github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,507 Commits
33 Branches
229 Tags
20 MiB
Commit Graph

5507 Commits (5debaa4cac2723fa863ede9ed32c19cc82c71786)

Author SHA1 Message Date
Sergey G. Brester 5debaa4cac
option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat) 2021-05-06 20:23:58 +02:00
usernamepi e4e7a83cff
Update ufw.conf 
Prerequisites:
* The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY.
* Ufw version is => 0.36 (released in 2018)

* Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses.
* Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532
* Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open.
   Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option.
   My system apparently is compiled that way.
 2021-05-06 13:44:36 +02:00
sebres 71ce548117 Merge branch '0.11' 2021-04-27 14:05:53 +02:00
sebres b5b615731e Merge branch '0.10' into 0.11 2021-04-27 14:03:49 +02:00
sebres 319cfefac2 fix travis build (unsupported pythons and pypy versions), update 3.10 in GH actions 2021-04-27 13:41:57 +02:00
sebres d3f5d2d52b documentation (interpolation tags) 2021-04-21 11:50:07 +02:00
sebres f0214b3d36 filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments 2021-04-20 18:13:40 +02:00
sebres 6893d5a8b7 Merge remote-tracking branch 'remotes/gh-upstream/0.11' into master 2021-04-11 19:05:02 +02:00
Sergey G. Brester d74dd9321b
Merge pull request #2565 from caronc/0.11 
Add Apprise Support (50+ Notifications)
 2021-04-04 00:24:21 +02:00
Sergey G. Brester b2f6a3a658
remove unneeded substitution 
it is enough to add `apprise` to action
 2021-04-04 00:21:59 +02:00
Sergey G. Brester ff09c52927
Merge pull request #2881 from stepodev/master 
`filter.d/nginx-http-auth.conf` - extended with parameter mode, so additionally to `auth` (or `normal`)  mode `fallback` (or combined as `aggressive`) can find SSL errors while SSL handshaking
 2021-04-04 00:07:03 +02:00
Sergey G. Brester dda70d60c0
Merge branch 'master' into master 2021-04-04 00:04:08 +02:00
Sergey G. Brester c5d43d7573
Update ChangeLog 2021-04-04 00:00:59 +02:00
Michele Mondelli 7579072e3b docs: fix typos 2021-04-03 23:49:23 +02:00
Sergey G. Brester 4eba9f2a4b
Merge pull request #2950 from sunweaver/pr/scanlogd-filter 
Add support for filtering out detected port scans via scanlogd.
 2021-04-03 23:36:14 +02:00
Sergey G. Brester 2d51240b3e
correction for default log interpolation and added allports banaction 2021-04-03 23:33:49 +02:00
Sergey G. Brester 977dfe4bd7
small amend: sport after saddr is optional 
format of message: saddr[:sport] to daddr [and others,] ports port[, port...], ..., flags[, TOS TOS][, TTL TTL] @HH:MM:SS
 2021-04-03 23:29:16 +02:00
Sergey G. Brester 14edeed310
fixed regex (don't need to match whole line, e. g. every port etc) 2021-04-03 23:24:55 +02:00
Sergey G. Brester 0c4d356d11
added test log-file 2021-04-03 23:10:51 +02:00
Sergey G. Brester 080dd12288
Merge pull request #2965 from oukb/patch-1 
nsd.conf: fix for the current log format
 2021-04-03 21:02:03 +02:00
Sergey G. Brester a838deba7f
restore anchor (e. g. catch all in the middle), dot is optional now, RE rewritten a bit more precise 2021-04-03 21:00:14 +02:00
Sergey G. Brester 1215cb28ac
Update nsd 2021-04-03 20:58:26 +02:00
sebres d445b5671d Merge pull request #2642 from rolschewsky/mssql (and amend from sebres/mssql) 2021-04-03 20:28:18 +02:00
sebres 7f38b80d35 precise regex (left anchor and fewer catch-all's); fixed tests (added failJSON and more tests for some corner-cases around new RE) 2021-04-03 20:16:47 +02:00
Rüdiger Olschewsky 9eaa2322b0 Filter and Defaults for Microsoft SQL Server 2021-04-03 19:30:29 +02:00
Markus Felten 5aa20c30d8 fix: add journalmatch to nginx filters 2021-04-03 19:20:50 +02:00
sebres 80a33b1dee Merge branch '0.11' 2021-03-25 12:14:11 +01:00
