Louis Sautier
152c9d27d5
Fix nftables actions for IPv6 addresses, fixes #1893
...
* add [Init?family=inet6] to nftables-common.conf and make nftable
expressions more modular
* change "ip protocol" to "meta l4proto" in nftables-allports.conf
since the former only works for IPv4
2017-09-11 23:32:53 +02:00
Serg G. Brester
fbd46f29f2
Merge pull request #1891 from sbraz/openrc
...
Fix Gentoo init script's shebang
2017-09-11 12:24:10 +02:00
Serg G. Brester
72ad904f58
Update ChangeLog
2017-09-11 12:22:43 +02:00
Louis Sautier
2ce0ffb977
Fix Gentoo init script's shebang
...
Use openrc-run instead of runscript.
5d5856c193
2017-09-11 12:19:33 +02:00
Serg G. Brester
8be4569d51
Update ChangeLog
...
several fixes of 0.10th branch
2017-09-08 11:32:08 +02:00
sebres
b185e7cb04
Merge remote-tracking branch 'upstream/master' into 0.10
2017-09-08 11:11:05 +02:00
Serg G. Brester
983b128c54
Update ChangeLog
...
several fixes of 0.9th branch
2017-09-08 11:07:48 +02:00
Serg G. Brester
5221693ce0
Merge pull request #1889 from sebres/0.10-small-optim-review
...
0.10 small optimization & review, config-reader, pretty-dump, etc.
2017-09-08 10:57:27 +02:00
sebres
462b534469
restrict saving of previous known values to section-related (don't overwrite with the values of other sections, especially like "INCLUDES", etc.)
2017-09-07 20:00:45 +02:00
sebres
e20f6204d3
don't put parameters starting with `known/` to the ready stream (intermediate options only), makes streams and dumps of configuration shorter and better readable
2017-09-07 19:32:14 +02:00
sebres
b698a74902
introduces new command-line options `--dp`, `--dump-pretty` to dump the configuration using more human readable representation;
...
allow dump of configuration, also if log-file is not available (warning only)
2017-09-07 19:31:38 +02:00
Serg G. Brester
fd83260bd8
jail "pass2allow-ftp" should supply blocktype to action
...
closes gh-1884
2017-09-07 18:51:08 +02:00
Serg G. Brester
bb97e66627
Merge pull request #1882 from coderua/patch-1
...
Add Jorgee Vulnerability Scanner protect
2017-09-07 15:52:31 +02:00
Serg G. Brester
99a9a9136e
Merge pull request #1887 from fail2ban/exim-gh-1886
...
filter.d/exim.conf: fixed failregex for case of flood attempts with `D=0s`
2017-09-07 15:47:20 +02:00
Serg G. Brester
db121a6f85
Update exim
...
Test case covers flood attempts with `D=0s`
2017-09-07 15:32:35 +02:00
Serg G. Brester
2cd02b731b
filter.d/exim.conf: fixed failregex for case of `D=0s`
...
Closes gh-1886
2017-09-07 15:28:46 +02:00
sebres
4bc226a692
optimized regex
2017-09-05 10:59:16 +02:00
Vladimir Chumak
fafefc0293
Add Jorgee Vulnerability Scanner protect
...
Details for Jorgee Vulnerability Scanner: https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30164
2017-09-05 10:56:43 +02:00
sebres
acd9e8155b
Merge pull request #1376 from j-marz/master:
...
Added ZoneMinder filter
2017-09-04 11:52:10 +02:00
sebres
4163f32968
small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include
2017-09-04 11:48:01 +02:00
john
ac95449bbb
changed zoneminder regex as per Sebres and yarikoptic recommendations
2017-09-04 11:37:09 +02:00
john
7013729a1f
removed redundant options for zoneminder from jail.conf
2017-09-04 11:37:05 +02:00
john
5c3a666380
fixed incomplete regex after adding anchors
2017-09-04 11:37:03 +02:00
john
3d45fd2713
implemented yarikoptic's suggestions in fail2ban pull request #1376
2017-09-04 11:37:00 +02:00
john
776d463e92
added missing colon to failJSON
2017-09-04 11:36:58 +02:00
john
4d8ba7b668
fixed test log file
2017-09-04 11:36:55 +02:00
john
44c4496e49
added sample log files
2017-09-04 11:36:53 +02:00
john
08878d22dd
added zoneminder.conf filter
2017-09-04 11:36:50 +02:00
john
a90f6c4ae8
added zoneminder jail and filter
...
