sebres
8069eef50c
badips: try to fix sporadic test errors if badips-server timed out resp. not available (502 bad gateway or similar).
2018-04-05 12:31:29 +02:00
sebres
414469c102
Merge '0.10.3.fix1' into 0.10
2018-04-05 00:41:29 +02:00
sebres
ac0d441fd6
0.10.3.fix1: version bump
2018-04-05 00:21:30 +02:00
sebres
cb0f4cbb32
test_badips.py: amend to 2ff65f5d3ce1a4bd107cb4dbbd5343f7146a0677:
...
increase timeout in normal mode + catch timeout exceptions to skip the test (avoid sporadic CI errors if badips gets slowly).
2018-04-05 00:17:00 +02:00
sebres
c1923f9644
update ChangeLog
2018-04-04 23:32:22 +02:00
sebres
34b586b51e
fix for JSON serialization bug for set object (gh-2103): currently there are only users, so simply serialized as a list.
2018-04-04 23:28:44 +02:00
sebres
187514eda7
bump version (0.10.3 -> 0.10.4.dev1)
2018-04-04 20:17:26 +02:00
sebres
0a50f2e19e
next release of 0.10: bump version, update ChangeLog, man's and MANIFEST etc.
2018-04-04 19:44:09 +02:00
sebres
5dfba17663
Merge pull request #2064 from mgrant0/0.11 (rebased)
...
Sendmail logs IPv6 addresses with the prefix 'IPv6:'. Changed <HOST> to (?:IPv6:<IP6>|<IP4>)
2018-04-04 18:59:13 +02:00
sebres
4a8506fcca
update ChangeLog
2018-04-04 18:57:41 +02:00
Michael Grant
57bc502d5c
Update sendmail-reject.conf
2018-04-04 18:52:36 +02:00
Michael Grant
2ab6a5ae62
Update sendmail-auth.conf
2018-04-04 18:52:35 +02:00
Michael Grant
87520e8008
Sendmail logs IPv6 addresses with the prefix 'IPv6:'. Added (IPv6:)? before all <HOST> regexes to match the IPv6 address (but not the prefix).
2018-04-04 18:52:33 +02:00
sebres
2ff65f5d3c
test_badips.py: increase timeout in normal mode (avoid sporadic CI errors if badips gets slowly).
2018-04-04 18:01:51 +02:00
Sergey G. Brester
521de5edfd
Merge pull request #2101 from mercurytoxic/mercurytoxic-patch-1
...
Fixes abuseipdb curl cypher error and comment $f2bV_matches
2018-04-04 16:48:56 +02:00
Sergey G. Brester
d9525ad3aa
Update ChangeLog
2018-04-04 16:47:18 +02:00
Luis Aranguren
fc76ccf192
Fixes abuseipdb curl cypher error and comment $f2bV_matches
...
Fixed https://github.com/fail2ban/fail2ban/issues/2044 #2044
and used https://github.com/fail2ban/fail2ban/issues/2039 to fix comment in abuseipdb.com only showing $f2bV_matches
2018-04-04 16:39:16 +02:00
Sergey G. Brester
7bbc26d67e
Merge pull request #2097 from benrubson/sni
...
Detect Apache SNI error / misredirect attempts
2018-04-04 16:31:38 +02:00
Sergey G. Brester
28ae32f0ca
Update ChangeLog
2018-04-04 16:31:14 +02:00
sebres
02bae2962d
fixed test cases: www.epfl.ch seems to change again the static IP address, tests rewritten using dynamic mechanism (via resolver).
2018-04-04 15:24:59 +02:00
Yaroslav Halchenko
f530348562
minor typo fix, thanks lintian
2018-04-04 01:12:18 -04:00
Yaroslav Halchenko
2c4e777216
BF: B-Depend on python3-setuptools and dh-python, Fixed up hardcoded path to the .build-ed package for testing
...
Will require tune ups for backports later on
2018-04-04 01:06:14 -04:00
Yaroslav Halchenko
450b890fb1
BF: remove all non-existing services from PartOf of fail2ban.service.
...
Should resolve inability to restart firewalld (its .service is
left in PartOf) upon upgrades.
2018-04-04 00:51:03 -04:00
benrubson
bd74f7ba8b
Detect Apache SNI error / misredirect attempts, typos
2018-04-04 00:20:58 +02:00
sebres
e786dbf132
New logging parameter `padding`, default enabled, excepting the SYSLOG (for backwards compatibility purposes);
...
Closes gh-2099.
