github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,762 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

5762 Commits (b892133d516d1389a647a287a1a3b58e2eece65f)

Author SHA1 Message Date
Sergey G. Brester c5d43d7573
Update ChangeLog 2021-04-04 00:00:59 +02:00
Michele Mondelli 7579072e3b docs: fix typos 2021-04-03 23:49:23 +02:00
Sergey G. Brester 4eba9f2a4b
Merge pull request #2950 from sunweaver/pr/scanlogd-filter 
Add support for filtering out detected port scans via scanlogd.
 2021-04-03 23:36:14 +02:00
Sergey G. Brester 2d51240b3e
correction for default log interpolation and added allports banaction 2021-04-03 23:33:49 +02:00
Sergey G. Brester 977dfe4bd7
small amend: sport after saddr is optional 
format of message: saddr[:sport] to daddr [and others,] ports port[, port...], ..., flags[, TOS TOS][, TTL TTL] @HH:MM:SS
 2021-04-03 23:29:16 +02:00
Sergey G. Brester 14edeed310
fixed regex (don't need to match whole line, e. g. every port etc) 2021-04-03 23:24:55 +02:00
Sergey G. Brester 0c4d356d11
added test log-file 2021-04-03 23:10:51 +02:00
Sergey G. Brester 080dd12288
Merge pull request #2965 from oukb/patch-1 
nsd.conf: fix for the current log format
 2021-04-03 21:02:03 +02:00
Sergey G. Brester a838deba7f
restore anchor (e. g. catch all in the middle), dot is optional now, RE rewritten a bit more precise 2021-04-03 21:00:14 +02:00
Sergey G. Brester 1215cb28ac
Update nsd 2021-04-03 20:58:26 +02:00
sebres d445b5671d Merge pull request #2642 from rolschewsky/mssql (and amend from sebres/mssql) 2021-04-03 20:28:18 +02:00
sebres 7f38b80d35 precise regex (left anchor and fewer catch-all's); fixed tests (added failJSON and more tests for some corner-cases around new RE) 2021-04-03 20:16:47 +02:00
Rüdiger Olschewsky 9eaa2322b0 Filter and Defaults for Microsoft SQL Server 2021-04-03 19:30:29 +02:00
Markus Felten 5aa20c30d8 fix: add journalmatch to nginx filters 2021-04-03 19:20:50 +02:00
j-marz 5d8f500471 updated formatting to pass tests 2021-03-29 08:36:53 +11:00
j-marz 2686811593 Updated zoneminder filter 
Support new log format, ERR instead of WAR. Add detection of non-existent user login attempts
 2021-03-28 21:19:10 +11:00
sebres 80a33b1dee Merge branch '0.11' 2021-03-25 12:14:11 +01:00
sebres b259e81911 test-suite: skip testFQDN if no network 2021-03-25 12:13:46 +01:00
sebres d8e450cf12 Merge branch 'fix-readline-multibyte' 2021-03-25 12:13:18 +01:00
sebres 4b17dddc23 update ChangeLog 2021-03-25 12:07:34 +01:00
sebres ccf4f3a07d amend with common log-file iterator in fail2ban-regex and test-suite (in sample regex factory also) 2021-03-25 12:07:31 +01:00
sebres 9659033523 fail2ban-regex: reimplemented log-file iterator - uses FileContainer facilities now instead of direct read from file and decode; 
fail2banregextestcase.py extended to cover proper line-ending handling by interim NL char as part of multi-byte encodings (utf-16be, utf-16le)
 2021-03-25 12:07:29 +01:00
sebres cbac7c176a readline fixed to consider interim new-line character as part of code point in multi-byte logs (e. g. unicode: utf-16be, utf-16le); 
suppress warning "Error decoding line" for incomplete line (produced by not fully read multi-byte new-line character at end of data);
added test coverage for such logs
 2021-03-25 12:07:26 +01:00
sebres 6cf4669dee Merge branch '0.10' into 0.11 2021-03-24 14:18:22 +01:00
sebres d135aeea16 fixes restore of original logging withing tests (`LogCaptureTestCase.tearDown`) - python 3 seemed still to log wordy after tear down (setting of log.level does not restore the level for related log objects - e. g. for logger of `fail2ban.jail` etc, so `fail2ban-testcases '(testVersion|testLongName).*servertest'` generating messages in stdout handler in testLongName) 2021-03-24 14:14:47 +01:00
sebres 8757563be1 close fork 2021-03-23 14:20:10 +01:00
sebres 996920cdaa in operation mode the filter reads only complete lines (ended with new-line) now, otherwise it would wait for end of line (for its completion) 2021-03-22 01:17:26 +01:00
sebres 061fab898a Merge branch '0.10' into 0.11 2021-03-22 00:58:03 +01:00
sebres e587526ede tests: add missing constraint (causing incomplete comparison in below cycle if fewer lines as expected was found) 2021-03-22 00:56:40 +01:00
sebres 343ccd7e8a small optimization 2021-03-21 23:35:38 +01:00
sebres 9bdc4be6cc stability: better recognition of rotation (e. g. on hash collision, consider current size and last known position now), no hash of empty file (or not fulfilled line), etc; 
performance: avoid unnecessary seek to start of file and hash calculation - now it occurs only if file really rotated (ino changing or size shrinking), otherwise not earlier than in 30 seconds;
avoid unneeded log-rotation in tests
 2021-03-21 23:35:09 +01:00
sebres 725354c793 action info extended with new members for jail info (usable as tags in command actions): 
`jail.found`, `jail.found_total` - current and total found failures
  `jail.banned`, `jail.banned_total` - current and total bans
closes #10
 2021-03-20 22:33:31 +01:00
oukb 529866b2bb
nsd.conf: fix for the current log format 
New nsd 4.3.5 log format:

