github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,675 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

4675 Commits (3fcb0a868d1a53ca42cd78fd477ce9f8c75427cc)

Author SHA1 Message Date
sebres 3fcb0a868d test-cases: availability of badips-service - avoid sporadic errors (like "The handshake operation timed out") during setup of tests 2019-02-22 14:07:11 +01:00
sebres 5126068099 loglevel and shortloglevel combined to single parameter loglevel, below an example logging summary with NOTICE and rest with DEBUG log-levels: 
action = badips.py[... , loglevel="debug, notice"]
 2019-02-22 14:05:19 +01:00
Ben RUBSON 34edec297b Add changelog entry 2019-02-22 13:33:08 +01:00
benrubson 689938ee99 Add a shortloglevel badips.py option 2019-02-22 13:32:46 +01:00
sebres 140243328f coverage: try to avoid sporadic "coverage decreased" in CI 2019-02-22 13:20:40 +01:00
Sergey G. Brester 7e46ceed7e
Merge pull request #2353 from Yannik/patch-3 
Add asterisk ipv6 test cases with and without port (related to #2317)
 2019-02-22 13:09:21 +01:00
sebres 3d7b072a15 covering short form of IPv6 (written-out full form of IPv6 is safe, no matter with or without square brackets) 2019-02-22 12:50:34 +01:00
Yannik Sembritzki 62acaae327 Add asterisk ipv6 test cases with and without port (related to #2317) 2019-02-22 12:43:07 +01:00
Sergey G. Brester d3f6d6ffdd
Merge pull request #2286 from crazy-max/0.10 
New filter `traefik-auth`
 2019-02-21 22:27:04 +01:00
Sergey G. Brester dcede9b3f1
comment rewritten (belongs to the filter) 2019-02-21 22:26:28 +01:00
Sergey G. Brester d84fb8a4b1
regex rewritten (more secure now, resolves catch-all vulni) 2019-02-21 22:19:04 +01:00
sebres 9ed35c423a Merge branch '0.9' into 0.10 (gh-2317) 2019-02-21 20:13:54 +01:00
Sergey G. Brester 5c44ca714f
Merge pull request #2317 from Yannik/patch-2 
Fix asterisk filter not catching attackers when port is logged (in pjsip module)
 2019-02-21 20:09:05 +01:00
sebres 883864c774 optimizes processing of server-configuration stream by start and reload (no interim outputs produced, several calls of get-functions avoided also). 2019-02-21 15:54:56 +01:00
sebres 34dba44816 MANIFEST: forgotten test file 2019-02-21 15:50:12 +01:00
Sergey G. Brester 487e19420e
Merge pull request #2351 from sebres/0.10-multi-ban-unban-in-jail 
fail2ban-client: multi ban/unban and attempt for set jail
 2019-02-21 15:42:00 +01:00
Sergey G. Brester a48d50efc0
Update ChangeLog 2019-02-21 14:37:07 +01:00
sebres fc92021211 coverage and few enhancements 2019-02-21 14:36:18 +01:00
sebres 2dd3c546dd small code review (normalization and duplicated codes removal) 2019-02-20 16:48:11 +01:00
sebres 00a6717953 fail2ban-client: extended with new feature which allows to inform fail2ban about single or multiple attempts (failure) for IP (failure-ID), syntax: 
set <JAIL> attempt <IP> [<failure1> ... <failureN>]
 2019-02-20 16:47:53 +01:00
sebres 84cec5e861 implements gh-2349: `fail2ban-client set jain banip/unbanip ip1 .. ipN` extended to ban/unban multiple tickets; 
reorganized banning facilities (addBannedIP moved from filter to actions in order to ban directly without implication of fail-manager in between.
 2019-02-20 14:56:00 +01:00
sebres e30ebb1f3b closes gh-2277: fixed and optimized cache facilities (operations on OrderedDict are not atomic); increased max-size of IPAddr cache; don't cache raw objects (it is fast enough). 2019-02-18 17:05:11 +01:00
sebres 14f997231d add test case to cover gh-2277, testOverflowedIPCache testing overflow of IP-cache multi-threaded (2 "parasite" threads flooding cache) 2019-02-18 16:56:43 +01:00
sebres 5a54a44559 provide more meaningful error-message if invalid `datepattern` set; 
fail2ban-regex: catch errors/exceptions by set of parameter, more verbose output if needed (`-v` or log-level `debug` would produce output of call-stack additionally).
