github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,675 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

4675 Commits (3fcb0a868d1a53ca42cd78fd477ce9f8c75427cc)

Author SHA1 Message Date
Sergey G. Brester d9525ad3aa
Update ChangeLog 2018-04-04 16:47:18 +02:00
Luis Aranguren fc76ccf192 Fixes abuseipdb curl cypher error and comment $f2bV_matches 
Fixed https://github.com/fail2ban/fail2ban/issues/2044 #2044
and used https://github.com/fail2ban/fail2ban/issues/2039 to fix comment in abuseipdb.com only showing $f2bV_matches
 2018-04-04 16:39:16 +02:00
Sergey G. Brester 7bbc26d67e
Merge pull request #2097 from benrubson/sni 
Detect Apache SNI error / misredirect attempts
 2018-04-04 16:31:38 +02:00
Sergey G. Brester 28ae32f0ca
Update ChangeLog 2018-04-04 16:31:14 +02:00
sebres 02bae2962d fixed test cases: www.epfl.ch seems to change again the static IP address, tests rewritten using dynamic mechanism (via resolver). 2018-04-04 15:24:59 +02:00
benrubson bd74f7ba8b Detect Apache SNI error / misredirect attempts, typos 2018-04-04 00:20:58 +02:00
sebres e786dbf132 New logging parameter `padding`, default enabled, excepting the SYSLOG (for backwards compatibility purposes); 
Closes gh-2099.
 2018-04-03 17:58:17 +02:00
sebres 8423f017e7 Merge branch 'sshd-ddos-mode-closed-preauth' into 0.10 2018-04-03 14:12:35 +02:00
Sergey G. Brester 4ee7af742a
Merge pull request #2090 from sebres/fix-sshd-filter-suff 
sshd, multi-line failures, alternate groups capture, etc.
 2018-04-03 14:08:46 +02:00
sebres 4ee07adde6 Merge branch '0.10' into fix-sshd-filter-suff 
# Conflicts resolved:
#	fail2ban/server/filter.py
 2018-04-03 13:30:57 +02:00
sebres 50d7c649ba Skip several test-cases of systemd backend, if journal seems to be not available (e. g. no rights to read journal); 
Closes gh-2100
 2018-04-03 12:39:37 +02:00
sebres fd0471927d badips: increase age for /list/cat in the test-cases (default 24h is too short, so the tests can sporadic fail) 2018-04-03 11:53:03 +02:00
sebres 4963295729 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-04-03 11:43:58 +02:00
benrubson 30dc22fb2e Detect Apache SNI error / misredirect attempts 2018-03-29 11:36:49 +02:00
Sergey G. Brester 088192ea9f
Merge pull request #1960 from comradekingu/patch-1 
https, "Fail2Ban", other language improvements
 2018-03-22 11:44:50 +01:00
Sergey G. Brester 9710c8c996
minor fix with reindent 2018-03-22 11:43:15 +01:00
sebres 218905c924 performance optimization: findFailure, search regex etc, handling with buffer/tuple-lines optimized (especially multi-regex resp. multi-lines filters) 2018-03-22 10:16:40 +01:00
Sergey G. Brester 67df796f93
Merge pull request #2088 from sebres/fix-gh-2073 
filter.d/apache-noscript.conf: extended to match "Primary script unknown", got from php-fpm module
 2018-03-21 09:56:38 +01:00
sebres 79019967a7 datepattern: fix epoch/long-epoch name, if custom pattern specified 2018-03-20 23:34:18 +01:00
Sergey G. Brester 6dc9c23a25
fixed typo in pragma-comment 2018-03-20 23:14:43 +01:00
Sergey G. Brester 80725ae870
Update sshd 
comment/minimalistic: no functional change
 2018-03-20 19:02:44 +01:00
sebres e5735b9951 ChangeLog updated 2018-03-20 18:54:25 +01:00
sebres 4f6532f810 filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode it causes failure now on closed within preauth stage; 
at least using both modes can ban port-scanners and prevent for other annoying "intruders", closing connection within preauth-stage (see gh-2085 for example).
 2018-03-20 18:54:22 +01:00
sebres cd7f1354c6 remove end-anchors for expressions that are precise enough (with clear flow, simple branches, without catch-all's, etc.) 2018-03-20 18:47:42 +01:00
sebres ed7d5d8ea1 ChangeLog updated 2018-03-20 16:04:42 +01:00
sebres c31eb1c562 quick optimization: normalizes pam-generic prefregex (more similar to the same regex within sshd-filter) + datepattern anchored now; 2018-03-20 16:00:21 +01:00
sebres 4129f940bb revert non-empty incremental multi-line failure merge (just simply overwrite method used ATM); 
revert sshd test case (better to use last given failure-id, so ipv6 instead ipv4, e. g. because of some wrong multi-line-id recognition);
improved output on AssertionError in samples-testcase factory.
