chtheis
fa727586ff
Fix grep pattern to deal with Apache's error log
...
Apache's error log appends the port to the IP address, other logs don't.
2019-05-10 16:04:27 +02:00
sebres
23d2281e57
action.d/nginx-block-map.conf: small fix with better RE-rule for removal of ID (token/session) via sed (anchored now)
2019-05-02 15:22:45 +02:00
benrubson
5b2b680bfe
SSHd add Bad protocol version message
2019-05-02 11:42:45 +02:00
Sergey G. Brester
b318eb7e33
closes gh-2408: prevent execution of action `abuseipdb` for restored tickets
2019-04-29 10:45:37 +02:00
sebres
3d80e881c5
increase coverage (if python-systemd not available, so some tests may be skipped)
2019-04-26 13:29:19 +02:00
sebres
cd32f4a132
amend to ec681a3363
(PR gh-2387):
...
- specify default options (`logtype`) in default sections of filter-config (this allows to overwrite such options in Definition/Init sections within filter.local or includes also without setting that in the jail);
- fail2ban-regex: output real filter-options (after combine/interpolate) if verbose (`-vv`) or debug (`-l debug`).
2019-04-26 12:49:03 +02:00
Sergey G. Brester
7c9c751eb6
Merge pull request #2247 from Holston5/Holston5/mysqld-auth.conf
...
Update mysql logging command and fix mod_security filter
2019-04-24 21:57:19 +02:00
Sergey G. Brester
a7c48e7fe7
test case to cover two client entries message
2019-04-24 21:35:21 +02:00
Holston
422a2de7fe
updated
2019-04-24 21:35:19 +02:00
Holston
a581bf3f08
Fixed filter for Apache mod_security
2019-04-24 21:35:17 +02:00
Holston
5d6a84ba78
Updated to correct logging option
2019-04-24 21:35:15 +02:00
Sergey G. Brester
d67e42efa2
Merge pull request #2402 from sebres/maxentries-mem-saving
...
maxmatches: memory saving options
2019-04-19 12:51:04 +02:00
Sergey G. Brester
7d6db7391e
Update ChangeLog
2019-04-19 12:50:35 +02:00
sebres
3e5b8fdc6a
fixes coverage of dbmaxmatches = 0
2019-04-18 22:44:14 +02:00
sebres
46fc4c4615
protocol and documentation
2019-04-18 22:14:34 +02:00
sebres
4629e4320f
coverage and code review
2019-04-18 21:48:58 +02:00
sebres
852cb0362c
fix restoring of tickets from database if `maxmatches` of jail smaller as `dbmaxmatches` (so read fewer matches in memory):
2019-04-18 21:17:38 +02:00
sebres
25f1aa334e
fail2ban.conf: move default settings into DEFAULT section (to be more similar to jail.conf, Definition section overwrites the options, so it is backwards compatible)
2019-04-18 20:53:11 +02:00
sebres
0386df0042
introduced new options: `dbmaxmatches` (fail2ban.conf) and `maxmatches` (jail.conf);
...
setting `maxmatches` and `dbmaxmatches` to 0 saves memory usage and database size (closes gh-2118).
2019-04-18 20:31:39 +02:00
sebres
1083788e70
small amend (rename maxEntries -> maxMatches for consistency reasons)
2019-04-18 19:50:48 +02:00
sebres
5df78ad11f
fix corner cases by maxEntries = 0 (no matches should be saved), test cases extended to cover it + code review
2019-04-18 19:37:42 +02:00
sebres
5ebac4fe61
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2019-04-18 15:38:06 +02:00
Sergey G. Brester
28c1da33dc
Merge pull request #2387 from sebres/logtype-option-journal
...
New backend-related option `logtype` (`journal` or `file`)
2019-04-18 13:27:42 +02:00
Sergey G. Brester
d920dd4014
Update ChangeLog
2019-04-18 13:19:21 +02:00
Sergey G. Brester
4a2c564945
Merge pull request #2388 from cepheid666/0.10
...
Update sendmail-reject with TLSMTA & MSA port IDs
2019-04-04 02:55:59 +02:00
Sergey G. Brester
ec9f698f5b
removed new-line
2019-04-04 02:55:09 +02:00
Sergey G. Brester
c09ac8ebed
small amend (typo)
2019-04-04 02:53:18 +02:00
Sergey G. Brester
6c7093c66d
minor amend, refolding branches (SP|SA -> S[PA])
2019-04-04 02:28:50 +02:00
Sergey G. Brester
7a463eb3f7
closes gh-2395: safe conversion of `SYSLOG_PID` or `_PID` (if journal entry contains a string instead of numeric)
2019-04-03 23:58:23 +02:00
Amir Caspi
76816285e8
Update sendmail-reject
...
