fail2ban

Commit Graph

Author	SHA1	Message	Date
Yaroslav Halchenko	da752aff14	perspective changelog for 0.8.7 Conflicts: ChangeLog	13 years ago
Yaroslav Halchenko	6495942550	DOC: minor (untabify, utf8) for ChangeLog	13 years ago
Yaroslav Halchenko	dca5634717	Merge branch '_enh/test_backends' -- fixing inotify backend, RF backends, unittests * _enh/test_backends: RF: reordered tests + enabled gamin now that its fix is pending in Debian ENH+BF: filtergamin -- to be more inline with current design of filterinotify ENH: 1 more sleep_4_poll to guarantee difference in time stamp ENH: few more delays for cases relying on time stamps ENH: tests much more robust now across pythons 2.4 -- 2.7 BF+RF: pyinotify refreshes watcher upon CREATE, unified/simplified (add\|del)LogPath among Filters ENH: fail2ban-testcases -- custom logging format to ease debugging, non-0 exit code in case of failure ENH: Filter's testcases -- rename, del + list again --- a bit unstable, might still fail from time to time BF: pyinotify -- monitor the parent directory for IN_CREATE + process freshly added file (Closes gh-44) ENH: first working unittest for checking polling and inotify backends RF/BF: just use pyinotify.ThreadedNotifier thread in filterpyinotify RF: filter.py -- single readline in a loop ENH: FilterPoll -- adjusted some msgs + allowed to operate without jail (for testing) Minor additional comment to DEVELOP ENH: extended test LogfileMonitor	13 years ago
Yaroslav Halchenko	481b1530d6	RF: reordered tests + enabled gamin now that its fix is pending in Debian reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542361	13 years ago
Yaroslav Halchenko	c6f5d854d3	ENH+BF: filtergamin -- to be more inline with current design of filterinotify	13 years ago
Yaroslav Halchenko	337f3f6f7b	ENH: 1 more sleep_4_poll to guarantee difference in time stamp	13 years ago
Yaroslav Halchenko	e9964846fa	ENH: few more delays for cases relying on time stamps	13 years ago
Yaroslav Halchenko	c0c1232c5f	Merge branch 'master' into _enh/test_backends * master: Ask users to report bugs to github's issues Replace "\|" with "_" in ipmasq-ZZZzzz\|fail2ban.rul (Closes gh-66)	13 years ago
Yaroslav Halchenko	a1a67d34a9	ENH: tests much more robust now across pythons 2.4 -- 2.7 * needed additional sleeps for polling filter since that one relies on time-stamps and too rapid changes would not be caught by the PollFilter * in python 2.4, time stamps are up to a second (int's) so sleeps longer * test_new_bogus_file -- just to make sure that addition of new files does not alter our monitoring	13 years ago
Yaroslav Halchenko	d9248a6cf8	BF+RF: pyinotify refreshes watcher upon CREATE, unified/simplified (add\|del)LogPath among Filters * all of the Filters had too much of common logic in their LogPath methods, which is now handled by FileFilter and derived classes only add custom actions in corresponding _(add\|del)LogPath methods pyinotify: * upon CREATE event: - unknown files should not be handled at all - "watcher" for the monitored files should be recreated. Lead to adding _(add\|del)FileWatcher helper methods * callback now obtains full event to judge what to do	13 years ago
Yaroslav Halchenko	b33ae8c194	Ask users to report bugs to github's issues	13 years ago
Yaroslav Halchenko	08564bda1a	ENH: fail2ban-testcases -- custom logging format to ease debugging, non-0 exit code in case of failure	13 years ago
Yaroslav Halchenko	6ac9fd5d26	ENH: Filter's testcases -- rename, del + list again --- a bit unstable, might still fail from time to time	13 years ago
Yaroslav Halchenko	3c95121a8b	BF: pyinotify -- monitor the parent directory for IN_CREATE + process freshly added file (Closes gh-44)	13 years ago
Yaroslav Halchenko	60260bce3d	ENH: first working unittest for checking polling and inotify backends	13 years ago
Yaroslav Halchenko	baa09098f0	RF/BF: just use pyinotify.ThreadedNotifier thread in filterpyinotify that seems also to overcome the problem of often locking upon stop()	13 years ago
Yaroslav Halchenko	25674a95f8	RF: filter.py -- single readline in a loop	13 years ago
Yaroslav Halchenko	b3614d4ea2	ENH: FilterPoll -- adjusted some msgs + allowed to operate without jail (for testing)	13 years ago
Yaroslav Halchenko	42523dce92	Minor additional comment to DEVELOP	13 years ago
Yaroslav Halchenko	47e956bc8e	Replace "\|" with "_" in ipmasq-ZZZzzz\|fail2ban.rul (Closes gh-66) Surprise -- that is for Windows compatibility	13 years ago
Yaroslav Halchenko	0b842272e3	ENH: extended test LogfileMonitor	13 years ago