2018-04-03 17:58:17 +02:00
sebres
8423f017e7
Merge branch 'sshd-ddos-mode-closed-preauth' into 0.10
2018-04-03 14:12:35 +02:00
Sergey G. Brester
4ee7af742a
Merge pull request #2090 from sebres/fix-sshd-filter-suff
...
sshd, multi-line failures, alternate groups capture, etc.
2018-04-03 14:08:46 +02:00
sebres
4ee07adde6
Merge branch '0.10' into fix-sshd-filter-suff
...
# Conflicts resolved:
# fail2ban/server/filter.py
2018-04-03 13:30:57 +02:00
sebres
50d7c649ba
Skip several test-cases of systemd backend, if journal seems to be not available (e. g. no rights to read journal);
...
Closes gh-2100
2018-04-03 12:39:37 +02:00
sebres
fd0471927d
badips: increase age for /list/cat in the test-cases (default 24h is too short, so the tests can sporadic fail)
2018-04-03 11:53:03 +02:00
sebres
4963295729
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2018-04-03 11:43:58 +02:00
benrubson
30dc22fb2e
Detect Apache SNI error / misredirect attempts
2018-03-29 11:36:49 +02:00
Sergey G. Brester
088192ea9f
Merge pull request #1960 from comradekingu/patch-1
...
https, "Fail2Ban", other language improvements
2018-03-22 11:44:50 +01:00
Sergey G. Brester
9710c8c996
minor fix with reindent
2018-03-22 11:43:15 +01:00
sebres
218905c924
performance optimization: findFailure, search regex etc, handling with buffer/tuple-lines optimized (especially multi-regex resp. multi-lines filters)
2018-03-22 10:16:40 +01:00
Sergey G. Brester
67df796f93
Merge pull request #2088 from sebres/fix-gh-2073
...
filter.d/apache-noscript.conf: extended to match "Primary script unknown", got from php-fpm module
2018-03-21 09:56:38 +01:00
sebres
79019967a7
datepattern: fix epoch/long-epoch name, if custom pattern specified
2018-03-20 23:34:18 +01:00
Sergey G. Brester
6dc9c23a25
fixed typo in pragma-comment
2018-03-20 23:14:43 +01:00
Sergey G. Brester
80725ae870
Update sshd
...
comment/minimalistic: no functional change
2018-03-20 19:02:44 +01:00
sebres
e5735b9951
ChangeLog updated
2018-03-20 18:54:25 +01:00
sebres
4f6532f810
filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode it causes failure now on closed within preauth stage;
...
at least using both modes can ban port-scanners and prevent for other annoying "intruders", closing connection within preauth-stage (see gh-2085 for example).
2018-03-20 18:54:22 +01:00
sebres
cd7f1354c6
remove end-anchors for expressions that are precise enough (with clear flow, simple branches, without catch-all's, etc.)
2018-03-20 18:47:42 +01:00
sebres
ed7d5d8ea1
ChangeLog updated
2018-03-20 16:04:42 +01:00
sebres
c31eb1c562
quick optimization: normalizes pam-generic prefregex (more similar to the same regex within sshd-filter) + datepattern anchored now;
2018-03-20 16:00:21 +01:00
sebres
4129f940bb
revert non-empty incremental multi-line failure merge (just simply overwrite method used ATM);
...
revert sshd test case (better to use last given failure-id, so ipv6 instead ipv4, e. g. because of some wrong multi-line-id recognition);
improved output on AssertionError in samples-testcase factory.
2018-03-20 15:27:59 +01:00
sebres
25cc42129a
hold all user names affected by interim attempts in order to avoid forget a failures after success login:
...
intruder (as legitimate user) firstly tries to login with another user-name (brute-force), so hopes to reset failure counter by succeeded login;
this is fixed and covered in tests now;
sshd-filter extended to cover multiple-login attempts (also fully implements gh-2070);
2018-03-20 13:09:05 +01:00
sebres
a9c94686b6
fixed multiple regexs matched
2018-03-20 09:09:42 +01:00
sebres
5603055a58
failregex: introduced capturing alternate groups, for example non-empty values of `alt_user_1`, `alt_user_2` will overwrite `user` if it is empty (or `alt_host` -> `host`, etc.)
2018-03-20 09:05:02 +01:00
sebres
8028d3940d
amend with better match of optional suffix-groups;
...
remove end-anchors for expressions are precise enough (with clear flow, simple branches, without catch-all's, etc.);
2018-03-19 17:29:26 +01:00
sebres
66d2436f21
filter.d/sshd.conf: extend suffix with optional port, move it to `prefregex` at end outside of the content
2018-03-19 16:50:49 +01:00