sebres
061fab898a
Merge branch '0.10' into 0.11
2021-03-22 00:58:03 +01:00
sebres
e587526ede
tests: add missing constraint (causing incomplete comparison in below cycle if fewer lines as expected was found)
2021-03-22 00:56:40 +01:00
sebres
343ccd7e8a
small optimization
2021-03-21 23:35:38 +01:00
sebres
9bdc4be6cc
stability: better recognition of rotation (e. g. on hash collision, consider current size and last known position now), no hash of empty file (or not fulfilled line), etc;
...
performance: avoid unnecessary seek to start of file and hash calculation - now it occurs only if file really rotated (ino changing or size shrinking), otherwise not earlier than in 30 seconds;
avoid unneeded log-rotation in tests
2021-03-21 23:35:09 +01:00
sebres
725354c793
action info extended with new members for jail info (usable as tags in command actions):
...
`jail.found`, `jail.found_total` - current and total found failures
`jail.banned`, `jail.banned_total` - current and total bans
closes #10
2021-03-20 22:33:31 +01:00
oukb
529866b2bb
nsd.conf: fix for the current log format
...
New nsd 4.3.5 log format:
| [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
| [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches
| [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches
| [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
2021-03-08 19:14:28 +03:00
Mike Gabriel
f15ed35619
config/: Add support for filtering out detected port scans via scanlogd.
2021-03-05 16:35:13 +01:00
Sergey G. Brester
08393f9d82
Update filter_request.md
2021-03-03 20:28:27 +01:00
sebres
df5e024fb8
new issue templates
2021-03-03 20:16:34 +01:00
sebres
fb08534ed7
Merge branch '0.11'
2021-03-03 18:17:35 +01:00
sebres
3eaefe8da0
Merge branch '0.10' into 0.11
2021-03-03 18:16:47 +01:00
sebres
04aba6168c
fixed typo, `--` is not expected in options declaration, so `--dump-pretty` did never work (only `--dp` is working)
2021-03-03 13:02:00 +01:00
sebres
a45b1c974c
filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast);
...
closes gh-2951
2021-03-02 19:35:27 +01:00
sebres
63acc862b1
`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action
2021-02-24 18:21:42 +01:00
sebres
fb6315ea5e
Merge branch '0.10' into 0.11
2021-02-24 13:16:36 +01:00
sebres
6f4b6ec8cc
action.d/badips.* removed (badips.com is no longer active, gh-2889)
2021-02-24 13:05:04 +01:00
sebres
e3d43d1241
Merge branch 'fix-rc-on-too-many-failures' into 0.10: resolves RC with uncontrolled growth of failure list (jail with too many matches that did not cause ban, gh-2945)
2021-02-24 12:45:15 +01:00
sebres
92a2242174
amend fixing journal tests (systemd backend only)
2021-02-23 15:54:48 +01:00
sebres
e353fb8024
fixed test cases (ban ASAP also followed in test suite now, so failure reached maxretry causes immediate ban now)
2021-02-23 02:46:44 +01:00
sebres
55d7d9e214
*WiP* try to solve RC on jails with too many failures without ban, gh-2945 ...
2021-02-22 18:39:58 +01:00
sebres
884cbbd6e1
Merge branch '0.11'
2021-02-17 19:04:23 +01:00
sebres
abc5a4e062
ChangeLog ( #2742 )
2021-02-17 19:02:22 +01:00
sebres
a0352182e8
Merge branch '0.10' into 0.11
2021-02-17 18:57:38 +01:00
sebres
294ec73f62
Merge branch 'py-3-10-alpha-5' into 0.10
2021-02-17 18:49:06 +01:00
Sergey G. Brester
9f1d1f4fbd
amend for `Mapping` (jails)
2021-02-17 18:47:42 +01:00
Sergey G. Brester
42dee38ad2
amend for `Mapping`
2021-02-17 18:47:40 +01:00
Sergey G. Brester
2b6bb2c1be
follow bpo-37324: :ref:`collections-abstract-base-classes` moved to the :mod:`collections.abc` module
...
