9d77fb2b4c
1st try of GH actions flow (CI only, no coverage atm)
2020-11-03 15:38:06 +01:00
960e30cfcd
Merge branch '0.11'
2020-09-23 19:41:04 +02:00
d253e60a8b
Merge branch '0.10' into 0.11
2020-09-23 19:39:50 +02:00
24093de32d
small amend (simplifying formatted help and man)
2020-09-23 19:35:17 +02:00
f518d42c59
Add a note about `journalflags` options to `systemd-journal` backend
...
Also adds systemd backend configuration examples to jail.conf(5)
Closes #2696
2020-09-23 19:09:42 +02:00
4c2539856c
Merge branch 'speedup-client-status' into 0.10
2020-09-23 13:03:45 +02:00
d977d81ef7
action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos
2020-09-17 12:39:08 +02:00
f381b98246
introduces new flavor `short` for `fail2ban-client status $jail short`: output total and current counts only, without banned IPs list in order to speedup it and to provide more clear output (gh-2819), flavor `basic` (still default) is unmodified for backwards compatibility;
...
it can be changed later to `short`, so for full list of IPs in newer version one should better use:
- `fail2ban-client status $jail basic`
- `fail2ban-client get $jail banned` or `fail2ban-client banned`
2020-09-10 11:53:26 +02:00
e8ee3ba544
resolves a bottleneck within transmitting of large data between server and client: speedup search of communications end-marker and increase max buffer size (up to 32KB)
2020-09-10 11:52:25 +02:00
5abc4ba4ae
amend to 39d4bb3c35 ( #2758 ): better reaction on broken pipe (on long output), don't close stdout explicitly (allows usage of modules like cProfile, which outputs result on exit), just flush it before exit.
2020-09-09 17:32:10 +02:00
f555ff45e9
attempt to speedup ban- and fail-manager (e. g. fail2ban-client status, see gh-2819), remove unneeded lock (GIL is enough here)
2020-09-07 19:08:52 +02:00
74b73bce8a
Merge branch '0.10' into 0.11
2020-09-04 13:09:47 +02:00
a038fd5dfe
`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;
...
small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules);
closes gh-2821
2020-09-03 16:41:23 +02:00
4d2734dd86
Merge branch '0.10' into 0.11
2020-09-02 20:23:07 +02:00
ed20d457b2
jail.conf: removed action parameter `name` that set on jail-name (`name=%(__name__)s` is default in action reader)
2020-09-02 20:14:31 +02:00
f09ba1b399
action in jail-config extended to consider space as separator now (splitWithOptions separates by space between mains words, but not in options), so defining `action = a b` would specify 2 actions `a` and `b`;
...
it is additionally more precise now (see fixed typo with closed bracket `]` instead of comma in testServerReloadTest)
2020-09-02 20:09:06 +02:00
a3a148078e
fail2ban-regex: more informative output for `datepattern` (e. g. set from filter) - pattern : description, example:
...
Use datepattern : ^%Y-%m-%d %H:%M:%S : ^Year-Month-Day 24hour:Minute:Second
2020-08-28 14:12:57 +02:00
17a6ba44b3
fail2ban-regex: speedup formatted output (bypass unneeded stats creation);
...
fail2ban-regex: extended with prefregex statistic
2020-08-28 13:52:09 +02:00
db1f3477cc
amend to 3f04cba9f92a1827d0cb3dcb51e57d9f60900b4a: sendmail-auth has 2 failregex now, so rewritten with prefregex
2020-08-27 18:07:42 +02:00
3f04cba9f9
filter `sendmail-auth` extended to follow new authentication failure message introduced in sendmail 8.16.1, AUTH_FAIL_LOG_USER (gh-2757)
2020-08-27 17:44:25 +02:00
07fa9f2912
fixes gh-2787: allow to match `did not issue MAIL/EXPN/VRFY/ETRN during connection` non-anchored with extra mode (default names may deviate);
...
additionally provides common addr-tag for IPv4/IPv6 (`(?:IPv6:<IP6>|<IP4>)`) and test-coverage for IPv6
2020-08-27 17:04:19 +02:00
d0d1f8c362
improve result for get/set prefregex
2020-08-26 16:54:18 +02:00
8bc7623388
Merge branch '0.11'
2020-08-26 13:49:41 +02:00
be3115cda0
fix year overflow (9999) by format of datetime (time2str for end of ban of persistent ticket);
...
