github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,604 Commits
33 Branches
229 Tags
18 MiB
Commit Graph

4604 Commits (4942578de05213c890ca4ea8b45b1e5046922d76)

Author SHA1 Message Date
Serg G. Brester 7e05976ead
action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now. 
Closes  #2000
 2018-01-11 12:38:34 +01:00
sebres da86ebca31 Merge branch '0.10' into 0.11 2018-01-11 11:21:02 +01:00
sebres 29e1fe9479 micro-fix: delete temporary file (forgotten in test-case `test_move_dir` by reassign to directory) 2018-01-11 11:15:58 +01:00
sebres 039ac7c7c4 Merge branch '0.10' into 0.11 2018-01-11 10:29:46 +01:00
Serg G. Brester 6251fcf5f7
Merge pull request #2014 from sebres/sshd-fix-connects-with-mult-pub-keys 
stop ban of legitimate users with multiple public keys (e. g. git, etc)
 2018-01-11 10:27:35 +01:00
sebres 1c0fc73e48 Update ChangeLog 2018-01-11 10:27:38 +01:00
sebres 2112145eb4 stop ban of legitimate users with multiple public keys (e. g. git, etc), thereby 
differentiate between "invalid user" (going banned earlier) and valid users with public keys, for which the rejects of not valid public keys (failures) will be retarded up to "Too many authentication failures" resp. disconnect without success (accepted public key).
 2018-01-10 19:07:20 +01:00
sebres 314e402fe0 filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632) 2018-01-10 14:49:06 +01:00
sebres 0e68c9a720 Merge branch '0.10' into 0.11 2018-01-10 12:22:31 +01:00
sebres c36fbdf743 test cases extended in order to cover `firewallcmd-ipset` with `allports` 2018-01-10 12:13:07 +01:00
sebres c30144b37a Merge branch '0.9' into 0.10 
# Conflicts:
#	config/action.d/firewallcmd-ipset.conf
#	config/filter.d/asterisk.conf
# Merge-point after cherry-pick, no changes:
#	fail2ban/client/jailreader.py
#	fail2ban/helpers.py
 2018-01-10 12:05:26 +01:00
Serg G. Brester 029cd5aa24
Update ChangeLog 2018-01-10 11:47:59 +01:00
Serg G. Brester 597a27576e
Merge pull request #1908 from GetPageSpeed/firewallcmd-ipset-allports 
New ban mode `allports` for `firewallcmd-ipset`. Closes #1167
 2018-01-10 11:43:44 +01:00
sebres 131b94e11e firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage: 
banaction = firewallcmd-ipset[actiontype="<allports>"]
 2018-01-10 10:58:03 +01:00
Danila Vershinin c190631f88 New ban action firewallcmd-ipset-allports. Closes #1167 2018-01-10 10:58:01 +01:00
sebres 3d9a112c8f cherry-pick newer version of extractOptions, in order to avoid large discrepancy between 0.10 and 0.9 config-parsers: 
allow to use dual parameter lists (coming through substitutions), e. g.: `name[p1=0, p2="..."][p3='...']`;
simplified explanation: `][` treats as `,` in new version.
cherry-picked from 0.10.
 2018-01-10 10:57:59 +01:00
Serg G. Brester 82f8bd8639
Merge pull request #2011 from Yannik/patch-1 
Fix filter not catching asterisk requests with quote character in username (fixes #2010)
 2018-01-10 09:27:29 +01:00
Serg G. Brester f7e2d3610b
Update ChangeLog 2018-01-09 21:19:01 +01:00
Serg G. Brester a1d1498561
Restore log-entries not affected by #2011 2018-01-09 21:13:02 +01:00
sebres a83a6c38e4 Merge branch '0.10' into 0.11 
# Conflicts:
#	fail2ban/server/database.py
 2018-01-09 12:25:30 +01:00
sebres f6d0c86533 test cases extended: flush jail in database 2018-01-09 12:16:37 +01:00
sebres 2c69c0e7e5 flush jail in database: bulk remove of all IPs in the database (e. g. reload --unban). 2018-01-09 12:15:56 +01:00
Yannik Sembritzki aab54bb0dd
don't replace normal test case with specialized test case 2018-01-08 22:29:43 +01:00
Yannik Sembritzki 94f0b15c32
Allow faster parsing of hosts without ' characters in them 2018-01-08 14:54:32 +01:00
Serg G. Brester 2deb356356
Update observer.py 
Change log-level to debug for purge-event message
 2018-01-08 10:14:50 +01:00
Yannik Sembritzki eaf5e88692
replace actual offenders ip with 1.2.3.4 2018-01-03 19:00:09 +01:00
Yannik Sembritzki 184202c6aa
remove duplicate testcase 2018-01-03 18:49:38 +01:00
Yannik Sembritzki a53ee46ad4
add test for asterisk pjsip attack with quote in username 2018-01-03 18:48:11 +01:00
Yannik Sembritzki b28dfb965a
Fix filter not catching asterisk requests with quote character in username (fixes #2010) 2018-01-03 18:39:30 +01:00
sebres 19c2d24c29 merge point 2017-12-22 17:22:11 +01:00
sebres 1e39c2600c cherry-pick from 0.11: changes in updateDb because it can be executed after repair, and some tables can be missing. 2017-12-22 17:21:11 +01:00
sebres 5028f17f64 Merge branch '0.10' into 0.11, rewrite updateDb because it can be executed after repair, and some tables can be missing. 
