github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,572 Commits
32 Branches
229 Tags
17 MiB
Commit Graph

5572 Commits (1e8ce20b325e1a60c92025e0512fe0a547552293)

Author SHA1 Message Date
Viktor Szépe 1e8ce20b32
Display ChangeLog as a Markdown document 2021-10-17 19:53:10 +02:00
sebres 5093ff8956 Merge branch '0.11' into master 2021-09-19 18:54:23 +02:00
sebres d6b884f3b7 amend to fix gh-3098: no option `--disable-2to3` anymore 2021-09-19 18:52:34 +02:00
sebres 5ac303df8a fix gh-3098: build fails with error in fail2ban setup command: use_2to3 is invalid (setuptools 58+) 2021-09-19 18:49:18 +02:00
sebres 8d45deca86 Merge branch '0.10' into 0.11 2021-09-19 18:42:23 +02:00
sebres 974ba688d4 Merge branch 'patch-3098' into 0.10 2021-09-19 18:41:24 +02:00
Sergey G. Brester 7f22c4873a
remove 2to3 in setup (should be called outside before setup) 2021-09-19 18:36:02 +02:00
Sergey G. Brester 1414a44b8e
Update main.yml 
CI: try to install dependencies via apt, add build test
 2021-09-19 18:24:36 +02:00
sebres ad1f9dc4d0 Merge branch '0.11' 2021-09-08 20:12:48 +02:00
sebres 64217fe018 Merge branch '0.10' into 0.11 2021-09-08 20:09:48 +02:00
sebres c0f9348db5 Merge branch 'sebres/gh-3097--fix-unh-except' into 0.10; 
closes #3097
 2021-09-08 20:08:30 +02:00
sebres d709ec8179 GH actions: use newest python version for 3.10 (3.10.0-rc.2) 2021-09-08 20:00:41 +02:00
sebres ba282b794c pyinotify: amend to 1e4a14fb25d88e32f3ca9c06fb1d6b8d3b4813ab: one fix more for sporadic runtime error "dictionary changed size during iteration" (watched files) 2021-09-08 19:56:02 +02:00
sebres e323c148e1 backend systemd: fixes error "local variable 'line' referenced before assignment", introduced in 55d7d9e214f72bbe4f39a2d17aa004d80bfc7299; 
don't update database too often (every 10 ticks or ~ 10 seconds in production);
closes gh-3097
 2021-09-08 19:44:49 +02:00
sebres 1e4a14fb25 pyinotify: fixes sporadic runtime error "dictionary changed size during iteration" (if something outside changes the pending dict during _checkPending evaluation) - simply deserialize to a list for iteration, without any lock, because unneeded here due to small and mostly empty dictionary (logrotate, etc), not to mention that pending check is normally called once per minute; 
don't call process file inside of server thread calling of addLogPath (always retard it as pending event);
ensure to wake-up as soon as possible to process pending events (e. g. if file gets added).
 2021-09-08 19:17:44 +02:00
sebres 2f99d5accb test coverage for unhandled exception in run of several filter (gh-3097) 2021-09-08 18:22:31 +02:00
Sergey G. Brester cb667edf17
Merge pull request #3087 from alexporto2200/patch-3 
README: added dependencies to setuptools or distutils (if installing from source)
 2021-08-17 16:49:40 +02:00
Sergey G. Brester ade79635b2
distutils/setuptools only required if installing from source 2021-08-17 16:41:20 +02:00
Alex Porto dos Santos 39fe0bdce6
Update Readme 
Add python3-setuptools or python-setuptools for dependencies. On some distributions this doesn't come by default, it would be nice to let users know about this in the documentation.
