Commit Graph

1005 Commits (0c2900e458f642ae2772526700c0888a187084bd)

Author SHA1 Message Date
jamesstout 0c2900e458 BF: fail2ban.local needs section headers 2013-04-30 05:41:29 +08:00
jamesstout 86a5de040b ENH: Use .local config files for logtarget and jail
Per: https://github.com/fail2ban/fail2ban/pull/182#discussion_r3886353
2013-04-30 04:35:36 +08:00
jamesstout 018913db6a ENH+TST: ssh failure messages for OpenSolaris and OS X 2013-04-30 04:24:56 +08:00
jamesstout 3367dbd987 ENH: fail message matching for OpenSolaris and OS X
- OpenSolaris keyboard message matched by new regex 3
- Removed Bye Bye regex per
https://github.com/fail2ban/fail2ban/issues/175#issuecomment-16538036
- PAM auth failure or error and first char case-insensitive, can also
have chars after the hostname. e.g.

Apr 29 16:53:38 Jamess-iMac.local sshd[47831]: error: PAM:
authentication error for james from 205.186.180.101 via 192.168.1.201
2013-04-30 04:23:13 +08:00
jamesstout d2a9537568 ENH: extra daemon info regex
for matching log lines like:
Mar 29 05:20:09 dusky sshd[19558]: [ID 800047 auth.info] Failed
keyboard-interactive for james from 205.186.180.30 port 54520 ssh2

this matches  [ID 800047 auth.info]
2013-04-30 04:14:36 +08:00
jamesstout b7795addd0 ENH: actionunban back to a sed command
per https://github.com/fail2ban/fail2ban/pull/182#discussion_r3999128
2013-04-30 04:10:32 +08:00
jamesstout 686f43caac Readme for config on Solaris 2013-04-21 07:31:27 +08:00
jamesstout 578a8998c6 create socket/pid dir if needed
Also remove any lingering sockets
2013-04-21 07:30:52 +08:00
jamesstout 10fcfb925d Extra patterns for Solaris 2013-04-21 07:30:21 +08:00
jamesstout de98e3dabd change sed to perl for Solaris 2013-04-21 07:29:48 +08:00
Yaroslav Halchenko 76c08cebe9 DOC: a plugin to thanks for the community support 2013-04-17 11:54:45 -04:00
Yaroslav Halchenko 82e2fc34eb Merge branch 'systemd' of https://github.com/opoplawski/fail2ban
Just two files to enable fail2ban within systemd:

 files/fail2ban-tmpfiles.conf |  1 +
 files/fail2ban.service       | 14 ++++++++++++++

* 'systemd' of https://github.com/opoplawski/fail2ban:
  Add After, PIDFile, and change WantedBy to multi-user.target in fail2ban.server
  Add systemd unit file and tmpfiles.d configuration files
2013-04-17 11:40:03 -04:00
Orion Poplawski ddebcab9aa Add After, PIDFile, and change WantedBy to multi-user.target in fail2ban.server 2013-04-17 09:27:06 -06:00
Yaroslav Halchenko 6f4dad46f0 DOC: slight tune ups to README (we are no longer compatible with python 2.3 ;) ) 2013-04-17 10:07:01 -04:00
Yaroslav Halchenko b8e823bd4e DOC: initiated changelog (but not juice left to actually fill it up ;-)) 2013-04-16 23:44:38 -04:00
Yaroslav Halchenko 12f1398ec1 Merge pull request #172 from kwirk/minor
Minor tweaks -- removing duplication and improving testing
2013-04-15 06:31:09 -07:00
Steven Hiscocks 94956bee84 TST: test all valid loglevels in server testcases 2013-04-14 15:59:05 +01:00
Steven Hiscocks 4c4b60f4b4 TST: Add tag replace and escape test for actions 2013-04-14 15:58:35 +01:00
Steven Hiscocks 3d6791fe3e ENH: Minor change to action for consistency of execStart/Stop 2013-04-14 15:57:37 +01:00
Steven Hiscocks d259e903a3 TST: Coverage for coveralls.io should only be run on success 2013-04-14 15:56:14 +01:00
Steven Hiscocks 28e9acf86a TST: no cover additions to server, primarily daemon creation 2013-04-14 15:55:18 +01:00
Yaroslav Halchenko ffe48741e3 DOC: thanks @kwirk for spotting the typos in exception message 2013-04-13 22:20:57 -04:00
Yaroslav Halchenko 301460f451 Merge remote-tracking branch 'pr/167/head': FD_CLOEXEC bug fixes (filters) + support (actions). Avoid sockets descriptors leak.
* pr/167/head:
  FD_CLOEXEC support
2013-04-11 15:05:56 -04:00
Yaroslav Halchenko 59192a5585 Merge remote-tracking branch 'github_kwirk_fail2ban/pidfile'
* github_kwirk_fail2ban/pidfile:
  Typo in default pidfile in fail2ban.conf
2013-04-09 23:48:46 -04:00
Yaroslav Halchenko 99a5d78e37 ENH: for consistency (and future expansion ;)) -- rename to mysqld-auth 2013-04-09 18:03:34 -04:00
Yaroslav Halchenko ffaa9697ee Adjusting previous PR (MySQL logs) according to my comments 2013-04-09 18:00:40 -04:00
Yaroslav Halchenko 3e6be243bf Merge branch 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban
* 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban:
  Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
  Added support for MySQL logfiles

