github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,814 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

4814 Commits (654fda8a50f65c6b329d75cbac91a50aa5a8a8f5)

Author SHA1 Message Date
sebres 310d4e224d Merge branch master (0.9) into 0.10 2016-09-29 19:46:11 +02:00
Serg G. Brester 8e3e333d54 Update ChangeLog 2016-09-27 14:17:45 +02:00
Serg G. Brester d9e1a4f547 Merge pull request #1556 from szepeviktor/master 
Monit config: scripting is not supported in path
 2016-09-27 14:16:52 +02:00
Serg G. Brester a0d8581a2c Merge pull request #1557 from sebres/_0.10/fix-reload-bug 
0.10/reload-and-more: reload without restart, stability and performance fixes
 2016-09-26 15:25:36 +02:00
sebres 5151c4fa6d ChangeLog entries added 2016-09-26 15:12:50 +02:00
sebres 5e4fdb60c8 extended test-cases (coverage) 2016-09-26 10:50:02 +02:00
sebres 449c46aec4 extended test-cases (coverage) 2016-09-23 15:21:23 +02:00
sebres 004879b5b1 code review: switch MAX_TIME to 0X7FFFFFFFFFFF (is enough, because 4461763-th year, but better performance) 2016-09-23 09:32:10 +02:00
sebres e00be5f308 Fixed sporadically error in testCymruInfoNxdomain, because of unsorted values: 
```
AssertionError: Dictionaries differ:
{'country': ['unknown', 'nxdomain'], 'asn': ['4565', 'nxdomain'], 'rir': ['other', 'nxdomain']} !=
{'country': ['nxdomain', 'unknown'], 'asn': ['nxdomain', '4565'], 'rir': ['nxdomain', 'other']}
```
Added assertDictEqual for compatibility to early python versions (< 2.7);
 2016-09-22 22:45:54 +02:00
sebres e7fa74b989 smaller inertance inside test-cases (amend to d153555a07 with decreasing default wait operation that litle bit speedup test-cases) 2016-09-22 22:45:52 +02:00
sebres ab0c28260b switch down log level for some annoying messages to tracedebug or heavydebug (to 7 or even 5); 
added verification of specified log-level before transmitting to the server;
numeric log-level allowed now in server (resp. fail2ban.conf);
 2016-09-22 22:44:46 +02:00
Viktor Szépe a406c6eb3a By the author: 
> Yes, scripting is not supported in path.