# Conflicts:
#	fail2ban/server/database.py
#	fail2ban/tests/fail2banclienttestcase.py
#	fail2ban/tests/sockettestcase.py
 2017-12-22 17:05:45 +01:00
sebres 277edd5fe5 amend to pull request #2004: merge remote-tracking branch 'sebres/auto-repair-database' into 0.10 2017-12-22 16:21:22 +01:00
sebres ab3d03beec Better variant of repair database: recreate all tables/indices, that can be missing after supposedly successful rescue 2017-12-22 16:13:57 +01:00
Serg G. Brester 75f00a3a6c
Merge pull request #2004 from sebres/auto-repair-database 
Automatically recover or recreate corrupt persistent database
 2017-12-22 14:31:25 +01:00
Serg G. Brester b104da2800
Merge pull request #2005 from sebres/0.10 
Stability fix for fail2banclienttestcase, avoid sporadic coverage decrease.
 2017-12-22 14:27:20 +01:00
sebres a10d544ddc coverage: fix another sporadic coverage decrease, if idle mode never reached in some test-cases (e. g. by slowly reloading of jails). 2017-12-22 14:12:19 +01:00
sebres 80932af406 coverage: testErrorsInLoop should avoid sporadic coverage changes, if some communication errors not occurred sometimes. 2017-12-22 13:29:35 +01:00
sebres a1fd2c507e method `waitForServerEnd` renamed into `stopAndWaitForServerEnd` (because will also stop the server) 2017-12-22 13:00:29 +01:00
sebres 1ad587ac7c Stability fix for fail2banclienttestcase: 
- provide waitForServerEnd method for decorator `with_foreground_server_thread`, to wait for real server stop if needed;
  - accept any exit code in decorator `with_foreground_server_thread`, because multi-threaded, thus server can exit in-between;
  - fix sporadic fail "AssertionError: 'Banned 5 / 5, 5 ticket(s)' was not found" (if some tickets will be processed earlier,
    thus not as chunk but separately), so in case of:
Banned 1 / 1, 1 ticket(s) in 'nginx-blck-lst'
Banned 4 / 5, 5 ticket(s) in 'nginx-blck-lst'
 2017-12-22 12:36:01 +01:00
Serg G. Brester 2d23f35d26
Update ChangeLog 
typo: missing newline restored.
 2017-12-21 22:50:54 +01:00
sebres 79443210ad Update ChangeLog 2017-12-21 22:49:57 +01:00
sebres 9374de59f3 Automatically recover or recreate corrupt persistent database (e. g. if failed to open with 'database disk image is malformed'). 
Closes #1465
 2017-12-21 22:38:54 +01:00
Serg G. Brester 61109d5c4f
Merge pull request #1996 from meke/firewallcmd-new_actioncheck_error 
firewallcmd-new actioncheck Error
 2017-12-09 15:59:40 +01:00
root 79f414c6a2 fix <family> typo 2017-12-09 15:55:45 +01:00
root 7c63eb2378 In the CentOS7 and epel environment, result of "firewall-cmd -direct -get -chains ipv4 filter" is displayed one line 
Changed to be multiple lines with reference to firewallcmd-multiport.conf
 2017-12-09 15:55:45 +01:00
Serg G. Brester 95a87077f7
Merge pull request #1995 from sebres/firewallcmd-ipset-flush 
action.d/firewallcmd-ipset.conf: extended with actionflush to bulk unban resp. flush ipset
 2017-12-06 11:43:01 +01:00
sebres 309a1cb337 restore timeout for ipset-based actions: on some systems ipset created without default timeout may cause "Kernel error received: Unknown error -1" (gh-1994); 
thus new option `default-timeout` introduced (because of dynamical bantime in 0.10, it cannot be used here).
 2017-12-06 02:38:10 +01:00
sebres 2179db3692 Merge branch '0.10' into 0.11 2017-12-06 01:41:29 +01:00
sebres bf6667d4da better (sane) stop server handling, AsyncServer.stop_communication back-ported to 0.10 (cherry-picked from 0.11); 2017-12-06 01:38:39 +01:00