benrubson
2912bc640b
New Gitlab jail
5 years ago
sebres
136781d627
filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682)
5 years ago
sebres
d21a24de8e
more test cases for IP/DNS (and use dummies if no-network set by testing)
5 years ago
sebres
fc175fa78a
performance: optimize simplest case whether the ignoreip is a single IP (not subnet/dns) - uses a set instead of list (holds single IPs and subnets/dns in different lists);
...
decrease log level for ignored duplicates (warning is too heavy here)
5 years ago
sebres
22a04dae05
Merge branch '0.9' into 0.10 (gh-2246)
5 years ago
Sergey G. Brester
b1e1cab4b7
Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2
...
Improve regex in proftpd.conf
5 years ago
sebres
606bf110c9
filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE
...
(closes gh-2662)
5 years ago
sebres
8547ea7ea0
resolve sporadic minor issue - check pending can refresh watcher (monitor) that gets deleting, and there may be no wdInt to delete
5 years ago
sebres
b64a435b0e
ignore only not banned old (repeated and ignored) tickets
5 years ago
sebres
b43dc147b5
amend to RC-fix 9f1c6f1617
(gh-2660):
...
resolves bottleneck by initial scanning of a lot of messages (or evildoers generating many messages) causes repeated ban, that will be ignored but could cause entering of "long" sleep in actions thread previously;
speedup recognition banning queue has entries to begin check-ban process in actions thread
5 years ago
sebres
bc2b81133c
pyinotify backend: guarantees initial scanning of log-file by start (retarded via pending event if filter not yet active)
5 years ago
sebres
68f827e1f3
small optimization for manually (via client / protocol) signaled attempt (performBan only if maxretry gets reached)
5 years ago
sebres
9f1c6f1617
filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)
5 years ago
sebres
ab363a2c0e
small amend with fix still one test (ban unexpected in this old artificial test-cases, todo - such tests should be rewritten or removed)
5 years ago
sebres
e3737bb7c0
filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)
5 years ago
Sergey G. Brester
428c75d1cd
Merge pull request #2651 from fail2ban/0.10-travis-3.9-dev
...
python 3.9 compatibility + CI
5 years ago
Sergey G. Brester
d4da9afd7f
Update ChangeLog
5 years ago
Sergey G. Brester
9d7388e684
Thread: is_alive instead of isAlive (removed in py-3.9)
5 years ago
Sergey G. Brester
55e76c0b80
restore isAlive method removed in python 3.9
5 years ago
Sergey G. Brester
781a25512b
travis CI: add 3.9-dev as target
5 years ago
sebres
42714d0849
filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it);
...
amend to 62b1712d22
(PR #2387 , backend-related option `logtype`);
testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)
5 years ago
sebres
15158e4474
closes gh-2647: add ban to database is moved from jail.putFailTicket to actions.__CheckBan; be sure manual ban is written to database, so can be restored by restart; reload/restart test extended
5 years ago
sebres
6281dc3633
failmanager, ticket: avoid reset of retry count by pause between attempts near to findTime - adjust time of ticket will now change current attempts considering findTime as an estimation from rate by previous known interval (if it exceeds the findTime);
...
this should avoid some false positives as well as provide more safe handling around `maxretry/findtime` relation especially on busy circumstances.
5 years ago
sebres
4766547e1f
performance optimization of `datepattern` (better search algorithm);
...
datetemplate: improved anchor detection for capturing groups `(^...)`; introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex;
datedetector: speedup special case if only one template is defined (every match wins - no collision, no sorting, no other best match possible)
5 years ago
Sergey G. Brester
2e42b98cd3
Merge pull request #2638 from gurnec/pypy-ulimit-fix
...
close Popen() pipes explicitly for PyPy
5 years ago
sebres
6c6cf2a956
small amend (avoid possible error by close of not existing pipe)
5 years ago
Christopher Gurnee
df885586d4
close Popen() pipes explicitly for PyPy
...
Waiting for garbage collection to close pipes opened by Popen() can
lead to "Too many open files" errors with PyPy; close them explicitly.
5 years ago
sebres
e57e950ef5
version bump (back to dev)
5 years ago
sebres
ab3a7fc6d2
filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect
5 years ago
sebres
b3644ad413
code normalization and optimization (strip of trailing new-line, date parsing, ignoreregex mechanism, etc)
5 years ago
sebres
91eca4fdeb
automatically create not-existing path (last level folder only) for pidfile, socket and database (with default permissions)
5 years ago
sebres
14e68eed72
performance: set fetch handler getGroups depending on presence of alternate tags in RE (simplest variant or merged with alt-tags) in regex constructor
5 years ago
sebres
9137c7bb23
filter processing:
...
