sebres
6a2c95da95
`action.d/sendmail-geoip-lines.conf` fixed using new tag `<ip-host>` (dns-cache and without external command execution);
...
changelog updated;
2017-03-08 16:51:08 +01:00
sebres
d2a3d093c6
rewritten CallingMap: performance optimized, immutable, self-referencing, template possibility (used in new ActionInfo objects);
...
new ActionInfo handling: saves content between actions, without interim copying (save original on demand, recoverable via reset);
test cases extended
2017-02-24 11:54:24 +01:00
Serg G. Brester
2fa18a74c4
Merge branch 'master' into master
2017-02-17 09:06:09 +01:00
sebres
4bf09bf297
provides new tag `<ip-rev>` for PTR reversed representation of IP address;
...
[action.d/complain.conf] fixed using this new tag;
2017-02-16 13:38:20 +01:00
Christoph Theis
861ce4177c
#1689 : Make lowest rule number in action.d/bsd-ipfw.conf configurable
2017-02-14 18:31:42 +01:00
Jan Grewe
58c68b75f0
Remove double-quotes from email addresses
2017-02-08 14:16:13 +01:00
Jan Grewe
1bcf0de7c1
Update complain.conf
2017-02-07 21:39:46 +01:00
Jan Grewe
901eeff53d
Make Abusix lookup compatible with Dash
2017-02-06 22:04:36 +01:00
sebres
e8a1556562
Merge remote-tracking branch 'master' into 0.10
...
# Conflicts:
# fail2ban/tests/samplestestcase.py
2017-01-21 16:59:41 +01:00
Juliano Jeziorny
1fe554dd25
Introduced Citrix Netscaler action
2017-01-19 14:30:25 +01:00
sebres
74a6afadd5
Mail-actions switched to use new option "norestored" instead of checking of variable `restored` during shell execution (prevents executing of such actions at all).
2017-01-16 09:40:48 +01:00
sebres
ee3c787cc6
Recognize restored (from database) tickets after restart (tell action restored state of the ticket);
...
Prevent executing of several actions (e.g. mail, send-mail etc) on restart (bans were already notified).
Test cases extended (smtp and by restart in ServerReloadTest).
Closes gh-1141
Closes gh-921
2017-01-13 19:06:17 +01:00
sebres
c9f32f75e6
Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10)
2017-01-10 11:25:41 +01:00
Andrew James Collett
1c41390f7c
Restructured the way the catagories work.
...
Jail.conf is cleaner and abuseipdb.conf is more flexible.
2017-01-08 09:26:11 +02:00
Andrew James Collett
55e107310f
Added config for AbuseIPDB, ony tested on Ubuntu 16.04
2017-01-07 14:24:54 +02:00
Viktor Szépe
81c1810f10
Introduce Cloudflare API v4
...
In the cloudflare action everyone is suggested to use API v4.
And I don't dare to contribute any actual change.
2016-12-31 21:30:57 +01:00
roedie
3adc16d266
Shorewall IPv6 suggested changes.
...
Change files as suggested by sebres.
2016-12-12 20:53:58 +01:00
Yaroslav Halchenko
31a1560eaa
minor typos (thanks Vincent Lefevre, Debian #847785 )
2016-12-11 15:13:11 -05:00
roedie
6e18508a07
Add shorewall IPv6 support
...
Small patch which allow fail2ban to use shorewall for IPv6 bans.
2016-12-11 20:44:54 +01:00
sebres
a2af19c9f0
fixed several actions, that could not work with jails using multiple logpath; additionally repaired execution in default shell (bad substitution by `${x//...}` executing in `/bin/sh`);
...
added helper "action.d/helpers-common.conf", and `_grep_logs` part-command for actions needed grep logs from multiple log-files
test cases: executing of some complex actions covered
2016-11-25 19:27:26 +01:00
sebres
c809c3e61e
Merge branch 'master' into 0.10
2016-10-13 19:01:13 +02:00
Nils
d08db22b92
Create npf.conf for the NPF packet filter
...
