b33ae8c194
Ask users to report bugs to github's issues
2012-07-19 14:51:46 -04:00
08564bda1a
ENH: fail2ban-testcases -- custom logging format to ease debugging, non-0 exit code in case of failure
2012-07-19 13:30:55 -04:00
6ac9fd5d26
ENH: Filter's testcases -- rename, del + list again --- a bit unstable, might still fail from time to time
2012-07-19 13:30:01 -04:00
3c95121a8b
BF: pyinotify -- monitor the parent directory for IN_CREATE + process freshly added file (Closes gh-44)
2012-07-19 13:28:48 -04:00
60260bce3d
ENH: first working unittest for checking polling and inotify backends
2012-07-19 01:14:55 -04:00
baa09098f0
RF/BF: just use pyinotify.ThreadedNotifier thread in filterpyinotify
...
that seems also to overcome the problem of often locking upon stop()
2012-07-19 01:14:02 -04:00
25674a95f8
RF: filter.py -- single readline in a loop
2012-07-19 01:10:59 -04:00
b3614d4ea2
ENH: FilterPoll -- adjusted some msgs + allowed to operate without jail (for testing)
2012-07-19 01:08:34 -04:00
42523dce92
Minor additional comment to DEVELOP
2012-07-19 01:04:05 -04:00
47e956bc8e
Replace "|" with "_" in ipmasq-ZZZzzz|fail2ban.rul (Closes gh-66)
...
Surprise -- that is for Windows compatibility
2012-07-18 10:29:59 -04:00
0b842272e3
ENH: extended test LogfileMonitor
2012-07-18 10:26:42 -04:00
8c38907016
Misconfigured DNS should not ban *successful* ssh logins
...
Noticed while looking at the source (to see the point of ssh-ddos).
POSSIBLE BREAK-IN ATTEMPT - sounds scary? But keep reading
the message. It's not a login failure. It's a warning about
reverse-DNS. The login can still succeed, and if it _does_ fail,
that will be logged as normal.
<exhibit n="1">
Jul 9 05:43:00 brick sshd[18971]: Address 200.41.233.234 maps to host234.advance.com.
ar, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jul 9 05:43:00 brick sshd[18971]: Invalid user html from 200.41.233.234
</exhibit>
The problem (in my mind) is that some users are stuck with bad dns.
The warning won't stop them from logging in. I'm pretty sure they can't
even see it. But when they exceed a threshold number of logins -
which could be all successful logins - fail2ban will trigger.
fail2ban shouldn't adding additional checks to successful logins
- it goes against the name fail2ban :)
- the first X "POSSIBLE BREAK-IN ATTEMPT"s would be permitted anyway
- if you want to ban bad DNS, the right way is PARANOID in /etc/hosts.deny
I've checked the source of OpenSSH, and this will only affect the
reverse-DNS error. (I won't be offended if you want to check
for yourself though ;)
<exhibit n="2">
$ grep -r -h -C1 'ATTEMPT' openssh-5.5p1/
logit("reverse mapping checking getaddrinfo for %.700s "
"[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
return xstrdup(ntop);
--
logit("Address %.100s maps to %.600s, but this does not "
"map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
ntop, name);
$
</exhibit>
2012-07-13 21:41:58 +01:00
9a2b41f6ad
ENH: add more verbosity levels to be controlled while running unittests
2012-06-30 00:35:43 -04:00
398cc73d3d
Added few tests of FileFilter. yet to place them into a Jail-ed execution test
...
At the moment they are, despite being provided different backends,
pretty much test FileFilter functionality.
2012-06-30 00:35:08 -04:00
bbab49a415
DOC: distilling some of server "design" into DEVELOP notes for common good
2012-06-29 12:59:26 -04:00
9b360bb12d
ENH: minor, just trailing spaces/tabs + reformated a string
2012-06-29 12:58:53 -04:00
215c3cc5c5
ENH: added a basic test for FilterPoll for detection of modifications
...
The test class MonitorFailures is intended to be excercised for all
Filter*'s, i.e. backends. It is just atm it is useful only for Poll
2012-06-29 12:56:32 -04:00
f970bb288a
Merge pull request #59 from yakatz/doc/DEVELOP
...
clarified that the are existing test cases and the 'coming soon' is about creating new ones
2012-06-26 21:05:41 -07:00
bd40cc7c31
clarified that the are existing test cases and the 'coming soon' is about creating new ones.
2012-06-26 23:16:16 -04:00
25b629a75b
Merge pull request #58 from yakatz/doc/DEVELOP
...
