* commit '0.8.10-31-g1ab0f0f': (24 commits)
BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
ENH: readibility thanks to Yaroslav
DOC: Changelog for fail2ban-regex RF
DOC: Changelog for asterisk hardening
ENH: fail2ban-regex -- add specification of loglevels to enable
RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs
ENH: 'heavydebug' level == 5 for even more debugging in tricky cases
ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
BF: missed a space
BF: [SSL-out] is optional in assp
ENH: regex hardening on assp
ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
ENH: proftpd chan accept usernames with spaces
ENH: injection of fail data into USER field
ENH: dovecot regexs rewritten and extra failures
ENH: proftp regex hardening and log messages
ENH/BF: exim improvements with sample
BF: fix to proxy port in 3proxy example
ENH: sample log + more specific regex
...
Conflicts: -- it was a messy merge/resolution.
ChangeLog
bin/fail2ban-regex
fail2ban-testcases
fail2ban/server/filter.py
* '3proxy' of https://github.com/grooverdan/fail2ban:
BF: fix to proxy port in 3proxy example
ENH: sample log + more specific regex
BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
BF: need to anchor the start to avoid another repeat of DoS injection like Apache
ENH: stricter regex thanks to Steven Hiscocks (kwirk)
DOC: credits
Conflicts:
ChangeLog
* 'exim' of https://github.com/grooverdan/fail2ban:
BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
ENH: readibility thanks to Yaroslav
ENH/BF: exim improvements with sample
Conflicts:
ChangeLog
* 'proftpd' of https://github.com/grooverdan/fail2ban:
ENH: proftpd chan accept usernames with spaces
ENH: injection of fail data into USER field
ENH: proftp regex hardening and log messages
Conflicts:
ChangeLog
* 'dovecot' of https://github.com/grooverdan/fail2ban:
TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
ENH: dovecot regexs rewritten and extra failures
Conflicts:
ChangeLog -- merged entries
* 'assp' of https://github.com/grooverdan/fail2ban:
BF: missed a space
BF: [SSL-out] is optional in assp
ENH: regex hardening on assp
Conflicts:
ChangeLog -- merged the two entries into 1
* commit '0.8.10-1-g460e09a':
it was not the end of the world and we should continue
DOC: add information on where to report vulnerabilities + pointer to HOWTO_Seek_Help
Changes for 0.8.10 release (changelog, version, etc)
BF: anchor apache- filters. Close#248
DOC: credits for gh-244
Filter Asterisk: Add sample log entry to testcase.
Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
ENH: purge a few more .*
DOC: credits
DOC: how to do filter enhancements
TST: normalize logs to use example.com and 1.2.3.4 as IP
ENH/BF: constrain regex. Fix ACL error regex
ENH: port optional
Update asterisk
Update asterisk.conf
Conflicts:
ChangeLog
DEVELOP
README.md
fail2ban/version.py
* commit '0.8.9-13-g39d32e0':
Changelog for previous PR
DOC: Changelog entry fro preceeding merge from Terence
TST: Fix fail2ban.conf reader test for unreliable dictionary order
failregex when roundcube log driver is set to 'syslog'
fixed failregex line for roundcube 0.9+
TST: test all stock jails to have actions and correctly specifying blocktype
CFG: assure actions for all the jails
BF: blocktype must be defined within [Init] -- adding [Init] section. Close#232
ENH: since it seems the default is to use file based logging, $syslog is in Should-{Start|Stop} like Debian https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.init
ENH: opensuse script from opensuse: https://build.opensuse.org/package/view_file?expand=1&file=fail2ban.init&package=fail2ban&project=openSUSE%3AFactory
Conflicts:
ChangeLog
config/jail.conf
testcases/clientreadertestcase.py -- had to "git show XXX | patch -p2" under tests/ 2 commits: 8a57ffd7a4db4b
# Only works only if log driver: is set to 'syslog'. this is becoz fail2ban fails to 'read' the line due to the
brackets around the date timestamp on logline when log driver is set to file
