Commit Graph

1132 Commits (9a558589d7e67bfd553641bd9c074f85f97c50f4)

Author SHA1 Message Date
sebres 201ae0dac2 Merge branch '0.10' into 0.11 2018-01-31 12:20:34 +01:00
Sergey G. Brester 3a1c386958
Update ChangeLog 2018-01-31 12:18:56 +01:00
sebres 9440956575 Update ChangeLog 2018-01-19 19:37:37 +01:00
sebres c50875ccf6 Update ChangeLog: all major 0.11 changes combined in 0.11th block now 2018-01-19 11:41:54 +01:00
sebres aa47937d4f Merge branch '0.10' into 0.11: bum version after release of 0.10.2 2018-01-18 16:47:13 +01:00
sebres 9a38d5697f bump version (0.10.2 -> 0.10.3.dev1) 2018-01-18 16:40:48 +01:00
sebres a45488465e prepare release: bump version, update ChangeLog, man's and MANIFEST etc. 2018-01-18 14:49:01 +01:00
sebres 1ca3df877b Merge branch '0.10' into 0.11 2018-01-18 14:32:00 +01:00
sebres 81b61fe30c ChangeLog update 2018-01-18 14:19:55 +01:00
sebres 38b3290516 Merge branch '0.10' into 0.11 2018-01-17 16:43:45 +01:00
sebres ed22ddbbbb Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-01-17 16:42:56 +01:00
Benedikt Seidl fed6c49c2d nginx-http-auth: match usernames with spaces
# Conflicts:
#	ChangeLog
2018-01-17 16:35:31 +01:00
sebres 576eeb70dd Merge branch '0.10' into 0.11 2018-01-15 18:17:18 +01:00
sebres 2b7b0da943 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-01-15 18:16:43 +01:00
sebres 039ac7c7c4 Merge branch '0.10' into 0.11 2018-01-11 10:29:46 +01:00
sebres 1c0fc73e48 Update ChangeLog 2018-01-11 10:27:38 +01:00
sebres 314e402fe0 filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632) 2018-01-10 14:49:06 +01:00
sebres 0e68c9a720 Merge branch '0.10' into 0.11 2018-01-10 12:22:31 +01:00
sebres c30144b37a Merge branch '0.9' into 0.10
# Conflicts:
#	config/action.d/firewallcmd-ipset.conf
#	config/filter.d/asterisk.conf
# Merge-point after cherry-pick, no changes:
#	fail2ban/client/jailreader.py
#	fail2ban/helpers.py
2018-01-10 12:05:26 +01:00
Serg G. Brester 029cd5aa24
Update ChangeLog 2018-01-10 11:47:59 +01:00
Danila Vershinin c190631f88 New ban action firewallcmd-ipset-allports. Closes #1167 2018-01-10 10:58:01 +01:00
Serg G. Brester f7e2d3610b
Update ChangeLog 2018-01-09 21:19:01 +01:00
sebres 5028f17f64 Merge branch '0.10' into 0.11, rewrite updateDb because it can be executed after repair, and some tables can be missing.
# Conflicts:
#	fail2ban/server/database.py
#	fail2ban/tests/fail2banclienttestcase.py
#	fail2ban/tests/sockettestcase.py
2017-12-22 17:05:45 +01:00
Serg G. Brester 2d23f35d26
Update ChangeLog
typo: missing newline restored.
2017-12-21 22:50:54 +01:00
sebres 79443210ad Update ChangeLog 2017-12-21 22:49:57 +01:00
sebres 7e5d8f37fd Merge branch '0.10' into 0.11
# Conflicts:
#	config/action.d/firewallcmd-ipset.conf
#	fail2ban/server/jail.py
#	fail2ban/tests/servertestcase.py
2017-12-06 00:14:23 +01:00
Serg G. Brester ad658a0a95
Merge pull request #1989 from sebres/logging-options
New server logging options
2017-12-06 00:07:51 +01:00
sebres cc9ff31c9c Update ChangeLog: `action.d/firewallcmd-ipset.conf`: fixed create of set for ipv6 (missing `family inet6`, gh-1990) 2017-12-05 23:35:34 +01:00
sebres f9833ddee4 Update ChangeLog 2017-12-05 18:55:47 +01:00
Serg G. Brester b0ba1aa846
Update ChangeLog 2017-12-05 16:24:04 +01:00
sebres cc153888d5 Merge branch '0.10' into 0.11 2017-12-01 15:55:10 +01:00
sebres 7f89fbc33f Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-12-01 15:53:11 +01:00
Peter Nowee e4bbaf3d58
Update ChangeLog 2017-12-01 15:01:48 +01:00
sebres 5547697401 ChangeLog and typo 2017-12-01 10:16:14 +01:00
sebres 5cc0abbb02 Merge branch '0.10' into 0.11
# Conflicts:
#	fail2ban/tests/fail2banclienttestcase.py
2017-11-28 16:37:51 +01:00
sebres b62ab2d51e ChangeLog updated 2017-11-28 13:46:57 +01:00
sebres 12b55bb8cc Merge remote-tracking branch '0.10' into 0.11 2017-11-27 12:02:46 +01:00
sebres 6db9ae8574 ChangeLog updated 2017-11-26 23:35:11 +01:00
sebres 8aeaaf06ee Merge branch '0.10' into 0.11 2017-11-23 22:57:21 +01:00
sebres 159957ab88 filter.d/sshd.conf: extended failregex for modes "extra"/"aggressive": now finds all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors;
obsolete (multi-line buffered) variant extended also.

