sebres
7b528a6da6
example.com seemed to switch its IPs, replace them everywhere (and use test IP-range instead where it is possible)
2024-04-24 19:30:48 +02:00
sebres
3ca3646472
implemented `fail2ban-client stats` (or alias `fail2ban-client statistic[s]`) for tabulated output of fail2ban stats
...
amend to #2975
2024-04-24 18:49:59 +02:00
sebres
bdba42edd9
implemented `fail2ban-client status --all [flavor]`
...
closes #2975
2024-04-24 16:29:49 +02:00
sebres
921d9a5a40
Merge branch 'gh-2655--f2b-regex-4-jail': implemented loading of jail settings in fail2ban-regex;
...
amend to RFE gh-2655
2024-04-02 18:04:52 +02:00
sebres
3b97182f62
amend to 781321d6092d415e079439389e6e6588b8feaaa7: better regex to detect jail name (it could contain dot etc)
2024-04-02 18:02:07 +02:00
Sergey G. Brester
b59fd2e7b5
Merge pull request #3697 from remontti/patch-1
...
named-refused.conf: denied allows any reason in parenthesis as suffix
2024-03-25 16:41:11 +01:00
sebres
44f32d6132
changelog
2024-03-25 16:36:21 +01:00
sebres
2c13cba73d
loosening for denied suffix (would match no matter which reason in parenthesis);
...
add coverage for denied with "(allow-query-cache did not match)"
2024-03-25 16:35:20 +01:00
Rudimar Remontti
fd7657f9a9
Update named-refused.conf
2024-03-25 16:35:16 +01:00
sebres
4550e3ad27
ChangeLog: reorder (filters after actions)
2024-03-25 16:34:12 +01:00
sebres
a4ca2e83bd
Merge branch 'gh-3060': adjusted `filter.d/exim.conf` and `filter.d/exim-spam.conf`:
...
- messages are prefiltered by `prefregex` now
- filter can bypass additional timestamp or pid that may be logged via systemd-journal or syslog-ng (gh-3060)
closes #3060
2024-03-25 15:56:10 +01:00
sebres
1ec9237e53
bypass additional pid in prefix (may be logged by syslog-ng, gh-3060); matches protocol error with authentication mechanism not supported
2024-03-25 15:52:06 +01:00
sebres
c80908837f
`filter.d/exim.conf`:
...
- messages are prefiltered by `prefregex` now
- filter can bypass additional timestamp that may be logged via systemd-journal (gh-3060)
2024-03-25 15:31:23 +01:00
Sergey G. Brester
e0f1a1e02a
Merge pull request #3702 from bes-internal/exim
...
exim: final `<HOST>` to `<ADDR>` conversion
2024-03-22 22:52:11 +01:00
Vladimir Varlamov
8da0a99cde
pid part may contain full hostname
2024-03-22 22:38:33 +03:00
Vladimir Varlamov
806a27cb4f
final `<HOST>` to `<ADDR>` conversion
2024-03-22 22:38:33 +03:00
Sergey G. Brester
5ecc26d3ba
Merge pull request #3701 from bes-internal/exim
...
filter.d/exim.conf: rewrite host line regex for all varied exim's log_selector states
2024-03-22 16:52:33 +01:00
sebres
e605415f61
simplify fields-group a bit (everything up to 4 chars long but H), so it'll be faster (no multiple branches) as well as would theoretically accept future enhancements of logged fields.
2024-03-22 16:47:54 +01:00
sebres
c22a83933b
let's use `<ADDR>` instead `<HOST>` - only IPs expected, since host-name bypassed before it (directly after H=)
2024-03-22 16:35:46 +01:00
Vladimir Varlamov
df94ec4c52
filter.d/exim.conf: rewrite host line regex for all varied exim's log_selector states
...
Depending on Exim's log_selector settings, log lines may contain additional information about the connection. And also the line itself with the address of the remote host can vary greatly. But fortunately, all states can be found in the Exim code itself and taken into account. Makes it easier to add new regexps.
Closes #3263
2024-03-22 00:16:41 +03:00
Anton Samets
0c125ec9c9
filter.d/postfix.conf: add Sender address rejected: Malformed DNS server reply ( #3590 )
...
* add Sender address rejected: Malformed DNS server reply
2024-03-19 20:30:45 +01:00
sebres
77b052fdea
amend to df9584505aea0e8570fb53dd5a8e43f8b3af994a (for gh-3487): setup must install fail2ban.compat
2024-03-18 14:22:39 +01:00
sebres
5a59b0bae2
filter.d/apache-common.conf: accepts remote instead of client
...
