* master: (27 commits)
ENH: server.py -- addLogPath with tail=True
ENH: set/getFile for ticket.py -- found in source distribution of 0.8.4
NF: adding unittests for previous commit
ENH: removed expansion for few Date and Revision SVN keywords
ENH: sshd.conf -- allow user names to have spaces and trailing spaces in the line
Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557)
BF: return declaration of TABLE back (thanks to michaelberg79)
Update server/datetemplate.py
format output of matches data.
ENH: minor unittest to see if tickets carry correct 'matches'
ENH: introduced usa of Ticket.__matches throughout
ENH: added 'matches' to the Ticket(s) and deprecated "custom" constructors for derived *Tickets
ENH: modelines for emacs and vim to assure consistent indentation scheme (tabs)
ENH: failmanager -- additional debug message about # of known failures
ENH: rudimentary __str__ for the ticket
ENH: more human-accessible printout of the dates if any comparison fails
ENH: few debug messages and use MyTime.localtime instead of straight time.time
ENH: Added localtime() to MyTime
BF: set TZ to CEST while unittesting so dates matching would work
ENH: added a .pylintrc to help with consistent appearance and catch obvious problems
...
Conflicts:
MANIFEST -- wasn't present before due to base on source distribution
server/ticket.py -- strange conflict -- should be benign
e.g.
Sep 25 12:51:04 myhost kernel: [773580.832329] sshd[25557]: Invalid user pgsql from 91.203.223.206
This fixes the sshd filter on Fedora 15, and probably other filters on
other newish distros too.
* upstream:
for 0.8.5 release -- changelog + version
BF: use addfailregex instead of failregex while processing per-jail "failregex" parameter (Closes: #635830) (LP: #635036)
BF: use os.path.join to generate full path - fixes includes in configs given local filename
very minor -- uniform indentation in example
BF: use standard/reserved example.com instead of mail.com
ENH: Adding author for dovecot filter and prunning unneeded space in the regexp
* commit 'remotes/upstream-repo/tags/FAIL2BAN-0_8_5^':
for 0.8.5 release -- changelog + version
BF: use addfailregex instead of failregex while processing per-jail "failregex" parameter (Closes: #635830) (LP: #635036)
BF: use os.path.join to generate full path - fixes includes in configs given local filename
very minor -- uniform indentation in example
BF: use standard/reserved example.com instead of mail.com
ENH: Adding author for dovecot filter and prunning unneeded space in the regexp
Conflicts:
common/version.py -- my added copyright
* debian: (21 commits)
debian/jail.conf: got 'chain' parameter to be specified for iptables actions (Closes: #515599)
debian/jail.conf: closing " for protocol specification
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
BF: Allow for trailing spaces in proftpd logs
BF: escaping () in pure-ftpd filter. Thanks Teodor
BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
NF: Adding found on a drive filter.d/dovecot.conf
ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
ENH: dropbear filter: see http://bugs.debian.org/546913
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
ENH: adjusted description for sasl jail (Closes: #615952)
ENH: slight rewordings of the long description (Closes: #588176)
debian/copyright: updated copyright years
Boosted policy compliance version to 3.9.1 (no changes seems to be due)
spellcheck jail.conf. Thanks Christoph Anton Mitterer
spellcheck debian/jail.conf (Closes: #598206). Thanks Christoph Anton Mitterer
debian: default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
Tai64N stores time in GMT, we need to convert to local time before returning
...