This file adds support for the NPF packet filter, available on NetBSD since version 6.0
2016-10-13 18:50:54 +02:00
sebres
8b0f6c5413
badips test cases check availability of badips service (and skip this tests if it not available)
2016-09-30 12:03:27 +02:00
sebres
d71a525a85
Merge branch 'master' into 0.10 (resolve conflicts and cleaning tree points after back-porting gh-1508 0.10 -> 0.9)
2016-08-12 18:51:56 +02:00
Yaroslav Halchenko
c0994b0c6c
DOC: minor typo (thanks John Bernard) Closes #1496
2016-08-04 10:23:05 -04:00
Serg G. Brester
af8b650a37
badip timeout option introduced, set to 30 seconds in our test cases ( #1463 )
...
cherry-picked from 0.10 (little bit modified in test_badips.py, because no --fast option in test cases)
2016-06-13 12:56:53 +02:00
sebres
e39126f630
badip timeout option introduced, set to 30 seconds in our test cases
2016-06-10 13:15:46 +02:00
sebres
0fdc56546f
Fixed misunderstanding of port in (ban)action: port will be always specified in jail config ([DEFAULT] or jail)
2016-05-19 17:45:41 +02:00
Yaroslav Halchenko
1ebc3facb1
BF: maintain previous default beh for pf -- ban a port (ssh) only
2016-05-19 17:14:33 +02:00
sebres
4d51c591c1
pf.conf: warranted consistently echoing for the pf actiontype if actiontype or multiport tags will be customized;
2016-05-19 14:50:41 +02:00
Alexander Koeppe
b5e031f3c3
some documentation for multiport use in pf.conf
2016-05-17 21:32:21 +02:00
sebres
1e7fd26f5f
rename `actionoptions` to `actiontype` in pf-action (multiport) + fixed test cases
2016-05-17 20:51:12 +02:00
Alexander Koeppe
e74047ae49
revert to common config for PF covering multi and allports
2016-05-17 18:19:40 +02:00
Alexander Koeppe
3e1328c83b
split PF config files between all- and multi port
2016-05-17 18:19:27 +02:00
sebres
0c44ecfc77
action.d/firewallcmd-ipset.conf: different name of the match set's for IPv4/IPv6, using conditional <ipmset>, analog to the iptables-ipset;
...
test cases for 3 firewallcmd extended;
2016-05-14 15:01:35 +02:00
TorontoMedia
ffebde68e0
Update firewallcmd-multiport.conf
2016-05-13 22:38:36 -04:00
TorontoMedia
07de83e04a
Update firewallcmd-common.conf
2016-05-13 22:38:10 -04:00
TorontoMedia
810d5996b5
Update firewallcmd-rich-logging.conf
2016-05-13 22:10:25 -04:00
TorontoMedia
7e54cee8d6
updated firewallcmd actions
2016-05-13 21:36:27 -04:00
sebres
504e5ba6f2
actions support IPv6 now:
...
- introduced "conditional" sections, see for example `[Init?family=inet6]`;
- iptables-common and other iptables config(s) made IPv6 capable;
- several small code optimizations;
* all test cases passed (py3.x compatible);
2016-05-11 16:54:28 +02:00
sebres
75028585c0
test cases extended for verifying ipv4/ipv6, normalized pf-action with test case
2016-05-11 16:54:25 +02:00
Alexander Koeppe
ed2f3ef77d
improve PF action and make IPv6 aware
2016-05-11 16:54:22 +02:00
TorontoMedia
3d239215cd
Two new firewalld actions with rich rules for firewalld-0.3.1+ (gh-1367)
...
closes #1367
2016-03-25 17:28:30 +01:00
Serg G. Brester
fe14c8fa05
Merge pull request #1292 from albel727/master
...
Add nftables actions
2016-01-24 23:55:50 +01:00
Alexander Belykh
985e8938a4
Refactor nftables actionstop into smaller parts
2016-01-06 17:39:54 +06:00
Alexander Belykh
9779eeb986
Add nftables_type/family/table parameters
2016-01-06 17:33:14 +06:00
Alexander Belykh
260c30535d
Escape curly braces in nftables actions
2016-01-06 17:13:30 +06:00
Alexander Belykh
1983e15580
Add empty line between parameters in nftables-common.conf
2016-01-06 16:55:29 +06:00
Alexander Belykh
f7f91a8bd4
Refactor common code out of nftables-multiport/allports.conf
2016-01-05 19:03:47 +06:00
sebres
69f5623f83
code simplifying (remove duplication): agent will be always supplied as parameter from jail.conf
2016-01-04 09:30:32 +01:00
Alexander Belykh
618e97bce8
Add nftables actions
2016-01-04 01:36:28 +06:00
sebres
ac31121432
amend to fix fail2ban-version: correct user-agent for badips.py "Fail2Ban/ver", changeable within jail/config now;
2015-12-31 02:32:17 +01:00
sebres
cf334421bd
Provides fail2ban version to jail (as interpolation variable during parse of jail.conf);
...