closes gh-2817
2020-08-26 13:31:29 +02:00
b2036c1d62
Merge branch '0.10' into 0.11
2020-08-26 12:22:17 +02:00
e569281d6b
avoids overwrite of `known/option` with unmodified (not available) value of `option` from .local config file,
...
so it wouldn't cause self-recursion if `option` already has a reference to `known/option` (from some include) in .conf file;
closes gh-2751
2020-08-26 12:08:04 +02:00
5a2cc4e1c5
substituteRecursiveTags: more precise self- or cyclic-recursion prevention (don't clear replacement counts of tags, rather consider replacement count by tax X in tag Y)
2020-08-26 12:05:20 +02:00
e9071b642a
Merge branch '0.10' into 0.11
2020-08-25 18:28:18 +02:00
81fb28e146
Merge pull request #2631 from benrubson/guacamole
...
`filter.d/guacamole.conf` extended with `logging` parameter to follow webapp-logging if it's configured
2020-08-25 18:27:18 +02:00
2945fe8cbd
changelog
2020-08-25 18:25:32 +02:00
d9b8796792
amend with better (common) handling, documentation and tests
2020-08-25 18:01:34 +02:00
7b05c1ce7a
do type-convert only in getCombined (otherwise int/bool conversion prevents substitution or section-related interpolation of tags)
2020-08-25 14:52:22 +02:00
1707560df8
Enhance Guacamole jail
2020-08-25 13:01:50 +02:00
41b88b4f4f
Merge branch '0.10' into 0.11
2020-08-24 16:42:19 +02:00
1e3da21c68
Remove duplicate method and rename invalid parameter
...
(cherry picked from commit fd25c4cbb8
2020-08-24 16:41:55 +02:00
ad51fb7e1e
partial cherry-pick fd25c4cbb8 ( #2768 )
2020-08-24 16:41:22 +02:00
57caf8ec90
Merge pull request #2768 from TorontoMedia/patch
...
Remove duplicate method and rename invalid parameter
2020-08-24 16:39:25 +02:00
7327fee2c8
Merge branch '0.11'
2020-08-24 16:33:30 +02:00
4bc8bc9d5f
Merge branch '0.10' into 0.11
2020-08-24 16:31:48 +02:00
8da663a67e
Merge pull request #2814 from sebres/0.10-date-opt
...
extended datepattern handling (TZ issues, no datepattern, etc)
2020-08-24 16:27:35 +02:00
295630cccf
documentation and changelog
2020-08-24 16:12:55 +02:00
76e5d2b199
amend to f21c58dc72, better follow previous handling with last known datetime (compatibility for multi-line logs, in case of second line without a timestamp)
2020-08-21 17:53:02 +02:00
f21c58dc72
implements special datepattern `{NONE}` - allow to find failures without date-time in log messages (filter use now as timestamp)
...
closes gh-2802
2020-08-20 20:28:29 +02:00
b82f584a96
added test case covering new date handling (simulation, unknown format, warnings, etc)
2020-08-20 19:46:41 +02:00
d2cef96f33
filter: implement mode `inOperation`, which gets activated if filter starts processing of new messages; better interaction with non-matching optional datepattern or invalid timestamps (or timezone) - assuming now instead of bypass;
...
fixed test cases gathering new failures now in operation mode
2020-08-20 18:52:00 +02:00
7e8d98c4ed
code review, fix simplest TZ issue - avoid date adjustment by assuming of last year (date without year in the future) by wrong zone (don't adjust by offset up to +24 hours)
2020-08-13 19:20:27 +02:00
3ca69c8c0a
amend to #2791 : unban subnet when subnet is in supplied subnet
2020-08-11 17:14:21 +02:00
7d172faa50
implements gh-2791: fail2ban-client extended to unban IP range(s) by subnet (CIDR/mask) or hostname (DNS)
2020-08-11 16:01:52 +02:00
39d4bb3c35
closes gh-2758: no explicit flush (close std-channels on exit, it would cause implicit flush without to produce an error 32 "Broken pipe" on closed pipe)
2020-08-11 13:57:36 +02:00
a7ad3e00dd
amend to 91eca4fdeb ( #2634 ): server creates a RTM-directory for socket/pid file automatically (don't check its existence in client)
2020-08-11 11:58:02 +02:00
Sergey G. Brester