github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,501 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

5501 Commits (8c4d02403b4768fb1a76372a7a462fc903c2711e)

Author SHA1 Message Date
sebres 8c4d02403b Merge branch '0.10' into 0.11 2022-03-03 15:15:43 +01:00
sebres e2d50f38a6 amend to #2279: ensure that `<F-MLFGAINED>` match would reset all pending multi-line failures 2022-03-03 15:04:34 +01:00
sebres 7eac4ac06f fail2ban-regex: accepts filter parameters with new-line 2022-03-03 14:46:16 +01:00
sebres 8ac49b5858 Merge branch '0.10' into 0.11 2022-02-09 15:44:35 +01:00
László Károlyi f380d6202d cherry pick #3210 from master 2022-02-09 15:43:21 +01:00
sebres cdb6a46945 systemd backend: better avoidance of landing in dead space by seeks over journals; 
increase verbosity and stability of few systemd tests (fixes sporadic timing issues);
seekToTime doesn't need to convert float to datetime, because seek_realtime accepts it as unix time (we need to convert integers only, since it means microseconds and deprecated);
 2022-02-09 14:47:40 +01:00
sebres 498e473a10 filter.d/courier-auth.conf: consider optional port after IP, regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now; 
closes #3211
 2022-02-09 12:18:23 +01:00
sebres 8013cf0b90 python actions have no attribute 'consistencyCheck' by default; 
closes gh-3214
 2022-02-08 19:57:40 +01:00
sebres 810386a265 filter.d/dovecot.conf: parse everything in parenthesis by auth-worker info, e. g. can match (pid=...,uid=...) too 
(amend to 92f90038fa)
 2022-02-08 19:21:37 +01:00
sebres c7ae74ce17 amend to a147a8b0e1b2f32b6f191932afd3c2db9765e2e3: systemd journal test-cases - additional check appropriate default settings (if testing as not root/sudoer) 2022-02-08 19:10:22 +01:00
sebres 35d73d9758 Merge branch '0.10' into 0.11 2022-01-18 16:17:07 +01:00
sebres bf689c27b8 filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of f77398c49d); 
closes gh-3086
 2022-01-18 15:42:35 +01:00
sebres 8bf15db688 filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port; 
closes gh-3169
 2022-01-18 15:41:27 +01:00
Sergey G. Brester ea7bbb4757
Merge pull request #2182 from orlitzky/openrc-improvements 
OpenRC service script improvements
 2022-01-10 14:39:11 +01:00
Sergey G. Brester 8f83242c25
suppress unneeded info (moved to debug level) 
see #3186
 2021-12-20 15:39:57 +01:00
sebres 3fb02527a4 Merge branch '0.10' into 0.11 2021-12-02 18:52:13 +01:00
sebres 25a61ce632 Merge branch 'gh-actions--test-systemd' into 0.10 + several revisions cherry-picked from 0.11/master 2021-12-02 18:48:59 +01:00
sebres 21d94ff178 amend to fix gh-3098: no option `--disable-2to3` anymore 2021-12-02 18:44:24 +01:00
sebres 196c55e931 fix gh-3098: build fails with error in fail2ban setup command: use_2to3 is invalid (setuptools 58+) 2021-12-02 18:44:22 +01:00
sebres 0fa76ef75a gh-actions: temporary ignore tests of systemd backend for python >= v.3.10 (otherwise it fails with "PY_SSIZE_T_CLEAN macro must be defined for '#' formats") 2021-12-02 18:33:10 +01:00
sebres a147a8b0e1 gh-actions: coverage for systemd backend (to monitor journals in test-suite in GHA-env we need to use 0 as default flags, because otherwise it cannot be found using SYSTEM_ONLY(4)) 2021-12-02 18:33:08 +01:00
sebres 1bcb62e31c gh-actions: python releases upgrade + debug/test systemd backend availability in GHA 2021-12-02 18:33:05 +01:00
sebres a57643404c mytime.seconds2str: small amend with speed-up, code simplification and few tests 2021-11-04 14:34:04 +01:00
sebres 4fe4ac8dde amend to merge: replace timedelta string representation with new function seconds2str 2021-11-03 15:58:57 +01:00
sebres 0b3ad780fe Merge branch '0.10' into 0.11 2021-11-03 15:48:21 +01:00
sebres ebf5784b8c Merge branch 'fix-gh-2882' into 0.10 
closes gh-2882
 2021-11-03 15:47:45 +01:00
sebres 3b02098817 several backends optimizations (in file and journal filters): 
- don't need to wait if we still had log-entries from last iteration (which got interrupted for servicing)
- rewritten update log/journal position, it is more stable and faster now (fewer DB access and surely up-to-date at end)
 2021-11-03 15:41:50 +01:00
sebres 96661f25ab filtersystemd.py: fixes wrong time point of "in operation" mode 
todo: need more tests to cover any step of switch to inOperationMode (all branches)
 2021-11-03 15:41:40 +01:00
sebres 7678f59827 better format of time delta (using seconds2str); increase stability for systemd test-cases 2021-11-03 12:57:57 +01:00
sebres 4b54a07d71 Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;" 
This reverts the incompatibility #3047 introduced by commit a038fd5dfe (#2821).
 2021-11-01 11:45:40 +01:00
Sergey G. Brester e74baae666
Merge pull request #3135 from sylvestre/patch-2 
Add the Debian path to roundcube error logs
 2021-10-25 12:11:42 +02:00
Sylvestre Ledru 3245b8018b
Add the Debian path to roundcube error logs 2021-10-23 17:38:20 +02:00
Sergey G. Brester 98c7dd04a4
Merge pull request #3037 from floppym/bug794931 
tests: improve detection of readable systemd journal
 2021-10-22 15:34:47 +02:00
Mike Gilbert d91d949e95 tests: improve detection of readable systemd journal 
Look for system.journal in journal sub-directory.
Add -readable to the find command.

