github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,971 Commits
32 Branches
229 Tags
17 MiB
Commit Graph

1132 Commits (9a558589d7e67bfd553641bd9c074f85f97c50f4)

Author SHA1 Message Date
sebres 4c22d4a801 Merge branch '0.11' 2020-03-13 17:47:03 +01:00
sebres d42ec210cc Merge branch '0.10' into 0.11 2020-03-13 17:44:29 +01:00
sebres 9f1c6f1617 filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660) 2020-03-13 17:34:37 +01:00
sebres e3737bb7c0 filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660) 2020-03-13 17:20:19 +01:00
Sergey G. Brester d4da9afd7f
Update ChangeLog 2020-03-06 20:29:48 +01:00
sebres 8b43d54878 Merge branch '0.11' 2020-03-05 14:32:42 +01:00
sebres 32f02ef3b3 Merge branch '0.10' into 0.11 2020-03-05 14:01:14 +01:00
sebres 42714d0849 filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it); 
amend to 62b1712d22 (PR #2387, backend-related option `logtype`);
testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)
 2020-03-05 13:47:11 +01:00
sebres 2ddf687c31 Merge branch '0.10' into 0.11 - test cases only (add ban to database was moved to observer in 0.11) 2020-03-02 19:17:16 +01:00
sebres 15158e4474 closes gh-2647: add ban to database is moved from jail.putFailTicket to actions.__CheckBan; be sure manual ban is written to database, so can be restored by restart; reload/restart test extended 2020-03-02 18:58:59 +01:00
sebres f088e7bf76 Merge branch '0.10' into 0.11 2020-03-02 17:10:48 +01:00
sebres 4766547e1f performance optimization of `datepattern` (better search algorithm); 
datetemplate: improved anchor detection for capturing groups `(^...)`; introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex;
datedetector: speedup special case if only one template is defined (every match wins - no collision, no sorting, no other best match possible)
 2020-02-28 14:27:21 +01:00
sebres ef1eaf9b37 Merge branch '0.11' 2020-02-25 17:18:50 +01:00
sebres c15c300d2a Merge branch '0.10' into 0.11 2020-02-25 17:11:29 +01:00
sebres e6ca04ca9d Merge branch '0.10' into 0.11 + version bump (back to dev) 2020-02-25 16:10:31 +01:00
Christopher Gurnee df885586d4 close Popen() pipes explicitly for PyPy 
Waiting for garbage collection to close pipes opened by Popen() can
lead to "Too many open files" errors with PyPy; close them explicitly.
 2020-02-25 14:55:10 +01:00
sebres e57e950ef5 version bump (back to dev) 2020-02-25 14:51:54 +01:00
sebres 8cbc1e0ebb ChangeLog (change actioncheck behavior) 2020-01-16 16:51:57 +01:00
sebres bb0f732ae6 version bump (master is 1.0.x-dev now) 2020-01-14 20:38:26 +01:00
sebres d004a2c79b release 0.11.1 -- This is the Way 2020-01-11 11:01:00 +01:00
sebres 27fb4790fb Merge branch '0.10' into 0.11 2020-01-10 15:17:54 +01:00
sebres b25d8565fc release 0.10.5 -- Deserve more respect a jedi's weapon must. Hrrrm, Yes 2020-01-10 13:34:46 +01:00
sebres 4860d69909 Merge branch '0.10' into 0.11 2020-01-09 20:55:00 +01:00
sebres f77398c49d filter.d/sshd.conf: captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra` (with supplied user only) and `ddos`/`aggressive` mode (`normal` mode is not affected, used there just as a helper with `<F-NOFAIL>` to capture IP for multiline failures without IP); 
closes gh-2115, gh-2362.
