4416 Commits (af2de7ff2fe7ad8a306a8963467a54bdbae7f3a4)

 

All Branches   

Search

Author	SHA1	Message	Date
Yaroslav Halchenko	af2de7ff2f	RF: COND_FAMILIES - use tuple ... no need for a dict where tuple would be preferable (deterministic order)	7 years ago
sebres	a45488465e	prepare release: bump version, update ChangeLog, man's and MANIFEST etc.	7 years ago
sebres	81b61fe30c	ChangeLog update	7 years ago
sebres	f69e28adfc	action.d/pf.conf: compatibility fix - recognizes that parameter `port` specified as empty, with or without braces (should be more backwards compatible to 0.9 now).	7 years ago
sebres	ed22ddbbbb	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	7 years ago
Sergey G. Brester	37f5a6975e	Merge pull request #2015 from BenediktSeidl/nginx-http-auth--spaces-fix ... nginx-http-auth: match usernames with spaces	7 years ago
sebres	63e906b2c1	regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name	7 years ago
Benedikt Seidl	fed6c49c2d	nginx-http-auth: match usernames with spaces ... # Conflicts: # ChangeLog	7 years ago
Sergey G. Brester	9a8c4a9869	Merge pull request #2018 from riceru/patch-1 ... lighttpd-auth.conf: new log-format (http_auth -> mod_auth)	7 years ago
Sergey G. Brester	b6c6565a7e	regex updated using non-capturing groups	7 years ago
Sergey G. Brester	9a46590486	extended test-cases to cover new log-format (http_auth -> mod_auth)	7 years ago
riceru	6a1bbbf101	Update lighttpd-auth.conf ... I have lighttpd 1.4.45 (Debian 9) and auth error log is different. Now printing mod_auth and not http_auth. I think that the change was in Lighttp 1.4.42	7 years ago
sebres	2b7b0da943	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	7 years ago
sebres	2bce0c5e3e	file-filter's: provide stop function in order to explicitly delete/stop monitoring of each file.	7 years ago
sebres	81c86fa83f	Remove annoying error-message "rm_watch: cannot remove WD=2, Errno=Invalid argument (EINVAL)", logged from pyinotify-module if rm_watch called with non-existing watch file descriptor (probably multi-threaded issue by dual-remove). ... Closes gh-1865	7 years ago
sebres	b644d2d73f	should fix sporadic coverage decrease (don't cover "return", because too sporadic to get idle in pyinotify-callback);	7 years ago
sebres	7516cd025d	fixed restoring sane environment (via stop/start) if invariant check failed: bypass possible errors in stop (if start/check succeeded hereafter); ... test cases extended to cover such situation. Closes gh-1997	7 years ago
Serg G. Brester	7e05976ead	action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now. ... Closes #2000	7 years ago
sebres	29e1fe9479	micro-fix: delete temporary file (forgotten in test-case `test_move_dir` by reassign to directory)	7 years ago
Serg G. Brester	6251fcf5f7	Merge pull request #2014 from sebres/sshd-fix-connects-with-mult-pub-keys ... stop ban of legitimate users with multiple public keys (e. g. git, etc)	7 years ago
sebres	1c0fc73e48	Update ChangeLog	7 years ago
sebres	2112145eb4	stop ban of legitimate users with multiple public keys (e. g. git, etc), thereby ... differentiate between "invalid user" (going banned earlier) and valid users with public keys, for which the rejects of not valid public keys (failures) will be retarded up to "Too many authentication failures" resp. disconnect without success (accepted public key).	7 years ago
sebres	314e402fe0	filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)	7 years ago
sebres	c36fbdf743	test cases extended in order to cover `firewallcmd-ipset` with `allports`	7 years ago
sebres	c30144b37a	Merge branch '0.9' into 0.10 ... # Conflicts: # config/action.d/firewallcmd-ipset.conf # config/filter.d/asterisk.conf # Merge-point after cherry-pick, no changes: # fail2ban/client/jailreader.py # fail2ban/helpers.py	7 years ago