Conflicts:
	testcases/datedetectortestcase.py -- conflictde with other added test cases
2013-04-09 17:55:14 -04:00
Yaroslav Halchenko 4fb06170f1 Merge 'Update the check_fail2ban script' PR from https://github.com/labynocle/fail2ban
* 'master' of https://github.com/labynocle/fail2ban:
  change the license to GPLv2 + adapat text
  fix the script name to check_fail2ban everywhere
  Replace the check_fail2ban script by a new one which respects the Nagios specs (like status, output, perfdata, help...). Also add a README which includes the content of f2ban.txt (which is now removed)
2013-04-09 17:41:36 -04:00
Yaroslav Halchenko f5ad99b527 Merge pull request #166 from kwirk/travis-gamin
Travis gamin support on Travis CI
2013-04-06 08:20:21 -07:00
Steven Hiscocks 47c54ba293 TST: Add gamin testing for and only coveralls coverage for python2.7 2013-04-06 11:08:07 +01:00
Nicolas Collignon 39667ff6f7 FD_CLOEXEC support
* 001-fail2ban-server-socket-close-on-exec-no-leak.diff

Add code that marks server and client sockets with FD_CLOEXEC flags.
Avoid leaking file descriptors to processes spawned when handling
fail2ban actions (ex: iptables).

Unix sockets managed by fail2ban-server don't need to be passed to any
child process. Fail2ban already uses the FD_CLOEXEC flags in the filter
code.

This patch also avoids giving iptables access to fail2ban UNIX socket in
a SELinux environment (A sane SELinux policy should trigger an audit
event because "iptables" will be given read/write access to the fail2ban
control socket).

Some random references related to this bug:
 http://sourceforge.net/tracker/?func=detail&atid=689044&aid=2086568&group_id=121032
 http://www.redhat.com/archives/fedora-selinux-list/2009-June/msg00124.html
 http://forums.fedoraforum.org/showthread.php?t=234230

 * 002-fail2ban-filters-close-on-exec-typo-fix.diff

There is a typo in the fail2ban server/filter.py source code. The
FD_CLOEXEC is correctly set but additional *random* flags are also set.
It has no side-effect as long as the fd doesn't match a valid flag :)
"fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)" <== the 3rd
parameter should be flags, not a file descriptor.

 * 003-fail2ban-gamin-socket-close-on-exec-no-leak.diff

Add code that marks the Gamin monitor file descriptor with FD_CLOEXEC
flags. Avoid leaking file descriptors to processes spawned when handling
fail2ban actions (ex: iptables).

---

File descriptors in action process before patches:
dr-x------ 2 root root  0 .
dr-xr-xr-x 8 root root  0 ..
lr-x------ 1 root root 64 0 -> /dev/null        <== OK
l-wx------ 1 root root 64 1 -> /tmp/test.log    <== used by test action
lrwx------ 1 root root 64 2 -> /dev/null        <== OK
lrwx------ 1 root root 64 3 -> socket:[116361]  <== NOK (fail2ban.sock leak)
lr-x------ 1 root root 64 4 -> /proc/20090/fd   <== used by test action
l-wx------ 1 root root 64 5 -> /var/log/fail2ban.log <== OK
lrwx------ 1 root root 64 6 -> socket:[115608]  <== NOK (gamin sock leak)

