fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	1971fd4bd3	don't remove MLFID from cache (can recognize multiple attempt within the same connection)	8 years ago
sebres	f13fac5ae9	amend to 5561423be3b2d4636f5484183c3ad470fd326d06: fixed incorrect failure counting despite the `<F-NOFAIL>` marked regex; extra: introduced new tag `<F-MLFFORGET>` as mark to forget current multi-line MLFID (e. g. connection closed); Closes gh-1727	8 years ago
sebres	5561423be3	filter.d/sshd.conf: fixed failregex format - some parts are optional, new ddos more precise rule (Connection reset by with host entry); closes gh-1719	8 years ago
sebres	97d417926d	repairs testing of missing samples for all regex after filter settings (mode) changed	8 years ago
sebres	482e5265d7	output execution time of each test case if verbosity > 2	8 years ago
Serg G. Brester	77229a65b5	Merge pull request #1716 from sebres/fix-stop-replace-in-callable Prohibit recursive replacement of action info (calling map)	8 years ago
sebres	ccfd1ccb2d	code review, increase coverage, etc.	8 years ago
sebres	5030e3a122	[Important] Prohibit replacement of recursive "tags" in the action info resp. calling map (very bad idea to do this): - the calling map contains normally dynamic values only (no recursive tags); - recursive replacement can be vulnerable, because can contain foreign (user) input captured from log (will be replaced in the shell arguments);	8 years ago
sebres	c1da6611ec	[BF] prevents always converting of calling map items in replaceTag (without direct access of item): substituteRecursiveTags: ignore replacing callable items from calling map - should be converted on demand only (by get)	8 years ago
sebres	92d83274d9	fixes cache overload in the test cases (increase max count and max time of CACHE_ipToName - too many entries in mock-up preset, longer time testing)	8 years ago
Serg G. Brester	3fec546fc0	Merge pull request #1715 from sebres/fix-f2b-regex-debuggex-url fail2ban-regex debuggex url fix	8 years ago
sebres	295f7b88c9	increase coverage	8 years ago
sebres	3cba2310ff	Fixes debuggex URL (tag replacement) and missing line stat by matched lines (without time - `matched_lines_timeextracted`); Closes gh-1394	8 years ago
Serg G. Brester	1bcde678c6	Merge pull request #1710 from sebres/0.10-test-with-filter-options 0.10 filter options extension	8 years ago
sebres	30b53bb2ce	update ChangeLog and man/fail2ban-regex.1	8 years ago
sebres	eb3623e90c	configreader.py: correct reading real relative path (starting with "./"); fail2ban-regex: catch read exceptions by wrong config files (raise exception in verbose mode only);	8 years ago
sebres	6a26602ba8	allow to use filter options by fail2ban-regex, example: fail2ban-regex text.log "sshd[mode=aggressive]"	8 years ago
sebres	8af7a73bfc	update ChangeLog	8 years ago
sebres	0c1707afda	filter.d/sshd.conf: - optional parameter `mode` rewritten: normal (default), ddos, extra or aggressive (combines all), see sshd for regex details); test cases reformatted (since "filterOptions", we don't need multiple test log-files anymore);	8 years ago
sebres	7e442c5b27	filter.d/sendmail-reject.conf: - rewritten using `prefregex` and used MLFID-related multi-line parsing (by using tag `<F-MLFID>` instead of buffering with `maxlines`); - optional parameter `mode` introduced: normal (default), extra or aggressive (see sendmail-reject for regex details); test cases extended	8 years ago
sebres	a683e88a74	samples test case factory extended with filter options - dict in JSON to control filter options (e. g. mode, etc.): # filterOptions: {"mode": "aggressive"}	8 years ago
sebres	52ed6597b2	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	8 years ago
Serg G. Brester	d3b644acae	Merge pull request #1708 from sebres/fix-gh-1707 filter.d/cyrus-imap.conf: accept entries without login-info resp. hostname before IP address (gh-1707)	8 years ago
sebres	0f8cb1749f	Update ChangeLog	8 years ago
sebres	8768776d68	filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address	8 years ago
Serg G. Brester	d042981954	Merge pull request #1655 from ajcollett/0.10 Added config for AbuseIPDB	8 years ago
Serg G. Brester	b1f5ac9484	Update abuseipdb.conf	8 years ago
Serg G. Brester	62fa02241f	Update jail.conf	8 years ago
