sebres
83f626c4aa
(grave) closes gh-2431: replace newlines in message from systemd journal (otherwise multi-line parsing is broken, because removal of matched string from multi-line buffer window is confused by extra new-lines, so they are retained and got matched on every followed message).
2019-05-24 15:53:16 +02:00
sebres
49bf6132cc
amend for 3036ed18893b6aae6619e53201aa53deb701b94f: eliminate "invalid sequence" warnings
2019-05-14 21:40:33 +02:00
sebres
607e965e7b
Merge branch 'sebres/0.10-travis-xenial' into 0.10:
...
- multi-distribution (trusty & xenial);
- python 3.8 (and new python/pypy minor versions on xenial);
2019-05-14 20:16:59 +02:00
sebres
08d2615020
small amend: review, simplification, etc
2019-05-14 20:04:44 +02:00
sebres
1cca374d04
.travis.yml: several distributions in matrix (trusty & xenial together)
2019-05-14 19:55:01 +02:00
sebres
d310c4992f
.travis.yml: coverage for python 3.8 (test with newest python/pypy versions)
2019-05-14 18:24:45 +02:00
sebres
3036ed1889
resolve deprecated syntax (eliminate "invalid sequence" warnings)
2019-05-14 18:22:55 +02:00
sebres
0426a24719
filter.d/postfix.conf: (closes gh-2426) filter extended to catch "5.1.1" (Recipient address rejected: User unknown in local recipient table) with RCPT (and some session-id instead of "NOQUEUE")
2019-05-14 15:27:20 +02:00
sebres
2b8e2707bb
Merge pull request #2298 from chtheis/0.11 (rebased to 0.10)
2019-05-10 16:22:58 +02:00
sebres
4d08bc4ad5
update ChangeLog
2019-05-10 16:22:25 +02:00
sebres
d8d71c5a22
action.d/helpers-common.conf: grep arguments are rewritten - using options `-wF` to match only whole words and fixed string (not as pattern)
2019-05-10 16:17:13 +02:00
chtheis
fa727586ff
Fix grep pattern to deal with Apache's error log
...
Apache's error log appends the port to the IP address, other logs don't.
2019-05-10 16:04:27 +02:00
sebres
23d2281e57
action.d/nginx-block-map.conf: small fix with better RE-rule for removal of ID (token/session) via sed (anchored now)
2019-05-02 15:22:45 +02:00
benrubson
5b2b680bfe
SSHd add Bad protocol version message
2019-05-02 11:42:45 +02:00
Sergey G. Brester
b318eb7e33
closes gh-2408: prevent execution of action `abuseipdb` for restored tickets
2019-04-29 10:45:37 +02:00
sebres
3d80e881c5
increase coverage (if python-systemd not available, so some tests may be skipped)
2019-04-26 13:29:19 +02:00
sebres
cd32f4a132
amend to ec681a3363
(PR gh-2387):
...
- specify default options (`logtype`) in default sections of filter-config (this allows to overwrite such options in Definition/Init sections within filter.local or includes also without setting that in the jail);
- fail2ban-regex: output real filter-options (after combine/interpolate) if verbose (`-vv`) or debug (`-l debug`).
2019-04-26 12:49:03 +02:00
Sergey G. Brester
7c9c751eb6
Merge pull request #2247 from Holston5/Holston5/mysqld-auth.conf
...
Update mysql logging command and fix mod_security filter
2019-04-24 21:57:19 +02:00
Sergey G. Brester
a7c48e7fe7
test case to cover two client entries message
2019-04-24 21:35:21 +02:00
Holston
422a2de7fe
updated
2019-04-24 21:35:19 +02:00
Holston
a581bf3f08
Fixed filter for Apache mod_security
2019-04-24 21:35:17 +02:00
Holston
5d6a84ba78
Updated to correct logging option
2019-04-24 21:35:15 +02:00
Sergey G. Brester
d67e42efa2
Merge pull request #2402 from sebres/maxentries-mem-saving
...
maxmatches: memory saving options
2019-04-19 12:51:04 +02:00
Sergey G. Brester
7d6db7391e
Update ChangeLog
2019-04-19 12:50:35 +02:00
sebres
3e5b8fdc6a
fixes coverage of dbmaxmatches = 0
2019-04-18 22:44:14 +02:00
sebres
46fc4c4615
protocol and documentation
2019-04-18 22:14:34 +02:00
sebres
4629e4320f
coverage and code review
2019-04-18 21:48:58 +02:00
sebres
852cb0362c
fix restoring of tickets from database if `maxmatches` of jail smaller as `dbmaxmatches` (so read fewer matches in memory):
2019-04-18 21:17:38 +02:00
sebres
25f1aa334e
fail2ban.conf: move default settings into DEFAULT section (to be more similar to jail.conf, Definition section overwrites the options, so it is backwards compatible)
2019-04-18 20:53:11 +02:00
sebres
0386df0042
introduced new options: `dbmaxmatches` (fail2ban.conf) and `maxmatches` (jail.conf);
...
setting `maxmatches` and `dbmaxmatches` to 0 saves memory usage and database size (closes gh-2118).