 2021-08-17 10:39:04 -03:00
sebres 10cd815525 merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:06:06 +02:00
sebres c03fe6682c merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:04:46 +02:00
sebres e3f2fcfab4 merge point (GHSA-m985-3f3v-cwmm 0.9/0.10) 2021-07-07 11:50:49 +02:00
sebres 2ed414ed09 fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence 
closes GHSA-m985-3f3v-cwmm for 0.9
 2021-07-07 11:46:28 +02:00
sebres 410a6ce5c8 fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence 2021-06-21 17:12:53 +02:00
sebres 579c6a94af filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040) 2021-06-10 15:23:24 +02:00
sebres 43f2923fbd filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user"; 
both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters
 2021-06-10 15:06:54 +02:00
Sergey G. Brester bbfff18280
action.d/ufw.conf: amend to #3018: parameter `kill-mode` extended with conntrack 2021-06-03 12:02:08 +02:00
sebres c7a86b4616 action.d/firewallcmd-ipset.conf: amend to #2620: 
- combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`);
- IPv6-capability for firewalld ipset;
- no internal timeout handling by default;
- no permanent rules yet
 2021-05-29 22:59:55 +02:00
Sergey G. Brester 2a508da5a0
Merge pull request #2620 from mspolitaev/master 
Using native firewalld ipset implementation
 2021-05-29 21:30:55 +02:00
sebres 38535b0cca Merge branch '0.11' into master 2021-05-29 21:25:24 +02:00
sebres d2f5c7de09 Merge branch '0.10' into 0.11 2021-05-29 21:24:11 +02:00
sebres 92f90038fa filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553 2021-05-29 21:12:34 +02:00
sebres 8b984a0135 filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553) 2021-05-29 20:47:56 +02:00
sebres 6be1a5a0b1 filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880) 2021-05-29 20:25:28 +02:00
sebres 8afea37494 filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757) 2021-05-29 20:09:57 +02:00
sebres c5f1598a21 filter.d/postfix.conf: extended to cover new vectors: 
- reject: BDAT/DATA from (gh-2927)
- (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else)
- matches "Command rejected" and "Data command rejected" now
 2021-05-29 19:48:24 +02:00
sebres ae3e9b9149 filter.d/postfix.conf: extended to cover 2 new vectors: 
- RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995
- 550 5.7.25 Client host rejected, gh-2996
review combining several regex to single one
 2021-05-29 19:21:27 +02:00
sebres 87f717e0e0 filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012) 2021-05-29 18:45:59 +02:00
Sergey G. Brester 3d52fe3e4e
Merge pull request #2679 from mikaku/updated-to-latest-jail.conf 
Add new jail (and filter) Monitorix
 2021-05-27 12:17:16 +02:00
sebres 0a05dbdbfc Merge branch '0.11' into master 2021-05-25 23:19:25 +02:00
sebres 3312b8cb95 Merge branch '0.10' into 0.11 2021-05-25 23:18:33 +02:00
sebres 1627d4f573 filter.d/sendmail-auth.conf: user not found, closes gh-3030 2021-05-25 23:16:29 +02:00
Sergey G. Brester f07e0f7ade
Merge pull request #2984 from j-marz/zoneminder_filter_update 
Zoneminder filter update
 2021-05-21 13:03:33 +02:00
Sergey G. Brester ec4e0dd65b
padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name) 2021-05-21 13:00:24 +02:00
j-marz 2367ad115c fixed typo in comment 2021-05-20 09:15:45 +10:00
Ioannis Cherouvim 5e3de882af
docs: Typo. (#3025) 2021-05-12 13:18:46 +02:00
Sergey G. Brester 3f9cf27853
filter.d/apache-fakegooglebot.conf: better, more precise regex and datepattern (closes possible weakness like #3013) 2021-05-11 13:47:48 +02:00
usernamepi 4f8427178a
Missing comment "#" (#3022) 
Missed this ... but the logs showed it.
 2021-05-07 18:23:40 +02:00
sebres 6ac2156907 Merge branch '0.11' into master 2021-05-07 01:48:36 +02:00
sebres 3e1aa03037 Merge branch '0.10' into 0.11 2021-05-07 01:46:46 +02:00