sebres
9c7bd80807
fail2ban-regex: stop endless logging on closed streams (redirected pipes like `... | head -n 100`), exit if stdout channel is closed
2020-02-03 20:09:13 +01:00
sebres
a7c68ea19f
Merge branch '0.10' into 0.11
2020-01-28 21:47:55 +01:00
sebres
12b3ac684a
closes #2615 : systemd backend would seek to last known position (or `now - findtime`) in journal at start.
2020-01-28 21:45:30 +01:00
sebres
cd42cb26d6
database: try to fix `out of sequence` error on some old platform / sqlite versions ( #2613 ) - repack iterator as long as in lock (although dirty read has no matter here and only writing operations should be serialized, but to be sure and exclude this as source of that errors).
2020-01-27 12:57:29 +01:00
sebres
569dea2b19
filter.d/mysqld-auth.conf: capture user name in filter (can be more strict if user switched, used in action or fail2ban-regex output);
...
also add coverage for mariadb 10.4 log format (gh-2611)
2020-01-22 17:24:40 +01:00
sebres
9e6d07d928
testSampleRegexsFactory: `time` is not mandatory anymore (check time only if set in json), allows usage of same line(s) matching different `logtype` option:
...
`# filterOptions: [{"logtype": "file"}, {"logtype": "short"}, {"logtype": "journal"}]`
2020-01-22 17:19:35 +01:00
sebres
3befbb1770
improved wait for observer stop on server quit (second stop would force quit), this also cause reset db in observer (to avoid out of sequence errors) before database gets ultimately closed at end of server stop process (gh-2608)
2020-01-20 16:45:01 +01:00
Sergey G. Brester
d2d3762ba9
Merge pull request #2605 from angeloc/0.11
...
Fixing --withouth-test install option
2020-01-16 13:45:49 +01:00
Angelo Compagnucci
5fa1f69264
setup.py: adding option to install without tests
...
Tests files are not always needed especially when installing on low
resource systems like an embedded one.
This patch adds the --without-tests option to skip installing the
tests files.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-01-16 12:28:42 +01:00
Angelo Compagnucci
3965d690b1
Revert "setup.py: adding option to install without tests"
...
Test should actually removed from the stup data in finalize_options
instead of being added back.
This reverts commit 9b918bba2f
.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-01-16 12:05:13 +01:00
sebres
50fbcda8b6
Merge branch '0.10' into 0.11
2020-01-15 21:54:37 +01:00
sebres
8dc6f30cdd
closes #2596 : fixed supplying of backend-related `logtype` to the jail filter - don't merge it (provide as init parameter if not set in definition section), init parameters don't affect config-cache (better implementation as in #2387 and it covered now with new test)
2020-01-15 21:49:51 +01:00
sebres
9f701bb611
Merge branch '0.10' into 0.11
2020-01-15 13:26:46 +01:00
sebres
05f9e53660
Merge branch '0.10-invariant-improve' into 0.10
2020-01-15 13:26:15 +01:00
sebres
d4c921c22a
amend to 31b8d91ba2211595182d8d3fe6d89034b562aef0: tag `<family>` is normally dynamic tag (ticket related), so better to replace it this way (may avoid confusing if tag is used directly during restore sane env process for both families); conditional replacement is not affected here
2020-01-15 13:22:55 +01:00
sebres
8694c54728
increase test stack size to 128K (on some platforms min size is greater then 32K), closes gh-2597
2020-01-14 11:51:27 +01:00
sebres
70e47c9621
Merge branch '0.10' into 0.11
2020-01-14 11:44:35 +01:00
sebres
ec37b1942c
action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596)
2020-01-14 11:39:13 +01:00
sebres
31a6c8cf5d
closes gh-2599: fixes `splitwords` for unicode string
2020-01-13 20:12:16 +01:00
sebres
b158f83aa3
testIPAddr_CompareDNS: add missing network constraint (gh-2596)
2020-01-13 12:37:19 +01:00
sebres
d004a2c79b
release 0.11.1 -- This is the Way
2020-01-11 11:01:00 +01:00
sebres
27fb4790fb
Merge branch '0.10' into 0.11
2020-01-10 15:17:54 +01:00
sebres
b25d8565fc
release 0.10.5 -- Deserve more respect a jedi's weapon must. Hrrrm, Yes
2020-01-10 13:34:46 +01:00
sebres
4e4bd43e5e
small amend for d1b7e2b5fb2b389d04845369d7d29db65425dcf2: double usage string removed, spacing fixed
...
generate-man: small fixing (avoid ../bin in usage, version fix
2020-01-10 13:28:20 +01:00
sebres
4860d69909
Merge branch '0.10' into 0.11
2020-01-09 20:55:00 +01:00
sebres
f77398c49d
filter.d/sshd.conf: captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra` (with supplied user only) and `ddos`/`aggressive` mode (`normal` mode is not affected, used there just as a helper with `<F-NOFAIL>` to capture IP for multiline failures without IP);
...
closes gh-2115, gh-2362.