(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
2021-02-17 18:47:38 +01:00
Sergey G. Brester
8ae9208454
try to provide coverage for 3.10-alpha.5 ( #2931 )
2021-02-17 18:47:32 +01:00
Sergey G. Brester
a2f0dbad87
Merge pull request #2742 from aresxc/patch-1
...
Update drupal-auth.conf
2021-02-11 19:10:55 +01:00
Sergey G. Brester
f4f92aa72d
more tests covering different cases, injections attempt etc
2021-02-11 18:56:53 +01:00
Sergey G. Brester
d678440658
more precise RE (avoids weakness with catch-all's and is injection safe)
2021-02-11 18:32:32 +01:00
sebres
ea26509594
Merge branch '0.11'
2021-02-03 14:59:00 +01:00
sebres
6198b4566c
Merge branch '0.10' into 0.11
2021-02-03 14:47:56 +01:00
sebres
366c64cb9d
extractOptions: ensure options are parsed completely - avoids unexpected skip or truncate of parameters, produces more verbose error message in case of incorrect syntax; added more tests covering several cases
...
WARN: potential incompatibility (since it doesn't silently ignore wrong syntax anymore)
2021-02-03 14:45:30 +01:00
sebres
409348394e
Merge pull request #2913
...
Add transport to asterisk RE
2021-02-03 12:41:29 +01:00
Brian J. Murrell
7f185a828e
Update date in failJSON
...
The date format in failJSON is specific, so convert the date to use that format.
2021-01-31 15:22:16 +01:00
Brian J. Murrell
69c96c00c0
Log entries for updated failregex
...
Add a sample failregex.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
2021-01-31 15:22:16 +01:00
Brian J. Murrell
dc4ee5aa47
Add transport to asterisk RE
...
Call rejection messages from Asterisk can have the transport prefixed to the IP address.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
2021-01-31 15:22:16 +01:00
sebres
c75748c5d3
fail2ban.conf: added new fail2ban configuration option "allowipv6" (default auto), can be used to allow or disallow IPv6 interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces).
...
closes gh-2804
2021-01-27 17:06:14 +01:00
sebres
3700a9e523
invalidate IP/DNS caches by reload, so inter alia would allow to recognize IPv6IsAllowed immediately, previously retarded up to cache max-time (5m);
...
closes gh-2804
2021-01-26 20:35:14 +01:00
sebres
21dd317870
Merge branch '0.11'
2021-01-21 19:13:13 +01:00
sebres
dbc77c47c3
Merge branch '0.10' into 0.11
2021-01-21 19:11:01 +01:00
sebres
913c37db80
more fixes and optimizations, better RE's for patterns, allow parse date without time with such a datepattern (assume 00:00:00 then), etc
2021-01-21 19:00:56 +01:00
sebres
0f44a3408a
amend to 747d4683221b5584f9663695fb48145689b42ceb:
...
fail2ban-regex: loosen up date patterns %ExY, %Exy - let accept every year from 19xx up to current century (+3 years)
2021-01-21 19:00:53 +01:00
Sergey G. Brester
164105fab1
added new parameter `namespace` for systemd backend
...
closes gh-2910
2021-01-16 17:10:12 +01:00
Sergey G. Brester
5f3f4d1e2f
action.d/cloudflare.conf: better IPv6 capability
...
closes gh-2891
2021-01-11 15:23:40 +01:00
sebres
9df332fdef
filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...);
...
closes gh-2908
2021-01-11 15:10:53 +01:00
Michael Haro
2781e7b9d1
Add blank line so markdown renders correctly
2021-01-09 13:38:33 +01:00
Sergey G. Brester
2d4c3edeb6
Merge pull request #2906 from fail2ban/ci-py-3.10
...
CI: add python 3.10 (alpha) to github actions
2021-01-06 14:45:11 +01:00
Sergey G. Brester
c9907bef0d
CI: 3.10.0-alpha.4
2021-01-06 14:37:34 +01:00