github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
2,234 Commits
33 Branches
229 Tags
20 MiB
Commit Graph

2234 Commits (51d426335893921c75851b7d0752efa973a44525)

Author SHA1 Message Date
Daniel Black ebf4a02004 TST: get/set use DNS on Filters 2013-12-11 10:43:47 +11:00
Daniel Black a8b5c5b5f3 TST: check IgnoreIP happens in filter.processLine 2013-12-11 10:31:58 +11:00
Daniel Black 60c4957a52 DOC/TST: remove TODO as all regexs have samples 2013-12-11 10:21:19 +11:00
Daniel Black 988e14d8c6 TST: negative match for DNS lookup test added 2013-12-11 10:17:55 +11:00
Daniel Black 44bbaebfe5 TST: CIDR for ignoreip 2013-12-11 10:15:24 +11:00
Daniel Black f4531e7b45 TST: test cases fro filter.delFailRegex and filter.delIgnoreRegex 2013-12-11 10:10:31 +11:00
Daniel Black f4661d8177 ENH: rebase LogFileMonitor on LogCaptureTestCase 2013-12-11 09:56:04 +11:00
Daniel Black 5688c064ad ENH: separate out log capture framework for other test cases - now utils.LogCaptureTestCase 2013-12-11 09:50:17 +11:00
Steven Hiscocks e18af48e34 ENH: Database now optional, by setting dbfile to "None" 2013-12-10 21:16:36 +00:00
Daniel Black 9d532828fc BF: multiple _ separated values according to http://wiki.squid-cache.org/SquidFaq/SquidLogs#Squid_result_codes. Thanks Steven 2013-12-11 07:44:41 +11:00
Daniel Black 66374913ec ENH: add squid filter 2013-12-10 21:24:37 +11:00
Daniel Black 916649119e ENH: use format string rather than concatination on log message 2013-12-09 23:07:42 +11:00
Yaroslav Halchenko 94a7609501 Merge pull request #481 from grooverdan/proftpd-doc 
Proftpd doc
 2013-12-08 20:34:10 -08:00
Daniel Black db4c21acde BF/DOC: fix filename in documentation for filter.d/proftpd 2013-12-09 14:46:01 +11:00
Daniel Black e8eab11615 DOC: proftp - turn off ReverseDNS 2013-12-09 14:45:09 +11:00
Daniel Black e30c80e468 Merge pull request #478 from grooverdan/fedora-initscript-fix 
BF: files/redhat-initd from upstream
 2013-12-08 15:00:43 -08:00
Daniel Black f385439a41 MRG: ChangeLog merge 2013-12-09 09:28:42 +11:00
Daniel Black 80df01bf15 Merge pull request #468 from grooverdan/xarf 
ENH: action.d/Xarf reporting of messages
 2013-12-08 14:26:37 -08:00
Daniel Black 36917d7517 BF: action.d/complain - match IP at beginning and end of lines 2013-12-09 09:21:55 +11:00
Steven Hiscocks 174f9a243a ENH: Remove thread locks from Fail2BanDb 2013-12-08 22:03:57 +00:00
Steven Hiscocks 7f063b46f9 BF: Improve handling of clearing old jails in database 2013-12-08 11:40:40 +00:00
Steven Hiscocks d8c7bca9b0 BF: Fix dbpurgeage default value, and change default dbfile extension 2013-12-08 11:35:12 +00:00
Daniel Black 051c2a5f50 Merge pull request #479 from grooverdan/tst-CustomDateFormatsTest 
TST: missed including testcases CustomDateFormatsTest
 2013-12-08 02:40:39 -08:00
Daniel Black b64478c512 TST: iso8601 tests 2013-12-08 20:14:00 +11:00
Daniel Black a37590b3eb BF: Fix ISO8601 regex to handle [+-]XX timezone offsets 2013-12-08 19:36:21 +11:00
Steven Hiscocks d6fe80ba50 TST: Fix test for fail2ban.conf with new database options 2013-12-07 23:37:14 +00:00
Steven Hiscocks bbadef847b ENH: Add fail2ban persistent data storage 2013-12-07 23:23:28 +00:00
Daniel Black e09b7002e0 TST: missed including testcases CustomDateFormatsTest 2013-12-07 12:11:04 +11:00
Steven Hiscocks 7115f64f83 Merge pull request #470 from grooverdan/flush-logs 
BF: create flushlogs command to prevent logrotation clobbering logtarget...
 2013-12-06 16:30:16 -08:00
Daniel Black 135c759dbb Merge pull request #477 from kwirk/blocklist.de 
ENH: Added blocklist.de reporting API action
 2013-12-06 16:16:39 -08:00
Steven Hiscocks 630dd91dcd BF: Add [Init] section to blocklist.de action 2013-12-07 00:09:31 +00:00
Daniel Black 8451f720f0 TST: fix flushlogs and include test for STDERR flushing 2013-12-07 11:04:06 +11:00
Daniel Black 476bbdd284 TST: test case for flushlogs 2013-12-07 10:57:05 +11:00
Steven Hiscocks b3c173795e ENH: blocklist.de action error on HTTP response code 4xx 2013-12-06 08:22:21 +00:00
Daniel Black 008952035d BF: files/redhat-initd - as per http://pkgs.fedoraproject.org/cgit/fail2ban.git/tree/fail2ban-init.patch 2013-12-06 08:08:11 +11:00
Daniel Black 4780451883 Merge pull request #472 from grooverdan/banip-ignoreconflict 
ENH: banning an IP in the ignoreIPList now issues warning to log, but still does the ban
 2013-12-05 12:45:13 -08:00
Daniel Black 51f2619878 Merge pull request #473 from grooverdan/whois-missing 
ENH: Whois missing in actions? Include output to say so
 2013-12-05 12:44:35 -08:00
Daniel Black e07ba41870 Merge pull request #463 from grooverdan/firewall-cmd-direct-new-length-too-long 
BF: firewall-cmd-direct-new was too long. Thanks Joel.
 2013-12-05 12:42:55 -08:00
Steven Hiscocks a19b33cc72 ENH: blocklist.de action added fail2ban version as user agent 2013-12-05 18:12:15 +00:00
Steven Hiscocks f742ed0e4b DOC: when to use blocklist.de reporting 
Taken from commit 1846056606
 2013-12-05 18:06:53 +00:00
Steven Hiscocks e810ec009d ENH: Added blocklist.de reporting API action 2013-12-05 08:22:20 +00:00
Steven Hiscocks 60d298d898 BF: fail2ban-regex erroneously reporting multiple regexs had matched 2013-12-04 23:36:45 +00:00
Steven Hiscocks c03a50b44b BF: Allow handle case when SKIPLINES lines is not matched 
Example is when one or more SKIPLINES is optional in a regex
 2013-12-04 23:13:27 +00:00
Steven Hiscocks c886414e2e ENH+BF: Capture multiline matched lines into fail ticket 
Previously only the last line of the match was being saved, not all
lines involved in matching.

