github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,814 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

4814 Commits (654fda8a50f65c6b329d75cbac91a50aa5a8a8f5)

Author SHA1 Message Date
sebres cb4f9be8b2 the date brackets removed from filters using `__prefix_line`, because `__prefix_line` already contains the date ambit; 2016-05-17 11:55:02 +02:00
sebres de813acf51 extends generic `__prefix_line` with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` + test case added; 2016-05-17 11:54:43 +02:00
Alexander Koeppe 975608dfb6 no hardcoded python interpreter path 2016-05-15 21:08:32 +02:00
sebres be3e95b76d Merge branch '0.10-fwcmd-fix-test' into 0.10 2016-05-14 15:05:21 +02:00
sebres 0c44ecfc77 action.d/firewallcmd-ipset.conf: different name of the match set's for IPv4/IPv6, using conditional <ipmset>, analog to the iptables-ipset; 
test cases for 3 firewallcmd extended;
 2016-05-14 15:01:35 +02:00
Serg G. Brester 0d0e1853c4 Merge pull request #1424 from TorontoMedia/firewallcmd 
ENH: Branch 0.10 - updated firewallcmd actions
 2016-05-14 13:34:23 +02:00
Serg G. Brester e0da359a5a Merge pull request #1423 from yarikoptic/0.10 
ENH: version Fail2Ban in this branch as 0.10.0 alpha 1
 2016-05-14 13:26:23 +02:00
Serg G. Brester d742bc2834 Merge pull request #1422 from sebres/0.10-fix-multi-set 
0.10 fix multi-set and database binding parameters
 2016-05-14 13:25:14 +02:00
TorontoMedia ffebde68e0 Update firewallcmd-multiport.conf 2016-05-13 22:38:36 -04:00
TorontoMedia 07de83e04a Update firewallcmd-common.conf 2016-05-13 22:38:10 -04:00
TorontoMedia 810d5996b5 Update firewallcmd-rich-logging.conf 2016-05-13 22:10:25 -04:00
TorontoMedia 7e54cee8d6 updated firewallcmd actions 2016-05-13 21:36:27 -04:00
Yaroslav Halchenko 2b6f8737a7 ENH: version Fail2Ban in this branch as 0.10.0 alpha 1 2016-05-13 17:17:46 -04:00
sebres d420148055 database: always explicit convert `ip` to `str`, because may be an IPAddr, that will be unsupported type by bind parameter (as long as we've found any default wrapper handler for sqlite3) 2016-05-13 22:53:57 +02:00
sebres cb280b817f csocket multi-set fix: prevent to convert `list`, `dict`, `set` during transfer (send), this offers a sending of 'multi-set' arrays 
(missed by cherry-picking from multi-set branch)
 2016-05-13 22:43:02 +02:00
sebres e0924e0d1b test case fix (always sort result of `DNSUtils.textToIp`, because order of result from `socket.getaddrinfo` is undefined (system depended) 2016-05-13 21:44:07 +02:00
sebres 3e49522b7a fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405, misleadingly committed in d2a9537568); 
all optional spaces normalized in generic include `common.conf` + test cases are extended (using new example pseudo-filter and test log `zzz-generic-example`);
 2016-05-13 20:26:37 +02:00
Yaroslav Halchenko d6eae28eb5 Merge pull request #1419 from sebres/gh-1417 
fixes gh-1417 Grave tags substitution bug. [part. cherry-picked from 0.10]
 2016-05-13 10:28:29 -04:00
sebres cce63926ce ChangeLog entry added 2016-05-13 16:11:38 +02:00
sebres a4b8f6e49e [part. cherry-picked from 0.10] invalid recursion check in substituteRecursiveTags: for example action `bsd-ipfw` produced ValueError('properties contain self referencing definitions and cannot be resolved...') 
test cases extended for exactly this case;
closes gh-1417
 2016-05-13 14:12:17 +02:00
sebres 3d3735706b invalid recursion check in substituteRecursiveTags: for example action `bsd-ipfw` produced ValueError('properties contain self referencing definitions and cannot be resolved...') 