(closes gh-3622)
2024-03-15 22:40:26 +01:00
Sergey G. Brester
f63868b3e8
filter.d/apache-common.conf: remote besides client, gh-3622
2024-03-15 22:36:40 +01:00
Sergey G. Brester
9ca137b42b
test for apache-auth with remote, gh-3622
2024-03-15 22:23:45 +01:00
Sergey G. Brester
529eb79ddb
Merge pull request #3692 from pingou2712/postfixSystemd
...
Change journalmatch postfix
2024-03-13 02:34:03 +01:00
Vincent Laffargue
d260ed31d2
Maintain backward compatibility Postfix SYSTEMD_UNIT
2024-03-12 04:42:36 +01:00
Sergey G. Brester
8be16f1c1c
Merge pull request #3693 from pingou2712/ModifRecidive
...
Change Regex Recidive and journalmatch For Systemd Match
2024-03-11 19:12:16 +01:00
Sergey G. Brester
f12917c491
recidive: test case for journal log-format
2024-03-11 17:50:09 +01:00
Sergey G. Brester
dd3c78ecab
filter.d/recidive.conf: conditional RE depending on logtype (for file or journal)
2024-03-11 17:49:06 +01:00
Vincent Laffargue
0b63fc312d
Change Regex Recidive and journalmatch For Systemd Match
2024-03-10 10:56:35 +01:00
Vincent Laffargue
93082ead79
Change journalmatch postfix
2024-03-10 10:10:03 +01:00
Sergey G. Brester
383adec83c
Merge pull request #3690 from karolyi/master
...
Add to postfix accepted logs
2024-03-08 14:45:53 +01:00
Sergey G. Brester
45d7f3cb97
no space in any case
2024-03-08 11:43:46 +01:00
László Károlyi
ff701e94c3
Add to postfix syslog daemon format
2024-03-07 20:23:50 +01:00
sebres
3047572701
set restored mark on ticket before ignore invocation (it can be checked in `ignorecommand`, considered by `ignorecache`, etc)
2024-03-01 12:49:59 +01:00
sebres
dce2c608c1
Merge branch 'gh-3486'
...
filter.d/sshd.conf: ddos/aggressive mode extended to match new messages caused by port scanner, wrong payload on ssh port:
- message authentication code incorrect [preauth]
- connection corrupted [preauth]
- timeout before authentication
2024-02-13 16:59:08 +01:00
sebres
4f679a56e0
filter.d/sshd.conf: ddos/aggressive mode extended to match new messages caused by port scanner, wrong payload on ssh port:
...
- message authentication code incorrect [preauth]
- connection corrupted [preauth]
- timeout before authentication
closes gh-3486
2024-02-13 16:53:21 +01:00
sebres
9bedc3c383
Merge branch 'gh-2655--f2b-regex-4-jail': implemented loading of jail settings in fail2ban-regex;
...
closes gh-2655
2024-01-03 13:43:44 +01:00
sebres
302252b25c
ChangeLog, gh-2655
2024-01-03 13:38:14 +01:00
sebres
cab6f93364
fail2ban-regex: fixes forgotten basedir (-c "$basedir") of jailreader
2024-01-03 13:18:33 +01:00
sebres
b3178851fe
test coverage (restore usage with filter and load setting from jail)
2023-12-31 17:03:38 +01:00
sebres
781321d609
fail2ban-regex: loading parsing settings from jail now (by simple name it'd prefer jail to the filter now), fallback:
...
- fail2ban-regex ... sshd
+ fail2ban-regex ... filter.d/sshd
closes gh-2655
2023-12-31 16:38:18 +01:00
sebres
7de1057f94
avoid DNS of local names in fast tests (small optimization)
2023-12-31 12:48:22 +01:00
sebres
dd4431cd63
remove remaining tweaks for obsolete python
2023-12-31 12:45:24 +01:00
Sergey G. Brester
e1b7720d43
Merge pull request #3268 from Logic-32/feature/smtp-ssl
...
`action.d/smtp.py` - add support for TLS SMTP connections.
2023-12-30 21:56:01 +01:00
sebres
0c2edfacb0
combine smtpd and aiosmtpd tests; encapsulate smtp facilities to setUpClass/tearDownClass (behaves like a singleton, doesn't start smtp server per test); don't generate cert every time (too slow by RSA:2048, use short ECC:256 instead);
...
drastically speedup all smtp-action tests
2023-12-30 21:27:35 +01:00
Logic-32
b161e55ca7
Adding STARTTLS test with the help of aiosmtp. Make sure SMTP specifies host/port in addition to connect() due to bug with starttls.
2023-12-30 16:42:31 +01:00
Sergey G. Brester
6fb3198a41
attempt to fix action for 2.x
...
self.host cannot be supplied to SMTP because it can contain port (but `connect` takes place few lines below)
2023-12-30 16:42:27 +01:00
Logic-32
6a1da5e164
Removing logging in favor of just throwing. Removing user from message as it doesn't add any value.
2023-12-30 16:42:23 +01:00