https://bitbucket.org/tildeslash/monit/issues/372/webadmin-shows-only-the-first-part-of#comment-27946048
 2016-09-22 20:29:26 +00:00
sebres 48ebe3e735 FilterPyinotify: high cpu load fix - timeout for pyinotify must be set in milliseconds (our time values are floats contain seconds); 2016-09-22 20:15:12 +02:00
sebres c0373a7158 repair typo bug in reloading for systemd-filter; 
JailThread get method `join` for safe usage of it, also for not started threads (test-cases or in case of error), that will be used for cleanup resp. wait purposes also (see join of pyinotify-filter);
 2016-09-22 19:00:54 +02:00
sebres d153555a07 increase default wait operation (sleep time, threshold interval) - avowedly greater inertance, but fewer system load by many jails resp. log files; 
waiting with `wait_for` extended with verifying of active flag;
implemented better error handling in some multi-threaded routines;
shutdown of jails rewritten (faster and safer, does not breaks shutdown process if some error occurred);
 2016-09-22 18:10:42 +02:00
sebres 35ce1166b6 allows to update some configuration options (read with config-readers) with command line option, e. g.: 
```bash
## start server with DEBUG log-level (ignore level read from fail2ban.conf):
fail2ban-client --loglevel DEBUG start
## or
fail2ban-server -c /cfg/path --loglevel DEBUG start
## keep server log-level by reload (without restart it)
fail2ban-client --loglevel DEBUG reload
## switch log-level back to INFO:
fail2ban-client set loglevel INFO
```
 2016-09-22 14:21:31 +02:00
Serg G. Brester 28e286cd2d Merge pull request #1551 from fail2ban/sebres-patch-fips-gh-1540 
filter.py: FIPS compliant fix (use sha1 instead of md5 if not allowed)
 2016-09-21 09:35:25 +02:00
sebres 0f1d1a0d4d ChangeLog: FIPS compliant 2016-09-21 09:22:18 +02:00
Serg G. Brester 1071db2256 filter.py: easy-fix to use sha1 instead of md5 if its usage prohibited by some systems following strict standards (like FIPS) 
closes gh-1540
 2016-09-20 00:00:26 +02:00
Serg G. Brester fad953ade6 Merge pull request #1544 from sebres/fix/vsftpd-gh-1543 
filter.d/vsftpd.conf: optional reason part in message after FAIL LOGIN
 2016-09-09 20:39:51 +02:00
sebres 20b92f3ead fail2ban-regex: build replacement of `<HOST>` substitution corresponding parameter `usedns` - now also in fail2ban-regex (amend) 2016-09-09 20:31:52 +02:00
sebres ebd864660a normalize usage of preferred encoding (and decode any to string); 
python 3.x compatibility (used uni_decode for string representation of stdout/stderr, unified test cases)
amend for #1542
 2016-09-09 20:29:55 +02:00
sebres e0347bb3a0 assertLogged extended with parameter wait (to wait up to specified timeout, before we throw assert exception) + test cases rewritten using that 2016-09-09 17:50:25 +02:00
sebres a20f325f80 database: stability fix - repack cursor iterator as long as locked 2016-09-09 17:36:01 +02:00
sebres f6197200a9 introduced new flag "banned" as property, used to recognize the ticket was really banned; 
get/set restored flag functions rewritten to property "restored" similar to "banned";
several code optimizations and tests extensions;
 2016-09-09 16:12:48 +02:00
sebres 2108216d33 file filter-backends: stability fix for sporadically errors - always close file handle, otherwise may be locked (prevent log-rotate, etc.) 2016-09-09 16:08:28 +02:00
sebres 4404642fa3 pyinotify-backend: stability fix for sporadically errors in multi-threaded environment (without lock) 2016-09-09 10:56:35 +02:00
sebres 8c4eebc3e3 reload actions amend, code review and test cases extended for update/start/stop of actions by reloading 2016-09-09 10:45:09 +02:00
sebres 9fb167b5e1 filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543 2016-09-09 09:20:15 +02:00
sebres 4fb511294e temp commit: reload now supported actions and action reloading (parameters, unban obsolete removed actions, etc.) 2016-09-08 23:56:32 +02:00
sebres d1ef33cc45 New command action parameter `actionrepair` - command executed in order to restore sane environment in error case of `actioncheck`. 
# [WARNING] TODO: be sure all banactions get a repair command, because otherwise stop/start will theoretically remove all the bans, but the tickets are still in BanManager, so in case of new failures it will not be banned, because "already banned" will happen.
 2016-09-08 20:06:22 +02:00
sebres 8cba537f6c code review and use new logger-signals for waiting; + regenerated man-files 2016-09-08 18:38:33 +02:00
sebres 27f6fc083a optimized BanManager: increase performance, fewer system load, try to prevent memory leakage: 
- better ban/unban handling within actions (e.g. used dict instead of list)
- don't copy bans resp. its list on some operations;
- added new unbantime handling to relieve unBanList (prevent permanent searching for tickets to unban)
- prefer failure-ID as identifier of the ticket to its IP (most of the time the same, but it can be something else e.g. user name in some complex jails, as introduced in 0.10)
 2016-09-08 18:27:55 +02:00
sebres d2ddc59c40 build replacement of `<HOST>` substitution corresponding parameter `usedns` - dns-part will be added only if `usedns` is not `no`; 
new replacement for `<ADDR>` in opposition to `<HOST>`, for separate usage of 2 address groups only (regardless of `usedns`), `ip4` and `ip6` together, without host (dns)
 2016-09-08 15:38:36 +02:00
sebres 8c26cada27 temp commit: partially cherry picked from ban-time-incr branch 2016-09-08 11:43:27 +02:00
sebres b12a3acb06 temp commit: reload not ready... 2016-09-07 21:07:50 +02:00
sebres f512628af2 make with_foreground_server_thread decorator to test several client/server commands 2016-09-06 20:15:45 +02:00
sebres 0a7374dec6 Merge branch '_0.9/fix-systemd-convert-gh-1341' into _0.10/fix-systemd-convert-gh-1341 2016-09-06 16:53:01 +02:00
sebres 7ac9890bf6 forgotten obsolete code removed 2016-09-06 16:51:06 +02:00
sebres ad61f0f381 Merge branch '_0.9/fix-systemd-convert-gh-1341' into _0.10/fix-systemd-convert-gh-1341 2016-09-06 16:37:45 +02:00
sebres 51fd9a1027 amend to activate performance-fix (respect findtime before search of match) + code coverage 2016-09-06 16:33:16 +02:00
sebres e3a75b4f1e optimize test cases after merge (using 0.10-features) 2016-09-06 15:30:35 +02:00
sebres ae38b626d1 Merge branch '_0.9/fix-systemd-convert-gh-1341' into 0.10 2016-09-06 15:30:08 +02:00
sebres 57458a462e allow to set default or preferred encoding for other filters (e.g. to decode bytes from journal) 
# Conflicts:
#	fail2ban/server/filter.py
 2016-09-06 15:26:10 +02:00
sebres 3119f81705 fixed journal systemd ascii/utf-8 default converting (see gh-1341, gh-1344) 2016-09-06 15:25:59 +02:00
Yaroslav Halchenko aff680eb43 Merge branch 'master' into 0.10 (strategy ours) 
* master:
  RF: Replace old fashioned "except E , e" with "except E as e" (Closes #1537)
 2016-09-06 08:19:10 -04:00
Yaroslav Halchenko 87acd7a0fc RF: Replace old fashioned "except E , e" with "except E as e" (Closes #1537) 
0.10 specific
supplement to b875e51cd7 in master AKA 0.9
 2016-09-06 08:18:34 -04:00
Yaroslav Halchenko f6258c7b69 Merge branch 'rf-exc' 
* rf-exc:
  RF: Replace old fashioned "except E , e" with "except E as e" (Closes #1537)
 2016-09-06 08:16:40 -04:00
Yaroslav Halchenko adeb6e94a5 Merge remote-tracking branch 'origin/master' into 0.10 
* origin/master:
 2016-09-06 08:14:23 -04:00
sebres 00c08f0cfa Merge pull request #1523 from sebres/_0.10/systemd-journal-path-gh-1408 with 0.10 2016-09-06 10:07:29 +02:00