github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,159 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

5159 Commits (b9facb80d25e4e7d7bdc46ab36426f23042237a7)

Author SHA1 Message Date
Serg G. Brester 05f5c6efcc Update README.md 
added wiki-reference;
fixed mail-representation (after github swiched markdown syntax)
 2017-03-29 12:32:34 +02:00
Serg G. Brester 1a59a5c5a7 Merge pull request #1740 from sebres/0.10-strptime-perf 
strptime.py: small code review and performance optimization
 2017-03-29 11:33:57 +02:00
sebres ee3c9fcb75 "%y" - in the fail2ban parsed year without century should be always relative current century (>= 2000); 
cover several format specifiers and different "assume" cases (without year, without date, greater as now, etc.);
 2017-03-28 22:10:29 +02:00
sebres 7437fbd75b strptime.py: small code review and performance optimization (get some properties on demand, etc.) 2017-03-28 20:21:39 +02:00
Serg G. Brester ec19aed489 Merge pull request #1739 from gracinet/0.10-test_smtp-no-network 
Fixes test_smtp connects to wrong inet (if listening on ::1 instead of 127.0.0.1)
 2017-03-28 19:49:58 +02:00
Georges Racinet 7b93f111e1 test_smtp inconsistency for py3+IPv6 
It appears that, under Python3, on an IPv6 enabled machine,
the testing SMTP server on 'localhost' can turn out to listen on ::1 only,
which makes those tests break if the SMTP client part uses 127.0.0.1
directly. Using 'localhost' there as well makes the tests pass.
 2017-03-28 19:29:45 +02:00
sebres 873f97c6c5 Merge branch '0.9-log-level-msg' into 0.10 2017-03-27 11:36:36 +02:00
sebres 7982d1e627 Update ChangeLog 2017-03-27 11:31:41 +02:00
sebres e8596cfce7 amend resp. restore of change from 59c35bc44a (gh-129): 
- logging of "Log rotation detected" with new MSG level
- introduces new log-level MSG (as INFO-2, 18)
 2017-03-27 11:27:41 +02:00
Serg G. Brester d26060ead0 Update ChangeLog 
belongs to #1733
 2017-03-27 09:38:53 +02:00
Serg G. Brester cea8ba7831 Merge pull request #1733 from sebres/0.10-repl-skiplines 
Normalizes replacement of `<SKIPLINES>` + no multiline failregex per default
 2017-03-27 09:34:08 +02:00
Seth Reeser c82495353f Update mysqld-auth.conf (#1725) 2017-03-24 19:03:20 +01:00
Serg G. Brester 52c1950371 Update mysqld-auth.conf 
small typo, closes gh-1725 (Thx @seth-reeser)
 2017-03-24 19:03:17 +01:00
sebres 6ac5c55edc the sequence in args-dict is currently undefined (so can be 1st argument with `?` instead of `&`) 2017-03-24 17:35:41 +01:00
sebres 990d9a66da fail2ban-regex: fixed matched output by multi-line (buffered) parsing + and multi-line debuggex URL; 
test coverage extended;
 2017-03-24 17:07:21 +01:00
sebres bc888e0753 Regex compiled in multi-line parsing mode only if `maxlines` > 1 (buffering), if however expected - prefix `(?m)` could be used in regex to enable it; 
Removed warning "Mutliline regex set for jail ... but maxlines not greater than 1", because can be expected situation now:
non multi-line entry from systemd-filter containing new-lines (that should be ignored by anchors resp. entry parsed as single string);
small code review;
 2017-03-24 13:20:04 +01:00
sebres 61c1bdfe79 Normalizes replacement of `<SKIPLINES>` (moved to _resolveHostTag, so will be replaced together with another tags); 
Regex will be compiled as MULTILINE only if needed (buffering with `maxlines` > 1), that enables:
- improve performance by the single line parsing;
- make regex more precise (because distinguish between anchors `^`/`$` for the begin/end of string and the new-line character '\n', e. g. if coming from filters (like systemd journal) that allow the parsing of log-entries contain new-line chars (as single entry);
 2017-03-24 11:25:12 +01:00
Serg G. Brester b650503f00 Merge pull request #1732 from sebres/0.10-ignoreself 
0.10 `ignoreself` for ignore own IP addresses
 2017-03-24 10:12:23 +01:00
sebres e7052e9625 update man/jail.conf.5 (docu for the ignoreself) 2017-03-24 09:55:20 +01:00
sebres 30352c5f03 fix sporadic coverage changes (sometimes produces "no such process" in popen.poll after terminate/kill in timeout test cases) 2017-03-23 17:48:52 +01:00
sebres 663bc9903d increase coverage (was decreased since "ignoreip" was set to default empty) 2017-03-23 16:19:21 +01:00
sebres 6c4b1c7204 Update ChangeLog 2017-03-23 15:54:53 +01:00
sebres 5e93bf9bd3 Introduced new option "ignoreself", specifies whether the local resp. own IP addresses should be ignored (default is true). 
Fail2ban will not ban a host which matches such addresses.