BF: use `fail2ban_agent` as user-agent in actions badips, blocklist_de, etc. (closes #1271 , closes #1272 )
2015-12-31 01:38:25 +01:00
agentmoller001
617302fcc2
Updated route.conf to clear warnings
...
Does not throw warnings when starting/restarting by adding three lines of code.
2015-10-09 18:16:36 -07:00
Viktor Szépe
0d8968daa9
Added CloudFlare API error codes URL
2015-09-30 16:07:45 +02:00
M. Maraun
2895d981fa
Set Timeout at urlopen to 3 seconds
2015-09-26 21:26:55 +02:00
Yaroslav Halchenko
c37009aec7
Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban
...
* 'grep-m1k' of github.com:szepeviktor/fail2ban:
Limit the number of log lines in *-lines.conf actions
Conflicts:
ChangeLog -- took both versions and adjusted the new one
for -n 1000 change
2015-07-27 22:37:46 -04:00
Yaroslav Halchenko
38c320798d
Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122
...
WIP ENH Add <lockingopt> (Close : #1122 ) and <iptables> to define the iptables call
2015-07-27 22:30:54 -04:00
Yaroslav Halchenko
0041bc3770
DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description
2015-07-26 23:10:08 -04:00
Yaroslav Halchenko
de2f9504c0
Merge pull request #978 from ediazrod/patch-2
...
shorewall-ipset-proto6.conf for shorewall
2015-07-26 23:00:58 -04:00
Yaroslav Halchenko
65cd218e10
Merge remote-tracking branch 'origin/master'
...
* origin/master:
ipjailmatches is on one line with its description in man jail.conf
Added a space between IP address and the following colon
2015-07-26 22:47:43 -04:00
Viktor Szépe
c8b3ee10a0
Limit the number of log lines in *-lines.conf actions
2015-07-27 02:35:21 +02:00
Thomas Mayer
a19cb1b2b9
Merge 923d807ef8
into cf2feea987
2015-07-25 01:23:39 +00:00
Yaroslav Halchenko
3c0d7f5a4c
BF: do not wrap iptables into itself. Thanks Lee
2015-07-24 11:59:53 -04:00
Viktor Szépe
ebdfbae559
Added a space between IP address and the following colon
2015-07-24 09:33:47 +02:00
Yaroslav Halchenko
749d3c160c
BF: symbiosis-blacklist-allports now also requires iptables-common.conf
2015-07-23 21:53:37 -04:00
Yaroslav Halchenko
916937bb6a
RF: use <iptables> to take effect of it being a parameter
2015-07-23 21:38:10 -04:00
Yaroslav Halchenko
31dc4e2263
ENH: added lockingopt option for iptables actions, made iptables cmd itself a parameter
2015-07-23 21:34:20 -04:00
Viktor Szépe
5b7e1de2f4
Instead of allow-iptables-multiport actions swap blocktype and (new) returntype
2015-07-11 18:20:09 +02:00
Viktor Szépe
5d60700c0c
Added pass2allow (knocking with fail2ban)
2015-07-10 16:22:43 +02:00
Yaroslav Halchenko
8c4c17a880
Merge pull request #1004 from tsabi/fix-lc_time
...
Fix of LC_TIME usage, it should be LC_ALL
2015-07-05 21:36:37 -04:00
Lee Clemens
fdc3172aec
Fix PEP8 E302 expected 2 blank lines, found X
2015-07-04 13:47:40 -04:00
Viktor Szépe
b65a8b065d
Other actions do not dive into this gory descriptions, but we do.
2015-07-03 19:17:50 +02:00
Viktor Szépe
2063ce4b23
All the arguments must be listed in [Init]
2015-07-01 14:48:44 +02:00
Viktor Szépe
79457112e9
Updated CF action
2015-07-01 09:38:36 +02:00
Aaron Brice
7ae0ef2408
Fix actions in ufw.conf
...
On Ubuntu 15.04 the ufw action was not working.
