github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,734 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

4734 Commits (a92f25b48ecb8bc46e191fcb06ac437caaf0a25c)

Author SHA1 Message Date
sebres 0a4a76c4c4 Merge branch '0.10' into 0.11 2018-01-19 12:32:48 +01:00
sebres 9d5f20aab2 FilterPyinotify: fixed sporadic test-case error (multi-threaded) - 'NoneType' object has no attribute 'stop'. 2018-01-19 12:32:24 +01:00
sebres c50875ccf6 Update ChangeLog: all major 0.11 changes combined in 0.11th block now 2018-01-19 11:41:54 +01:00
sebres aa47937d4f Merge branch '0.10' into 0.11: bum version after release of 0.10.2 2018-01-18 16:47:13 +01:00
sebres 9a38d5697f bump version (0.10.2 -> 0.10.3.dev1) 2018-01-18 16:40:48 +01:00
sebres a45488465e prepare release: bump version, update ChangeLog, man's and MANIFEST etc. 2018-01-18 14:49:01 +01:00
sebres 1ca3df877b Merge branch '0.10' into 0.11 2018-01-18 14:32:00 +01:00
sebres 81b61fe30c ChangeLog update 2018-01-18 14:19:55 +01:00
sebres f69e28adfc action.d/pf.conf: compatibility fix - recognizes that parameter `port` specified as empty, with or without braces (should be more backwards compatible to 0.9 now). 2018-01-18 14:05:22 +01:00
sebres 38b3290516 Merge branch '0.10' into 0.11 2018-01-17 16:43:45 +01:00
sebres ed22ddbbbb Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-01-17 16:42:56 +01:00
Sergey G. Brester 37f5a6975e
Merge pull request #2015 from BenediktSeidl/nginx-http-auth--spaces-fix 
nginx-http-auth: match usernames with spaces
 2018-01-17 16:40:54 +01:00
sebres 63e906b2c1 regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name 2018-01-17 16:35:32 +01:00
Benedikt Seidl fed6c49c2d nginx-http-auth: match usernames with spaces 
# Conflicts:
#	ChangeLog
 2018-01-17 16:35:31 +01:00
Sergey G. Brester 9a8c4a9869
Merge pull request #2018 from riceru/patch-1 
lighttpd-auth.conf: new log-format (http_auth -> mod_auth)
 2018-01-17 12:14:38 +01:00
Sergey G. Brester b6c6565a7e
regex updated using non-capturing groups 2018-01-16 14:23:47 +01:00
Sergey G. Brester 9a46590486
extended test-cases to cover new log-format (http_auth -> mod_auth) 2018-01-16 14:20:51 +01:00
riceru 6a1bbbf101
Update lighttpd-auth.conf 
I have lighttpd 1.4.45 (Debian 9) and auth error log is different.
Now printing mod_auth and not http_auth.
I think that the change was in Lighttp 1.4.42
 2018-01-16 12:39:55 +00:00
sebres 576eeb70dd Merge branch '0.10' into 0.11 2018-01-15 18:17:18 +01:00
sebres 2b7b0da943 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-01-15 18:16:43 +01:00
sebres 2bce0c5e3e file-filter's: provide stop function in order to explicitly delete/stop monitoring of each file. 2018-01-15 18:00:15 +01:00
sebres 416240e80e Merge branch '0.10' into 0.11 2018-01-15 17:21:23 +01:00
sebres 81c86fa83f Remove annoying error-message "rm_watch: cannot remove WD=2, Errno=Invalid argument (EINVAL)", logged from pyinotify-module if rm_watch called with non-existing watch file descriptor (probably multi-threaded issue by dual-remove). 
Closes gh-1865
 2018-01-15 17:12:07 +01:00
sebres 0befbfd766 Merge branch '0.10' into 0.11 2018-01-11 20:23:55 +01:00
sebres b644d2d73f should fix sporadic coverage decrease (don't cover "return", because too sporadic to get idle in pyinotify-callback); 2018-01-11 20:23:22 +01:00
sebres 5ddab17089 Merge branch '0.10' into 0.11 2018-01-11 13:28:31 +01:00
sebres 7516cd025d fixed restoring sane environment (via stop/start) if invariant check failed: bypass possible errors in stop (if start/check succeeded hereafter); 
test cases extended to cover such situation.
