github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,801 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

5801 Commits (48c91dfb6bd8478968c226d0c6ca965bdce2768d)

Author SHA1 Message Date
sebres ed135b6a93 changelog entries (gh-3438, gh-3132) 2023-01-11 18:30:37 +01:00
sebres 582436aadf don't add subnets to local addresses of `ignoreself` from network interfaces, use only IPs instead (subnets may be too heavy and not wanted, todo: make it configurable later) 2023-01-11 18:27:44 +01:00
sebres cb8674e68a amend with few improvements, IPv6IsAllowed prefers IPs from network interfaces (if available for platform) and uses DNS (socket.getaddrinfo) as a fallback only 2023-01-10 12:20:48 +01:00
sebres 09c23fd5b8 try to obtain local addresses from network interfaces before DNS to IP lookup (closes gh-3132); 
DNSUtils.getSelfIP returns IPAddrSet now (because own IPs may be the subnets now, so the check `ignoreself` must check whether any of subnets contains the IP)
 2023-01-09 21:52:12 +01:00
sebres d8a9812adc improve auto detection of IPv6 - try to check sysctl net.ipv6.conf.all.disable_ipv6 (prefer value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`) 2023-01-09 16:21:36 +01:00
sebres 58834b6734 better auto-detection for IPv6 support (`allowipv6 = auto` by default); circumvent SF in some python's socket module by getaddrinfo with disabled IPv6 (closes gh-3438) 2023-01-06 14:50:25 +01:00
Sergey G. Brester 432e7e1e93
no warning if no config value but default (debug message now) 
closes #3420
 2022-11-28 13:21:15 +01:00
Sergey G. Brester bd6e7aeff0
Merge pull request #2112 from al42and/dante 
Create filter for Dante SOCKS server
 2022-11-18 12:43:44 +01:00
Sergey G. Brester efbbcb41ea
non capturing group 2022-11-18 12:32:15 +01:00
Sergey G. Brester 996553f330
review, simplify regex and capture user name 2022-11-18 12:31:11 +01:00
Andrey Alekseenko df91b047d2 Dante SOCKS server: handle "1 byte/second" case 
Thanks to @Loriowar and @sebres for pointing it out
 2022-11-17 23:22:56 +01:00
Andrey Alekseenko 05c162ef10 Create filter for Dante SOCKS server 2022-11-17 23:22:55 +01:00
Sergey G. Brester ae5fe2e003
amend to #3405, eliminate catch-all 2022-11-15 14:29:59 +01:00
sebres 36af3f2502 Merge branch 'gh-3405' 2022-11-15 14:23:28 +01:00
sebres a58fcb8786 fix cut out of match for pattern with `{EPOCH}` (similar to other datepatterns group capturing whole regex only added if no groups specified at all); 
allows to specify more precise anchored patterns, for example `datepattern = ^type=\S+ msg=audit\(({EPOCH})` for selinux-filters
 2022-11-14 19:28:18 +01:00
sebres cbb097a2b3 small amend (non capturing group) 2022-11-14 18:56:01 +01:00
sebres 82506f0586 filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new format with GS and additional parameters, e. g. grantors) 2022-11-14 18:51:06 +01:00
sebres eba33d6205 version bump 2022-11-14 18:13:01 +01:00
sebres e1d3006b03 update 1.0.2 -- finally-war-game-test-tape-not-a-nuclear-alarm 2022-11-09 16:46:15 +01:00
sebres fd3805b40a changelog: backend `systemd`: code review and several fixes 2022-11-08 19:26:23 +01:00
sebres cd17906afe Merge branch '0.11' 2022-11-08 19:03:01 +01:00
sebres d8e2b03a24 `filter.d/named-refused.conf` extended (closes gh-3388): 
- support BIND named log categories
  - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)
 2022-11-03 11:41:21 +01:00
sebres 6d19d2e800 Merge branch '0.10' into 0.11 2022-11-02 21:06:46 +01:00
sebres 04c252c34b filtersystemd: code review, wait only if it is necessary - in operational mode and if no more entries retrieved (end of journal); 
