Commit Graph

4435 Commits (76f5e3659e65b16fb2e049a36b8b3de6ee113649)

Author SHA1 Message Date
sebres 76f5e3659e Merge branch '0.10' into 0.11 2017-10-18 19:03:08 +02:00
sebres 0e66e3cc57 Merge branch 'master' into 0.10
# Conflicts:
#	config/filter.d/asterisk.conf
2017-10-18 19:00:23 +02:00
Serg G. Brester 0aeb91d1e2 Merge pull request #1929 from miken32/patch-1
Remove invalid (vulnerable) regex using IP from foreign input (not the originator).
2017-10-18 18:54:43 +02:00
Serg G. Brester d81405adbc Update ChangeLog
typo
2017-10-18 18:52:55 +02:00
Serg G. Brester b6ab0aa83f Update ChangeLog
more detailed entry
2017-10-18 18:52:12 +02:00
Michael Newton 894a05b843 Update ChangeLog 2017-10-18 09:26:51 -07:00
Michael Newton 3f715e8577 Remove tests 2017-10-17 14:46:11 -07:00
Michael Newton d5d1fe679f Remove invalid regex
Resolves #1927
2017-10-17 14:44:23 -07:00
sebres 667f48817b Merge pull request #1925 from sebres/0.10-fix-pf-multiport:
action.d/pf.conf: fix multiport syntax
2017-10-17 16:09:50 +02:00
sebres 3c4910a3e2 ChangeLog entry + note for possible incompatibility. 2017-10-17 16:06:39 +02:00
sebres 8726c9fb0a pf.conf: enclose ports in braces, multiple ports expecting this syntax `... any port {http, https}`.
Note this would be backwards-incompatible change (for the people already enclosing multiports in braces in jail.local).
closes gh-1915
2017-10-17 13:46:29 +02:00
Serg G. Brester c6029bbef6 Merge pull request #1919 from IdahoPL/IdahoPL-patch-1
Update pf.conf commet to fix syntax error
2017-10-17 12:40:51 +02:00
Łukasz Wąsikowski a4f94d2619 Update pf.conf
Fix comment, because current one won't work:

cat /etc/pf.conf
anchor f2b {
  sshd
}

# service pf reload
Reloading pf rules.
/etc/pf.conf:2: syntax error

New version:

