Commit Graph

4914 Commits (2912bc640b3335bffe20d03afa74d84c7a3c4f56)
 

Author SHA1 Message Date
benrubson 2912bc640b New Gitlab jail
5 years ago
sebres 136781d627 filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682)
5 years ago
sebres d21a24de8e more test cases for IP/DNS (and use dummies if no-network set by testing)
5 years ago
sebres fc175fa78a performance: optimize simplest case whether the ignoreip is a single IP (not subnet/dns) - uses a set instead of list (holds single IPs and subnets/dns in different lists);
5 years ago
sebres 22a04dae05 Merge branch '0.9' into 0.10 (gh-2246)
5 years ago
Sergey G. Brester b1e1cab4b7
Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2
5 years ago
sebres 606bf110c9 filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE
5 years ago
sebres 8547ea7ea0 resolve sporadic minor issue - check pending can refresh watcher (monitor) that gets deleting, and there may be no wdInt to delete
5 years ago
sebres b64a435b0e ignore only not banned old (repeated and ignored) tickets
5 years ago
sebres b43dc147b5 amend to RC-fix 9f1c6f1617 (gh-2660):
5 years ago
sebres bc2b81133c pyinotify backend: guarantees initial scanning of log-file by start (retarded via pending event if filter not yet active)
5 years ago
sebres 68f827e1f3 small optimization for manually (via client / protocol) signaled attempt (performBan only if maxretry gets reached)
5 years ago
sebres 9f1c6f1617 filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)
5 years ago
sebres ab363a2c0e small amend with fix still one test (ban unexpected in this old artificial test-cases, todo - such tests should be rewritten or removed)
5 years ago
sebres e3737bb7c0 filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)
5 years ago
Sergey G. Brester 428c75d1cd
Merge pull request #2651 from fail2ban/0.10-travis-3.9-dev
5 years ago
Sergey G. Brester d4da9afd7f
Update ChangeLog
5 years ago
Sergey G. Brester 9d7388e684
Thread: is_alive instead of isAlive (removed in py-3.9)
5 years ago
Sergey G. Brester 55e76c0b80
restore isAlive method removed in python 3.9
5 years ago
Sergey G. Brester 781a25512b
travis CI: add 3.9-dev as target
5 years ago
sebres 42714d0849 filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it);
5 years ago
sebres 15158e4474 closes gh-2647: add ban to database is moved from jail.putFailTicket to actions.__CheckBan; be sure manual ban is written to database, so can be restored by restart; reload/restart test extended
5 years ago
sebres 6281dc3633 failmanager, ticket: avoid reset of retry count by pause between attempts near to findTime - adjust time of ticket will now change current attempts considering findTime as an estimation from rate by previous known interval (if it exceeds the findTime);
5 years ago
sebres 4766547e1f performance optimization of `datepattern` (better search algorithm);
5 years ago
Sergey G. Brester 2e42b98cd3
Merge pull request #2638 from gurnec/pypy-ulimit-fix
5 years ago
sebres 6c6cf2a956 small amend (avoid possible error by close of not existing pipe)
5 years ago
Christopher Gurnee df885586d4 close Popen() pipes explicitly for PyPy
5 years ago
sebres e57e950ef5 version bump (back to dev)
5 years ago
sebres ab3a7fc6d2 filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect
5 years ago
sebres b3644ad413 code normalization and optimization (strip of trailing new-line, date parsing, ignoreregex mechanism, etc)
5 years ago
sebres 91eca4fdeb automatically create not-existing path (last level folder only) for pidfile, socket and database (with default permissions)
5 years ago
sebres 14e68eed72 performance: set fetch handler getGroups depending on presence of alternate tags in RE (simplest variant or merged with alt-tags) in regex constructor
5 years ago
sebres 9137c7bb23 filter processing:
5 years ago
sebres 1492ab2247 improve processing of pending failures (lines without ID/IP) - fail2ban-regex would show those in matched lines now (as well as increase count of matched RE);
5 years ago
Sergey G. Brester ac8e8db814
travis: switch 3.8-dev to 3.8 (released)
5 years ago
Sergey G. Brester d7643fe538
Merge pull request #2630 from fail2ban/gh-2200-postfix
5 years ago
Sergey G. Brester 88cf5bcd93
Update postfix
5 years ago
Sergey G. Brester 774dda6105
filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth
5 years ago
Sergey G. Brester 34d63fccfe
close gh-2629 - jail.conf (action_blocklist_de interpolation): replace service parameter (use jail name instead of filter, which can be empty)
5 years ago
sebres 7a28861fc7 review of command line: more long-named options can be supplied via command line
5 years ago
sebres 3f48907064 amend to f3dbc9dda10e52610e3de26f538b5581fd905505: change main thread-name back to `fail2ban-server`;
5 years ago
sebres 9c7bd80807 fail2ban-regex: stop endless logging on closed streams (redirected pipes like `... | head -n 100`), exit if stdout channel is closed
5 years ago
sebres 12b3ac684a closes #2615: systemd backend would seek to last known position (or `now - findtime`) in journal at start.
5 years ago
sebres 569dea2b19 filter.d/mysqld-auth.conf: capture user name in filter (can be more strict if user switched, used in action or fail2ban-regex output);
5 years ago
sebres 9e6d07d928 testSampleRegexsFactory: `time` is not mandatory anymore (check time only if set in json), allows usage of same line(s) matching different `logtype` option:
5 years ago
sebres 8dc6f30cdd closes #2596: fixed supplying of backend-related `logtype` to the jail filter - don't merge it (provide as init parameter if not set in definition section), init parameters don't affect config-cache (better implementation as in #2387 and it covered now with new test)
5 years ago
sebres 05f9e53660 Merge branch '0.10-invariant-improve' into 0.10
5 years ago
sebres d4c921c22a amend to 31b8d91ba2211595182d8d3fe6d89034b562aef0: tag `<family>` is normally dynamic tag (ticket related), so better to replace it this way (may avoid confusing if tag is used directly during restore sane env process for both families); conditional replacement is not affected here
5 years ago
sebres ec37b1942c action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596)
5 years ago
sebres 31a6c8cf5d closes gh-2599: fixes `splitwords` for unicode string
5 years ago