Commit Graph

4734 Commits (a92f25b48ecb8bc46e191fcb06ac437caaf0a25c)

Author SHA1 Message Date
sebres 2e437937c3 datedetector: extended default date-patterns (allows extra space between the date and time stamps);
* introduces 2 new format directives (with corresponding `%Ex` prefix for more precise parsing):
  - %k - one- or two-digit number giving the hour of the day (0-23) on a 24-hour clock,
   (corresponds %H, but allows space if not zero-padded).
  - %l - one- or two-digit number giving the hour of the day (12-11) on a 12-hour clock,
   (corresponds %I, but allows space if not zero-padded).
* mysqld-auth test extended to cover new date-format in log.
Closes gh-1639
2017-11-30 17:06:37 +01:00
Serg G. Brester cbd63d9cd5
added test to cover quoted injecting on AUTH command 2017-11-30 12:45:11 +01:00
Serg G. Brester 4f63180611
Avoid injection using quotes after `auth` command;
Added non-greedy fallback for quoted something (with lookahead simulated possessive greedy catch of non-quoted parts `[^"]*(?=")`).
Note that because host-info's are hereafter (with foreign input in-between), we would not use greedy or non-greedy catch-alls (`.*` or `.*?`) here (preventing performance losses).
2017-11-30 12:32:24 +01:00
Serg G. Brester f59df2e156
Avoid any injecting on protocol (e. g. tries using camel-case)
The phrase "AUTH command used when not advertised" is precise enough as anchor here, so prevent by any foreign-input (any auth protocol error).
2017-11-29 20:55:48 +01:00
Peter Nowee aa158ac05f
Exim failregex: Include lower/mixed case AUTH
When reporting the error `AUTH command used when not advertised`, Exim
starts with `SMTP protocol error in "........."`. Here, Exim logs the
SMTP command as it was provided by the connecting client.
https://github.com/Exim/exim/blob/exim-4_89+fixes/src/src/smtp_in.c#L2850

According to RFC 5321 (SMTP) "[..] a command verb [..] MAY be encoded
in upper case, lower case, or any mixture of upper and lower case with
no impact on its meaning."
https://tools.ietf.org/html/rfc5321#section-2.4

Lower case `auth login` brute-force attempts were seen in the wild and
were not caught by the current failregex.

This commit makes the failregex case-insensitive for the `AUTH`
command, so that lower case (`auth`) or mixed case (`aUtH`) now also
match. The failregex was already case-insensitive for the command
arguments (e.g. `AUTH login` already matched).
2017-11-29 15:14:43 +01:00
SlowRiot 660d57e6ba updating my email address 2017-11-29 10:43:15 +01:00
sebres 5cc0abbb02 Merge branch '0.10' into 0.11
# Conflicts:
#	fail2ban/tests/fail2banclienttestcase.py
2017-11-28 16:37:51 +01:00
sebres fbf89e8cdd typo in indent (spaces to tabs) 2017-11-28 16:32:16 +01:00
Serg G. Brester f917b4346b
Merge pull request #1974 from sebres/nginx-block-map
session-related blacklisting via nginx
2017-11-28 16:27:21 +01:00
sebres 55c2a9968a remove lacking [Init] section check ([Init] section not necessary anymore for actions also);
fix sporadic error by shutdown server in with_foreground_server_thread decorator (if shutdown too fast, but end-phase still does not reached the tester-thread);
2017-11-28 16:14:17 +01:00
sebres b62ab2d51e ChangeLog updated 2017-11-28 13:46:57 +01:00
sebres 76f2865883 implemented new action "action.d/nginx-block-map.conf", used in order to ban not IP-related tickets via nginx (session blacklisting in nginx-location with map-file); 2017-11-28 13:42:41 +01:00
sebres 12b55bb8cc Merge remote-tracking branch '0.10' into 0.11 2017-11-27 12:02:46 +01:00
Serg G. Brester 4fa0f48fa1
Merge pull request #1970 from sebres/fix-gh-1876
Fix logging to systemd-journal (gh-1876)
2017-11-27 10:04:38 +01:00
sebres 6db9ae8574 ChangeLog updated 2017-11-26 23:35:11 +01:00
sebres af0f7e93ce better handling by start/stop of server in foreground mode;
don't call logging.shutdown because part of exit in fail2bancmdline.
2017-11-26 23:06:35 +01:00
sebres f31195a4fc added new logtarget "SYSOUT" to log from fail2ban working in foreground as systemd-service (in opposite to "STDOUT" don't log time-stamps). 2017-11-26 23:03:29 +01:00
sebres 95f29f457a Merge branch '0.10' into 0.11 2017-11-24 13:45:43 +01:00
sebres 100b531aff travis: add build for python 3.7-dev and switch to newest pypy3.3 in travis 2017-11-24 13:33:20 +01:00
sebres 7bf5980def no root option if testing within virtualenv (fixed now). 2017-11-24 13:20:19 +01:00
sebres fa007bfa7c remove build folder, if created through setup-process in test 2017-11-24 12:57:55 +01:00
sebres eac80966c5 Fix scripts-root within `fail2ban.service` (relative install root-base directory).
This is amend for e3b061e94b.
Closes gh-1964
2017-11-24 12:54:45 +01:00
sebres 8aeaaf06ee Merge branch '0.10' into 0.11 2017-11-23 22:57:21 +01:00
sebres 6db8db04f8 Merge branch 'master' into 0.10: fixed test-cases covering dns2ip (IP of www.epfl.ch changed) 2017-11-23 22:46:17 +01:00
sebres 5708b8b90e fixed test-cases covering dns2ip (IP of www.epfl.ch changed) 2017-11-23 22:42:51 +01:00
sebres 159957ab88 filter.d/sshd.conf: extended failregex for modes "extra"/"aggressive": now finds all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors;
obsolete (multi-line buffered) variant extended also.

