Commit Graph

5469 Commits (7f1b66bb89eb2ce53dba72ce85e0bcfb8806aeb8)

Author SHA1 Message Date
Allan Nordhøy d7e320b96d
reverting linux indentation 2018-01-23 21:09:53 +01:00
Sergey G. Brester 3ac6166b48
Merge pull request #2027 from yarikoptic/bf-0.10-review
Minor spelling typos etc
2018-01-23 19:45:44 +01:00
Yaroslav Halchenko 527bb9a7c3 dos2unix for helpers-common.conf
Original report: http://bugs.debian.org/888110
2018-01-23 08:48:36 -05:00
Yaroslav Halchenko ba2538ba04 DOC: minor typos spotted around comments etc 2018-01-22 21:39:56 -05:00
Yaroslav Halchenko af2de7ff2f RF: COND_FAMILIES - use tuple
no need for a dict where tuple would be preferable (deterministic order)
2018-01-22 21:08:44 -05:00
Yaroslav Halchenko b9facb80d2 debian/README.Debian - Instructions on how to establish correct startup/shutdown sequence in systemd for shorewall (Closes: #847728)
final recipe
2018-01-22 10:38:48 -05:00
Yaroslav Halchenko 071023526f updated the patch for elderly systems to use python2 2018-01-22 10:04:52 -05:00
Yaroslav Halchenko 11911c0ccd information about new "mode" setting and new filters/actions into changelog 2018-01-22 10:01:43 -05:00
sebres 8cfd97a68f skip a testRepairDb if no sqlite3 command-helper available; code review (removed unnecessary code-pieces resp. code-duplication)
closes #2026
2018-01-22 10:42:33 +01:00
Yaroslav Halchenko 1c283f12f7 debian/control - sqlite3 is now needed for some tests, thus added to build-depends and suggests 2018-01-21 23:31:17 -05:00
Yaroslav Halchenko 0f24d53730 Boost policy to 4.1.3, obey lintian and demand recent debhelper (or dh-systemd), VCS fields to provide a branch 2018-01-21 22:45:32 -05:00
Yaroslav Halchenko 2cccd24ce6 NEWS entry 2018-01-21 22:35:12 -05:00
Yaroslav Halchenko f5134ae479 changlog tune up 2018-01-21 22:21:03 -05:00
Yaroslav Halchenko c7986a1089 Fixed up paths to systemd file and create monit/monitorc.d 2018-01-21 22:10:00 -05:00
Yaroslav Halchenko 2bc71e9f4b One more patch to please fakeroot 2018-01-21 22:03:27 -05:00
Yaroslav Halchenko 404dbc98d3 One more relative path in test configs + tests from upstream PR 2018-01-21 21:50:38 -05:00
Yaroslav Halchenko b2688c6c11 verbose debian build and verbose tests 2018-01-21 21:50:31 -05:00
Yaroslav Halchenko 1aa4522cd3 refreshed the patch 2018-01-21 00:27:00 -05:00
Yaroslav Halchenko 70f2b5c550 initial changelog for 0.10.2-1 2018-01-20 22:13:32 -05:00
Yaroslav Halchenko e9c1b5d6fa Merge tag '0.10.2' into debian
* tag '0.10.2': (623 commits)
  prepare release: bump version, update ChangeLog, man's and MANIFEST etc.
  ChangeLog update
  action.d/pf.conf: compatibility fix - recognizes that parameter `port` specified as empty, with or without braces (should be more backwards compatible to 0.9 now).
  regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name
  nginx-http-auth: match usernames with spaces
  regex updated using non-capturing groups
  extended test-cases to cover new log-format (http_auth -> mod_auth)
  Update lighttpd-auth.conf
  file-filter's: provide stop function in order to explicitly delete/stop monitoring of each file.
  Remove annoying error-message "rm_watch: cannot remove WD=2, Errno=Invalid argument (EINVAL)", logged from pyinotify-module if rm_watch called with non-existing watch file descriptor (probably multi-threaded issue by dual-remove). Closes gh-1865
  should fix sporadic coverage decrease (don't cover "return", because too sporadic to get idle in pyinotify-callback);
  fixed restoring sane environment (via stop/start) if invariant check failed: bypass possible errors in stop (if start/check succeeded hereafter); test cases extended to cover such situation. Closes gh-1997
  action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now.
  micro-fix: delete temporary file (forgotten in test-case `test_move_dir` by reassign to directory)
  Update ChangeLog
  stop ban of legitimate users with multiple public keys (e. g. git, etc), thereby differentiate between "invalid user" (going banned earlier) and valid users with public keys, for which the rejects of not valid public keys (failures) will be retarded up to "Too many authentication failures" resp. disconnect without success (accepted public key).
  filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)
  test cases extended in order to cover `firewallcmd-ipset` with `allports`
  Update ChangeLog
  firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage:
  ...