 2018-03-20 15:27:59 +01:00
sebres 25cc42129a hold all user names affected by interim attempts in order to avoid forget a failures after success login: 
intruder (as legitimate user) firstly tries to login with another user-name (brute-force), so hopes to reset failure counter by succeeded login;
this is fixed and covered in tests now;
sshd-filter extended to cover multiple-login attempts (also fully implements gh-2070);
 2018-03-20 13:09:05 +01:00
sebres a9c94686b6 fixed multiple regexs matched 2018-03-20 09:09:42 +01:00
sebres 5603055a58 failregex: introduced capturing alternate groups, for example non-empty values of `alt_user_1`, `alt_user_2` will overwrite `user` if it is empty (or `alt_host` -> `host`, etc.) 2018-03-20 09:05:02 +01:00
sebres 8028d3940d amend with better match of optional suffix-groups; 
remove end-anchors for expressions are precise enough (with clear flow, simple branches, without catch-all's, etc.);
 2018-03-19 17:29:26 +01:00
sebres 66d2436f21 filter.d/sshd.conf: extend suffix with optional port, move it to `prefregex` at end outside of the content 2018-03-19 16:50:49 +01:00
sebres 7b3442c4e2 amend to 185cb998e7c7f2509830bed4a9f2fe6179f77e7b: capture error prefix outside of the failure content; 2018-03-19 14:53:56 +01:00
sebres 185cb998e7 make `prefregex` more precise in order to avoid catch the content for non failure lines 2018-03-19 14:38:47 +01:00
sebres 8763cf0a36 ChangeLog updated 2018-03-19 14:26:51 +01:00
sebres e8ffab28fb filter.d/apache-noscript.conf: extended to match "Primary script unknown", got from php-fpm module. 2018-03-19 14:23:24 +01:00
Sergey G. Brester 20fffc44c1
Merge pull request #2087 from sebres/fix-recidive-by-syslog 
filter.d/recidive.conf: fixed if logging into systemd-journal (SYSLOG)
 2018-03-19 14:08:46 +01:00
sebres a6fb33bdec filter.d/recidive.conf: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069 2018-03-09 13:56:38 +01:00
sebres 2e533a3a3a better handling of default date templates (bounds, replacement using own expressions `...{DATE}...`, etc.) 2018-03-09 13:54:04 +01:00
sebres ce6ca0029a minimize log output in trace case (index instead of full-regexp by "matched" log-line) 2018-03-07 16:27:42 +01:00
sebres a3739bbf27 trim name and add one space after padding 2018-03-07 16:25:54 +01:00
sebres 71b19d9eba stability of time-related test-cases: a bit increased timeouts; code normalization, review and coverage 2018-03-07 15:25:27 +01:00
Sergey G. Brester 92f19d0604
Merge pull request #2067 from fail2ban/sebres-fix-hostdeny-ipv6 
action.d/hostdeny.conf: fixes IPv6 syntax
 2018-03-07 12:35:07 +01:00
sebres 5b63ad17c6 stability of the test-cases: avoid echoing of server-ready in configure thread, if heavy-debug (only answer from new internal command "server-status"). 2018-03-05 21:54:18 +01:00
Sergey G. Brester b16aafe233
Update ChangeLog 2018-03-05 19:42:05 +01:00
Sergey G. Brester b34ae5999e
action.d/hostdeny.conf: fixes IPv6 syntax 
differentiate the IPv4 and IPv6 syntax (where it is enclosed in square brackets)
 2018-03-05 19:35:10 +01:00
sebres cfc3979c84 Merge branch '0.10' with 'socket-stability-fix' 2018-03-02 21:40:13 +01:00
sebres 1bdda6c8eb cache coverage 2018-03-02 21:39:13 +01:00
sebres 96836cb199 fix several errors (shutdown in test-cases during stop communication, better error handling by unpickle/deserialization, etc) 2018-03-02 21:39:08 +01:00
sebres 29bedd70d5 socket stability and coverage: cherry picked from 0.11 version (avoid many sporadic unhandled exceptions) 2018-03-02 21:31:19 +01:00