Allan Nordhøy
d7e320b96d
reverting linux indentation
2018-01-23 21:09:53 +01:00
Sergey G. Brester
3ac6166b48
Merge pull request #2027 from yarikoptic/bf-0.10-review
...
Minor spelling typos etc
2018-01-23 19:45:44 +01:00
Yaroslav Halchenko
527bb9a7c3
dos2unix for helpers-common.conf
...
Original report: http://bugs.debian.org/888110
2018-01-23 08:48:36 -05:00
Yaroslav Halchenko
ba2538ba04
DOC: minor typos spotted around comments etc
2018-01-22 21:39:56 -05:00
Yaroslav Halchenko
af2de7ff2f
RF: COND_FAMILIES - use tuple
...
no need for a dict where tuple would be preferable (deterministic order)
2018-01-22 21:08:44 -05:00
sebres
8cfd97a68f
skip a testRepairDb if no sqlite3 command-helper available; code review (removed unnecessary code-pieces resp. code-duplication)
...
closes #2026
2018-01-22 10:42:33 +01:00
sebres
9d5f20aab2
FilterPyinotify: fixed sporadic test-case error (multi-threaded) - 'NoneType' object has no attribute 'stop'.
2018-01-19 12:32:24 +01:00
sebres
9a38d5697f
bump version (0.10.2 -> 0.10.3.dev1)
2018-01-18 16:40:48 +01:00
sebres
a45488465e
prepare release: bump version, update ChangeLog, man's and MANIFEST etc.
2018-01-18 14:49:01 +01:00
sebres
81b61fe30c
ChangeLog update
2018-01-18 14:19:55 +01:00
sebres
f69e28adfc
action.d/pf.conf: compatibility fix - recognizes that parameter `port` specified as empty, with or without braces (should be more backwards compatible to 0.9 now).
2018-01-18 14:05:22 +01:00
sebres
ed22ddbbbb
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2018-01-17 16:42:56 +01:00
Sergey G. Brester
37f5a6975e
Merge pull request #2015 from BenediktSeidl/nginx-http-auth--spaces-fix
...
nginx-http-auth: match usernames with spaces
2018-01-17 16:40:54 +01:00
sebres
63e906b2c1
regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name
2018-01-17 16:35:32 +01:00
Benedikt Seidl
fed6c49c2d
nginx-http-auth: match usernames with spaces
...
# Conflicts:
# ChangeLog
2018-01-17 16:35:31 +01:00
Sergey G. Brester
9a8c4a9869
Merge pull request #2018 from riceru/patch-1
...
lighttpd-auth.conf: new log-format (http_auth -> mod_auth)
2018-01-17 12:14:38 +01:00
Sergey G. Brester
b6c6565a7e
regex updated using non-capturing groups
2018-01-16 14:23:47 +01:00
Sergey G. Brester
9a46590486
extended test-cases to cover new log-format (http_auth -> mod_auth)
2018-01-16 14:20:51 +01:00
riceru
6a1bbbf101
Update lighttpd-auth.conf
...
I have lighttpd 1.4.45 (Debian 9) and auth error log is different.
Now printing mod_auth and not http_auth.
I think that the change was in Lighttp 1.4.42
2018-01-16 12:39:55 +00:00
sebres
2b7b0da943
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2018-01-15 18:16:43 +01:00
sebres
2bce0c5e3e
file-filter's: provide stop function in order to explicitly delete/stop monitoring of each file.
2018-01-15 18:00:15 +01:00
sebres
81c86fa83f
Remove annoying error-message "rm_watch: cannot remove WD=2, Errno=Invalid argument (EINVAL)", logged from pyinotify-module if rm_watch called with non-existing watch file descriptor (probably multi-threaded issue by dual-remove).
...
Closes gh-1865
2018-01-15 17:12:07 +01:00
sebres
b644d2d73f
should fix sporadic coverage decrease (don't cover "return", because too sporadic to get idle in pyinotify-callback);
2018-01-11 20:23:22 +01:00
sebres
7516cd025d
fixed restoring sane environment (via stop/start) if invariant check failed: bypass possible errors in stop (if start/check succeeded hereafter);
...
test cases extended to cover such situation.
Closes gh-1997
2018-01-11 13:21:36 +01:00
Serg G. Brester
7e05976ead
action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now.
...