attempt to fix gh-3396 - ensure we give enough time after journal.wait returns with INVALIDATE (due to rotation, vacuuming or journal files added/removed etc) and move cursor back and forth to avoid entering dead space
 2022-11-02 21:05:18 +01:00
sebres ca2b94c522 fixes gh-3370: resolve extremely long search by repeated apply of non-greedy RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests 
amend to gh-3210: fixes regression and matches new format in aggressive mode too
 2022-10-04 14:10:45 +02:00
sebres fc7dbcc6a7 test-suite: avoid mistaken match that confuses output with working on line message by deep debugging of test (e. g. with `-l 4`) 2022-09-28 15:37:52 +02:00
sebres f8fcaf943b version bump 2022-09-27 22:57:50 +02:00
sebres 677da51562 release 1.0.1 -- energy-equals-mass-times-the-speed-of-light-squared 2022-09-27 18:27:51 +02:00
sebres bd94b7a47d make up leeway of ChangeLog (prepare release of 1.0) 2022-09-23 21:52:14 +02:00
sebres 2df58c5281 close fork 2022-09-16 19:20:44 +02:00
sebres 7bd4f41171 Merge branch '0.11' 2022-09-16 19:17:55 +02:00
sebres 94dac78afe Merge branch '0.10' into 0.11 
(conflicts resolved)
 2022-09-16 19:14:50 +02:00
sebres 485c50228a explicitly close cursor if not needed anymore (GC can grab it late) 2022-09-16 18:34:47 +02:00
sebres 45ef36276f fixes gh-3352: failed update of database didn't signal with an error 
* client and server exit with error code by failure during start process (in foreground mode)
  * added fallback to repair if database cannot be upgraded
code review and unify (more homogeneous by client and server now)
 2022-09-16 17:58:24 +02:00
Jeff Johnson f9f78ed9d2
IPThreat integration (#3349) 
new IPThreat action
 2022-09-13 11:01:46 +02:00
sebres 934e1b606d Merge branch '0.11' 2022-09-08 21:22:23 +02:00
sebres 8dccf099e4 Merge branch '0.10' into 0.11 
(conflicts resolved)
 2022-09-08 16:32:34 +02:00
sebres 5e74499ffd provides details of failed regex compilation in the error message we throw in Regex-constructor (it's good to know what exactly is wrong) 2022-09-08 16:04:46 +02:00
sebres d6896eb26d New logtarget: systemd-journal; 
rebased #1403 from da2x:feature-systemd-journal
 2022-08-29 12:30:05 +02:00
sebres a08b925468 Merge branch '0.11' 2022-08-17 16:59:02 +02:00
sebres 467024797f Merge branch '0.10' into 0.11 2022-08-17 16:56:10 +02:00
sebres 35eb9acaee Merge branch 'test-gh-3334' into 0.10 - speedup daemonization process by huge open files limit 
Closes #3334
 2022-08-17 16:51:36 +02:00
sebres 476136281c Revert "check large nofile limit issue (#3334)" (back to original open files limit) 
This reverts commit 24b1dea197.
 2022-08-17 16:04:10 +02:00
sebres 38026e5963 code review (replace deprecated setter, since python 3.10) 2022-08-17 16:01:04 +02:00
sebres 535a982dcc fixes #3334: speedup daemonization process by huge open files limit (try to close open file descriptors obtained from `/proc/self/fd` or `/proc/fd`) 2022-08-17 15:07:30 +02:00
Sergey G. Brester 24b1dea197 check large nofile limit issue (#3334) 2022-08-17 13:10:02 +02:00
Sergey G. Brester 92d5455bdd
Merge pull request #3330 from tomers/reverse-in-a-single-line 
Reverse in a single line
 2022-08-09 17:23:18 +02:00
Sergey G. Brester aceae84be2
no extra var needed for iterator 2022-08-09 17:21:16 +02:00
Sergey G. Brester e289a1155e
Merge pull request #3269 from Logic-32/feature/cloudflare-token 
Adding support for Cloudflare Token API.
 2022-08-09 16:56:17 +02:00
Tomer Shalev 0c3951b864 reverse in a single line 2022-08-07 08:58:00 +03:00