Closes gh-1943, gh-1944
2017-11-23 22:21:42 +01:00
Allan Nordhøy 855f5d0ced
to be found 2017-11-11 14:03:15 +01:00
Allan Nordhøy fe9e85c71d
"Fail2Ban", other language improvements 2017-11-10 23:56:10 +01:00
sebres 70b933f405 Merge branch '0.10' into 0.11 2017-11-06 18:57:53 +01:00
sebres 7e756da2b9 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-11-06 18:56:31 +01:00
Serg G. Brester 4cd3b2d4c9
Merge pull request #1955 from sebres/fix-initial-config
config/paths-*.conf: initial values and normalization
2017-11-06 18:30:13 +01:00
Serg G. Brester ee80c52430 Update ChangeLog 2017-11-03 14:15:54 +01:00
sebres eba68a8f37 config/paths-common.conf: Added initial values for `syslog_authpriv`, `syslog_mail` in order to avoid errors while parsing/interpolating configuration;
Note the systemd-backend does not need the logpath at all;
Some defaults normalized (minimized configs, don't need to overwrite values in distribution-related path if equal).
2017-11-03 14:15:07 +01:00
Serg G. Brester c06f3c3fb8
Merge pull request #1812 from jpotter/patch-1
Replace port imap3 with imap
2017-11-03 14:05:57 +01:00
Serg G. Brester 4d10c615c4
Update ChangeLog
typo
2017-11-03 14:05:17 +01:00
Serg G. Brester 8b26fd2778 Update ChangeLog 2017-11-03 14:03:47 +01:00
Serg G. Brester 9876dd44f9 replace port imap3 with imap everywhere, since imap3 is not a standard port and old rarely (if ever) used and missing on some systems
(see gh-1942)
2017-11-03 14:03:06 +01:00
Jeff Potter 4a2fc8b7e8 Include imap (port 143) in courier-auth ports
imap was missing from the list of ports, preventing fail2ban from blocking connections on standard IMAP port 143.
2017-11-03 14:01:19 +01:00
Serg G. Brester a87af7bf41
Merge pull request #1948 from itoffshore/alpine
gentoo-initd: add descriptions
2017-11-03 13:30:18 +01:00
Stuart Cardall 18d2761dc0 gentoo-initd: add descriptions
add descriptions to stop syslog errors for extra_started_commands when running:

rc-service ipset describe

Oct 28 15:13:30 xxxx daemon.warn /etc/init.d/fail2ban[26446]: ^[[1m^[[36mreload^[[m: no description
Oct 28 15:13:30 xxxx daemon.warn /etc/init.d/fail2ban[26447]: ^[[1m^[[36mshowlog^[[m: no description
2017-11-01 22:19:14 +01:00
sebres 12419b75f2 Merge branch '0.10' into 0.11
# Conflicts:
#	fail2ban/tests/servertestcase.py
2017-10-30 14:02:41 +01:00
sebres b615a98540 jail.conf: avoid overwriting of default value of the parameter `chain` of several actions (where default chain != INPUT);
test-cases extended to cover the same logic (use `<known/chain>` instead of fix value `INPUT`);
Closes gh-1949
2017-10-30 13:32:52 +01:00
Serg G. Brester e07a8cda07 Update jail.conf
Documentation of parameters for action blocklist_de, closes gh-1940
2017-10-27 15:26:17 +02:00
Serg G. Brester 2409c4506a Merge pull request #1917 from martin61/patch-1
add ip6tables.service ipset.service in systemd unit
2017-10-20 12:39:46 +02:00
martin61 5db497017a add ip6tables.service ipset.service in systemd unit 2017-10-19 16:44:18 +02:00
Serg G. Brester 1a8fb6290d Merge pull request #1926 from sebres/0.10-pf-actionflush
action.d/pf.conf: wildcard anchoring example + bulk-unban with command `actionflush`
2017-10-19 16:35:46 +02:00
sebres a99513a43e version bump (0.11.0.dev0) after merge 0.10 2017-10-18 19:05:20 +02:00
sebres 76f5e3659e Merge branch '0.10' into 0.11 2017-10-18 19:03:08 +02:00
sebres 0e66e3cc57 Merge branch 'master' into 0.10
# Conflicts:
#	config/filter.d/asterisk.conf
2017-10-18 19:00:23 +02:00
Serg G. Brester 0aeb91d1e2 Merge pull request #1929 from miken32/patch-1
Remove invalid (vulnerable) regex using IP from foreign input (not the originator).
2017-10-18 18:54:43 +02:00