fd0471927d
badips: increase age for /list/cat in the test-cases (default 24h is too short, so the tests can sporadic fail)
2018-04-03 11:53:03 +02:00
4963295729
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2018-04-03 11:43:58 +02:00
30dc22fb2e
Detect Apache SNI error / misredirect attempts
2018-03-29 11:36:49 +02:00
088192ea9f
Merge pull request #1960 from comradekingu/patch-1
...
https, "Fail2Ban", other language improvements
2018-03-22 11:44:50 +01:00
9710c8c996
minor fix with reindent
2018-03-22 11:43:15 +01:00
218905c924
performance optimization: findFailure, search regex etc, handling with buffer/tuple-lines optimized (especially multi-regex resp. multi-lines filters)
2018-03-22 10:16:40 +01:00
67df796f93
Merge pull request #2088 from sebres/fix-gh-2073
...
filter.d/apache-noscript.conf: extended to match "Primary script unknown", got from php-fpm module
2018-03-21 09:56:38 +01:00
79019967a7
datepattern: fix epoch/long-epoch name, if custom pattern specified
2018-03-20 23:34:18 +01:00
6dc9c23a25
fixed typo in pragma-comment
2018-03-20 23:14:43 +01:00
80725ae870
Update sshd
...
comment/minimalistic: no functional change
2018-03-20 19:02:44 +01:00
e5735b9951
ChangeLog updated
2018-03-20 18:54:25 +01:00
4f6532f810
filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode it causes failure now on closed within preauth stage;
...
at least using both modes can ban port-scanners and prevent for other annoying "intruders", closing connection within preauth-stage (see gh-2085 for example).
2018-03-20 18:54:22 +01:00
cd7f1354c6
remove end-anchors for expressions that are precise enough (with clear flow, simple branches, without catch-all's, etc.)
2018-03-20 18:47:42 +01:00
ed7d5d8ea1
ChangeLog updated
2018-03-20 16:04:42 +01:00
c31eb1c562
quick optimization: normalizes pam-generic prefregex (more similar to the same regex within sshd-filter) + datepattern anchored now;
2018-03-20 16:00:21 +01:00
4129f940bb
revert non-empty incremental multi-line failure merge (just simply overwrite method used ATM);
...
revert sshd test case (better to use last given failure-id, so ipv6 instead ipv4, e. g. because of some wrong multi-line-id recognition);
improved output on AssertionError in samples-testcase factory.
2018-03-20 15:27:59 +01:00
25cc42129a
hold all user names affected by interim attempts in order to avoid forget a failures after success login:
...
intruder (as legitimate user) firstly tries to login with another user-name (brute-force), so hopes to reset failure counter by succeeded login;
this is fixed and covered in tests now;
sshd-filter extended to cover multiple-login attempts (also fully implements gh-2070);
2018-03-20 13:09:05 +01:00
a9c94686b6
fixed multiple regexs matched
2018-03-20 09:09:42 +01:00
5603055a58
failregex: introduced capturing alternate groups, for example non-empty values of `alt_user_1`, `alt_user_2` will overwrite `user` if it is empty (or `alt_host` -> `host`, etc.)
2018-03-20 09:05:02 +01:00
8028d3940d
amend with better match of optional suffix-groups;
...
remove end-anchors for expressions are precise enough (with clear flow, simple branches, without catch-all's, etc.);
2018-03-19 17:29:26 +01:00
66d2436f21
filter.d/sshd.conf: extend suffix with optional port, move it to `prefregex` at end outside of the content
2018-03-19 16:50:49 +01:00
7b3442c4e2
amend to 185cb998e7c7f2509830bed4a9f2fe6179f77e7b: capture error prefix outside of the failure content;
2018-03-19 14:53:56 +01:00
185cb998e7
make `prefregex` more precise in order to avoid catch the content for non failure lines
2018-03-19 14:38:47 +01:00
8763cf0a36
ChangeLog updated
2018-03-19 14:26:51 +01:00
e8ffab28fb
filter.d/apache-noscript.conf: extended to match "Primary script unknown", got from php-fpm module.
