Commit Graph

5150 Commits (404dbc98d3817968c96401803c757e217e9da6a4)

Author SHA1 Message Date
sebres fa007bfa7c remove build folder, if created through setup-process in test 2017-11-24 12:57:55 +01:00
sebres eac80966c5 Fix scripts-root within `fail2ban.service` (relative install root-base directory).
This is amend for e3b061e94b.
Closes gh-1964
2017-11-24 12:54:45 +01:00
sebres 6db8db04f8 Merge branch 'master' into 0.10: fixed test-cases covering dns2ip (IP of www.epfl.ch changed) 2017-11-23 22:46:17 +01:00
sebres 5708b8b90e fixed test-cases covering dns2ip (IP of www.epfl.ch changed) 2017-11-23 22:42:51 +01:00
sebres 159957ab88 filter.d/sshd.conf: extended failregex for modes "extra"/"aggressive": now finds all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors;
obsolete (multi-line buffered) variant extended also.

Closes gh-1943, gh-1944
2017-11-23 22:21:42 +01:00
sebres 7e756da2b9 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-11-06 18:56:31 +01:00
Serg G. Brester 4cd3b2d4c9
Merge pull request #1955 from sebres/fix-initial-config
config/paths-*.conf: initial values and normalization
2017-11-06 18:30:13 +01:00
Serg G. Brester ee80c52430 Update ChangeLog 2017-11-03 14:15:54 +01:00
sebres eba68a8f37 config/paths-common.conf: Added initial values for `syslog_authpriv`, `syslog_mail` in order to avoid errors while parsing/interpolating configuration;
Note the systemd-backend does not need the logpath at all;
Some defaults normalized (minimized configs, don't need to overwrite values in distribution-related path if equal).
2017-11-03 14:15:07 +01:00
Serg G. Brester c06f3c3fb8
Merge pull request #1812 from jpotter/patch-1
Replace port imap3 with imap
2017-11-03 14:05:57 +01:00
Serg G. Brester 4d10c615c4
Update ChangeLog
typo
2017-11-03 14:05:17 +01:00
Serg G. Brester 8b26fd2778 Update ChangeLog 2017-11-03 14:03:47 +01:00
Serg G. Brester 9876dd44f9 replace port imap3 with imap everywhere, since imap3 is not a standard port and old rarely (if ever) used and missing on some systems
(see gh-1942)
2017-11-03 14:03:06 +01:00
Jeff Potter 4a2fc8b7e8 Include imap (port 143) in courier-auth ports
imap was missing from the list of ports, preventing fail2ban from blocking connections on standard IMAP port 143.
2017-11-03 14:01:19 +01:00
Serg G. Brester a87af7bf41
Merge pull request #1948 from itoffshore/alpine
gentoo-initd: add descriptions
2017-11-03 13:30:18 +01:00
Stuart Cardall 18d2761dc0 gentoo-initd: add descriptions
add descriptions to stop syslog errors for extra_started_commands when running:

