Commit Graph

5147 Commits (70f2b5c5505fa06b2bb97897fee41c494a10c6af)

Author SHA1 Message Date
Louis Sautier 2ce0ffb977
Fix Gentoo init script's shebang
Use openrc-run instead of runscript.
5d5856c193
2017-09-11 12:19:33 +02:00
Serg G. Brester 8be4569d51 Update ChangeLog
several fixes of 0.10th branch
2017-09-08 11:32:08 +02:00
sebres b185e7cb04 Merge remote-tracking branch 'upstream/master' into 0.10 2017-09-08 11:11:05 +02:00
Serg G. Brester 983b128c54 Update ChangeLog
several fixes of 0.9th branch
2017-09-08 11:07:48 +02:00
Serg G. Brester 5221693ce0 Merge pull request #1889 from sebres/0.10-small-optim-review
0.10 small optimization & review, config-reader, pretty-dump, etc.
2017-09-08 10:57:27 +02:00
sebres 462b534469 restrict saving of previous known values to section-related (don't overwrite with the values of other sections, especially like "INCLUDES", etc.) 2017-09-07 20:00:45 +02:00
sebres e20f6204d3 don't put parameters starting with `known/` to the ready stream (intermediate options only), makes streams and dumps of configuration shorter and better readable 2017-09-07 19:32:14 +02:00
sebres b698a74902 introduces new command-line options `--dp`, `--dump-pretty` to dump the configuration using more human readable representation;
allow dump of configuration, also if log-file is not available (warning only)
2017-09-07 19:31:38 +02:00
Serg G. Brester fd83260bd8 jail "pass2allow-ftp" should supply blocktype to action
closes gh-1884
2017-09-07 18:51:08 +02:00
Serg G. Brester bb97e66627 Merge pull request #1882 from coderua/patch-1
Add Jorgee Vulnerability Scanner protect
2017-09-07 15:52:31 +02:00
Serg G. Brester 99a9a9136e Merge pull request #1887 from fail2ban/exim-gh-1886
filter.d/exim.conf: fixed failregex for case of flood attempts with `D=0s`
2017-09-07 15:47:20 +02:00
Serg G. Brester db121a6f85 Update exim
Test case covers flood attempts with `D=0s`
2017-09-07 15:32:35 +02:00
Serg G. Brester 2cd02b731b filter.d/exim.conf: fixed failregex for case of `D=0s`
Closes gh-1886
2017-09-07 15:28:46 +02:00
sebres 4bc226a692 optimized regex 2017-09-05 10:59:16 +02:00
Vladimir Chumak fafefc0293 Add Jorgee Vulnerability Scanner protect
Details for Jorgee Vulnerability Scanner: https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30164
2017-09-05 10:56:43 +02:00
sebres acd9e8155b Merge pull request #1376 from j-marz/master:
Added ZoneMinder filter
2017-09-04 11:52:10 +02:00
sebres 4163f32968 small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include 2017-09-04 11:48:01 +02:00
john ac95449bbb changed zoneminder regex as per Sebres and yarikoptic recommendations 2017-09-04 11:37:09 +02:00
john 7013729a1f removed redundant options for zoneminder from jail.conf 2017-09-04 11:37:05 +02:00
john 5c3a666380 fixed incomplete regex after adding anchors 2017-09-04 11:37:03 +02:00
john 3d45fd2713 implemented yarikoptic's suggestions in fail2ban pull request #1376 2017-09-04 11:37:00 +02:00
john 776d463e92 added missing colon to failJSON 2017-09-04 11:36:58 +02:00
john 4d8ba7b668 fixed test log file 2017-09-04 11:36:55 +02:00
john 44c4496e49 added sample log files 2017-09-04 11:36:53 +02:00
john 08878d22dd added zoneminder.conf filter 2017-09-04 11:36:50 +02:00
john a90f6c4ae8 added zoneminder jail and filter
# Conflicts:
#	config/jail.conf
2017-09-04 11:36:47 +02:00
sebres c312962029 filter.d/dovecot.conf: partially cherry-pick to 0.9 PR #1880 from sebres/0.10-fix-dovecot-regex (d926e11a5c)
fixed failregex (without new mode aggressive)
2017-09-01 10:57:41 +02:00
Serg G. Brester d926e11a5c Merge pull request #1880 from sebres/0.10-fix-dovecot-regex
filter.d/dovecot.conf: fixed failregex + new mode aggressive
2017-09-01 10:36:22 +02:00
sebres 2cfc53c08e remove capturing groups 2017-09-01 10:25:09 +02:00
sebres 9b8563f35e - fixes regex for message `imap-login: Disconnected (auth failed, X attempts) ...` has to many variations on additional info after `<HOST>`,
leave it end-anchored because variable part `user=<[^>]*>` (before `<HOST>`) to avoid injecting, but can be safe rewritten using `[^>]*` in opposite to "greedy" `user=<[^>]*>`.
- introduces mode `aggressive` and extends regex for this mode to match:
  * no auth attempts (previously removed in gh-601, because of lots of false positives on misconfigured MTAs)
  * disconnected before auth was ready
  * client didn't finish SASL auth
2017-09-01 09:56:21 +02:00
Serg G. Brester a287d0a05c Merge pull request #1872 from kmzby/master
Added filter for phpMyAdmin+syslog
2017-08-25 12:22:58 +02:00
Serg G. Brester 569283063b Merge pull request #1874 from sebres/fix-f2b-setup
setup.py: fix several setup facilities
2017-08-25 12:22:31 +02:00
Pavel Mihadyuk 4c1abe1cbf phpmyadmin-syslog: removed excess file, fixed test, updated failregex 2017-08-23 16:56:18 +03:00
sebres f451cf34b3 don't check return code by dry-run: returns 256 on some python/setuptool versions. 2017-08-23 13:20:51 +02:00
sebres e3b061e94b - `files/fail2ban.service` renamed as template to `files/fail2ban.service.in`;
- setup process generates `build/fail2ban.service` from `files/fail2ban.service.in` using distribution related bin-path;
- bug-fixing by running setup with option `--dry-run` (note: specify option `--dry-run` before `install`, like `python setup.py --dry-run install`);
- test cases extended to cover dry-run.
2017-08-23 13:01:29 +02:00
Pavel Mihadyuk d09304b897 phpmyadmin-syslog: added default jail config 2017-08-22 19:00:48 +03:00
Pavel Mihadyuk 41994fcb56 Added filter for phpMyAdmin+syslog (>=4.7.0) 2017-08-22 18:46:40 +03:00
Pavel Mihadyuk 5b4bc2aafd Added filter for phpMyAdmin+syslog (>=4.7.0). Closes #1713 2017-08-22 18:20:01 +03:00
sebres 1d5fbb95ae Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-08-18 15:44:22 +02:00
Serg G. Brester 124e5587c6 Merge pull request #1869 from sebres/fix-gh-1389
action.d/bsd-ipfw.conf: replace not posix-compliant grep option
2017-08-18 15:43:05 +02:00
Serg G. Brester b0e5efb631 bsd-ipfw.conf: sh-compliant redirect of stderr together with stdout 2017-08-18 15:26:09 +02:00
sebres 3be32adefb Replace not posix-compliant grep option: fgrep with `-q` option can cause 141 exit code in some cases (see gh-1389). 2017-08-18 14:37:29 +02:00
sebres 8e6b4346dc avoid using "ANSI_X3.4-1968" as preferred encoding, if missing environment variables 'LANGUAGE', 'LC_ALL', 'LC_CTYPE', and 'LANG'
(especially critical if default value `encoding = auto` configured).