Closes gh-1943, gh-1944
2017-11-23 22:21:42 +01:00
sebres 70b933f405 Merge branch '0.10' into 0.11 2017-11-06 18:57:53 +01:00
Serg G. Brester ee80c52430 Update ChangeLog 2017-11-03 14:15:54 +01:00
Serg G. Brester 4d10c615c4
Update ChangeLog
typo
2017-11-03 14:05:17 +01:00
Serg G. Brester 8b26fd2778 Update ChangeLog 2017-11-03 14:03:47 +01:00
sebres 12419b75f2 Merge branch '0.10' into 0.11
# Conflicts:
#	fail2ban/tests/servertestcase.py
2017-10-30 14:02:41 +01:00
Serg G. Brester 1a8fb6290d Merge pull request #1926 from sebres/0.10-pf-actionflush
action.d/pf.conf: wildcard anchoring example + bulk-unban with command `actionflush`
2017-10-19 16:35:46 +02:00
sebres 76f5e3659e Merge branch '0.10' into 0.11 2017-10-18 19:03:08 +02:00
sebres 0e66e3cc57 Merge branch 'master' into 0.10
# Conflicts:
#	config/filter.d/asterisk.conf
2017-10-18 19:00:23 +02:00
Serg G. Brester d81405adbc Update ChangeLog
typo
2017-10-18 18:52:55 +02:00
Serg G. Brester b6ab0aa83f Update ChangeLog
more detailed entry
2017-10-18 18:52:12 +02:00
Michael Newton 894a05b843 Update ChangeLog 2017-10-18 09:26:51 -07:00
sebres a1b863fcf6 action.d/pf.conf: extended with bulk-unban, command `actionflush` in order to flush all bans at once (by stop jail, resp. shutdown of fail2ban) 2017-10-17 20:12:48 +02:00
sebres 3c4910a3e2 ChangeLog entry + note for possible incompatibility. 2017-10-17 16:06:39 +02:00
sebres 028f32b74b bump version (0.10.1 -> 0.10.2.dev1) 2017-10-12 14:00:41 +02:00
sebres 351abeb4ff prepare release: bump version, update ChangeLog, man's and MANIFEST etc. 2017-10-12 13:46:46 +02:00
sebres 6c1d481135 Merge branch '0.10' into 0.11 2017-10-04 09:57:43 +02:00
sebres e71f16f6ba Merge branch 'master' into 0.10
# Conflicts resolved:
#	config/filter.d/dovecot.conf
2017-10-04 09:57:18 +02:00
sebres ea36e1b3fc filter.d/dovecot.conf: fixed failregex to recognize pam_authenticate failures with "Permission denied" (gh-1897) 2017-10-04 09:55:37 +02:00
sebres 037a0be3ae Merge branch '0.10' into 0.11 2017-10-02 15:43:55 +02:00
sebres 8c804a2290 Merge branch 'master' into 0.10
# Conflicts resolved:
#	config/filter.d/postfix-rbl.conf
#	config/filter.d/postfix-sasl.conf
#	config/filter.d/postfix.conf
#	fail2ban/tests/files/logs/postfix-sasl
2017-10-02 15:41:30 +02:00
sebres a2120a9de5 filter.d/postfix-*.conf - added optional port regex (closes gh-1902) 2017-10-02 15:31:55 +02:00
Serg G. Brester 6149df5216 Update ChangeLog 2017-09-12 09:27:16 +02:00
Louis Sautier 152c9d27d5
Fix nftables actions for IPv6 addresses, fixes #1893
* add [Init?family=inet6] to nftables-common.conf and make nftable
  expressions more modular
* change "ip protocol" to "meta l4proto" in nftables-allports.conf
  since the former only works for IPv4
2017-09-11 23:32:53 +02:00
Serg G. Brester 72ad904f58 Update ChangeLog 2017-09-11 12:22:43 +02:00
Louis Sautier 2ce0ffb977
Fix Gentoo init script's shebang
Use openrc-run instead of runscript.
5d5856c193
2017-09-11 12:19:33 +02:00
sebres e0fede621e Merge branch '0.10' into 0.11 2017-09-08 11:33:19 +02:00
Serg G. Brester 8be4569d51 Update ChangeLog
several fixes of 0.10th branch
2017-09-08 11:32:08 +02:00
sebres b185e7cb04 Merge remote-tracking branch 'upstream/master' into 0.10 2017-09-08 11:11:05 +02:00
Serg G. Brester 983b128c54 Update ChangeLog
several fixes of 0.9th branch
2017-09-08 11:07:48 +02:00
Serg G. Brester a287d0a05c Merge pull request #1872 from kmzby/master
Added filter for phpMyAdmin+syslog
2017-08-25 12:22:58 +02:00
Pavel Mihadyuk 5b4bc2aafd Added filter for phpMyAdmin+syslog (>=4.7.0). Closes #1713 2017-08-22 18:20:01 +03:00
sebres b80692f602 Merge branch '0.10' into 0.11 2017-08-18 15:44:43 +02:00
sebres 1d5fbb95ae Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-08-18 15:44:22 +02:00
sebres 3be32adefb Replace not posix-compliant grep option: fgrep with `-q` option can cause 141 exit code in some cases (see gh-1389). 2017-08-18 14:37:29 +02:00
sebres aa140f0fa7 Merge branch 0.10 to 0.11, restores merge-point after rebased PR gh-1866 (mistakenly created and merged on 0.11th base); 2017-08-16 17:58:52 +02:00
sebres 19e59fff3e ChangeLog: added incompatibility list (compared to v.0.9) 2017-08-16 15:38:44 +02:00
Serg G. Brester b5dd5adb08 Merge pull request #1460 from sebres/0.10-full