rc-service ipset describe

Oct 28 15:13:30 xxxx daemon.warn /etc/init.d/fail2ban[26446]: ^[[1m^[[36mreload^[[m: no description
Oct 28 15:13:30 xxxx daemon.warn /etc/init.d/fail2ban[26447]: ^[[1m^[[36mshowlog^[[m: no description
2017-11-01 22:19:14 +01:00
sebres b615a98540 jail.conf: avoid overwriting of default value of the parameter `chain` of several actions (where default chain != INPUT);
test-cases extended to cover the same logic (use `<known/chain>` instead of fix value `INPUT`);
Closes gh-1949
2017-10-30 13:32:52 +01:00
Yaroslav Halchenko f3b3a41639 changelog on the change of location 2017-10-27 17:31:41 -04:00
Yaroslav Halchenko 67706bebb3 Merge commit 'github_szepeviktor_fail2ban/patch-9^' into debian
* commit 'github_szepeviktor_fail2ban/patch-9^':
  Monit files are moved
2017-10-27 17:30:04 -04:00
Serg G. Brester e07a8cda07 Update jail.conf
Documentation of parameters for action blocklist_de, closes gh-1940
2017-10-27 15:26:17 +02:00
Serg G. Brester 2409c4506a Merge pull request #1917 from martin61/patch-1
add ip6tables.service ipset.service in systemd unit
2017-10-20 12:39:46 +02:00
martin61 5db497017a add ip6tables.service ipset.service in systemd unit 2017-10-19 16:44:18 +02:00
Serg G. Brester 1a8fb6290d Merge pull request #1926 from sebres/0.10-pf-actionflush
action.d/pf.conf: wildcard anchoring example + bulk-unban with command `actionflush`
2017-10-19 16:35:46 +02:00
sebres 0e66e3cc57 Merge branch 'master' into 0.10
# Conflicts:
#	config/filter.d/asterisk.conf
2017-10-18 19:00:23 +02:00
Serg G. Brester 0aeb91d1e2 Merge pull request #1929 from miken32/patch-1
Remove invalid (vulnerable) regex using IP from foreign input (not the originator).
2017-10-18 18:54:43 +02:00
Serg G. Brester d81405adbc Update ChangeLog
typo
2017-10-18 18:52:55 +02:00
Serg G. Brester b6ab0aa83f Update ChangeLog
more detailed entry
2017-10-18 18:52:12 +02:00
Michael Newton 894a05b843 Update ChangeLog 2017-10-18 09:26:51 -07:00
Michael Newton 3f715e8577 Remove tests 2017-10-17 14:46:11 -07:00
Michael Newton d5d1fe679f Remove invalid regex
Resolves #1927
2017-10-17 14:44:23 -07:00
sebres a1b863fcf6 action.d/pf.conf: extended with bulk-unban, command `actionflush` in order to flush all bans at once (by stop jail, resp. shutdown of fail2ban) 2017-10-17 20:12:48 +02:00
sebres 667f48817b Merge pull request #1925 from sebres/0.10-fix-pf-multiport:
action.d/pf.conf: fix multiport syntax
2017-10-17 16:09:50 +02:00
sebres 3c4910a3e2 ChangeLog entry + note for possible incompatibility. 2017-10-17 16:06:39 +02:00
sebres 8726c9fb0a pf.conf: enclose ports in braces, multiple ports expecting this syntax `... any port {http, https}`.
Note this would be backwards-incompatible change (for the people already enclosing multiports in braces in jail.local).
closes gh-1915
2017-10-17 13:46:29 +02:00
Serg G. Brester c6029bbef6 Merge pull request #1919 from IdahoPL/IdahoPL-patch-1
Update pf.conf commet to fix syntax error
2017-10-17 12:40:51 +02:00
Łukasz Wąsikowski a4f94d2619 Update pf.conf
Fix comment, because current one won't work:

cat /etc/pf.conf
anchor f2b {
  sshd
}

# service pf reload
Reloading pf rules.
/etc/pf.conf:2: syntax error

New version:

cat /etc/pf.conf
anchor f2b {
  anchor sshd
}

# service pf reload
Reloading pf rules.
2017-10-17 12:39:25 +02:00
Serg G. Brester c42dd6941c Merge pull request #1921 from harry-wood/patch-1
typo
2017-10-16 10:50:11 +02:00
Harry Wood ea1b663f85 typo
spell "positive" (...but also somebody should finish this sentence)
2017-10-16 01:15:58 +01:00
sebres 028f32b74b bump version (0.10.1 -> 0.10.2.dev1) 2017-10-12 14:00:41 +02:00
sebres 351abeb4ff prepare release: bump version, update ChangeLog, man's and MANIFEST etc. 2017-10-12 13:46:46 +02:00
sebres ceff489a46 amend to a4459765ef438db83a2898ba832ff7acba033e29: irrelevant condition removed 2017-10-04 14:24:21 +02:00
sebres a4459765ef pyinotify/polling: test filter reaction by delete of watching file, better detection of pending file (avoid errors in fail2ban.log during log-rotation).
Closes gh-1865 for filterpyinotify ("cannot remove WD=2").
2017-10-04 14:17:00 +02:00
sebres e71f16f6ba Merge branch 'master' into 0.10
# Conflicts resolved:
#	config/filter.d/dovecot.conf
2017-10-04 09:57:18 +02:00
sebres ea36e1b3fc filter.d/dovecot.conf: fixed failregex to recognize pam_authenticate failures with "Permission denied" (gh-1897) 2017-10-04 09:55:37 +02:00
Serg G. Brester 32deb828a1 Merge pull request #1904 from sebres/no-dup-ignoreip-fix-1900
Avoid exact duplicates by addIgnoreIP (closes gh-1900)
2017-10-04 08:41:40 +02:00
sebres d1fad22ac1 Avoid exact duplicates by addIgnoreIP (closes gh-1900) 2017-10-02 15:59:14 +02:00
sebres 8c804a2290 Merge branch 'master' into 0.10
# Conflicts resolved:
#	config/filter.d/postfix-rbl.conf
#	config/filter.d/postfix-sasl.conf
#	config/filter.d/postfix.conf
#	fail2ban/tests/files/logs/postfix-sasl
2017-10-02 15:41:30 +02:00
sebres a2120a9de5 filter.d/postfix-*.conf - added optional port regex (closes gh-1902) 2017-10-02 15:31:55 +02:00
Serg G. Brester 6140a0f2d4 Merge pull request #1894 from sbraz/nftables-ipv6
Fix nftables actions for IPv6 addresses, fixes #1893
2017-09-13 09:14:39 +02:00
Serg G. Brester 6149df5216 Update ChangeLog 2017-09-12 09:27:16 +02:00