github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
6,143 Commits
33 Branches
229 Tags
18 MiB
Commit Graph

6143 Commits (c16bc503527c71c51bd3e5b90dcf20f869c9d52c)

Author SHA1 Message Date
sebres 54b2208690 extends protocol/client with banned status (retrieve information whether an IP is banned and/or in which jails), implements FR gh-2725 2020-05-20 16:31:54 +02:00
sebres 0ae2ef68be ensure iterator is safe (traverse over the list in snapshot created within a lock), avoids getting modified state as well as "dictionary changed size during iteration" errors 2020-05-20 15:36:06 +02:00
sebres afb7a93163 amend to 368aa9e77570519b37fb57c9dbc5112d4c4b7382: fix time in gitlab test (GMT in log due to TZ-suffix `Z`, CEST in test-suite) 2020-05-20 15:27:48 +02:00
Sergey G. Brester 43f699b872
grammar / typos 2020-05-06 17:32:13 +02:00
Sergey G. Brester 368aa9e775
Merge pull request #2689 from benrubson/gitlab 
New Gitlab jail
 2020-05-04 19:19:13 +02:00
Sergey G. Brester f2aec43d8a
Merge pull request #2140 from szepeviktor/patch-9 
CloudFlare started to indent their API responses
 2020-04-27 19:39:27 +02:00
Sergey G. Brester 42aef09d69
Update ChangeLog 2020-04-27 19:38:48 +02:00
Sergey G. Brester 01e92ce4a6 added fallback using tr and sed (jq is optional now) 2020-04-27 19:26:46 +02:00
Sergey G. Brester 1c1b671c74 Update cloudflare.conf 2020-04-27 19:26:44 +02:00
Sergey G. Brester 5b8fc3b51a cloudflare: fixes ip to id conversion by unban using jq 
normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)
 2020-04-27 19:26:43 +02:00
Viktor Szépe 852670bc99 CloudFlare started to indent their API responses 
We need to use https://github.com/stedolan/jq to parse it.
 2020-04-27 19:26:39 +02:00
Ilya 8b3b9addd1 Change tool from 'cut' to 'sed' 
Sed regex was tested - it works.
 2020-04-27 19:12:36 +02:00
Ilya 5da2422f61 Fix actionunban 
Add command to remove new line character. Needed for working removing rule from cloudflare firewall.
 2020-04-27 19:12:35 +02:00
Sergey G. Brester fe84b158a5
Merge pull request #2703 from sebres/0.10-ipset-tout 
0.10 / ipset timeout removal
 2020-04-26 12:39:37 +02:00
Sergey G. Brester da1652d0d7
Update ChangeLog 2020-04-26 12:26:55 +02:00
sebres 12be3ed77d test cases fixed 2020-04-25 15:17:42 +02:00
sebres 87a1a2f1a1 action.d/*-ipset*.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only) 2020-04-25 14:52:38 +02:00
Sylvestre Ledru 0fe7250f6f remove deprecated package dh-systemd from the build deps (Closes: #958625) 2020-04-23 23:07:02 +02:00
sebres 6b90ca820f filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently: 
- `normal`: matches 401 with supplied username only
  - `ddos`: matches 401 without supplied username only
  - `aggressive`: matches 401 and any variant (with and without username)
closes gh-2693
 2020-04-23 13:08:24 +02:00
sebres affd9cef5f filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697) 2020-04-21 13:32:17 +02:00
Sylvestre Ledru 2d1b4a1e23 prepare upload 2020-04-16 10:08:05 +02:00
Sylvestre Ledru d2efa29f6e add the roundcube modif 2020-04-16 10:01:37 +02:00
Sylvestre Ledru a98e6cdd4d Add Environment="PYTHONNOUSERSITE=yes" to the service file to avoid fail2ban to read /root/.local/. Thanks to Russell Coker for the investigation (Closes: #956177) 2020-04-16 09:23:28 +02:00
sebres 06b46e92eb jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead); 
no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357;
ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686);
don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.
 2020-04-15 19:00:49 +02:00
sebres 7e3061e7ac fail2ban.service systemd unit template: don't add user site directory to python system path (avoids accessing of `/root/.local` directory, prevents SE linux audit warning at daemon startup, gh-2688) 2020-04-15 17:35:04 +02:00
Sergey G. Brester 78651de7e5
Update ChangeLog 2020-04-14 12:25:18 +02:00
Sylvestre Ledru d68fb00628 Do not rotate log if empty. Thanks to Ron Varburg for the patch (Closes: #956681) 2020-04-14 11:44:33 +02:00
Ron Varburg 1e1f10e293 Do not run logrotate if the log is empty 2020-04-14 11:43:45 +02:00
benrubson 2912bc640b New Gitlab jail 2020-04-09 16:42:08 +02:00
Sylvestre Ledru a5ffa9a2b1 has been uploaded 2020-04-09 10:52:16 +02:00
Jelmer Vernooij eebb39d0c5 Merge branch 'patch-1' into 'master' 
Don't ban roundcube users when an external mail server is down.

