github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,494 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

4494 Commits (218905c924b4cde3408ebd7b399712f08ec33b19)

Author SHA1 Message Date
Serg G. Brester 733d0ef596 Merge pull request #1569 from sebres/_0.10/fix-fakegooglebot 
fixes deprecated DNSUtils.IsValidIP in fakegooglebot ignore command
 2016-10-06 12:15:49 +02:00
sebres 2d2d4cf185 amend to c2d2e79b0d48bf66b04c3772c2419f30a4b1f9db: fixed sporadically bug in getBanListExtendedCymruInfo: 
except dns.resolver.NXDOMAIN:
UnboundLocalError: local variable 'dns' referenced before assignment
 2016-10-05 15:43:39 +02:00
sebres 0ae932ba5e setup fix for python3, bypass directories (__pycache__) created after ignore command was tested 2016-10-05 15:29:56 +02:00
sebres fa8184d4cc fixes deprecated DNSUtils.IsValidIP in fakegooglebot ignore command + test covered now; 
Closes #1559
 2016-10-05 15:01:33 +02:00
sebres 973ac9a45c amend to c2d2e79b0d48bf66b04c3772c2419f30a4b1f9db: missing error variable in import block; 
additionally fixes forgotten skip for cymru server case, if --no-network specified);
Closes #1568
 2016-10-05 12:18:55 +02:00
sebres c2d2e79b0d ExtendedCymruInfo: better availability check (code review and timeout's); 
max sleep time check of too long sleep increased to 1 second (typo fix)
 2016-09-30 17:01:06 +02:00
sebres ee1727ecca Merge pull request #1563 from niklasf/fix-lazy-ipv6-regex (and sebres/fix-lazy-ipv6-regex) into 0.10 2016-09-30 13:34:54 +02:00
sebres 276759b6c2 ExtendedCymruInfo code review and availability check in test cases; 
max sleep time check of too long sleep increased to 1 second
 2016-09-30 13:19:00 +02:00
sebres 9bf8985e2a nginx-limit-req.conf: more precise failregex (word-boundary if `<HOST>` should be non-greedy for some reasons) 2016-09-30 12:33:43 +02:00
sebres 06674bb989 use common regex for IP addresses (removed code duplication) 2016-09-30 12:33:41 +02:00
Serg G. Brester ba9a88977f Merge pull request #1562 from sebres/_0.10/fix-stability-and-speed 
0.10/fix stability and speed optimization
 2016-09-30 12:14:51 +02:00
sebres 8b0f6c5413 badips test cases check availability of badips service (and skip this tests if it not available) 2016-09-30 12:03:27 +02:00
sebres 9a7c753372 fixes method-related filter for tests of suite loaded with loadTestsFromName (they may be a suite self) 2016-09-30 11:26:49 +02:00
Niklas Fiekas 057f2f3c56 make the ipv6 host regex greedy 
Previously the regex was lazily matching ``2606:2800:220:1:248:1893:25c8:1946``
as ``2606:2800:220:1:248:1893:25c8:1``.
 2016-09-30 11:08:07 +02:00
sebres 77ec9df678 standardize and normalize verbosity parameters for fail2ban-regex / fail2ban-testcases (-v ... -vvvv, or --verbosity=0..4) 2016-09-30 10:01:21 +02:00
sebres 2cfaf845ca standardize and normalize logging and verbosity formats, logging level etc between command lines (server, client, test-cases); 
test cases could pass (so increase) verbosity to the client (and furthermore client to the server also), usable for debug purposes resp. simplifying read of the log-file;
custom and precise numeric log-levels can be given in test cases now;
 2016-09-29 21:23:37 +02:00
sebres 62b8664175 speedup server start/stop (waiting for communicate, etc); 
extend server socket with timeouts, extend ping with timeout parameter;
 2016-09-29 21:11:54 +02:00
sebres 542419acab filtertestcase: use shorter sleep (almost just for the context switch here) 2016-09-29 21:08:27 +02:00
sebres b615ba49ff disengage testExecuteTimeout test-case from -fast option, just make it faster (timeout shorter) in this case 2016-09-29 21:08:25 +02:00
sebres b011cf17b2 increase performance of executeCmd (actions), thereby introduced new shorter interval for fast operations (leaves unchanged default wait operation intervals (sleep time, threshold interval) - for the same inertance, to save same system (load by many jails resp. log files); 
extends wait_for with callable timeout (test case fixed);
 2016-09-29 21:07:46 +02:00
sebres 310d4e224d Merge branch master (0.9) into 0.10 2016-09-29 19:46:11 +02:00
Serg G. Brester 8e3e333d54 Update ChangeLog 2016-09-27 14:17:45 +02:00
Serg G. Brester d9e1a4f547 Merge pull request #1556 from szepeviktor/master 
Monit config: scripting is not supported in path
 2016-09-27 14:16:52 +02:00
Serg G. Brester a0d8581a2c Merge pull request #1557 from sebres/_0.10/fix-reload-bug 
0.10/reload-and-more: reload without restart, stability and performance fixes
 2016-09-26 15:25:36 +02:00
sebres 5151c4fa6d ChangeLog entries added 2016-09-26 15:12:50 +02:00
sebres 5e4fdb60c8 extended test-cases (coverage) 2016-09-26 10:50:02 +02:00
sebres 449c46aec4 extended test-cases (coverage) 2016-09-23 15:21:23 +02:00
sebres 004879b5b1 code review: switch MAX_TIME to 0X7FFFFFFFFFFF (is enough, because 4461763-th year, but better performance) 2016-09-23 09:32:10 +02:00
sebres e00be5f308 Fixed sporadically error in testCymruInfoNxdomain, because of unsorted values: 
```
AssertionError: Dictionaries differ:
{'country': ['unknown', 'nxdomain'], 'asn': ['4565', 'nxdomain'], 'rir': ['other', 'nxdomain']} !=
{'country': ['nxdomain', 'unknown'], 'asn': ['nxdomain', '4565'], 'rir': ['nxdomain', 'other']}
```
Added assertDictEqual for compatibility to early python versions (< 2.7);
 2016-09-22 22:45:54 +02:00
sebres e7fa74b989 smaller inertance inside test-cases (amend to d153555a07 with decreasing default wait operation that litle bit speedup test-cases) 2016-09-22 22:45:52 +02:00
sebres ab0c28260b switch down log level for some annoying messages to tracedebug or heavydebug (to 7 or even 5); 
added verification of specified log-level before transmitting to the server;
numeric log-level allowed now in server (resp. fail2ban.conf);
 2016-09-22 22:44:46 +02:00
Viktor Szépe a406c6eb3a By the author: 
> Yes, scripting is not supported in path.

