Commit Graph

5229 Commits (43f699b872ab75132a2188be29706d602830254e)

Author SHA1 Message Date
sebres 9c7bd80807 fail2ban-regex: stop endless logging on closed streams (redirected pipes like `... | head -n 100`), exit if stdout channel is closed 2020-02-03 20:09:13 +01:00
sebres a7c68ea19f Merge branch '0.10' into 0.11 2020-01-28 21:47:55 +01:00
sebres 12b3ac684a closes #2615: systemd backend would seek to last known position (or `now - findtime`) in journal at start. 2020-01-28 21:45:30 +01:00
sebres cd42cb26d6 database: try to fix `out of sequence` error on some old platform / sqlite versions (#2613) - repack iterator as long as in lock (although dirty read has no matter here and only writing operations should be serialized, but to be sure and exclude this as source of that errors). 2020-01-27 12:57:29 +01:00
sebres 569dea2b19 filter.d/mysqld-auth.conf: capture user name in filter (can be more strict if user switched, used in action or fail2ban-regex output);
also add coverage for mariadb 10.4 log format (gh-2611)
2020-01-22 17:24:40 +01:00
sebres 9e6d07d928 testSampleRegexsFactory: `time` is not mandatory anymore (check time only if set in json), allows usage of same line(s) matching different `logtype` option:
`# filterOptions: [{"logtype": "file"}, {"logtype": "short"}, {"logtype": "journal"}]`
2020-01-22 17:19:35 +01:00
sebres 3befbb1770 improved wait for observer stop on server quit (second stop would force quit), this also cause reset db in observer (to avoid out of sequence errors) before database gets ultimately closed at end of server stop process (gh-2608) 2020-01-20 16:45:01 +01:00
Sergey G. Brester d2d3762ba9
Merge pull request #2605 from angeloc/0.11
Fixing --withouth-test install option
2020-01-16 13:45:49 +01:00
Angelo Compagnucci 5fa1f69264 setup.py: adding option to install without tests
Tests files are not always needed especially when installing on low
resource systems like an embedded one.
This patch adds the --without-tests option to skip installing the
tests files.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-01-16 12:28:42 +01:00
Angelo Compagnucci 3965d690b1 Revert "setup.py: adding option to install without tests"
Test should actually removed from the stup data in finalize_options
instead of being added back.