Log lines are now broken into 3 part tuple, with the line pre-datetime,
the datetime, and post-datetime. Allows reformation of full line, but
also use of the line without the datetime present.
Attempting to use the term "tupleLine(s)" where possible, to avoid
confusion with normal read lines.

May also wish to consider that regexs could be made to capture more
lines of interest if some form of unique reference is available. This
may allow more lines of interest to be captured, which may not be picked
up by the traditional "grep <ip>" approach i.e. ones which do not have
the ip address in.

This also simplified the fail2ban-regex statistics for missed lines.
Also resolved bug with missed lines time extracted for debuggex having
some lines present which were captured in a multiline regex.
Also resolved independent issue with ignored line check including the
datetime, which raised assertion error in the rare case the datetime
matched the ignore regex, and the rest of line only matched a failregex
 2013-12-04 22:26:22 +00:00
Daniel Black 4dc51e5def BF: put notice in email if whois program could not provide more information. Closes gh-471 2013-12-04 22:43:06 +11:00
Daniel Black 97d7f46bb7 DOC: correct grammar - s/Here are more information/Here is more information/ 2013-12-04 22:40:48 +11:00
Daniel Black e108de3f6d ENH: banning an IP in the ignoreIPList now issues warning to log, but still continues 2013-12-04 22:27:23 +11:00
Daniel Black b5d6310d28 BF: create flushlogs command to prevent logrotation clobbering logtarget. Closes gh-458 2013-12-04 20:51:30 +11:00
Daniel Black 8aead9ab79 BF: escape quotes when splitting addresses for xarf 2013-12-04 08:19:05 +11:00
Daniel Black 1846056606 DOC: when to use xarf messages to network owner 2013-12-03 20:40:42 +11:00