- avoid duplicates in "matches" (previously always added matches of pending failures to every next real failure, or nofail-helper recognized IP, now first failure only);
- several optimizations of merge mechanism (multi-line parsing);
fail2ban-regex: better output handling, extended with tag substitution (ex.: `-o 'fail <ip>, user <F-USER>: <msg>'`); consider a string containing new-line as multi-line log-excerpt (not as a single log-line)
filter.d/sshd.conf: introduced parameter `publickey` (allowing change behavior of "Failed publickey" failures):
- `nofail` (default) - consider failed publickey (legitimate users) as no failure (helper to get IP and user-name only)
- `invalid` - consider failed publickey for invalid users only;
- `any` - consider failed publickey for valid users too;
- `ignore` - ignore "Failed publickey ..." failures (don't consider failed publickey at all)
tests/samplestestcase.py: SampleRegexsFactory gets new failJSON option `constraint` to allow ignore of some tests depending on filter name, options and test parameters
5 years ago
sebres
1492ab2247
improve processing of pending failures (lines without ID/IP) - fail2ban-regex would show those in matched lines now (as well as increase count of matched RE);
...
avoid overwrite of data with empty tags by ticket constructed from multi-line failures;
amend to d1b7e2b5fb2b389d04845369d7d29db65425dcf2: better output (as well as ignoring of pending lines) using `--out msg`;
filter.d/sshd.conf: don't forget mlf-cache on "disconnecting: too many authentication failures" - message does not have IP (must be followed by "closed [preauth]" to obtain host-IP).
5 years ago
Sergey G. Brester
ac8e8db814
travis: switch 3.8-dev to 3.8 (released)
5 years ago
Sergey G. Brester
d7643fe538
Merge pull request #2630 from fail2ban/gh-2200-postfix
...
filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth
5 years ago
Sergey G. Brester
88cf5bcd93
Update postfix
5 years ago
Sergey G. Brester
774dda6105
filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth
5 years ago
Sergey G. Brester
34d63fccfe
close gh-2629 - jail.conf (action_blocklist_de interpolation): replace service parameter (use jail name instead of filter, which can be empty)
5 years ago
sebres
7a28861fc7
review of command line: more long-named options can be supplied via command line
5 years ago
sebres
3f48907064
amend to f3dbc9dda10e52610e3de26f538b5581fd905505: change main thread-name back to `fail2ban-server`;
...
implements new command line option `--pname` to specify it by start of server (default `fail2ban-server`);
closes gh-2623 (revert change of main thread-name, because it can affect process-name too, so `pgrep` & co. may be confused)
5 years ago
sebres
9c7bd80807
fail2ban-regex: stop endless logging on closed streams (redirected pipes like `... | head -n 100`), exit if stdout channel is closed
5 years ago
sebres
12b3ac684a
closes #2615 : systemd backend would seek to last known position (or `now - findtime`) in journal at start.
5 years ago
sebres
569dea2b19
filter.d/mysqld-auth.conf: capture user name in filter (can be more strict if user switched, used in action or fail2ban-regex output);
...
also add coverage for mariadb 10.4 log format (gh-2611)
5 years ago
sebres
9e6d07d928
testSampleRegexsFactory: `time` is not mandatory anymore (check time only if set in json), allows usage of same line(s) matching different `logtype` option:
...
`# filterOptions: [{"logtype": "file"}, {"logtype": "short"}, {"logtype": "journal"}]`
5 years ago
sebres
8dc6f30cdd
closes #2596 : fixed supplying of backend-related `logtype` to the jail filter - don't merge it (provide as init parameter if not set in definition section), init parameters don't affect config-cache (better implementation as in #2387 and it covered now with new test)
5 years ago
sebres
05f9e53660
Merge branch '0.10-invariant-improve' into 0.10
5 years ago
sebres
d4c921c22a
amend to 31b8d91ba2211595182d8d3fe6d89034b562aef0: tag `<family>` is normally dynamic tag (ticket related), so better to replace it this way (may avoid confusing if tag is used directly during restore sane env process for both families); conditional replacement is not affected here
5 years ago
sebres
ec37b1942c
action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596)
5 years ago
sebres
31a6c8cf5d
closes gh-2599: fixes `splitwords` for unicode string
5 years ago