2018-03-19 14:23:24 +01:00
20fffc44c1
Merge pull request #2087 from sebres/fix-recidive-by-syslog
...
filter.d/recidive.conf: fixed if logging into systemd-journal (SYSLOG)
2018-03-19 14:08:46 +01:00
a6fb33bdec
filter.d/recidive.conf: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069
2018-03-09 13:56:38 +01:00
2e533a3a3a
better handling of default date templates (bounds, replacement using own expressions `...{DATE}...`, etc.)
2018-03-09 13:54:04 +01:00
ce6ca0029a
minimize log output in trace case (index instead of full-regexp by "matched" log-line)
2018-03-07 16:27:42 +01:00
a3739bbf27
trim name and add one space after padding
2018-03-07 16:25:54 +01:00
71b19d9eba
stability of time-related test-cases: a bit increased timeouts; code normalization, review and coverage
2018-03-07 15:25:27 +01:00
92f19d0604
Merge pull request #2067 from fail2ban/sebres-fix-hostdeny-ipv6
...
action.d/hostdeny.conf: fixes IPv6 syntax
2018-03-07 12:35:07 +01:00
5b63ad17c6
stability of the test-cases: avoid echoing of server-ready in configure thread, if heavy-debug (only answer from new internal command "server-status").
2018-03-05 21:54:18 +01:00
b16aafe233
Update ChangeLog
2018-03-05 19:42:05 +01:00
b34ae5999e
action.d/hostdeny.conf: fixes IPv6 syntax
...
differentiate the IPv4 and IPv6 syntax (where it is enclosed in square brackets)
2018-03-05 19:35:10 +01:00
cfc3979c84
Merge branch '0.10' with 'socket-stability-fix'
2018-03-02 21:40:13 +01:00
1bdda6c8eb
cache coverage
2018-03-02 21:39:13 +01:00
96836cb199
fix several errors (shutdown in test-cases during stop communication, better error handling by unpickle/deserialization, etc)
2018-03-02 21:39:08 +01:00
29bedd70d5
socket stability and coverage: cherry picked from 0.11 version (avoid many sporadic unhandled exceptions)
2018-03-02 21:31:19 +01:00
9f969e7aab
Merge pull request #2062 from MatthieuBarbu/patch-2
...
filter.d/sshd.conf: fixed normal and ddos-mode regex (extended with port)
2018-03-02 19:31:10 +01:00
caa2bdfee6
amendment for gh-2061: it looks like the port was added here also
2018-03-02 19:24:47 +01:00
a3bcbe2d1b
backwards-compatibility, test-cases and ChangeLog update
2018-03-02 19:15:10 +01:00
6b5516b851
fix sshd rule #2
...
in line 58, rule don't match with "%(__suff)s" but work fine if I replace with "%(__on_port_opt)s"
Debian 9 stretch : fail2ban 0.10.3
2018-03-02 18:40:36 +01:00
e9a43f739c
Merge pull request #2061 from MatthieuBarbu/patch-1
...
fix sshd rule (space before "11:" is optional now)
2018-03-02 18:19:24 +01:00
1d7aa2ff21
filter.d/sshd.conf: rewrite fix (for new ssh log-format) backwards compatible + test-cases extended to cover both cases
2018-03-02 18:17:17 +01:00
9f5c873526
fix sshd rule
...
just remove the space before ":11" line 52 because don't match on my Debian 9 stretch...
I don't know if this is wrong on all OS
2018-03-02 17:53:35 +01:00
5f021aa648
shutdown sockets before close, avoid socket leakage by use of the explicit socket close in async_chat;
...
better error handling with error counting, differentiate special case ([Errno 24] Too many open files), with resulting stop of the server
(avoid flood the log file, closes gh-991 and similar issues);
restored auto-garbage, because of non-reference-counting python's (like pypy), otherwise it may leak there on objects like unix-socket, etc.
2018-03-02 17:08:23 +01:00
fa520f36c3
stability test-cases fix: avoid rare sporadic error on start of server (threaded in foreground);
...
additionally show the log output of the thread-server in case of any error there.
2018-03-02 17:00:01 +01:00
8c291cad38
filter.d/asterisk.conf: fixed failregex prefix by log over remote syslog server (gh-2060)
2018-03-02 09:17:04 +01:00
b112250ef0
(Free)BSD IPFW does not allow 2 identical rules ( #2054 )
...
ipfw actionban fixed to allow same rule added several times (and actionunban to ignore error by deletion of missing rule)
2018-02-27 10:18:59 +01:00
sebres