Commit Graph

3038 Commits (1fb867b839c3f8cd9931371dffa59aab545a437d)

Author SHA1 Message Date
Yaroslav Halchenko 63237a785e DOC: forgotten --help entry for " unban " 2012-11-05 21:50:49 -05:00
Yaroslav Halchenko f52ba9923a ENH: downgrade "already banned" from WARN to INFO level (Closes gh-79)
Most of the time it is a benign latency effect so nothing to warn about.
2012-11-05 21:30:07 -05:00
Yaroslav Halchenko 1e12c220e6 minor: added a note on now "negative" log entries on "POSSIBLE BREAK-IN ATTEMPT" 2012-11-05 21:22:33 -05:00
Yaroslav Halchenko 6ecf4fd80a Merge pull request #64 from sourcejedi/remove_sshd_rdns
Misconfigured DNS should not ban *successful* ssh logins

Per our discussion indeed better (and still as "safe") to not punish users behind bad DNS
2012-11-05 18:20:37 -08:00
Yaroslav Halchenko b773ed617b DOC: minor "fixes" in DEVELOP 2012-11-05 21:12:03 -05:00
David Engeset 2d672d1c81 Added in while loop to process the Fail Manager after the requested banned IP was added to its queue. This solves the issue of needing to touch the log file that is being monitored to get the IP to be banned accordingly. Added in import of FailManagerEmpty exception class. 2012-11-05 20:38:40 -05:00
Yaroslav Halchenko f14c7ae401 ENH: refactored previous commit to make it more Pythonic (With prev commit closes gh-86, gh-81) 2012-11-05 20:37:06 -05:00
David Engeset 6288ec2757 Added in command option to unban and IP, just like using 'banip'. Command looks like: fail2ban-client set <jail name> unbanip <ip> 2012-11-05 20:11:28 -05:00
Yaroslav Halchenko 8e64c281dd BF: in code we should use MyTime wrapper instead of time module directly
to allow for some tests to work correctly
2012-11-05 20:09:15 -05:00
Yaroslav Halchenko 09355663f7 BF: (python 2.4) -- access to staticmethod should go via Class
TODO: get away from using all those staticmethods in f2b
2012-11-05 16:54:19 -05:00
Yaroslav Halchenko 5becaf8ef2 BF: (python 2.[45]) store backends names in a list to use .index later on (Closes gh-83)
.index() got into tuple's API only in 2.6
2012-11-01 15:34:20 -04:00
Yaroslav Halchenko 9510619b7b ENH: minor -- print out why skipping a backend while testing 2012-11-01 15:24:32 -04:00
Mark McKinstry 95de9c1a97 add support for the APF firewall 2012-10-18 11:17:04 -04:00
Yaroslav Halchenko 652b5a77e0 BF: fixing current version string to contain the patch index, i.e. ".1" Thanks Fabian Fischer 2012-10-10 08:39:18 -04:00
Yaroslav Halchenko 83109bce14 BF: escape the content of <matches> since its value could contain arbitrary symbols 2012-10-08 22:14:51 -04:00
Yaroslav Halchenko 6ee2c0a014 DOC: untabified for proper formatting + trailing spaces 2012-10-03 09:12:37 -04:00
Yaroslav Halchenko 282724a7f9 ENH: join both failregex for lighttpd-auth into a single one
they are close in meaning
should provide a slight run-time performance benefit
2012-09-30 11:30:24 -04:00
Yaroslav Halchenko cc5d410004 Merge pull request #77 from sciunto/lightty
Lighttpd: support auth.backend = "htdigest"
2012-09-30 08:28:12 -07:00
François Boulogne 958a1b0a40 Lighttpd: support auth.backend = "htdigest" 2012-09-30 13:27:21 +02:00
Yaroslav Halchenko 2a225aa6ee Added a warning within "complaint.conf" action about care with enabling it 2012-08-13 23:03:52 -04:00
Yaroslav Halchenko 2d66f31ef5 ENH: instead of "Invalid command" warning log exception why command failed 2012-08-02 19:48:59 -04:00
Yaroslav Halchenko 0b5c66fb59 Changelog for the fix -- will rerelease 0.8.7.1 2012-07-31 21:45:04 -04:00
Yaroslav Halchenko 6b7544a63a BF: removed sneaked a commented out sys.path.insert 2012-07-31 21:45:03 -04:00
Yaroslav Halchenko c06c504a8e Adjusted changelog to reflect the last change 2012-07-31 15:54:33 -04:00
Yaroslav Halchenko 2082fee7b1 ENH: match possibly present "pam_unix(sshd:auth):" portion for sshd (Closes: #648020) 2012-07-31 15:53:41 -04:00
Yaroslav Halchenko 2b885e07f4 Adjusted changelog to reflect the last change 2012-07-31 15:52:48 -04:00
Yaroslav Halchenko 6ad55f64b3 ENH: add wu-ftpd failregex for use against syslog (Closes: #514239) 2012-07-31 15:43:13 -04:00
Yaroslav Halchenko a512ea47d2 Adjusted changelog to reflect the last change 2012-07-31 15:33:30 -04:00
Yaroslav Halchenko 80b191c7fd BF: anchor chain name in actioncheck's for iptables actions (Closes: #672228) 2012-07-31 15:27:05 -04:00
Yaroslav Halchenko a3b242d6dd BF: inline comments must use ; not # -- recidive jail 2012-07-31 14:05:42 -04:00
Yaroslav Halchenko 99c0caa9cc Boosted version to 0.8.7 + few more comments 2012-07-31 12:32:25 -04:00
Yaroslav Halchenko da752aff14 perspective changelog for 0.8.7
Conflicts:
	ChangeLog
2012-07-30 14:50:43 -04:00
Yaroslav Halchenko 6495942550 DOC: minor (untabify, utf8) for ChangeLog 2012-07-30 13:57:00 -04:00
Yaroslav Halchenko dca5634717 Merge branch '_enh/test_backends' -- fixing inotify backend, RF backends, unittests
* _enh/test_backends:
  RF: reordered tests + enabled gamin now that its fix is pending in Debian
  ENH+BF: filtergamin -- to be more inline with current design of filterinotify
  ENH: 1 more sleep_4_poll to guarantee difference in time stamp
  ENH: few more delays for cases relying on time stamps
  ENH: tests much more robust now across pythons 2.4 -- 2.7
  BF+RF: pyinotify refreshes watcher upon CREATE, unified/simplified *(add|del)LogPath among *Filters
  ENH: fail2ban-testcases -- custom logging format to ease debugging, non-0 exit code in case of failure
  ENH: Filter's testcases -- rename, del + list again --- a bit unstable, might still fail from time to time
  BF: pyinotify -- monitor the parent directory for IN_CREATE + process freshly added file (Closes gh-44)
  ENH: first working unittest for checking polling and inotify backends
  RF/BF: just use pyinotify.ThreadedNotifier thread in filterpyinotify
  RF: filter.py -- single readline in a loop
  ENH: FilterPoll -- adjusted some msgs + allowed to operate without jail (for testing)
  Minor additional comment to DEVELOP
  ENH: extended test LogfileMonitor
2012-07-20 09:50:08 -04:00
Yaroslav Halchenko 481b1530d6 RF: reordered tests + enabled gamin now that its fix is pending in Debian
reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542361
2012-07-19 23:08:33 -04:00
Yaroslav Halchenko c6f5d854d3 ENH+BF: filtergamin -- to be more inline with current design of filterinotify 2012-07-19 23:07:43 -04:00
Yaroslav Halchenko 337f3f6f7b ENH: 1 more sleep_4_poll to guarantee difference in time stamp 2012-07-19 23:07:08 -04:00
Yaroslav Halchenko e9964846fa ENH: few more delays for cases relying on time stamps 2012-07-19 21:41:04 -04:00
Yaroslav Halchenko c0c1232c5f Merge branch 'master' into _enh/test_backends
* master:
  Ask users to report bugs to github's issues
  Replace "|" with "_" in ipmasq-ZZZzzz|fail2ban.rul (Closes gh-66)
2012-07-19 17:29:35 -04:00
Yaroslav Halchenko a1a67d34a9 ENH: tests much more robust now across pythons 2.4 -- 2.7
* needed additional sleeps for polling filter since that one relies on
  time-stamps and too rapid changes would not be caught by the
  PollFilter
* in python 2.4, time stamps are up to a second (int's) so sleeps longer
* test_new_bogus_file -- just to make sure that addition of new files
  does not alter our monitoring
2012-07-19 17:29:12 -04:00
Yaroslav Halchenko d9248a6cf8 BF+RF: pyinotify refreshes watcher upon CREATE, unified/simplified *(add|del)LogPath among *Filters
* all of the *Filters had too much of common logic in their *LogPath
  methods, which is now handled by FileFilter and derived classes only
  add custom actions in corresponding _(add|del)LogPath methods

