github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,014 Commits
32 Branches
229 Tags
17 MiB
Commit Graph

5014 Commits (bba8844af8c04b95dbc59a767f478515d85484a6)

Author SHA1 Message Date
sebres 2945fe8cbd changelog 2020-08-25 18:25:32 +02:00
sebres d9b8796792 amend with better (common) handling, documentation and tests 2020-08-25 18:01:34 +02:00
sebres 7b05c1ce7a do type-convert only in getCombined (otherwise int/bool conversion prevents substitution or section-related interpolation of tags) 2020-08-25 14:52:22 +02:00
benrubson 1707560df8 Enhance Guacamole jail 2020-08-25 13:01:50 +02:00
sebres ad51fb7e1e partial cherry-pick fd25c4cbb8 (#2768) 2020-08-24 16:41:22 +02:00
Sergey G. Brester 8da663a67e
Merge pull request #2814 from sebres/0.10-date-opt 
extended datepattern handling (TZ issues, no datepattern, etc)
 2020-08-24 16:27:35 +02:00
sebres 295630cccf documentation and changelog 2020-08-24 16:12:55 +02:00
sebres 76e5d2b199 amend to f21c58dc72, better follow previous handling with last known datetime (compatibility for multi-line logs, in case of second line without a timestamp) 2020-08-21 17:53:02 +02:00
sebres f21c58dc72 implements special datepattern `{NONE}` - allow to find failures without date-time in log messages (filter use now as timestamp) 
closes gh-2802
 2020-08-20 20:28:29 +02:00
sebres b82f584a96 added test case covering new date handling (simulation, unknown format, warnings, etc) 2020-08-20 19:46:41 +02:00
sebres d2cef96f33 filter: implement mode `inOperation`, which gets activated if filter starts processing of new messages; better interaction with non-matching optional datepattern or invalid timestamps (or timezone) - assuming now instead of bypass; 
fixed test cases gathering new failures now in operation mode
 2020-08-20 18:52:00 +02:00
sebres 7e8d98c4ed code review, fix simplest TZ issue - avoid date adjustment by assuming of last year (date without year in the future) by wrong zone (don't adjust by offset up to +24 hours) 2020-08-13 19:20:27 +02:00
sebres 3ca69c8c0a amend to #2791: unban subnet when subnet is in supplied subnet 2020-08-11 17:14:21 +02:00
sebres 7d172faa50 implements gh-2791: fail2ban-client extended to unban IP range(s) by subnet (CIDR/mask) or hostname (DNS) 2020-08-11 16:01:52 +02:00
sebres 39d4bb3c35 closes gh-2758: no explicit flush (close std-channels on exit, it would cause implicit flush without to produce an error 32 "Broken pipe" on closed pipe) 2020-08-11 13:57:36 +02:00
sebres a7ad3e00dd amend to 91eca4fdeb (#2634): server creates a RTM-directory for socket/pid file automatically (don't check its existence in client) 2020-08-11 11:58:02 +02:00
sebres 253d47d33c compat: some 2.x pypy versions produce UnicodeEncodeError: 'ascii' codec can't encode character on surrogates (uni_string must be fixed also for UTF-8 system encoding) 2020-08-04 15:08:02 +02:00
sebres 9510346507 typo in skip message 2020-08-04 14:31:11 +02:00
sebres 0ef8f6675d fix travis builds (pipy in xenial, don't error if doc missing in default path after install) 2020-08-04 14:25:31 +02:00
sebres 9100d07c03 Merge branch '0.10-ipset-tout' into 0.10, amend to #2703: resolves names conflict (command action timeout and ipset timeout); closes #2790 2020-08-04 13:53:21 +02:00
sebres 62a6771b33 Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763 
action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)
 2020-08-04 13:51:20 +02:00
sebres 73a8175bb0 resolves names conflict (command action timeout and ipset timeout); closes gh-2790 2020-08-04 13:22:02 +02:00
Sergey G. Brester ea35f2ad75
default loglevel is INFO 2020-07-03 13:47:46 +02:00
Sergey G. Brester 08dbe4abd5
fixed comment for loglevel, default is INFO 2020-07-03 13:45:29 +02:00
sebres 309c8dddd7 action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`) 2020-06-24 19:20:36 +02:00
