Commit Graph

4840 Commits (566cbcdde0a4cd5670f3dcd1415a77845304a396)

Author SHA1 Message Date
sebres 23d2281e57 action.d/nginx-block-map.conf: small fix with better RE-rule for removal of ID (token/session) via sed (anchored now) 2019-05-02 15:22:45 +02:00
benrubson 5b2b680bfe SSHd add Bad protocol version message 2019-05-02 11:42:45 +02:00
Sergey G. Brester b318eb7e33
closes gh-2408: prevent execution of action `abuseipdb` for restored tickets 2019-04-29 10:45:37 +02:00
sebres 3d80e881c5 increase coverage (if python-systemd not available, so some tests may be skipped) 2019-04-26 13:29:19 +02:00
sebres cd32f4a132 amend to ec681a3363 (PR gh-2387):
- specify default options (`logtype`) in default sections of filter-config (this allows to overwrite such options in Definition/Init sections within filter.local or includes also without setting that in the jail);
- fail2ban-regex: output real filter-options (after combine/interpolate) if verbose (`-vv`) or debug (`-l debug`).
2019-04-26 12:49:03 +02:00
Sergey G. Brester 7c9c751eb6
Merge pull request #2247 from Holston5/Holston5/mysqld-auth.conf
Update mysql logging command and fix mod_security filter
2019-04-24 21:57:19 +02:00
Sergey G. Brester a7c48e7fe7 test case to cover two client entries message 2019-04-24 21:35:21 +02:00
Holston 422a2de7fe updated 2019-04-24 21:35:19 +02:00
Holston a581bf3f08 Fixed filter for Apache mod_security 2019-04-24 21:35:17 +02:00
Holston 5d6a84ba78 Updated to correct logging option 2019-04-24 21:35:15 +02:00
Sergey G. Brester d67e42efa2
Merge pull request #2402 from sebres/maxentries-mem-saving
maxmatches: memory saving options
2019-04-19 12:51:04 +02:00
Sergey G. Brester 7d6db7391e
Update ChangeLog 2019-04-19 12:50:35 +02:00
sebres 3e5b8fdc6a fixes coverage of dbmaxmatches = 0 2019-04-18 22:44:14 +02:00
sebres 46fc4c4615 protocol and documentation 2019-04-18 22:14:34 +02:00
sebres 4629e4320f coverage and code review 2019-04-18 21:48:58 +02:00
sebres 852cb0362c fix restoring of tickets from database if `maxmatches` of jail smaller as `dbmaxmatches` (so read fewer matches in memory): 2019-04-18 21:17:38 +02:00
sebres 25f1aa334e fail2ban.conf: move default settings into DEFAULT section (to be more similar to jail.conf, Definition section overwrites the options, so it is backwards compatible) 2019-04-18 20:53:11 +02:00
sebres 0386df0042 introduced new options: `dbmaxmatches` (fail2ban.conf) and `maxmatches` (jail.conf);
setting `maxmatches` and `dbmaxmatches` to 0 saves memory usage and database size (closes gh-2118).
2019-04-18 20:31:39 +02:00
sebres 1083788e70 small amend (rename maxEntries -> maxMatches for consistency reasons) 2019-04-18 19:50:48 +02:00
sebres 5df78ad11f fix corner cases by maxEntries = 0 (no matches should be saved), test cases extended to cover it + code review 2019-04-18 19:37:42 +02:00
sebres 5ebac4fe61 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2019-04-18 15:38:06 +02:00
Sergey G. Brester 28c1da33dc
Merge pull request #2387 from sebres/logtype-option-journal
New backend-related option `logtype` (`journal` or `file`)
2019-04-18 13:27:42 +02:00
Sergey G. Brester d920dd4014
Update ChangeLog 2019-04-18 13:19:21 +02:00
Sergey G. Brester 4a2c564945
Merge pull request #2388 from cepheid666/0.10
Update sendmail-reject with TLSMTA & MSA port IDs
2019-04-04 02:55:59 +02:00
Sergey G. Brester ec9f698f5b
removed new-line 2019-04-04 02:55:09 +02:00
Sergey G. Brester c09ac8ebed
small amend (typo) 2019-04-04 02:53:18 +02:00
Sergey G. Brester 6c7093c66d
minor amend, refolding branches (SP|SA -> S[PA]) 2019-04-04 02:28:50 +02:00
Sergey G. Brester 7a463eb3f7
closes gh-2395: safe conversion of `SYSLOG_PID` or `_PID` (if journal entry contains a string instead of numeric) 2019-04-03 23:58:23 +02:00
Amir Caspi 76816285e8
Update sendmail-reject
Fixing timestamps to 2005 (oops)
2019-03-29 18:21:47 -06:00
Amir Caspi 7ac2f167f9
Update ChangeLog
Fixing typo I introduced in commit eed1de0ceb