Fixing timestamps to 2005 (oops)
2019-03-29 18:21:47 -06:00
Amir Caspi
7ac2f167f9
Update ChangeLog
...
Fixing typo I introduced in commit eed1de0ceb
2019-03-29 17:49:22 -06:00
Amir Caspi
eed1de0ceb
Update ChangeLog
...
Updated to reflect sendmail-reject changes 9e1fa4ff73
and ffd5d0db78
2019-03-29 17:47:52 -06:00
Amir Caspi
ffd5d0db78
Update sendmail-reject.conf
...
On some distros (e.g., CentOS 7), sendmail default config labels port 465 as TLSMTA and port 587 as MSA. Update failregex to reflect. Relevant loglines included in 9e1fa4ff73
2019-03-29 17:39:27 -06:00
Amir Caspi
9e1fa4ff73
Update sendmail-reject
...
Added loglines to show TLSMTA and MSA port IDs (RHEL/CentOS sendmail default for ports 465 and 587, respectively)
2019-03-29 17:38:30 -06:00
sebres
ced9828d04
filter.d/sendmail-reject.conf: fixed gh-2385 for some systems (e. g. CentOS): if only identifier set to `sm-mta` (no unit `sendmail`) for some messages.
2019-03-29 14:24:06 +01:00
sebres
1045003f49
fail2ban-regex: extended with same logic as fail2ban-server (sets `logtype` to `journal` if systemd backend is used (`systemd-journal` specified), to apply short prefix-line in filter)
2019-03-29 14:24:04 +01:00
sebres
ec681a3363
backend `systemd` sets `logtype` to `journal` automatically;
...
sshd-journal: new test covering sshd journal logging format (matches short prefix-line simulating output of formatJournalEntry);
samplestestcase-factory extended with new option `fileOptions` to set common filter/test options for whole test-file
2019-03-29 14:24:00 +01:00
sebres
e268bf97d4
introduces new configuration parameter "logtype" (default "file" for file-backends, and "journal" for journal-backends);
...
common.conf: differentiate "__prefix_line" for file/journal logtype's (speedup and fix parsing of systemd-journal);
samplestestcase.py: extends testSampleRegexsFactory to allow coverage of journal logtype;
closes gh-2383: asterisk can log timestamp if logs into systemd-journal (regex extended with optional part matching this)
2019-03-29 14:23:57 +01:00
sebres
eddd0d2f25
fail2ban-regex: fixed usage of foreign filter path with relative filename (outside of config-base directory): avoid join filter filename with 'filter.d'
2019-03-27 15:12:27 +01:00
Sergey G. Brester
0e5ce68d4c
Merge pull request #2348 from szepeviktor/deb-initd-retry
...
Safer, nicer, uniform Debian initd script - into 0.10
2019-03-27 14:00:40 +01:00
sebres
320e55b8d5
Merge branch 'master' into 0.10 (merge point only, no functional changes as dovecot_log already owns it from common in 0.10)
2019-03-26 13:40:40 +01:00
sebres
6fe6ebe039
Merge branch 'fix-xarf-abuse-action' into 0.10 (closes gh-2372)
2019-03-18 10:06:55 +01:00
sebres
a7ccbd46dc
test cases extended to cover xarf-login-attack action
2019-03-16 00:13:22 +01:00
sebres
e8401a7e65
action.d/xarf-login-attack.conf: fixes gh-2372, correction for split of addresses, interpolation is shell-independent now, etc;
...
extended with option `boundary`, additionally dynamic boundary part is used (is not so predictable as it was previously);
2019-03-16 00:05:06 +01:00
sebres
ec2b5dc483
fixed log-level in error case (logging error instead of Level 39)
2019-03-15 22:28:08 +01:00
Sergey G. Brester
7a7a905ab2
0.9 - Merge pull request #2339 from cFire/master
...
Add override for dovecot failed logins on debian
2019-03-14 11:45:46 +01:00
Eli Schwartz
ebf2f28294
tmpfiles.d: don't use legacy directory path
...
systemd 239 (released June 22) introduces a new warning for tmpfiles.d
snippets touching paths in /var/run instead of the canonical /run
See a2d1fb882c
Update to use the preferred path.
2019-03-13 13:34:16 +01:00
sebres
741cf8fb0e
Merge branch 'master-0.9' into 0.10
2019-03-12 16:58:08 +01:00
sebres
f3cea45d2a
Merge pull request #2290 from james-choncholas/0.11 (rebased)
2019-03-12 16:56:09 +01:00
sebres
1a9527e6a4
fixed catch-all on user (and simplifying)
2019-03-12 16:53:36 +01:00