Serg G. Brester	e71f3d595f	Merge pull request #1705 from sebres/0.10-tag-ip-host New actions tag `<ip-host>` introduced: can be used in actions to retrieve the host name (dns) from the IP address	8 years ago
sebres	6a2c95da95	`action.d/sendmail-geoip-lines.conf` fixed using new tag `<ip-host>` (dns-cache and without external command execution); changelog updated;	8 years ago
sebres	59cf761129	Real action info instead of calling map in test cases, covering of the new tag '<ip-host>'; dns lookup: pre-caching within test cases - prevent slow dns-resolving and failures if no-network, of if some IP addresses will be changed later	8 years ago
sebres	a0bb51ef92	New tag '<ip-host>' introduced: can be used in actions to retrieve the host name (dns) from the IP address	8 years ago
sebres	b832b77e3c	small amendment for test-coverage; dynamical monitor failures test classes get proper names running in python3.x (wrong __qualname__)	8 years ago
Serg G. Brester	32ac383d06	Update ChangeLog	8 years ago
Serg G. Brester	81129f0e5c	Merge pull request #1698 from sebres/0.10-filter-captures-to-actions 0.10 filter captures to actions	8 years ago
sebres	e4a265c75f	test coverage	8 years ago
sebres	d2a3d093c6	rewritten CallingMap: performance optimized, immutable, self-referencing, template possibility (used in new ActionInfo objects); new ActionInfo handling: saves content between actions, without interim copying (save original on demand, recoverable via reset); test cases extended	8 years ago
sebres	4efcc29384	coverage of new multi-line handling within fail2ban-regex	8 years ago
sebres	35efca5941	Better multi-line handling introduced: single-line parsing with caching of needed failure information to process in further lines. Many times faster and fewer CPU-hungry because of parsing with `maxlines=1`, so without line buffering (scrolling of the buffer-window). Combination of tags `<F-MLFID>` and `<F-NOFAIL>` can be used now to process multi-line logs using single-line expressions: - tag `<F-MLFID>`: used to identify resp. store failure info for groups of log-lines with the same identifier (e. g. combined failure-info for the same conn-id by `<F-MLFID>(?:conn-id)</F-MLFID>`, see sshd.conf for example) - tag `<F-NOFAIL>`: used as mark for no-failure (helper to accumulate common failure-info); filter.d/sshd.conf: [sshd], [sshd-ddos], [sshd-aggressive] optimized with pre-filtering using new option `prefregex` and new multi-line handling.	8 years ago
sebres	8bcaeb9022	amend to 4ff8d051f49808ac769709c5aff8591fcd79040a: fixed fail2ban-regex with journalmatch using systemd-journal	8 years ago
sebres	22afdbd536	Several filters optimized with pre-filtering using new option `prefregex`	8 years ago
sebres	2fad50b6e8	Precedence of `prefregex` higher as `failregex` should be in head of the convert-stream; Allow using failure-id (`<HOST>`) within `prefregex` (by common prefix for all expressions specified with `failregex`)	8 years ago
sebres	4ff8d051f4	Introduced new filter option `prefregex` for pre-filtering using single regular expression; Some filters extended with user name; [filter.d/pam-generic.conf]: grave fix injection on user name to host fixed; test-cases in testSampleRegexsFactory can now check the captured groups (using additionally fields in failJSON structure)	8 years ago
sebres	9d15a792a5	amend to fe06ffca71e9054b21b93237c40c0c53478a19df: small optimization using already known IP family	8 years ago
sebres	fe06ffca71	Fix retrieving of IPv6 address with dnsToIp on some systems (default returns AF_INET family only), fix network test-cases.	8 years ago
sebres	61c8cd11b8	Exposes filter group captures in actions (non-recursive interpolation of tags `<F-...>`); Closes gh-1110	8 years ago
sebres	6d878f3a43	try to provide filter captures (already in ticket data) to the actions as interpolation options (closes gh-1110)	8 years ago
sebres	a8c0cec4ac	small amend with several fixes and test coverage	8 years ago
sebres	9ebf70cd6a	Safer, more stable and faster replaceTag interpolation (switched from cycle over all tags to re.sub with callable)	8 years ago
sebres	a6318b159b	substituteRecursiveTags optimization + moved in helpers facilities (because currently used commonly in server and in client)	8 years ago

1 2 3 4 5 ...

3993 Commits (1971fd4bd3eda0bfe91ee688ee41906af93043fc) All Branches Search

3993 Commits (1971fd4bd3eda0bfe91ee688ee41906af93043fc)

All Branches