Sergey G. Brester
27294c4b9e
fail2banregextestcase: compatibility fix for testWrongRE
2023-04-04 13:30:12 +02:00
sebres
56485c8548
filtertestcase.py: byte related copy of lines in tests (locale independent); closes gh-2936
2023-04-04 12:48:12 +02:00
Sergey G. Brester
a9b30eb86e
Merge pull request #2226 from mbologna/nginx-forbidden
...
Feat: ban nginx forbidden accesses
2023-03-23 12:33:32 +01:00
Sergey G. Brester
9cbf59c827
anchored datepattern and added journalmatch (if monitoring systemd journal)
2023-03-23 12:16:13 +01:00
Sergey G. Brester
212a4c236a
update changeLog, nginx-forbidden, gh-2226
2023-03-23 12:12:55 +01:00
Sergey G. Brester
2c0360d178
Merge branch 'master' into nginx-forbidden
2023-03-23 12:01:50 +01:00
sebres
d1d1730de0
Merge fix #3479 :
...
action.d/cloudflare-token.conf: url-encode args by unban
closes 'gh-3479'
2023-03-15 15:14:43 +01:00
Sergey G. Brester
3d4bed50c2
changelog entry (gh-3479)
2023-03-15 15:08:45 +01:00
Sergey G. Brester
c7f8b75e7e
action.d/cloudflare-token.conf: fixes #3479 , url-encode args by unban
2023-03-15 15:03:48 +01:00
Duncan Bellamy
7dc32971f8
changed missed names
2023-03-08 12:16:35 +00:00
Duncan Bellamy
9b1417a169
apply suggestions
2023-03-08 09:29:03 +00:00
Duncan Bellamy
b892133d51
move new comment in changelog
2023-03-08 09:20:51 +00:00
Sergey G. Brester
d46ec3a555
add jail boundary to flush command for more precise targeting of jail (if some name may be equal to prefix of other name)
2023-03-08 09:17:13 +00:00
Duncan Bellamy
5781675a7d
change startcomment and comment so correct rules are flushed
2023-03-08 09:17:13 +00:00
Duncan Bellamy
ac2076ef4f
change unban back to find comment so correct entry always deleted
2023-03-08 09:17:13 +00:00
Duncan Bellamy
0e3e9b1d7f
Add flushaction
...
Change unban to find by ip address not comment
2023-03-08 09:17:13 +00:00
Duncan Bellamy
9997807fb3
Add action for mikrotik routerOS
2023-03-08 09:17:13 +00:00
Vít Kabele
a2c77429b9
New filter: routeros-auth.conf ( Closes #3469 )
...
Add filter to detect failed login attempts in the log produced by
MikroTik RouterOS.
- Add the filter to jail.conf
- Add testcase for the filter
Signed-off-by: Vít Kabele <vit@kabele.me>
2023-03-02 09:25:24 +01:00
Sergey G. Brester
234660e94d
CI-workflow: remove 3.5 (seems to have a bug in GHA now)
2023-02-28 11:39:00 +01:00
Sergey G. Brester
17f060526e
readme: amend
2023-02-28 11:36:34 +01:00
Sergey G. Brester
92fae68071
readme: update version
2023-02-28 11:32:28 +01:00
Sergey G. Brester
06e3dea062
Merge pull request #3460 from Trotyl84/patch-1
...
.gitignore: ignore `.venv/`
2023-02-20 08:42:53 +01:00
Łukasz Turon
5dcbc0dd55
Update .gitignore
...
Please add this entry for virtual python interpreter. This directory name is needed in the PyCharm environment.
2023-02-18 23:49:28 +01:00
sebres
f93a538693
gh-3447: fix careless mistake arisen in b12a3acb06
by attempt to implement new reload capacity (rewritten latter): causing error "'noduplicates' is not defined" by double jail configuration
2023-01-17 12:53:39 +01:00
sebres
a3a3fffa54
Merge branch 'fix-gh-3438':
...
