Commit Graph

5440 Commits (a98e6cdd4df9d37f3232f3b4836df2dabfa6c51a)

Author SHA1 Message Date
sebres 6ccaa03e00 action.d/firewallcmd-ipset.conf: extended with actionflush to bulk unban resp. flush ipset 2017-12-06 01:10:56 +01:00
sebres aa9cefc3f8 proper stop server in the test cases (quit should stop all server-side threads, also if server was not really started);
fix-up for run_with_except_hook: avoid very sporadic error "'NoneType' object has no attribute 'exc_info'" (https://bugs.python.org/issue7336),
only extremely fast systems are affected ATM (2.x / 3.x), if thread ends nothing is available in .
2017-12-06 01:09:04 +01:00
sebres 2712f72650 Merge remote-tracking branch 'master' into 0.10 2017-12-06 00:09:52 +01:00
Serg G. Brester ad658a0a95
Merge pull request #1989 from sebres/logging-options
New server logging options
2017-12-06 00:07:51 +01:00
Serg G. Brester f96761927d
Merge pull request #1969 from RaidForums/patch-1
Update nginx-limit-req filter.
2017-12-05 23:51:18 +01:00
sebres cc9ff31c9c Update ChangeLog: `action.d/firewallcmd-ipset.conf`: fixed create of set for ipv6 (missing `family inet6`, gh-1990) 2017-12-05 23:35:34 +01:00
sebres e384acca5f action.d/firewallcmd-ipset.conf: fixed create of set for ipv6 (missing `family inet6`) 2017-12-05 23:34:03 +01:00
Kevin Maradona 6c705d572b filter.d/nginx-limit-req.conf: nginx limit-req log-level can be set to warn or error therefore having this regex will include both of them. 2017-12-05 22:31:54 +01:00
sebres 55143ce1d9 coverage increase 2017-12-05 19:32:13 +01:00
sebres f9833ddee4 Update ChangeLog 2017-12-05 18:55:47 +01:00
sebres 1bf6636446 Introduced new parameters for logging within fail2ban-server;
Usage `logtarget = target[facility=..., datetime=on|off, format="..."]`:
  - `facility` - specify syslog facility (default `daemon`, see https://docs.python.org/2/library/logging.handlers.html#sysloghandler
     for the list of facilities);
  - `datetime` - add date-time to the message (default on, ignored if `format` specified);
  - `format` - specify own format how it will be logged, for example for short-log into STDOUT:
      `fail2ban-server -f --logtarget 'stdout[format="%(relativeCreated)5d | %(message)s"]' start`;
Closes gh-1980
2017-12-05 18:54:21 +01:00
sebres de97dedba0 move extractOptions from JailReader to helpers (common usage server- / client-side); 2017-12-05 17:49:22 +01:00
Serg G. Brester ff987b60cd
Merge pull request #1988 from sebres/exim-aggressive
Exim aggressive
2017-12-05 17:30:10 +01:00
Serg G. Brester b0ba1aa846
Update ChangeLog 2017-12-05 16:24:04 +01:00
sebres ffd6b9f6de jail.conf: extended with new parameter `mode` for the filters supporting it; 2017-12-05 16:09:18 +01:00
sebres 2b68882502 filter.d/exim.conf: provides mode "aggressive" to ban flood resp. DDOS-similar failures;
Closes #1983
2017-12-05 16:07:53 +01:00
sebres 7f89fbc33f Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-12-01 15:53:11 +01:00
Serg G. Brester f834e7826d
Merge pull request #1979 from peternowee/fix-exim-lowercase-auth
Exim failregex: Include lower/mixed case AUTH
2017-12-01 15:22:09 +01:00
Peter Nowee e4bbaf3d58
Update ChangeLog 2017-12-01 15:01:48 +01:00
Serg G. Brester f1c89f6631
Merge pull request #1981 from sebres/datedetector-dual-space
datedetector: extended default date-patterns (allows extra space between the date and time stamps)
2017-12-01 10:48:00 +01:00
sebres 5547697401 ChangeLog and typo 2017-12-01 10:16:14 +01:00
sebres 2e437937c3 datedetector: extended default date-patterns (allows extra space between the date and time stamps);
* introduces 2 new format directives (with corresponding `%Ex` prefix for more precise parsing):
  - %k - one- or two-digit number giving the hour of the day (0-23) on a 24-hour clock,
   (corresponds %H, but allows space if not zero-padded).
  - %l - one- or two-digit number giving the hour of the day (12-11) on a 12-hour clock,
   (corresponds %I, but allows space if not zero-padded).
* mysqld-auth test extended to cover new date-format in log.
Closes gh-1639
2017-11-30 17:06:37 +01:00
Serg G. Brester cbd63d9cd5
added test to cover quoted injecting on AUTH command 2017-11-30 12:45:11 +01:00
Serg G. Brester 4f63180611
Avoid injection using quotes after `auth` command;
Added non-greedy fallback for quoted something (with lookahead simulated possessive greedy catch of non-quoted parts `[^"]*(?=")`).
Note that because host-info's are hereafter (with foreign input in-between), we would not use greedy or non-greedy catch-alls (`.*` or `.*?`) here (preventing performance losses).
2017-11-30 12:32:24 +01:00
Serg G. Brester f59df2e156
Avoid any injecting on protocol (e. g. tries using camel-case)
The phrase "AUTH command used when not advertised" is precise enough as anchor here, so prevent by any foreign-input (any auth protocol error).
2017-11-29 20:55:48 +01:00
Peter Nowee aa158ac05f
Exim failregex: Include lower/mixed case AUTH
When reporting the error `AUTH command used when not advertised`, Exim
starts with `SMTP protocol error in "........."`. Here, Exim logs the
SMTP command as it was provided by the connecting client.
https://github.com/Exim/exim/blob/exim-4_89+fixes/src/src/smtp_in.c#L2850