cat /etc/pf.conf
anchor f2b {
  anchor sshd
}

# service pf reload
Reloading pf rules.
2017-10-17 12:39:25 +02:00
Serg G. Brester c42dd6941c Merge pull request #1921 from harry-wood/patch-1
typo
2017-10-16 10:50:11 +02:00
Harry Wood ea1b663f85 typo
spell "positive" (...but also somebody should finish this sentence)
2017-10-16 01:15:58 +01:00
sebres 028f32b74b bump version (0.10.1 -> 0.10.2.dev1) 2017-10-12 14:00:41 +02:00
sebres 351abeb4ff prepare release: bump version, update ChangeLog, man's and MANIFEST etc. 2017-10-12 13:46:46 +02:00
sebres 93634dd822 Merge branch '0.10' into 0.11 2017-10-04 14:25:02 +02:00
sebres ceff489a46 amend to a4459765ef438db83a2898ba832ff7acba033e29: irrelevant condition removed 2017-10-04 14:24:21 +02:00
sebres a4459765ef pyinotify/polling: test filter reaction by delete of watching file, better detection of pending file (avoid errors in fail2ban.log during log-rotation).
Closes gh-1865 for filterpyinotify ("cannot remove WD=2").
2017-10-04 14:17:00 +02:00
sebres 6c1d481135 Merge branch '0.10' into 0.11 2017-10-04 09:57:43 +02:00
sebres e71f16f6ba Merge branch 'master' into 0.10
# Conflicts resolved:
#	config/filter.d/dovecot.conf
2017-10-04 09:57:18 +02:00
sebres ea36e1b3fc filter.d/dovecot.conf: fixed failregex to recognize pam_authenticate failures with "Permission denied" (gh-1897) 2017-10-04 09:55:37 +02:00
Serg G. Brester 32deb828a1 Merge pull request #1904 from sebres/no-dup-ignoreip-fix-1900
Avoid exact duplicates by addIgnoreIP (closes gh-1900)
2017-10-04 08:41:40 +02:00
sebres d1fad22ac1 Avoid exact duplicates by addIgnoreIP (closes gh-1900) 2017-10-02 15:59:14 +02:00
sebres 037a0be3ae Merge branch '0.10' into 0.11 2017-10-02 15:43:55 +02:00
sebres 8c804a2290 Merge branch 'master' into 0.10
# Conflicts resolved:
#	config/filter.d/postfix-rbl.conf
#	config/filter.d/postfix-sasl.conf
#	config/filter.d/postfix.conf
#	fail2ban/tests/files/logs/postfix-sasl
2017-10-02 15:41:30 +02:00
sebres a2120a9de5 filter.d/postfix-*.conf - added optional port regex (closes gh-1902) 2017-10-02 15:31:55 +02:00
Serg G. Brester 6140a0f2d4 Merge pull request #1894 from sbraz/nftables-ipv6
Fix nftables actions for IPv6 addresses, fixes #1893
2017-09-13 09:14:39 +02:00
Serg G. Brester 6149df5216 Update ChangeLog 2017-09-12 09:27:16 +02:00
Louis Sautier 152c9d27d5
Fix nftables actions for IPv6 addresses, fixes #1893
* add [Init?family=inet6] to nftables-common.conf and make nftable
  expressions more modular
* change "ip protocol" to "meta l4proto" in nftables-allports.conf
  since the former only works for IPv4
2017-09-11 23:32:53 +02:00
Serg G. Brester fbd46f29f2 Merge pull request #1891 from sbraz/openrc
Fix Gentoo init script's shebang
2017-09-11 12:24:10 +02:00
Serg G. Brester 72ad904f58 Update ChangeLog 2017-09-11 12:22:43 +02:00
Louis Sautier 2ce0ffb977
Fix Gentoo init script's shebang
Use openrc-run instead of runscript.
5d5856c193
2017-09-11 12:19:33 +02:00
sebres e0fede621e Merge branch '0.10' into 0.11 2017-09-08 11:33:19 +02:00
Serg G. Brester 8be4569d51 Update ChangeLog
several fixes of 0.10th branch
2017-09-08 11:32:08 +02:00
sebres b185e7cb04 Merge remote-tracking branch 'upstream/master' into 0.10 2017-09-08 11:11:05 +02:00
Serg G. Brester 983b128c54 Update ChangeLog
several fixes of 0.9th branch
2017-09-08 11:07:48 +02:00
Serg G. Brester 5221693ce0 Merge pull request #1889 from sebres/0.10-small-optim-review
0.10 small optimization & review, config-reader, pretty-dump, etc.
2017-09-08 10:57:27 +02:00
sebres 462b534469 restrict saving of previous known values to section-related (don't overwrite with the values of other sections, especially like "INCLUDES", etc.) 2017-09-07 20:00:45 +02:00
sebres e20f6204d3 don't put parameters starting with `known/` to the ready stream (intermediate options only), makes streams and dumps of configuration shorter and better readable 2017-09-07 19:32:14 +02:00
sebres b698a74902 introduces new command-line options `--dp`, `--dump-pretty` to dump the configuration using more human readable representation;
allow dump of configuration, also if log-file is not available (warning only)
2017-09-07 19:31:38 +02:00
Serg G. Brester fd83260bd8 jail "pass2allow-ftp" should supply blocktype to action
closes gh-1884
2017-09-07 18:51:08 +02:00
Serg G. Brester bb97e66627 Merge pull request #1882 from coderua/patch-1
Add Jorgee Vulnerability Scanner protect
2017-09-07 15:52:31 +02:00
Serg G. Brester 99a9a9136e Merge pull request #1887 from fail2ban/exim-gh-1886
filter.d/exim.conf: fixed failregex for case of flood attempts with `D=0s`
2017-09-07 15:47:20 +02:00
Serg G. Brester db121a6f85 Update exim
Test case covers flood attempts with `D=0s`
2017-09-07 15:32:35 +02:00
Serg G. Brester 2cd02b731b filter.d/exim.conf: fixed failregex for case of `D=0s`
Closes gh-1886
2017-09-07 15:28:46 +02:00
sebres 4bc226a692 optimized regex 2017-09-05 10:59:16 +02:00
Vladimir Chumak fafefc0293 Add Jorgee Vulnerability Scanner protect
Details for Jorgee Vulnerability Scanner: https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30164
2017-09-05 10:56:43 +02:00
sebres acd9e8155b Merge pull request #1376 from j-marz/master:
Added ZoneMinder filter
2017-09-04 11:52:10 +02:00