github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,343 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

468 Commits (9d77fb2b4c5f4471e1abef0974c70c1ff622ff75)

Author SHA1 Message Date
sebres d253e60a8b Merge branch '0.10' into 0.11 2020-09-23 19:39:50 +02:00
Sergey G. Brester d977d81ef7
action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos 2020-09-17 12:39:08 +02:00
sebres 74b73bce8a Merge branch '0.10' into 0.11 2020-09-04 13:09:47 +02:00
sebres a038fd5dfe `action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`; 
small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules);
closes gh-2821
 2020-09-03 16:41:23 +02:00
sebres 067b76fc9e Merge branch '0.10' into 0.11 2020-08-04 15:40:59 +02:00
sebres 9100d07c03 Merge branch '0.10-ipset-tout' into 0.10, amend to #2703: resolves names conflict (command action timeout and ipset timeout); closes #2790 2020-08-04 13:53:21 +02:00
sebres 73a8175bb0 resolves names conflict (command action timeout and ipset timeout); closes gh-2790 2020-08-04 13:22:02 +02:00
sebres 309c8dddd7 action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`) 2020-06-24 19:20:36 +02:00
sebres 1588200274 Merge branch '0.10' into 0.11 2020-05-25 18:58:05 +02:00
Sergey G. Brester 01e92ce4a6 added fallback using tr and sed (jq is optional now) 2020-04-27 19:26:46 +02:00
Sergey G. Brester 1c1b671c74 Update cloudflare.conf 2020-04-27 19:26:44 +02:00
Sergey G. Brester 5b8fc3b51a cloudflare: fixes ip to id conversion by unban using jq 
normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)
 2020-04-27 19:26:43 +02:00
Viktor Szépe 852670bc99 CloudFlare started to indent their API responses 
We need to use https://github.com/stedolan/jq to parse it.
 2020-04-27 19:26:39 +02:00
Ilya 8b3b9addd1 Change tool from 'cut' to 'sed' 
Sed regex was tested - it works.
 2020-04-27 19:12:36 +02:00
Ilya 5da2422f61 Fix actionunban 
Add command to remove new line character. Needed for working removing rule from cloudflare firewall.
 2020-04-27 19:12:35 +02:00
sebres 87a1a2f1a1 action.d/*-ipset*.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only) 2020-04-25 14:52:38 +02:00
sebres 70e47c9621 Merge branch '0.10' into 0.11 2020-01-14 11:44:35 +01:00
sebres ec37b1942c action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596) 2020-01-14 11:39:13 +01:00
sebres 3515d06979 Merge branch '0.10' into 0.11 2019-10-18 19:19:21 +02:00
sebres 85ec605358 nftables: amend to gh-2254 - implemented shutdown of action (proper clean-up) - at stop it checks now the last set was deleted and removes table completely (if table does not contain any set); 
this is avoided if some sets were added manually or can be avoided via overwriting of parameter `_nft_shutdown_table`, for example:
banaction = nftables[_nft_shutdown_table=''][...]
 2019-10-18 19:01:16 +02:00
sebres 51af193402 nftables: add options allowing to specify own table (default `f2b-table`) and chain (default `f2b-chain`) 2019-10-18 18:54:02 +02:00
sebres 955d690e56 regrouping expressions with curly braces, added more escapes (better handling in posix shell) 2019-10-18 18:34:48 +02:00
sebres 0824ad0d73 Merge branch '0.10' into 0.11 2019-10-18 12:04:38 +02:00
sebres 8ea00c1d5d fixed mistake in config (semicolon after space as comment in configs?) and coverage, suppress errors by unsupported flush, better space handling in helper _nft_get_handle_id, etc 2019-09-25 13:47:29 +02:00
sebres 492205d30e action.d/nftables.conf: implemented `actionflush` (allows flushing nftables sets resp. fast unban of all jail tickets at all) 2019-09-24 20:00:29 +02:00
sebres abc4d9fe37 allow to use multiple protocols in multiport (single set with multiple rules in chain): 
`banaction = nftables[type=multiport]` with `protocol="tcp,udp,sctp"` in jail replace 3 separate actions.