https://bitbucket.org/tildeslash/monit/issues/372/webadmin-shows-only-the-first-part-of#comment-27946048
 2016-09-22 20:29:26 +00:00
sebres 48ebe3e735 FilterPyinotify: high cpu load fix - timeout for pyinotify must be set in milliseconds (our time values are floats contain seconds); 2016-09-22 20:15:12 +02:00
sebres c0373a7158 repair typo bug in reloading for systemd-filter; 
JailThread get method `join` for safe usage of it, also for not started threads (test-cases or in case of error), that will be used for cleanup resp. wait purposes also (see join of pyinotify-filter);
 2016-09-22 19:00:54 +02:00
sebres d153555a07 increase default wait operation (sleep time, threshold interval) - avowedly greater inertance, but fewer system load by many jails resp. log files; 
waiting with `wait_for` extended with verifying of active flag;
implemented better error handling in some multi-threaded routines;
shutdown of jails rewritten (faster and safer, does not breaks shutdown process if some error occurred);
 2016-09-22 18:10:42 +02:00
sebres 35ce1166b6 allows to update some configuration options (read with config-readers) with command line option, e. g.: 
```bash
## start server with DEBUG log-level (ignore level read from fail2ban.conf):
fail2ban-client --loglevel DEBUG start
## or
fail2ban-server -c /cfg/path --loglevel DEBUG start
## keep server log-level by reload (without restart it)
fail2ban-client --loglevel DEBUG reload
## switch log-level back to INFO:
fail2ban-client set loglevel INFO
```
 2016-09-22 14:21:31 +02:00
Serg G. Brester 28e286cd2d Merge pull request #1551 from fail2ban/sebres-patch-fips-gh-1540 
filter.py: FIPS compliant fix (use sha1 instead of md5 if not allowed)
 2016-09-21 09:35:25 +02:00
sebres 0f1d1a0d4d ChangeLog: FIPS compliant 2016-09-21 09:22:18 +02:00
Serg G. Brester 1071db2256 filter.py: easy-fix to use sha1 instead of md5 if its usage prohibited by some systems following strict standards (like FIPS) 
closes gh-1540
 2016-09-20 00:00:26 +02:00
Serg G. Brester fad953ade6 Merge pull request #1544 from sebres/fix/vsftpd-gh-1543 
filter.d/vsftpd.conf: optional reason part in message after FAIL LOGIN
 2016-09-09 20:39:51 +02:00
sebres 20b92f3ead fail2ban-regex: build replacement of `<HOST>` substitution corresponding parameter `usedns` - now also in fail2ban-regex (amend) 2016-09-09 20:31:52 +02:00
sebres ebd864660a normalize usage of preferred encoding (and decode any to string); 
python 3.x compatibility (used uni_decode for string representation of stdout/stderr, unified test cases)
amend for #1542
 2016-09-09 20:29:55 +02:00
sebres e0347bb3a0 assertLogged extended with parameter wait (to wait up to specified timeout, before we throw assert exception) + test cases rewritten using that 2016-09-09 17:50:25 +02:00
sebres a20f325f80 database: stability fix - repack cursor iterator as long as locked 2016-09-09 17:36:01 +02:00
sebres f6197200a9 introduced new flag "banned" as property, used to recognize the ticket was really banned; 
get/set restored flag functions rewritten to property "restored" similar to "banned";
several code optimizations and tests extensions;
 2016-09-09 16:12:48 +02:00
sebres 2108216d33 file filter-backends: stability fix for sporadically errors - always close file handle, otherwise may be locked (prevent log-rotate, etc.) 2016-09-09 16:08:28 +02:00
sebres 4404642fa3 pyinotify-backend: stability fix for sporadically errors in multi-threaded environment (without lock) 2016-09-09 10:56:35 +02:00
sebres 8c4eebc3e3 reload actions amend, code review and test cases extended for update/start/stop of actions by reloading 2016-09-09 10:45:09 +02:00
sebres 9fb167b5e1 filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543 2016-09-09 09:20:15 +02:00
sebres 4fb511294e temp commit: reload now supported actions and action reloading (parameters, unban obsolete removed actions, etc.) 2016-09-08 23:56:32 +02:00