0.11 ban-time-incr
2017-08-10 15:23:18 +02:00
sebres 1c06a8b1ef 0.11 - prepared new development edition: README.md, ChangeLog, version.py 2017-08-10 15:19:43 +02:00
sebres 28076618fd back to development edition: README.md, ChangeLog, version.py 2017-08-09 17:37:40 +02:00
sebres c60784540c version bump: release 0.10.0 2017-08-09 16:53:05 +02:00
sebres 30219b54c4 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-08-09 16:38:29 +02:00
Serg G. Brester c540217844 Update ChangeLog
action.d/cloudflare.conf - Cloudflare API v4 implementation (gh-1651)
2017-08-09 16:34:37 +02:00
sebres 6f4fde2c29 Update changelog and man/jail.conf.5 2017-08-08 21:50:38 +02:00
sebres 51c54b3253 ChangeLog entry for 9a42ce12f4 2017-08-08 13:04:36 +02:00
sebres a12ac4242b ChangeLog updated 2017-07-12 11:59:42 +02:00
sebres c9385a2e04 ChangeLog updated 2017-07-11 15:28:04 +02:00
sebres ea3a6aa971 ChangeLog updated 2017-07-11 15:02:59 +02:00
sebres e26cc5de45 restore backwards compatibility (jail postfix-sasl); changelog update 2017-07-11 11:57:48 +02:00
sebres 546cd55342 Merge branch 'master' into 0.10 2017-07-03 13:02:25 +02:00
sebres a1d0633e69 filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302):
- optional space between NOTICE and pid;
- optional part "Host " before IP-address;
2017-07-03 12:57:28 +02:00
sebres 33fcf8d809 Merge branch 'master' into 0.10 2017-07-03 12:43:48 +02:00
Serg G. Brester 001c0898d6 Merge branch 'master' into master 2017-06-30 18:07:38 +02:00
Serg G. Brester 986dd3107d Merge branch '0.10' into patch-12 2017-06-19 18:37:28 +02:00
sebres 9b0f39a17d ChangeLog updated 2017-06-19 18:12:37 +02:00
Serg G. Brester 3294840c2a Merge pull request #1801 from jeaye/postfix-updates
filter.d/postfix.conf: update to the latest postfix logging format
2017-06-19 16:44:37 +02:00
sebres d2c39d2e45 Merge branch '0.10' into 0.10-full
# Conflicts:
#	fail2ban/server/database.py - resolved and test-case with persistent ban-time fixed/extended (bantime presents in database)
2017-06-16 09:35:27 +02:00
sebres dcdf677438 Merge remote-tracking branch 'master' into 0.10 2017-06-15 11:49:51 +02:00
sebres e1234a5249 ChangeLog update 2017-06-15 11:47:16 +02:00
jeaye 6f3d425c4d
Update postfix filters and tests 2017-06-12 18:56:19 -07:00
sebres bbea73d79d Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-06-12 13:11:45 +02:00
Serg G. Brester 23c2d05250 Update changelog (new enhancements from gh-1792) 2017-06-09 20:51:28 +02:00
Georges Racinet 12259bb3c7 man and ChangeLog for logtimezone 2017-06-09 20:39:03 +02:00
Serg G. Brester 5214c1c5d1 Update changelog (gh-1455) 2017-05-30 20:31:48 +02:00
sebres 2b08847f3a Reintegrate 'master' into 0.10 (merge point) + small code review 2017-05-19 16:32:13 +02:00
sebres c7ddf1f940 [systemd-backend] implicit closing journal descriptor by stop filter.
Partially cherry-picked from 0.10 (d153555a07)
2017-05-19 15:36:06 +02:00
sebres 17a03ebc11 changelog update / typos fixed 2017-05-17 21:03:35 +02:00
sebres 6724de54e6 Merge branch '0.10' into 0.10-full 2017-05-17 11:35:33 +02:00
Serg G. Brester 17b0945a70 Update ChangeLog 2017-05-16 09:43:52 +02:00
sebres 94c793ff89 Merge branch 'master' into 0.10 2017-05-15 16:48:11 +02:00
Yaroslav Halchenko 407b2ea936 life is going on 2017-05-11 11:17:27 -04:00
Yaroslav Halchenko 35280044ff Preparing for 0.9.7 release 2017-05-10 21:38:57 -04:00
sebres b13d9d4e22 Merge branch 'master' into 0.10 2017-05-07 21:29:12 +02:00
sebres bea3a62a37 update ChangeLog 2017-05-07 14:02:45 +02:00
Serg G. Brester b5d59e8883 small fix of changelog entry 2017-05-02 16:59:05 +02:00
Viktor Szépe 1ed958521c Courier auth changelog 2017-04-28 17:08:36 +02:00
sebres 8839bcbb09 Merge remote-tracking branch master into 0.10 2017-04-25 10:07:19 +02:00
sebres 462442a517 Update ChangeLog #1757 2017-04-25 10:04:45 +02:00
sebres f75c3d8a02 code review and ChangeLog entry 2017-04-24 21:18:16 +02:00
Serg G. Brester e35ed1cdf7 Update ChangeLog
Changes of #1645
2017-04-21 11:24:32 +02:00
Serg G. Brester 17922b621c Update ChangeLog
replaced german in entry ;)
2017-04-20 15:23:59 +02:00
Georges Racinet 4fc6323ff0 haproxy-http-auth: avoid port number in IPv6 addresses
The solution taken is to consume the port number explicitely in
the regexp.