Added beginnings of documentation for developers
2012-06-26 14:50:55 -07:00
322f53e26d
Added beginnings of documentation for developers
2012-06-26 12:25:52 -04:00
3989d24967
BF: usedns=no was not working at all
...
it was not adding any detected address, IP or not to the list of failed attempts
This commit also adds appropriate unittest
2012-06-15 23:43:11 -04:00
971406f722
RF: filtertestcase.py to put common testing into a helping subroutine
2012-06-15 22:23:38 -04:00
d0a322f2b8
ENH: be able to control verbosity from cmdline for fail2ban-testcases
2012-06-15 22:21:16 -04:00
b4099dae57
DOC: Adjusted header for config/*.conf to mention .local and way to comment
...
thanks to Stefano Forli for reminding about comments
see Debian Bug#676146
2012-06-04 22:41:28 -04:00
958aa2e932
Merge pull request #50 from mellitus/master
...
Fix addBannedIP/banip command (Closes gh-31)
2012-05-01 15:11:00 -07:00
a018a26133
Fixed addBannedIP to add enough failures to trigger a ban, rather than
...
just one failure.
2012-05-01 17:13:21 -04:00
444e4ac3ed
Fix Gentoo initd script (drop extra_commands)
2012-04-21 22:24:51 -04:00
4007751191
ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 ( Closes : #669063 )
2012-04-16 20:36:53 -04:00
7b77beee0e
DOC: comment in jail.conf for the need of multiple jails for asterisk
2012-02-28 12:04:24 -05:00
71a3fb17e2
Merge remote-tracking branch 'gh-magicrhesus/master'
...
* gh-magicrhesus/master:
Add the INCLUDE section to use __pid_re feature
Disable asterisk jail by default
Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
Change NOTICE by NOTICE%(__pid_re)s
Remove custom bantime
Add sample log file for asterisk
Add $ at the end of the failregex
Add asterisk support
Conflicts:
config/jail.conf -- placed asterisk jails before recidive and added blank lines after the jail headers
2012-02-28 12:03:16 -05:00
8c00ce0a65
Add the INCLUDE section to use __pid_re feature
2012-02-28 17:28:06 +01:00
180c17bede
Disable asterisk jail by default
2012-02-27 16:14:18 +01:00
df0e0fdc07
Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
2012-02-21 18:53:44 +01:00
c679a1a588
Change NOTICE by NOTICE%(__pid_re)s
2012-02-21 18:05:53 +01:00
42dd05210a
Added a warning for the recidive jail
2012-02-18 20:15:42 -05:00
617094fad5
BF: fail2ban-regex -- adding forgotten char for -v
2012-02-18 20:12:23 -05:00
d7ca754980
Merge branch 'master' of github.com:magicrhesus/fail2ban
2012-02-15 19:47:04 +01:00
c7613ce311
Remove custom bantime
2012-02-15 18:55:35 +01:00
7a76838737
Add sample log file for asterisk
2012-02-13 17:57:55 +01:00
d98cdb25d6
Add $ at the end of the failregex
2012-02-13 17:11:32 +01:00
5891d2d218
ENH: fail2ban-regex -- quieter by default and added --verbose mode
...
now # of hits groupped into regexp listings since it makes little to no sense
to have it separate
2012-02-10 22:51:31 -05:00
d2ffee0b2d
ENH: minor, just pythonized some parts of fail2ban-regex summary
2012-02-10 22:19:44 -05:00
2245ff5b41
ENH: rudimentary __repr__ for Filter and Jail + moved usedns into set method
...
otherwise usedns is way too noisy, especially within fail2ban-regex
2012-02-10 21:59:26 -05:00
25f1e8d98c
BF: allow trailing whitespace in few missing it regexes for sshd.conf
2012-02-10 21:14:51 -05:00
b257be4cd1
BF+ENH: added %m-%d-%Y pattern + do not add %Y for Feb 29 fix if already present in the pattern
...
although %m-%d-%Y is ambioius with %d-%m-%Y it comes after so it should not
be too dangerous (i.e. in upcoming days having smth like 02-01 should work as before matching
first one first) and proper fix to select between the two should follow some time
soon
2012-01-28 12:43:42 -05:00
10729f96b9
minor comment into TODO
2012-01-26 23:43:47 -05:00
221210404c
Merge branch '_tent/gentoo+recidive'
...
* _tent/gentoo+recidive:
ENH: moved jail definition for recidive into jail.conf + swapped/commented durations + non-groupping ?:
gentoo init scipt: $opts variable is deprecated See http://forums.gentoo.org/viewtopic-t-899018.html
Fix for https://github.com/fail2ban/fail2ban/issues/19
2012-01-26 23:29:04 -05:00
1807be5a8c
ENH: moved jail definition for recidive into jail.conf + swapped/commented durations + non-groupping ?:
...
thanks @cepheid666 for the useful comments
2012-01-26 23:28:44 -05:00
0eaa4c2750
gentoo init scipt: $opts variable is deprecated
...
See http://forums.gentoo.org/viewtopic-t-899018.html
2012-01-26 23:41:55 +01:00
Yaroslav Halchenko