github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,261 Commits
34 Branches
230 Tags
23 MiB
Commit Graph

3261 Commits (b40c6cbd9a0c1b51e0cc0f0c4629b84d60c2c129)

Author SHA1 Message Date
Yaroslav Halchenko b40c6cbd9a ENH: .mailmap file to bring some names together for git shortlog -sn 2015-11-01 11:28:58 -05:00
sebres 5767191988 fixed misleading documentation of `banaction` 2015-11-01 17:08:00 +01:00
sebres fcf03790f4 fixed misleading documentation of `banaction` 2015-11-01 17:05:02 +01:00
Serg G. Brester eef7771b4e Merge pull request #1238 from sebres/fix/gh-1216 
Fixed directly defined banaction for allports jails like pam-generic, recidive, etc
 2015-10-31 13:17:04 +01:00
sebres e825e977cc Nginx log paths extended (prefixed with "*" wildcard) 
closes gh-1237
 2015-10-30 17:51:30 +01:00
sebres f359ed8c36 Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added); 
closes gh-1216
 2015-10-30 15:36:18 +01:00
sebres 53b39162a1 Shortly, much faster and stable version of regexp (possible because expression is start-anchored and does not contains closely to catch-all sub expressions) 2015-10-29 23:55:23 +01:00
sebres 6884593ab8 New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) 2015-10-29 23:15:20 +01:00
sebres eb87638ead ChangeLog entry for OpenHAB home automation filter (gh-1223) 2015-10-26 15:56:01 +01:00
1technophile 2861a957a9 filter for openhab domotic software authentication failure with the rest api and web interface + test cases; 
closes gh-1223
 2015-10-26 15:48:23 +01:00
Serg G. Brester 26517b0464 Merge pull request #1226 from pablorf-dev/master 
Minor fix and enhancement (fake google domains)
 2015-10-22 14:23:47 +02:00
Pablo Rodriguez Fernandez 2c576c64f8 Change domain filter regex 
Change domain filter regex since there are other Google crawlers.
See "Google crawlers"
<https://support.google.com/webmasters/answer/1061943?hl=en>
 2015-10-20 10:46:00 +02:00
Pablo Rodriguez Fernandez 74fcb219ab Enhanced Google domain detection in apache-fakegooglebot 
Previously, an attacker could fake a domain like
crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change
avoids to resolve fake Google domains.
 2015-10-20 10:45:53 +02:00
Pablo 7e6964dd9d Fix section jail.conf.5 manpage 
The section of jail.conf manpage is wrong, should be 5, not 10
 2015-10-15 10:40:56 +02:00
Serg G. Brester 3a5d4fdd26 Merge pull request #1221 from pablorf-dev/master 
Add check in apache-fakegooglebot to protect against PTR fake record (gh-1221)
 2015-10-14 11:33:06 +02:00
Pablo Rodriguez Fernandez a28e6b442e Add check in apache-fakegooglebot to protect against PTR fake record 
An attacker may return a PTR record which fakes a Googlebot's domain
name. This modification resolves the PTR records to verify it.

See "Verifying Googlebot":
<https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>
 2015-10-13 17:11:49 +02:00
Yaroslav Halchenko 16443f7b05 Merge pull request #1219 from agentmoller001/patch-1 
Updated route.conf to clear warnings (Closes #1026)
 2015-10-09 21:26:53 -04:00
agentmoller001 617302fcc2 Updated route.conf to clear warnings 
Does not throw warnings when starting/restarting by adding three lines of code.
 2015-10-09 18:16:36 -07:00
Yaroslav Halchenko 6fb5e3a494 removed outdated and "problematic" .pydevproject 2015-10-09 14:10:02 -04:00
Serg G. Brester 42598fbf26 Merge pull request #1215 from paulmenzel/strip-trailing-whitespace-from-files-under-files 
files: Strip trailing whitespace from files
 2015-10-08 18:39:40 +02:00
Paul Menzel 078e2048f2 files: Strip trailing whitespace from files 
Run the command `StripWhitespace` from the [Vim Better Whitespace
Plugin](https://github.com/ntpeters/vim-better-whitespace).
 2015-10-08 16:18:08 +02:00
sebres 2696ede251 mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later 
closes gh-1211
 2015-10-07 14:34:13 +02:00
sebres 61ac481703 IpToName test case fixed ('66.249.66.1' resp. 'crawl-66-249-66-1.googlebot.com' seems to be unresolvable) 2015-10-07 13:36:21 +02:00
Serg G. Brester 68db52474d Merge pull request #1206 from kevinoid/ssh-match-auth-fail 
ssh.conf: Fix disconnect "Auth fail" matching
 2015-10-05 10:15:53 +02:00
Kevin Locke 2a5c93cfb5 Update ChangeLog and THANKS for "Auth fail" changes 
Document the changes from 36919d9f in the ChangeLog and add myself to
the THANKS file (at @sebres suggestion).

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-05 00:31:13 -07:00
Kevin Locke 42b0e9258d Test cases for ssh.conf disconnect "Auth fail" 
Add test coverage for the new disconnect "Auth fail" matching added in
36919d9f.

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-02 15:56:26 -07:00
Kevin Locke 36919d9f97 ssh.conf: Fix disconnect "Auth fail" matching 
The regex for matching against "Auth fail" disconnect log message does
not match against current versions of ssh.  OpenSSH 5.9 introduced
privilege separation of the pre-auth process, which included
[logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114)
which adds " [preauth]" to the end of each message and causes the log
level to be prepended to each message.