Option "ignoreip" affects additionally to "ignoreself" and don't need to include the DNS resp. IPs of the host self.
 2017-03-23 15:52:31 +01:00
Serg G. Brester 1e6787877a Merge pull request #1726 from sebres/0.10-grave-fix-escape-tags-1st 
0.10 fix escape tags
 2017-03-21 15:33:00 +01:00
sebres 6ba0546824 code review and inline docu 2017-03-21 14:53:33 +01:00
Serg G. Brester 7a03c964c2 Update ChangeLog 2017-03-21 14:04:18 +01:00
sebres bb9541b7a9 Merge pull request #1728 from sebres/_0.10/fix-gh-1719 2017-03-21 11:05:15 +01:00
sebres 43d2cae8da small amend that correct log trace output by forget MLFID (outputs the reason why it was forgotten - close, disconnect, etc.) 2017-03-21 10:39:55 +01:00
sebres b6886f2e51 SampleRegexsFactory extended with optional filter constraint, if testing the same log-file with multiple filters (no possibility to match by the old sshd-filter 'zzz-sshd-obsolete-multiline') 2017-03-21 09:42:27 +01:00
sebres 1971fd4bd3 don't remove MLFID from cache (can recognize multiple attempt within the same connection) 2017-03-21 09:20:56 +01:00
sebres f13fac5ae9 amend to 5561423be3b2d4636f5484183c3ad470fd326d06: fixed incorrect failure counting despite the `<F-NOFAIL>` marked regex; 
extra: introduced new tag `<F-MLFFORGET>` as mark to forget current multi-line MLFID (e. g. connection closed);
Closes gh-1727
 2017-03-21 00:15:57 +01:00
sebres 32f3c1dbf3 test coverage 2017-03-20 13:34:42 +01:00
sebres 57e9c25449 bug fix in the config readers: mixing with the init section should affect only own init options (from init section only bypass default section); 
the situation details:
  value of "_daemon" from default section "default" (with init section) falsely overwrites it from definition section "test" -
  the resulting value of "_daemon" should be "test" in all 3 resulting failregex's (as specified in test.local),
  fixed and covered now;
additionally more complex cases covered also (all filter parameters in jail via "%(known/...)s", dynamical interpolation across all, etc);
 2017-03-20 12:10:09 +01:00
sebres 4f1473724b fixed grave vulnerability by wrong escape of tags by executing of shell actions 2017-03-20 12:09:42 +01:00
sebres e5c9f9ec1c [interim commit] try to fix possible escape vulnerability in actions 2017-03-20 12:08:14 +01:00
sebres 93ec9e01d4 fixes a small blemish by output in beautifier; 
command "unban" returns a count of tickets that were flushed
 2017-03-17 11:00:54 +01:00
Serg G. Brester da808fe67b Merge pull request #1720 from sebres/_0.10/fix-gh-1719 
fix gh-1719: sshd format changed
 2017-03-15 18:36:35 +01:00
sebres 5561423be3 filter.d/sshd.conf: fixed failregex format - some parts are optional, new ddos more precise rule (Connection reset by with host entry); 
closes gh-1719
 2017-03-15 18:01:20 +01:00
sebres 97d417926d repairs testing of missing samples for all regex after filter settings (mode) changed 2017-03-15 18:01:18 +01:00
Viktor Szépe d79267c424 Updated xarf-specification repo URL in xarf action 2017-03-14 20:47:31 +01:00
sebres 482e5265d7 output execution time of each test case if verbosity > 2 2017-03-14 13:34:54 +01:00
Serg G. Brester 77229a65b5 Merge pull request #1716 from sebres/fix-stop-replace-in-callable 
Prohibit recursive replacement of action info (calling map)
 2017-03-13 23:46:52 +01:00
sebres ccfd1ccb2d code review, increase coverage, etc. 2017-03-13 21:56:06 +01:00
sebres 5030e3a122 [Important] Prohibit replacement of recursive "tags" in the action info resp. calling map (very bad idea to do this): 
- the calling map contains normally dynamic values only (no recursive tags);
- recursive replacement can be vulnerable, because can contain foreign (user) input captured from log (will be replaced in the shell arguments);
 2017-03-13 20:45:35 +01:00
sebres c1da6611ec [BF] prevents always converting of calling map items in replaceTag (without direct access of item): 
substituteRecursiveTags: ignore replacing callable items from calling map - should be converted on demand only (by get)
 2017-03-13 18:47:26 +01:00
sebres 92d83274d9 fixes cache overload in the test cases (increase max count and max time of CACHE_ipToName - too many entries in mock-up preset, longer time testing) 2017-03-13 18:03:37 +01:00
Serg G. Brester 3fec546fc0 Merge pull request #1715 from sebres/fix-f2b-regex-debuggex-url 
fail2ban-regex debuggex url fix
 2017-03-13 16:37:57 +01:00
sebres 295f7b88c9 increase coverage 2017-03-13 16:21:03 +01:00
sebres 3cba2310ff Fixes debuggex URL (tag replacement) and missing line stat by matched lines (without time - `matched_lines_timeextracted`); 
Closes gh-1394
 2017-03-13 16:14:06 +01:00
Serg G. Brester 1bcde678c6 Merge pull request #1710 from sebres/0.10-test-with-filter-options 
0.10 filter options extension
 2017-03-13 02:11:48 +01:00