github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,996 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

5996 Commits (0bf1106d72094b95996fa9b75ec76235d64703d3)

Author SHA1 Message Date
sebres 0bf1106d72 manually added attempts inform the observer module (take the known ban-count of bad IPs into account); 
closes gh-3845
 2024-10-08 13:34:19 +02:00
Sergey G. Brester 89970d2e3e
Merge pull request #1351 from AntagonistHQ/csf 
add support for the CSF firewall
 2024-09-29 10:01:58 +02:00
Sergey G. Brester 363c0d5fd0
nftables.conf: fixed comment (since 7f1b578af4, gh-488 actioncheck would be never invoked in regular case) 2024-09-07 13:15:45 +02:00
Sergey G. Brester 1ea8a6de58
Merge pull request #3826 from thomas-333/patch-1 
Update apprise.conf: typo
 2024-09-02 11:32:05 +02:00
thomas-333 44bd87951e
Update apprise.conf 
Correct typo. "as" should read "has"
 2024-09-02 10:17:10 +01:00
Sergey G. Brester 3361fb0805
Merge pull request #3823 from orlitzky/after-nftables 
files/fail2ban-openrc.init.in: start after nftables
 2024-08-25 00:28:25 +02:00
Michael Orlitzky 9e31cfc1f1 files/fail2ban-openrc.init.in: start after nftables 
The "after iptables" clause in the OpenRC service script's depend()
function causes fail2ban to start after iptables, if iptables is
scheduled to start. Here we add "after nftables" as well: nftables is
the successor to iptables, and fail2ban supports it out-of-the-box.
If nftables is scheduled to start, we want to wait until it's done
before starting fail2ban.
 2024-08-24 11:59:59 -04:00
Sergey G. Brester be734991eb
main.yml: update python versions ('3.13.0-rc.1', '3.14.0-alpha.0') 2024-08-23 20:20:55 +02:00
Sergey G. Brester fda37fac81
main.yml: update actions/setup-python to v5 2024-08-23 20:15:55 +02:00
sebres 47e995cb57 Merge branch 'gh-2756': new jail option `skip_if_nologs` to ignore jail if no `logpath` matches found, fail2ban continue to start with warnings/errors, thus other jails become running 2024-08-23 20:05:46 +02:00
sebres 2950e41186 man/jail.conf.5: docu for skip_if_nologs 2024-08-23 15:22:00 +02:00
sebres 78af48862f new jail option `skip_if_nologs` to ignore jail if no `logpath` matches found, fail2ban continue to start with warnings/errors, thus other jails become running; 
closes gh-2756
 2024-08-23 12:16:08 +02:00
sebres 54c0effceb filter.d/sshd.conf: amend to #3747/#3812 (new ssh version would log with `_COMM=sshd-session`) 2024-08-11 12:10:12 +02:00
sebres c769046a1f Revert "`filterd./sshd.conf`: fixed journalmatch (sshd.service seems to be renamed to ssh.service)" - it'd patched in debian branch. 
This reverts commit 6fce23e7ba.
 2024-08-11 11:55:39 +02:00
Sergey G. Brester a43f7ad63f
Merge pull request #3816 from Skamasle/patch-1 
Fix roundcube login failregex for roundcube 1.4+
 2024-08-10 13:26:54 +02:00
sebres 2749109f10 ChangeLog 2024-08-10 13:23:28 +02:00
sebres 8e0a2366f0 Fixes unmatched tag (caused unmatched brace); review: combined to single regex, simple case without injection attempts faster, `<HOST>` replaced with `<ADDR>` (faster and fewer vulnerable on complex cases, since doesn't match text as hostname) etc. 2024-08-10 13:20:18 +02:00
Maksim Usmanov | Maks af119e0ae1
roundcube 1.4+ logs 2024-08-09 23:22:43 +02:00
Maksim Usmanov | Maks 35afe20ea0
Roundcube 1.4 change log format 
From roundcube 1.4 log change format -> e92d8e31a3/program/lib/Roundcube/rcube_imap.php (L194)
 2024-08-09 22:53:45 +02:00
sebres d4663e8941 `action.d/firewallcmd-rich-*.conf`: fixed incorrect quoting, disabling port variable expansion by substitution of rich rule; closes gh-3815 2024-08-07 22:43:42 +02:00
sebres 216f0abb5e Merge pull request #2966 from Derecho-com/master 
Add support to Proxmox Web GUI
 2024-07-30 19:25:33 +02:00
sebres 4a87802c59 ChangeLog 2024-07-30 19:19:24 +02:00
sebres 9a558589d7 review (anchoring RE, etc) 2024-07-30 19:16:40 +02:00
Jose db8c943a7b Add jail to jail.conf as requested by test-suite 'More filters exists than are referenced in stock jail.conf set(['proxmox']) 2024-07-30 19:11:02 +02:00
Jose 83f2d59eee match numbers 2024-07-30 19:05:56 +02:00
Jose 07a7da8d8e Remove greedy catch-all before HOST 2024-07-30 19:05:55 +02:00
Jose 4fb04842a2 add log file for tests 2024-07-30 19:05:54 +02:00
Jose ca45671db2 Add support to Proxmox Web GUI 2024-07-30 19:04:00 +02:00
Sergey G. Brester 7fd097d73f
Merge pull request #3805 from nabbi/postfix-3.9 
tests for Postfix 3.9 SASL reason unavailable
 2024-07-28 20:39:29 +02:00
sebres 93810fff75 consider CONNECT and other rejected commands as a valid `_pref`; 
closes gh-3800
 2024-07-26 19:25:36 +02:00
Nic Boet a4f1b0ce9f tests for Postfix 3.9 SASL reason unavailable 
SASL auth failure message changed with Postfix 3.9
Include addtional test log

