sebres
8fd083a1ea
Merge remote-tracking branch 'remotes/kwirk/sebres-strptime-bug' into ban-time-incr
2014-05-15 17:12:11 +02:00
sebres
addfea6614
static method forgotten;
2014-05-15 15:16:53 +02:00
Steven Hiscocks
1c20fd88d4
DOC: Update docs in reference to time zone related fix
2014-05-14 23:04:48 +01:00
Steven Hiscocks
8843423c8f
TST: Fix tests due to @sebres fix and based from gh-349 reverts
2014-05-14 23:01:14 +01:00
sebres
2bf0b4a50c
strptime bug fix: if gmtoff is None we have 1 hour increment of time (through utctimetuple), compare:
...
>>>> datetime.datetime.fromtimestamp(time.mktime(datetime.datetime.now().timetuple())).strftime("%Y-%m-%d %H:%M:%S")
'2014-04-29 17:26:31'
>>>> datetime.datetime.fromtimestamp(time.mktime(datetime.datetime.now().utctimetuple())).strftime("%Y-%m-%d %H:%M:%S")
'2014-04-29 18:26:37'
2014-05-14 22:29:06 +01:00
sebres
ec3ed0e4ae
introduced string to seconds (str2seconds) for configuration entries with time;
...
todo: expands it for all time config entries;
2014-05-14 16:01:35 +02:00
sebres
f492aa7ac9
remove affected check, to delete jails always (pass testPurge)
2014-05-14 12:32:30 +02:00
sebres
99c9cbf470
code review, manually ban uses by addFailure the count "maxRetry" directly;
...
log ticket time (found in line)
2014-05-14 12:17:28 +02:00
sebres
d22ab320e2
"magic" formula for auto increasing of retry count for known (bad) ip, corresponding banCount of it
...
(one try will count than 2, 3, 5, 9 ...)
2014-05-14 11:21:31 +02:00
Yaroslav Halchenko
2526dbae92
Merge branch 'recursive-tag-fix' of https://github.com/kwirk/fail2ban
...
* 'recursive-tag-fix' of https://github.com/kwirk/fail2ban :
ENH: explicitly define tags which should be escaped
DOC: ChangeLog update for recursive tag bug fix
BF: Tags not fully recursively substituted
Conflicts:
ChangeLog -- kept all as is
2014-05-13 11:23:30 -04:00
Steven Hiscocks
1e586fb0e9
ENH: explicitly define tags which should be escaped
2014-05-11 14:49:49 +01:00
Yaroslav Halchenko
c619202d6f
Merge branch 'master' of github.com:fail2ban/fail2ban
...
* 'master' of github.com:fail2ban/fail2ban:
ENH: Match non "Bye Bye" for sshd locked accounts failregex
Even stricter monit regex, now covers entire line
Tidy up filter.d/monit.conf, make regex more complete. Add ChangeLog / THANKS entry. Add test cases.
ENH: Move traceback formatter to from tests.utils to helpers
Block brute-force attempts against the Monit gui
2014-05-10 20:02:47 -04:00
Steven Hiscocks
904b362215
DOC: ChangeLog update for recursive tag bug fix
...
Also minor typo fixes in comments
2014-05-09 20:25:44 +01:00
Steven Hiscocks
77ba065571
Merge pull request #697 from jhmartin/monit_admin_hack
...
Block brute-force attempts against the Monit gui
2014-05-07 22:23:01 +01:00
Yaroslav Halchenko
3471f13a84
Merge pull request #700 from kwirk/format-traceback-to-helpers
...
ENH: Move traceback formatter to from tests.utils to helpers
2014-05-07 09:09:01 -04:00
sebres
0121e09907
default formula faster and more readable, comparable with "multipliers", like 2**N, default factor for both solutions is 1 now
2014-05-07 13:28:04 +02:00
sebres
7d17fb5c6c
python >= 3.x, local variable 'lastBanTime' reference bug fixed
2014-05-06 20:55:41 +02:00
sebres
a4837da899
Merge branch 'ban-time-incr' of https://github.com/sebres/fail2ban into ban-time-incr
2014-05-06 20:32:23 +02:00
sebres
3a75c8a752
ban time incr: 2st test case added (code optimized for test cases), to test both stand-alone:
...
python ./bin/fail2ban-testcases -l debug 'BanTimeIncr'
2014-05-06 20:30:12 +02:00
sebres
6c8327e39f
indentation level fix
2014-05-06 20:24:49 +02:00
sebres
14167ed778
ban time incr: 2st test case added (code optimized for test cases), to test both stand-alone:
...
python ./bin/fail2ban-testcases -l debug 'BanTimeIncr'
2014-05-06 20:14:23 +02:00
sebres
237706e39f
ban time incr: 1st test case added, to test it stand-alone:
...
python ./bin/fail2ban-testcases -l debug 'BanTimeIncr'
2014-05-06 17:57:11 +02:00
sebres
c48e404e63
option "multipliers" added, how proposed from @yarikoptic;
...
the calculate formula is rewritten to lambda / compiled solution (up to 10 million times per seconds);
code review;
2014-05-06 16:07:16 +02:00
Yaroslav Halchenko
1f8b554d31
Merge branch 'database-persistent-bans' of https://github.com/kwirk/fail2ban
...
* 'database-persistent-bans' of https://github.com/kwirk/fail2ban :
BF: bantime < 0 database should return all bans, as they are persistent
Conflicts:
ChangeLog - kept all ;)
2014-05-05 23:29:35 -04:00
Yaroslav Halchenko
3eabf4a7bd
Merge pull request #708 from kwirk/ssh-bye-bye
...
