github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,814 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

4814 Commits (654fda8a50f65c6b329d75cbac91a50aa5a8a8f5)

Author SHA1 Message Date
Yaroslav Halchenko 0c5f11079c ENH: keep spitting out logging to the screen in LogCaptureTestCases if HEAVYDEBUG 2014-10-09 10:47:00 -04:00
sebres f31607ded1 test case for check the read of config files will be cached; 
Conflicts:
	fail2ban/tests/clientreadertestcase.py -- removed not needed
        time in imports
 2014-10-09 10:30:17 -04:00
sebres 1ba48f8627 Merge remote-tracking branch 'remotes/origin/cache-config-read-820' into ban-time-incr 2014-10-09 15:41:52 +02:00
sebres 51cae63bf0 more precise by test 2014-10-09 15:39:58 +02:00
sebres ec77338e0c Merge remote-tracking branch 'sebres:cache-config-read-820' into ban-time-incr 2014-10-09 15:13:22 +02:00
sebres 4244c87802 ConfigWrapper class introduced: sharing of the same ConfigReader object between JailsReader and JailReader (don't read jail config each jail); 
sharing of the same DefinitionInitConfigReader (ActionReader, FilterReader) between all jails using that;
cache of read a config files was optimized;
test case extended for all types of config readers;
 2014-10-09 14:51:08 +02:00
sebres 20e6989c73 Merge 'upstream/master' into ban-time-incr: 
Merge remote-tracking branch 'sebres:cache-config-read-820' into ban-time-incr:
config cache optimized - prevent to read the same config file inside different resources multiple times;
test case: read jail file only once;
+ optimized merge: use OrderedDict.update instead of merge in cycle;
 2014-10-08 16:37:07 +02:00
sebres 2a54e61238 config cache optimized - prevent to read the same config file inside different resources multiple times; 
test case: read jail file only once;
 2014-10-08 15:44:32 +02:00
sebres af4b48e841 test case for check the read of config files will be cached; 2014-10-07 14:37:40 +02:00
sebres 704357467a test case for check the read of config files will be cached; 2014-10-07 14:30:51 +02:00
pacop ce4f2d1c88 added filter for PortSentry with jail and samples 2014-10-04 15:08:12 +02:00
pacop 37acc6b832 ENH: Add dateTime format for PortSentry 
Added dateTime format for PortSentry with EPOCH format
 2014-10-04 14:55:22 +02:00
sebres d00af327c5 caching of read config files, to make start of fail2ban faster, see issue #820 2014-10-03 02:11:55 +02:00
sebres f70656cdd7 caching of read config files, to make start of fail2ban faster, see issue #820 2014-10-02 22:29:09 +02:00
Yaroslav Halchenko 05fcb1f104 Merge pull request #813 from schaal/tests-configdir-env-variable 
tests: Add function to utils to calculate CONFIG_DIR
 2014-10-01 14:19:26 -04:00
Daniel Schaal 270ea363d3 tests: define CONFIG_DIR in utils. 2014-10-01 19:50:03 +02:00
Yaroslav Halchenko b912d61ccb Merge pull request #818 from slowriot/master 
adding filter to detect Shellshock attack attempts with Apache
 2014-09-29 09:32:21 -04:00
SlowRiot 5d526bbeb1 forgot to add test case to last commit 2014-09-29 00:49:22 +01:00
SlowRiot 7b5dc9f24f adding test case, changelog and thanks entries for apache shellshock filter 2014-09-26 18:48:56 +01:00
SlowRiot fc5f729f01 adding jail conf for shellshock filter 2014-09-26 16:37:50 +01:00
SlowRiot 4f636eb0e3 adding filter to detect Shellshock attack attempts against bash scripts through apache. See http://seclists.org/oss-sec/2014/q3/650 2014-09-26 16:25:07 +01:00
sebres e6127a278e The tricky bug fixed - last position of log file will be never retrieved (#795): 
addJail (executed before addLog) early uses a "INSERT OR REPLACE" statement to update "enabled" to 1 (and add jail the first time used at once), but this syntax in sqlite always deletes an entry (cause of constraint) and inserts it again, so because of CASCADE all log entries with this jail will be also deleted from logs table.
 2014-09-25 18:29:10 +02:00
sebres 7688db2628 observer: logging optimized, some log messages switched to debug level (because long time stable) 2014-09-24 15:22:48 +02:00
sebres 145a9fb891 filter, datedetector, datetemplate: performance optimizing of combination datedetector.matchTime/getTime2, because early getTime search a template and call template.matchTime again (so the date parsing was really executed twice, now just once); 
debug logging optimized;
added info line log "Start Fail2ban ..." after changed logging target;
 2014-09-24 13:21:37 +02:00
sebres 2b38d46fb5 actions: bug fix in lambdas in checkBan, because getBansMerged could return None (purge resp. asynchronous addBan), make the logic all around more stable; 
test cases: extended with test to check action together with database functionality (ex.: to verify lambdas in checkBan);
database: getBansMerged should work within lock, using reentrant lock (cause call of getBans inside of getBansMerged);
 2014-09-23 19:57:55 +02:00
sebres 6c2937affc python3/pypy compatibility fix + removing obsolete code 2014-09-16 18:12:21 +02:00
sebres 96de888ac7 python3/pypy compatibility fix 2014-09-16 17:51:57 +02:00
sebres 0dce32405f python3 compatibility fix 2014-09-16 17:27:21 +02:00
sebres c1637e97b2 now polling backend only: prevent completely read of big files first time (after start of service), initial seek to start time using half-interval search algorithm (see issue #795): 
disabled for gamin and pyinotify backends;
 2014-09-16 17:06:49 +02:00
sebres 930678cc0e Merge remote-tracking branch 'remotes/upstream/master' into ban-time-incr 2014-09-16 13:53:15 +02:00
sebres 53a30a2d42 prevent completely read of big files first time (after start of service), initial seek to start time using half-interval search algorithm (see issue #795) 2014-09-16 13:50:32 +02:00
Yaroslav Halchenko bfaf33b6ba Merge pull request #812 from nickweeds/master 
Issue #810: Update apache-auth.conf filter to match AH01630: client denied by server configuration
 2014-09-14 21:01:50 -04:00
Nick Weeds 2c158fe168 Add apache filter for AH01630 client denied by server configuration 2014-09-14 21:54:05 +01:00
Yaroslav Halchenko caa851e5c8 RF: moving logwatch setup/sample logs under files/logwatch 2014-09-14 09:48:14 -04:00
Yaroslav Halchenko 8f521b8551 DOC: Changelog and THANKS for previous changes 2014-09-13 10:27:37 -04:00
Yaroslav Halchenko 0e1f8f7f39 RF: remove those two additional failregexes for the postfix 
see comment
https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426
 2014-09-13 10:25:27 -04:00
Yaroslav Halchenko 96c20c8379 Merge pull request #804 from pleasantone/master 
Add support for postfix/submission/smtpd matching.
 2014-09-13 10:24:06 -04:00
Yaroslav Halchenko c58c4de9bc ENH: add empty ignoreregex to avoid a warning (Close #805) 2014-09-13 10:18:37 -04:00
Dean Lee ba44ff312b grep IP at the start of lines 
I'm not sure if this regex works best, so I'm patching this single file as a sample.