 2020-01-09 20:53:53 +01:00
sebres d1b7e2b5fb fail2ban-regex - several enhancements and fixes: 
- improved usage output (don't put a long help if an error occurs);
- new option `--no-check-all` to avoid check of all regex's (first matched only);
- new option `-o`, `--out` to set token provided in output (disables check-all and outputs only expected data);
- test cases optimized and extended
 2020-01-09 16:59:13 +01:00
sebres 587e4ff573 Merge branch '0.10' into 0.11 
(conflicts resolved)
 2020-01-08 21:27:23 +01:00
sebres f30b7ae244 update ChangeLog + spelling 2020-01-08 21:03:00 +01:00
sebres 24d1ea9aa2 Merge branch '0.10' into 0.11 2019-11-25 01:58:55 +01:00
Sergey G. Brester e86e9b2ee9
Merge branch '0.10' into gh-927-subnet 2019-11-15 01:47:50 +01:00
sebres 27e6b0021c ChangeLog update gh-2563 2019-11-08 13:18:57 +01:00
sebres e5d02bc2e9 grouped tags (`<ADDR>`, `<HOST>`, `<SUBNET>`) recognize IP addresses enclosed in square brackets, closes gh-2494 2019-11-04 12:11:00 +01:00
sebres d44607a161 part of #927 - filter enhancement to parse IP sub-nets (IP/CIDR with correct recognition of IP-family), 
provides new replacement tags for failregex to match subnets in form of IP-addresses with CIDR mask (gh-2559):
  - `<CIDR>` - helper regex to match CIDR (simple integer form of net-mask);
  - `<SUBNET>` - regex to match sub-net adresses (in form of IP/CIDR, also single IP is matched, so part /CIDR is optional);
 2019-11-01 16:29:17 +01:00
sebres 0824ad0d73 Merge branch '0.10' into 0.11 2019-10-18 12:04:38 +02:00
Sergey G. Brester 8b850864cf
amend to #2254: update changelog 2019-10-18 12:00:17 +02:00
sebres d1a73d3004 filter.d/apache-auth.conf: 
- ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548);
  - extended with option `mode` - `normal` (default) and `aggressive`
close gh-2548
 2019-10-18 11:26:19 +02:00
sebres 1cdd618232 Merge branch '0.10' into 0.11 2019-07-29 13:26:37 +02:00
sebres 5d5253dd70 Merge branch '0.10' into 0.11 2019-07-29 13:25:49 +02:00
sebres 91923b5c07 don't need to match identifier exactly (@ is precise enough as prefix), not capturing group; 
`prefregex` extended, more selective now (denied/NOTAUTH suffix moved from `failregex`, so no catch-all there anymore);
update ChangeLog
 2019-07-29 13:21:00 +02:00
Sergey G. Brester a395361de8
Merge pull request #2467 from sebres/logtype-option-rfc5424 
New option `logtype` value - `rfc5424`
 2019-07-24 00:02:04 +02:00
Sergey G. Brester 70280bfa12
Update ChangeLog 2019-07-24 00:00:24 +02:00
sebres 581f13c2db Merge branch '0.10' into 0.11 2019-07-22 19:07:15 +02:00
Sergey G. Brester d3b5befe44
update changelog (#2404) 2019-07-22 12:50:48 +02:00
sebres 0a209f01c2 Merge branch '0.10' into 0.11 2019-07-11 13:28:47 +02:00
Sergey G. Brester 7520d250b0
Merge pull request #2444 from sebres/gh-2392 
systemd-backend: switched default flags to SYSTEM_ONLY(4)
 2019-07-11 13:25:58 +02:00
Sergey G. Brester 8a386103c1
Update ChangeLog 2019-06-25 15:49:07 +02:00
sebres 5045c4bb00 Merge branch '0.10' into 0.11 2019-06-12 16:28:57 +02:00
girst b288ccd6b6 new filter: znc-adminlog 2019-06-12 16:25:50 +02:00
sebres 2e7a600851 Merge branch '0.10' into 0.11 2019-06-12 11:44:05 +02:00
sebres 4c81338944 update ChangeLog (gh-2390) 2019-06-12 11:28:19 +02:00
sebres 686a8bdc54 Merge branch '0.10' into 0.11 2019-06-12 00:13:39 +02:00
sebres 2725acb64b amend to 809acb69e5928c0e678ad25b43e53b567cb23a3b: extended to avoid the vice versa race (too many outdated tickets to unban) - max count of outdated tickets is restricted also. 2019-06-12 00:11:26 +02:00
