fail2ban

Commit Graph

Author	SHA1	Message	Date
Yannik Sembritzki	a53ee46ad4	add test for asterisk pjsip attack with quote in username	7 years ago
Yannik Sembritzki	b28dfb965a	Fix filter not catching asterisk requests with quote character in username (fixes #2010 )	7 years ago
sebres	1e39c2600c	cherry-pick from 0.11: changes in updateDb because it can be executed after repair, and some tables can be missing.	7 years ago
sebres	277edd5fe5	amend to pull request #2004 : merge remote-tracking branch 'sebres/auto-repair-database' into 0.10	7 years ago
sebres	ab3d03beec	Better variant of repair database: recreate all tables/indices, that can be missing after supposedly successful rescue	7 years ago
Serg G. Brester	75f00a3a6c	Merge pull request #2004 from sebres/auto-repair-database Automatically recover or recreate corrupt persistent database	7 years ago
Serg G. Brester	b104da2800	Merge pull request #2005 from sebres/0.10 Stability fix for fail2banclienttestcase, avoid sporadic coverage decrease.	7 years ago
sebres	a10d544ddc	coverage: fix another sporadic coverage decrease, if idle mode never reached in some test-cases (e. g. by slowly reloading of jails).	7 years ago
sebres	80932af406	coverage: testErrorsInLoop should avoid sporadic coverage changes, if some communication errors not occurred sometimes.	7 years ago
sebres	a1fd2c507e	method `waitForServerEnd` renamed into `stopAndWaitForServerEnd` (because will also stop the server)	7 years ago
sebres	1ad587ac7c	Stability fix for fail2banclienttestcase: - provide waitForServerEnd method for decorator `with_foreground_server_thread`, to wait for real server stop if needed; - accept any exit code in decorator `with_foreground_server_thread`, because multi-threaded, thus server can exit in-between; - fix sporadic fail "AssertionError: 'Banned 5 / 5, 5 ticket(s)' was not found" (if some tickets will be processed earlier, thus not as chunk but separately), so in case of: Banned 1 / 1, 1 ticket(s) in 'nginx-blck-lst' Banned 4 / 5, 5 ticket(s) in 'nginx-blck-lst'	7 years ago
Serg G. Brester	2d23f35d26	Update ChangeLog typo: missing newline restored.	7 years ago
sebres	79443210ad	Update ChangeLog	7 years ago
sebres	9374de59f3	Automatically recover or recreate corrupt persistent database (e. g. if failed to open with 'database disk image is malformed'). Closes #1465	7 years ago
Serg G. Brester	61109d5c4f	Merge pull request #1996 from meke/firewallcmd-new_actioncheck_error firewallcmd-new actioncheck Error	7 years ago
root	79f414c6a2	fix <family> typo	7 years ago
root	7c63eb2378	In the CentOS7 and epel environment, result of "firewall-cmd -direct -get -chains ipv4 filter" is displayed one line Changed to be multiple lines with reference to firewallcmd-multiport.conf	7 years ago
Serg G. Brester	95a87077f7	Merge pull request #1995 from sebres/firewallcmd-ipset-flush action.d/firewallcmd-ipset.conf: extended with actionflush to bulk unban resp. flush ipset	7 years ago
sebres	bf6667d4da	better (sane) stop server handling, AsyncServer.stop_communication back-ported to 0.10 (cherry-picked from 0.11);	7 years ago
sebres	6ccaa03e00	action.d/firewallcmd-ipset.conf: extended with actionflush to bulk unban resp. flush ipset	7 years ago
sebres	aa9cefc3f8	proper stop server in the test cases (quit should stop all server-side threads, also if server was not really started); fix-up for run_with_except_hook: avoid very sporadic error "'NoneType' object has no attribute 'exc_info'" (https://bugs.python.org/issue7336), only extremely fast systems are affected ATM (2.x / 3.x), if thread ends nothing is available in .	7 years ago
sebres	2712f72650	Merge remote-tracking branch 'master' into 0.10	7 years ago
Serg G. Brester	ad658a0a95	Merge pull request #1989 from sebres/logging-options New server logging options	7 years ago
Serg G. Brester	f96761927d	Merge pull request #1969 from RaidForums/patch-1 Update nginx-limit-req filter.	7 years ago
sebres	cc9ff31c9c	Update ChangeLog: `action.d/firewallcmd-ipset.conf`: fixed create of set for ipv6 (missing `family inet6`, gh-1990)	7 years ago
sebres	e384acca5f	action.d/firewallcmd-ipset.conf: fixed create of set for ipv6 (missing `family inet6`)	7 years ago
Kevin Maradona	6c705d572b	filter.d/nginx-limit-req.conf: nginx limit-req log-level can be set to warn or error therefore having this regex will include both of them.	7 years ago
sebres	55143ce1d9	coverage increase	7 years ago
sebres	f9833ddee4	Update ChangeLog	7 years ago