17dbfb9b8b

Signed-off-by: Nic Boet <nic@boet.cc>
 2024-07-25 13:57:46 -05:00
Sergey G. Brester 766d2b8d74
Update FUNDING.yml: added my liberapay 2024-07-16 13:47:28 +02:00
sebres 8170e9fe75 suppress SetuptoolsDeprecationWarning in test suite 2024-07-04 19:06:36 +02:00
Sergey G. Brester 599ec5e01e
main.yml: bump version 3.13.0-beta.3 2024-07-04 18:53:01 +02:00
Sergey G. Brester 7004d175b7
Merge pull request #3782 from fdellwing/patch-1 
Adjust sshd.conf filter for OpenSSH 9.8
 2024-07-03 19:43:04 +02:00
Sergey G. Brester 216622adb2
Update ChangeLog 2024-07-03 19:42:19 +02:00
Sergey G. Brester 50ff131a0f
filter.d/sshd.conf: ungroup (unneeded for _daemon) 2024-07-03 19:35:28 +02:00
Sergey G. Brester 8360776ce1
zzz-sshd-obsolete-multiline.conf: adjusted to new sshd-session log format 2024-07-03 19:33:39 +02:00
Sergey G. Brester 7b335f47ea
sshd: add test coverage for new format, gh-3782 2024-07-03 19:09:28 +02:00
Fabian Dellwing 2fed408c05 Adjust sshd filter for OpenSSH 9.8 new daemon name 2024-07-02 08:51:51 +02:00
sebres 59c5e78ce9 `filter.d/apache-overflows.conf` - consider AH10244: invalid URI path; 
closes gh-3778
 2024-06-28 12:50:14 +02:00
sebres a7f3a04b0e `filter.d/recidive.conf` - restore possibility to set jail name in the filter, _jailname is positive now (but by default it uses now negative lookahead to exclude recidive jail); 
closes gh-3769
 2024-06-21 13:24:46 +02:00
sebres ab9d41e530 beautifier detect whether it can use unicode chars in stats table; asciified output of beautifier in test suite; 
closes gh-3750
 2024-06-14 15:17:53 +02:00
Sergey G. Brester 6fce23e7ba
`filterd./sshd.conf`: fixed journalmatch (sshd.service seems to be renamed to ssh.service) 
closes gh-3747
 2024-06-10 01:40:59 +02:00
sebres 8ae5e7e3e4 GHA: update python version in CI-flow (3.13 is beta now) 2024-06-10 00:10:25 +02:00
sebres cd95c3a1fc Merge branch 'ipsettype-in-ipset-actions' 2024-06-09 23:41:56 +02:00
sebres 2533526827 extend ipset actions with new parameter `ipsettype` for the type of set (gh-3760), affected actions: 
`action.d/firewallcmd-ipset.conf`, `action.d/iptables-ipset.conf`, `action.d/shorewall-ipset-proto6.conf`
 2024-06-09 23:38:58 +02:00
sebres 17daf0ec78 `action.d/firewallcmd-ipset.conf`: rename `ipsettype` to `ipsetbackend` (`ipsettype` will be used now to the real set type); 
amend to #2620
 2024-06-09 23:32:03 +02:00
sebres 304c3cd566 improve fix with fallback to local async libraries - add path to compat folder (pyinotify module may have dependency to asyncore module, see https://github.com/fail2ban/fail2ban/issues/3487#issuecomment-2133529081); 
amend to 054e1d89ca
 2024-05-27 16:18:26 +02:00
sebres 7d2fffbe19 .codespellrc: silence codespell flow on assertIn 2024-05-27 15:38:32 +02:00