github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,867 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

3867 Commits (18d09b6d8ef6c72b83fd99f81832ffe2e7c2ce8d)

Author SHA1 Message Date
Andrew James Collett 18d09b6d8e Updated changelog. 2017-01-08 09:50:58 +02:00
Andrew James Collett 3991f51f30 Update jail.conf 
Sigh, added a space back that I somehow missed in Vim, despite it being a rebase...
 2017-01-08 09:45:35 +02:00
Andrew James Collett 10d61e0779 Fixed the spaces again 2017-01-08 09:42:15 +02:00
Andrew James Collett b35391e768 Update jail.conf 
Fixing spacing
 2017-01-08 09:30:00 +02:00
Andrew James Collett 1c41390f7c Restructured the way the catagories work. 
Jail.conf is cleaner and abuseipdb.conf is more flexible.
 2017-01-08 09:26:11 +02:00
Andrew James Collett 55e107310f Added config for AbuseIPDB, ony tested on Ubuntu 16.04 2017-01-07 14:24:54 +02:00
Serg G. Brester feae7370ce Update THANKS 2016-11-28 23:19:24 +01:00
Serg G. Brester 8d9fe5d3da Merge pull request #1583 from sebres/_0.10/fix-datedetector-grave-fix-v2 
0.10/datedetector grave fix
 2016-11-28 17:37:36 +01:00
sebres 8018796b45 wrong indentation (important code-piece in if log-level only) 2016-11-28 17:17:48 +01:00
sebres 39c343bd06 better reorder templates handling, code coverage increase (a small part of _reorderTemplate was not covered at all) 2016-11-28 15:18:31 +01:00
sebres 5d5ab27435 small amend: removed unreachable code + coverage increase 2016-11-28 13:17:36 +01:00
sebres c06084d7d9 _start_params - fix: symlinks should be absolute paths 2016-11-28 11:04:37 +01:00
sebres 40cbe96352 Merge remote-tracking branch 0.10 into _0.10/fix-datedetector-grave-fix-v2 2016-11-28 11:03:11 +01:00
Serg G. Brester 389ad10344 Merge pull request #1622 from sebres/_0.10/configreader-and-more 
0.10/configreader and more:  substitution `%(param)s` from init block
 2016-11-28 10:08:30 +01:00
sebres ce540554c5 Merge configreader-py3-compat branch into _0.10/configreader-and-more 2016-11-25 20:14:45 +01:00
sebres ec7bb0d6c9 python 3x compatibility fix (positional arguments vs named arguments) 2016-11-25 20:12:49 +01:00
sebres a2af19c9f0 fixed several actions, that could not work with jails using multiple logpath; additionally repaired execution in default shell (bad substitution by `${x//...}` executing in `/bin/sh`); 
added helper "action.d/helpers-common.conf", and `_grep_logs` part-command for actions needed grep logs from multiple log-files
test cases: executing of some complex actions covered
 2016-11-25 19:27:26 +01:00
sebres 65abc639cc allow newline in extra init-parameters of action/filter (or interpolation of it), e. g. action[..., logpath="%(logpath)s"] 2016-11-25 16:56:46 +01:00
sebres 097970781c filter/action (and its includes): substitution `%(param)s` may be used now (instead of `<param>`) for init-values specified in jail-configs via `action[param1="...", param2=...]`; 
substitution `<param>` should be used for dynamic interpolation only (todo: review configurations to replace it);
 2016-11-25 16:53:46 +01:00
sebres b856e1dadc Merge pull request #1618 from sebres/_0.10/systemd-service 2016-11-24 20:45:17 +01:00
sebres 308bba448c ChangeLog update 2016-11-24 20:43:55 +01:00
sebres 95dd76b7dd Merge pull request #1619 from sebres/_0.10/skip-wrong-jails 2016-11-24 20:27:40 +01:00
sebres d908688b56 ChangeLog update 2016-11-24 20:25:08 +01:00
sebres 45174c5eaf if fail2ban running as systemd-service, for logging to the systemd-journal, the `logtarget` could be set to STDOUT 
small fixes by logging in stdout (+ system targets also allowed in lowercase now)
 2016-11-24 12:13:47 +01:00
sebres 1cd67ecaa2 automatically creates /var/run/fail2ban before start fail2ban (systems which /var/run/ is virtual resp. memory mount device) 2016-11-24 11:37:18 +01:00
sebres 7256a5cb8e code review: back to previous code - no skipping in testReadTestJailConf 2016-11-22 17:55:27 +01:00
sebres 8ed5b44bfd no cover for sporadic executed (time-related) code pieces (just to prevent randomly increasing/decreasing of coverage) 2016-11-22 17:38:32 +01:00
sebres fdac44ca58 introduced new option `-t` or `--test` to test configuration resp. start server only if configuration is clean (not skip wrong configured jails if option `-t` specified); 2016-11-22 17:08:44 +01:00
sebres 3e9852d4d2 code review, increase coverage 2016-11-22 14:56:54 +01:00
sebres 4882093a41 test cases extended: cover skipping invalid jail 2016-11-22 14:09:44 +01:00