# Conflicts:
# config/jail.conf
2017-09-04 11:36:47 +02:00
sebres
c312962029
filter.d/dovecot.conf: partially cherry-pick to 0.9 PR #1880 from sebres/0.10-fix-dovecot-regex ( d926e11a5c
)
...
fixed failregex (without new mode aggressive)
2017-09-01 10:57:41 +02:00
Serg G. Brester
d926e11a5c
Merge pull request #1880 from sebres/0.10-fix-dovecot-regex
...
filter.d/dovecot.conf: fixed failregex + new mode aggressive
2017-09-01 10:36:22 +02:00
sebres
2cfc53c08e
remove capturing groups
2017-09-01 10:25:09 +02:00
sebres
9b8563f35e
- fixes regex for message `imap-login: Disconnected (auth failed, X attempts) ...` has to many variations on additional info after `<HOST>`,
...
leave it end-anchored because variable part `user=<[^>]*>` (before `<HOST>`) to avoid injecting, but can be safe rewritten using `[^>]*` in opposite to "greedy" `user=<[^>]*>`.
- introduces mode `aggressive` and extends regex for this mode to match:
* no auth attempts (previously removed in gh-601, because of lots of false positives on misconfigured MTAs)
* disconnected before auth was ready
* client didn't finish SASL auth
2017-09-01 09:56:21 +02:00
Serg G. Brester
a287d0a05c
Merge pull request #1872 from kmzby/master
...
Added filter for phpMyAdmin+syslog
2017-08-25 12:22:58 +02:00
Serg G. Brester
569283063b
Merge pull request #1874 from sebres/fix-f2b-setup
...
setup.py: fix several setup facilities
2017-08-25 12:22:31 +02:00
Pavel Mihadyuk
4c1abe1cbf
phpmyadmin-syslog: removed excess file, fixed test, updated failregex
2017-08-23 16:56:18 +03:00
sebres
f451cf34b3
don't check return code by dry-run: returns 256 on some python/setuptool versions.
2017-08-23 13:20:51 +02:00
sebres
e3b061e94b
- `files/fail2ban.service` renamed as template to `files/fail2ban.service.in`;
...
- setup process generates `build/fail2ban.service` from `files/fail2ban.service.in` using distribution related bin-path;
- bug-fixing by running setup with option `--dry-run` (note: specify option `--dry-run` before `install`, like `python setup.py --dry-run install`);
- test cases extended to cover dry-run.
2017-08-23 13:01:29 +02:00
Pavel Mihadyuk
d09304b897
phpmyadmin-syslog: added default jail config
2017-08-22 19:00:48 +03:00
Pavel Mihadyuk
41994fcb56
Added filter for phpMyAdmin+syslog (>=4.7.0)
2017-08-22 18:46:40 +03:00
Pavel Mihadyuk
5b4bc2aafd
Added filter for phpMyAdmin+syslog (>=4.7.0). Closes #1713
2017-08-22 18:20:01 +03:00
sebres
1d5fbb95ae
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2017-08-18 15:44:22 +02:00
Serg G. Brester
124e5587c6
Merge pull request #1869 from sebres/fix-gh-1389
...
action.d/bsd-ipfw.conf: replace not posix-compliant grep option
2017-08-18 15:43:05 +02:00
Serg G. Brester
b0e5efb631
bsd-ipfw.conf: sh-compliant redirect of stderr together with stdout
2017-08-18 15:26:09 +02:00
sebres
3be32adefb
Replace not posix-compliant grep option: fgrep with `-q` option can cause 141 exit code in some cases (see gh-1389).
2017-08-18 14:37:29 +02:00
sebres
8e6b4346dc
avoid using "ANSI_X3.4-1968" as preferred encoding, if missing environment variables 'LANGUAGE', 'LC_ALL', 'LC_CTYPE', and 'LANG'
...
(especially critical if default value `encoding = auto` configured).
As PoC and coverage (this case fails without this "fix"):
$ env -i PATH="$PATH" bin/fail2ban-testcases --fast --no-network testAddBanInvalidEncoded
2017-08-18 13:41:58 +02:00
Jacques Distler
f84e58e769
Tweaks to action.d/pf.conf
...
Document recent changes.
Add an option to customize the pf block rule (surely, what the user
really wants, here, is "block quick").
2017-08-18 13:31:34 +02:00
sebres
69a6d0e653
amend to 10c0d954017fac270bf1c568e4b02e94d5949b58: order in cymru-info can variate on each level,
...
sorted using key=str (otherwise `['nxdomain', u'US'] != ['US', 'nxdomain']` may occur on some python versions).
2017-08-16 21:23:42 +02:00
sebres
a3c6bb601d
Fixes version, causes "UserWarning: Normalizing '0.10.1dev1' to '0.10.1.dev1'" during setup-process.
2017-08-16 20:50:33 +02:00
sebres
72bd666797
Fixes representation of IPAddr (likely the string representation, enclosed in single-quotes).
2017-08-16 20:50:06 +02:00