fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	0ae2ef68be	ensure iterator is safe (traverse over the list in snapshot created within a lock), avoids getting modified state as well as "dictionary changed size during iteration" errors	5 years ago
sebres	afb7a93163	amend to 368aa9e77570519b37fb57c9dbc5112d4c4b7382: fix time in gitlab test (GMT in log due to TZ-suffix `Z`, CEST in test-suite)	5 years ago
Sergey G. Brester	368aa9e775	Merge pull request #2689 from benrubson/gitlab New Gitlab jail	5 years ago
Sergey G. Brester	f2aec43d8a	Merge pull request #2140 from szepeviktor/patch-9 CloudFlare started to indent their API responses	5 years ago
Sergey G. Brester	42aef09d69	Update ChangeLog	5 years ago
Sergey G. Brester	01e92ce4a6	added fallback using tr and sed (jq is optional now)	5 years ago
Sergey G. Brester	1c1b671c74	Update cloudflare.conf	5 years ago
Sergey G. Brester	5b8fc3b51a	cloudflare: fixes ip to id conversion by unban using jq normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)	5 years ago
Viktor Szépe	852670bc99	CloudFlare started to indent their API responses We need to use https://github.com/stedolan/jq to parse it.	5 years ago
Ilya	8b3b9addd1	Change tool from 'cut' to 'sed' Sed regex was tested - it works.	5 years ago
Ilya	5da2422f61	Fix actionunban Add command to remove new line character. Needed for working removing rule from cloudflare firewall.	5 years ago
Sergey G. Brester	fe84b158a5	Merge pull request #2703 from sebres/0.10-ipset-tout 0.10 / ipset timeout removal	5 years ago
Sergey G. Brester	da1652d0d7	Update ChangeLog	5 years ago
sebres	12be3ed77d	test cases fixed	5 years ago
sebres	87a1a2f1a1	action.d/-ipset.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only)	5 years ago
sebres	6b90ca820f	filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently: - `normal`: matches 401 with supplied username only - `ddos`: matches 401 without supplied username only - `aggressive`: matches 401 and any variant (with and without username) closes gh-2693	5 years ago
sebres	affd9cef5f	filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697)	5 years ago
sebres	06b46e92eb	jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead); no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357; ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686); don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.	5 years ago
sebres	7e3061e7ac	fail2ban.service systemd unit template: don't add user site directory to python system path (avoids accessing of `/root/.local` directory, prevents SE linux audit warning at daemon startup, gh-2688)	5 years ago
Sergey G. Brester	78651de7e5	Update ChangeLog	5 years ago
benrubson	2912bc640b	New Gitlab jail	5 years ago
sebres	136781d627	filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682)	5 years ago
sebres	d21a24de8e	more test cases for IP/DNS (and use dummies if no-network set by testing)	5 years ago
sebres	fc175fa78a	performance: optimize simplest case whether the ignoreip is a single IP (not subnet/dns) - uses a set instead of list (holds single IPs and subnets/dns in different lists); decrease log level for ignored duplicates (warning is too heavy here)	5 years ago
sebres	22a04dae05	Merge branch '0.9' into 0.10 (gh-2246)	5 years ago
Sergey G. Brester	b1e1cab4b7	Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2 Improve regex in proftpd.conf	5 years ago
sebres	606bf110c9	filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE (closes gh-2662)	5 years ago
sebres	8547ea7ea0	resolve sporadic minor issue - check pending can refresh watcher (monitor) that gets deleting, and there may be no wdInt to delete	5 years ago
sebres	b64a435b0e	ignore only not banned old (repeated and ignored) tickets	5 years ago
sebres	b43dc147b5	amend to RC-fix `9f1c6f1617` (gh-2660): resolves bottleneck by initial scanning of a lot of messages (or evildoers generating many messages) causes repeated ban, that will be ignored but could cause entering of "long" sleep in actions thread previously; speedup recognition banning queue has entries to begin check-ban process in actions thread	5 years ago
sebres	bc2b81133c	pyinotify backend: guarantees initial scanning of log-file by start (retarded via pending event if filter not yet active)	5 years ago
sebres	68f827e1f3	small optimization for manually (via client / protocol) signaled attempt (performBan only if maxretry gets reached)	5 years ago
sebres	9f1c6f1617	filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)	5 years ago
sebres	ab363a2c0e	small amend with fix still one test (ban unexpected in this old artificial test-cases, todo - such tests should be rewritten or removed)	5 years ago
sebres	e3737bb7c0	filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)	5 years ago
Sergey G. Brester	428c75d1cd	Merge pull request #2651 from fail2ban/0.10-travis-3.9-dev python 3.9 compatibility + CI	5 years ago
Sergey G. Brester	d4da9afd7f	Update ChangeLog	5 years ago
Sergey G. Brester	9d7388e684	Thread: is_alive instead of isAlive (removed in py-3.9)	5 years ago
Sergey G. Brester	55e76c0b80	restore isAlive method removed in python 3.9	5 years ago
Sergey G. Brester	781a25512b	travis CI: add 3.9-dev as target	5 years ago
sebres	42714d0849	filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it); amend to `62b1712d22` (PR #2387, backend-related option `logtype`); testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)	5 years ago
sebres	15158e4474	closes gh-2647: add ban to database is moved from jail.putFailTicket to actions.__CheckBan; be sure manual ban is written to database, so can be restored by restart; reload/restart test extended	5 years ago
sebres	6281dc3633	failmanager, ticket: avoid reset of retry count by pause between attempts near to findTime - adjust time of ticket will now change current attempts considering findTime as an estimation from rate by previous known interval (if it exceeds the findTime); this should avoid some false positives as well as provide more safe handling around `maxretry/findtime` relation especially on busy circumstances.	5 years ago
sebres	4766547e1f	performance optimization of `datepattern` (better search algorithm); datetemplate: improved anchor detection for capturing groups `(^...)`; introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex; datedetector: speedup special case if only one template is defined (every match wins - no collision, no sorting, no other best match possible)	5 years ago
Sergey G. Brester	2e42b98cd3	Merge pull request #2638 from gurnec/pypy-ulimit-fix close Popen() pipes explicitly for PyPy	5 years ago
sebres	6c6cf2a956	small amend (avoid possible error by close of not existing pipe)	5 years ago
Christopher Gurnee	df885586d4	close Popen() pipes explicitly for PyPy Waiting for garbage collection to close pipes opened by Popen() can lead to "Too many open files" errors with PyPy; close them explicitly.	5 years ago
sebres	e57e950ef5	version bump (back to dev)	5 years ago
sebres	ab3a7fc6d2	filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect	5 years ago
sebres	b3644ad413	code normalization and optimization (strip of trailing new-line, date parsing, ignoreregex mechanism, etc)	5 years ago

1 2 3 4 5 ...

4934 Commits (0ae2ef68be57f056038adaf064570e6725c6f20f) All Branches Search

4934 Commits (0ae2ef68be57f056038adaf064570e6725c6f20f)

All Branches