github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,752 Commits
34 Branches
230 Tags
19 MiB
Commit Graph

5752 Commits (5dcbc0dd551f711ade5b24ba5ae706d965c9fb0e)

Author SHA1 Message Date
Łukasz Turon 5dcbc0dd55
Update .gitignore 
Please add this entry for virtual python interpreter. This directory name is needed in the PyCharm environment.
 2023-02-18 23:49:28 +01:00
sebres f93a538693 gh-3447: fix careless mistake arisen in b12a3acb06 by attempt to implement new reload capacity (rewritten latter): causing error "'noduplicates' is not defined" by double jail configuration 2023-01-17 12:53:39 +01:00
sebres a3a3fffa54 Merge branch 'fix-gh-3438': 
* circumvent SEGFAULT in a python's socket module by getaddrinfo with disabled IPv6 (gh-3438)
* improve auto-detection of IPv6 support (`allowipv6 = auto` by default)
* improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132)
 2023-01-11 18:41:15 +01:00
sebres ed135b6a93 changelog entries (gh-3438, gh-3132) 2023-01-11 18:30:37 +01:00
sebres 582436aadf don't add subnets to local addresses of `ignoreself` from network interfaces, use only IPs instead (subnets may be too heavy and not wanted, todo: make it configurable later) 2023-01-11 18:27:44 +01:00
sebres cb8674e68a amend with few improvements, IPv6IsAllowed prefers IPs from network interfaces (if available for platform) and uses DNS (socket.getaddrinfo) as a fallback only 2023-01-10 12:20:48 +01:00
sebres 09c23fd5b8 try to obtain local addresses from network interfaces before DNS to IP lookup (closes gh-3132); 
DNSUtils.getSelfIP returns IPAddrSet now (because own IPs may be the subnets now, so the check `ignoreself` must check whether any of subnets contains the IP)
 2023-01-09 21:52:12 +01:00
sebres d8a9812adc improve auto detection of IPv6 - try to check sysctl net.ipv6.conf.all.disable_ipv6 (prefer value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`) 2023-01-09 16:21:36 +01:00
sebres 58834b6734 better auto-detection for IPv6 support (`allowipv6 = auto` by default); circumvent SF in some python's socket module by getaddrinfo with disabled IPv6 (closes gh-3438) 2023-01-06 14:50:25 +01:00
Sergey G. Brester 432e7e1e93
no warning if no config value but default (debug message now) 
closes #3420
 2022-11-28 13:21:15 +01:00
Sergey G. Brester bd6e7aeff0
Merge pull request #2112 from al42and/dante 
Create filter for Dante SOCKS server
 2022-11-18 12:43:44 +01:00
Sergey G. Brester efbbcb41ea
non capturing group 2022-11-18 12:32:15 +01:00
Sergey G. Brester 996553f330
review, simplify regex and capture user name 2022-11-18 12:31:11 +01:00
Andrey Alekseenko df91b047d2 Dante SOCKS server: handle "1 byte/second" case 
Thanks to @Loriowar and @sebres for pointing it out
 2022-11-17 23:22:56 +01:00
Andrey Alekseenko 05c162ef10 Create filter for Dante SOCKS server 2022-11-17 23:22:55 +01:00
Sergey G. Brester ae5fe2e003
amend to #3405, eliminate catch-all 2022-11-15 14:29:59 +01:00
sebres 36af3f2502 Merge branch 'gh-3405' 2022-11-15 14:23:28 +01:00
sebres a58fcb8786 fix cut out of match for pattern with `{EPOCH}` (similar to other datepatterns group capturing whole regex only added if no groups specified at all); 
allows to specify more precise anchored patterns, for example `datepattern = ^type=\S+ msg=audit\(({EPOCH})` for selinux-filters
 2022-11-14 19:28:18 +01:00
sebres cbb097a2b3 small amend (non capturing group) 2022-11-14 18:56:01 +01:00
sebres 82506f0586 filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new format with GS and additional parameters, e. g. grantors) 2022-11-14 18:51:06 +01:00
sebres eba33d6205 version bump 2022-11-14 18:13:01 +01:00
sebres e1d3006b03 update 1.0.2 -- finally-war-game-test-tape-not-a-nuclear-alarm 2022-11-09 16:46:15 +01:00
