Commit Graph

5017 Commits (79b61e009a97470ee849981f2b9d61baf4c77ca2)

Author SHA1 Message Date
sebres 955d690e56 regrouping expressions with curly braces, added more escapes (better handling in posix shell) 2019-10-18 18:34:48 +02:00
Sergey G. Brester 8b850864cf
amend to #2254: update changelog 2019-10-18 12:00:17 +02:00
Sergey G. Brester 54298fe761
Merge pull request #2254
Nftables: isolate fail2ban rules into a dedicated table and chain
2019-10-18 11:43:38 +02:00
sebres d1a73d3004 filter.d/apache-auth.conf:
- ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548);
  - extended with option `mode` - `normal` (default) and `aggressive`
close gh-2548
2019-10-18 11:26:19 +02:00
sebres 50595b70fd filter.d/mysqld-auth.conf: ISO timestamp format (dual time) within log message
(https://serverfault.com/questions/982126/fail2ban-fails-to-recognize-ip)
2019-10-11 01:31:07 +02:00
sebres 9e28b6c65f filter.d/asterisk.conf: relaxing protocol RE-part before IP in RemoteAddress (gh-2531) 2019-09-26 21:46:26 +02:00
sebres 8ea00c1d5d fixed mistake in config (semicolon after space as comment in configs?) and coverage, suppress errors by unsupported flush, better space handling in helper _nft_get_handle_id, etc 2019-09-25 13:47:29 +02:00
sebres 492205d30e action.d/nftables.conf: implemented `actionflush` (allows flushing nftables sets resp. fast unban of all jail tickets at all) 2019-09-24 20:00:29 +02:00
sebres abc4d9fe37 allow to use multiple protocols in multiport (single set with multiple rules in chain):
`banaction = nftables[type=multiport]` with `protocol="tcp,udp,sctp"` in jail replace 3 separate actions.
more robust if deleting multiple references to set (rules in chain)
2019-09-24 19:44:59 +02:00
sebres c753ffb11d combine nftables actions to single action:
- nftables-common is removed
- nftables-allports  is obsolete, replaced by nftables[type=allports]
- nftables-multiport is obsolete, replaced by nftables[type=multiport]
2019-09-24 18:53:38 +02:00
sebres c59d49da22 nftables-allports: support multiple protocols in single rule;
tests/servertestcase.py: added coverage for nftables actions
2019-09-24 18:46:41 +02:00
Ririsoft dde51b4682 fix actionban/unban ip definition syntax 2019-09-24 13:01:14 +02:00
Monson Shao 1cda50ce05 Rewrite nftables variables based on nftables' logic.
Add an example for redirecting.
2019-09-24 13:01:13 +02:00
sebres 82ddaa5771 fix order of jail options in stream:
* be sure usedns is before all regex(s) in stream (this option is also allowed in the config of filter now)
  * logpath after all log-related data (backend, date-pattern, etc)
2019-09-11 19:38:42 +02:00
sebres 7b3ee3dadc allow to set all standard options of filter (like prefregex, journalmatch, etc) directly in jail (without filter or supplying parameters to filter);
normalize stream generation of filter-related parameters across FilterReader and JailReader (uses stream generator of filter now);
test cases extended (testOverrideFilterOptInJail) to cover this possibility.
2019-09-11 16:14:46 +02:00
sebres a36b70c7b5 filter.d/znc-adminlog.conf: support logging format of systemd-journal, bypass port after address (optional, removed end-anchor, see gh-2520) 2019-09-10 21:02:26 +02:00
sebres fbd4bfc595 extend murmur test cases to cover systemd journal log-format (gh-2520, note we don't use any time-stamp as systemd-backend does not expect it) 2019-09-10 19:46:44 +02:00
sebres e547927075 tests: extend server test cases for some stock jails (e. g. check issue with sendmail filters gh-2493 + covering `maxmatches` / `dbmaxmatches` in server tests) 2019-08-22 21:29:46 +02:00
sebres 65da15327e curtail some bothering continuously repeatable debug messages of filters (backend-related) to level 4 (below extra heavy-debug, so simplifying debugging and testing with level 5) 2019-08-22 21:17:45 +02:00
sebres 16b3993be6 actions: improve conditional execution of some operations, also allow to start action on demand (by first ban if `actionstart_on_demand` enabled) for non-conditional actions (backwards compatible, so actionstart_on_demand is on per default only for the actions having family-conditional sections);
small bug fixing (stop/flush/restore env etc) and code simplification.
2019-08-22 21:05:38 +02:00
sebres 39d9133baa amend to 7520d250b0 (#2444): don't use default flags (SYSTEM) if journalfiles are specified (similar journalflags set to 0);
fix failure of testJournalFilesArg and cover both cases now.
