github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,277 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

4277 Commits (623bb39ca6feb048602e9f570d9d5a30fe4dedef)

Author SHA1 Message Date
Yaroslav Halchenko 623bb39ca6 Merge branch 'enh-rel0.9.6' into debian 
* enh-rel0.9.6: (60 commits)
  updated man pages
  ENH: prep for 0.9.6 release (as of tomorrow)
  BF: added missing entires into MANIFEST
  Update ChangeLog
  ChangeLog entry added + jail.conf review
  code review, makes the test cases workable, added dev-notes
  ChangeLog update
  `filter.d/apache-modsecurity.conf`   - fixed for newer version (one space, closes gh-1626) reviewed and optimized:   - non-greedy catch-all replaced for safer match   - unneeded catch-all anchoring removed   - non-capturing groups
  filter.d/dovecot.conf update: - fixes failregex, that ignores failures through some irrelevant info (closes #1623); - ignores whole additionally irrelevant info in anchored regex before fixed failure data `\((?:auth failed, \d+ attempts( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\)` - review, IPv6 compatibility fix, non-capturing groups
  Update jail.conf
  Use Fedora's backend-settings for openSUSE
  amend after code review of merge gh-1581
  Make changes and add test file
  Add Mongodb-auth filter and jail
  Update FILTERS
  filter.d/sshd.conf: Match 'Invalid user' with 'port \d*'
  ChangeLog entry added
  filter.d/sendmail-reject.conf: double space (should be by missing dns-host only) Closes #1578
  Update Changelog to reflect the new np.conf action
  Create npf.conf for the NPF packet filter
  ...
 2016-12-09 09:37:33 -05:00
Yaroslav Halchenko 3605155978 updated man pages 2016-12-09 09:36:08 -05:00
Yaroslav Halchenko 482252dbd4 ENH: prep for 0.9.6 release (as of tomorrow) 2016-12-09 09:35:03 -05:00
Yaroslav Halchenko e550850b9c BF: added missing entires into MANIFEST 2016-12-09 09:34:44 -05:00
Serg G. Brester 556a9373ce Update ChangeLog 2016-11-28 23:40:33 +01:00
sebres 45f1d811c9 Merge branch 'alex1702-1586' 2016-11-28 18:54:02 +01:00
sebres 67c14afd8e ChangeLog entry added + jail.conf review 2016-11-28 18:51:23 +01:00
sebres 425170cef3 code review, makes the test cases workable, added dev-notes 2016-11-28 18:39:07 +01:00
Serg G. Brester f827675822 Merge pull request #1627 from sebres/fix-gh-1626 
Fix gh-1626: one space after ModSecurity
 2016-11-28 12:00:53 +01:00
sebres b8c41dcb49 ChangeLog update 2016-11-28 11:31:51 +01:00
sebres 931eab84b5 `filter.d/apache-modsecurity.conf` 
- fixed for newer version (one space, closes gh-1626)
reviewed and optimized:
  - non-greedy catch-all replaced for safer match
  - unneeded catch-all anchoring removed
  - non-capturing groups
 2016-11-28 11:28:27 +01:00
Serg G. Brester b8b5907706 Merge pull request #1624 from sebres/fix-gh-1623 
filter.d/dovecot.conf update: ignore additionally irrelevant info in anchored regex before "auth failed"
 2016-11-26 17:07:39 +01:00
sebres 5678d08a79 filter.d/dovecot.conf update: 
- fixes failregex, that ignores failures through some irrelevant info (closes #1623);
- ignores whole additionally irrelevant info in anchored regex before fixed failure data `\((?:auth failed, \d+ attempts( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\)`
- review, IPv6 compatibility fix, non-capturing groups
 2016-11-26 16:50:37 +01:00
Serg G. Brester ac1729e473 Merge pull request #1620 from fail2ban/close-gh-1120 
jail.conf: added  `knocking_url` filter-parameter of `pass2allow-ftp`...
 2016-11-25 19:29:10 +01:00
Serg G. Brester 4f5389fee5 Update jail.conf 2016-11-24 19:30:10 +01:00
Johannes Weberhofer f46ada023e Use Fedora's backend-settings for openSUSE 
Those settings are ok for newer openSUSE versions
 2016-11-22 09:03:54 +01:00
sebres b5433f48b7 amend after code review of merge gh-1581 2016-11-11 11:09:46 +01:00
sebres bee6e7376b Merge branch 'aclindsa:master' 2016-11-11 10:58:40 +01:00
sebres dab5f56609 Merge branch 'fix-gh-1477' 2016-11-11 10:17:07 +01:00
Alex 8ac28e5dcb Make changes and add test file 2016-11-10 13:09:32 +01:00
Alex 8c40766511 Add Mongodb-auth filter and jail 2016-11-10 12:48:24 +01:00
Serg G. Brester 4e252be76f Update FILTERS 
closes #1591
 2016-10-25 11:01:32 +02:00
Aaron Lindsay 7805f9972d filter.d/sshd.conf: Match 'Invalid user' with 'port \d*' 2016-10-15 15:52:19 -04:00
Yaroslav Halchenko 5502e47486 Merge pull request #1579 from sebres/fix-gh-1578 
filter.d/sendmail-reject.conf: double space (should be by missing dns-host only)
 2016-10-15 13:18:52 -04:00
sebres 519e355bf2 ChangeLog entry added 2016-10-15 14:59:36 +02:00
sebres 84c3eb3e0e filter.d/sendmail-reject.conf: double space (should be by missing dns-host only) 
Closes #1578
 2016-10-15 14:53:45 +02:00
sebres 15dc2db8bb Merge pull request #1498 from ahpnils:npf to master: 
This new action files adds support for the NPF packet filter, available on NetBSD since version 6.0.
Closes #1498
 2016-10-13 19:00:54 +02:00
Nils f7df6026a3 Update Changelog to reflect the new np.conf action 2016-10-13 18:53:16 +02:00
Nils d08db22b92 Create npf.conf for the NPF packet filter 
This file adds support for the NPF packet filter, available on NetBSD since version 6.0
 2016-10-13 18:50:54 +02:00
Serg G. Brester 8e3e333d54 Update ChangeLog 2016-09-27 14:17:45 +02:00
Serg G. Brester d9e1a4f547 Merge pull request #1556 from szepeviktor/master 
Monit config: scripting is not supported in path
 2016-09-27 14:16:52 +02:00
Viktor Szépe a406c6eb3a By the author: 
> Yes, scripting is not supported in path.