Closes gh-1997
 2018-01-11 13:21:36 +01:00
Serg G. Brester 7e05976ead
action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now. 
Closes  #2000
 2018-01-11 12:38:34 +01:00
sebres da86ebca31 Merge branch '0.10' into 0.11 2018-01-11 11:21:02 +01:00
sebres 29e1fe9479 micro-fix: delete temporary file (forgotten in test-case `test_move_dir` by reassign to directory) 2018-01-11 11:15:58 +01:00
sebres 039ac7c7c4 Merge branch '0.10' into 0.11 2018-01-11 10:29:46 +01:00
Serg G. Brester 6251fcf5f7
Merge pull request #2014 from sebres/sshd-fix-connects-with-mult-pub-keys 
stop ban of legitimate users with multiple public keys (e. g. git, etc)
 2018-01-11 10:27:35 +01:00
sebres 1c0fc73e48 Update ChangeLog 2018-01-11 10:27:38 +01:00
sebres 2112145eb4 stop ban of legitimate users with multiple public keys (e. g. git, etc), thereby 
differentiate between "invalid user" (going banned earlier) and valid users with public keys, for which the rejects of not valid public keys (failures) will be retarded up to "Too many authentication failures" resp. disconnect without success (accepted public key).
 2018-01-10 19:07:20 +01:00
sebres 314e402fe0 filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632) 2018-01-10 14:49:06 +01:00
sebres 0e68c9a720 Merge branch '0.10' into 0.11 2018-01-10 12:22:31 +01:00
sebres c36fbdf743 test cases extended in order to cover `firewallcmd-ipset` with `allports` 2018-01-10 12:13:07 +01:00
sebres c30144b37a Merge branch '0.9' into 0.10 
# Conflicts:
#	config/action.d/firewallcmd-ipset.conf
#	config/filter.d/asterisk.conf
# Merge-point after cherry-pick, no changes:
#	fail2ban/client/jailreader.py
#	fail2ban/helpers.py
 2018-01-10 12:05:26 +01:00
Serg G. Brester 029cd5aa24
Update ChangeLog 2018-01-10 11:47:59 +01:00
Serg G. Brester 597a27576e
Merge pull request #1908 from GetPageSpeed/firewallcmd-ipset-allports 
New ban mode `allports` for `firewallcmd-ipset`. Closes #1167
 2018-01-10 11:43:44 +01:00
sebres 131b94e11e firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage: 
banaction = firewallcmd-ipset[actiontype="<allports>"]
 2018-01-10 10:58:03 +01:00
Danila Vershinin c190631f88 New ban action firewallcmd-ipset-allports. Closes #1167 2018-01-10 10:58:01 +01:00
sebres 3d9a112c8f cherry-pick newer version of extractOptions, in order to avoid large discrepancy between 0.10 and 0.9 config-parsers: 
allow to use dual parameter lists (coming through substitutions), e. g.: `name[p1=0, p2="..."][p3='...']`;
simplified explanation: `][` treats as `,` in new version.
cherry-picked from 0.10.
 2018-01-10 10:57:59 +01:00
Serg G. Brester 82f8bd8639
Merge pull request #2011 from Yannik/patch-1 
Fix filter not catching asterisk requests with quote character in username (fixes #2010)
 2018-01-10 09:27:29 +01:00
Serg G. Brester f7e2d3610b
Update ChangeLog 2018-01-09 21:19:01 +01:00
Serg G. Brester a1d1498561
Restore log-entries not affected by #2011 2018-01-09 21:13:02 +01:00
sebres a83a6c38e4 Merge branch '0.10' into 0.11 
# Conflicts:
#	fail2ban/server/database.py
 2018-01-09 12:25:30 +01:00
sebres f6d0c86533 test cases extended: flush jail in database 2018-01-09 12:16:37 +01:00
sebres 2c69c0e7e5 flush jail in database: bulk remove of all IPs in the database (e. g. reload --unban). 2018-01-09 12:15:56 +01:00
Yannik Sembritzki aab54bb0dd
don't replace normal test case with specialized test case 2018-01-08 22:29:43 +01:00