more robust if deleting multiple references to set (rules in chain)
 2019-09-24 19:44:59 +02:00
sebres c753ffb11d combine nftables actions to single action: 
- nftables-common is removed
- nftables-allports  is obsolete, replaced by nftables[type=allports]
- nftables-multiport is obsolete, replaced by nftables[type=multiport]
 2019-09-24 18:53:38 +02:00
sebres c59d49da22 nftables-allports: support multiple protocols in single rule; 
tests/servertestcase.py: added coverage for nftables actions
 2019-09-24 18:46:41 +02:00
Ririsoft dde51b4682 fix actionban/unban ip definition syntax 2019-09-24 13:01:14 +02:00
Monson Shao 1cda50ce05 Rewrite nftables variables based on nftables' logic. 
Add an example for redirecting.
 2019-09-24 13:01:13 +02:00
sebres 581f13c2db Merge branch '0.10' into 0.11 2019-07-22 19:07:15 +02:00
benrubson 8b171f7d25 Badips key is only used to retrieve list 2019-06-26 18:34:20 +02:00
sebres 80f97eaf02 Merge branch '0.10' into 0.11 2019-06-26 17:29:08 +02:00
sebres e751be2c13 normalize, simplify and fix several mail actions (mail and sendmail actions are more similar now, sendmail is configurable via parameter `mailcmd`, etc); 
added test covering sendmail-whois-lines
 2019-06-15 23:14:41 +02:00
sebres 2e7a600851 Merge branch '0.10' into 0.11 2019-06-12 11:44:05 +02:00
sebres 22b9304562 action.d/badips.py: fix start of banaction on demand (which may be IP-family related), supplied action info with ticket instead of simulating it with dict; 
(closes gh-2390)
 2019-06-12 11:23:52 +02:00
sebres 3d4044084a Merge branch '0.10' into 0.11 2019-06-07 14:48:10 +02:00
Sergey G. Brester 7dbd3a07eb cut comment to limit documented on abuseipdb, additionally use curl in quiet mode 2019-06-07 14:39:55 +02:00
Carlos Ferreira 7b73cb7639 Switch to AbuseIPDB API v2 2019-06-07 14:39:52 +02:00
sebres ca85ddc866 Merge branch '0.10' into 0.11 2019-05-10 16:23:50 +02:00
sebres d8d71c5a22 action.d/helpers-common.conf: grep arguments are rewritten - using options `-wF` to match only whole words and fixed string (not as pattern) 2019-05-10 16:17:13 +02:00
chtheis fa727586ff Fix grep pattern to deal with Apache's error log 
Apache's error log appends the port to the IP address, other logs don't.
 2019-05-10 16:04:27 +02:00
sebres 74eac6c94f Merge branch '0.10' into 0.11 2019-05-02 15:28:44 +02:00
sebres 23d2281e57 action.d/nginx-block-map.conf: small fix with better RE-rule for removal of ID (token/session) via sed (anchored now) 2019-05-02 15:22:45 +02:00
Sergey G. Brester b318eb7e33
closes gh-2408: prevent execution of action `abuseipdb` for restored tickets 2019-04-29 10:45:37 +02:00
sebres 17a4f81e23 Merge branch '0.10' into 0.11 2019-03-27 13:46:56 +01:00
sebres e8401a7e65 action.d/xarf-login-attack.conf: fixes gh-2372, correction for split of addresses, interpolation is shell-independent now, etc; 
extended with option `boundary`, additionally dynamic boundary part is used (is not so predictable as it was previously);
 2019-03-16 00:05:06 +01:00
sebres 324f0ed7cc Merge branch '0.10' into 0.11 2019-03-01 12:36:07 +01:00
sebres 5126068099 loglevel and shortloglevel combined to single parameter loglevel, below an example logging summary with NOTICE and rest with DEBUG log-levels: 
action = badips.py[... , loglevel="debug, notice"]
 2019-02-22 14:05:19 +01:00
benrubson 689938ee99 Add a shortloglevel badips.py option 2019-02-22 13:32:46 +01:00