 2019-02-12 14:36:40 +01:00
Sergey G. Brester c819a18a0a
Update ChangeLog 2019-02-11 19:15:11 +01:00
sebres e651bc7866 amend to #1622: jail-reader supports now multi-line option for multi-line action parameter: 
logpath = a.log
            b.log
            c.log
  action  = ban[...]
          = log[logpath="%(logpath)s"]
closes gh-2341, ultimate fix for gh-976
 2019-02-11 11:54:58 +01:00
sebres 89c611064d test-cases: be sure the test-files always written with new-line at end 2019-01-14 19:00:42 +01:00
Sergey G. Brester 4108e04ab4
Update ChangeLog 2019-01-07 01:50:44 +01:00
sebres a13fdcf4f7 closes gh-2314: extended regex for mysql 8.0.13 if used logging with details (e. g. log-error-verbosity = 3, so log output has few additional words enclosed in brackets after "[Note]"). 2019-01-07 01:34:12 +01:00
Sergey G. Brester 67247999ff
closes #2313: missing dependency to nftables.service 2019-01-06 17:03:09 +01:00
Yannik Sembritzki 547504873e
Add test case for new asterisk pjsip log syntax which includes the port 2019-01-03 23:59:38 +01:00
Yannik Sembritzki 6b4404b1bc
Fix asterisk filter not catching attackers when port is logged (Fixes #2316) 2019-01-03 23:55:42 +01:00
sebres c9ba695ba3 minor, no cover for 3.x (2.6 only) 2018-12-28 00:04:15 +01:00
sebres 4a4780be04 test-cases: prevent sporadic timing errors (unban if ban still not occurred) 2018-12-27 18:10:09 +01:00
sebres 0298c8a31e closes gh-2277: fixed cache-object clean-up process (if max-size reached) used multi-threaded (del can throw KeyError if get/unset changes the list); 
additionally OrderedDict is used now for cache (if available, so >= 2.7) - avoids (slow) search of expired items in full cache and always prefers older objects to remove (like FIFO).
 2018-12-27 18:07:23 +01:00
Alexander Koeppe df9b352bac Update information reg. ipdns.py as successor for dnsutils.py 2018-12-19 12:17:44 +01:00
Sergey G. Brester c540babfb6
matches not empty username only 2018-12-17 12:30:46 +01:00
CrazyMax 7cdabdd7ae
Update traefik-auth failregex 2018-12-14 19:06:09 +01:00
sebres c1ccabc1f9 fixed read of included config-files (`.local` overwrites options of `.conf` for config-files included with before/after) 2018-12-11 15:43:25 +01:00
sebres 9b96a7de89 fix of SafeConfigParserWithIncludes 2018-12-11 15:39:43 +01:00
sebres 0245777c84 SafeConfigParserWithIncludes: fixed read of included config-files (expands with localized version, so `inc.local` overwrites options of `inc.conf` for config-files included with before/after); 
added new test to cover this case.
 2018-12-11 14:48:48 +01:00
CrazyMax 90516d6b67
Add login success example for traefik-auth 2018-11-28 00:37:24 +01:00
CrazyMax a160c38211
Fix UTC Time mismatch 2018-11-24 23:16:27 +01:00
CrazyMax a8fbdd6a87
Fix UTC Time mismatch 2018-11-24 23:13:50 +01:00
CrazyMax a51f82770b
New filter `traefik-auth` 2018-11-24 22:44:44 +01:00
sebres 555b29e8e6 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-11-21 13:05:42 +01:00
Sergey G. Brester c40e4c7bad
Merge pull request #2279 from sebres/sshd-filter-gh-2239 
sshd filter enhancements (gh-2239)
 2018-11-21 11:50:32 +01:00
Sergey G. Brester 0ac5c8941c
Update ChangeLog 2018-11-20 12:39:38 +01:00
sebres 1c1d2cc435 introduces new failregex-flag tag `<F-MLFGAINED>` signaled that the access to service was gained (ATM used similar to <F-NOFAIL>, but does not added to matches); 
filter.d/sshd.conf: extended with new rules:
- Disconnecting ...: Change of username or service not allowed
- Disconnected from ... [preauth] (extra/aggressive mode only)
 2018-11-19 21:19:57 +01:00
Sergey G. Brester 189c3f964b
Merge pull request #2276 from dienteperro/patch-1 
"be" instead of "me" in shorewall.conf
 2018-11-15 21:47:33 +01:00