Serg G. Brester
1bcde678c6
Merge pull request #1710 from sebres/0.10-test-with-filter-options
...
0.10 filter options extension
2017-03-13 02:11:48 +01:00
sebres
30b53bb2ce
update ChangeLog and man/fail2ban-regex.1
2017-03-13 02:07:14 +01:00
sebres
eb3623e90c
configreader.py: correct reading real relative path (starting with "./");
...
fail2ban-regex: catch read exceptions by wrong config files (raise exception in verbose mode only);
2017-03-12 19:04:45 +01:00
sebres
6a26602ba8
allow to use filter options by fail2ban-regex, example:
...
fail2ban-regex text.log "sshd[mode=aggressive]"
2017-03-11 00:06:29 +01:00
sebres
8af7a73bfc
update ChangeLog
2017-03-10 22:14:39 +01:00
sebres
0c1707afda
filter.d/sshd.conf:
...
- optional parameter `mode` rewritten: normal (default), ddos, extra or aggressive (combines all), see sshd for regex details);
test cases reformatted (since "filterOptions", we don't need multiple test log-files anymore);
2017-03-10 22:09:11 +01:00
sebres
7e442c5b27
filter.d/sendmail-reject.conf:
...
- rewritten using `prefregex` and used MLFID-related multi-line parsing (by using tag `<F-MLFID>` instead of buffering with `maxlines`);
- optional parameter `mode` introduced: normal (default), extra or aggressive (see sendmail-reject for regex details);
test cases extended
2017-03-10 21:44:19 +01:00
sebres
a683e88a74
samples test case factory extended with filter options - dict in JSON to control filter options (e. g. mode, etc.):
...
# filterOptions: {"mode": "aggressive"}
2017-03-10 20:39:09 +01:00
sebres
52ed6597b2
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2017-03-09 16:27:14 +01:00
Serg G. Brester
d3b644acae
Merge pull request #1708 from sebres/fix-gh-1707
...
filter.d/cyrus-imap.conf: accept entries without login-info resp. hostname before IP address (gh-1707)
2017-03-09 16:26:06 +01:00
sebres
0f8cb1749f
Update ChangeLog
2017-03-09 16:15:45 +01:00
sebres
8768776d68
filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address
2017-03-09 16:13:45 +01:00
Serg G. Brester
d042981954
Merge pull request #1655 from ajcollett/0.10
...
Added config for AbuseIPDB
2017-03-09 15:15:26 +01:00
Serg G. Brester
b1f5ac9484
Update abuseipdb.conf
2017-03-09 13:33:11 +01:00
Serg G. Brester
62fa02241f
Update jail.conf
2017-03-09 13:31:40 +01:00
Serg G. Brester
e71f3d595f
Merge pull request #1705 from sebres/0.10-tag-ip-host
...
New actions tag `<ip-host>` introduced: can be used in actions to retrieve the host name (dns) from the IP address
2017-03-09 13:11:57 +01:00
sebres
6a2c95da95
`action.d/sendmail-geoip-lines.conf` fixed using new tag `<ip-host>` (dns-cache and without external command execution);
...
changelog updated;
2017-03-08 16:51:08 +01:00
sebres
59cf761129
Real action info instead of calling map in test cases, covering of the new tag '<ip-host>';
...
dns lookup: pre-caching within test cases - prevent slow dns-resolving and failures if no-network, of if some IP addresses will be changed later
2017-03-08 16:51:06 +01:00
sebres
a0bb51ef92
New tag '<ip-host>' introduced: can be used in actions to retrieve the host name (dns) from the IP address
2017-03-08 16:51:05 +01:00
sebres
b832b77e3c
small amendment for test-coverage;
...
dynamical monitor failures test classes get proper names running in python3.x (wrong __qualname__)
2017-03-01 14:52:51 +01:00
Serg G. Brester
32ac383d06
Update ChangeLog
2017-02-27 15:51:33 +01:00
Serg G. Brester
81129f0e5c
Merge pull request #1698 from sebres/0.10-filter-captures-to-actions
...
0.10 filter captures to actions
2017-02-27 15:29:57 +01:00
sebres
e4a265c75f
test coverage
2017-02-24 13:22:15 +01:00
sebres
d2a3d093c6
rewritten CallingMap: performance optimized, immutable, self-referencing, template possibility (used in new ActionInfo objects);
...
new ActionInfo handling: saves content between actions, without interim copying (save original on demand, recoverable via reset);
test cases extended
2017-02-24 11:54:24 +01:00
sebres
4efcc29384
coverage of new multi-line handling within fail2ban-regex
2017-02-22 22:20:19 +01:00
sebres
35efca5941
Better multi-line handling introduced: single-line parsing with caching of needed failure information to process in further lines.
...
Many times faster and fewer CPU-hungry because of parsing with `maxlines=1`, so without line buffering (scrolling of the buffer-window).
