4244c87802
ConfigWrapper class introduced: sharing of the same ConfigReader object between JailsReader and JailReader (don't read jail config each jail);
...
sharing of the same DefinitionInitConfigReader (ActionReader, FilterReader) between all jails using that;
cache of read a config files was optimized;
test case extended for all types of config readers;
2014-10-09 14:51:08 +02:00
2a54e61238
config cache optimized - prevent to read the same config file inside different resources multiple times;
...
test case: read jail file only once;
2014-10-08 15:44:32 +02:00
af4b48e841
test case for check the read of config files will be cached;
2014-10-07 14:37:40 +02:00
ce4f2d1c88
added filter for PortSentry with jail and samples
2014-10-04 15:08:12 +02:00
37acc6b832
ENH: Add dateTime format for PortSentry
...
Added dateTime format for PortSentry with EPOCH format
2014-10-04 14:55:22 +02:00
97e01985a8
Merge remote-tracking branch 'origin/master' into debian-release/experimental
2014-10-03 17:56:12 +02:00
3f9859a127
Switch debian packaging to use python3
2014-10-03 17:44:49 +02:00
d00af327c5
caching of read config files, to make start of fail2ban faster, see issue #820
2014-10-03 02:11:55 +02:00
05fcb1f104
Merge pull request #813 from schaal/tests-configdir-env-variable
...
tests: Add function to utils to calculate CONFIG_DIR
2014-10-01 14:19:26 -04:00
270ea363d3
tests: define CONFIG_DIR in utils.
2014-10-01 19:50:03 +02:00
b912d61ccb
Merge pull request #818 from slowriot/master
...
adding filter to detect Shellshock attack attempts with Apache
2014-09-29 09:32:21 -04:00
5d526bbeb1
forgot to add test case to last commit
2014-09-29 00:49:22 +01:00
7b5dc9f24f
adding test case, changelog and thanks entries for apache shellshock filter
2014-09-26 18:48:56 +01:00
fc5f729f01
adding jail conf for shellshock filter
2014-09-26 16:37:50 +01:00
4f636eb0e3
adding filter to detect Shellshock attack attempts against bash scripts through apache. See http://seclists.org/oss-sec/2014/q3/650
2014-09-26 16:25:07 +01:00
bfaf33b6ba
Merge pull request #812 from nickweeds/master
...
Issue #810 : Update apache-auth.conf filter to match AH01630: client denied by server configuration
2014-09-14 21:01:50 -04:00
2c158fe168
Add apache filter for AH01630 client denied by server configuration
2014-09-14 21:54:05 +01:00
caa851e5c8
RF: moving logwatch setup/sample logs under files/logwatch
2014-09-14 09:48:14 -04:00
8f521b8551
DOC: Changelog and THANKS for previous changes
2014-09-13 10:27:37 -04:00
0e1f8f7f39
RF: remove those two additional failregexes for the postfix
...
see comment
https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426
2014-09-13 10:25:27 -04:00
96c20c8379
Merge pull request #804 from pleasantone/master
...
Add support for postfix/submission/smtpd matching.
2014-09-13 10:24:06 -04:00
c58c4de9bc
ENH: add empty ignoreregex to avoid a warning ( Close #805 )
2014-09-13 10:18:37 -04:00
8b2f0678a7
Merge commit '0.9.0a2-792-g1864f75' into debian-releases/experimental
...
* commit '0.9.0a2-792-g1864f75': (113 commits)
Credits and notes from #806
fixed encoding
fixed encoding
ENH: Ignore errors while unbaning in symbiosis firewall
ENH: just a bit more descriptive exception ;-)
ENH/BF(TST): making permissions restrictive is not sufficient -- really remove file to test
changelog entry for postfix-sasl fix
added systemd configuration for postfix-sasl.conf
1.5 version of Fail2ban logwatch file
minor typo
Fxi jail.conf to use more syslog macros
ENH: symbiosis-blacklist-allports action
Fix typos.
changelog and thanks for the preceding fix
Added entry for Cloudflare action
ChangeLog Added and entry about Cloudflare action
Changed to Cloudflare JSON API
Fix sieve filter to use correct option
changelog entries for already merged and upcoming merge
Update courier-smtp.conf
...
