github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,422 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

5422 Commits (21dd3178702f57db6a7dd52207b9558ff91595e9)

Author SHA1 Message Date
sebres 91923b5c07 don't need to match identifier exactly (@ is precise enough as prefix), not capturing group; 
`prefregex` extended, more selective now (denied/NOTAUTH suffix moved from `failregex`, so no catch-all there anymore);
update ChangeLog
 2019-07-29 13:21:00 +02:00
Sergey G. Brester 5a3859c163 Update named-refused 2019-07-29 13:06:51 +02:00
Joe Horn 4395469226 Update named-refused.conf 
Log format changed since ver. 9.11.0
Ref. ftp://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html
"The logging format used for querylog has been altered. It now includes an additional field indicating the address in memory of the client object processing the query."
 2019-07-29 13:06:49 +02:00
Sergey G. Brester a395361de8
Merge pull request #2467 from sebres/logtype-option-rfc5424 
New option `logtype` value - `rfc5424`
 2019-07-24 00:02:04 +02:00
Sergey G. Brester 70280bfa12
Update ChangeLog 2019-07-24 00:00:24 +02:00
sebres 581f13c2db Merge branch '0.10' into 0.11 2019-07-22 19:07:15 +02:00
Sergey G. Brester d3b5befe44
update changelog (#2404) 2019-07-22 12:50:48 +02:00
Sergey G. Brester 0dfd4f1f41
Merge pull request #2404 from benrubson/badprotocol 
filter.d/sshd.conf: matches "Bad protocol version identification" in ddos and aggressive modes.
 2019-07-22 12:47:39 +02:00
Sergey G. Brester eb308d0fc8
add test for injection on version identification 2019-07-22 11:50:01 +02:00
Sergey G. Brester 119401fced
Merge pull request #2452 from benrubson/badips 
Badips key is only used to retrieve list
 2019-07-20 12:08:22 +02:00
Ben RUBSON a98315386d
Update zzz-sshd-obsolete-multiline.conf 2019-07-19 17:59:16 +02:00
Sergey G. Brester d5a5efcd5a
amend to #2174 for fail2ban.service, fix legacy path, closes gh-2474 2019-07-17 13:38:42 +02:00
sebres 0a209f01c2 Merge branch '0.10' into 0.11 2019-07-11 13:28:47 +02:00
Sergey G. Brester 7520d250b0
Merge pull request #2444 from sebres/gh-2392 
systemd-backend: switched default flags to SYSTEM_ONLY(4)
 2019-07-11 13:25:58 +02:00
sebres af611db859 Merge branch '0.10' into 0.11 2019-07-10 12:47:03 +02:00
sebres 5e980afbb8 filter.d/apache-noscript.conf: closes #2466 - matches "Primary script unknown" without "\n" (optional now) 2019-07-10 12:45:53 +02:00
sebres 62b1712d22 amend to #2387: 
- common.conf: rewritten using section-based handling round about option logtype;
- option `logtype` extended with `rfc5424` to cover RFC 5424 log-format (see #2309);
 2019-07-09 21:48:43 +02:00
sebres 439f97fc52 Merge branch '0.10' into 0.11 2019-07-09 20:07:59 +02:00
sebres 595054639b tests/samplestestcase.py: fixes retrieving of microseconds by epoch (and comparison within tests factory) 2019-07-09 20:07:14 +02:00
Sergey G. Brester 5bc8d73220
test_badips.py: parameter `key` is removed in #2452 2019-06-26 20:52:37 +02:00
benrubson 8b171f7d25 Badips key is only used to retrieve list 2019-06-26 18:34:20 +02:00
sebres 80f97eaf02 Merge branch '0.10' into 0.11 2019-06-26 17:29:08 +02:00
sebres 4a2f4226b8 testIpToName: fixed for reverse IP of google dns (resolving another name now), more dynamic now 2019-06-26 17:28:09 +02:00
Sergey G. Brester 8a386103c1
Update ChangeLog 2019-06-25 15:49:07 +02:00
Sergey G. Brester 978c2fa8dd
Merge pull request #2448 from sebres/norm-mail-actions 
Normalization of mailing actions
