58b510a5be
filter.d/domino-smtp.conf:
...
- recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
- failregex extended to catch connections rejected for policy reasons (gh-2228);
2018-09-21 14:14:00 +02:00
08f3f12f10
fix sporadic test-cases fails: change debug transmitter-message (sometimes confused with expected "Server ready" of server), better syntax for internal subst _use_flush;
2018-09-14 10:59:59 +02:00
d01fe9d22a
action.d/*.conf: correct comments for actionstart/actionstop
2018-09-12 16:01:57 +02:00
9d7c0e00c1
Also log number of IPs removed/added
2018-09-08 09:28:42 +02:00
5b0c3e75d3
Merge pull request #2189 from yarikoptic/bf-initd-exit
...
debian-initd: exit with non-0 if fail, account that 255 is "Ok" exit code, use 255 explicitly instead of -1
2018-09-06 13:54:16 +02:00
70e53b55c5
Typo
2018-08-19 22:39:18 +02:00
ec4c4b12c1
Add yes/no log option to badips.py
2018-08-19 22:35:09 +02:00
e392f510e2
fix sporadic time-related (multi-threaded) assertion errors (message was not found in the log).
2018-08-14 15:37:23 +02:00
ee207d8c31
Merge pull request #2151 from benrubson/merge
...
Apache SNI error / misredirect attempts rules are combined in one regex
2018-08-14 14:56:49 +02:00
77b35b8db7
Improvement
2018-08-14 14:07:32 +02:00
e2a255d104
fixed typo in comments by "ignoreself" parameter
2018-08-14 11:11:19 +02:00
6ad9bb56a0
Update ChangeLog
2018-08-03 12:05:40 +02:00
e995d5a0b6
filter.d/freeswitch.conf: provide mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)` (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter how to set it to mode `normal`.
2018-08-03 11:42:15 +02:00
bc2dbacc9a
filter.d/freeswitch.conf: provide compatibility for log-format from gh-2193:
...
- extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover
`YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional);
- more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);
2018-08-03 11:22:30 +02:00
ae359f6f05
BF: $value not $code
2018-07-24 14:29:43 -04:00
298f2c066a
BF: account that now code 255 is the one to say "it is Ok, we are already running/stopped"
2018-07-24 13:24:29 -04:00
f323eceec7
BF: debian-initd, exit with exit code in logend_msg_wrapper
...
and do it unconditionally on the verbosity level
2018-07-24 13:24:29 -04:00
d9b9b6ba22
RF: exit codes are positive, so exit(255) instead of exit(-1)
2018-07-24 13:24:24 -04:00
22d37cdce2
sshd: fixed failregex for ddos (resp. aggressive) mode, to cover "authenticating user" case in log-message:
...
Connection closed by authenticating user root 192.0.2.10 ... [preauth]
tests extended (also with few injection tries).
closes gh-2185.
2018-07-18 15:31:04 +02:00
64d9e164cf
extends samples test-case factory to see the matched regex number and expression in assert message (helps if some similar regexp's available in filter)
2018-07-18 15:30:06 +02:00
d92381aaa9
fail2ban-regex: ignore lines having not empty match of `<F-NOFAIL>` from failregex (not a failure, so count as ignored and not as matched).
2018-07-18 15:23:56 +02:00
8fe07e29ad
filter.d/dovecot.conf: failregex enhancement to catch disconnected with "proxy dest auth failed";
...
closes gh-2184
2018-07-17 15:06:42 +02:00
94ffd00328
fixes initialization bug if sys.stdout.encoding is None (closes gh-2177).
2018-07-11 13:21:53 +02:00
cc321b78da
Merge pull request #2176 from sebres/ignore-cache
...
