Commit Graph

4891 Commits (6281dc3633de31fb13037ae35a8a41cd3e05c8e6)

Author SHA1 Message Date
chtheis fa727586ff Fix grep pattern to deal with Apache's error log
Apache's error log appends the port to the IP address, other logs don't.
2019-05-10 16:04:27 +02:00
sebres 23d2281e57 action.d/nginx-block-map.conf: small fix with better RE-rule for removal of ID (token/session) via sed (anchored now) 2019-05-02 15:22:45 +02:00
benrubson 5b2b680bfe SSHd add Bad protocol version message 2019-05-02 11:42:45 +02:00
Sergey G. Brester b318eb7e33
closes gh-2408: prevent execution of action `abuseipdb` for restored tickets 2019-04-29 10:45:37 +02:00
sebres 3d80e881c5 increase coverage (if python-systemd not available, so some tests may be skipped) 2019-04-26 13:29:19 +02:00
sebres cd32f4a132 amend to ec681a3363 (PR gh-2387):
- specify default options (`logtype`) in default sections of filter-config (this allows to overwrite such options in Definition/Init sections within filter.local or includes also without setting that in the jail);
- fail2ban-regex: output real filter-options (after combine/interpolate) if verbose (`-vv`) or debug (`-l debug`).
2019-04-26 12:49:03 +02:00
Sergey G. Brester 7c9c751eb6
Merge pull request #2247 from Holston5/Holston5/mysqld-auth.conf
Update mysql logging command and fix mod_security filter
2019-04-24 21:57:19 +02:00
Sergey G. Brester a7c48e7fe7 test case to cover two client entries message 2019-04-24 21:35:21 +02:00
Holston 422a2de7fe updated 2019-04-24 21:35:19 +02:00
Holston a581bf3f08 Fixed filter for Apache mod_security 2019-04-24 21:35:17 +02:00
Holston 5d6a84ba78 Updated to correct logging option 2019-04-24 21:35:15 +02:00
Sergey G. Brester d67e42efa2
Merge pull request #2402 from sebres/maxentries-mem-saving
maxmatches: memory saving options
2019-04-19 12:51:04 +02:00
Sergey G. Brester 7d6db7391e
Update ChangeLog 2019-04-19 12:50:35 +02:00
sebres 3e5b8fdc6a fixes coverage of dbmaxmatches = 0 2019-04-18 22:44:14 +02:00
sebres 46fc4c4615 protocol and documentation 2019-04-18 22:14:34 +02:00
sebres 4629e4320f coverage and code review 2019-04-18 21:48:58 +02:00
sebres 852cb0362c fix restoring of tickets from database if `maxmatches` of jail smaller as `dbmaxmatches` (so read fewer matches in memory): 2019-04-18 21:17:38 +02:00
sebres 25f1aa334e fail2ban.conf: move default settings into DEFAULT section (to be more similar to jail.conf, Definition section overwrites the options, so it is backwards compatible) 2019-04-18 20:53:11 +02:00
sebres 0386df0042 introduced new options: `dbmaxmatches` (fail2ban.conf) and `maxmatches` (jail.conf);
setting `maxmatches` and `dbmaxmatches` to 0 saves memory usage and database size (closes gh-2118).
2019-04-18 20:31:39 +02:00
sebres 1083788e70 small amend (rename maxEntries -> maxMatches for consistency reasons) 2019-04-18 19:50:48 +02:00
sebres 5df78ad11f fix corner cases by maxEntries = 0 (no matches should be saved), test cases extended to cover it + code review 2019-04-18 19:37:42 +02:00
sebres 5ebac4fe61 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2019-04-18 15:38:06 +02:00
Sergey G. Brester 28c1da33dc
Merge pull request #2387 from sebres/logtype-option-journal
New backend-related option `logtype` (`journal` or `file`)
2019-04-18 13:27:42 +02:00
Sergey G. Brester d920dd4014
Update ChangeLog 2019-04-18 13:19:21 +02:00
Sergey G. Brester 4a2c564945
Merge pull request #2388 from cepheid666/0.10
Update sendmail-reject with TLSMTA & MSA port IDs
2019-04-04 02:55:59 +02:00
Sergey G. Brester ec9f698f5b
removed new-line 2019-04-04 02:55:09 +02:00
Sergey G. Brester c09ac8ebed
small amend (typo) 2019-04-04 02:53:18 +02:00
Sergey G. Brester 6c7093c66d
minor amend, refolding branches (SP|SA -> S[PA]) 2019-04-04 02:28:50 +02:00
Sergey G. Brester 7a463eb3f7
closes gh-2395: safe conversion of `SYSLOG_PID` or `_PID` (if journal entry contains a string instead of numeric) 2019-04-03 23:58:23 +02:00
