Commit Graph

4848 Commits (165b7d66439fa46fb024b3849be8e657f819c564)

Author SHA1 Message Date
sebres 165b7d6643 tests fixed, prepared for other conditional operations (for subnet usage), operations like repair/flush/stop considering started families (executed for started only) 2020-01-06 21:02:57 +01:00
sebres 3c42c7b9ef **not ready** testActionsConsistencyCheck fixed, but several **broken** tests (todo: fix public interface like action.start()/stop()). 2020-01-06 21:02:56 +01:00
sebres 31b8d91ba2 **not ready** amend with more tests (some issue on stop?) 2019-12-27 21:58:06 +01:00
sebres 8f6ba15325 avoid unhandled exception during flush, better invariant check (and repair), avoid repair by unban/stop etc... 2019-12-27 21:30:41 +01:00
Sergey G. Brester 690a0050f0
Merge pull request #2567 from Mart124/bitwarden
New jail, Bitwarden
2019-12-13 18:31:21 +01:00
sebres 7e98073014 amend to f3dbc9dda10e52610e3de26f538b5581fd905505: don't need truncate (if the name with \0 exceeds 16 bytes, the string is silently truncated by prctl). 2019-12-12 21:45:09 +01:00
sebres f3dbc9dda1 set real thread names (used for identification and diagnostic purposes, e. g. top -H, ps -e -T, pstree, etc) 2019-12-12 21:28:16 +01:00
Mart124 e763c657c4
Let's get back to WRN 2019-11-27 00:32:10 +01:00
Mart124 566cbcdde0
Update bitwarden 2019-11-27 00:14:18 +01:00
Mart124 d7b707b09d
Update bitwarden.conf 2019-11-27 00:09:22 +01:00
Mart124 869327e9b1
Update bitwarden.conf 2019-11-25 22:17:58 +01:00
Mart124 79caeaa520
Create bitwarden.conf 2019-11-25 22:05:29 +01:00
Mart124 30e742a849
Update jail.conf 2019-11-25 21:57:41 +01:00
Mart124 ef394b3cf0
Update jail.conf 2019-11-25 21:55:45 +01:00
Mart124 a3df1ab3f0
Create bitwarden 2019-11-25 21:50:16 +01:00
sebres d5144e380e filter: testing proper handling after time-drift or time-jump (DST-hole, NTP time correction backwards, etc), gh-2566 2019-11-25 01:46:07 +01:00
Sergey G. Brester e4c2f303bd
Merge pull request #2550 from CPbN/centreonjail
Add Centreon jail
2019-11-15 01:53:20 +01:00
Sergey G. Brester 596c5cee7e
Merge pull request #2560 from sebres/gh-927-subnet
subnet implementation (filter, parsing tags)
2019-11-15 01:48:30 +01:00
Sergey G. Brester e86e9b2ee9
Merge branch '0.10' into gh-927-subnet 2019-11-15 01:47:50 +01:00
Sergey G. Brester 9d263edfbb
Merge pull request #2563 from hvanmegen/patch-1
Updated sendmail-auth.conf for longer mail IDs
2019-11-15 01:41:13 +01:00
sebres 27e6b0021c ChangeLog update gh-2563 2019-11-08 13:18:57 +01:00
sebres 0e8a8edb5e filter.d/sendmail-*.conf: both filters have same `__prefix_line` now (and same RE for ID, 14-20 chars long, optional) + adjusted test cases (gh-2563) 2019-11-08 13:15:40 +01:00
Henry van Megen a9200c5456 Added logline that fails at IDs with 15 chars (see gh-2563) 2019-11-08 12:43:02 +01:00
Henry van Megen 548e2e0054 sendmail-auth.conf: filter updated for longer mail IDs (up to 20, see gh-2562) 2019-11-08 12:42:09 +01:00
sebres 5cf064a112 monit: accepting both logpath's: monit and monit.log, closes gh-2495 2019-11-04 12:18:12 +01:00
sebres e5d02bc2e9 grouped tags (`<ADDR>`, `<HOST>`, `<SUBNET>`) recognize IP addresses enclosed in square brackets, closes gh-2494 2019-11-04 12:11:00 +01:00
sebres d44607a161 part of #927 - filter enhancement to parse IP sub-nets (IP/CIDR with correct recognition of IP-family),
provides new replacement tags for failregex to match subnets in form of IP-addresses with CIDR mask (gh-2559):
  - `<CIDR>` - helper regex to match CIDR (simple integer form of net-mask);
  - `<SUBNET>` - regex to match sub-net adresses (in form of IP/CIDR, also single IP is matched, so part /CIDR is optional);
2019-11-01 16:29:17 +01:00
CPbN 9e699646f8 Add Centreon jail 2019-10-24 14:37:18 +02:00
CPbN 18ba714f97 Add Centreon jail 2019-10-23 09:14:26 +02:00
sebres 5e3fef1631 Merge branch 'amend-gh-2254' into 0.10 2019-10-18 19:06:42 +02:00
sebres 85ec605358 nftables: amend to gh-2254 - implemented shutdown of action (proper clean-up) - at stop it checks now the last set was deleted and removes table completely (if table does not contain any set);
this is avoided if some sets were added manually or can be avoided via overwriting of parameter `_nft_shutdown_table`, for example:
banaction = nftables[_nft_shutdown_table=''][...]