* circumvent SEGFAULT in a python's socket module by getaddrinfo with disabled IPv6 (gh-3438)
* improve auto-detection of IPv6 support (`allowipv6 = auto` by default)
* improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132)
2023-01-11 18:41:15 +01:00
sebres
ed135b6a93
changelog entries (gh-3438, gh-3132)
2023-01-11 18:30:37 +01:00
sebres
582436aadf
don't add subnets to local addresses of `ignoreself` from network interfaces, use only IPs instead (subnets may be too heavy and not wanted, todo: make it configurable later)
2023-01-11 18:27:44 +01:00
sebres
cb8674e68a
amend with few improvements, IPv6IsAllowed prefers IPs from network interfaces (if available for platform) and uses DNS (socket.getaddrinfo) as a fallback only
2023-01-10 12:20:48 +01:00
sebres
09c23fd5b8
try to obtain local addresses from network interfaces before DNS to IP lookup (closes gh-3132);
...
DNSUtils.getSelfIP returns IPAddrSet now (because own IPs may be the subnets now, so the check `ignoreself` must check whether any of subnets contains the IP)
2023-01-09 21:52:12 +01:00
sebres
d8a9812adc
improve auto detection of IPv6 - try to check sysctl net.ipv6.conf.all.disable_ipv6 (prefer value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`)
2023-01-09 16:21:36 +01:00
sebres
58834b6734
better auto-detection for IPv6 support (`allowipv6 = auto` by default); circumvent SF in some python's socket module by getaddrinfo with disabled IPv6 (closes gh-3438)
2023-01-06 14:50:25 +01:00
Sergey G. Brester
432e7e1e93
no warning if no config value but default (debug message now)
...
closes #3420
2022-11-28 13:21:15 +01:00
Sergey G. Brester
bd6e7aeff0
Merge pull request #2112 from al42and/dante
...
Create filter for Dante SOCKS server
2022-11-18 12:43:44 +01:00
Sergey G. Brester
efbbcb41ea
non capturing group
2022-11-18 12:32:15 +01:00
Sergey G. Brester
996553f330
review, simplify regex and capture user name
2022-11-18 12:31:11 +01:00
Andrey Alekseenko
df91b047d2
Dante SOCKS server: handle "1 byte/second" case
...
Thanks to @Loriowar and @sebres for pointing it out
2022-11-17 23:22:56 +01:00
Andrey Alekseenko
05c162ef10
Create filter for Dante SOCKS server
2022-11-17 23:22:55 +01:00
Sergey G. Brester
ae5fe2e003
amend to #3405 , eliminate catch-all
2022-11-15 14:29:59 +01:00
sebres
36af3f2502
Merge branch 'gh-3405'
2022-11-15 14:23:28 +01:00
sebres
a58fcb8786
fix cut out of match for pattern with `{EPOCH}` (similar to other datepatterns group capturing whole regex only added if no groups specified at all);
...
allows to specify more precise anchored patterns, for example `datepattern = ^type=\S+ msg=audit\(({EPOCH})` for selinux-filters
2022-11-14 19:28:18 +01:00
sebres
cbb097a2b3
small amend (non capturing group)
2022-11-14 18:56:01 +01:00
sebres
82506f0586
filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new format with GS and additional parameters, e. g. grantors)
2022-11-14 18:51:06 +01:00
sebres
eba33d6205
version bump
2022-11-14 18:13:01 +01:00
sebres
e1d3006b03
update 1.0.2 -- finally-war-game-test-tape-not-a-nuclear-alarm
2022-11-09 16:46:15 +01:00
sebres
fd3805b40a
changelog: backend `systemd`: code review and several fixes
2022-11-08 19:26:23 +01:00
sebres
cd17906afe
Merge branch '0.11'
2022-11-08 19:03:01 +01:00
sebres
d8e2b03a24
`filter.d/named-refused.conf` extended (closes gh-3388):
...
- support BIND named log categories
- allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)
2022-11-03 11:41:21 +01:00
sebres
6d19d2e800
Merge branch '0.10' into 0.11
2022-11-02 21:06:46 +01:00
sebres
04c252c34b
filtersystemd: code review, wait only if it is necessary - in operational mode and if no more entries retrieved (end of journal);
...
attempt to fix gh-3396 - ensure we give enough time after journal.wait returns with INVALIDATE (due to rotation, vacuuming or journal files added/removed etc) and move cursor back and forth to avoid entering dead space
2022-11-02 21:05:18 +01:00
sebres
ca2b94c522
fixes gh-3370: resolve extremely long search by repeated apply of non-greedy RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests
...
amend to gh-3210: fixes regression and matches new format in aggressive mode too
2022-10-04 14:10:45 +02:00