|  [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
|  [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches
|  [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches
|  [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
 2021-03-08 19:14:28 +03:00
Mike Gabriel f15ed35619 config/: Add support for filtering out detected port scans via scanlogd. 2021-03-05 16:35:13 +01:00
Sergey G. Brester 08393f9d82
Update filter_request.md 2021-03-03 20:28:27 +01:00
sebres df5e024fb8 new issue templates 2021-03-03 20:16:34 +01:00
sebres fb08534ed7 Merge branch '0.11' 2021-03-03 18:17:35 +01:00
sebres 3eaefe8da0 Merge branch '0.10' into 0.11 2021-03-03 18:16:47 +01:00
sebres 04aba6168c fixed typo, `--` is not expected in options declaration, so `--dump-pretty` did never work (only `--dp` is working) 2021-03-03 13:02:00 +01:00
sebres a45b1c974c filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast); 
closes gh-2951
 2021-03-02 19:35:27 +01:00
sebres 63acc862b1 `action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action 2021-02-24 18:21:42 +01:00
sebres fb6315ea5e Merge branch '0.10' into 0.11 2021-02-24 13:16:36 +01:00
sebres 6f4b6ec8cc action.d/badips.* removed (badips.com is no longer active, gh-2889) 2021-02-24 13:05:04 +01:00
sebres e3d43d1241 Merge branch 'fix-rc-on-too-many-failures' into 0.10: resolves RC with uncontrolled growth of failure list (jail with too many matches that did not cause ban, gh-2945) 2021-02-24 12:45:15 +01:00
sebres 92a2242174 amend fixing journal tests (systemd backend only) 2021-02-23 15:54:48 +01:00
sebres e353fb8024 fixed test cases (ban ASAP also followed in test suite now, so failure reached maxretry causes immediate ban now) 2021-02-23 02:46:44 +01:00
sebres 55d7d9e214 *WiP* try to solve RC on jails with too many failures without ban, gh-2945 ... 2021-02-22 18:39:58 +01:00
sebres 884cbbd6e1 Merge branch '0.11' 2021-02-17 19:04:23 +01:00
sebres abc5a4e062 ChangeLog (#2742) 2021-02-17 19:02:22 +01:00
sebres a0352182e8 Merge branch '0.10' into 0.11 2021-02-17 18:57:38 +01:00