See merge request python-team/applications/fail2ban!2
 2020-04-08 18:52:06 +00:00
sebres 136781d627 filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682) 2020-04-08 12:17:59 +02:00
Jesse Norell 5d0d5a68c5 Don't ban roundcube users when an external mail server is down. 2020-04-06 21:57:27 +00:00
sebres d21a24de8e more test cases for IP/DNS (and use dummies if no-network set by testing) 2020-04-06 12:39:36 +02:00
sebres fc175fa78a performance: optimize simplest case whether the ignoreip is a single IP (not subnet/dns) - uses a set instead of list (holds single IPs and subnets/dns in different lists); 
decrease log level for ignored duplicates (warning is too heavy here)
 2020-04-06 12:12:23 +02:00
Jelmer Vernooij 4e7a7cef32 Merge branch 'lintian-fixes' into 'master' 
Fix day-of-week for changelog entry 0

See merge request python-team/applications/fail2ban!1
 2020-04-01 21:20:00 +00:00
Debian Janitor 6075e9546a
Fix day-of-week for changelog entry 0.5.4-2. 
Fixes: lintian: debian-changelog-has-wrong-day-of-week
See-also: https://lintian.debian.org/tags/debian-changelog-has-wrong-day-of-week.html
 2020-03-29 17:33:07 +00:00
sebres 343ec1cdd2 test-causes: avoid host-depending issue (mistakenly ignoring IP 127.0.0.2 as own address) - replace loop-back addr with test sub-net addr (and disable ignoreself) 2020-03-18 20:40:31 +01:00
sebres 38b32a9a72 Merge branch '0.10' into 0.11 2020-03-18 19:53:55 +01:00
sebres 22a04dae05 Merge branch '0.9' into 0.10 (gh-2246) 2020-03-18 16:11:53 +01:00
Sergey G. Brester b1e1cab4b7
Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2 
Improve regex in proftpd.conf
 2020-03-18 15:49:18 +01:00
sebres 606bf110c9 filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE 
(closes gh-2662)
 2020-03-16 17:31:39 +01:00
sebres 5b16973f08 Merge branch '0.10' into 0.11 2020-03-13 23:23:03 +01:00
sebres 8547ea7ea0 resolve sporadic minor issue - check pending can refresh watcher (monitor) that gets deleting, and there may be no wdInt to delete 2020-03-13 23:16:04 +01:00
sebres 00c5d33e45 Merge branch '0.10' into 0.11 2020-03-13 22:39:19 +01:00
sebres b64a435b0e ignore only not banned old (repeated and ignored) tickets 2020-03-13 22:34:15 +01:00
sebres b43dc147b5 amend to RC-fix 9f1c6f1617 (gh-2660): 
resolves bottleneck by initial scanning of a lot of messages (or evildoers generating many messages) causes repeated ban, that will be ignored but could cause entering of "long" sleep in actions thread previously;
speedup recognition banning queue has entries to begin check-ban process in actions thread
 2020-03-13 22:22:42 +01:00
sebres bc2b81133c pyinotify backend: guarantees initial scanning of log-file by start (retarded via pending event if filter not yet active) 2020-03-13 22:07:32 +01:00
sebres 68f827e1f3 small optimization for manually (via client / protocol) signaled attempt (performBan only if maxretry gets reached) 2020-03-13 18:03:27 +01:00
sebres d42ec210cc Merge branch '0.10' into 0.11 2020-03-13 17:44:29 +01:00