sebres 0ed3a63151 Merge branch '0.10' into 0.11 2019-06-07 16:29:38 +02:00
sebres e5ae113215 filter.d/postfix.conf: extended with new postfix filter mode `errors` to match "too many errors" (gh-2439), 
also included within modes `normal`, `more` (`extra` and `aggressive`), since postfix
  parameter `smtpd_hard_error_limit` is default 20 (additionally consider `maxretry`)
 2019-06-07 16:14:02 +02:00
sebres 3b2f75414c filter.d/postfix.conf: extended regexp's to accept variable suffix code in status of postfix for precise messages (gh-2442) 2019-06-07 15:40:55 +02:00
sebres 3d4044084a Merge branch '0.10' into 0.11 2019-06-07 14:48:10 +02:00
sebres 8da9bfb83a Update ChangeLog (gh-2302, rebased to 0.10) 2019-06-07 14:47:43 +02:00
sebres f48677db7d Merge branch '0.10' into 0.11 2019-05-24 16:18:32 +02:00
sebres 3b51c005f8 update ChangeLog (multi-line parsing fix, gh-2431) 2019-05-24 16:17:06 +02:00
sebres ca85ddc866 Merge branch '0.10' into 0.11 2019-05-10 16:23:50 +02:00
sebres 4d08bc4ad5 update ChangeLog 2019-05-10 16:22:25 +02:00
sebres f0c5bd56f4 Merge branch '0.10' into 0.11 (conflicts resolved) 2019-04-19 13:20:38 +02:00
Sergey G. Brester 7d6db7391e
Update ChangeLog 2019-04-19 12:50:35 +02:00
sebres 337be4b36c Merge remote-tracking branch 'remotes/gh-upstream/0.10' into 0.11 2019-04-18 13:47:44 +02:00
Sergey G. Brester 28c1da33dc
Merge pull request #2387 from sebres/logtype-option-journal 
New backend-related option `logtype` (`journal` or `file`)
 2019-04-18 13:27:42 +02:00
Sergey G. Brester d920dd4014
Update ChangeLog 2019-04-18 13:19:21 +02:00
Sergey G. Brester ec9f698f5b
removed new-line 2019-04-04 02:55:09 +02:00
Amir Caspi 7ac2f167f9
Update ChangeLog 
Fixing typo I introduced in commit eed1de0ceb
 2019-03-29 17:49:22 -06:00
Amir Caspi eed1de0ceb
Update ChangeLog 
Updated to reflect sendmail-reject changes 9e1fa4ff73 and ffd5d0db78
 2019-03-29 17:47:52 -06:00
sebres 1e59d53bbe fixed typo 2019-03-27 13:48:53 +01:00
sebres 324f0ed7cc Merge branch '0.10' into 0.11 2019-03-01 12:36:07 +01:00
Sergey G. Brester 6c14f1987f
Update ChangeLog 2019-03-01 12:31:17 +01:00
Sergey G. Brester 410a9804b1
Update ChangeLog 2019-02-22 14:23:05 +01:00
Ben RUBSON 34edec297b Add changelog entry 2019-02-22 13:33:08 +01:00
sebres a3b7a0525a Merge branch '0.10' into 0.11 2019-02-22 13:22:52 +01:00
Sergey G. Brester d3f6d6ffdd
Merge pull request #2286 from crazy-max/0.10 
New filter `traefik-auth`
 2019-02-21 22:27:04 +01:00
sebres e44cd671b2 Merge branch '0.10' into 0.11 (conflicts resolved, tests fixed) 2019-02-21 17:29:04 +01:00
Sergey G. Brester a48d50efc0
Update ChangeLog 2019-02-21 14:37:07 +01:00
sebres 1647d0090e Merge branch '0.10' into 0.11 2019-02-11 19:19:44 +01:00
Sergey G. Brester c819a18a0a
Update ChangeLog 2019-02-11 19:15:11 +01:00
sebres d88ce7181c Merge branch '0.10' into 0.11 2019-01-07 01:51:59 +01:00
Sergey G. Brester 4108e04ab4
Update ChangeLog 2019-01-07 01:50:44 +01:00
sebres f959f58e15 extend protocol (command-line) and regenerate man's 2019-01-06 22:45:48 +01:00
sebres df97fd33cf ip-list is sorted now (by end of ban) per default; 
extended with new option `--with-time` to provide more pretty and informative result (separated by new-line, including time strings: time of ban + ban-time = end of ban):
  192.0.2.1    2019-01-06 22:24:48 + 300 = 2019-01-06 22:29:48
  192.0.2.2    2019-01-06 22:24:48 + 600 = 2019-01-06 22:34:48
also it is possible now to provide separator-character as extra-parameter after `get <jail> banip ?sep-char?` (default is space).
removed unneeded test-cases (test code-base minimization) and unexpected manually changed files.