2018-01-20 21:59:34 -05:00
sebres 9d5f20aab2 FilterPyinotify: fixed sporadic test-case error (multi-threaded) - 'NoneType' object has no attribute 'stop'. 2018-01-19 12:32:24 +01:00
sebres 9a38d5697f bump version (0.10.2 -> 0.10.3.dev1) 2018-01-18 16:40:48 +01:00
sebres a45488465e prepare release: bump version, update ChangeLog, man's and MANIFEST etc. 2018-01-18 14:49:01 +01:00
sebres 81b61fe30c ChangeLog update 2018-01-18 14:19:55 +01:00
sebres f69e28adfc action.d/pf.conf: compatibility fix - recognizes that parameter `port` specified as empty, with or without braces (should be more backwards compatible to 0.9 now). 2018-01-18 14:05:22 +01:00
sebres ed22ddbbbb Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-01-17 16:42:56 +01:00
Sergey G. Brester 37f5a6975e
Merge pull request #2015 from BenediktSeidl/nginx-http-auth--spaces-fix
nginx-http-auth: match usernames with spaces
2018-01-17 16:40:54 +01:00
sebres 63e906b2c1 regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name 2018-01-17 16:35:32 +01:00
Benedikt Seidl fed6c49c2d nginx-http-auth: match usernames with spaces
# Conflicts:
#	ChangeLog
2018-01-17 16:35:31 +01:00
Sergey G. Brester 9a8c4a9869
Merge pull request #2018 from riceru/patch-1
lighttpd-auth.conf: new log-format (http_auth -> mod_auth)
2018-01-17 12:14:38 +01:00
Sergey G. Brester b6c6565a7e
regex updated using non-capturing groups 2018-01-16 14:23:47 +01:00
Sergey G. Brester 9a46590486
extended test-cases to cover new log-format (http_auth -> mod_auth) 2018-01-16 14:20:51 +01:00
riceru 6a1bbbf101
Update lighttpd-auth.conf
I have lighttpd 1.4.45 (Debian 9) and auth error log is different.
Now printing mod_auth and not http_auth.
I think that the change was in Lighttp 1.4.42
2018-01-16 12:39:55 +00:00
sebres 2b7b0da943 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-01-15 18:16:43 +01:00
sebres 2bce0c5e3e file-filter's: provide stop function in order to explicitly delete/stop monitoring of each file. 2018-01-15 18:00:15 +01:00
sebres 81c86fa83f Remove annoying error-message "rm_watch: cannot remove WD=2, Errno=Invalid argument (EINVAL)", logged from pyinotify-module if rm_watch called with non-existing watch file descriptor (probably multi-threaded issue by dual-remove).
Closes gh-1865
2018-01-15 17:12:07 +01:00
sebres b644d2d73f should fix sporadic coverage decrease (don't cover "return", because too sporadic to get idle in pyinotify-callback); 2018-01-11 20:23:22 +01:00
sebres 7516cd025d fixed restoring sane environment (via stop/start) if invariant check failed: bypass possible errors in stop (if start/check succeeded hereafter);
test cases extended to cover such situation.
Closes gh-1997
2018-01-11 13:21:36 +01:00
Serg G. Brester 7e05976ead
action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now.
Closes  #2000
2018-01-11 12:38:34 +01:00
sebres 29e1fe9479 micro-fix: delete temporary file (forgotten in test-case `test_move_dir` by reassign to directory) 2018-01-11 11:15:58 +01:00
Serg G. Brester 6251fcf5f7
Merge pull request #2014 from sebres/sshd-fix-connects-with-mult-pub-keys
stop ban of legitimate users with multiple public keys (e. g. git, etc)
2018-01-11 10:27:35 +01:00
sebres 1c0fc73e48 Update ChangeLog 2018-01-11 10:27:38 +01:00
sebres 2112145eb4 stop ban of legitimate users with multiple public keys (e. g. git, etc), thereby
differentiate between "invalid user" (going banned earlier) and valid users with public keys, for which the rejects of not valid public keys (failures) will be retarded up to "Too many authentication failures" resp. disconnect without success (accepted public key).
2018-01-10 19:07:20 +01:00
sebres 314e402fe0 filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632) 2018-01-10 14:49:06 +01:00
sebres c36fbdf743 test cases extended in order to cover `firewallcmd-ipset` with `allports` 2018-01-10 12:13:07 +01:00
sebres c30144b37a Merge branch '0.9' into 0.10
# Conflicts:
#	config/action.d/firewallcmd-ipset.conf
#	config/filter.d/asterisk.conf
# Merge-point after cherry-pick, no changes:
#	fail2ban/client/jailreader.py
#	fail2ban/helpers.py
2018-01-10 12:05:26 +01:00
Serg G. Brester 029cd5aa24
Update ChangeLog 2018-01-10 11:47:59 +01:00
Serg G. Brester 597a27576e
Merge pull request #1908 from GetPageSpeed/firewallcmd-ipset-allports
New ban mode `allports` for `firewallcmd-ipset`. Closes #1167
2018-01-10 11:43:44 +01:00
sebres 131b94e11e firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage:
banaction = firewallcmd-ipset[actiontype="<allports>"]
2018-01-10 10:58:03 +01:00
Danila Vershinin c190631f88 New ban action firewallcmd-ipset-allports. Closes #1167 2018-01-10 10:58:01 +01:00