pyinotify:

* upon CREATE event:
  - unknown files should not be handled at all
  - "watcher" for the monitored files should be recreated.
    Lead to adding _(add|del)FileWatcher helper methods
* callback now obtains full event to judge what to do
2012-07-19 17:26:09 -04:00
Yaroslav Halchenko b33ae8c194 Ask users to report bugs to github's issues 2012-07-19 14:51:46 -04:00
Yaroslav Halchenko 08564bda1a ENH: fail2ban-testcases -- custom logging format to ease debugging, non-0 exit code in case of failure 2012-07-19 13:30:55 -04:00
Yaroslav Halchenko 6ac9fd5d26 ENH: Filter's testcases -- rename, del + list again --- a bit unstable, might still fail from time to time 2012-07-19 13:30:01 -04:00
Yaroslav Halchenko 3c95121a8b BF: pyinotify -- monitor the parent directory for IN_CREATE + process freshly added file (Closes gh-44) 2012-07-19 13:28:48 -04:00
Yaroslav Halchenko 60260bce3d ENH: first working unittest for checking polling and inotify backends 2012-07-19 01:14:55 -04:00
Yaroslav Halchenko baa09098f0 RF/BF: just use pyinotify.ThreadedNotifier thread in filterpyinotify
that seems also to overcome the problem of often locking upon stop()
2012-07-19 01:14:02 -04:00
Yaroslav Halchenko 25674a95f8 RF: filter.py -- single readline in a loop 2012-07-19 01:10:59 -04:00
Yaroslav Halchenko b3614d4ea2 ENH: FilterPoll -- adjusted some msgs + allowed to operate without jail (for testing) 2012-07-19 01:08:34 -04:00
Yaroslav Halchenko 42523dce92 Minor additional comment to DEVELOP 2012-07-19 01:04:05 -04:00