It also fails to match against clients which send a disconnect message
with a description that is either empty or includes a space, since this
is the content in the log message after the disconnect code, per
[packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215),
which was matched by \S+.  Although I have not observed this yet, I
couldn't find anything which would preclude it in [RFC
4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the
message is attacker-controlled it provides a way to avoid getting
banned.

This commit fixes both issues.

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-02 15:46:29 -07:00
Yaroslav Halchenko 8311bad4ea Merge pull request #1204 from szepeviktor/patch-8 
Added CloudFlare API error codes URL
 2015-09-30 07:54:30 -07:00
Viktor Szépe 0d8968daa9 Added CloudFlare API error codes URL 2015-09-30 16:07:45 +02:00
Yaroslav Halchenko 7f3b31aa37 Merge pull request #1198 from yarikoptic/enh-split-comma 
ENH: allow to split ignoreip by space and/or comma (Closes #1197)
 2015-09-27 11:09:55 -04:00
Yaroslav Halchenko ff06176e9e Merge remote-tracking branch 'origin/master' into enh-split-comma 
* origin/master:
  DOC: changelog for the timeout change
  Set Timeout at urlopen to 3 seconds
  README :: init/service example mentions debian based systems as the example
  README :: fitted paragraph style
  BF: disable testing on python 3.2 until coverage gets a fix
  README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
  Set Timeout at urlopen to 3 seconds
 2015-09-27 00:52:14 -04:00
Yaroslav Halchenko 4c48e994eb Merge pull request #1201 from yoosefi/master 
README :: Some style/grammar tweaks, and init/service script mention.…
 2015-09-27 00:51:16 -04:00
Yaroslav Halchenko 6c0f898ec7 DOC: changelog for the timeout change 2015-09-27 00:49:57 -04:00
Yaroslav Halchenko 166e99d2ba Merge pull request #1203 from maxbeth/master 
Add a timeout (3 sec) to urlopen within badips.py action
 2015-09-27 00:48:50 -04:00
M. Maraun ebfd223320 Merge branch 'master' of github.com:maxbeth/fail2ban 2015-09-26 21:30:04 +02:00
M. Maraun 2895d981fa Set Timeout at urlopen to 3 seconds 2015-09-26 21:26:55 +02:00
Ryan Yoosefi 0610791ffe README :: init/service example mentions debian based systems as the example 2015-09-25 02:25:11 -07:00
Ryan Yoosefi c1b80a5e1b README :: fitted paragraph style 2015-09-25 02:23:08 -07:00
Yaroslav Halchenko d618ee3d90 BF: disable testing on python 3.2 until coverage gets a fix 2015-09-24 09:53:55 -04:00
Ryan Yoosefi 4744e16539 README :: Some style/grammar tweaks, and init/service script mention. Re: #1193 2015-09-24 06:37:01 -07:00
Yaroslav Halchenko 8cf614e221 ENH: allow to split ignoreip by space and/or comma (Closes #1197) 
Way too many people ran into this gotcha, so lets just do it
 2015-09-23 12:13:52 -04:00
Yaroslav Halchenko 24f875ad3e Merge pull request #1196 from yarikoptic/bf-longer-margin 
BF: relax 1 sec delay testing to 100ms margin (Closes #1195)
 2015-09-23 09:58:41 -04:00
Yaroslav Halchenko 84afcd8b1f BF(PY26): no assertGreater in 2.6 -- use explicit comparison 2015-09-23 09:45:51 -04:00
Yaroslav Halchenko 17a4289798 BF: relax 1 sec delay testing to 100ms margin (Closes #1195) 2015-09-23 08:38:51 -04:00
Yaroslav Halchenko 55e542b273 Merge remote-tracking branch 'pr/1170/head' -- opensuse paths 
* pr/1170/head:
  Updated ChangeLog regarding openSUSE's path config
  Added configuration for opensuse path
 2015-09-17 21:59:45 -04:00
Yaroslav Halchenko 82e528d1dd Merge pull request #1191 from yarikoptic/enh-year-after-day 
ENH: new date pattern with year after day (not after entire entry)
 2015-09-17 21:50:46 -04:00
Yaroslav Halchenko db1a3f17e1 ENH: new date pattern with year after day (not after entire entry) 2015-09-16 08:56:46 -04:00
Yaroslav Halchenko 41edfe8caf Merge pull request #1188 from yarikoptic/rf-assertLogged 
RF(TST): self.assertTrue(self._is_logged()) -> self.assertLogged
 2015-09-15 09:14:58 -04:00
Yaroslav Halchenko d0e6644acd Merge branch 'rf-assertLogged' 
* rf-assertLogged:
  RF/BF: py26 has no {} sets, so just pass multiple entries as *args
  RF(TST): self.assertTrue(self._is_logged()) -> self.assertLogged
 2015-09-15 08:58:15 -04:00
Yaroslav Halchenko d60c52b84f Merge pull request #1187 from yarikoptic/bf-nasty-children-tests 
BF+RF: executeCmd should only return bool status on success and not throw exceptions (when timedout/killed) (Closes #1155)
 2015-09-15 08:56:59 -04:00