2017-04-07 13:59:22 +02:00
Serg G. Brester e7f1fc5cb3 Update ChangeLog
enhancements of #1743
2017-03-31 10:39:50 +02:00
Serg G. Brester 44a26c6159 Update ChangeLog
amend to gh-1742
2017-03-29 23:14:33 +02:00
sebres 873f97c6c5 Merge branch '0.9-log-level-msg' into 0.10 2017-03-27 11:36:36 +02:00
sebres 7982d1e627 Update ChangeLog 2017-03-27 11:31:41 +02:00
Serg G. Brester d26060ead0 Update ChangeLog
belongs to #1733
2017-03-27 09:38:53 +02:00
sebres 6c4b1c7204 Update ChangeLog 2017-03-23 15:54:53 +01:00
Serg G. Brester 7a03c964c2 Update ChangeLog 2017-03-21 14:04:18 +01:00
sebres 875295320e Merge remote-tracking branch 'remotes/gh-upstream/0.10' into 0.10-full 2017-03-13 02:12:39 +01:00
sebres 30b53bb2ce update ChangeLog and man/fail2ban-regex.1 2017-03-13 02:07:14 +01:00
sebres 8af7a73bfc update ChangeLog 2017-03-10 22:14:39 +01:00
sebres 52ed6597b2 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-03-09 16:27:14 +01:00
sebres 0f8cb1749f Update ChangeLog 2017-03-09 16:15:45 +01:00
Serg G. Brester d042981954 Merge pull request #1655 from ajcollett/0.10
Added config for AbuseIPDB
2017-03-09 15:15:26 +01:00
sebres 6a2c95da95 `action.d/sendmail-geoip-lines.conf` fixed using new tag `<ip-host>` (dns-cache and without external command execution);
changelog updated;
2017-03-08 16:51:08 +01:00
sebres 28b5262976 Merge branch '0.10' into 0.10-full 2017-02-28 15:14:51 +01:00
Serg G. Brester 32ac383d06 Update ChangeLog 2017-02-27 15:51:33 +01:00
Serg G. Brester 2fa18a74c4 Merge branch 'master' into master 2017-02-17 09:06:09 +01:00
Christoph Theis 861ce4177c #1689: Make lowest rule number in action.d/bsd-ipfw.conf configurable 2017-02-14 18:31:42 +01:00
sebres 99634638ba Merge branch '0.10' into 0.10-full 2017-01-23 09:51:36 +01:00
sebres e8a1556562 Merge remote-tracking branch 'master' into 0.10
# Conflicts:
#	fail2ban/tests/samplestestcase.py
2017-01-21 16:59:41 +01:00
sebres 8aa9516d50 sshd.conf: fixed expression "received disconnect ... auth fail" - optional space after port part (gh-1652) 2017-01-21 16:18:03 +01:00
sebres c8f473110c change log update after rebase 2017-01-21 15:59:27 +01:00
sebres dd373dba9f test all config-regexp, that contains greedy catch-all before <HOST>, that is hard-anchored at end or precise sub expression after <HOST>;
new ssh rule(s) added:
- Connection reset by peer (multi-line rule during authorization process);
- No supported authentication methods available;
Single line and multi-line expression optimized, added optional prefixes and suffix (logged from several ssh versions);
closes gh-864
2017-01-21 15:53:48 +01:00
Serg G. Brester 5e08298b6b Update ChangeLog 2017-01-20 08:47:30 +01:00
Serg G. Brester 40f294e6bf Merge pull request #1663 from jjeziorny/netscaler-action
Introduced citrix netscaler action
2017-01-19 16:25:23 +01:00
Serg G. Brester 75b252e47f Update ChangeLog 2017-01-19 15:00:08 +01:00
Juliano Jeziorny 1fe554dd25 Introduced Citrix Netscaler action 2017-01-19 14:30:25 +01:00
Christoph Theis fe76cd9b7d #1667: changelog entry 2017-01-17 14:05:20 +01:00
sebres f35da076df ChangeLog entry 2017-01-16 09:55:01 +01:00
sebres de49f0c27f ChangeLog entry 2017-01-13 19:45:10 +01:00
sebres 7019640eb3 Merge branch 'fix-gh-1658' into 0.10 2017-01-10 12:59:51 +01:00
sebres a9523aefbb sshd.conf: fixed non-anchored part of regex (misleading match of colon inside IPv6 address instead of `: ` in the reason-part by missing space). 2017-01-10 12:58:44 +01:00
sebres c9f32f75e6 Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10) 2017-01-10 11:25:41 +01:00
sebres f8d35a7c9c changelog entry 2017-01-10 11:16:17 +01:00
Andrew James Collett 18d09b6d8e Updated changelog. 2017-01-08 09:50:58 +02:00
Yaroslav Halchenko 4a1fd888f0 Carry on development 2016-12-11 00:49:09 -05:00
Yaroslav Halchenko 482252dbd4 ENH: prep for 0.9.6 release (as of tomorrow) 2016-12-09 09:35:03 -05:00
Serg G. Brester 556a9373ce Update ChangeLog 2016-11-28 23:40:33 +01:00
sebres 45f1d811c9 Merge branch 'alex1702-1586' 2016-11-28 18:54:02 +01:00
sebres 67c14afd8e ChangeLog entry added + jail.conf review 2016-11-28 18:51:23 +01:00
sebres b8c41dcb49 ChangeLog update 2016-11-28 11:31:51 +01:00
sebres 40cbe96352 Merge remote-tracking branch 0.10 into _0.10/fix-datedetector-grave-fix-v2 2016-11-28 11:03:11 +01:00
sebres 5678d08a79 filter.d/dovecot.conf update:
- fixes failregex, that ignores failures through some irrelevant info (closes #1623);
- ignores whole additionally irrelevant info in anchored regex before fixed failure data `\((?:auth failed, \d+ attempts( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\)`
- review, IPv6 compatibility fix, non-capturing groups
2016-11-26 16:50:37 +01:00
sebres b856e1dadc Merge pull request #1618 from sebres/_0.10/systemd-service 2016-11-24 20:45:17 +01:00