sebres fd3805b40a changelog: backend `systemd`: code review and several fixes 2022-11-08 19:26:23 +01:00
sebres cd17906afe Merge branch '0.11' 2022-11-08 19:03:01 +01:00
sebres d8e2b03a24 `filter.d/named-refused.conf` extended (closes gh-3388): 
- support BIND named log categories
  - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)
 2022-11-03 11:41:21 +01:00
sebres 6d19d2e800 Merge branch '0.10' into 0.11 2022-11-02 21:06:46 +01:00
sebres 04c252c34b filtersystemd: code review, wait only if it is necessary - in operational mode and if no more entries retrieved (end of journal); 
attempt to fix gh-3396 - ensure we give enough time after journal.wait returns with INVALIDATE (due to rotation, vacuuming or journal files added/removed etc) and move cursor back and forth to avoid entering dead space
 2022-11-02 21:05:18 +01:00
sebres ca2b94c522 fixes gh-3370: resolve extremely long search by repeated apply of non-greedy RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests 
amend to gh-3210: fixes regression and matches new format in aggressive mode too
 2022-10-04 14:10:45 +02:00
sebres fc7dbcc6a7 test-suite: avoid mistaken match that confuses output with working on line message by deep debugging of test (e. g. with `-l 4`) 2022-09-28 15:37:52 +02:00
sebres f8fcaf943b version bump 2022-09-27 22:57:50 +02:00
sebres 677da51562 release 1.0.1 -- energy-equals-mass-times-the-speed-of-light-squared 2022-09-27 18:27:51 +02:00
sebres bd94b7a47d make up leeway of ChangeLog (prepare release of 1.0) 2022-09-23 21:52:14 +02:00
sebres 2df58c5281 close fork 2022-09-16 19:20:44 +02:00
sebres 7bd4f41171 Merge branch '0.11' 2022-09-16 19:17:55 +02:00
sebres 94dac78afe Merge branch '0.10' into 0.11 
(conflicts resolved)
 2022-09-16 19:14:50 +02:00
sebres 485c50228a explicitly close cursor if not needed anymore (GC can grab it late) 2022-09-16 18:34:47 +02:00
sebres 45ef36276f fixes gh-3352: failed update of database didn't signal with an error 
* client and server exit with error code by failure during start process (in foreground mode)
  * added fallback to repair if database cannot be upgraded
code review and unify (more homogeneous by client and server now)
 2022-09-16 17:58:24 +02:00
Jeff Johnson f9f78ed9d2
IPThreat integration (#3349) 
new IPThreat action
 2022-09-13 11:01:46 +02:00
sebres 934e1b606d Merge branch '0.11' 2022-09-08 21:22:23 +02:00
sebres 8dccf099e4 Merge branch '0.10' into 0.11 
(conflicts resolved)
 2022-09-08 16:32:34 +02:00
sebres 5e74499ffd provides details of failed regex compilation in the error message we throw in Regex-constructor (it's good to know what exactly is wrong) 2022-09-08 16:04:46 +02:00
sebres d6896eb26d New logtarget: systemd-journal; 
rebased #1403 from da2x:feature-systemd-journal
 2022-08-29 12:30:05 +02:00
sebres a08b925468 Merge branch '0.11' 2022-08-17 16:59:02 +02:00
sebres 467024797f Merge branch '0.10' into 0.11 2022-08-17 16:56:10 +02:00
sebres 35eb9acaee Merge branch 'test-gh-3334' into 0.10 - speedup daemonization process by huge open files limit 
Closes #3334
 2022-08-17 16:51:36 +02:00
sebres 476136281c Revert "check large nofile limit issue (#3334)" (back to original open files limit) 
This reverts commit 24b1dea197.
 2022-08-17 16:04:10 +02:00
sebres 38026e5963 code review (replace deprecated setter, since python 3.10) 2022-08-17 16:01:04 +02:00
sebres 535a982dcc fixes #3334: speedup daemonization process by huge open files limit (try to close open file descriptors obtained from `/proc/self/fd` or `/proc/fd`) 2022-08-17 15:07:30 +02:00
Sergey G. Brester 24b1dea197 check large nofile limit issue (#3334) 2022-08-17 13:10:02 +02:00
Sergey G. Brester 92d5455bdd
Merge pull request #3330 from tomers/reverse-in-a-single-line 
Reverse in a single line
 2022-08-09 17:23:18 +02:00