Commit Graph

5410 Commits (1f48e55959bfa079c7aeaad469040018b92139c4)

Author SHA1 Message Date
Serg G. Brester 1bcde678c6 Merge pull request #1710 from sebres/0.10-test-with-filter-options
0.10 filter options extension
2017-03-13 02:11:48 +01:00
sebres 30b53bb2ce update ChangeLog and man/fail2ban-regex.1 2017-03-13 02:07:14 +01:00
sebres eb3623e90c configreader.py: correct reading real relative path (starting with "./");
fail2ban-regex: catch read exceptions by wrong config files (raise exception in verbose mode only);
2017-03-12 19:04:45 +01:00
sebres 6a26602ba8 allow to use filter options by fail2ban-regex, example:
fail2ban-regex text.log "sshd[mode=aggressive]"
2017-03-11 00:06:29 +01:00
sebres 8af7a73bfc update ChangeLog 2017-03-10 22:14:39 +01:00
sebres 0c1707afda filter.d/sshd.conf:
- optional parameter `mode` rewritten: normal (default), ddos, extra or aggressive (combines all), see sshd for regex details);

test cases reformatted (since "filterOptions", we don't need multiple test log-files anymore);
2017-03-10 22:09:11 +01:00
sebres 7e442c5b27 filter.d/sendmail-reject.conf:
- rewritten using `prefregex` and used MLFID-related multi-line parsing (by using tag `<F-MLFID>` instead of buffering with `maxlines`);
- optional parameter `mode` introduced: normal (default), extra or aggressive (see sendmail-reject for regex details);