As PoC and coverage (this case fails without this "fix"):
$ env -i PATH="$PATH" bin/fail2ban-testcases --fast --no-network testAddBanInvalidEncoded
2017-08-18 13:41:58 +02:00
Jacques Distler f84e58e769 Tweaks to action.d/pf.conf
Document recent changes.
Add an option to customize the pf block rule (surely, what the user
really wants, here, is "block quick").
2017-08-18 13:31:34 +02:00
sebres 69a6d0e653 amend to 10c0d954017fac270bf1c568e4b02e94d5949b58: order in cymru-info can variate on each level,
sorted using key=str (otherwise `['nxdomain', u'US'] != ['US', 'nxdomain']` may occur on some python versions).
2017-08-16 21:23:42 +02:00
sebres a3c6bb601d Fixes version, causes "UserWarning: Normalizing '0.10.1dev1' to '0.10.1.dev1'" during setup-process. 2017-08-16 20:50:33 +02:00
sebres 72bd666797 Fixes representation of IPAddr (likely the string representation, enclosed in single-quotes). 2017-08-16 20:50:06 +02:00
sebres 10c0d95401 prevent sporadic assert errors on nested lists/dict differ at some level (mostly causes on python 3.4 because of different dict hashing);
introduces new test assertion routine `asesertSortedEqual` for comparison regardless elements order (regarding level/nestedOnly arguments).
2017-08-16 20:48:18 +02:00
sebres 33874d6e53 action.d/pf.conf: anchored call arguments combined as `<pfctl>` parameter;
test cases fixed;
2017-08-16 17:51:07 +02:00
Alexander Köppe f6ccede2f1 Update pf.conf fixing #1863
Fix #1863
Introduce own PF anchors for fail2ban rules.
2017-08-16 17:51:05 +02:00