Serg G. Brester	029cd5aa24	Update ChangeLog	7 years ago
Serg G. Brester	597a27576e	Merge pull request #1908 from GetPageSpeed/firewallcmd-ipset-allports ... New ban mode `allports` for `firewallcmd-ipset`. Closes #1167	7 years ago
sebres	131b94e11e	firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage: ... banaction = firewallcmd-ipset[actiontype="<allports>"]	7 years ago
Danila Vershinin	c190631f88	New ban action firewallcmd-ipset-allports. Closes #1167	7 years ago
sebres	3d9a112c8f	cherry-pick newer version of extractOptions, in order to avoid large discrepancy between 0.10 and 0.9 config-parsers: ... allow to use dual parameter lists (coming through substitutions), e. g.: `name[p1=0, p2="..."][p3='...']`; simplified explanation: `][` treats as `,` in new version. cherry-picked from 0.10.	7 years ago
Serg G. Brester	82f8bd8639	Merge pull request #2011 from Yannik/patch-1 ... Fix filter not catching asterisk requests with quote character in username (fixes #2010)	7 years ago
Serg G. Brester	f7e2d3610b	Update ChangeLog	7 years ago
Serg G. Brester	a1d1498561	Restore log-entries not affected by #2011	7 years ago
sebres	f6d0c86533	test cases extended: flush jail in database	7 years ago
sebres	2c69c0e7e5	flush jail in database: bulk remove of all IPs in the database (e. g. reload --unban).	7 years ago
Yannik Sembritzki	aab54bb0dd	don't replace normal test case with specialized test case	7 years ago
Yannik Sembritzki	94f0b15c32	Allow faster parsing of hosts without ' characters in them	7 years ago
Yannik Sembritzki	eaf5e88692	replace actual offenders ip with 1.2.3.4	7 years ago
Yannik Sembritzki	184202c6aa	remove duplicate testcase	7 years ago
Yannik Sembritzki	a53ee46ad4	add test for asterisk pjsip attack with quote in username	7 years ago
Yannik Sembritzki	b28dfb965a	Fix filter not catching asterisk requests with quote character in username (fixes #2010)	7 years ago
sebres	1e39c2600c	cherry-pick from 0.11: changes in updateDb because it can be executed after repair, and some tables can be missing.	7 years ago
sebres	277edd5fe5	amend to pull request #2004: merge remote-tracking branch 'sebres/auto-repair-database' into 0.10	7 years ago
sebres	ab3d03beec	Better variant of repair database: recreate all tables/indices, that can be missing after supposedly successful rescue	7 years ago
Serg G. Brester	75f00a3a6c	Merge pull request #2004 from sebres/auto-repair-database ... Automatically recover or recreate corrupt persistent database	7 years ago
Serg G. Brester	b104da2800	Merge pull request #2005 from sebres/0.10 ... Stability fix for fail2banclienttestcase, avoid sporadic coverage decrease.	7 years ago
sebres	a10d544ddc	coverage: fix another sporadic coverage decrease, if idle mode never reached in some test-cases (e. g. by slowly reloading of jails).	7 years ago
sebres	80932af406	coverage: testErrorsInLoop should avoid sporadic coverage changes, if some communication errors not occurred sometimes.	7 years ago
sebres	a1fd2c507e	method `waitForServerEnd` renamed into `stopAndWaitForServerEnd` (because will also stop the server)	7 years ago
sebres	1ad587ac7c	Stability fix for fail2banclienttestcase: ... - provide waitForServerEnd method for decorator `with_foreground_server_thread`, to wait for real server stop if needed; - accept any exit code in decorator `with_foreground_server_thread`, because multi-threaded, thus server can exit in-between; - fix sporadic fail "AssertionError: 'Banned 5 / 5, 5 ticket(s)' was not found" (if some tickets will be processed earlier, thus not as chunk but separately), so in case of: Banned 1 / 1, 1 ticket(s) in 'nginx-blck-lst' Banned 4 / 5, 5 ticket(s) in 'nginx-blck-lst'	7 years ago