- With empty <application>, receiving errors:
2015-04-24 16:28:35,204 fail2ban.filter [8527]: INFO [sshd] Found 43.255.190.157
2015-04-24 16:28:35,695 fail2ban.actions [8527]: NOTICE [sshd] Ban 43.255.190.157
2015-04-24 16:28:35,802 fail2ban.action [8527]: ERROR [ -n "" ] && app="app " -- stdout: b''
2015-04-24 16:28:35,803 fail2ban.action [8527]: ERROR [ -n "" ] && app="app " -- stderr: b''
2015-04-24 16:28:35,803 fail2ban.action [8527]: ERROR [ -n "" ] && app="app " -- returned 1
- With action = ufw[application=OpenSSH], it was silently not doing
anything (no errors after "Ban x.x.x.x", but no IP addresses in ufw
status).
Re-arranged the bash commands on two lines, and it works with or without
<application>.
2015-04-28 11:39:00 -07:00
Thomas Mayer
923d807ef8
use human-readable variable names (issue #1003 )
2015-03-29 18:18:30 +02:00
Thomas Mayer
675c3a7c95
use printf instead of echo for POSIX compatibility (issue #1003 )
2015-03-29 18:08:47 +02:00
Thomas Mayer
ac1e41ea70
Revert "remove '-ne' option as it's not interpreted any way (issue #1003 )"
...
This reverts commit 4a598070c8
.
2015-03-29 17:54:25 +02:00
Thomas Mayer
4a598070c8
remove '-ne' option as it's not interpreted any way (issue #1003 )
2015-03-28 06:58:01 +01:00
Thomas Mayer
80f11a4d28
Add empty Init Section to pass tests (issue #1003 )
2015-03-27 18:36:09 +01:00
Thomas Mayer
c9b24839e4
Character detection heuristics for whois output via optional setting in mail-whois*.conf ( Closes #1003 )
...
when set by user,
- detects character set of whois output (which is undefined by RFC 3912) via heuristics of the file command
- converts whois data to UTF-8 character set with iconv
- sends the whois output in UTF-8 character set to mail program
- avoids that heirloom mailx creates binary attachment for input with unknown character set
2015-03-27 14:27:41 +01:00
Csaba Tóth
0720c831b7
Fix of LC_TIME usage, it should be LC_ALL
2015-03-26 03:02:02 +01:00
ediazrod
5fdd1d1ded
Update shorewall-ipset-proto6.conf
2015-03-23 00:56:37 +01:00
ediazrod
e26a1ad6b6
Update shorewall-ipset-proto6.conf
2015-03-23 00:55:06 +01:00
Yaroslav Halchenko
56aacf872c
Merge pull request #952 from ache/master
...
Update bsd-ipfw.conf
2015-03-21 21:46:54 -04:00
ediazrod
d0887f3234
This is a especific configuration for shorewall ipset proto6
...
Use ipset proto6 in shorewall. You must follow the rules to enable ipset in you blacklist
if you have a lot of spam (my case) is better use ipset rather than shorewall command line (is my firewall)
stop fail2ban with shorewall on one list of 1000 Ips takes 5 min with ipset in shorewall 10 sec.
2015-02-26 18:48:31 +01:00
Yaroslav Halchenko
e788e3823e
Merge pull request #965 from TorontoMedia/master
...
Split output of firewallcmd list into separate lines for grepping (Close #908 )
2015-02-14 16:06:10 -05:00
TorontoMedia
b4f1f613bb
Update firewallcmd-allports.conf
2015-02-14 12:32:36 -05:00
TorontoMedia
0fac7e40b6
Update firewallcmd-multiport.conf
2015-02-14 12:31:33 -05:00
Yaroslav Halchenko
07b0ab07ad
Merge branch 'master' of https://github.com/rumple010/fail2ban
...
* 'master' of https://github.com/rumple010/fail2ban :
Changed default TTL value to 60 seconds.
Added a reminder to create an nsupdate.local file to set required options.
Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf.
add nsupdate action
Conflicts:
ChangeLog
2015-02-14 09:32:05 -05:00
Yaroslav Halchenko
d5e68abf95
ENH: check badips.com response on presence of "categories" in it
...
As https://travis-ci.org/fail2ban/fail2ban/jobs/50609529 query might fail in
that response would not contain "categories". With this change we will handle
it explicitly and will spit out ValueError, providing information about
the response so it could be troubleshooted
2015-02-13 08:55:35 -05:00
Ache
ae1451b29f
Update bsd-ipfw.conf
...
Deleting not existent is not error.
Adding already present is not error.