sebres 308bba448c ChangeLog update 2016-11-24 20:43:55 +01:00
sebres d908688b56 ChangeLog update 2016-11-24 20:25:08 +01:00
sebres 701abfd250 ChangeLog entry added
+ indentation fix (space-tab replacement)
2016-11-21 17:13:43 +01:00
sebres b5433f48b7 amend after code review of merge gh-1581 2016-11-11 11:09:46 +01:00
sebres ea4c1f6356 Merge branch 'master' into 0.10 2016-11-11 10:29:45 +01:00
sebres dab5f56609 Merge branch 'fix-gh-1477' 2016-11-11 10:17:07 +01:00
sebres c8b036456d changelog entries 2016-10-17 12:47:42 +02:00
sebres 519e355bf2 ChangeLog entry added 2016-10-15 14:59:36 +02:00
sebres 53adc9d84a Merge branch 0.10-full with 0.10
Resolved several conflicts and code review after merge
2016-10-14 19:55:20 +02:00
sebres c809c3e61e Merge branch 'master' into 0.10 2016-10-13 19:01:13 +02:00
Nils f7df6026a3 Update Changelog to reflect the new np.conf action 2016-10-13 18:53:16 +02:00
sebres 310d4e224d Merge branch master (0.9) into 0.10 2016-09-29 19:46:11 +02:00
Serg G. Brester 8e3e333d54 Update ChangeLog 2016-09-27 14:17:45 +02:00
sebres 5151c4fa6d ChangeLog entries added 2016-09-26 15:12:50 +02:00
sebres 0f1d1a0d4d ChangeLog: FIPS compliant 2016-09-21 09:22:18 +02:00
sebres 9fb167b5e1 filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543 2016-09-09 09:20:15 +02:00
sebres 387aa6ba47 Merge master branch '_0.9/systemd-journal-path-gh-1408' into 0.10
# Conflicts:
#	fail2ban/tests/filtertestcase.py
#	fail2ban/tests/utils.py
2016-09-01 16:26:21 +02:00
sebres c0e0cfb39d Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2016-09-01 16:23:13 +02:00
sebres 7ed6cab120 jail configuration extended with new syntax to pass options to the backend (see gh-1408),
examples:
  - `backend = systemd[journalpath=/run/log/journal/machine-1]`
  - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]`
  - `backend = systemd[journalflags=2]`
2016-09-01 16:17:02 +02:00
sebres 4a1d720344 filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix 2016-08-22 14:10:50 +02:00
sebres 2c54f90469 sshd-filter: better universal regexp, that matches more complex different injects, using conditional expressions (on username and auth-info section), see new test cases also. 2016-08-19 10:19:12 +02:00
sebres a544c5abac sshd-filter: recognized "Failed publickey for" now (gh-1477) + improved regexp (not anchored now to recognize all "Failed anything for ... from <HOST>"
ChangeLog entry added
2016-08-18 21:38:55 +02:00
sebres 18ebd9ac21 Merge branches 0.10-full and 0.10 2016-08-17 18:00:25 +02:00
sebres 5509ba37a2 Merge pull request #1512 from 'remotes/gh-upstream/0.9' into 0.10 2016-08-15 20:08:42 +02:00
sebres 9935cf19c1 description provided, ChangeLog entries added 2016-08-15 19:54:11 +02:00
sebres d71a525a85 Merge branch 'master' into 0.10 (resolve conflicts and cleaning tree points after back-porting gh-1508 0.10 -> 0.9) 2016-08-12 18:51:56 +02:00
sebres cb340db220 ChangeLog entry for gh-1508 2016-08-12 18:37:46 +02:00
Yaroslav Halchenko 123f4ceaee Changelog for postfix-sasl fix 2016-08-08 17:11:07 -04:00
sebres 70658d7a19 Merge pull request #1494 from rhardy613/master (branch 'sebres:pr-1494') 2016-08-08 18:49:32 +02:00
rhardy613 89f8999fe5 Add changelog entry for ASSP filter changes
Add changelog entry for ASSP filter changes
2016-08-06 01:07:04 -04:00
sebres eb6e3c52ae ChangeLog entries for the last fix (cherry pick from 0.10) 2016-08-01 18:04:00 +02:00
sebres f5b7ffeb4b DOC: Reformatted ChangeLog into legit Markdown (after merge of master to 0.10) 2016-08-01 15:18:59 +02:00
sebres 0eea362aa0 Merge branch 'master' into 0.10 2016-08-01 15:10:52 +02:00
sebres 922213f3d9 Merge tag '0.10.0a1' into 0.10-full 2016-07-15 10:32:42 +02:00
Yaroslav Halchenko 5714ac201b DOC: preparations for 0.9.5 release 2016-07-14 21:35:49 -04:00
Yaroslav Halchenko 21056c995d Merge remote-tracking branch 'origin/master' into doc-changelog
* origin/master:
  another variant of regex
  add trailing anchor to failregex
  add PR id to ChangeLog
  improved failregex according to @sebres recomendations
  * add `__prefix_line` to regex * fix time in log file
  add info to log file
  added sample log lines for slapd
  adding openldap slapd filter
2016-07-14 21:21:35 -04:00
Yaroslav Halchenko 28a0605f69 Merge pull request #1478 from gips0n/master
adding openldap slapd filter
2016-07-14 08:30:42 -04:00
sebres 683f8fc56c Merge branch 'master' into 0.10 2016-07-13 19:41:46 +02:00
Yaroslav Halchenko 33ed71b3de DOC: Reformatted ChangeLog into legit Markdown (Closes #962) 2016-07-10 19:53:54 -04:00
Yaroslav Halchenko ec9c4a27f3 DOC: tuned up ChangeLog entries for 0.9.5
unified capitalized beginning of each entry
no trailing spaces or dots etc
2016-07-10 18:40:20 -04:00
Andrii Melnyk 2c5a489bc7 add PR id to ChangeLog 2016-07-08 13:55:58 +03:00
sebres f5f204ca7c Improved changes of gh-1458:
`[^']*` after callid was wrong, changed to `[^\)]*`;
  regexp anchored at the end;
  almost the same regex grouped to one;

Closes #1458
2016-07-08 11:45:25 +02:00
Andrii Melnyk b2e3affaa0 adding openldap slapd filter 2016-07-08 04:50:57 +03:00
Yaroslav Halchenko 593b1210c0 Merge master (commit '0.9.4-79-gaf8b650') into 0.10
* commit '0.9.4-79-gaf8b650':
  badip timeout option introduced, set to 30 seconds in our test cases (#1463)
  DOC: changelog for recent exim filters tune up
  Asterisk pjsip (#1456)
  BF: finalize that sample log line for exim4
  RF: for consistency use (?:XXX)? instead of (?:|XXX)
  ENH: use non-capturing regex groups in exim-common and exim filters
  ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible
  BF: make :port and I=[ip]:port optional for a "AUTH command used when not advertised"
2016-06-19 20:06:16 -04:00
sebres 12ff119841 Merge branch 'ban-time-incr' into 0.10-full 2016-06-09 22:50:31 +02:00
Yaroslav Halchenko 11f7cf5ad8 DOC: changelog for recent exim filters tune up 2016-06-07 21:38:39 -04:00
Ludovic Gasc f85fb45b29 Asterisk pjsip (#1456)
* Improve PJSIP log support for Asterisk 13+

* Update changelog: filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+

* Change pjsip regexp with sebres observation, thanks to @nturcksin
2016-06-07 11:40:35 +02:00
sebres f62266659f Merge branch 'master' into '0.10' 2016-05-21 13:48:00 +02:00
sebres baafac36a4 ChangeLog entry 2016-05-20 14:51:13 +02:00
sebres 34ae0b916e Merge pull request #1421 from sebres/fix-1405
filter.d/common.conf: fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405)
2016-05-20 11:20:34 +02:00
sebres 932708de9e fixed --pidfile bug, introduced in gh-1322:
gentoo-initd fixed --pidfile bug: `--pidfile` is option of start-stop-daemon, not argument of fail2ban (see gh-1434)
closes gh-1434
2016-05-20 11:01:00 +02:00
sebres de813acf51 extends generic `__prefix_line` with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` + test case added; 2016-05-17 11:54:43 +02:00
sebres 3e49522b7a fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405, misleadingly committed in d2a9537568);
all optional spaces normalized in generic include `common.conf` + test cases are extended (using new example pseudo-filter and test log `zzz-generic-example`);
2016-05-13 20:26:37 +02:00
sebres cce63926ce ChangeLog entry added 2016-05-13 16:11:38 +02:00
sebres 3df97beaa6 changelog entries from sebres:f2b-perfom-prepare-716 (gh-1346) 2016-05-11 18:03:22 +02:00
sebres c22ba5413d changes from ipv6-support-0.10 after merge 2016-05-11 16:58:13 +02:00
sebres f9ea845595 Merge branch 'ipv6-support-0.10' into 0.10 2016-05-11 16:57:16 +02:00
Yaroslav Halchenko 5040c95bdb DOC: stub for 0.10.0 release changelog 2016-05-10 21:17:09 -04:00
Alexander Koeppe ce196744d1 Update ChangeLog / THANKS entries 2016-05-09 15:34:15 +02:00
sebres e595fefc9b change log and thanks entries 2016-04-14 14:50:17 +02:00
Serg G. Brester b9b7ecbf6b Merge pull request #1357 from sebres/monit-new-fltr
monit filter fixup for the new version (gh-1355)
2016-03-26 11:39:26 +01:00
TorontoMedia 3d239215cd Two new firewalld actions with rich rules for firewalld-0.3.1+ (gh-1367)
closes #1367
2016-03-25 17:28:30 +01:00
sebres ac27c9cb96 Merge branch 'patch-2' (gh-1371) 2016-03-25 17:05:23 +01:00
theDogOfPavlov 28e246b5d7 added note to cover additional exim filters 2016-03-23 11:52:09 +00:00
theDogOfPavlov 42f43d0f8a added note to cover dovecot ldap regex 2016-03-23 11:51:12 +00:00
Yaroslav Halchenko bfac42eb2e changelog for journalmatch pure-ftpd 2016-03-14 11:10:28 -04:00
sebres 9d13bb0c3a ChangeLog and THANKS entries 2016-03-09 20:11:14 +01:00
Yaroslav Halchenko 634e68036e Get ready for further developments 2016-03-08 08:36:29 -05:00
Yaroslav Halchenko 5ffc15ac68 Changes for the 0.9.4 release 2016-03-07 21:45:44 -05:00
Yaroslav Halchenko 19850d71e9 changelog about gentoo initd 2016-03-07 10:52:47 -05:00
sebres bf0adc1fdf Merge remote-tracking branch 'f2b-perfom-prepare-716-cs' into ban-time-incr (+ conflicts resolved) 2016-03-06 15:12:48 +01:00
Yaroslav Halchenko 2adf5855ac Changelog for the recent PR and added Tom to THANKS 2016-02-28 12:03:13 -05:00
sebres 667785b608 mysqld: failregex fixed (accepts different log level, more secure expression now);
closes #1332
2016-02-24 17:17:51 +01:00
Yaroslav Halchenko 905c87ca4a Merge pull request #1310 from yarikoptic/pr-1288
NF: HAProxy HTTP Auth filter
2016-02-11 08:35:48 -05:00
Yaroslav Halchenko 3dc57af19c Merge branch 'logrotate' of https://github.com/sbraz/fail2ban
* 'logrotate' of https://github.com/sbraz/fail2ban:
  Remove compression and count from logrotate
2016-02-10 18:41:01 -05:00
3eBoP 257b7049d8 Update asterisk filter: changed regex for "Call from ...". Sometimes extension can have a plus symbol (+) because they can be phone number.
