 Merge remote-tracking branch 'master' into 0.10 
# Conflicts:
#	fail2ban/tests/samplestestcase.py
 2017-01-21 16:59:41 +01:00
Juliano Jeziorny 1fe554dd25 Introduced Citrix Netscaler action 2017-01-19 14:30:25 +01:00
sebres 74a6afadd5 Mail-actions switched to use new option "norestored" instead of checking of variable `restored` during shell execution (prevents executing of such actions at all). 2017-01-16 09:40:48 +01:00
sebres ee3c787cc6 Recognize restored (from database) tickets after restart (tell action restored state of the ticket); 
Prevent executing of several actions (e.g. mail, send-mail etc) on restart (bans were already notified).
Test cases extended (smtp and by restart in ServerReloadTest).
Closes gh-1141
Closes gh-921
 2017-01-13 19:06:17 +01:00
sebres c9f32f75e6 Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10) 2017-01-10 11:25:41 +01:00
Andrew James Collett 1c41390f7c Restructured the way the catagories work. 
Jail.conf is cleaner and abuseipdb.conf is more flexible.
 2017-01-08 09:26:11 +02:00
Andrew James Collett 55e107310f Added config for AbuseIPDB, ony tested on Ubuntu 16.04 2017-01-07 14:24:54 +02:00
Yaroslav Halchenko 31a1560eaa minor typos (thanks Vincent Lefevre, Debian #847785) 2016-12-11 15:13:11 -05:00
sebres a2af19c9f0 fixed several actions, that could not work with jails using multiple logpath; additionally repaired execution in default shell (bad substitution by `${x//...}` executing in `/bin/sh`); 
added helper "action.d/helpers-common.conf", and `_grep_logs` part-command for actions needed grep logs from multiple log-files
test cases: executing of some complex actions covered
 2016-11-25 19:27:26 +01:00
sebres c809c3e61e Merge branch 'master' into 0.10 2016-10-13 19:01:13 +02:00
Nils d08db22b92 Create npf.conf for the NPF packet filter 
This file adds support for the NPF packet filter, available on NetBSD since version 6.0
 2016-10-13 18:50:54 +02:00
sebres 8b0f6c5413 badips test cases check availability of badips service (and skip this tests if it not available) 2016-09-30 12:03:27 +02:00
sebres d71a525a85 Merge branch 'master' into 0.10 (resolve conflicts and cleaning tree points after back-porting gh-1508 0.10 -> 0.9) 2016-08-12 18:51:56 +02:00
Yaroslav Halchenko c0994b0c6c DOC: minor typo (thanks John Bernard) Closes #1496 2016-08-04 10:23:05 -04:00
Serg G. Brester af8b650a37 badip timeout option introduced, set to 30 seconds in our test cases (#1463) 
cherry-picked from 0.10 (little bit modified in test_badips.py, because no --fast option in test cases)
 2016-06-13 12:56:53 +02:00
sebres e39126f630 badip timeout option introduced, set to 30 seconds in our test cases 2016-06-10 13:15:46 +02:00
sebres 0fdc56546f Fixed misunderstanding of port in (ban)action: port will be always specified in jail config ([DEFAULT] or jail) 2016-05-19 17:45:41 +02:00
Yaroslav Halchenko 1ebc3facb1 BF: maintain previous default beh for pf -- ban a port (ssh) only 2016-05-19 17:14:33 +02:00
sebres 4d51c591c1 pf.conf: warranted consistently echoing for the pf actiontype if actiontype or multiport tags will be customized; 2016-05-19 14:50:41 +02:00
Alexander Koeppe b5e031f3c3 some documentation for multiport use in pf.conf 2016-05-17 21:32:21 +02:00
sebres 1e7fd26f5f rename `actionoptions` to `actiontype` in pf-action (multiport) + fixed test cases 2016-05-17 20:51:12 +02:00
Alexander Koeppe e74047ae49 revert to common config for PF covering multi and allports 2016-05-17 18:19:40 +02:00
Alexander Koeppe 3e1328c83b split PF config files between all- and multi port 2016-05-17 18:19:27 +02:00
sebres 0c44ecfc77 action.d/firewallcmd-ipset.conf: different name of the match set's for IPv4/IPv6, using conditional <ipmset>, analog to the iptables-ipset; 
test cases for 3 firewallcmd extended;
 2016-05-14 15:01:35 +02:00
TorontoMedia ffebde68e0 Update firewallcmd-multiport.conf 2016-05-13 22:38:36 -04:00
TorontoMedia 07de83e04a Update firewallcmd-common.conf 2016-05-13 22:38:10 -04:00
TorontoMedia 810d5996b5 Update firewallcmd-rich-logging.conf 2016-05-13 22:10:25 -04:00
TorontoMedia 7e54cee8d6 updated firewallcmd actions 2016-05-13 21:36:27 -04:00
sebres 504e5ba6f2 actions support IPv6 now: 
- introduced "conditional" sections, see for example `[Init?family=inet6]`;
  - iptables-common and other iptables config(s) made IPv6 capable;
  - several small code optimizations;
* all test cases passed (py3.x compatible);
 2016-05-11 16:54:28 +02:00