Otherwise all those entries becomes stale forever, not removed and its number increases over time.
2015-02-08 15:55:32 +03:00
Luke Hollins
549ab24e70
Fixed grammatical error in emails sent
2015-02-06 11:47:03 -05:00
Yaroslav Halchenko
119a7bbb16
Merge pull request #939 from szepeviktor/geoip
...
Added sendmail-geoip-lines.conf
2015-02-06 11:32:41 -05:00
Viktor Szépe
4c88a00c28
Line notes implemented
2015-02-06 17:22:30 +01:00
Viktor Szépe
1619ab3145
Added sendmail-geoip-lines.conf
2015-02-01 00:06:56 +01:00
Andrew St. Jean
6bdfe756cf
Changed default TTL value to 60 seconds.
2015-01-28 22:46:43 -05:00
Andrew St. Jean
43732acae1
Added a reminder to create an nsupdate.local file to set required options.
2015-01-26 21:48:16 -05:00
Yaroslav Halchenko
085d0f72ed
ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)
2015-01-26 09:19:44 -05:00
rumple010
eb76dcd5a0
add nsupdate action
...
Adds a new action file that uses nsupdate to dynamically update a BIND
zone file with a TXT resource record representing a banned IP address.
Resource record is deleted from the zone when the ban expires.
2015-01-25 23:15:07 -05:00
Yaroslav Halchenko
083031524d
BF: adding missing Definition section header to firewallcmd-allports
2015-01-08 21:14:50 -05:00
TorontoMedia
d7b7f4bc91
Update firewallcmd-allports.conf
2015-01-08 21:06:43 -05:00
TorontoMedia
7eed55266b
Created firewallcmd-multiport
2015-01-01 12:46:48 -05:00
TorontoMedia
9f91cb2fd8
Created firewallcmd-allports
2015-01-01 12:44:34 -05:00
TorontoMedia
50e5fd9ed7
Create firewallcmd-multiport.conf
2015-01-01 05:32:41 -05:00
TorontoMedia
591e444753
Create firewallcmd-allports.conf
2015-01-01 05:32:06 -05:00
Yaroslav Halchenko
967485c2d0
improving grepping
2014-10-29 23:14:47 -04:00
Yaroslav Halchenko
efbf5064a1
Merge pull request #807 from xslidian/patch-1
...
grep IP at the start of lines
2014-10-29 23:07:10 -04:00
Orion Poplawski
01b2673e34
Use multiport for firewallcmd-new
2014-10-29 16:27:37 -06:00
Dean Lee
ba44ff312b
grep IP at the start of lines
...
I'm not sure if this regex works best, so I'm patching this single file as a sample.
Don't forget to update `mail-whois-lines.conf` after this patch got merged.
For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
2014-09-09 14:55:34 +08:00
Yaroslav Halchenko
0d9cfb84e3
Merge pull request #778 from yarikoptic/enh/symbiosis
...
ENH: symbiosis-blacklist-allports action
2014-08-20 23:00:11 -04:00
Yaroslav Halchenko
93243e7d57
ENH: Ignore errors while unbaning in symbiosis firewall
...
Fail2Ban at times "interfers" with the firewall reflashing thus leading
to the sporadic errors. IMHO should be safe to ignore
2014-08-12 11:57:07 -04:00
Yaroslav Halchenko
818dd59d65
ENH: symbiosis-blacklist-allports action
2014-08-08 11:57:30 -04:00
Markus Amalthea Magnuson
7b76322898
Fix typos.
2014-08-02 12:21:59 +02:00
leftyfb
6dbd449f77
Changed to Cloudflare JSON API
2014-07-28 11:10:50 -04:00
leftyfb
cba570cabd
Updated comments
2014-07-17 23:49:35 -04:00
leftyfb
5471e99ebe
Added cloudflare action
2014-07-17 22:54:30 -04:00
Yaroslav Halchenko
0adb10f653
Merge branch 'ainfo-copy' of https://github.com/kwirk/fail2ban
...
* 'ainfo-copy' of https://github.com/kwirk/fail2ban :
TST: actions modifying aInfo test more robust
TST: Test for actions modifying (un)ban aInfo
BF: aInfo could be modified by actions, causing unexpected behaviour
2014-06-22 10:53:30 -04:00
SATO Kentaro
65ff3e9604
ENH: Introduce iptables-common.conf.