According to RFC 5321 (SMTP) "[..] a command verb [..] MAY be encoded
in upper case, lower case, or any mixture of upper and lower case with
no impact on its meaning."
https://tools.ietf.org/html/rfc5321#section-2.4

Lower case `auth login` brute-force attempts were seen in the wild and
were not caught by the current failregex.

This commit makes the failregex case-insensitive for the `AUTH`
command, so that lower case (`auth`) or mixed case (`aUtH`) now also
match. The failregex was already case-insensitive for the command
arguments (e.g. `AUTH login` already matched).
2017-11-29 15:14:43 +01:00
SlowRiot 660d57e6ba updating my email address 2017-11-29 10:43:15 +01:00
sebres fbf89e8cdd typo in indent (spaces to tabs) 2017-11-28 16:32:16 +01:00
Serg G. Brester f917b4346b
Merge pull request #1974 from sebres/nginx-block-map
session-related blacklisting via nginx
2017-11-28 16:27:21 +01:00
sebres 55c2a9968a remove lacking [Init] section check ([Init] section not necessary anymore for actions also);
fix sporadic error by shutdown server in with_foreground_server_thread decorator (if shutdown too fast, but end-phase still does not reached the tester-thread);
2017-11-28 16:14:17 +01:00
sebres b62ab2d51e ChangeLog updated 2017-11-28 13:46:57 +01:00
sebres 76f2865883 implemented new action "action.d/nginx-block-map.conf", used in order to ban not IP-related tickets via nginx (session blacklisting in nginx-location with map-file); 2017-11-28 13:42:41 +01:00
Serg G. Brester 4fa0f48fa1
Merge pull request #1970 from sebres/fix-gh-1876
Fix logging to systemd-journal (gh-1876)
2017-11-27 10:04:38 +01:00
sebres 6db9ae8574 ChangeLog updated 2017-11-26 23:35:11 +01:00
sebres af0f7e93ce better handling by start/stop of server in foreground mode;
don't call logging.shutdown because part of exit in fail2bancmdline.
2017-11-26 23:06:35 +01:00
sebres f31195a4fc added new logtarget "SYSOUT" to log from fail2ban working in foreground as systemd-service (in opposite to "STDOUT" don't log time-stamps). 2017-11-26 23:03:29 +01:00
sebres 100b531aff travis: add build for python 3.7-dev and switch to newest pypy3.3 in travis 2017-11-24 13:33:20 +01:00
sebres 7bf5980def no root option if testing within virtualenv (fixed now). 2017-11-24 13:20:19 +01:00
sebres fa007bfa7c remove build folder, if created through setup-process in test 2017-11-24 12:57:55 +01:00
sebres eac80966c5 Fix scripts-root within `fail2ban.service` (relative install root-base directory).
This is amend for e3b061e94b.
Closes gh-1964
2017-11-24 12:54:45 +01:00
sebres 6db8db04f8 Merge branch 'master' into 0.10: fixed test-cases covering dns2ip (IP of www.epfl.ch changed) 2017-11-23 22:46:17 +01:00
sebres 5708b8b90e fixed test-cases covering dns2ip (IP of www.epfl.ch changed) 2017-11-23 22:42:51 +01:00
sebres 159957ab88 filter.d/sshd.conf: extended failregex for modes "extra"/"aggressive": now finds all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors;
obsolete (multi-line buffered) variant extended also.

Closes gh-1943, gh-1944
2017-11-23 22:21:42 +01:00
Allan Nordhøy 855f5d0ced
to be found 2017-11-11 14:03:15 +01:00
Allan Nordhøy fe9e85c71d
"Fail2Ban", other language improvements 2017-11-10 23:56:10 +01:00
sebres 7e756da2b9 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-11-06 18:56:31 +01:00
Serg G. Brester 4cd3b2d4c9
Merge pull request #1955 from sebres/fix-initial-config
config/paths-*.conf: initial values and normalization
2017-11-06 18:30:13 +01:00
Serg G. Brester ee80c52430 Update ChangeLog 2017-11-03 14:15:54 +01:00
sebres eba68a8f37 config/paths-common.conf: Added initial values for `syslog_authpriv`, `syslog_mail` in order to avoid errors while parsing/interpolating configuration;
Note the systemd-backend does not need the logpath at all;
Some defaults normalized (minimized configs, don't need to overwrite values in distribution-related path if equal).
2017-11-03 14:15:07 +01:00
Serg G. Brester c06f3c3fb8
Merge pull request #1812 from jpotter/patch-1
Replace port imap3 with imap
2017-11-03 14:05:57 +01:00