Closes #1309
2016-02-08 11:51:37 +01:00
Pierre GINDRAUD b5a07741c8 Add new regex into postfix filter. The new regexp is able to detect bad formatted SMTP EHLO command 2016-02-08 11:11:59 +01:00
Louis Sautier 869d99dd37
Remove compression and count from logrotate
Initially reported at https://bugs.gentoo.org/show_bug.cgi?id=549856
2016-01-29 00:15:48 +01:00
Yaroslav Halchenko 3f437b32db Merge remote-tracking branch 'pr/1288/head'
* pr/1288/head:
  Update haproxy-http-auth.conf
  Added HAProxy HTTP Auth filter

 Conflicts:
	config/jail.conf - resolved + removed unnecessary filter/enabled (defaults should be as good)
2016-01-28 08:51:45 -05:00
Yaroslav Halchenko 377ea32441 Merge pull request #1295 from obounaim/master
The sender option is ignored by some actions
2016-01-28 08:48:22 -05:00
Serg G. Brester fe14c8fa05 Merge pull request #1292 from albel727/master
Add nftables actions
2016-01-24 23:55:50 +01:00
local 58a8736e0f Updating changelog. 2016-01-10 00:10:05 +01:00
Alexander Belykh cb2d70d7a8 Add ChangeLog entry for new nftables actions 2016-01-05 19:04:44 +06:00
sebres 25a09352e4 + ChangeLog entry 2016-01-04 14:46:43 +01:00
Jordan Moeser e133762a28 Added HAProxy HTTP Auth filter 2015-12-31 11:16:23 +10:00
Yaroslav Halchenko 69aa1feac0 Merge "Mac OS Screen Sharing filter" PR 1232
* pr/1232/head:
  removed system.log
  Removed old svn revision comment
  removed false matches
  Removed includes comment for screensharing jail
  Now using a literal logpath for screensharing jail
  Fixed blatant typo in regex
  clarified comments on sample log format
  Fixed name (again?)
  Made screensharing jail off by default
  Changed regex prequel
  added entry for new screensharingd filter
  name change & new sample data
  Added json metadata
  Sample log for test case
  Replaced .* with literal
  Update jail.conf
  Added new path variable for system.log
  Added in settings for screensharingd filter
  Created file

Conflicts:
	ChangeLog - moved to New Features
	config/jail.conf  - kept at the end
2015-12-29 19:36:59 -05:00
Yaroslav Halchenko 16710237e3 Merge remote-tracking branch 'origin/master'
* origin/master:
  Add 'Sender address rejected: Domain not found' Postfix failregex
2015-12-29 19:31:04 -05:00
sebres 9d4f163e88 code review and minor repair after merge with performance branch (changed naming convention, wrong resolved conflicts, etc) 2015-12-29 17:36:00 +01:00
sebres 21f058a9f7 Merge remote-tracking branch 'remotes/gh-origin/f2b-perfom-prepare-716' into ban-time-incr 2015-12-29 14:04:41 +01:00
Yaroslav Halchenko 26dd6d7425 Merge pull request #1258 from aleksandrs-ledovskis/feature/postfix-domain-not-found-failregex
Add 'Sender address rejected: Domain not found' Postfix failregex
2015-12-18 09:23:54 -05:00
Yaroslav Halchenko dfaf82d68a Changelog entry for PartOf in .service fix 2015-12-18 09:23:12 -05:00
Ross Brown 8d12dba245 Merge remote-tracking branch 'upstream/master' 2015-12-17 18:01:17 +00:00
Ross Brown 16aa2fa13e Updated ChangeLog to include new murmur jail. 2015-12-17 17:57:45 +00:00
Ross Brown ba535826a8 Updated ChangeLog to include new murmur filter. 2015-12-15 21:46:35 +00:00
Yaroslav Halchenko 5d6cead996 ENH: sshd filter -- match new "maximum auth attempts exceeded" (Closes #1269) 2015-12-13 23:21:04 -05:00
sebres 6d984717b5 ordered dict replaced with dict + change log entry fix
# Conflicts:
#	fail2ban/server/filter.py
2015-12-12 15:48:49 +01:00
sebres 3a179ec5d7 small code review: (much pretty) handling of filename as key - FileFilter contains (ordered) dict of files (not list), as discussed in gh-1265 2015-12-02 20:45:01 +01:00
Aleksandrs Ļedovskis fa59a6850f Add 'Sender address rejected: Domain not found' Postfix failregex
Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>
2015-11-22 12:01:15 +02:00
Orion Poplawski c656cb0d36 Merge branch 'master' into journaldefault
Conflicts:
	ChangeLog
2015-11-13 15:22:59 -07:00
Yaroslav Halchenko 6af6e40b62 Merge pull request #1241 from sebres/known/param-tag
New interpolation feature for definition config readers - `<known/parameter>`
2015-11-10 08:35:57 -05:00
sebres 46b116e86a filter test cases improved + log captured inside such tests + python 3.x compatibility;
changelog entry;
2015-11-09 22:02:05 +01:00
sebres 94cffece12 New interpolation feature for definition config readers - `<known/parameter>`, as extension to interpolation `%(known/parameter)s`, that does not works for filter and action init parameters; 2015-11-02 21:45:03 +01:00
Serg G. Brester eef7771b4e Merge pull request #1238 from sebres/fix/gh-1216
Fixed directly defined banaction for allports jails like pam-generic, recidive, etc
2015-10-31 13:17:04 +01:00
sebres e825e977cc Nginx log paths extended (prefixed with "*" wildcard)
closes gh-1237
2015-10-30 17:51:30 +01:00
sebres f359ed8c36 Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added);
closes gh-1216
2015-10-30 15:36:18 +01:00
sebres 6884593ab8 New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) 2015-10-29 23:15:20 +01:00
Orion Poplawski 0661aece46 Merge branch 'master' into journaldefault
Conflicts:
	ChangeLog
2015-10-29 15:22:37 -06:00
Simon Brown 3dd1c305ce added entry for new screensharingd filter 2015-10-27 21:20:12 -07:00
sebres eb87638ead ChangeLog entry for OpenHAB home automation filter (gh-1223) 2015-10-26 15:56:01 +01:00
Pablo Rodriguez Fernandez 2c576c64f8 Change domain filter regex
Change domain filter regex since there are other Google crawlers.