ENH: Match non "Bye Bye" for sshd locked accounts failregex
2014-05-05 23:22:57 -04:00
Yaroslav Halchenko
65269365ee
minor
2014-05-05 23:16:18 -04:00
Yaroslav Halchenko
91eb75098b
Merge pull request #714 from kwirk/urandom-persistent
...
BF: Avoid closing "/dev/urandom" for Python 3.4.0
2014-05-05 23:13:34 -04:00
sebres
ccacfc1047
code review
2014-05-05 15:17:22 +02:00
sebres
ccf07c4b21
- some bug fixed to pass all test cases;
...
- database_v1.db/bans/jail-name bug fixed - cause of different jail name in jails and bans, in test case (by updateDb): FOREIGN KEY constraint failed:
$ sqlite3 fail2ban/tests/files/database_v1.db
sqlite> select distinct jail from bans;
DummyJail #16244880 with 0 tickets
sqlite> select distinct name from jails;
DummyJail #29162448 with 0 tickets
sqlite> update bans set jail = (select distinct name from jails);
2014-05-05 14:47:50 +02:00
sebres
6f7c9b7d0f
introduced new feature "ban time exponential increasing":
...
"bantimeextra.enabled" in jail.conf allows to use database for searching of previously banned ip's to increase a default ban time using special formula,
by default, each next ban it will be original banTime * 1, 2, 4, 8, 16, 32...
see "jail.conf" for some other options of "bantimeextra";
additional we can configure a little randomization of ban time, to prevent "clever" botnets calculate exact time IP can be unbanned.
WARNING: by first start the server upgrades sqlite database (table "bans" will recreated with another schema);
2014-05-05 12:38:54 +02:00
Steven Hiscocks
b3266ba44d
BF: Tags not fully recursively substituted
...
Note: recursive check ignored for "matches", as tags would be escaped,
and hence shouldn't match "<%s>" as "<ip>" would become "\<ip\>". This
therefore maintains advantage of delayed call for {ip,jail,}matches.
Fixes gh-713
2014-05-03 14:28:13 +01:00
Steven Hiscocks
2bb7401ec1
Merge pull request #686 from CameronNemo/patch-2
...
Update fail2ban.upstart
2014-05-03 13:21:13 +01:00
Steven Hiscocks
1e8402cb99
DOC: ChangeLog entry for Python 3.4.0 persistent "/dev/urandom" fix
2014-05-03 12:51:15 +01:00
Steven Hiscocks
cf3a6015f0
BF: Avoid closing "/dev/urandom" for Python 3.4.0
...
Upstream bug: http://bugs.python.org/issue21207
Closes gh-687
2014-05-03 12:44:03 +01:00
Steven Hiscocks
b486014b35
TST: Add Python 3.4 for TravisCI
...
This reverts commit 233aa043f3
.
2014-05-03 12:09:48 +01:00
Yaroslav Halchenko
1e19bca28e
Merge pull request #704 from CameronNemo/foreground-opt-client
...
Add an option in fail2ban-client to pass the foreground option to the server
2014-05-01 13:14:06 -04:00
Steven Hiscocks
bc10b64c69
ENH: Match non "Bye Bye" for sshd locked accounts failregex
2014-04-27 13:35:55 +01:00
Steven Hiscocks
7cc64a14e0
BF: fail2ban-regex assertion error caused by miscounted "missed" lines
...
Caused when removing lines as part of multiline regex, which had been
previously considered missed.
2014-04-27 13:27:11 +01:00
Yaroslav Halchenko
596b819bdc
DOC: minor -- tabify docstring in badips.py action
2014-04-23 10:04:17 -04:00
Cameron Norman
2a14e48f0b
A few final touches on the Upstart job
...
(a) use static-network-up, since it is more generic than the started networking event
(b) do not hook into network deconfiguration to speed up shutdown
(c) expect fork, per the use of the "-f" option
(d) use a variable for the run directory to make changing it simpler
(e) handle the situation of a left over socket file
(f) use the -f option to be able to track the PID
2014-04-22 21:55:51 -07:00
Jason Martin
9c3cb31862
Even stricter monit regex, now covers entire line
2014-04-22 21:29:52 -07:00
Cameron Norman
73cb3e3eec
Added more specific help message to fail2ban-client with -f option
2014-04-22 20:20:07 -07:00
Steven Hiscocks
bbcbefd494
BF: bantime < 0 database should return all bans, as they are persistent
2014-04-22 19:20:44 +01:00
Yaroslav Halchenko
64866995b7
Merge pull request #703 from kwirk/journal-match-notice
...
Add notice message for systemd backend when no journal match
2014-04-20 22:32:00 -04:00
Cameron Norman
7818b0cb2a
Added f and b to cmdOpts.
...
f = start server in foreground; b = start server in background (default).
2014-04-20 16:03:04 -07:00
Cameron Norman
1f53eb2d28
Updated man page for new options
2014-04-20 11:39:04 -07:00
Cameron Norman
9c2a0cb403
Added foreground and background options to fail2ban-client
2014-04-20 11:37:07 -07:00
Steven Hiscocks
a7766d3316
DOC: Add notice message for systemd backend when no journal match
2014-04-20 17:59:41 +01:00
Cameron Norman
39ad5b7474
Update Upstart job: uses stop command in pre-stop, removes PID file in post-stop
2014-04-19 15:10:19 -07:00
Cameron Norman
0ef5027234
Change Upstart job to track PID of the server
...
This only works correctly if the client does not fork itself when starting the server (which forks twice further).
2014-04-19 14:12:20 -07:00