2020-01-09 20:53:53 +01:00
sebres
d1b7e2b5fb
fail2ban-regex - several enhancements and fixes:
...
- improved usage output (don't put a long help if an error occurs);
- new option `--no-check-all` to avoid check of all regex's (first matched only);
- new option `-o`, `--out` to set token provided in output (disables check-all and outputs only expected data);
- test cases optimized and extended
2020-01-09 16:59:13 +01:00
sebres
dbc6590589
usage of failure-ID tag `<F-ID>...</F-ID>` causes raw handling automatically (avoid DNS-resolve for found ID)
2020-01-08 22:07:33 +01:00
sebres
ac41b8f3be
some logging level got changed between 0.10/0.11 (9 is lowest log level to capture messages in LogCaptureTestCase now)
2020-01-08 21:43:27 +01:00
sebres
587e4ff573
Merge branch '0.10' into 0.11
...
(conflicts resolved)
2020-01-08 21:27:23 +01:00
Sergey G. Brester
a15832e773
Merge pull request #2588 from sebres/0.10-invariant-improve
...
0.10 auto-reban, improved invariant check and conditional operations
2020-01-08 21:04:42 +01:00
sebres
f30b7ae244
update ChangeLog + spelling
2020-01-08 21:03:00 +01:00
sebres
17a34b1528
amend with missing parameter of actionreban in actionreader and coverage
2020-01-07 22:01:11 +01:00
sebres
f001f8de2a
automatic reban (repeat banning action) after repair/restore sane environment, if already logged ticket causes new failures (part of #980 , closes #1680 );
...
introduces banning epoch for actions and tickets (to distinguish or recognize removed set of tickets)
2020-01-07 21:28:32 +01:00
sebres
1a9bc1905d
auto-detection of IPv6 subsystem availability (important for not on-demand actions or jails, like pass2allow)
2020-01-07 17:01:47 +01:00
sebres
125da61bda
more cases covered, start in repair distinguish operations, on demand flag etc
2020-01-07 15:50:54 +01:00
sebres
b7fe33483a
coverage
2020-01-07 11:54:21 +01:00
sebres
a527fbcae5
small amend: if not on-demand, the families should be specified (or default), also avoids error "dictionary changed size during iteration"
2020-01-06 21:44:19 +01:00
sebres
67fd75c88e
pass2allow-ftp: inverted handling - action should prohibit access per default for any IP, so reset start on demand parameter for this action (will be started immediately).
2020-01-06 21:13:40 +01:00
sebres
165b7d6643
tests fixed, prepared for other conditional operations (for subnet usage), operations like repair/flush/stop considering started families (executed for started only)
2020-01-06 21:02:57 +01:00
sebres
3c42c7b9ef
**not ready** testActionsConsistencyCheck fixed, but several **broken** tests (todo: fix public interface like action.start()/stop()).
2020-01-06 21:02:56 +01:00
sebres
31b8d91ba2
**not ready** amend with more tests (some issue on stop?)
2019-12-27 21:58:06 +01:00
sebres
8f6ba15325
avoid unhandled exception during flush, better invariant check (and repair), avoid repair by unban/stop etc...
2019-12-27 21:30:41 +01:00
Sergey G. Brester
690a0050f0
Merge pull request #2567 from Mart124/bitwarden
...
New jail, Bitwarden
2019-12-13 18:31:21 +01:00
sebres
5dd85bf4f8
Merge branch '0.10' into 0.11
2019-12-12 21:45:50 +01:00
sebres
7e98073014
amend to f3dbc9dda10e52610e3de26f538b5581fd905505: don't need truncate (if the name with \0 exceeds 16 bytes, the string is silently truncated by prctl).
2019-12-12 21:45:09 +01:00
sebres
b2e8d610a0
small amend: adjust name of observer thread (more similar to other threads)
2019-12-12 21:31:26 +01:00
sebres
1bcb39c699
Merge branch '0.10' into 0.11
2019-12-12 21:29:13 +01:00
sebres
f3dbc9dda1
set real thread names (used for identification and diagnostic purposes, e. g. top -H, ps -e -T, pstree, etc)
2019-12-12 21:28:16 +01:00
Mart124
e763c657c4
Let's get back to WRN
2019-11-27 00:32:10 +01:00