Commit Graph

5926 Commits (7b528a6da68822d25cd8a671fc4212a1539feee1)

Author SHA1 Message Date
Sergey G. Brester 27294c4b9e
fail2banregextestcase: compatibility fix for testWrongRE 2023-04-04 13:30:12 +02:00
sebres 56485c8548 filtertestcase.py: byte related copy of lines in tests (locale independent); closes gh-2936 2023-04-04 12:48:12 +02:00
Sergey G. Brester a9b30eb86e
Merge pull request #2226 from mbologna/nginx-forbidden
Feat: ban nginx forbidden accesses
2023-03-23 12:33:32 +01:00
Sergey G. Brester 9cbf59c827
anchored datepattern and added journalmatch (if monitoring systemd journal) 2023-03-23 12:16:13 +01:00
Sergey G. Brester 212a4c236a
update changeLog, nginx-forbidden, gh-2226 2023-03-23 12:12:55 +01:00
Sergey G. Brester 2c0360d178
Merge branch 'master' into nginx-forbidden 2023-03-23 12:01:50 +01:00
sebres d1d1730de0 Merge fix #3479:
action.d/cloudflare-token.conf: url-encode args by unban
closes 'gh-3479'
2023-03-15 15:14:43 +01:00
Sergey G. Brester 3d4bed50c2
changelog entry (gh-3479) 2023-03-15 15:08:45 +01:00
Sergey G. Brester c7f8b75e7e
action.d/cloudflare-token.conf: fixes #3479, url-encode args by unban 2023-03-15 15:03:48 +01:00
Duncan Bellamy 7dc32971f8 changed missed names 2023-03-08 12:16:35 +00:00
Duncan Bellamy 9b1417a169 apply suggestions 2023-03-08 09:29:03 +00:00
Duncan Bellamy b892133d51 move new comment in changelog 2023-03-08 09:20:51 +00:00
Sergey G. Brester d46ec3a555 add jail boundary to flush command for more precise targeting of jail (if some name may be equal to prefix of other name) 2023-03-08 09:17:13 +00:00
Duncan Bellamy 5781675a7d change startcomment and comment so correct rules are flushed 2023-03-08 09:17:13 +00:00
Duncan Bellamy ac2076ef4f change unban back to find comment so correct entry always deleted 2023-03-08 09:17:13 +00:00
Duncan Bellamy 0e3e9b1d7f Add flushaction
Change unban to find by ip address not comment
2023-03-08 09:17:13 +00:00
Duncan Bellamy 9997807fb3 Add action for mikrotik routerOS 2023-03-08 09:17:13 +00:00
Vít Kabele a2c77429b9 New filter: routeros-auth.conf (Closes #3469)
Add filter to detect failed login attempts in the log produced by
MikroTik RouterOS.