Closes #2000
2018-01-11 12:38:34 +01:00
sebres
29e1fe9479
micro-fix: delete temporary file (forgotten in test-case `test_move_dir` by reassign to directory)
2018-01-11 11:15:58 +01:00
Serg G. Brester
6251fcf5f7
Merge pull request #2014 from sebres/sshd-fix-connects-with-mult-pub-keys
...
stop ban of legitimate users with multiple public keys (e. g. git, etc)
2018-01-11 10:27:35 +01:00
sebres
1c0fc73e48
Update ChangeLog
2018-01-11 10:27:38 +01:00
sebres
2112145eb4
stop ban of legitimate users with multiple public keys (e. g. git, etc), thereby
...
differentiate between "invalid user" (going banned earlier) and valid users with public keys, for which the rejects of not valid public keys (failures) will be retarded up to "Too many authentication failures" resp. disconnect without success (accepted public key).
2018-01-10 19:07:20 +01:00
sebres
314e402fe0
filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)
2018-01-10 14:49:06 +01:00
sebres
c36fbdf743
test cases extended in order to cover `firewallcmd-ipset` with `allports`
2018-01-10 12:13:07 +01:00
sebres
c30144b37a
Merge branch '0.9' into 0.10
...
# Conflicts:
# config/action.d/firewallcmd-ipset.conf
# config/filter.d/asterisk.conf
# Merge-point after cherry-pick, no changes:
# fail2ban/client/jailreader.py
# fail2ban/helpers.py
2018-01-10 12:05:26 +01:00
Serg G. Brester
029cd5aa24
Update ChangeLog
2018-01-10 11:47:59 +01:00
Serg G. Brester
597a27576e
Merge pull request #1908 from GetPageSpeed/firewallcmd-ipset-allports
...
New ban mode `allports` for `firewallcmd-ipset`. Closes #1167
2018-01-10 11:43:44 +01:00
sebres
131b94e11e
firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage:
...
banaction = firewallcmd-ipset[actiontype="<allports>"]
2018-01-10 10:58:03 +01:00
Danila Vershinin
c190631f88
New ban action firewallcmd-ipset-allports. Closes #1167
2018-01-10 10:58:01 +01:00
sebres
3d9a112c8f
cherry-pick newer version of extractOptions, in order to avoid large discrepancy between 0.10 and 0.9 config-parsers:
...
allow to use dual parameter lists (coming through substitutions), e. g.: `name[p1=0, p2="..."][p3='...']`;
simplified explanation: `][` treats as `,` in new version.
cherry-picked from 0.10.
2018-01-10 10:57:59 +01:00
Serg G. Brester
82f8bd8639
Merge pull request #2011 from Yannik/patch-1
...
Fix filter not catching asterisk requests with quote character in username (fixes #2010 )
2018-01-10 09:27:29 +01:00
Serg G. Brester
f7e2d3610b
Update ChangeLog
2018-01-09 21:19:01 +01:00
Serg G. Brester
a1d1498561
Restore log-entries not affected by #2011
2018-01-09 21:13:02 +01:00
sebres
f6d0c86533
test cases extended: flush jail in database
2018-01-09 12:16:37 +01:00
sebres
2c69c0e7e5
flush jail in database: bulk remove of all IPs in the database (e. g. reload --unban).
2018-01-09 12:15:56 +01:00
Yannik Sembritzki
aab54bb0dd
don't replace normal test case with specialized test case
2018-01-08 22:29:43 +01:00
Yannik Sembritzki
94f0b15c32
Allow faster parsing of hosts without ' characters in them
2018-01-08 14:54:32 +01:00
Yannik Sembritzki
eaf5e88692
replace actual offenders ip with 1.2.3.4
2018-01-03 19:00:09 +01:00
Yannik Sembritzki
184202c6aa
remove duplicate testcase
2018-01-03 18:49:38 +01:00
Yannik Sembritzki
a53ee46ad4
add test for asterisk pjsip attack with quote in username
2018-01-03 18:48:11 +01:00
Yannik Sembritzki
b28dfb965a
Fix filter not catching asterisk requests with quote character in username ( fixes #2010 )
2018-01-03 18:39:30 +01:00
sebres
1e39c2600c
cherry-pick from 0.11: changes in updateDb because it can be executed after repair, and some tables can be missing.
2017-12-22 17:21:11 +01:00
sebres
277edd5fe5
amend to pull request #2004 : merge remote-tracking branch 'sebres/auto-repair-database' into 0.10
2017-12-22 16:21:22 +01:00