sebres 5a0edf61c9 filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749) 2020-06-08 14:38:26 +02:00
sebres 9b6da03c90 amend to e786dbf132689133c29671871718a97f93b8912a: removes space between name and [pid] by normal non-verbose logging, padding without truncate now; test coverage for getVerbosityFormat; 
closes #2734
 2020-05-26 13:14:37 +02:00
sebres b8e2b77265 Merge branch '0.10-extend-proto-banned' into 0.10 2020-05-25 15:04:12 +02:00
sebres fa1ff4c5d8 assertSortedEqual: fixed sort of nested lists, switch default of nestedOnly to False (comparison of unsorted lists is rarely needed) 2020-05-25 14:45:24 +02:00
sebres 54b2208690 extends protocol/client with banned status (retrieve information whether an IP is banned and/or in which jails), implements FR gh-2725 2020-05-20 16:31:54 +02:00
sebres 0ae2ef68be ensure iterator is safe (traverse over the list in snapshot created within a lock), avoids getting modified state as well as "dictionary changed size during iteration" errors 2020-05-20 15:36:06 +02:00
sebres afb7a93163 amend to 368aa9e77570519b37fb57c9dbc5112d4c4b7382: fix time in gitlab test (GMT in log due to TZ-suffix `Z`, CEST in test-suite) 2020-05-20 15:27:48 +02:00
Sergey G. Brester 368aa9e775
Merge pull request #2689 from benrubson/gitlab 
New Gitlab jail
 2020-05-04 19:19:13 +02:00
Sergey G. Brester f2aec43d8a
Merge pull request #2140 from szepeviktor/patch-9 
CloudFlare started to indent their API responses
 2020-04-27 19:39:27 +02:00
Sergey G. Brester 42aef09d69
Update ChangeLog 2020-04-27 19:38:48 +02:00
Sergey G. Brester 01e92ce4a6 added fallback using tr and sed (jq is optional now) 2020-04-27 19:26:46 +02:00
Sergey G. Brester 1c1b671c74 Update cloudflare.conf 2020-04-27 19:26:44 +02:00
Sergey G. Brester 5b8fc3b51a cloudflare: fixes ip to id conversion by unban using jq 
normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)
 2020-04-27 19:26:43 +02:00
Viktor Szépe 852670bc99 CloudFlare started to indent their API responses 
We need to use https://github.com/stedolan/jq to parse it.
 2020-04-27 19:26:39 +02:00
Ilya 8b3b9addd1 Change tool from 'cut' to 'sed' 
Sed regex was tested - it works.
 2020-04-27 19:12:36 +02:00
Ilya 5da2422f61 Fix actionunban 
Add command to remove new line character. Needed for working removing rule from cloudflare firewall.
 2020-04-27 19:12:35 +02:00
Sergey G. Brester fe84b158a5
Merge pull request #2703 from sebres/0.10-ipset-tout 
0.10 / ipset timeout removal
 2020-04-26 12:39:37 +02:00
Sergey G. Brester da1652d0d7
Update ChangeLog 2020-04-26 12:26:55 +02:00
sebres 12be3ed77d test cases fixed 2020-04-25 15:17:42 +02:00
sebres 87a1a2f1a1 action.d/*-ipset*.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only) 2020-04-25 14:52:38 +02:00
sebres 6b90ca820f filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently: 
- `normal`: matches 401 with supplied username only
  - `ddos`: matches 401 without supplied username only
  - `aggressive`: matches 401 and any variant (with and without username)
closes gh-2693
 2020-04-23 13:08:24 +02:00
sebres affd9cef5f filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697) 2020-04-21 13:32:17 +02:00
sebres 06b46e92eb jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead); 
no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357;
ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686);
don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.
 2020-04-15 19:00:49 +02:00
sebres 7e3061e7ac fail2ban.service systemd unit template: don't add user site directory to python system path (avoids accessing of `/root/.local` directory, prevents SE linux audit warning at daemon startup, gh-2688) 2020-04-15 17:35:04 +02:00
Sergey G. Brester 78651de7e5
Update ChangeLog 2020-04-14 12:25:18 +02:00