https://bitbucket.org/tildeslash/monit/issues/372/webadmin-shows-only-the-first-part-of#comment-27946048
 2016-09-22 20:29:26 +00:00
Serg G. Brester 28e286cd2d Merge pull request #1551 from fail2ban/sebres-patch-fips-gh-1540 
filter.py: FIPS compliant fix (use sha1 instead of md5 if not allowed)
 2016-09-21 09:35:25 +02:00
sebres 0f1d1a0d4d ChangeLog: FIPS compliant 2016-09-21 09:22:18 +02:00
Serg G. Brester 1071db2256 filter.py: easy-fix to use sha1 instead of md5 if its usage prohibited by some systems following strict standards (like FIPS) 
closes gh-1540
 2016-09-20 00:00:26 +02:00
Serg G. Brester fad953ade6 Merge pull request #1544 from sebres/fix/vsftpd-gh-1543 
filter.d/vsftpd.conf: optional reason part in message after FAIL LOGIN
 2016-09-09 20:39:51 +02:00
sebres 9fb167b5e1 filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543 2016-09-09 09:20:15 +02:00
sebres 7ac9890bf6 forgotten obsolete code removed 2016-09-06 16:51:06 +02:00
sebres 51fd9a1027 amend to activate performance-fix (respect findtime before search of match) + code coverage 2016-09-06 16:33:16 +02:00
sebres 57458a462e allow to set default or preferred encoding for other filters (e.g. to decode bytes from journal) 
# Conflicts:
#	fail2ban/server/filter.py
 2016-09-06 15:26:10 +02:00
sebres 3119f81705 fixed journal systemd ascii/utf-8 default converting (see gh-1341, gh-1344) 2016-09-06 15:25:59 +02:00
Yaroslav Halchenko f6258c7b69 Merge branch 'rf-exc' 
* rf-exc:
  RF: Replace old fashioned "except E , e" with "except E as e" (Closes #1537)
 2016-09-06 08:16:40 -04:00
Yaroslav Halchenko b875e51cd7 RF: Replace old fashioned "except E , e" with "except E as e" (Closes #1537) 2016-09-04 23:25:09 -04:00
sebres 564b696530 Merge branch '_0.9/systemd-journal-path-gh-1408' 2016-09-01 16:18:53 +02:00
sebres 5f35b52b9a test cases extended 
several test-case functionality cherry picked from 0.10 (SkipTest, with_tmpdir)
 2016-09-01 16:17:06 +02:00
sebres 35b5fea038 backend "systemd" can be used as prefix now - `backend = systemd[...]` 2016-09-01 16:17:04 +02:00
sebres 7ed6cab120 jail configuration extended with new syntax to pass options to the backend (see gh-1408), 
examples:
  - `backend = systemd[journalpath=/run/log/journal/machine-1]`
  - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]`
  - `backend = systemd[journalflags=2]`
 2016-09-01 16:17:02 +02:00
sebres 1c4733ef89 [systemd] added new constructor parameters like journalpath, journalfiles and journalflags for systemd backup 
optimized FilterSystemd method `run`: better wait in idle (no busy-loop), better poll handling, the ban will executed anywhere (at least at 100th log-entry), also if we have never ending logging in this jail (e.g. extremely logging or too many failures)
systemd test cases extended
 2016-08-24 20:55:06 +02:00
Serg G. Brester 0ab042fcce Merge pull request #1522 from sebres/fix-asterisk-log-prefix 
filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` (without `in`) in log prefix
 2016-08-23 11:18:59 +02:00
sebres 4a1d720344 filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix 2016-08-22 14:10:50 +02:00