- Add the filter to jail.conf
- Add testcase for the filter

Signed-off-by: Vít Kabele <vit@kabele.me>
2023-03-02 09:25:24 +01:00
Sergey G. Brester 234660e94d
CI-workflow: remove 3.5 (seems to have a bug in GHA now) 2023-02-28 11:39:00 +01:00
Sergey G. Brester 17f060526e
readme: amend 2023-02-28 11:36:34 +01:00
Sergey G. Brester 92fae68071
readme: update version 2023-02-28 11:32:28 +01:00
Sergey G. Brester 06e3dea062
Merge pull request #3460 from Trotyl84/patch-1
.gitignore: ignore `.venv/`
2023-02-20 08:42:53 +01:00
Łukasz Turon 5dcbc0dd55
Update .gitignore
Please add this entry for virtual python interpreter. This directory name is needed in the PyCharm environment.
2023-02-18 23:49:28 +01:00
sebres f93a538693 gh-3447: fix careless mistake arisen in b12a3acb06 by attempt to implement new reload capacity (rewritten latter): causing error "'noduplicates' is not defined" by double jail configuration 2023-01-17 12:53:39 +01:00
sebres a3a3fffa54 Merge branch 'fix-gh-3438':
* circumvent SEGFAULT in a python's socket module by getaddrinfo with disabled IPv6 (gh-3438)
* improve auto-detection of IPv6 support (`allowipv6 = auto` by default)
* improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132)
2023-01-11 18:41:15 +01:00
sebres ed135b6a93 changelog entries (gh-3438, gh-3132) 2023-01-11 18:30:37 +01:00
sebres 582436aadf don't add subnets to local addresses of `ignoreself` from network interfaces, use only IPs instead (subnets may be too heavy and not wanted, todo: make it configurable later) 2023-01-11 18:27:44 +01:00
sebres cb8674e68a amend with few improvements, IPv6IsAllowed prefers IPs from network interfaces (if available for platform) and uses DNS (socket.getaddrinfo) as a fallback only 2023-01-10 12:20:48 +01:00
sebres 09c23fd5b8 try to obtain local addresses from network interfaces before DNS to IP lookup (closes gh-3132);
DNSUtils.getSelfIP returns IPAddrSet now (because own IPs may be the subnets now, so the check `ignoreself` must check whether any of subnets contains the IP)
2023-01-09 21:52:12 +01:00
sebres d8a9812adc improve auto detection of IPv6 - try to check sysctl net.ipv6.conf.all.disable_ipv6 (prefer value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`) 2023-01-09 16:21:36 +01:00
sebres 58834b6734 better auto-detection for IPv6 support (`allowipv6 = auto` by default); circumvent SF in some python's socket module by getaddrinfo with disabled IPv6 (closes gh-3438) 2023-01-06 14:50:25 +01:00
Sergey G. Brester 432e7e1e93
no warning if no config value but default (debug message now)
closes #3420
2022-11-28 13:21:15 +01:00
Sergey G. Brester bd6e7aeff0
Merge pull request #2112 from al42and/dante
Create filter for Dante SOCKS server
2022-11-18 12:43:44 +01:00
Sergey G. Brester efbbcb41ea
non capturing group 2022-11-18 12:32:15 +01:00
Sergey G. Brester 996553f330
review, simplify regex and capture user name 2022-11-18 12:31:11 +01:00
Andrey Alekseenko df91b047d2 Dante SOCKS server: handle "1 byte/second" case
Thanks to @Loriowar and @sebres for pointing it out
2022-11-17 23:22:56 +01:00
Andrey Alekseenko 05c162ef10 Create filter for Dante SOCKS server 2022-11-17 23:22:55 +01:00
Sergey G. Brester ae5fe2e003
amend to #3405, eliminate catch-all 2022-11-15 14:29:59 +01:00
sebres 36af3f2502 Merge branch 'gh-3405' 2022-11-15 14:23:28 +01:00
sebres a58fcb8786 fix cut out of match for pattern with `{EPOCH}` (similar to other datepatterns group capturing whole regex only added if no groups specified at all);
allows to specify more precise anchored patterns, for example `datepattern = ^type=\S+ msg=audit\(({EPOCH})` for selinux-filters
2022-11-14 19:28:18 +01:00
sebres cbb097a2b3 small amend (non capturing group) 2022-11-14 18:56:01 +01:00
sebres 82506f0586 filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new format with GS and additional parameters, e. g. grantors) 2022-11-14 18:51:06 +01:00
sebres eba33d6205 version bump 2022-11-14 18:13:01 +01:00
sebres e1d3006b03 update 1.0.2 -- finally-war-game-test-tape-not-a-nuclear-alarm 2022-11-09 16:46:15 +01:00
sebres fd3805b40a changelog: backend `systemd`: code review and several fixes 2022-11-08 19:26:23 +01:00
sebres cd17906afe Merge branch '0.11' 2022-11-08 19:03:01 +01:00
sebres d8e2b03a24 `filter.d/named-refused.conf` extended (closes gh-3388):
- support BIND named log categories
  - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)
2022-11-03 11:41:21 +01:00
sebres 6d19d2e800 Merge branch '0.10' into 0.11 2022-11-02 21:06:46 +01:00
sebres 04c252c34b filtersystemd: code review, wait only if it is necessary - in operational mode and if no more entries retrieved (end of journal);
attempt to fix gh-3396 - ensure we give enough time after journal.wait returns with INVALIDATE (due to rotation, vacuuming or journal files added/removed etc) and move cursor back and forth to avoid entering dead space
2022-11-02 21:05:18 +01:00
sebres ca2b94c522 fixes gh-3370: resolve extremely long search by repeated apply of non-greedy RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests
amend to gh-3210: fixes regression and matches new format in aggressive mode too
2022-10-04 14:10:45 +02:00