sebres e52b47d8f5 normalized log output (all jail parameters in filter are indented with 2 spaces) 2016-11-22 13:57:20 +01:00
sebres c6e8c700f7 test cases fixed 2016-11-22 13:57:06 +01:00
sebres 77dc5a334c really skips invalid jails (because of theirs wrong configuration) - server starts nevertheless, as long as one jail was successful configured; 
message about wrong jail configuration logged in client log (stdout, systemd journal etc.) and in server log as error
 2016-11-22 13:23:30 +01:00
sebres 528a7a5abb systemd service update: 
- starting service in normal mode (without forking)
- does not restart if service exited normally (exit-code 0, e.g. stopped via fail2ban-client)
- does not restart if service can not start (exit-code 255, e.g. wrong configuration, etc.)
- service can be additionally started/stopped with commands (fail2ban-client, fail2ban-server)
 2016-11-22 11:14:27 +01:00
sebres 261f875748 Fixed sporadic tab-replacement (`\n\t` instead of `\n ` by word wrapping) in mime content of smtp-message in test cases, see 
https://github.com/fail2ban/fail2ban/pull/1410#issuecomment-262000804
 2016-11-21 19:06:17 +01:00
Serg G. Brester 44fddc102d Merge pull request #1616 from sebres/fix-1194 
[fix-gh-1194] Fixed misleading errors logged from ignorecommand in success case on retcode 1
 2016-11-21 17:15:16 +01:00
sebres 701abfd250 ChangeLog entry added 
+ indentation fix (space-tab replacement)
 2016-11-21 17:13:43 +01:00
sebres c442569b63 executeCmd: added possibility to select success return codes 
ignorecommand: both return codes (0, 1) are success codes now, so no errors will be logged + test cases extended to check this (and error case)
 2016-11-21 16:35:33 +01:00
sebres 189e70d99c processLine etc. rewritten: 
- normalize calling parameters (persistent parameters moved from function arguments to filter member variables)
- save last line as lambda instead of return it as string (lazy convert of process line tuple to string on demand, needed in fail2ban-regex only)
 2016-11-18 17:02:00 +01:00
sebres a2cf34a64e code review: added endpos to found tuple, just to be safe by unpack 2016-11-17 21:12:23 +01:00
sebres ea4c1f6356 Merge branch 'master' into 0.10 2016-11-11 10:29:45 +01:00
sebres dab5f56609 Merge branch 'fix-gh-1477' 2016-11-11 10:17:07 +01:00
Serg G. Brester 4e252be76f Update FILTERS 
closes #1591
 2016-10-25 11:01:32 +02:00
sebres 58717c1854 fail2ban-testcases: persistently set (python) time zone to CET during test cases process (used in zone-related test-cases) 2016-10-17 13:26:24 +02:00
sebres c8b036456d changelog entries 2016-10-17 12:47:42 +02:00
sebres ffa9705412 fixed UTC/GMT named time zone using `%Z` and `%z` patterns (special case with 0 zone offset); 
Currently still ignores another named zones, because fail2ban assumes that the given date is in the current default zone.
Closes gh-1575
 2016-10-17 12:09:53 +02:00
sebres faee5f1fdc better caching (thereby better performance), better recognition of similar regex 2016-10-17 11:20:30 +02:00
sebres ae7297e16b more precise date template handling (WARNING: this commit creates possible incompatibilities): 
- datedetector rewritten more strict as earlier;
  - default templates can be specified exacter using prefix/suffix syntax (via `datepattern`);
  - more as one date pattern can be specified using option `datepattern` now (new-line separated);
  - some default options like `datepattern` can be specified directly in section `[Definition]`, that avoids contrary usage of unnecessarily `[Init]` section, because of performance (each extra section costs time);
  - option `datepattern` can be specified in jail also (jails without filters);
  - if first group specified, only this will be cut out from search log-line (e. g.: `^date:[({DATE})]` will cut out only datetime match pattern, and leaves `date:[] failure ip...` for searching in filter);
  - faster match and fewer searching of appropriate templates (DateDetector.matchTime calls rarer DateTemplate.matchDate now);
  - standard filters extended with exact prefixed or anchored date templates;

template cache introduced (in opposition to default template cache, holds custom templates cached by pattern for possible common usage of same template/regex);
 2016-10-17 11:20:27 +02:00
sebres bd1eb70c52 speedup template first time selection through pre-sorted template list by template hits 2016-10-17 11:18:35 +02:00
sebres 0bed91b3c2 speedup SeekToTime test cases using exact date pattern... 2016-10-17 11:18:33 +02:00