Yaroslav Halchenko
a0cf31903d
Merge pull request #1754 from yarikoptic/bf-tzdata
...
BF: specify explicit time offset not a time zone name to avoid needing tzdata during testing
2017-04-17 10:26:37 -04:00
Paul Brook
a639f0b083
BF: specify explicit time offset not a time zone name to avoid needing tzdata during testing
2017-04-16 12:11:05 -04:00
Serg G. Brester
36814c4274
Merge pull request #1749 from petervanderdoes/bugfix/problem_with_mail_command
...
Parameter `-s` is already a part of `mailcmd` interpolation
2017-04-11 20:57:42 +02:00
Peter van der Does
bb79e7f413
Parameter not needed
...
The parameter '-s' causes an error as the <mailcmd> already has the parameter.
2017-04-11 11:13:58 -04:00
Serg G. Brester
61e73b9694
Merge pull request #1746 from gracinet/0.10-haproxy-ipv6
...
haproxy-http-auth IPv6 (Closes #1745 )
2017-04-11 10:04:16 +02:00
Serg G. Brester
4f0f22702a
Update haproxy-http-auth.conf
...
little bit more precise expression
2017-04-11 09:11:08 +02:00
Georges Racinet
07023436ac
haproxy-http-auth: added a test for IPv4-mapped-in-IPv6
...
This what one gets in logis if haproxy is binding to ::
on a dual-stack system.
2017-04-07 14:04:13 +02:00
Georges Racinet
4fc6323ff0
haproxy-http-auth: avoid port number in IPv6 addresses
...
The solution taken is to consume the port number explicitely in
the regexp.
2017-04-07 13:59:22 +02:00
Serg G. Brester
e7f1fc5cb3
Update ChangeLog
...
enhancements of #1743
2017-03-31 10:39:50 +02:00
Serg G. Brester
e63af0aa4e
Merge pull request #1743 from sebres/0.10-flush-bulk-unban
...
0.10 - flush resp. bulk unban
2017-03-31 10:36:05 +02:00
sebres
97e8b42d34
dummy action extended with more examples and test-covered now
2017-03-30 13:02:37 +02:00
sebres
042a060a54
additionally complex test-case coverage for `actionflush` inside server via actions-mechanism of fail2ban - reload with removing action, unban all, stopping of jails and actions, etc.
2017-03-29 23:24:13 +02:00
sebres
d03872fbbf
bulk unban: add new command `actionflush` default for several iptables/iptables-ipset actions (and common include):
...
iptables-common
iptables
iptables-allports
iptables-multiport-log
iptables-multiport
iptables-new
iptables-ipset-proto4
iptables-ipset-proto6
iptables-ipset-proto6-allports
executing `actionflush` command covered for this actions now
2017-03-29 23:24:11 +02:00
sebres
a1e9cc552c
bulk unban: introduced new command `actionflush`: executed in order to flush all bans at once (e. g. by unban all, reload with removing action, stop, shutdown the system);
...
the actions having `actionflush` do not execute `actionunban` for each single ticket
2017-03-29 23:24:09 +02:00
Serg G. Brester
44a26c6159
Update ChangeLog
...
amend to gh-1742
2017-03-29 23:14:33 +02:00
Serg G. Brester
4dcdcc3002
Merge pull request #1742 from sebres/0.10-actionstart-on-demand
...
0.10 - Execution of `actionstart` on demand (fixes gh-1741)
2017-03-29 23:07:03 +02:00
sebres
daa13eb5dd
no cover for unreachable and abstract
2017-03-29 18:33:33 +02:00
sebres
ca18270beb
fix artificial test cases ('family' becomes mandatory in the action info, but dict was supplied in the test case)
2017-03-29 18:02:21 +02:00
sebres
8bf79fa483
implemented execution of `actionstart` on demand, if action depends on `family` (closes gh-1741);
...
new action parameter "actionstart_on_demand" (bool) can be set to prevent/allow starting action on demand (default retrieved automatically, if some conditional parameter `param?family=...` presents in action properties);
2017-03-29 17:44:15 +02:00
Serg G. Brester
05f5c6efcc
Update README.md
...
added wiki-reference;
fixed mail-representation (after github swiched markdown syntax)
2017-03-29 12:32:34 +02:00
Serg G. Brester
1a59a5c5a7
Merge pull request #1740 from sebres/0.10-strptime-perf
...
strptime.py: small code review and performance optimization
2017-03-29 11:33:57 +02:00
sebres
ee3c9fcb75
"%y" - in the fail2ban parsed year without century should be always relative current century (>= 2000);
...
cover several format specifiers and different "assume" cases (without year, without date, greater as now, etc.);
2017-03-28 22:10:29 +02:00
sebres
7437fbd75b
strptime.py: small code review and performance optimization (get some properties on demand, etc.)
2017-03-28 20:21:39 +02:00
Serg G. Brester
ec19aed489
Merge pull request #1739 from gracinet/0.10-test_smtp-no-network
...
Fixes test_smtp connects to wrong inet (if listening on ::1 instead of 127.0.0.1)
2017-03-28 19:49:58 +02:00
Georges Racinet
7b93f111e1
test_smtp inconsistency for py3+IPv6
...
It appears that, under Python3, on an IPv6 enabled machine,
the testing SMTP server on 'localhost' can turn out to listen on ::1 only,
which makes those tests break if the SMTP client part uses 127.0.0.1
directly. Using 'localhost' there as well makes the tests pass.