2019-03-29 17:49:22 -06:00
Amir Caspi eed1de0ceb
Update ChangeLog
Updated to reflect sendmail-reject changes 9e1fa4ff73 and ffd5d0db78
2019-03-29 17:47:52 -06:00
Amir Caspi ffd5d0db78
Update sendmail-reject.conf
On some distros (e.g., CentOS 7), sendmail default config labels port 465 as TLSMTA and port 587 as MSA. Update failregex to reflect. Relevant loglines included in 9e1fa4ff73
2019-03-29 17:39:27 -06:00
Amir Caspi 9e1fa4ff73
Update sendmail-reject
Added loglines to show TLSMTA and MSA port IDs (RHEL/CentOS sendmail default for ports 465 and 587, respectively)
2019-03-29 17:38:30 -06:00
sebres ced9828d04 filter.d/sendmail-reject.conf: fixed gh-2385 for some systems (e. g. CentOS): if only identifier set to `sm-mta` (no unit `sendmail`) for some messages. 2019-03-29 14:24:06 +01:00
sebres 1045003f49 fail2ban-regex: extended with same logic as fail2ban-server (sets `logtype` to `journal` if systemd backend is used (`systemd-journal` specified), to apply short prefix-line in filter) 2019-03-29 14:24:04 +01:00
sebres ec681a3363 backend `systemd` sets `logtype` to `journal` automatically;
sshd-journal: new test covering sshd journal logging format (matches short prefix-line simulating output of formatJournalEntry);
samplestestcase-factory extended with new option `fileOptions` to set common filter/test options for whole test-file
2019-03-29 14:24:00 +01:00
sebres e268bf97d4 introduces new configuration parameter "logtype" (default "file" for file-backends, and "journal" for journal-backends);
common.conf: differentiate "__prefix_line" for file/journal logtype's (speedup and fix parsing of systemd-journal);
samplestestcase.py: extends testSampleRegexsFactory to allow coverage of journal logtype;
closes gh-2383: asterisk can log timestamp if logs into systemd-journal (regex extended with optional part matching this)
2019-03-29 14:23:57 +01:00
sebres eddd0d2f25 fail2ban-regex: fixed usage of foreign filter path with relative filename (outside of config-base directory): avoid join filter filename with 'filter.d' 2019-03-27 15:12:27 +01:00
Sergey G. Brester 0e5ce68d4c
Merge pull request #2348 from szepeviktor/deb-initd-retry
Safer, nicer, uniform Debian initd script - into 0.10
2019-03-27 14:00:40 +01:00
sebres 320e55b8d5 Merge branch 'master' into 0.10 (merge point only, no functional changes as dovecot_log already owns it from common in 0.10) 2019-03-26 13:40:40 +01:00
sebres 6fe6ebe039 Merge branch 'fix-xarf-abuse-action' into 0.10 (closes gh-2372) 2019-03-18 10:06:55 +01:00
sebres a7ccbd46dc test cases extended to cover xarf-login-attack action 2019-03-16 00:13:22 +01:00
sebres e8401a7e65 action.d/xarf-login-attack.conf: fixes gh-2372, correction for split of addresses, interpolation is shell-independent now, etc;
extended with option `boundary`, additionally dynamic boundary part is used (is not so predictable as it was previously);
2019-03-16 00:05:06 +01:00
sebres ec2b5dc483 fixed log-level in error case (logging error instead of Level 39) 2019-03-15 22:28:08 +01:00
Sergey G. Brester 7a7a905ab2
0.9 - Merge pull request #2339 from cFire/master
Add override for dovecot failed logins on debian
2019-03-14 11:45:46 +01:00
Eli Schwartz ebf2f28294 tmpfiles.d: don't use legacy directory path
systemd 239 (released June 22) introduces a new warning for tmpfiles.d
snippets touching paths in /var/run instead of the canonical /run

See a2d1fb882c

Update to use the preferred path.
2019-03-13 13:34:16 +01:00
sebres 741cf8fb0e Merge branch 'master-0.9' into 0.10 2019-03-12 16:58:08 +01:00
sebres f3cea45d2a Merge pull request #2290 from james-choncholas/0.11 (rebased) 2019-03-12 16:56:09 +01:00
sebres 1a9527e6a4 fixed catch-all on user (and simplifying) 2019-03-12 16:53:36 +01:00
jim a7f3ba87f6 filter.d/sogo-auth.conf: fixes gh-2289 - matching auth-failures when behind a proxy;
(broken by commit 72b06479a5), replacement for gh-2290.
2019-03-12 16:50:04 +01:00