sebres b259e81911 test-suite: skip testFQDN if no network 2021-03-25 12:13:46 +01:00
sebres d8e450cf12 Merge branch 'fix-readline-multibyte' 2021-03-25 12:13:18 +01:00
sebres 4b17dddc23 update ChangeLog 2021-03-25 12:07:34 +01:00
sebres ccf4f3a07d amend with common log-file iterator in fail2ban-regex and test-suite (in sample regex factory also) 2021-03-25 12:07:31 +01:00
sebres 9659033523 fail2ban-regex: reimplemented log-file iterator - uses FileContainer facilities now instead of direct read from file and decode; 
fail2banregextestcase.py extended to cover proper line-ending handling by interim NL char as part of multi-byte encodings (utf-16be, utf-16le)
 2021-03-25 12:07:29 +01:00
sebres cbac7c176a readline fixed to consider interim new-line character as part of code point in multi-byte logs (e. g. unicode: utf-16be, utf-16le); 
suppress warning "Error decoding line" for incomplete line (produced by not fully read multi-byte new-line character at end of data);
added test coverage for such logs
 2021-03-25 12:07:26 +01:00
sebres 6cf4669dee Merge branch '0.10' into 0.11 2021-03-24 14:18:22 +01:00
sebres d135aeea16 fixes restore of original logging withing tests (`LogCaptureTestCase.tearDown`) - python 3 seemed still to log wordy after tear down (setting of log.level does not restore the level for related log objects - e. g. for logger of `fail2ban.jail` etc, so `fail2ban-testcases '(testVersion|testLongName).*servertest'` generating messages in stdout handler in testLongName) 2021-03-24 14:14:47 +01:00
sebres 8757563be1 close fork 2021-03-23 14:20:10 +01:00
sebres 996920cdaa in operation mode the filter reads only complete lines (ended with new-line) now, otherwise it would wait for end of line (for its completion) 2021-03-22 01:17:26 +01:00
sebres 061fab898a Merge branch '0.10' into 0.11 2021-03-22 00:58:03 +01:00
sebres e587526ede tests: add missing constraint (causing incomplete comparison in below cycle if fewer lines as expected was found) 2021-03-22 00:56:40 +01:00
sebres 343ccd7e8a small optimization 2021-03-21 23:35:38 +01:00
sebres 9bdc4be6cc stability: better recognition of rotation (e. g. on hash collision, consider current size and last known position now), no hash of empty file (or not fulfilled line), etc; 
performance: avoid unnecessary seek to start of file and hash calculation - now it occurs only if file really rotated (ino changing or size shrinking), otherwise not earlier than in 30 seconds;
avoid unneeded log-rotation in tests
 2021-03-21 23:35:09 +01:00
sebres 725354c793 action info extended with new members for jail info (usable as tags in command actions): 
`jail.found`, `jail.found_total` - current and total found failures
  `jail.banned`, `jail.banned_total` - current and total bans
closes #10
 2021-03-20 22:33:31 +01:00
oukb 529866b2bb
nsd.conf: fix for the current log format 
New nsd 4.3.5 log format:

|  [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
|  [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches
|  [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches
|  [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
 2021-03-08 19:14:28 +03:00
Mike Gabriel f15ed35619 config/: Add support for filtering out detected port scans via scanlogd. 2021-03-05 16:35:13 +01:00
Sergey G. Brester 08393f9d82
Update filter_request.md 2021-03-03 20:28:27 +01:00
sebres df5e024fb8 new issue templates 2021-03-03 20:16:34 +01:00
sebres fb08534ed7 Merge branch '0.11' 2021-03-03 18:17:35 +01:00
sebres 3eaefe8da0 Merge branch '0.10' into 0.11 2021-03-03 18:16:47 +01:00
sebres 04aba6168c fixed typo, `--` is not expected in options declaration, so `--dump-pretty` did never work (only `--dp` is working) 2021-03-03 13:02:00 +01:00
sebres a45b1c974c filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast); 
closes gh-2951
 2021-03-02 19:35:27 +01:00