fbce121967
adjusted changelog revision, apparently I fell into a trap of unannotated tag for 0.9.0 release
2014-10-12 16:45:57 -04:00
6f4e542eff
Merge commit '0.9.0-252-g47441d1' into debian-releases/experimental
...
* commit '0.9.0-252-g47441d1':
BF: made tests util digest.py friendly to python3
2014-10-12 16:45:30 -04:00
47441d1383
Merge remote-tracking branch 'origin/master'
...
* origin/master:
RF: moving logwatch setup/sample logs under files/logwatch
ENH: print rebans stats even if no "Failures" are logged, and reduce indentation in output
ENH: untabified and reindented entire script for sane formatting (no functional changes)
BF: logwatch -- fixing up regex for 'already banned'
Sample logfiles to test logwatch services script
Adjusting fail2ban logwatch script to match lines from 0.9 as well
2014-10-12 16:44:24 -04:00
86a5f42f73
BF: made tests util digest.py friendly to python3
2014-10-12 16:40:29 -04:00
a33207bf87
changelog
2014-10-12 10:31:48 -04:00
eb6cc726ff
Merge branch 'debian-release/experimental' of https://github.com/schaal/fail2ban into debian-releases/experimental
...
* 'debian-release/experimental' of https://github.com/schaal/fail2ban :
Switch debian packaging to use python3
2014-10-12 10:26:48 -04:00
cb662e2368
Merge commit '0.9.0a2-814-g98dc084' into debian-releases/experimental
...
* commit '0.9.0a2-814-g98dc084':
tests: define CONFIG_DIR in utils.
forgot to add test case to last commit
adding test case, changelog and thanks entries for apache shellshock filter
adding jail conf for shellshock filter
adding filter to detect Shellshock attack attempts against bash scripts through apache. See http://seclists.org/oss-sec/2014/q3/650
Add apache filter for AH01630 client denied by server configuration
RF: moving logwatch setup/sample logs under files/logwatch
DOC: Changelog and THANKS for previous changes
RF: remove those two additional failregexes for the postfix
ENH: add empty ignoreregex to avoid a warning (Close #805 )
Update test cases and also suport smtps per request.
Add support for postfix/submission/smtpd matching.
ENH: print rebans stats even if no "Failures" are logged, and reduce indentation in output
ENH: untabified and reindented entire script for sane formatting (no functional changes)
BF: logwatch -- fixing up regex for 'already banned'
Sample logfiles to test logwatch services script
Adjusting fail2ban logwatch script to match lines from 0.9 as well
2014-10-12 10:26:36 -04:00
98dc0844ce
Merge pull request #782 from yarikoptic/bf/logwatch
...
logwatch file (original 1.5 version + fixes for change of logs in 0.9)
2014-10-10 22:15:57 -04:00
7d3e6e9935
code review, change log entries added;
2014-10-10 20:06:58 +02:00
73a06d55a8
reset share/cache storage (if we use 'reload' in client with interactive mode)
2014-10-10 18:50:24 +02:00
7f5d4aa7a6
normalize tabs/spaces in docstrings;
2014-10-10 16:59:40 +02:00
95bdcdecaa
cache-config-read-v2 merged;
...
logging normalized, set log level for loading (read or use shared) file(s) to INFO;
prevent to read some files twice by read inside "_getIncludes" and by "read" self (occurred by only one file);
2014-10-10 16:49:08 +02:00
02a46d0901
code review;
...
more stable config sharing, configurator always shares it config readers now;
2014-10-10 12:05:49 +02:00
e0eb4f2358
code review: use the same code (corresponding test cases - with sharing on and without it);
2014-10-10 02:47:42 +02:00
c35b4b24d2
rewritten caching resp. sharing of ConfigReader and SafeConfigParserWithIncludes (v.2, first and second level cache, without fingerprinting etc.);
2014-10-10 02:10:13 +02:00
37952ab75f
code review
2014-10-09 19:51:53 +02:00
f67053c2ec
ConfigReader/ConfigWrapper renamed as suggested from @yarikoptic;
...
+ code clarifying (suggested also);
2014-10-09 19:01:49 +02:00
f6723a12ff
Merge branch 'cache-config-read-820' into _tent/cache-config-read
2014-10-09 18:01:31 +02:00
b62ce14ccd
Partially merge remote-tracking from 'sebres:cache-config-read-820':
...
test cases extended, configurator.py adapted for test case.
2014-10-09 18:00:45 +02:00
0c5f11079c
ENH: keep spitting out logging to the screen in LogCaptureTestCases if HEAVYDEBUG
2014-10-09 10:47:00 -04:00
f31607ded1
test case for check the read of config files will be cached;
...