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlGRBZ8ACgkQjRFFY3XAJMhqzwCgvUsrv6cSjo1d8YCQUA8Na0Kk
44QAoKk7X2sqFM+wvj2vK3stsHa/80qm
=iBfR
-----END PGP SIGNATURE-----
Merge tag '0.8.9' into 0.9 (quite a bit of conflicts "resolved")
Release 0.8.9
* tag '0.8.9':
BF: add missing files to MANIFEST (I think we shoult not rely on sdist anyways -- 'git tag' tarballs are more thorough ;) )
All the (version) updates for the release of 0.8.9
BF: (travis) relax the test for needed to be presented installed directories -- allow new
BF: (travis) if tests ran under coverage -- there is a traceback parts to report (thus > would be present)
ENH: also print the failing traceback line in case of failure
ENH: include explicit list of new files which should not be there upon "install --root"
ENH: now we know that logging handlers closing was still buggy in 2.6.2
ENH: issue a warning if jail name is longer than 19 symbols (Close#222)
DOC: inline commends with ';' are in effect only if ';' follows as space
BF: Fix for filterpoll incorrectly checking for jailless state
ENH: strengthen detection of working pyinotify
ENH: use the same python executable for setup.py test
ENH: actually tune up TraceBack to determine "unittest" portions of the stack across all python releases
TST: Some primarily smoke tests for tests utils
TST: cover few more lines in fail2banreader.py
ENH: basic test for setup.py itself (when applicable, should greatly improve coverage ;) )
ENH: consistent operation of formatExceptionInfo + unittest for it
ENH: point to the status of master branch on travis
Conflicts:
ChangeLog
MANIFEST
README.md
fail2ban/version.py -- all of the above obvious version changes
below files primarily needed just a bit of help in resolution
config/jail.conf
fail2ban/server/filterpoll.py
fail2ban/server/server.py
fail2ban/tests/servertestcase.py
and following were more difficult -- git wasn't able to track renames/moves of the code
fail2ban-testcases -- needed to introduce those changes to tests/utils.py
testcases/clientreadertestcase.py -- manually applied patch from master
testcases/utils.py -- manually applied patch from master
* master: (51 commits)
ENH: Use real (resolving) example.com instead of test.example.com
DOC: Slight tune ups to ChangeLog -- we must release!
Changelog entries for the latest merges
BF: add bash-completion to MANIFEST
DOC: ChangeLog for default action type change
ENH: consolidate where blocktype is defined for iptables rules
BF: default type to unreachable
ENH: separate out regex and escape a .
ENH: logs/sshd -- have ":" after [daemon] (other uses are uncommon)
ENH: logs/sshd -- use example.com as the resolved hostname in sample log lines
ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
DOC: Drop sudo from bash-completion
DOC: Added bash-completion script
ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
ENH: Removed unused log line
ENH: logrotate file
BF: missed MANIFEST include
BF: missed MANIFEST include
BF: missed MANIFEST include
ENH: some form of logrotate based on what distros are doing
...
Conflicts:
ChangeLog
MANIFEST
client/actionreader.py
config/jail.conf
fail2ban/server/datedetector.py
fail2ban/tests/datedetectortestcase.py
* 'bsd_logs' of https://github.com/grooverdan/fail2ban:
ENH: separate out regex and escape a .
BF: missed MANIFEST include
DOC: credits for bsd log
DOC: bsd syslog files thanks to Nick Hilliard
BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD
Conflicts:
config/filter.d/common.conf
Origin: from https://github.com/jamesstout/fail2ban
* 'OpenSolaris' of https://github.com/jamesstout/fail2ban:
ENH: Removed unused log line
BF: fail2ban.local needs section headers
ENH: Use .local config files for logtarget and jail
ENH+TST: ssh failure messages for OpenSolaris and OS X
ENH: fail message matching for OpenSolaris and OS X
ENH: extra daemon info regex
ENH: actionunban back to a sed command
Readme for config on Solaris
create socket/pid dir if needed
Extra patterns for Solaris
change sed to perl for Solaris
Conflicts:
config/filter.d/sshd.conf
Yaroslav Halchenko