2014-06-18 19:04:57 +09:00
Steven Hiscocks
8268c1641f
BF: aInfo could be modified by actions, causing unexpected behaviour
...
A separate copy of aInfo is passed to each action
2014-06-17 23:24:23 +01:00
SATO Kentaro
1e1c4ac62a
ENH: Add <chain> to iptables-ipsets.
2014-06-16 21:30:13 +09:00
Steven Hiscocks
db023be09b
BF: Fix bad syntax in badips.py action
...
Taken from https://bugzilla.redhat.com/attachment.cgi?id=895966&action=diff
2014-06-07 20:51:53 +01:00
Yaroslav Halchenko
596b819bdc
DOC: minor -- tabify docstring in badips.py action
2014-04-23 10:04:17 -04:00
Steven Hiscocks
9fcb92524e
BF: badips.py action logging of exc_info on debug typo
2014-04-12 11:21:52 +01:00
yungchin
3a155ed2e0
Update comments in shorewall.conf for new settings
2014-04-01 16:52:21 +01:00
Ruben Kerkhof
1c36da9df9
Fix 2 more typos that codespell didn't catch
2014-03-25 10:57:20 +00:00
Ruben Kerkhof
1695d5c076
Fix a few typos
...
Found with https://github.com/lucasdemarchi/codespell
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
2014-03-24 13:16:52 +00:00
Steven Hiscocks
41cbbbc248
BF: Remove unused imports and variables.
...
All highlighted by using pyflakes.
2014-03-16 14:31:34 +00:00
Steven Hiscocks
16125ec81a
BF: badips.py action methods not static due to use of self._logSys
2014-03-16 14:18:19 +00:00
Steven Hiscocks
9e374b159e
ENH: Allow setting of badips.py key for reporting and blacklisting
2014-03-13 22:45:10 +00:00
Steven Hiscocks
de43d1d6d5
ENH: Change badips.py default score to "3"
...
As per recommendation from Amy from badips.com
2014-03-13 22:05:50 +00:00
Steven Hiscocks
0222ff4677
Merge branch 'badips-blacklist' into 0.9
...
Conflicts:
ChangeLog
- entires added in both branches.
Change:
config/action.d/badips.py
- jail.getName() changed to jail.name
2014-03-13 20:01:15 +00:00
Steven Hiscocks
0c63d0061a
DOC: Add documentation for badips.py action
2014-03-13 19:58:32 +00:00
Steven Hiscocks
dfb46cfda6
BF: Require Python 2.7+ for badips.py action
2014-03-12 21:54:15 +00:00
Daniel Black
cc8ec826c5
MRG: from master 2014-03-02
2014-03-02 14:33:45 +11:00
Steven Hiscocks
df8d700d17
RF: Refactor Jail and JailThread
...
Includes:
- documentation to new format and use of properties
- change isActive->is_active as former no longer documented for
python3, and later introduction and documented in python2.6
- status formatter in beautifier somewhat more automatically
formatted; no changes are required for additional status elements
- JailThread now set to active within `start` method, complimenting
`stop` method
2014-02-23 17:41:14 +00:00
Daniel Black
9be22a96a6
Merge pull request #614 from kwirk/complain-abusix
...
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
2014-02-20 09:17:23 +11:00
Daniel Black
cc463aa60d
Merge pull request #620 from kwirk/xarf-tweaks
...
BF: Fix misplaced ";", and duplicate {ip,}matches
2014-02-20 09:16:11 +11:00
Daniel Black
a044517cb7
MRG: from master to 0.9 2014-02-20
2014-02-20 08:35:24 +11:00
Steven Hiscocks
8c5525163b
BF: Fix misplaced ";", and duplicate {ip,}matches
2014-02-18 15:13:02 +00:00
Steven Hiscocks
997729e274
BF: Fix complain action for multiple recipients and misplaced ";"
2014-02-18 15:05:06 +00:00
Steven Hiscocks
7c76f7f204
BF: $EUID not avilable in all shells, replaced with `id -u` in xt_recent
2014-02-16 17:56:06 +00:00
Steven Hiscocks
2a37ee2fb7
ENH: Add root user check in xt_recent, and add missing actionstop
...
Thanks to Helmut Grohne on IRC for suggestion
2014-02-16 16:52:30 +00:00
Steven Hiscocks
5c7630c4be
ENH: Allow separate blacklist category for badips.py action
2014-02-14 17:45:08 +00:00
Steven Hiscocks
cf81ddd8e2
BF: Add error handling in badips.py action
2014-02-14 17:10:34 +00:00
Steven Hiscocks
31f4ea59cb
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
...