test cases extended
2017-03-10 21:44:19 +01:00
sebres a683e88a74 samples test case factory extended with filter options - dict in JSON to control filter options (e. g. mode, etc.):
# filterOptions: {"mode": "aggressive"}
2017-03-10 20:39:09 +01:00
sebres 52ed6597b2 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-03-09 16:27:14 +01:00
Serg G. Brester d3b644acae Merge pull request #1708 from sebres/fix-gh-1707
filter.d/cyrus-imap.conf: accept entries without login-info resp. hostname before IP address (gh-1707)
2017-03-09 16:26:06 +01:00
sebres 0f8cb1749f Update ChangeLog 2017-03-09 16:15:45 +01:00
sebres 8768776d68 filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address 2017-03-09 16:13:45 +01:00
Serg G. Brester d042981954 Merge pull request #1655 from ajcollett/0.10
Added config for AbuseIPDB
2017-03-09 15:15:26 +01:00
Serg G. Brester b1f5ac9484 Update abuseipdb.conf 2017-03-09 13:33:11 +01:00
Serg G. Brester 62fa02241f Update jail.conf 2017-03-09 13:31:40 +01:00
Serg G. Brester e71f3d595f Merge pull request #1705 from sebres/0.10-tag-ip-host
New actions tag `<ip-host>` introduced: can be used in actions to retrieve the host name (dns) from the IP address
2017-03-09 13:11:57 +01:00
sebres 6a2c95da95 `action.d/sendmail-geoip-lines.conf` fixed using new tag `<ip-host>` (dns-cache and without external command execution);
changelog updated;
2017-03-08 16:51:08 +01:00
sebres 59cf761129 Real action info instead of calling map in test cases, covering of the new tag '<ip-host>';
dns lookup: pre-caching within test cases - prevent slow dns-resolving and failures if no-network, of if some IP addresses will be changed later
2017-03-08 16:51:06 +01:00
sebres a0bb51ef92 New tag '<ip-host>' introduced: can be used in actions to retrieve the host name (dns) from the IP address 2017-03-08 16:51:05 +01:00
sebres b832b77e3c small amendment for test-coverage;
dynamical monitor failures test classes get proper names running in python3.x (wrong __qualname__)
2017-03-01 14:52:51 +01:00
Serg G. Brester 32ac383d06 Update ChangeLog 2017-02-27 15:51:33 +01:00
Serg G. Brester 81129f0e5c Merge pull request #1698 from sebres/0.10-filter-captures-to-actions
0.10 filter captures to actions
2017-02-27 15:29:57 +01:00
sebres e4a265c75f test coverage 2017-02-24 13:22:15 +01:00
sebres d2a3d093c6 rewritten CallingMap: performance optimized, immutable, self-referencing, template possibility (used in new ActionInfo objects);
new ActionInfo handling: saves content between actions, without interim copying (save original on demand, recoverable via reset);
test cases extended
2017-02-24 11:54:24 +01:00
sebres 4efcc29384 coverage of new multi-line handling within fail2ban-regex 2017-02-22 22:20:19 +01:00
sebres 35efca5941 Better multi-line handling introduced: single-line parsing with caching of needed failure information to process in further lines.
Many times faster and fewer CPU-hungry because of parsing with `maxlines=1`, so without line buffering (scrolling of the buffer-window).
Combination of tags `<F-MLFID>` and `<F-NOFAIL>` can be used now to process multi-line logs using single-line expressions:
- tag `<F-MLFID>`: used to identify resp. store failure info for groups of log-lines with the same identifier (e. g. combined failure-info for the same conn-id by `<F-MLFID>(?:conn-id)</F-MLFID>`, see sshd.conf for example)
- tag `<F-NOFAIL>`: used as mark for no-failure (helper to accumulate common failure-info);
filter.d/sshd.conf: [sshd], [sshd-ddos], [sshd-aggressive] optimized with pre-filtering using new option `prefregex` and new multi-line handling.
2017-02-22 22:19:43 +01:00
sebres 8bcaeb9022 amend to 4ff8d051f49808ac769709c5aff8591fcd79040a: fixed fail2ban-regex with journalmatch using systemd-journal 2017-02-21 17:07:37 +01:00
sebres 22afdbd536 Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 15:54:59 +01:00
sebres 2fad50b6e8 Precedence of `prefregex` higher as `failregex` should be in head of the convert-stream;
Allow using failure-id (`<HOST>`) within `prefregex` (by common prefix for all expressions specified with `failregex`)
2017-02-21 15:54:25 +01:00
sebres 4ff8d051f4 Introduced new filter option `prefregex` for pre-filtering using single regular expression;
Some filters extended with user name;
[filter.d/pam-generic.conf]: grave fix injection on user name to host fixed;
test-cases in testSampleRegexsFactory can now check the captured groups (using additionally fields in failJSON structure)
2017-02-20 16:54:17 +01:00
sebres 9d15a792a5 amend to fe06ffca71e9054b21b93237c40c0c53478a19df: small optimization using already known IP family 2017-02-20 16:46:45 +01:00
sebres fe06ffca71 Fix retrieving of IPv6 address with dnsToIp on some systems (default returns AF_INET family only), fix network test-cases. 2017-02-20 12:17:28 +01:00
sebres 61c8cd11b8 Exposes filter group captures in actions (non-recursive interpolation of tags `<F-...>`);
Closes gh-1110
2017-02-20 11:36:08 +01:00
sebres 6d878f3a43 try to provide filter captures (already in ticket data) to the actions as interpolation options (closes gh-1110) 2017-02-17 23:47:41 +01:00
Serg G. Brester 2fa18a74c4 Merge branch 'master' into master 2017-02-17 09:06:09 +01:00
sebres a8c0cec4ac small amend with several fixes and test coverage 2017-02-16 22:13:56 +01:00
sebres 9ebf70cd6a Safer, more stable and faster replaceTag interpolation (switched from cycle over all tags to re.sub with callable) 2017-02-16 18:28:59 +01:00
sebres a6318b159b substituteRecursiveTags optimization + moved in helpers facilities (because currently used commonly in server and in client) 2017-02-16 16:01:10 +01:00
sebres 3fae8a7e43 amend to fc315be4ea88c3619f984542b21c95820f53d87b: parse and interpolate all options in section "Definition" (section "Init" no more needed),
because of better performance with this solution;
2017-02-16 14:53:57 +01:00
sebres 4bf09bf297 provides new tag `<ip-rev>` for PTR reversed representation of IP address;
[action.d/complain.conf] fixed using this new tag;
2017-02-16 13:38:20 +01:00
sebres fc315be4ea try to parse and interpolate all options in section "Definition" (section "Init" no more needed) 2017-02-16 13:32:56 +01:00
Serg G. Brester 7f63809afb Merge branch '0.10' into patch-1 2017-02-15 20:33:36 +01:00
Serg G. Brester 2d12349eac Update servertestcase.py
Make the test-case gh-1685 compliant
2017-02-15 20:30:48 +01:00
sebres abd80696ab Merge branch 'py-3.6-compat' into 0.10 2017-02-15 19:09:20 +01:00
sebres cf53a834f7 python-3.6 compatibility:
- dynamical string replacement within call of regexp.sub fixed with lambda-replacement (otherwise "sre_constants.error: bad escape \s at position");
- optional arguments (3.6 has more agrs by calling of SMTPServer.process_message);
- implicit convert byte to string, because python3.6 fails on binary data (test_smtp).
2017-02-15 19:05:45 +01:00
sebres 01db0b5028 small performance fix after merge with 0.10
(cherry picked from commit 8e2711681c)
2017-02-15 19:04:24 +01:00
sebres 63f7916886 fix test cases by testing with multi-threaded execution (wait for threaded execution done)
(cherry picked from commit 1ec6782f32)

# Conflicts:
#	fail2ban/tests/observertestcase.py (not yet available in 0.10)
2017-02-15 18:58:40 +01:00
sebres f35aa6d258 coverage: added python3.6 2017-02-15 08:46:27 +01:00
sebres 40837754c9 python3.6 compatibility fix 2017-02-15 08:45:15 +01:00
Christoph Theis 861ce4177c #1689: Make lowest rule number in action.d/bsd-ipfw.conf configurable 2017-02-14 18:31:42 +01:00