Introduces cache for ignore-facilities (for `ignoreip`, `ignoreself` and `ignorecommand`)
2018-07-10 19:31:50 +02:00
f8f01d5ab7
introduced new option `ignorecache` to improve performance of ignore failure check (using caching of `ignoreip`, `ignoreself` and `ignorecommand`)
2018-07-09 14:58:39 +02:00
9b6d17d07e
extend `ignorecommand` to use actions-similar replacement (ticket-based now, so capable to interpolate all possible tags)
2018-07-09 13:01:16 +02:00
11c1bf0149
Update ChangeLog
2018-07-06 18:05:59 +02:00
a719ba81e9
Fix cymru reference link
2018-07-06 17:50:51 +02:00
d9b9bb5f40
Merge pull request #2125 from jodlajodla/0.11 (rebased)
2018-07-06 17:43:30 +02:00
1e44b3f085
systemd no cover (currently unsupported by travis)
2018-07-06 17:42:28 +02:00
54a04b3a6a
Fixed data type of journal flags from str to int
2018-07-06 17:32:34 +02:00
df33322f9f
Added test to prove bug when specifying journal flags to systemd backend
2018-07-06 17:32:32 +02:00
75330568d9
Merge pull request #2168 from dpavlin/dovecot-add-F-USER
...
dovecot: collect F-USER and variants
2018-07-06 17:16:43 +02:00
f7962469a9
Merge pull request #2173 from mattsta/fix/findtime-backsearch-on-file-load (rebased)
2018-07-06 17:11:35 +02:00
1eb93e2556
filter.py: repair start-time of initial seek to time (regardless the position of `findtime` option in config);
...
jailreader.py: additionally relocate the option `logpath` after all log-related data (backend, date-pattern, etc) that may be needed by the first usage (gh-2173).
Thanks to Matt Stancliff (mattsta)
2018-07-06 17:04:10 +02:00
00a0e98041
Load logpath only after findtime is configured
...
When new log paths are configured, their start offset is immediately determined
by a filter searching for (now - findTime).
But, since findTime is configured *after* the log is loaded and
searched, logs are only searched back by the default 10 minute findTime,
regardless of user configuration of jail settings.
So, findTime must be configured before logpath or else the default findtime
is used, which ignores any findtime time defined by the user.
This fixes new reads on startup for actual log files. The systemd filter
always performed as expected due to being setup after the jail's
findtime config submission.
2018-07-06 16:42:36 +02:00
857d6954c4
Merge pull request #2171 from sebres/0.10-fix-decoding-issues
2018-07-06 11:42:48 +02:00
d0945120bf
ChangeLog
2018-07-06 11:41:05 +02:00
73e89df912
amend to bcf557990e15922aff22485cc86ddd2fcf41b796: wrong logging syntax will not throw an error anymore (logged now, as logging is safe)
2018-07-05 23:04:38 +02:00
bcf557990e
relocate exception-safe logging from database json-handler to common logger handling, using injection on _log-method of Logger class;
...
additionally provides more info if handler/conversion failed (with double protection inside catch-case);
tests/utils.py: log handler "_MemHandler" of LogCaptureTestCase fixed now to be safe also (test-cases only);
tests/misctestcase.py: the safe logging of all possible constellations is covered in testSafeLogging now.
2018-07-05 22:36:30 +02:00
06f2130575
typo/indent fix (no functional changes)
2018-07-05 19:27:07 +02:00
6ce67a6d21
coverage
2018-07-05 16:27:36 +02:00
bd54d472b3
extend test-cases to check the database is still operable (not locked) after all the errors during the simulation
2018-07-05 16:23:33 +02:00
3be82a9ce9
coverage
2018-07-04 20:16:11 +02:00
5a4b47464b
a bit optimized helpers
2018-07-04 18:37:25 +02:00
7dffa7a2a1
coverage related, after default encoding change
2018-07-04 18:01:39 +02:00
c81de46d21
remove some no cover pragma's - covered now
2018-07-04 17:17:21 +02:00
48c2cbfa0b
improve failure-message of assertNotLogged in case of single match given
2018-07-04 17:05:36 +02:00
7c9146feb3
ticket can contains bytes now (if deserialized from json by py3.x)
2018-07-04 17:04:12 +02:00
930cc6c8f1
improve adapter/converter handlers working on invalid characters in sense of json and/or sqlite-database;
...
both should be additionally exception-safe, so avoid possible errors in log-handlers (concat, str. conversion, etc);
test cases extended to cover any possible variants (invalid chars in unicode, bytes, str + unterminated char-sequence) with both cases (with replace of chars, with and without errors inside adapter-handlers).
2018-07-04 17:03:04 +02:00
sebres