Amir Caspi 76816285e8
Update sendmail-reject
Fixing timestamps to 2005 (oops)
2019-03-29 18:21:47 -06:00
Amir Caspi 7ac2f167f9
Update ChangeLog
Fixing typo I introduced in commit eed1de0ceb
2019-03-29 17:49:22 -06:00
Amir Caspi eed1de0ceb
Update ChangeLog
Updated to reflect sendmail-reject changes 9e1fa4ff73 and ffd5d0db78
2019-03-29 17:47:52 -06:00
Amir Caspi ffd5d0db78
Update sendmail-reject.conf
On some distros (e.g., CentOS 7), sendmail default config labels port 465 as TLSMTA and port 587 as MSA. Update failregex to reflect. Relevant loglines included in 9e1fa4ff73
2019-03-29 17:39:27 -06:00
Amir Caspi 9e1fa4ff73
Update sendmail-reject
Added loglines to show TLSMTA and MSA port IDs (RHEL/CentOS sendmail default for ports 465 and 587, respectively)
2019-03-29 17:38:30 -06:00
sebres ced9828d04 filter.d/sendmail-reject.conf: fixed gh-2385 for some systems (e. g. CentOS): if only identifier set to `sm-mta` (no unit `sendmail`) for some messages. 2019-03-29 14:24:06 +01:00
sebres 1045003f49 fail2ban-regex: extended with same logic as fail2ban-server (sets `logtype` to `journal` if systemd backend is used (`systemd-journal` specified), to apply short prefix-line in filter) 2019-03-29 14:24:04 +01:00
sebres ec681a3363 backend `systemd` sets `logtype` to `journal` automatically;
sshd-journal: new test covering sshd journal logging format (matches short prefix-line simulating output of formatJournalEntry);
samplestestcase-factory extended with new option `fileOptions` to set common filter/test options for whole test-file
2019-03-29 14:24:00 +01:00
sebres e268bf97d4 introduces new configuration parameter "logtype" (default "file" for file-backends, and "journal" for journal-backends);
common.conf: differentiate "__prefix_line" for file/journal logtype's (speedup and fix parsing of systemd-journal);
samplestestcase.py: extends testSampleRegexsFactory to allow coverage of journal logtype;
closes gh-2383: asterisk can log timestamp if logs into systemd-journal (regex extended with optional part matching this)
2019-03-29 14:23:57 +01:00
sebres eddd0d2f25 fail2ban-regex: fixed usage of foreign filter path with relative filename (outside of config-base directory): avoid join filter filename with 'filter.d' 2019-03-27 15:12:27 +01:00
Sergey G. Brester 0e5ce68d4c
Merge pull request #2348 from szepeviktor/deb-initd-retry
Safer, nicer, uniform Debian initd script - into 0.10
2019-03-27 14:00:40 +01:00
sebres 320e55b8d5 Merge branch 'master' into 0.10 (merge point only, no functional changes as dovecot_log already owns it from common in 0.10) 2019-03-26 13:40:40 +01:00
sebres 6fe6ebe039 Merge branch 'fix-xarf-abuse-action' into 0.10 (closes gh-2372) 2019-03-18 10:06:55 +01:00
sebres a7ccbd46dc test cases extended to cover xarf-login-attack action 2019-03-16 00:13:22 +01:00
sebres e8401a7e65 action.d/xarf-login-attack.conf: fixes gh-2372, correction for split of addresses, interpolation is shell-independent now, etc;
extended with option `boundary`, additionally dynamic boundary part is used (is not so predictable as it was previously);
2019-03-16 00:05:06 +01:00
sebres ec2b5dc483 fixed log-level in error case (logging error instead of Level 39) 2019-03-15 22:28:08 +01:00
Sergey G. Brester 7a7a905ab2
0.9 - Merge pull request #2339 from cFire/master
Add override for dovecot failed logins on debian
2019-03-14 11:45:46 +01:00
Eli Schwartz ebf2f28294 tmpfiles.d: don't use legacy directory path
systemd 239 (released June 22) introduces a new warning for tmpfiles.d
snippets touching paths in /var/run instead of the canonical /run

See a2d1fb882c

Update to use the preferred path.
2019-03-13 13:34:16 +01:00
sebres 741cf8fb0e Merge branch 'master-0.9' into 0.10 2019-03-12 16:58:08 +01:00
sebres f3cea45d2a Merge pull request #2290 from james-choncholas/0.11 (rebased) 2019-03-12 16:56:09 +01:00
sebres 1a9527e6a4 fixed catch-all on user (and simplifying) 2019-03-12 16:53:36 +01:00