Taken from xarf-login-attack action from 0.9 branch by Daniel Black
2014-02-13 22:00:33 +00:00
Steven Hiscocks
dff8909473
ENH: Add badips.com reporting and blacklisting action (python based)
2014-02-09 12:23:14 +00:00
Daniel Black
1e1261ccb4
MRG: from master 2014-01-23
2014-01-23 17:45:18 +11:00
Daniel Black
ca57427080
BF: firewallcmd-ipset had non-working actioncheck
2014-01-23 17:41:13 +11:00
Steven Hiscocks
8221c7ca71
TST+BF: Add tests for python actions, including test for smtp.py
...
Also fix bug when specifying multiple recipients for smtp.py action
2014-01-20 23:10:43 +00:00
Daniel Black
a650178bd1
MRG: merge from master 2014-01-19
2014-01-19 14:48:29 +11:00
Daniel Black
f566cab766
Merge branch 'master' into badips
2014-01-15 09:37:11 +11:00
Daniel Black
cd3e94140c
MRG: complete merge
2014-01-12 21:16:55 +11:00
Yaroslav Halchenko
9a8b449086
DOC: some typos, fixes from Vincent Lefevre
2014-01-06 23:38:52 -05:00
Daniel Black
76468942f9
MRG: complete merge from master
2014-01-07 10:24:23 +11:00
Daniel Black
ab3ded2205
Merge pull request #549 from kwirk/python-actions
...
ENH: Python actions
2014-01-06 02:58:45 -08:00
Steven Hiscocks
69a850d226
DOC: Update docstrings for smtp.py action
2014-01-04 22:46:57 +00:00
Steven Hiscocks
6e63f0ea5a
RF: Change Jails and Actions to Mapping types
2014-01-04 16:57:08 +00:00
Daniel Black
3d1a1afca4
MRG: to more recent 0.9
2014-01-04 09:31:05 +11:00
Daniel Black
5fe75436cc
DOC: DEV NOTES before author names
2014-01-04 08:53:45 +11:00
Steven Hiscocks
80d6f74ee8
RF: Refactor actions further, include removing server proxy interface
...
This allows direct setting of action properties and calling of methods
from the fail2ban-client if so required.
2014-01-03 17:04:49 +00:00
Daniel Black
a0c2de3e4d
DOC: document incompatiblity between APF and iptables-* actions. Closes gh-510
2014-01-03 16:51:38 +11:00
Steven Hiscocks
98bf511443
BF: Incorrect number of arguments in smtp.py action connect log
2014-01-01 23:50:44 +00:00
Steven Hiscocks
5b2b59d752
ENH: python actions use initOpts as **kwargs
...
Adds an easy way to handle case where mandatory arguments are missed, or
not valid arguments are passed
2014-01-01 23:18:11 +00:00
Steven Hiscocks
6ef911185d
ENH: Add matches to smtp.py action
2014-01-01 12:27:49 +00:00
Daniel Black
391b5fc883
MRG: from master again 2014-01-01
2014-01-01 19:28:38 +11:00
Steven Hiscocks
f37c90cdba
ENH: Python based actions
...
Python actions are imported from action.d config folder, which have .py
file extension. This imports and creates an instance of the Action class
(Action can be a variable that points to a class of another name).
fail2ban.server.action.ActionBase is a base class which can be inherited
from or as a minimum has a subclass hook which is used to ensure any
imported actions implements the methods required.
All calls to the execAction are also wrapped in a try except such that
any errors won't cripple the jail.
Action is renamed CommandAction, to clearly distinguish it from other
actions.
Include is an example smtp.py python action for sending emails via smtp.
This is work in progress, as looking to add the <matches> and whois
elements, and also SSL/TLS support.
2013-12-31 18:54:34 +00:00
Daniel Black
be382dae4d
MRG: ufw changelog conflicts
2013-12-29 05:45:06 +00:00
Daniel Black
1f6ece2a40
Merge pull request #490 from grooverdan/firewallcmd-ipset
...
ENH: add firewallcmd-ipset
2013-12-28 21:43:49 -08:00
Daniel Black
a1a219189f
Merge pull request #493 from grooverdan/xarf-ipmatch
...