Bug: https://bugs.gentoo.org/794931
 2021-10-19 11:08:04 -04:00
Sergey G. Brester 8e3a26bdeb
Merge pull request #3117 from fail2ban/gh-3116 
filter.d/lighttpd-auth.conf: adjust to the current source code, avoid catch-all's, etc
 2021-10-01 15:09:09 +02:00
Sergey G. Brester ba839af8ad
filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116) 2021-10-01 15:03:24 +02:00
Sergey G. Brester f8f59dd31a
added test cases covering different messages adjusted to new log-format (gh-3116) 2021-10-01 14:58:25 +02:00
Sergey G. Brester 5ee482bc9a
Merge pull request #3053 from db48x/fix-grammar-of-timestamp-warnings 
Improve grammar and readability of timestamp warnings
 2021-09-21 16:16:52 +02:00
Sergey G. Brester d086317cc8
Update filter.py 2021-09-21 16:05:53 +02:00
Sergey G. Brester 17eed32e03
Update filtertestcase.py 2021-09-21 16:00:37 +02:00
sebres 621d8cae17 restore backwards compatibility for date None 2021-09-20 02:20:22 +02:00
sebres ec043cd202 simplifying logic and shortening messages (delta in minutes; removed clock synchronization, because it is rarely an issue on fail2ban side, e. g. for remote logs only, etc) 2021-09-19 21:58:42 +02:00
Daniel Brooks d7afcde2e1 add a warning message for dates in the future 
and a test that checks which message was output for which time deltas.
 2021-09-19 19:39:52 +02:00
Daniel Brooks 1929e7a76b include more specific information in the warning 2021-09-19 19:39:49 +02:00
Daniel Brooks 320a3dcdd5 remove old warnings from filtertestcase.py 
assertLogged only checks that at least one listed message is found, so
it isn’t necessary to repeat them in the test.
 2021-09-19 19:39:45 +02:00
Daniel Brooks a98cc08b31 Updated the warning messages created when fail2ban sees unexpected timestamps 
to improve their grammar and to remove jargon.

Partially fixes #2822
 2021-09-19 19:39:41 +02:00
sebres d6b884f3b7 amend to fix gh-3098: no option `--disable-2to3` anymore 2021-09-19 18:52:34 +02:00
sebres 5ac303df8a fix gh-3098: build fails with error in fail2ban setup command: use_2to3 is invalid (setuptools 58+) 2021-09-19 18:49:18 +02:00
sebres 8d45deca86 Merge branch '0.10' into 0.11 2021-09-19 18:42:23 +02:00
sebres 974ba688d4 Merge branch 'patch-3098' into 0.10 2021-09-19 18:41:24 +02:00