 2019-01-06 22:31:23 +01:00
SP 3d477d229d ENH: added new command `fail2ban-client get <JAIL> banip` to get the banned ip addresses (gh-1916) 2019-01-03 23:55:35 +03:00
sebres 2010dda6fa Merge branch '0.10' into 0.11 2018-12-19 12:20:10 +01:00
Sergey G. Brester 3fa54559e5
Update ChangeLog 2018-12-17 18:39:31 +01:00
sebres 9b96a7de89 fix of SafeConfigParserWithIncludes 2018-12-11 15:39:43 +01:00
CrazyMax a51f82770b
New filter `traefik-auth` 2018-11-24 22:44:44 +01:00
sebres b49c1ab4b3 Merge branch '0.10' into 0.11 2018-11-21 13:06:44 +01:00
Sergey G. Brester 0ac5c8941c
Update ChangeLog 2018-11-20 12:39:38 +01:00
sebres f9f7e29295 Merge branch '0.10' into 0.11 (version bump after r.0.10.4) 2018-10-04 13:08:25 +02:00
sebres 0ae02ba2a1 version bump (back to dev-version) 2018-10-04 11:57:56 +02:00
sebres aa565eb80e release 0.10.4 - ten-four-on-due-date-ten-four 2018-10-04 11:26:22 +02:00
sebres 6b52f90ad6 Merge branch '0.10' into 0.11 2018-09-21 15:54:16 +02:00
sebres 58b510a5be filter.d/domino-smtp.conf: 
- recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
  - failregex extended to catch connections rejected for policy reasons (gh-2228);
 2018-09-21 14:14:00 +02:00
sebres addd26ae55 Merge branch '0.10' into 0.11 2018-08-14 11:13:15 +02:00
sebres e2a255d104 fixed typo in comments by "ignoreself" parameter 2018-08-14 11:11:19 +02:00
sebres 606761b3c7 Merge branch '0.10' into 0.11 2018-08-03 12:06:13 +02:00
sebres 6ad9bb56a0 Update ChangeLog 2018-08-03 12:05:40 +02:00
sebres 6a81cc9d8c Merge branch '0.10' into 0.11 2018-07-17 15:18:44 +02:00
sebres 8fe07e29ad filter.d/dovecot.conf: failregex enhancement to catch disconnected with "proxy dest auth failed"; 
closes gh-2184
 2018-07-17 15:06:42 +02:00
sebres d65d7fd4d0 Merge branch '0.10' into 0.11 2018-07-10 20:04:48 +02:00
sebres f8f01d5ab7 introduced new option `ignorecache` to improve performance of ignore failure check (using caching of `ignoreip`, `ignoreself` and `ignorecommand`) 2018-07-09 14:58:39 +02:00
sebres 9b6d17d07e extend `ignorecommand` to use actions-similar replacement (ticket-based now, so capable to interpolate all possible tags) 2018-07-09 13:01:16 +02:00
sebres 57f2d9e31c Merge branch '0.10' into 0.11 2018-07-06 18:06:54 +02:00
Sergey G. Brester 11c1bf0149
Update ChangeLog 2018-07-06 18:05:59 +02:00
sebres 9de1657aab Merge branch '0.10' into 0.11 2018-07-06 11:43:56 +02:00
sebres d0945120bf ChangeLog 2018-07-06 11:41:05 +02:00
sebres 9fdc6e0e82 Merge branch '0.10' into 0.11 2018-06-11 14:36:35 +02:00
Boris Gulay a923cd209b `filter.d/dovecot.conf`: failregex enhancement to catch sql password mismatch errors; 2018-06-11 14:30:10 +02:00
sebres 47d3a1213c Merge branch '0.10' into 0.11 2018-05-28 19:15:18 +02:00
sebres f220aba26f minor: added missing new-line (no functional changes) 2018-05-28 19:09:41 +02:00
sebres e36f4667ab fail2ban-client, fail2ban-server and fail2ban-regex will return version without logo info, additionally option `-V` can be used to get version in normalized machine-readable short format; 
closes gh-2122.