 2019-06-25 15:39:12 +02:00
sebres e751be2c13 normalize, simplify and fix several mail actions (mail and sendmail actions are more similar now, sendmail is configurable via parameter `mailcmd`, etc); 
added test covering sendmail-whois-lines
 2019-06-15 23:14:41 +02:00
sebres 3d04a99d25 fail2ban-regex: (verbose only) avoid errors by dump of real options (if filter doesn't have some optional parameter, like `datepattern`) 2019-06-15 22:08:31 +02:00
sebres 5045c4bb00 Merge branch '0.10' into 0.11 2019-06-12 16:28:57 +02:00
sebres 809e7c4e82 Merge pull request #2264 from girst/0.11 (rebased to 0.10) 2019-06-12 16:28:32 +02:00
girst a7dc3614c4 znc-adminlog: use `<ADDR>` instead of `<HOST>` 2019-06-12 16:26:34 +02:00
girst b288ccd6b6 new filter: znc-adminlog 2019-06-12 16:25:50 +02:00
sebres 2e7a600851 Merge branch '0.10' into 0.11 2019-06-12 11:44:05 +02:00
sebres 326f5d4e3f Merge fix of gh-2390 2019-06-12 11:43:07 +02:00
sebres 4c81338944 update ChangeLog (gh-2390) 2019-06-12 11:28:19 +02:00
sebres 22b9304562 action.d/badips.py: fix start of banaction on demand (which may be IP-family related), supplied action info with ticket instead of simulating it with dict; 
(closes gh-2390)
 2019-06-12 11:23:52 +02:00
sebres 9e44c30659 systemd-backend: switched default flags to SYSTEM_ONLY(4), that avoid to open the user session files, so can prevent "Too many open files" errors (like gh-2208) on a lot of user sessions; 
(following Orion's proposal in gh-2392)
 2019-06-12 00:42:01 +02:00
sebres 686a8bdc54 Merge branch '0.10' into 0.11 2019-06-12 00:13:39 +02:00
sebres 2725acb64b amend to 809acb69e5928c0e678ad25b43e53b567cb23a3b: extended to avoid the vice versa race (too many outdated tickets to unban) - max count of outdated tickets is restricted also. 2019-06-12 00:11:26 +02:00
sebres 03b2b79c41 Merge branch '0.10' into 0.11 2019-06-11 15:51:10 +02:00
sebres 3326ec95ce small amend (preparing to merge in 0.11): more precise test and avoid "expired bantime" (in 0.11) 2019-06-11 15:50:29 +02:00
sebres 93727abeb8 cherry-pick with_alt_time helper decorator from 0.11 2019-06-11 15:50:27 +02:00
sebres 809acb69e5 stability: avoid race condition - no unban if the bans occur continuously (e. g. banning action too slow, so new bans found each time during the default sleeptime); 
now unban will happen not later than 10 tickets get banned regardless there are still active bans available (precedence of ban is 10 now);
closes gh-2410
 2019-06-11 14:37:10 +02:00
sebres 0ed3a63151 Merge branch '0.10' into 0.11 2019-06-07 16:29:38 +02:00
sebres e5ae113215 filter.d/postfix.conf: extended with new postfix filter mode `errors` to match "too many errors" (gh-2439), 
also included within modes `normal`, `more` (`extra` and `aggressive`), since postfix
  parameter `smtpd_hard_error_limit` is default 20 (additionally consider `maxretry`)
 2019-06-07 16:14:02 +02:00
sebres 3b2f75414c filter.d/postfix.conf: extended regexp's to accept variable suffix code in status of postfix for precise messages (gh-2442) 2019-06-07 15:40:55 +02:00
sebres 3d4044084a Merge branch '0.10' into 0.11 2019-06-07 14:48:10 +02:00
sebres 8da9bfb83a Update ChangeLog (gh-2302, rebased to 0.10) 2019-06-07 14:47:43 +02:00
Sergey G. Brester 7dbd3a07eb cut comment to limit documented on abuseipdb, additionally use curl in quiet mode 2019-06-07 14:39:55 +02:00
Carlos Ferreira 7b73cb7639 Switch to AbuseIPDB API v2 2019-06-07 14:39:52 +02:00
sebres 759f7274f8 Merge branch '0.10' into 0.11 2019-06-05 12:28:44 +02:00