sebres	1bf6636446	Introduced new parameters for logging within fail2ban-server; Usage `logtarget = target[facility=..., datetime=on\|off, format="..."]`: - `facility` - specify syslog facility (default `daemon`, see https://docs.python.org/2/library/logging.handlers.html#sysloghandler for the list of facilities); - `datetime` - add date-time to the message (default on, ignored if `format` specified); - `format` - specify own format how it will be logged, for example for short-log into STDOUT: `fail2ban-server -f --logtarget 'stdout[format="%(relativeCreated)5d \| %(message)s"]' start`; Closes gh-1980	7 years ago
sebres	de97dedba0	move extractOptions from JailReader to helpers (common usage server- / client-side);	7 years ago
Serg G. Brester	ff987b60cd	Merge pull request #1988 from sebres/exim-aggressive Exim aggressive	7 years ago
Serg G. Brester	b0ba1aa846	Update ChangeLog	7 years ago
sebres	ffd6b9f6de	jail.conf: extended with new parameter `mode` for the filters supporting it;	7 years ago
sebres	2b68882502	filter.d/exim.conf: provides mode "aggressive" to ban flood resp. DDOS-similar failures; Closes #1983	7 years ago
sebres	7f89fbc33f	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	7 years ago
Serg G. Brester	f834e7826d	Merge pull request #1979 from peternowee/fix-exim-lowercase-auth Exim failregex: Include lower/mixed case AUTH	7 years ago
Peter Nowee	e4bbaf3d58	Update ChangeLog	7 years ago
Serg G. Brester	f1c89f6631	Merge pull request #1981 from sebres/datedetector-dual-space datedetector: extended default date-patterns (allows extra space between the date and time stamps)	7 years ago
sebres	5547697401	ChangeLog and typo	7 years ago
sebres	2e437937c3	datedetector: extended default date-patterns (allows extra space between the date and time stamps); * introduces 2 new format directives (with corresponding `%Ex` prefix for more precise parsing): - %k - one- or two-digit number giving the hour of the day (0-23) on a 24-hour clock, (corresponds %H, but allows space if not zero-padded). - %l - one- or two-digit number giving the hour of the day (12-11) on a 12-hour clock, (corresponds %I, but allows space if not zero-padded). * mysqld-auth test extended to cover new date-format in log. Closes gh-1639	7 years ago
Serg G. Brester	cbd63d9cd5	added test to cover quoted injecting on AUTH command	7 years ago
Serg G. Brester	4f63180611	Avoid injection using quotes after `auth` command; Added non-greedy fallback for quoted something (with lookahead simulated possessive greedy catch of non-quoted parts `[^"](?=")`). Note that because host-info's are hereafter (with foreign input in-between), we would not use greedy or non-greedy catch-alls (`.` or `.*?`) here (preventing performance losses).	7 years ago
Serg G. Brester	f59df2e156	Avoid any injecting on protocol (e. g. tries using camel-case) The phrase "AUTH command used when not advertised" is precise enough as anchor here, so prevent by any foreign-input (any auth protocol error).	7 years ago
Peter Nowee	aa158ac05f	Exim failregex: Include lower/mixed case AUTH When reporting the error `AUTH command used when not advertised`, Exim starts with `SMTP protocol error in "........."`. Here, Exim logs the SMTP command as it was provided by the connecting client. https://github.com/Exim/exim/blob/exim-4_89+fixes/src/src/smtp_in.c#L2850 According to RFC 5321 (SMTP) "[..] a command verb [..] MAY be encoded in upper case, lower case, or any mixture of upper and lower case with no impact on its meaning." https://tools.ietf.org/html/rfc5321#section-2.4 Lower case `auth login` brute-force attempts were seen in the wild and were not caught by the current failregex. This commit makes the failregex case-insensitive for the `AUTH` command, so that lower case (`auth`) or mixed case (`aUtH`) now also match. The failregex was already case-insensitive for the command arguments (e.g. `AUTH login` already matched).	7 years ago
SlowRiot	660d57e6ba	updating my email address	7 years ago
sebres	fbf89e8cdd	typo in indent (spaces to tabs)	7 years ago
Serg G. Brester	f917b4346b	Merge pull request #1974 from sebres/nginx-block-map session-related blacklisting via nginx	7 years ago
sebres	55c2a9968a	remove lacking [Init] section check ([Init] section not necessary anymore for actions also); fix sporadic error by shutdown server in with_foreground_server_thread decorator (if shutdown too fast, but end-phase still does not reached the tester-thread);	7 years ago
sebres	b62ab2d51e	ChangeLog updated	7 years ago

... 7 8 9 10 11 ...

4779 Commits (7520d250b0dd6afa04070ddd8c6a6c8a2b15428f) All Branches Search

4779 Commits (7520d250b0dd6afa04070ddd8c6a6c8a2b15428f)

All Branches