Commit Graph

4902 Commits (68f827e1f3945b735f214e15b224a926bb4bf170)

Author SHA1 Message Date
sebres 83f626c4aa (grave) closes gh-2431: replace newlines in message from systemd journal (otherwise multi-line parsing is broken, because removal of matched string from multi-line buffer window is confused by extra new-lines, so they are retained and got matched on every followed message). 2019-05-24 15:53:16 +02:00
sebres 49bf6132cc amend for 3036ed18893b6aae6619e53201aa53deb701b94f: eliminate "invalid sequence" warnings 2019-05-14 21:40:33 +02:00
sebres 607e965e7b Merge branch 'sebres/0.10-travis-xenial' into 0.10:
- multi-distribution (trusty & xenial);
- python 3.8 (and new python/pypy minor versions on xenial);
2019-05-14 20:16:59 +02:00
sebres 08d2615020 small amend: review, simplification, etc 2019-05-14 20:04:44 +02:00
sebres 1cca374d04 .travis.yml: several distributions in matrix (trusty & xenial together) 2019-05-14 19:55:01 +02:00
sebres d310c4992f .travis.yml: coverage for python 3.8 (test with newest python/pypy versions) 2019-05-14 18:24:45 +02:00
sebres 3036ed1889 resolve deprecated syntax (eliminate "invalid sequence" warnings) 2019-05-14 18:22:55 +02:00
sebres 0426a24719 filter.d/postfix.conf: (closes gh-2426) filter extended to catch "5.1.1" (Recipient address rejected: User unknown in local recipient table) with RCPT (and some session-id instead of "NOQUEUE") 2019-05-14 15:27:20 +02:00
sebres 2b8e2707bb Merge pull request #2298 from chtheis/0.11 (rebased to 0.10) 2019-05-10 16:22:58 +02:00
sebres 4d08bc4ad5 update ChangeLog 2019-05-10 16:22:25 +02:00
sebres d8d71c5a22 action.d/helpers-common.conf: grep arguments are rewritten - using options `-wF` to match only whole words and fixed string (not as pattern) 2019-05-10 16:17:13 +02:00
chtheis fa727586ff Fix grep pattern to deal with Apache's error log
Apache's error log appends the port to the IP address, other logs don't.
2019-05-10 16:04:27 +02:00
sebres 23d2281e57 action.d/nginx-block-map.conf: small fix with better RE-rule for removal of ID (token/session) via sed (anchored now) 2019-05-02 15:22:45 +02:00
benrubson 5b2b680bfe SSHd add Bad protocol version message 2019-05-02 11:42:45 +02:00
Sergey G. Brester b318eb7e33
closes gh-2408: prevent execution of action `abuseipdb` for restored tickets 2019-04-29 10:45:37 +02:00
sebres 3d80e881c5 increase coverage (if python-systemd not available, so some tests may be skipped) 2019-04-26 13:29:19 +02:00
sebres cd32f4a132 amend to ec681a3363 (PR gh-2387):
- specify default options (`logtype`) in default sections of filter-config (this allows to overwrite such options in Definition/Init sections within filter.local or includes also without setting that in the jail);
- fail2ban-regex: output real filter-options (after combine/interpolate) if verbose (`-vv`) or debug (`-l debug`).
2019-04-26 12:49:03 +02:00
Sergey G. Brester 7c9c751eb6
Merge pull request #2247 from Holston5/Holston5/mysqld-auth.conf
Update mysql logging command and fix mod_security filter
2019-04-24 21:57:19 +02:00
Sergey G. Brester a7c48e7fe7 test case to cover two client entries message 2019-04-24 21:35:21 +02:00
Holston 422a2de7fe updated 2019-04-24 21:35:19 +02:00
Holston a581bf3f08 Fixed filter for Apache mod_security 2019-04-24 21:35:17 +02:00
Holston 5d6a84ba78 Updated to correct logging option 2019-04-24 21:35:15 +02:00
Sergey G. Brester d67e42efa2
Merge pull request #2402 from sebres/maxentries-mem-saving
maxmatches: memory saving options
2019-04-19 12:51:04 +02:00
Sergey G. Brester 7d6db7391e
Update ChangeLog 2019-04-19 12:50:35 +02:00
sebres 3e5b8fdc6a fixes coverage of dbmaxmatches = 0 2019-04-18 22:44:14 +02:00
sebres 46fc4c4615 protocol and documentation 2019-04-18 22:14:34 +02:00
sebres 4629e4320f coverage and code review 2019-04-18 21:48:58 +02:00
sebres 852cb0362c fix restoring of tickets from database if `maxmatches` of jail smaller as `dbmaxmatches` (so read fewer matches in memory): 2019-04-18 21:17:38 +02:00
sebres 25f1aa334e fail2ban.conf: move default settings into DEFAULT section (to be more similar to jail.conf, Definition section overwrites the options, so it is backwards compatible) 2019-04-18 20:53:11 +02:00
sebres 0386df0042 introduced new options: `dbmaxmatches` (fail2ban.conf) and `maxmatches` (jail.conf);
setting `maxmatches` and `dbmaxmatches` to 0 saves memory usage and database size (closes gh-2118).