ENH: use ipmatches for action xarf-login-attack
2013-12-19 01:28:49 -08:00
Daniel Black
7c0efc8ec8
MRG: merge so far - flushLogs not working yet
2013-12-16 15:08:34 +00:00
Daniel Black
4eedf9d4e1
ENH: use ipmatches for action xarf-login-attack
2013-12-15 23:49:38 +00:00
Daniel Black
a398c51d6c
ENH: simplify actioncheck on firewallcmd-new a little more
2013-12-15 22:36:47 +00:00
Daniel Black
772def1095
Merge pull request #491 from kwirk/ipmatches
...
ENH: Add <ipmatches> and <ipjailmatches> tags + sendmail implementations
2013-12-15 14:29:02 -08:00
Steven Hiscocks
40007abc1d
ENH: Refactor and add database matches and failures for sendmail actions
2013-12-15 21:41:43 +00:00
Daniel Black
1c6c011154
EHH missed trailing .
2013-12-14 21:22:46 +00:00
Daniel Black
868a4ea470
ENH: full abusix disclaimer in action xarf-login-attack
2013-12-14 21:18:20 +00:00
Daniel Black
9fe0a69852
ENH: add firewallcmd-ipset
2013-12-14 09:06:01 +00:00
Daniel Black
4ffc57e14f
ENH: simplify firewallcmd-new actioncheck and provide output samples
2013-12-14 07:11:29 +00:00
Daniel Black
ed816afbcd
ENH: add badips action
2013-12-14 01:41:28 +00:00
Daniel Black
1ff52dfe4d
DOC: document ufw a bit more. Change insertpos default to 1 to allow it to work if the user run ufw enable
2013-12-14 00:40:47 +00:00
Daniel Black
f35345ecaa
ENH: add ufw action based off Guilhem Lettron's work in lp-#701522. Closes gh-455
2013-12-14 00:34:12 +00:00
Daniel Black
13ccebe78f
BF: fix actioncheck in firewallcmd
2013-12-13 23:40:51 +00:00
Steven Hiscocks
0bcff771b8
ENH: Add <ipmatches> and <ipjailmatches> tags
...
Example use filter also added for sendmail-whois with ipmatches rather
than grepped lines
2013-12-13 22:40:11 +00:00
Daniel Black
f385439a41
MRG: ChangeLog merge
2013-12-09 09:28:42 +11:00
Daniel Black
36917d7517
BF: action.d/complain - match IP at beginning and end of lines
2013-12-09 09:21:55 +11:00
Daniel Black
135c759dbb
Merge pull request #477 from kwirk/blocklist.de
...
ENH: Added blocklist.de reporting API action
2013-12-06 16:16:39 -08:00
Steven Hiscocks
630dd91dcd
BF: Add [Init] section to blocklist.de action
2013-12-07 00:09:31 +00:00
Steven Hiscocks
b3c173795e
ENH: blocklist.de action error on HTTP response code 4xx
2013-12-06 08:22:21 +00:00
Daniel Black
51f2619878
Merge pull request #473 from grooverdan/whois-missing
...
ENH: Whois missing in actions? Include output to say so
2013-12-05 12:44:35 -08:00
Steven Hiscocks
a19b33cc72
ENH: blocklist.de action added fail2ban version as user agent
2013-12-05 18:12:15 +00:00
Steven Hiscocks
f742ed0e4b
DOC: when to use blocklist.de reporting
...
Taken from commit 1846056606
2013-12-05 18:06:53 +00:00
Steven Hiscocks
e810ec009d
ENH: Added blocklist.de reporting API action
2013-12-05 08:22:20 +00:00
Daniel Black
4dc51e5def
BF: put notice in email if whois program could not provide more information. Closes gh-471
2013-12-04 22:43:06 +11:00
Daniel Black
97d7f46bb7
DOC: correct grammar - s/Here are more information/Here is more information/
2013-12-04 22:40:48 +11:00
Daniel Black
8aead9ab79
BF: escape quotes when splitting addresses for xarf
2013-12-04 08:19:05 +11:00
Daniel Black
1846056606
DOC: when to use xarf messages to network owner
2013-12-03 20:40:42 +11:00
Daniel Black
8c37d2e4de
ENH: remove dependency on querycontacts
2013-12-03 20:34:21 +11:00
Daniel Black
dd356c3cef
BF: fixed for sendmail and tested the MTA aspects of this action
2013-12-01 19:08:28 +11:00