Conflicts:
fail2ban/tests/clientreadertestcase.py -- removed not needed
time in imports
2014-10-09 10:30:17 -04:00
51cae63bf0
more precise by test
2014-10-09 15:39:58 +02:00
4244c87802
ConfigWrapper class introduced: sharing of the same ConfigReader object between JailsReader and JailReader (don't read jail config each jail);
...
sharing of the same DefinitionInitConfigReader (ActionReader, FilterReader) between all jails using that;
cache of read a config files was optimized;
test case extended for all types of config readers;
2014-10-09 14:51:08 +02:00
2a54e61238
config cache optimized - prevent to read the same config file inside different resources multiple times;
...
test case: read jail file only once;
2014-10-08 15:44:32 +02:00
af4b48e841
test case for check the read of config files will be cached;
2014-10-07 14:37:40 +02:00
ce4f2d1c88
added filter for PortSentry with jail and samples
2014-10-04 15:08:12 +02:00
37acc6b832
ENH: Add dateTime format for PortSentry
...
Added dateTime format for PortSentry with EPOCH format
2014-10-04 14:55:22 +02:00
97e01985a8
Merge remote-tracking branch 'origin/master' into debian-release/experimental
2014-10-03 17:56:12 +02:00
3f9859a127
Switch debian packaging to use python3
2014-10-03 17:44:49 +02:00
d00af327c5
caching of read config files, to make start of fail2ban faster, see issue #820
2014-10-03 02:11:55 +02:00
05fcb1f104
Merge pull request #813 from schaal/tests-configdir-env-variable
...
tests: Add function to utils to calculate CONFIG_DIR
2014-10-01 14:19:26 -04:00
270ea363d3
tests: define CONFIG_DIR in utils.
2014-10-01 19:50:03 +02:00
b912d61ccb
Merge pull request #818 from slowriot/master
...
adding filter to detect Shellshock attack attempts with Apache
2014-09-29 09:32:21 -04:00
5d526bbeb1
forgot to add test case to last commit
2014-09-29 00:49:22 +01:00
7b5dc9f24f
adding test case, changelog and thanks entries for apache shellshock filter
2014-09-26 18:48:56 +01:00
fc5f729f01
adding jail conf for shellshock filter
2014-09-26 16:37:50 +01:00
4f636eb0e3
adding filter to detect Shellshock attack attempts against bash scripts through apache. See http://seclists.org/oss-sec/2014/q3/650
2014-09-26 16:25:07 +01:00
bfaf33b6ba
Merge pull request #812 from nickweeds/master
...
Issue #810 : Update apache-auth.conf filter to match AH01630: client denied by server configuration
2014-09-14 21:01:50 -04:00
2c158fe168
Add apache filter for AH01630 client denied by server configuration
2014-09-14 21:54:05 +01:00
caa851e5c8
RF: moving logwatch setup/sample logs under files/logwatch
2014-09-14 09:48:14 -04:00
8f521b8551
DOC: Changelog and THANKS for previous changes
2014-09-13 10:27:37 -04:00
0e1f8f7f39
RF: remove those two additional failregexes for the postfix
...
see comment
https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426
2014-09-13 10:25:27 -04:00
96c20c8379
Merge pull request #804 from pleasantone/master
...
Add support for postfix/submission/smtpd matching.
2014-09-13 10:24:06 -04:00
c58c4de9bc
ENH: add empty ignoreregex to avoid a warning ( Close #805 )
2014-09-13 10:18:37 -04:00
8b2f0678a7
Merge commit '0.9.0a2-792-g1864f75' into debian-releases/experimental
...
* commit '0.9.0a2-792-g1864f75': (113 commits)
Credits and notes from #806
fixed encoding
fixed encoding
ENH: Ignore errors while unbaning in symbiosis firewall
ENH: just a bit more descriptive exception ;-)
ENH/BF(TST): making permissions restrictive is not sufficient -- really remove file to test
changelog entry for postfix-sasl fix
added systemd configuration for postfix-sasl.conf
1.5 version of Fail2ban logwatch file
minor typo
Fxi jail.conf to use more syslog macros
ENH: symbiosis-blacklist-allports action
Fix typos.
changelog and thanks for the preceding fix
Added entry for Cloudflare action
ChangeLog Added and entry about Cloudflare action
Changed to Cloudflare JSON API
Fix sieve filter to use correct option
changelog entries for already merged and upcoming merge
Update courier-smtp.conf
...
2014-09-12 14:14:24 -04:00
ba44ff312b
grep IP at the start of lines
...
I'm not sure if this regex works best, so I'm patching this single file as a sample.
Don't forget to update `mail-whois-lines.conf` after this patch got merged.
For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
2014-09-09 14:55:34 +08:00
249e169d8e
Update test cases and also suport smtps per request.
2014-09-08 11:53:51 -07:00
1864f75b3b
Credits and notes from #806
2014-09-08 19:02:37 +10:00
d2c086b187
fixed encoding
2014-09-08 10:26:08 +02:00
218ffe862e
fixed encoding
2014-09-08 10:23:07 +02:00
Yaroslav Halchenko