File descriptors in action process after patches:
dr-x------ 2 root root  0 .
dr-xr-xr-x 8 root root  0 ..
lr-x------ 1 root root 64 0 -> /dev/null        <== OK
l-wx------ 1 root root 64 1 -> /tmp/test.log    <== used by test action
lrwx------ 1 root root 64 2 -> /dev/null        <== OK
lr-x------ 1 root root 64 3 -> /proc/18284/fd   <== used by test action
l-wx------ 1 root root 64 5 -> /var/log/fail2ban.log <== OK
2013-04-02 19:11:59 +02:00
Erwan Ben Souiden 44736035bd change the license to GPLv2 + adapat text 2013-04-02 09:49:44 +02:00
Steven Hiscocks b0a08b9790 TST: Add gamin support for Travis CI 2013-03-30 18:17:01 +00:00
Yaroslav Halchenko 74e76e068c Merge pull request #164 from kwirk/coveralls
TST+BF: Use separate coveragerc for Travis CI
2013-03-29 13:32:29 -07:00
Steven Hiscocks 0002fb4ca3 TST+BF: Use separate coveragerc for Travis CI
Should now ignore server/filtergamin.py as gamin is not tested. Also
ignores Travis CI python virtual environments
2013-03-29 20:14:13 +00:00
Yaroslav Halchenko 33a31e096a RF+TST: bring inBanList back from private to protected and enabled its rudimentary unittests 2013-03-29 15:33:08 -04:00
Yaroslav Halchenko 08dd6fed26 Merge pull request #163 from kwirk/coveralls
Coveralls.io
2013-03-29 12:15:34 -07:00
Steven Hiscocks e0e116cb36 TST: coverage ignore Travis CI python virtual environments 2013-03-29 19:09:55 +00:00
Yaroslav Halchenko e7184e70f6 ENH: increase waiting to 4 sec for gamin/pyinotify
This will be the last gesture from me for the bloody tests:
https://travis-ci.org/kwirk/fail2ban/jobs/5904668
2013-03-29 14:59:52 -04:00
Steven Hiscocks 92d26e6897 TST+BF: Fix incorrect commands for coveralls support 2013-03-29 17:22:48 +00:00
Steven Hiscocks b3251fca79 TST: Add support for coveralls for python 2.6 and python 2.7 2013-03-29 17:16:19 +00:00
Yaroslav Halchenko ffbbb9f8a3 ENH: deleted trailing spaces in fail2ban- cmdline tools
Now it was already a mix, and Cyril is not working on this code any
longer so no need to maintain this convention.
2013-03-29 12:31:50 -04:00
Yaroslav Halchenko 7cf509378c DOC: minor change -- refer to the fail2ban manpage 2013-03-28 11:36:18 -04:00
Yaroslav Halchenko ef3f2b7e99 TST: be more aggressive in cleanup of temp files + use mktemp instead of mkstemp 2013-03-27 23:40:50 -04:00
Yaroslav Halchenko bf4d4af1d4 ENH(BF?): overload open() (for buffering) within filtertestcase to guarantee atomic writing
This is with the hope to further resolve random tests failures
( primarily on fast travis-ci systems ;) )
2013-03-27 15:11:49 -04:00
Yaroslav Halchenko ab044b75ea BF: delay check for the existence of config directory until read() 2013-03-27 12:22:39 -04:00
Yaroslav Halchenko 4b11f071ed DOC: minor fix ups of manpages. fixes #159 2013-03-27 12:02:19 -04:00
Yaroslav Halchenko f643e2e907 non-static (get|set)BaseDir for Configurator. fixes #160
ConfigReader's (get|set)BaseDir are no longer static as a result of
.d/ support RFing
2013-03-27 11:51:07 -04:00
Yaroslav Halchenko 72b06479a5 ENH: Slight tune ups for fresh SOGo filter + comment into the sample log file 2013-03-27 11:09:54 -04:00
Yaroslav Halchenko 105306e1a8 Merge remote-tracking branch 'pr/117/head' -- SOGo filters
* pr/117/head:
  An example of failed logins against sogo
  Update sogo-auth.conf
  Update config/filter.d/sogo-auth.conf
  Create sogo-auth.conf
  Update config/jail.conf
2013-03-27 11:09:35 -04:00