test cases extended for exactly this case and for all stock actions;
closes gh-1417
 2016-05-13 13:53:29 +02:00
Serg G. Brester 1791fd59f2 Merge pull request #1418 from yarikoptic/pr-1415 
DOC: minor PEP8ing and comments enhancements
 2016-05-13 12:49:35 +02:00
Yaroslav Halchenko a9c563fed2 Merge pull request #1415 from sebres/0.10-fixes 
0.10 fixes
 2016-05-12 18:54:33 -04:00
Yaroslav Halchenko 14c31d8c58 DOC: minor PEP8ing and comments enhancements 2016-05-12 18:52:20 -04:00
sebres ec6032d934 prevent to fail stock configs test case, if any jail custom config does not have own test log-file (perhaps not clean copy) 2016-05-12 18:15:22 +02:00
sebres 4b5b16cd9f allow using of IPv6 address style mask (analog to the IPv4), for example: `2606:28ff::/ffff:ff80::` -> `2606:2880::/25` 
fast calculating of maskplen using map table MAP_ADDR2MASKPLEN, with pre-calculated addr->maskplen values;
test cases extended;
 2016-05-12 18:15:05 +02:00
sebres 0c2eeee8c7 BF: fail2ban-client can't unserialize IPAddr objects - added IPAddr pickle-handler, that simple wrap IPAddr to the str 2016-05-12 12:54:25 +02:00
sebres 53956501da increase readability and details level by increased verbosity 2016-05-12 11:53:12 +02:00
sebres 060ea085f4 reader bug fix: prevent to silent "load" of not existing jail; 
coverage of test cases increased;
 2016-05-12 11:52:08 +02:00
sebres 22576d7150 code review, timeout fix, better tracing (and test coverage) by start of server/client (with or without fork) 2016-05-12 11:52:05 +02:00
sebres 0b4143730d some compatibility fixes (prevent forking of testcase-process, code review), wait 4 server ready, test cases fixed (py2/py3) 2016-05-12 11:52:02 +02:00
sebres 2fcb6358ff several bug fixed: fork in client-server test cases prohibited, all worker threads daemonized (to prevent hanging on exit). 2016-05-12 11:51:59 +02:00
sebres afa1cdc3ae client/server (bin) test cases introduced, ultimate closes #1121, closes #1139 
small code review and fixing of some bugs during client-server communication process (in the test cases);
 2016-05-12 11:51:56 +02:00
sebres 5a053f4b74 starting of the server (and client/server communication behavior during start and daemonize) completely rewritten: 
- client/server functionality moved away from bin and using now the common interface (introduced in fail2bancmdline);
  - start in foreground fixed;
  - server can act as client corresponding command line;
  - command "restart" added: in opposite to "reload" in reality restarts the server (new process);
  - several client/server bugs during starting process fixed.
 2016-05-12 11:51:53 +02:00
sebres 556ddaabd7 temporary commit (move client/server from bin) 2016-05-12 11:51:50 +02:00
sebres 4ce240ed40 try to start server in foreground 
# Conflicts:
#	fail2ban/server/server.py
 2016-05-12 11:51:47 +02:00
sebres bdc2d07946 fix suhosin_log in common paths - log files should be separated using "\n": 
prevents to throw an error "File option must be 'head' or 'tail'", if jail suhosin will be enabled.
 2016-05-11 18:49:04 +02:00
sebres 9b72522a01 todo fix: not necessary in 0.10 branch 2016-05-11 18:47:55 +02:00
sebres 3df97beaa6 changelog entries from sebres:f2b-perfom-prepare-716 (gh-1346) 2016-05-11 18:03:22 +02:00
sebres c22ba5413d changes from ipv6-support-0.10 after merge 2016-05-11 16:58:13 +02:00
sebres f9ea845595 Merge branch 'ipv6-support-0.10' into 0.10 2016-05-11 16:57:16 +02:00
sebres 23ad50dbaa correct <HOST> expression in failregex (now IPv6 will be really found from filter); 
respect standard spelling of IPv6 (with port) enclosed in brackets ([ipv6]:port), to prevent the necessarily changing of many filter definitions, comparison:
#IPv4:
127.0.0.1:55555
#IPv6:
[a🅱️c:d::1]:55555
some small fixes (in test cases also) and code review and few optimizations;
 2016-05-11 16:55:29 +02:00
sebres f47fdf8918 code coverage: extend conditional test with direct replacement inside replaceTag (besides recursive sub tags) 2016-05-11 16:55:26 +02:00
sebres e8203dabba python 2.6 compatible test cases 2016-05-11 16:55:24 +02:00
sebres 9da7bb1068 meantime commit: code review, simplification, pythonization, etc. (test cases passed) 2016-05-11 16:55:21 +02:00
Alexander Koeppe 50e5a7e538 More beautifier tests 2016-05-11 16:55:17 +02:00
sebres d65e37e93d CIDR splitting functionality moved from filter to IPAddr; 
meantime commit: code review, simplification, pythonization, etc. + test cases extended
 2016-05-11 16:54:36 +02:00
Alexander Koeppe 1b21f21c22 CIDR represenation if IPAddr object is a network prefix 2016-05-11 16:54:33 +02:00
sebres 941a2b6c82 clean up unnecessarily resp. directly unused action properties, because they are ambiguous now; 
implemented caching functionality for same substitutions inside replaceTag: very actual and extreme performance growth (up to 1000 times) for ban/unban because too slow substituteRecursiveTags by several tags and many includes, but totally unnecessary as long as parameters are not changing;
 2016-05-11 16:54:31 +02:00
sebres 504e5ba6f2 actions support IPv6 now: 
- introduced "conditional" sections, see for example `[Init?family=inet6]`;
  - iptables-common and other iptables config(s) made IPv6 capable;
  - several small code optimizations;
* all test cases passed (py3.x compatible);
 2016-05-11 16:54:28 +02:00