Don't forget to update `mail-whois-lines.conf` after this patch got merged.

For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
 2014-09-09 14:55:34 +08:00
Paul Traina 249e169d8e Update test cases and also suport smtps per request. 2014-09-08 11:53:51 -07:00
Daniel Black 1864f75b3b Credits and notes from #806 2014-09-08 19:02:37 +10:00
weberho d2c086b187 fixed encoding 2014-09-08 10:26:08 +02:00
weberho 218ffe862e fixed encoding 2014-09-08 10:23:07 +02:00
Paul Traina 544cfaff2c Add support for postfix/submission/smtpd matching. 2014-09-06 10:23:38 -07:00
Yaroslav Halchenko 0d9cfb84e3 Merge pull request #778 from yarikoptic/enh/symbiosis 
ENH: symbiosis-blacklist-allports action
 2014-08-20 23:00:11 -04:00
Yaroslav Halchenko 426ed7ff2f Merge pull request #780 from opoplawski/logpath 
Fxi jail.conf to use more syslog macros
 2014-08-20 22:59:23 -04:00
sebres 62c755c1d5 Merge remote-tracking branch 'upstream/master' into ban-time-incr 
Conflicts resolved:
	fail2ban/server/database.py
	fail2ban/tests/servertestcase.py
delBan modified (if manually unban):
	delete from "bips" also (bad ips)
	delete all tickets of this ip, also if currently not banned
 2014-08-15 11:39:55 +02:00
Yaroslav Halchenko b1c04f5fa2 ENH: print rebans stats even if no "Failures" are logged, and reduce indentation in output 2014-08-13 23:37:17 -04:00
Yaroslav Halchenko decea64cf9 ENH: untabified and reindented entire script for sane formatting (no functional changes) 2014-08-13 23:28:03 -04:00
Yaroslav Halchenko 8b62353ab0 BF: logwatch -- fixing up regex for 'already banned' 2014-08-13 23:24:38 -04:00