2017-03-28 19:29:45 +02:00
sebres
873f97c6c5
Merge branch '0.9-log-level-msg' into 0.10
2017-03-27 11:36:36 +02:00
sebres
7982d1e627
Update ChangeLog
2017-03-27 11:31:41 +02:00
sebres
e8596cfce7
amend resp. restore of change from 59c35bc44a
(gh-129):
...
- logging of "Log rotation detected" with new MSG level
- introduces new log-level MSG (as INFO-2, 18)
2017-03-27 11:27:41 +02:00
Serg G. Brester
d26060ead0
Update ChangeLog
...
belongs to #1733
2017-03-27 09:38:53 +02:00
Serg G. Brester
cea8ba7831
Merge pull request #1733 from sebres/0.10-repl-skiplines
...
Normalizes replacement of `<SKIPLINES>` + no multiline failregex per default
2017-03-27 09:34:08 +02:00
Seth Reeser
c82495353f
Update mysqld-auth.conf ( #1725 )
2017-03-24 19:03:20 +01:00
Serg G. Brester
52c1950371
Update mysqld-auth.conf
...
small typo, closes gh-1725 (Thx @seth-reeser)
2017-03-24 19:03:17 +01:00
sebres
6ac5c55edc
the sequence in args-dict is currently undefined (so can be 1st argument with `?` instead of `&`)
2017-03-24 17:35:41 +01:00
sebres
990d9a66da
fail2ban-regex: fixed matched output by multi-line (buffered) parsing + and multi-line debuggex URL;
...
test coverage extended;
2017-03-24 17:07:21 +01:00
sebres
bc888e0753
Regex compiled in multi-line parsing mode only if `maxlines` > 1 (buffering), if however expected - prefix `(?m)` could be used in regex to enable it;
...
Removed warning "Mutliline regex set for jail ... but maxlines not greater than 1", because can be expected situation now:
non multi-line entry from systemd-filter containing new-lines (that should be ignored by anchors resp. entry parsed as single string);
small code review;
2017-03-24 13:20:04 +01:00
sebres
61c1bdfe79
Normalizes replacement of `<SKIPLINES>` (moved to _resolveHostTag, so will be replaced together with another tags);
...
Regex will be compiled as MULTILINE only if needed (buffering with `maxlines` > 1), that enables:
- improve performance by the single line parsing;
- make regex more precise (because distinguish between anchors `^`/`$` for the begin/end of string and the new-line character '\n', e. g. if coming from filters (like systemd journal) that allow the parsing of log-entries contain new-line chars (as single entry);
2017-03-24 11:25:12 +01:00
Serg G. Brester
b650503f00
Merge pull request #1732 from sebres/0.10-ignoreself
...
0.10 `ignoreself` for ignore own IP addresses
2017-03-24 10:12:23 +01:00
sebres
e7052e9625
update man/jail.conf.5 (docu for the ignoreself)
2017-03-24 09:55:20 +01:00
sebres
30352c5f03
fix sporadic coverage changes (sometimes produces "no such process" in popen.poll after terminate/kill in timeout test cases)
2017-03-23 17:48:52 +01:00
sebres
663bc9903d
increase coverage (was decreased since "ignoreip" was set to default empty)
2017-03-23 16:19:21 +01:00
sebres
6c4b1c7204
Update ChangeLog
2017-03-23 15:54:53 +01:00
sebres
5e93bf9bd3
Introduced new option "ignoreself", specifies whether the local resp. own IP addresses should be ignored (default is true).
...
Fail2ban will not ban a host which matches such addresses.
Option "ignoreip" affects additionally to "ignoreself" and don't need to include the DNS resp. IPs of the host self.
2017-03-23 15:52:31 +01:00
Serg G. Brester
1e6787877a
Merge pull request #1726 from sebres/0.10-grave-fix-escape-tags-1st
...
0.10 fix escape tags
2017-03-21 15:33:00 +01:00
sebres
6ba0546824
code review and inline docu
2017-03-21 14:53:33 +01:00
Serg G. Brester
7a03c964c2
Update ChangeLog
2017-03-21 14:04:18 +01:00
sebres
bb9541b7a9
Merge pull request #1728 from sebres/_0.10/fix-gh-1719
2017-03-21 11:05:15 +01:00
sebres
43d2cae8da
small amend that correct log trace output by forget MLFID (outputs the reason why it was forgotten - close, disconnect, etc.)
2017-03-21 10:39:55 +01:00
sebres
b6886f2e51
SampleRegexsFactory extended with optional filter constraint, if testing the same log-file with multiple filters (no possibility to match by the old sshd-filter 'zzz-sshd-obsolete-multiline')
2017-03-21 09:42:27 +01:00
sebres
1971fd4bd3
don't remove MLFID from cache (can recognize multiple attempt within the same connection)
2017-03-21 09:20:56 +01:00
sebres
f13fac5ae9
amend to 5561423be3b2d4636f5484183c3ad470fd326d06: fixed incorrect failure counting despite the `<F-NOFAIL>` marked regex;
...
extra: introduced new tag `<F-MLFFORGET>` as mark to forget current multi-line MLFID (e. g. connection closed);
Closes gh-1727
2017-03-21 00:15:57 +01:00