* upstream-0.8:
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
BF: Allow for trailing spaces in proftpd logs
BF: escaping () in pure-ftpd filter. Thanks Teodor
BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
NF: Adding found on a drive filter.d/dovecot.conf
ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
ENH: dropbear filter: see http://bugs.debian.org/546913
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
It should be robust since /var/run/fail2ban is guaranteed to exist to carry the
socket file, and it will be owned by root (or some other dedicated fail2ban
user) thus avoiding possibility for the exploit
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605
* upstream-0.8:
spellcheck jail.conf. Thanks Christoph Anton Mitterer
default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
Tai64N stores time in GMT, we need to convert to local time before returning
debug entry for lines ignored due to falling below findtime (v2)
disabling entirely named-refused-udp jail with a big fat warning
added time module. bug reported in buanzo's blog at http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
* up/fixes:
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
BF: Allow for trailing spaces in proftpd logs (closes: #507986)
BF: be able to detect time for VNC recording only 2 letters of year (closes: #537610)
BF: escaping (). Thanks Teodor (Closes: #544744)
Conflicts:
config/filter.d/proftpd.conf
* upstream: (21 commits)
Imported Upstream version 0.8.4
- Release 0.8.4.
- Oups... Forgot the ChangeLog...
- Check the inode number for rotation in addition to checking the first line of the file. Thanks to Jonathan Kamens.
- Fixed typo. Thanks to Dudi Goldenberg.
added traceback to asyncserver.py's import.
Added item about logging subsystem shutdown being moved, to Changelog.
moved logging shutdown out of quit(), into end of start() in server.py
Disabled jail lighttpd-fastcgi by default.
- Added entry for "Ban IP" command.
added "Ban IP" command to fail2ban branch 0.8
- Added two new filters: lighttpd-fastcgi and php-url-fopen.
- Moved last entries in the config/ part.
added two new filter files (PHP url_fopen, lighttpd fastcgi alerts), updated MANIFEST and jail.conf accordingly
- Added svn:keywords property.
- Added helper module in common.
added 'unexpected communication error' fix to ChangeLog. Added formatExceptionInfo to server/asyncserver.py
added missing import sys to asyncserver.py
more readable code for python version comparison
added python version detection to asyncore.loop(use_poll=True|False)
...
* up/fixes:
Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557)
BF: Allow for trailing spaces in proftpd logs (closes: #507986)
* up/log_examples:
added sasl example log file
* debian:
Added a comment into Debian-shipped jail.conf about sasl logpath -- it might preferable to monitor warn.log in case of postfix
* up/ipmasq:
BF: removing minor bashism in ipmasq example file (closes: #530078). Thanks Raphael Geissert
* upstream:
- Use 80 columns.
- Fixed maxretry/findtime rate. Many thanks to Christos Psonis. Tracker #2019714.
- Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
- Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100% correct fix but seems to work. Tracker #2500276.
- Changed <HOST> template to be more restrictive. Debian bug #514163.
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953.
- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log (closes: #512193).
- Added missing semi-colon in the bind9 example. Thanks to Yaroslav Halchenko.
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115.
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
- Added CPanel date format. Thanks to David Collins. Tracker #1967610.
- Added nagios script. Thanks to Sebastian Mueller.
- Removed print.
- Removed begin-line anchor for "standard" timestamp. Fixed Debian bug #500824.
- Remove socket file on startup is fail2ban crashed. Thanks to Detlef Reichelt.
Conflicts:
config/filter.d/sshd.conf
server/filter.py
* commit 'upstream-repo/FAIL2BAN-0_8':
- Use 80 columns.
- Fixed maxretry/findtime rate. Many thanks to Christos Psonis. Tracker #2019714.
- Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
- Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100% correct fix but seems to work. Tracker #2500276.
- Changed <HOST> template to be more restrictive. Debian bug #514163.
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953.
- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log (closes: #512193).
- Added missing semi-colon in the bind9 example. Thanks to Yaroslav Halchenko.
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115.
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
- Added CPanel date format. Thanks to David Collins. Tracker #1967610.
- Added nagios script. Thanks to Sebastian Mueller.
- Removed print.
- Removed begin-line anchor for "standard" timestamp. Fixed Debian bug #500824.
- Remove socket file on startup is fail2ban crashed. Thanks to Detlef Reichelt.
Conflicts:
MANIFEST
TODO
Yaroslav Halchenko