 2018-05-28 19:07:38 +02:00
sebres 0d40dd42b1 Merge branch '0.10' into 0.11 2018-04-26 13:43:15 +02:00
Sergey G. Brester 9f3a80a21a
Update ChangeLog 2018-04-17 19:08:48 +02:00
sebres 0707695146 Merge branch '0.10' into 0.11, version bump 
# Conflicts resolved:
#	fail2ban/server/database.py
 2018-04-05 12:58:11 +02:00
sebres 414469c102 Merge '0.10.3.fix1' into 0.10 2018-04-05 00:41:29 +02:00
sebres c1923f9644 update ChangeLog 2018-04-04 23:32:22 +02:00
sebres 187514eda7 bump version (0.10.3 -> 0.10.4.dev1) 2018-04-04 20:17:26 +02:00
sebres 0a50f2e19e next release of 0.10: bump version, update ChangeLog, man's and MANIFEST etc. 2018-04-04 19:44:09 +02:00
sebres 70d099bbd6 Merge branch '0.10' into 0.11 2018-04-04 18:59:44 +02:00
sebres 4a8506fcca update ChangeLog 2018-04-04 18:57:41 +02:00
sebres 1fdad90b4d Merge branch '0.10' into 0.11 2018-04-04 16:49:57 +02:00
Sergey G. Brester d9525ad3aa
Update ChangeLog 2018-04-04 16:47:18 +02:00
Sergey G. Brester 7bbc26d67e
Merge pull request #2097 from benrubson/sni 
Detect Apache SNI error / misredirect attempts
 2018-04-04 16:31:38 +02:00
Sergey G. Brester 28ae32f0ca
Update ChangeLog 2018-04-04 16:31:14 +02:00
sebres f877980da9 Merge branch '0.10' into 0.11 2018-04-04 15:55:59 +02:00
sebres e786dbf132 New logging parameter `padding`, default enabled, excepting the SYSLOG (for backwards compatibility purposes); 
Closes gh-2099.
 2018-04-03 17:58:17 +02:00
sebres 7dfd61f462 Merge branch '0.10' into 0.11-2 2018-04-03 14:14:44 +02:00
sebres 8423f017e7 Merge branch 'sshd-ddos-mode-closed-preauth' into 0.10 2018-04-03 14:12:35 +02:00
sebres 4ee07adde6 Merge branch '0.10' into fix-sshd-filter-suff 
# Conflicts resolved:
#	fail2ban/server/filter.py
 2018-04-03 13:30:57 +02:00
sebres e5735b9951 ChangeLog updated 2018-03-20 18:54:25 +01:00
sebres ed7d5d8ea1 ChangeLog updated 2018-03-20 16:04:42 +01:00
sebres 66d2436f21 filter.d/sshd.conf: extend suffix with optional port, move it to `prefregex` at end outside of the content 2018-03-19 16:50:49 +01:00
sebres 8763cf0a36 ChangeLog updated 2018-03-19 14:26:51 +01:00
sebres a6fb33bdec filter.d/recidive.conf: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069 2018-03-09 13:56:38 +01:00
Sergey G. Brester b16aafe233
Update ChangeLog 2018-03-05 19:42:05 +01:00
sebres 2b282ead09 Merge branch '0.10' into 0.11 2018-03-02 19:48:15 +01:00
sebres a3bcbe2d1b backwards-compatibility, test-cases and ChangeLog update 2018-03-02 19:15:10 +01:00
sebres 1d7aa2ff21 filter.d/sshd.conf: rewrite fix (for new ssh log-format) backwards compatible + test-cases extended to cover both cases 2018-03-02 18:17:17 +01:00
sebres 5ea76789c6 Merge branch '0.10' into 0.11 2018-03-02 17:18:37 +01:00
sebres 8c291cad38 filter.d/asterisk.conf: fixed failregex prefix by log over remote syslog server (gh-2060) 2018-03-02 09:17:04 +01:00
Ben RUBSON b112250ef0 (Free)BSD IPFW does not allow 2 identical rules (#2054) 
ipfw actionban fixed to allow same rule added several times (and actionunban to ignore error by deletion of missing rule)
 2018-02-27 10:18:59 +01:00
Ben RUBSON 857767f04b Add 'any' badips.py bancategory (#2056) 
action.d/badips.py: allow `any` as bancategory to retrieve IPs from all categories
 2018-02-27 10:12:22 +01:00
sebres 47a7f83a0b Merge branch '0.10' into 0.11 2018-02-26 19:30:54 +01:00
sebres 07fcb24ff6 Merge pull request #2057 from benrubson/https 
Use httpS with badips
 2018-02-26 18:50:35 +01:00
benrubson 8ed892b8bb Changelog 2018-02-26 16:15:29 +01:00
benrubson 9a8add0ef0 changelog 2018-02-26 10:28:51 +01:00
sebres a5155f55e7 Merge branch '0.10' into 0.11 2018-02-21 09:31:35 +01:00
Sergey G. Brester 879f580c9a
Update ChangeLog 2018-02-19 15:59:45 +01:00