2014-09-12 14:14:24 -04:00
ba44ff312b
grep IP at the start of lines
...
I'm not sure if this regex works best, so I'm patching this single file as a sample.
Don't forget to update `mail-whois-lines.conf` after this patch got merged.
For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
2014-09-09 14:55:34 +08:00
249e169d8e
Update test cases and also suport smtps per request.
2014-09-08 11:53:51 -07:00
1864f75b3b
Credits and notes from #806
2014-09-08 19:02:37 +10:00
d2c086b187
fixed encoding
2014-09-08 10:26:08 +02:00
218ffe862e
fixed encoding
2014-09-08 10:23:07 +02:00
544cfaff2c
Add support for postfix/submission/smtpd matching.
2014-09-06 10:23:38 -07:00
0d9cfb84e3
Merge pull request #778 from yarikoptic/enh/symbiosis
...
ENH: symbiosis-blacklist-allports action
2014-08-20 23:00:11 -04:00
426ed7ff2f
Merge pull request #780 from opoplawski/logpath
...
Fxi jail.conf to use more syslog macros
2014-08-20 22:59:23 -04:00
b1c04f5fa2
ENH: print rebans stats even if no "Failures" are logged, and reduce indentation in output
2014-08-13 23:37:17 -04:00
decea64cf9
ENH: untabified and reindented entire script for sane formatting (no functional changes)
2014-08-13 23:28:03 -04:00
8b62353ab0
BF: logwatch -- fixing up regex for 'already banned'
2014-08-13 23:24:38 -04:00
3bd36ba40a
Sample logfiles to test logwatch services script
2014-08-13 23:15:31 -04:00
93243e7d57
ENH: Ignore errors while unbaning in symbiosis firewall
...
Fail2Ban at times "interfers" with the firewall reflashing thus leading
to the sporadic errors. IMHO should be safe to ignore
2014-08-12 11:57:07 -04:00
f756278fe5
ENH: just a bit more descriptive exception ;-)
2014-08-12 11:53:54 -04:00
12c3bf1058
Merge pull request #784 from yarikoptic/enh/testnologfile
...
ENH/BF(TST): making permissions restrictive is not sufficient
2014-08-12 11:49:51 -04:00
b2a1032f57
ENH/BF(TST): making permissions restrictive is not sufficient -- really remove file to test
2014-08-12 11:31:42 -04:00
3576c509f5
changelog entry for postfix-sasl fix
2014-08-12 11:08:39 -04:00
b4194fb1d1
Merge pull request #783 from maisonobe/master
...
added systemd configuration for postfix-sasl.conf
2014-08-12 11:05:55 -04:00
763115b1eb
added systemd configuration for postfix-sasl.conf
2014-08-11 21:54:27 +02:00
aee560b1c6
Merge branch 'master' of git://github.com/fail2ban/fail2ban
...
* 'master' of git://github.com/fail2ban/fail2ban:
1.5 version of Fail2ban logwatch file
Fix typos.
2014-08-11 13:10:02 -04:00
6fc04c2256
Merge branch 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban (with some tune up to Changelog entry)
...
* 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban :
ENH: cyrus-imap -- catch also 'user not found' attempts
BF: cyrus-imaps -- catch also for secured daemons
Conflicts:
ChangeLog
2014-08-11 13:09:43 -04:00
f403bad0ab
Merge pull request #775 from alimony/patch-1
...
Fix typos.
2014-08-11 13:08:30 -04:00
b0f26fa391
Adjusting fail2ban logwatch script to match lines from 0.9 as well
...
File itself includes additional log information about changes
2014-08-11 12:45:50 -04:00
7e902a1320
1.5 version of Fail2ban logwatch file
...
as copied from Debian package 7.4.0+svn20131108rev175-1
2014-08-11 12:44:46 -04:00
b79a82ebdd
minor typo
2014-08-08 15:57:41 -04:00
6b554fbe98
Fxi jail.conf to use more syslog macros
2014-08-08 13:27:32 -06:00
818dd59d65
ENH: symbiosis-blacklist-allports action
2014-08-08 11:57:30 -04:00
sebres