2019-04-18 20:31:39 +02:00
sebres 1083788e70 small amend (rename maxEntries -> maxMatches for consistency reasons) 2019-04-18 19:50:48 +02:00
sebres 5df78ad11f fix corner cases by maxEntries = 0 (no matches should be saved), test cases extended to cover it + code review 2019-04-18 19:37:42 +02:00
sebres 5ebac4fe61 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2019-04-18 15:38:06 +02:00
Sergey G. Brester 28c1da33dc
Merge pull request #2387 from sebres/logtype-option-journal
New backend-related option `logtype` (`journal` or `file`)
2019-04-18 13:27:42 +02:00
Sergey G. Brester d920dd4014
Update ChangeLog 2019-04-18 13:19:21 +02:00
Sergey G. Brester 4a2c564945
Merge pull request #2388 from cepheid666/0.10
Update sendmail-reject with TLSMTA & MSA port IDs
2019-04-04 02:55:59 +02:00
Sergey G. Brester ec9f698f5b
removed new-line 2019-04-04 02:55:09 +02:00
Sergey G. Brester c09ac8ebed
small amend (typo) 2019-04-04 02:53:18 +02:00
Sergey G. Brester 6c7093c66d
minor amend, refolding branches (SP|SA -> S[PA]) 2019-04-04 02:28:50 +02:00
Sergey G. Brester 7a463eb3f7
closes gh-2395: safe conversion of `SYSLOG_PID` or `_PID` (if journal entry contains a string instead of numeric) 2019-04-03 23:58:23 +02:00
Amir Caspi 76816285e8
Update sendmail-reject
Fixing timestamps to 2005 (oops)
2019-03-29 18:21:47 -06:00
Amir Caspi 7ac2f167f9
Update ChangeLog
Fixing typo I introduced in commit eed1de0ceb
2019-03-29 17:49:22 -06:00
Amir Caspi eed1de0ceb
Update ChangeLog
Updated to reflect sendmail-reject changes 9e1fa4ff73 and ffd5d0db78
2019-03-29 17:47:52 -06:00
Amir Caspi ffd5d0db78
Update sendmail-reject.conf
On some distros (e.g., CentOS 7), sendmail default config labels port 465 as TLSMTA and port 587 as MSA. Update failregex to reflect. Relevant loglines included in 9e1fa4ff73
2019-03-29 17:39:27 -06:00
Amir Caspi 9e1fa4ff73
Update sendmail-reject
Added loglines to show TLSMTA and MSA port IDs (RHEL/CentOS sendmail default for ports 465 and 587, respectively)
2019-03-29 17:38:30 -06:00
sebres ced9828d04 filter.d/sendmail-reject.conf: fixed gh-2385 for some systems (e. g. CentOS): if only identifier set to `sm-mta` (no unit `sendmail`) for some messages. 2019-03-29 14:24:06 +01:00
sebres 1045003f49 fail2ban-regex: extended with same logic as fail2ban-server (sets `logtype` to `journal` if systemd backend is used (`systemd-journal` specified), to apply short prefix-line in filter) 2019-03-29 14:24:04 +01:00
sebres ec681a3363 backend `systemd` sets `logtype` to `journal` automatically;
sshd-journal: new test covering sshd journal logging format (matches short prefix-line simulating output of formatJournalEntry);
samplestestcase-factory extended with new option `fileOptions` to set common filter/test options for whole test-file
2019-03-29 14:24:00 +01:00
sebres e268bf97d4 introduces new configuration parameter "logtype" (default "file" for file-backends, and "journal" for journal-backends);
common.conf: differentiate "__prefix_line" for file/journal logtype's (speedup and fix parsing of systemd-journal);
samplestestcase.py: extends testSampleRegexsFactory to allow coverage of journal logtype;
closes gh-2383: asterisk can log timestamp if logs into systemd-journal (regex extended with optional part matching this)
2019-03-29 14:23:57 +01:00
sebres eddd0d2f25 fail2ban-regex: fixed usage of foreign filter path with relative filename (outside of config-base directory): avoid join filter filename with 'filter.d' 2019-03-27 15:12:27 +01:00