Combination of tags `<F-MLFID>` and `<F-NOFAIL>` can be used now to process multi-line logs using single-line expressions:
- tag `<F-MLFID>`: used to identify resp. store failure info for groups of log-lines with the same identifier (e. g. combined failure-info for the same conn-id by `<F-MLFID>(?:conn-id)</F-MLFID>`, see sshd.conf for example)
- tag `<F-NOFAIL>`: used as mark for no-failure (helper to accumulate common failure-info);
filter.d/sshd.conf: [sshd], [sshd-ddos], [sshd-aggressive] optimized with pre-filtering using new option `prefregex` and new multi-line handling.
2017-02-22 22:19:43 +01:00
sebres
8bcaeb9022
amend to 4ff8d051f49808ac769709c5aff8591fcd79040a: fixed fail2ban-regex with journalmatch using systemd-journal
2017-02-21 17:07:37 +01:00
sebres
22afdbd536
Several filters optimized with pre-filtering using new option `prefregex`
2017-02-21 15:54:59 +01:00
sebres
2fad50b6e8
Precedence of `prefregex` higher as `failregex` should be in head of the convert-stream;
...
Allow using failure-id (`<HOST>`) within `prefregex` (by common prefix for all expressions specified with `failregex`)
2017-02-21 15:54:25 +01:00
sebres
4ff8d051f4
Introduced new filter option `prefregex` for pre-filtering using single regular expression;
...
Some filters extended with user name;
[filter.d/pam-generic.conf]: grave fix injection on user name to host fixed;
test-cases in testSampleRegexsFactory can now check the captured groups (using additionally fields in failJSON structure)
2017-02-20 16:54:17 +01:00
sebres
9d15a792a5
amend to fe06ffca71e9054b21b93237c40c0c53478a19df: small optimization using already known IP family
2017-02-20 16:46:45 +01:00
sebres
fe06ffca71
Fix retrieving of IPv6 address with dnsToIp on some systems (default returns AF_INET family only), fix network test-cases.
2017-02-20 12:17:28 +01:00
sebres
61c8cd11b8
Exposes filter group captures in actions (non-recursive interpolation of tags `<F-...>`);
...
Closes gh-1110
2017-02-20 11:36:08 +01:00
sebres
6d878f3a43
try to provide filter captures (already in ticket data) to the actions as interpolation options (closes gh-1110)
2017-02-17 23:47:41 +01:00
Serg G. Brester
2fa18a74c4
Merge branch 'master' into master
2017-02-17 09:06:09 +01:00
sebres
a8c0cec4ac
small amend with several fixes and test coverage
2017-02-16 22:13:56 +01:00
sebres
9ebf70cd6a
Safer, more stable and faster replaceTag interpolation (switched from cycle over all tags to re.sub with callable)
2017-02-16 18:28:59 +01:00
sebres
a6318b159b
substituteRecursiveTags optimization + moved in helpers facilities (because currently used commonly in server and in client)
2017-02-16 16:01:10 +01:00
sebres
3fae8a7e43
amend to fc315be4ea88c3619f984542b21c95820f53d87b: parse and interpolate all options in section "Definition" (section "Init" no more needed),
...
because of better performance with this solution;
2017-02-16 14:53:57 +01:00
sebres
4bf09bf297
provides new tag `<ip-rev>` for PTR reversed representation of IP address;
...
[action.d/complain.conf] fixed using this new tag;
2017-02-16 13:38:20 +01:00
sebres
fc315be4ea
try to parse and interpolate all options in section "Definition" (section "Init" no more needed)
2017-02-16 13:32:56 +01:00
Serg G. Brester
7f63809afb
Merge branch '0.10' into patch-1
2017-02-15 20:33:36 +01:00
Serg G. Brester
2d12349eac
Update servertestcase.py
...
Make the test-case gh-1685 compliant
2017-02-15 20:30:48 +01:00
sebres
abd80696ab
Merge branch 'py-3.6-compat' into 0.10
2017-02-15 19:09:20 +01:00
sebres
cf53a834f7
python-3.6 compatibility:
...
- dynamical string replacement within call of regexp.sub fixed with lambda-replacement (otherwise "sre_constants.error: bad escape \s at position");
- optional arguments (3.6 has more agrs by calling of SMTPServer.process_message);
- implicit convert byte to string, because python3.6 fails on binary data (test_smtp).
2017-02-15 19:05:45 +01:00
sebres
01db0b5028
small performance fix after merge with 0.10
...
(cherry picked from commit 8e2711681c
)
2017-02-15 19:04:24 +01:00
sebres
63f7916886
fix test cases by testing with multi-threaded execution (wait for threaded execution done)
...
(cherry picked from commit 1ec6782f32
)
# Conflicts:
# fail2ban/tests/observertestcase.py (not yet available in 0.10)
2017-02-15 18:58:40 +01:00
sebres
f35aa6d258
coverage: added python3.6
2017-02-15 08:46:27 +01:00
sebres
40837754c9
python3.6 compatibility fix
2017-02-15 08:45:15 +01:00
Christoph Theis
861ce4177c
#1689 : Make lowest rule number in action.d/bsd-ipfw.conf configurable
2017-02-14 18:31:42 +01:00