See "Google crawlers"
<https://support.google.com/webmasters/answer/1061943?hl=en>
2015-10-20 10:46:00 +02:00
Orion Poplawski 81a26266a9 Add changlog entry for postfix-rbl logpath change 2015-10-19 19:46:43 -06:00
Orion Poplawski 75d33c0f09 Add *_backend options for services to allow distros to set the default backend
per service.
Set default to systemd for Fedora as appropriate.
2015-10-18 20:18:50 -06:00
Pablo Rodriguez Fernandez a28e6b442e Add check in apache-fakegooglebot to protect against PTR fake record
An attacker may return a PTR record which fakes a Googlebot's domain
name. This modification resolves the PTR records to verify it.

See "Verifying Googlebot":
<https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>
2015-10-13 17:11:49 +02:00
sebres 2696ede251 mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later
closes gh-1211
2015-10-07 14:34:13 +02:00
Kevin Locke 2a5c93cfb5 Update ChangeLog and THANKS for "Auth fail" changes
Document the changes from 36919d9f in the ChangeLog and add myself to
the THANKS file (at @sebres suggestion).

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
2015-10-05 00:31:13 -07:00
Yaroslav Halchenko ff06176e9e Merge remote-tracking branch 'origin/master' into enh-split-comma
* origin/master:
  DOC: changelog for the timeout change
  Set Timeout at urlopen to 3 seconds
  README :: init/service example mentions debian based systems as the example
  README :: fitted paragraph style
  BF: disable testing on python 3.2 until coverage gets a fix
  README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
  Set Timeout at urlopen to 3 seconds
2015-09-27 00:52:14 -04:00
Yaroslav Halchenko 6c0f898ec7 DOC: changelog for the timeout change 2015-09-27 00:49:57 -04:00
Yaroslav Halchenko 8cf614e221 ENH: allow to split ignoreip by space and/or comma (Closes #1197)
Way too many people ran into this gotcha, so lets just do it
2015-09-23 12:13:52 -04:00
Yaroslav Halchenko 55e542b273 Merge remote-tracking branch 'pr/1170/head' -- opensuse paths
* pr/1170/head:
  Updated ChangeLog regarding openSUSE's path config
  Added configuration for opensuse path
2015-09-17 21:59:45 -04:00
Yaroslav Halchenko db1a3f17e1 ENH: new date pattern with year after day (not after entire entry) 2015-09-16 08:56:46 -04:00
Yaroslav Halchenko fbdd0b74a1 DOC: Changelog entry for this fix 2015-09-13 10:45:39 -04:00
Ville Skyttä 67a94733a9 logrotate: Do not rotate empty logs
As a useful side effect, prevents "Unable to contact server. Is it
running?" mails from cron when fail2ban hasn't been (intentionally)
running nor thus logging anything either.
2015-09-13 11:05:33 +03:00
Edward Beckett f5b88bd377 Updated Changelog 2015-09-11 10:12:57 -04:00
sebres 4cf3b576b9 Bugfix for dnsToIp resolver for fqdn with large list of IPs;
closes #1164
2015-09-08 18:20:48 +02:00
Edward Beckett 4bd7991573 Added apache-badbots.conf 2015-09-06 01:12:19 -04:00
weberho 2d69fd20ae Updated ChangeLog regarding openSUSE's path config 2015-08-26 15:37:14 +02:00
Yaroslav Halchenko 60fbf7d750 changelog for freshly merged PR (roundcube-auth definition of logpath) 2015-08-26 09:03:23 -04:00
Yaroslav Halchenko 9ebf01293b Post release tune ups 2015-08-01 09:17:31 -04:00
Yaroslav Halchenko 70ba5cb005 Release changes (too much of manual "labor"! ;)) 2015-07-31 21:32:13 -04:00
Yaroslav Halchenko 776322cea3 BF: realpath for /var/run/fail2ban Closes #1142 2015-07-31 10:12:14 -04:00
Yaroslav Halchenko c37009aec7 Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban
* 'grep-m1k' of github.com:szepeviktor/fail2ban:
  Limit the number of log lines in *-lines.conf actions

Conflicts:
  ChangeLog -- took both versions and adjusted the new one
  for -n 1000 change
2015-07-27 22:37:46 -04:00
Yaroslav Halchenko a80820e356 Changelog entry for killpg fix 2015-07-27 22:34:40 -04:00
Yaroslav Halchenko 38c320798d Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122
WIP ENH Add <lockingopt> (Close: #1122) and <iptables> to define the iptables call
2015-07-27 22:30:54 -04:00
Yaroslav Halchenko de69855157 Changelog entries for Serge's fixes 2015-07-27 10:35:14 -04:00
Yaroslav Halchenko 0041bc3770 DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description 2015-07-26 23:10:08 -04:00