ad1f9dc4d0
Merge branch '0.11'
2021-09-08 20:12:48 +02:00
64217fe018
Merge branch '0.10' into 0.11
2021-09-08 20:09:48 +02:00
c0f9348db5
Merge branch 'sebres/gh-3097--fix-unh-except' into 0.10;
...
closes #3097
2021-09-08 20:08:30 +02:00
d709ec8179
GH actions: use newest python version for 3.10 (3.10.0-rc.2)
2021-09-08 20:00:41 +02:00
ba282b794c
pyinotify: amend to 1e4a14fb25d88e32f3ca9c06fb1d6b8d3b4813ab: one fix more for sporadic runtime error "dictionary changed size during iteration" (watched files)
2021-09-08 19:56:02 +02:00
e323c148e1
backend systemd: fixes error "local variable 'line' referenced before assignment", introduced in 55d7d9e214f72bbe4f39a2d17aa004d80bfc7299;
...
don't update database too often (every 10 ticks or ~ 10 seconds in production);
closes gh-3097
2021-09-08 19:44:49 +02:00
1e4a14fb25
pyinotify: fixes sporadic runtime error "dictionary changed size during iteration" (if something outside changes the pending dict during _checkPending evaluation) - simply deserialize to a list for iteration, without any lock, because unneeded here due to small and mostly empty dictionary (logrotate, etc), not to mention that pending check is normally called once per minute;
...
don't call process file inside of server thread calling of addLogPath (always retard it as pending event);
ensure to wake-up as soon as possible to process pending events (e. g. if file gets added).
2021-09-08 19:17:44 +02:00
2f99d5accb
test coverage for unhandled exception in run of several filter (gh-3097)
2021-09-08 18:22:31 +02:00
cb667edf17
Merge pull request #3087 from alexporto2200/patch-3
...
README: added dependencies to setuptools or distutils (if installing from source)
2021-08-17 16:49:40 +02:00
ade79635b2
distutils/setuptools only required if installing from source
2021-08-17 16:41:20 +02:00
39fe0bdce6
Update Readme
...
Add python3-setuptools or python-setuptools for dependencies. On some distributions this doesn't come by default, it would be nice to let users know about this in the documentation.
2021-08-17 10:39:04 -03:00
10cd815525
merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm)
2021-07-07 12:06:06 +02:00
c03fe6682c
merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm)
2021-07-07 12:04:46 +02:00
e3f2fcfab4
merge point (GHSA-m985-3f3v-cwmm 0.9/0.10)
2021-07-07 11:50:49 +02:00
2ed414ed09
fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence
...
closes GHSA-m985-3f3v-cwmm for 0.9
2021-07-07 11:46:28 +02:00
410a6ce5c8
fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence
2021-06-21 17:12:53 +02:00
579c6a94af
filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040)
2021-06-10 15:23:24 +02:00
43f2923fbd
filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user";
...
both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters
2021-06-10 15:06:54 +02:00
bbfff18280
action.d/ufw.conf: amend to #3018 : parameter `kill-mode` extended with conntrack
2021-06-03 12:02:08 +02:00
c7a86b4616
action.d/firewallcmd-ipset.conf: amend to #2620 :
...
- combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`);
- IPv6-capability for firewalld ipset;
- no internal timeout handling by default;
- no permanent rules yet
2021-05-29 22:59:55 +02:00
2a508da5a0
Merge pull request #2620 from mspolitaev/master
...
Using native firewalld ipset implementation
2021-05-29 21:30:55 +02:00
38535b0cca
Merge branch '0.11' into master
2021-05-29 21:25:24 +02:00
d2f5c7de09
Merge branch '0.10' into 0.11
2021-05-29 21:24:11 +02:00
92f90038fa
filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553
2021-05-29 21:12:34 +02:00
8b984a0135
filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553)
2021-05-29 20:47:56 +02:00
6be1a5a0b1
filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)
2021-05-29 20:25:28 +02:00
8afea37494
filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757)
2021-05-29 20:09:57 +02:00
c5f1598a21
filter.d/postfix.conf: extended to cover new vectors:
...
- reject: BDAT/DATA from (gh-2927)
- (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else)
- matches "Command rejected" and "Data command rejected" now
2021-05-29 19:48:24 +02:00
ae3e9b9149
filter.d/postfix.conf: extended to cover 2 new vectors:
...
- RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995
- 550 5.7.25 Client host rejected, gh-2996
review combining several regex to single one
2021-05-29 19:21:27 +02:00
87f717e0e0
filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012)
2021-05-29 18:45:59 +02:00
3d52fe3e4e
Merge pull request #2679 from mikaku/updated-to-latest-jail.conf
...
Add new jail (and filter) Monitorix
2021-05-27 12:17:16 +02:00
0a05dbdbfc
Merge branch '0.11' into master
2021-05-25 23:19:25 +02:00
3312b8cb95
Merge branch '0.10' into 0.11
2021-05-25 23:18:33 +02:00
1627d4f573
filter.d/sendmail-auth.conf: user not found, closes gh-3030
2021-05-25 23:16:29 +02:00
f07e0f7ade
Merge pull request #2984 from j-marz/zoneminder_filter_update
...
Zoneminder filter update
2021-05-21 13:03:33 +02:00
ec4e0dd65b
padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name)
2021-05-21 13:00:24 +02:00
2367ad115c
fixed typo in comment
2021-05-20 09:15:45 +10:00
5e3de882af
docs: Typo. ( #3025 )
2021-05-12 13:18:46 +02:00
3f9cf27853
filter.d/apache-fakegooglebot.conf: better, more precise regex and datepattern (closes possible weakness like #3013 )
2021-05-11 13:47:48 +02:00
4f8427178a
Missing comment "#" ( #3022 )
...
Missed this ... but the logs showed it.
2021-05-07 18:23:40 +02:00
6ac2156907
Merge branch '0.11' into master
2021-05-07 01:48:36 +02:00
3e1aa03037
Merge branch '0.10' into 0.11
2021-05-07 01:46:46 +02:00
ef5c826c74
fixes search for the best datepattern (gh-3020) - e. g. if line is too short, boundaries check for previously known unprecise pattern may fail on incomplete lines (logging break-off, no flush, etc)
2021-05-07 01:18:54 +02:00
2918849f9e
fixes precise year pattern %ExY - accept years 20xx up to current century (using almost the same pattern in tests and production now)
2021-05-07 01:10:26 +02:00
88f779ed24
ufw.conf, amend to #3018 - add missing option for comment ( #3019 )
2021-05-06 23:23:39 +02:00
5a8f1bceb8
Merge pull request #3018 from usernamepi/master
...
Update ufw.conf: several fixes and enhancements
2021-05-06 22:20:39 +02:00
2958ad8636
Update ChangeLog
2021-05-06 22:19:38 +02:00
8f6a8df3a4
added new options `kill-mode` and `kill`, which makes the drop of all connections optional
2021-05-06 21:47:06 +02:00
5debaa4cac
option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat)
2021-05-06 20:23:58 +02:00
e4e7a83cff
Update ufw.conf
...
Prerequisites:
* The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY.
* Ufw version is => 0.36 (released in 2018)
* Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses.
* Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532
* Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open.
Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option.
My system apparently is compiled that way.
2021-05-06 13:44:36 +02:00
sebres