2019-07-29 14:23:53 +02:00
sebres 19052d9789 * Merge pull request #2406 from JoeHorn/0.11
support bind-9.11.0 log format
2019-07-29 13:23:25 +02:00
sebres 91923b5c07 don't need to match identifier exactly (@ is precise enough as prefix), not capturing group;
`prefregex` extended, more selective now (denied/NOTAUTH suffix moved from `failregex`, so no catch-all there anymore);
update ChangeLog
2019-07-29 13:21:00 +02:00
Sergey G. Brester 5a3859c163 Update named-refused 2019-07-29 13:06:51 +02:00
Joe Horn 4395469226 Update named-refused.conf
Log format changed since ver. 9.11.0
Ref. ftp://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html
"The logging format used for querylog has been altered. It now includes an additional field indicating the address in memory of the client object processing the query."
2019-07-29 13:06:49 +02:00
Sergey G. Brester a395361de8
Merge pull request #2467 from sebres/logtype-option-rfc5424
New option `logtype` value - `rfc5424`
2019-07-24 00:02:04 +02:00
Sergey G. Brester 70280bfa12
Update ChangeLog 2019-07-24 00:00:24 +02:00
Sergey G. Brester d3b5befe44
update changelog (#2404) 2019-07-22 12:50:48 +02:00
Sergey G. Brester 0dfd4f1f41
Merge pull request #2404 from benrubson/badprotocol
filter.d/sshd.conf: matches "Bad protocol version identification" in ddos and aggressive modes.
2019-07-22 12:47:39 +02:00
Sergey G. Brester eb308d0fc8
add test for injection on version identification 2019-07-22 11:50:01 +02:00
Sergey G. Brester 119401fced
Merge pull request #2452 from benrubson/badips
Badips key is only used to retrieve list
2019-07-20 12:08:22 +02:00
Ben RUBSON a98315386d
Update zzz-sshd-obsolete-multiline.conf 2019-07-19 17:59:16 +02:00
Sergey G. Brester d5a5efcd5a
amend to #2174 for fail2ban.service, fix legacy path, closes gh-2474 2019-07-17 13:38:42 +02:00
Sergey G. Brester 7520d250b0
Merge pull request #2444 from sebres/gh-2392
systemd-backend: switched default flags to SYSTEM_ONLY(4)
2019-07-11 13:25:58 +02:00
sebres 5e980afbb8 filter.d/apache-noscript.conf: closes #2466 - matches "Primary script unknown" without "\n" (optional now) 2019-07-10 12:45:53 +02:00
sebres 62b1712d22 amend to #2387:
- common.conf: rewritten using section-based handling round about option logtype;
- option `logtype` extended with `rfc5424` to cover RFC 5424 log-format (see #2309);
2019-07-09 21:48:43 +02:00
sebres 595054639b tests/samplestestcase.py: fixes retrieving of microseconds by epoch (and comparison within tests factory) 2019-07-09 20:07:14 +02:00
Sergey G. Brester 5bc8d73220
test_badips.py: parameter `key` is removed in #2452 2019-06-26 20:52:37 +02:00
benrubson 8b171f7d25 Badips key is only used to retrieve list 2019-06-26 18:34:20 +02:00
sebres 4a2f4226b8 testIpToName: fixed for reverse IP of google dns (resolving another name now), more dynamic now 2019-06-26 17:28:09 +02:00
Sergey G. Brester 8a386103c1
Update ChangeLog 2019-06-25 15:49:07 +02:00
Sergey G. Brester 978c2fa8dd
Merge pull request #2448 from sebres/norm-mail-actions
Normalization of mailing actions
2019-06-25 15:39:12 +02:00
sebres e751be2c13 normalize, simplify and fix several mail actions (mail and sendmail actions are more similar now, sendmail is configurable via parameter `mailcmd`, etc);
added test covering sendmail-whois-lines
2019-06-15 23:14:41 +02:00
sebres 3d04a99d25 fail2ban-regex: (verbose only) avoid errors by dump of real options (if filter doesn't have some optional parameter, like `datepattern`) 2019-06-15 22:08:31 +02:00
sebres 809e7c4e82 Merge pull request #2264 from girst/0.11 (rebased to 0.10) 2019-06-12 16:28:32 +02:00
girst a7dc3614c4 znc-adminlog: use `<ADDR>` instead of `<HOST>` 2019-06-12 16:26:34 +02:00
girst b288ccd6b6 new filter: znc-adminlog 2019-06-12 16:25:50 +02:00
sebres 326f5d4e3f Merge fix of gh-2390 2019-06-12 11:43:07 +02:00
sebres 4c81338944 update ChangeLog (gh-2390) 2019-06-12 11:28:19 +02:00
sebres 22b9304562 action.d/badips.py: fix start of banaction on demand (which may be IP-family related), supplied action info with ticket instead of simulating it with dict;
(closes gh-2390)
2019-06-12 11:23:52 +02:00