github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,287 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

1046 Commits (1e3da21c680ac9a282f72348869e8cdb3d1e0399)

Author SHA1 Message Date
sebres 4bc8bc9d5f Merge branch '0.10' into 0.11 2020-08-24 16:31:48 +02:00
sebres 295630cccf documentation and changelog 2020-08-24 16:12:55 +02:00
sebres 7d172faa50 implements gh-2791: fail2ban-client extended to unban IP range(s) by subnet (CIDR/mask) or hostname (DNS) 2020-08-11 16:01:52 +02:00
sebres 9d076af9a2 Merge branch '0.11-combine-multiple-captures' into 0.11 2020-08-04 17:15:28 +02:00
sebres 98983adf76 update ChangeLog 2020-08-04 17:14:13 +02:00
sebres 067b76fc9e Merge branch '0.10' into 0.11 2020-08-04 15:40:59 +02:00
sebres 62a6771b33 Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763 
action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)
 2020-08-04 13:51:20 +02:00
sebres 1da9ab78be Merge branch '0.10' into 0.11 2020-06-11 12:52:13 +02:00
sebres 5a0edf61c9 filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749) 2020-06-08 14:38:26 +02:00
sebres 1588200274 Merge branch '0.10' into 0.11 2020-05-25 18:58:05 +02:00
Sergey G. Brester 368aa9e775
Merge pull request #2689 from benrubson/gitlab 
New Gitlab jail
 2020-05-04 19:19:13 +02:00
Sergey G. Brester 42aef09d69
Update ChangeLog 2020-04-27 19:38:48 +02:00
Sergey G. Brester da1652d0d7
Update ChangeLog 2020-04-26 12:26:55 +02:00
sebres 6b90ca820f filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently: 
- `normal`: matches 401 with supplied username only
  - `ddos`: matches 401 without supplied username only
  - `aggressive`: matches 401 and any variant (with and without username)
closes gh-2693
 2020-04-23 13:08:24 +02:00
sebres affd9cef5f filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697) 2020-04-21 13:32:17 +02:00
sebres 06b46e92eb jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead); 
no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357;
ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686);
don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.
 2020-04-15 19:00:49 +02:00
Sergey G. Brester 78651de7e5
Update ChangeLog 2020-04-14 12:25:18 +02:00
sebres 00c5d33e45 Merge branch '0.10' into 0.11 2020-03-13 22:39:19 +01:00
sebres bc2b81133c pyinotify backend: guarantees initial scanning of log-file by start (retarded via pending event if filter not yet active) 2020-03-13 22:07:32 +01:00
sebres d42ec210cc Merge branch '0.10' into 0.11 2020-03-13 17:44:29 +01:00
sebres 9f1c6f1617 filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660) 2020-03-13 17:34:37 +01:00
sebres e3737bb7c0 filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660) 2020-03-13 17:20:19 +01:00
Sergey G. Brester d4da9afd7f
Update ChangeLog 2020-03-06 20:29:48 +01:00
sebres 32f02ef3b3 Merge branch '0.10' into 0.11 2020-03-05 14:01:14 +01:00
sebres 42714d0849 filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it); 
amend to 62b1712d22 (PR #2387, backend-related option `logtype`);
testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)
 2020-03-05 13:47:11 +01:00
sebres 2ddf687c31 Merge branch '0.10' into 0.11 - test cases only (add ban to database was moved to observer in 0.11) 2020-03-02 19:17:16 +01:00
sebres 15158e4474 closes gh-2647: add ban to database is moved from jail.putFailTicket to actions.__CheckBan; be sure manual ban is written to database, so can be restored by restart; reload/restart test extended 2020-03-02 18:58:59 +01:00
sebres f088e7bf76 Merge branch '0.10' into 0.11 2020-03-02 17:10:48 +01:00
sebres 4766547e1f performance optimization of `datepattern` (better search algorithm); 
datetemplate: improved anchor detection for capturing groups `(^...)`; introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex;
datedetector: speedup special case if only one template is defined (every match wins - no collision, no sorting, no other best match possible)
 2020-02-28 14:27:21 +01:00
sebres c15c300d2a Merge branch '0.10' into 0.11 2020-02-25 17:11:29 +01:00
sebres e6ca04ca9d Merge branch '0.10' into 0.11 + version bump (back to dev) 2020-02-25 16:10:31 +01:00
Christopher Gurnee df885586d4 close Popen() pipes explicitly for PyPy 
Waiting for garbage collection to close pipes opened by Popen() can
lead to "Too many open files" errors with PyPy; close them explicitly.