This reverts commit 9b918bba2f.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-01-16 12:05:13 +01:00
sebres 50fbcda8b6 Merge branch '0.10' into 0.11 2020-01-15 21:54:37 +01:00
sebres 8dc6f30cdd closes #2596: fixed supplying of backend-related `logtype` to the jail filter - don't merge it (provide as init parameter if not set in definition section), init parameters don't affect config-cache (better implementation as in #2387 and it covered now with new test) 2020-01-15 21:49:51 +01:00
sebres 9f701bb611 Merge branch '0.10' into 0.11 2020-01-15 13:26:46 +01:00
sebres 05f9e53660 Merge branch '0.10-invariant-improve' into 0.10 2020-01-15 13:26:15 +01:00
sebres d4c921c22a amend to 31b8d91ba2211595182d8d3fe6d89034b562aef0: tag `<family>` is normally dynamic tag (ticket related), so better to replace it this way (may avoid confusing if tag is used directly during restore sane env process for both families); conditional replacement is not affected here 2020-01-15 13:22:55 +01:00
sebres 8694c54728 increase test stack size to 128K (on some platforms min size is greater then 32K), closes gh-2597 2020-01-14 11:51:27 +01:00
sebres 70e47c9621 Merge branch '0.10' into 0.11 2020-01-14 11:44:35 +01:00
sebres ec37b1942c action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596) 2020-01-14 11:39:13 +01:00
sebres 31a6c8cf5d closes gh-2599: fixes `splitwords` for unicode string 2020-01-13 20:12:16 +01:00
sebres b158f83aa3 testIPAddr_CompareDNS: add missing network constraint (gh-2596) 2020-01-13 12:37:19 +01:00
sebres d004a2c79b release 0.11.1 -- This is the Way 2020-01-11 11:01:00 +01:00
sebres 27fb4790fb Merge branch '0.10' into 0.11 2020-01-10 15:17:54 +01:00
sebres b25d8565fc release 0.10.5 -- Deserve more respect a jedi's weapon must. Hrrrm, Yes 2020-01-10 13:34:46 +01:00
sebres 4e4bd43e5e small amend for d1b7e2b5fb2b389d04845369d7d29db65425dcf2: double usage string removed, spacing fixed
generate-man: small fixing (avoid ../bin in usage, version fix
2020-01-10 13:28:20 +01:00
sebres 4860d69909 Merge branch '0.10' into 0.11 2020-01-09 20:55:00 +01:00
sebres f77398c49d filter.d/sshd.conf: captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra` (with supplied user only) and `ddos`/`aggressive` mode (`normal` mode is not affected, used there just as a helper with `<F-NOFAIL>` to capture IP for multiline failures without IP);
closes gh-2115, gh-2362.
2020-01-09 20:53:53 +01:00
sebres d1b7e2b5fb fail2ban-regex - several enhancements and fixes:
- improved usage output (don't put a long help if an error occurs);
- new option `--no-check-all` to avoid check of all regex's (first matched only);
- new option `-o`, `--out` to set token provided in output (disables check-all and outputs only expected data);
- test cases optimized and extended
2020-01-09 16:59:13 +01:00
sebres dbc6590589 usage of failure-ID tag `<F-ID>...</F-ID>` causes raw handling automatically (avoid DNS-resolve for found ID) 2020-01-08 22:07:33 +01:00
sebres ac41b8f3be some logging level got changed between 0.10/0.11 (9 is lowest log level to capture messages in LogCaptureTestCase now) 2020-01-08 21:43:27 +01:00
sebres 587e4ff573 Merge branch '0.10' into 0.11
(conflicts resolved)
2020-01-08 21:27:23 +01:00
Sergey G. Brester a15832e773
Merge pull request #2588 from sebres/0.10-invariant-improve
0.10 auto-reban, improved invariant check and conditional operations
2020-01-08 21:04:42 +01:00
sebres f30b7ae244 update ChangeLog + spelling 2020-01-08 21:03:00 +01:00
sebres 17a34b1528 amend with missing parameter of actionreban in actionreader and coverage 2020-01-07 22:01:11 +01:00
sebres f001f8de2a automatic reban (repeat banning action) after repair/restore sane environment, if already logged ticket causes new failures (part of #980, closes #1680);
introduces banning epoch for actions and tickets (to distinguish or recognize removed set of tickets)
2020-01-07 21:28:32 +01:00
sebres 1a9bc1905d auto-detection of IPv6 subsystem availability (important for not on-demand actions or jails, like pass2allow) 2020-01-07 17:01:47 +01:00
sebres 125da61bda more cases covered, start in repair distinguish operations, on demand flag etc 2020-01-07 15:50:54 +01:00
sebres b7fe33483a coverage 2020-01-07 11:54:21 +01:00
sebres a527fbcae5 small amend: if not on-demand, the families should be specified (or default), also avoids error "dictionary changed size during iteration" 2020-01-06 21:44:19 +01:00
sebres 67fd75c88e pass2allow-ftp: inverted handling - action should prohibit access per default for any IP, so reset start on demand parameter for this action (will be started immediately). 2020-01-06 21:13:40 +01:00
sebres 165b7d6643 tests fixed, prepared for other conditional operations (for subnet usage), operations like repair/flush/stop considering started families (executed for started only) 2020-01-06 21:02:57 +01:00
sebres 3c42c7b9ef **not ready** testActionsConsistencyCheck fixed, but several **broken** tests (todo: fix public interface like action.start()/stop()). 2020-01-06 21:02:56 +01:00
sebres 31b8d91ba2 **not ready** amend with more tests (some issue on stop?) 2019-12-27 21:58:06 +01:00
sebres 8f6ba15325 avoid unhandled exception during flush, better invariant check (and repair), avoid repair by unban/stop etc... 2019-12-27 21:30:41 +01:00
Sergey G. Brester 690a0050f0
Merge pull request #2567 from Mart124/bitwarden
New jail, Bitwarden
2019-12-13 18:31:21 +01:00
sebres 5dd85bf4f8 Merge branch '0.10' into 0.11 2019-12-12 21:45:50 +01:00
sebres 7e98073014 amend to f3dbc9dda10e52610e3de26f538b5581fd905505: don't need truncate (if the name with \0 exceeds 16 bytes, the string is silently truncated by prctl). 2019-12-12 21:45:09 +01:00
sebres b2e8d610a0 small amend: adjust name of observer thread (more similar to other threads) 2019-12-12 21:31:26 +01:00
sebres 1bcb39c699 Merge branch '0.10' into 0.11 2019-12-12 21:29:13 +01:00
sebres f3dbc9dda1 set real thread names (used for identification and diagnostic purposes, e. g. top -H, ps -e -T, pstree, etc) 2019-12-12 21:28:16 +01:00
Mart124 e763c657c4
Let's get back to WRN 2019-11-27 00:32:10 +01:00