2019-10-18 19:01:16 +02:00
sebres 51af193402 nftables: add options allowing to specify own table (default `f2b-table`) and chain (default `f2b-chain`) 2019-10-18 18:54:02 +02:00
sebres 955d690e56 regrouping expressions with curly braces, added more escapes (better handling in posix shell) 2019-10-18 18:34:48 +02:00
Sergey G. Brester 8b850864cf
amend to #2254: update changelog 2019-10-18 12:00:17 +02:00
Sergey G. Brester 54298fe761
Merge pull request #2254
Nftables: isolate fail2ban rules into a dedicated table and chain
2019-10-18 11:43:38 +02:00
sebres d1a73d3004 filter.d/apache-auth.conf:
- ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548);
  - extended with option `mode` - `normal` (default) and `aggressive`
close gh-2548
2019-10-18 11:26:19 +02:00
sebres 50595b70fd filter.d/mysqld-auth.conf: ISO timestamp format (dual time) within log message
(https://serverfault.com/questions/982126/fail2ban-fails-to-recognize-ip)
2019-10-11 01:31:07 +02:00
sebres 9e28b6c65f filter.d/asterisk.conf: relaxing protocol RE-part before IP in RemoteAddress (gh-2531) 2019-09-26 21:46:26 +02:00
sebres 8ea00c1d5d fixed mistake in config (semicolon after space as comment in configs?) and coverage, suppress errors by unsupported flush, better space handling in helper _nft_get_handle_id, etc 2019-09-25 13:47:29 +02:00
sebres 492205d30e action.d/nftables.conf: implemented `actionflush` (allows flushing nftables sets resp. fast unban of all jail tickets at all) 2019-09-24 20:00:29 +02:00
sebres abc4d9fe37 allow to use multiple protocols in multiport (single set with multiple rules in chain):
`banaction = nftables[type=multiport]` with `protocol="tcp,udp,sctp"` in jail replace 3 separate actions.
more robust if deleting multiple references to set (rules in chain)
2019-09-24 19:44:59 +02:00
sebres c753ffb11d combine nftables actions to single action:
- nftables-common is removed
- nftables-allports  is obsolete, replaced by nftables[type=allports]
- nftables-multiport is obsolete, replaced by nftables[type=multiport]
2019-09-24 18:53:38 +02:00
sebres c59d49da22 nftables-allports: support multiple protocols in single rule;
tests/servertestcase.py: added coverage for nftables actions
2019-09-24 18:46:41 +02:00
Ririsoft dde51b4682 fix actionban/unban ip definition syntax 2019-09-24 13:01:14 +02:00
Monson Shao 1cda50ce05 Rewrite nftables variables based on nftables' logic.
Add an example for redirecting.
2019-09-24 13:01:13 +02:00
sebres 82ddaa5771 fix order of jail options in stream:
* be sure usedns is before all regex(s) in stream (this option is also allowed in the config of filter now)
  * logpath after all log-related data (backend, date-pattern, etc)
2019-09-11 19:38:42 +02:00
sebres 7b3ee3dadc allow to set all standard options of filter (like prefregex, journalmatch, etc) directly in jail (without filter or supplying parameters to filter);
normalize stream generation of filter-related parameters across FilterReader and JailReader (uses stream generator of filter now);
test cases extended (testOverrideFilterOptInJail) to cover this possibility.
2019-09-11 16:14:46 +02:00
sebres a36b70c7b5 filter.d/znc-adminlog.conf: support logging format of systemd-journal, bypass port after address (optional, removed end-anchor, see gh-2520) 2019-09-10 21:02:26 +02:00
sebres fbd4bfc595 extend murmur test cases to cover systemd journal log-format (gh-2520, note we don't use any time-stamp as systemd-backend does not expect it) 2019-09-10 19:46:44 +02:00
sebres e547927075 tests: extend server test cases for some stock jails (e. g. check issue with sendmail filters gh-2493 + covering `maxmatches` / `dbmaxmatches` in server tests) 2019-08-22 21:29:46 +02:00