Alan Jenkins	8c38907016	Misconfigured DNS should not ban successful ssh logins Noticed while looking at the source (to see the point of ssh-ddos). POSSIBLE BREAK-IN ATTEMPT - sounds scary? But keep reading the message. It's not a login failure. It's a warning about reverse-DNS. The login can still succeed, and if it _does_ fail, that will be logged as normal. <exhibit n="1"> Jul 9 05:43:00 brick sshd[18971]: Address 200.41.233.234 maps to host234.advance.com. ar, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Jul 9 05:43:00 brick sshd[18971]: Invalid user html from 200.41.233.234 </exhibit> The problem (in my mind) is that some users are stuck with bad dns. The warning won't stop them from logging in. I'm pretty sure they can't even see it. But when they exceed a threshold number of logins - which could be all successful logins - fail2ban will trigger. fail2ban shouldn't adding additional checks to successful logins - it goes against the name fail2ban :) - the first X "POSSIBLE BREAK-IN ATTEMPT"s would be permitted anyway - if you want to ban bad DNS, the right way is PARANOID in /etc/hosts.deny I've checked the source of OpenSSH, and this will only affect the reverse-DNS error. (I won't be offended if you want to check for yourself though ;) <exhibit n="2"> $ grep -r -h -C1 'ATTEMPT' openssh-5.5p1/ logit("reverse mapping checking getaddrinfo for %.700s " "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop); return xstrdup(ntop); -- logit("Address %.100s maps to %.600s, but this does not " "map back to the address - POSSIBLE BREAK-IN ATTEMPT!", ntop, name); $ </exhibit>	13 years ago
Yaroslav Halchenko	9a2b41f6ad	ENH: add more verbosity levels to be controlled while running unittests	13 years ago
Yaroslav Halchenko	398cc73d3d	Added few tests of FileFilter. yet to place them into a Jail-ed execution test At the moment they are, despite being provided different backends, pretty much test FileFilter functionality.	13 years ago
Yaroslav Halchenko	bbab49a415	DOC: distilling some of server "design" into DEVELOP notes for common good	13 years ago
Yaroslav Halchenko	9b360bb12d	ENH: minor, just trailing spaces/tabs + reformated a string	13 years ago
Yaroslav Halchenko	215c3cc5c5	ENH: added a basic test for FilterPoll for detection of modifications The test class MonitorFailures is intended to be excercised for all Filter*'s, i.e. backends. It is just atm it is useful only for Poll	13 years ago
Yaroslav Halchenko	f970bb288a	Merge pull request #59 from yakatz/doc/DEVELOP clarified that the are existing test cases and the 'coming soon' is about creating new ones	13 years ago
Yehuda Katz	bd40cc7c31	clarified that the are existing test cases and the 'coming soon' is about creating new ones.	13 years ago
Yaroslav Halchenko	25b629a75b	Merge pull request #58 from yakatz/doc/DEVELOP Added beginnings of documentation for developers	13 years ago
Yehuda Katz	322f53e26d	Added beginnings of documentation for developers	13 years ago
Yaroslav Halchenko	3989d24967	BF: usedns=no was not working at all it was not adding any detected address, IP or not to the list of failed attempts This commit also adds appropriate unittest	13 years ago
Yaroslav Halchenko	971406f722	RF: filtertestcase.py to put common testing into a helping subroutine	13 years ago
Yaroslav Halchenko	d0a322f2b8	ENH: be able to control verbosity from cmdline for fail2ban-testcases	13 years ago
Yaroslav Halchenko	b4099dae57	DOC: Adjusted header for config/*.conf to mention .local and way to comment thanks to Stefano Forli for reminding about comments see Debian Bug#676146	13 years ago
Yaroslav Halchenko	958aa2e932	Merge pull request #50 from mellitus/master Fix addBannedIP/banip command (Closes gh-31)	13 years ago
Chris Reffett	a018a26133	Fixed addBannedIP to add enough failures to trigger a ban, rather than just one failure.	13 years ago
Jeremy Olexa	444e4ac3ed	Fix Gentoo initd script (drop extra_commands)	13 years ago
Petr Voralek	4007751191	ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 (Closes: #669063 )	13 years ago
Yaroslav Halchenko	7b77beee0e	DOC: comment in jail.conf for the need of multiple jails for asterisk	13 years ago
Yaroslav Halchenko	71a3fb17e2	Merge remote-tracking branch 'gh-magicrhesus/master' * gh-magicrhesus/master: Add the INCLUDE section to use __pid_re feature Disable asterisk jail by default Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports Change NOTICE by NOTICE%(__pid_re)s Remove custom bantime Add sample log file for asterisk Add $ at the end of the failregex Add asterisk support Conflicts: config/jail.conf -- placed asterisk jails before recidive and added blank lines after the jail headers	13 years ago
Xavier Devlamynck	8c00ce0a65	Add the INCLUDE section to use __pid_re feature	13 years ago
Xavier Devlamynck	180c17bede	Disable asterisk jail by default	13 years ago
Xavier Devlamynck	df0e0fdc07	Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports	13 years ago
Xavier Devlamynck	c679a1a588	Change NOTICE by NOTICE%(__pid_re)s	13 years ago
Yaroslav Halchenko	42dd05210a	Added a warning for the recidive jail	13 years ago
Yaroslav Halchenko	617094fad5	BF: fail2ban-regex -- adding forgotten char for -v	13 years ago
Xavier Devlamynck	d7ca754980	Merge branch 'master' of github.com:magicrhesus/fail2ban	13 years ago
Xavier Devlamynck	c7613ce311	Remove custom bantime	13 years ago
Xavier D	7a76838737	Add sample log file for asterisk	13 years ago

... 4 5 6 7 8 ...

1007 Commits (be0e8faa4eab4e0b444374647360ad3d1fd9e41b) All Branches Search

1007 Commits (be0e8faa4eab4e0b444374647360ad3d1fd9e41b)

All Branches