fail2ban

Commit Graph

Author	SHA1	Message	Date
aresdr	412120ac3c	Update drupal-auth.conf Small fix for Drupal 8. D8 uses "Login attempt failed from" while D7 uses "Login attempt failed for". The referer part is a must currently, but some requests did not have one and are not failing.	5 years ago
sebres	6cff2bb007	Merge branch '0.11'	5 years ago
sebres	1588200274	Merge branch '0.10' into 0.11	5 years ago
sebres	b8e2b77265	Merge branch '0.10-extend-proto-banned' into 0.10	5 years ago
sebres	fa1ff4c5d8	assertSortedEqual: fixed sort of nested lists, switch default of nestedOnly to False (comparison of unsorted lists is rarely needed)	5 years ago
sebres	54b2208690	extends protocol/client with banned status (retrieve information whether an IP is banned and/or in which jails), implements FR gh-2725	5 years ago
sebres	0ae2ef68be	ensure iterator is safe (traverse over the list in snapshot created within a lock), avoids getting modified state as well as "dictionary changed size during iteration" errors	5 years ago
sebres	afb7a93163	amend to 368aa9e77570519b37fb57c9dbc5112d4c4b7382: fix time in gitlab test (GMT in log due to TZ-suffix `Z`, CEST in test-suite)	5 years ago
Sergey G. Brester	43f699b872	grammar / typos	5 years ago
Sergey G. Brester	368aa9e775	Merge pull request #2689 from benrubson/gitlab New Gitlab jail	5 years ago
Sergey G. Brester	f2aec43d8a	Merge pull request #2140 from szepeviktor/patch-9 CloudFlare started to indent their API responses	5 years ago
Sergey G. Brester	42aef09d69	Update ChangeLog	5 years ago
Sergey G. Brester	01e92ce4a6	added fallback using tr and sed (jq is optional now)	5 years ago
Sergey G. Brester	1c1b671c74	Update cloudflare.conf	5 years ago
Sergey G. Brester	5b8fc3b51a	cloudflare: fixes ip to id conversion by unban using jq normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)	5 years ago
Viktor Szépe	852670bc99	CloudFlare started to indent their API responses We need to use https://github.com/stedolan/jq to parse it.	5 years ago
Ilya	8b3b9addd1	Change tool from 'cut' to 'sed' Sed regex was tested - it works.	5 years ago
Ilya	5da2422f61	Fix actionunban Add command to remove new line character. Needed for working removing rule from cloudflare firewall.	5 years ago
Sergey G. Brester	fe84b158a5	Merge pull request #2703 from sebres/0.10-ipset-tout 0.10 / ipset timeout removal	5 years ago
Sergey G. Brester	da1652d0d7	Update ChangeLog	5 years ago
sebres	12be3ed77d	test cases fixed	5 years ago
sebres	87a1a2f1a1	action.d/-ipset.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only)	5 years ago
sebres	6b90ca820f	filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently: - `normal`: matches 401 with supplied username only - `ddos`: matches 401 without supplied username only - `aggressive`: matches 401 and any variant (with and without username) closes gh-2693	5 years ago
sebres	affd9cef5f	filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697)	5 years ago
sebres	06b46e92eb	jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead); no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357; ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686); don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.	5 years ago
sebres	7e3061e7ac	fail2ban.service systemd unit template: don't add user site directory to python system path (avoids accessing of `/root/.local` directory, prevents SE linux audit warning at daemon startup, gh-2688)	5 years ago
Sergey G. Brester	78651de7e5	Update ChangeLog	5 years ago
benrubson	2912bc640b	New Gitlab jail	5 years ago
sebres	136781d627	filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682)	5 years ago
sebres	d21a24de8e	more test cases for IP/DNS (and use dummies if no-network set by testing)	5 years ago
sebres	fc175fa78a	performance: optimize simplest case whether the ignoreip is a single IP (not subnet/dns) - uses a set instead of list (holds single IPs and subnets/dns in different lists); decrease log level for ignored duplicates (warning is too heavy here)	5 years ago
sebres	343ec1cdd2	test-causes: avoid host-depending issue (mistakenly ignoring IP 127.0.0.2 as own address) - replace loop-back addr with test sub-net addr (and disable ignoreself)	5 years ago
sebres	38b32a9a72	Merge branch '0.10' into 0.11	5 years ago
sebres	22a04dae05	Merge branch '0.9' into 0.10 (gh-2246)	5 years ago
Sergey G. Brester	b1e1cab4b7	Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2 Improve regex in proftpd.conf	5 years ago
sebres	606bf110c9	filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE (closes gh-2662)	5 years ago
sebres	6e570b8644	Merge branch '0.11'	5 years ago
sebres	5b16973f08	Merge branch '0.10' into 0.11	5 years ago
sebres	8547ea7ea0	resolve sporadic minor issue - check pending can refresh watcher (monitor) that gets deleting, and there may be no wdInt to delete	5 years ago
sebres	9905904bba	Merge branch '0.11'	5 years ago
sebres	00c5d33e45	Merge branch '0.10' into 0.11	5 years ago
sebres	b64a435b0e	ignore only not banned old (repeated and ignored) tickets	5 years ago
sebres	b43dc147b5	amend to RC-fix `9f1c6f1617` (gh-2660): resolves bottleneck by initial scanning of a lot of messages (or evildoers generating many messages) causes repeated ban, that will be ignored but could cause entering of "long" sleep in actions thread previously; speedup recognition banning queue has entries to begin check-ban process in actions thread	5 years ago
sebres	bc2b81133c	pyinotify backend: guarantees initial scanning of log-file by start (retarded via pending event if filter not yet active)	5 years ago
sebres	68f827e1f3	small optimization for manually (via client / protocol) signaled attempt (performBan only if maxretry gets reached)	5 years ago
sebres	4c22d4a801	Merge branch '0.11'	5 years ago
sebres	d42ec210cc	Merge branch '0.10' into 0.11	5 years ago
sebres	9f1c6f1617	filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)	5 years ago
sebres	ab363a2c0e	small amend with fix still one test (ban unexpected in this old artificial test-cases, todo - such tests should be rewritten or removed)	5 years ago
sebres	e3737bb7c0	filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)	5 years ago

1 2 3 4 5 ...

5274 Commits (412120ac3c3f1c9a3fa8c7676059ab2be0f87c6a) All Branches Search

5274 Commits (412120ac3c3f1c9a3fa8c7676059ab2be0f87c6a)

All Branches