2019-04-18 20:31:39 +02:00
sebres
1083788e70
small amend (rename maxEntries -> maxMatches for consistency reasons)
2019-04-18 19:50:48 +02:00
sebres
5df78ad11f
fix corner cases by maxEntries = 0 (no matches should be saved), test cases extended to cover it + code review
2019-04-18 19:37:42 +02:00
sebres
5ebac4fe61
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2019-04-18 15:38:06 +02:00
Sergey G. Brester
28c1da33dc
Merge pull request #2387 from sebres/logtype-option-journal
...
New backend-related option `logtype` (`journal` or `file`)
2019-04-18 13:27:42 +02:00
Sergey G. Brester
d920dd4014
Update ChangeLog
2019-04-18 13:19:21 +02:00
Sergey G. Brester
4a2c564945
Merge pull request #2388 from cepheid666/0.10
...
Update sendmail-reject with TLSMTA & MSA port IDs
2019-04-04 02:55:59 +02:00
Sergey G. Brester
ec9f698f5b
removed new-line
2019-04-04 02:55:09 +02:00
Sergey G. Brester
c09ac8ebed
small amend (typo)
2019-04-04 02:53:18 +02:00
Sergey G. Brester
6c7093c66d
minor amend, refolding branches (SP|SA -> S[PA])
2019-04-04 02:28:50 +02:00
Sergey G. Brester
7a463eb3f7
closes gh-2395: safe conversion of `SYSLOG_PID` or `_PID` (if journal entry contains a string instead of numeric)
2019-04-03 23:58:23 +02:00
Amir Caspi
76816285e8
Update sendmail-reject
...
Fixing timestamps to 2005 (oops)
2019-03-29 18:21:47 -06:00
Amir Caspi
7ac2f167f9
Update ChangeLog
...
Fixing typo I introduced in commit eed1de0ceb
2019-03-29 17:49:22 -06:00
Amir Caspi
eed1de0ceb
Update ChangeLog
...
Updated to reflect sendmail-reject changes 9e1fa4ff73
and ffd5d0db78
2019-03-29 17:47:52 -06:00
Amir Caspi
ffd5d0db78
Update sendmail-reject.conf
...
On some distros (e.g., CentOS 7), sendmail default config labels port 465 as TLSMTA and port 587 as MSA. Update failregex to reflect. Relevant loglines included in 9e1fa4ff73
2019-03-29 17:39:27 -06:00
Amir Caspi
9e1fa4ff73
Update sendmail-reject
...
Added loglines to show TLSMTA and MSA port IDs (RHEL/CentOS sendmail default for ports 465 and 587, respectively)
2019-03-29 17:38:30 -06:00
sebres
ced9828d04
filter.d/sendmail-reject.conf: fixed gh-2385 for some systems (e. g. CentOS): if only identifier set to `sm-mta` (no unit `sendmail`) for some messages.
2019-03-29 14:24:06 +01:00
sebres
1045003f49
fail2ban-regex: extended with same logic as fail2ban-server (sets `logtype` to `journal` if systemd backend is used (`systemd-journal` specified), to apply short prefix-line in filter)
2019-03-29 14:24:04 +01:00
sebres
ec681a3363
backend `systemd` sets `logtype` to `journal` automatically;
...
sshd-journal: new test covering sshd journal logging format (matches short prefix-line simulating output of formatJournalEntry);
samplestestcase-factory extended with new option `fileOptions` to set common filter/test options for whole test-file
2019-03-29 14:24:00 +01:00
sebres
e268bf97d4
introduces new configuration parameter "logtype" (default "file" for file-backends, and "journal" for journal-backends);
...
common.conf: differentiate "__prefix_line" for file/journal logtype's (speedup and fix parsing of systemd-journal);
samplestestcase.py: extends testSampleRegexsFactory to allow coverage of journal logtype;
closes gh-2383: asterisk can log timestamp if logs into systemd-journal (regex extended with optional part matching this)
2019-03-29 14:23:57 +01:00
sebres
eddd0d2f25
fail2ban-regex: fixed usage of foreign filter path with relative filename (outside of config-base directory): avoid join filter filename with 'filter.d'
2019-03-27 15:12:27 +01:00