 2020-02-25 14:55:10 +01:00
sebres e57e950ef5 version bump (back to dev) 2020-02-25 14:51:54 +01:00
sebres d004a2c79b release 0.11.1 -- This is the Way 2020-01-11 11:01:00 +01:00
sebres 27fb4790fb Merge branch '0.10' into 0.11 2020-01-10 15:17:54 +01:00
sebres b25d8565fc release 0.10.5 -- Deserve more respect a jedi's weapon must. Hrrrm, Yes 2020-01-10 13:34:46 +01:00
sebres 4860d69909 Merge branch '0.10' into 0.11 2020-01-09 20:55:00 +01:00
sebres f77398c49d filter.d/sshd.conf: captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra` (with supplied user only) and `ddos`/`aggressive` mode (`normal` mode is not affected, used there just as a helper with `<F-NOFAIL>` to capture IP for multiline failures without IP); 
closes gh-2115, gh-2362.
 2020-01-09 20:53:53 +01:00
sebres d1b7e2b5fb fail2ban-regex - several enhancements and fixes: 
- improved usage output (don't put a long help if an error occurs);
- new option `--no-check-all` to avoid check of all regex's (first matched only);
- new option `-o`, `--out` to set token provided in output (disables check-all and outputs only expected data);
- test cases optimized and extended
 2020-01-09 16:59:13 +01:00
sebres 587e4ff573 Merge branch '0.10' into 0.11 
(conflicts resolved)
 2020-01-08 21:27:23 +01:00
sebres f30b7ae244 update ChangeLog + spelling 2020-01-08 21:03:00 +01:00
sebres 24d1ea9aa2 Merge branch '0.10' into 0.11 2019-11-25 01:58:55 +01:00
Sergey G. Brester e86e9b2ee9
Merge branch '0.10' into gh-927-subnet 2019-11-15 01:47:50 +01:00
sebres 27e6b0021c ChangeLog update gh-2563 2019-11-08 13:18:57 +01:00
sebres e5d02bc2e9 grouped tags (`<ADDR>`, `<HOST>`, `<SUBNET>`) recognize IP addresses enclosed in square brackets, closes gh-2494 2019-11-04 12:11:00 +01:00
sebres d44607a161 part of #927 - filter enhancement to parse IP sub-nets (IP/CIDR with correct recognition of IP-family), 
provides new replacement tags for failregex to match subnets in form of IP-addresses with CIDR mask (gh-2559):
  - `<CIDR>` - helper regex to match CIDR (simple integer form of net-mask);
  - `<SUBNET>` - regex to match sub-net adresses (in form of IP/CIDR, also single IP is matched, so part /CIDR is optional);
 2019-11-01 16:29:17 +01:00
sebres 0824ad0d73 Merge branch '0.10' into 0.11 2019-10-18 12:04:38 +02:00
Sergey G. Brester 8b850864cf
amend to #2254: update changelog 2019-10-18 12:00:17 +02:00
sebres d1a73d3004 filter.d/apache-auth.conf: 
- ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548);
  - extended with option `mode` - `normal` (default) and `aggressive`
close gh-2548
 2019-10-18 11:26:19 +02:00
sebres 1cdd618232 Merge branch '0.10' into 0.11 2019-07-29 13:26:37 +02:00