435f359a06
allow substitute section-related parameters like `<Definition/option>` in all config-readers as well as during substitute after supply of init arguments;
...
test cases extended;
2018-01-30 12:15:36 +01:00
f547a7c7b1
LogCaptureTestCase: use almost non-blocking handling by getvalue/_is_logged (especially important in tests with waiting for logged via `assertLogged(..., wait=TO)`):
...
- try to acquire lock without blocking, if not possible - return cached/empty (max 5 times, otherwise do lock);
- minimized time of the lock of messages list;
- avoid sporadic dead-locking during cross lock together with lock within handling of self._strm.
2018-01-26 20:25:11 +01:00
5f3ba289d6
restore code coverage (decreased in latest "fixes") - no cover for unreachable cases;
2018-01-24 20:03:46 +01:00
ac9d5f61e7
rewrite keywords reserved in python 3.7 (`async` -> `nonsync`)
2018-01-24 15:50:19 +01:00
6b7cca07ae
Merge pull request #2025 from yarikoptic/bf-0.10-debian
...
A number of fixes toward making tests pass while building Debian pkg for 0.10.2
2018-01-24 08:42:36 +01:00
7a757645bb
introduces new decorator/conditional helper in order to skip some STOCK-related test-cases (if running outside of stock-config environment).
2018-01-23 22:06:22 +01:00
9af9ec25f5
allow to override use_stock_cfg values (used as default value now), e. g. actions rest filters only, reject d1afbb566f0304487b5d578b4aacef8e647ee74b
2018-01-23 22:06:20 +01:00
3f51c158cd
Added manpage (still would need tuning) for fail2ban-python
2018-01-23 22:06:18 +01:00
a5b9128fcc
BF: RF test for "being a root" to check if actually can read the file
2018-01-23 22:06:16 +01:00
49be8de902
BF: look for system.journal also under system-state-logs (i.e. /var/log)
...
as it happens on Debian systems
2018-01-23 22:06:14 +01:00
2f0bc491e2
BF: use tests.utils.CONFIG_DIR instead of hardcoded "config" in fail2banclienttestcase
...
Since otherwise cannot provide custom path to the config via env var
and thus cannot test in a build directory which is out of source
2018-01-23 22:06:12 +01:00
d7e320b96d
reverting linux indentation
2018-01-23 21:09:53 +01:00
3ac6166b48
Merge pull request #2027 from yarikoptic/bf-0.10-review
...
Minor spelling typos etc
2018-01-23 19:45:44 +01:00
527bb9a7c3
dos2unix for helpers-common.conf
...
Original report: http://bugs.debian.org/888110
2018-01-23 08:48:36 -05:00
ba2538ba04
DOC: minor typos spotted around comments etc
2018-01-22 21:39:56 -05:00
af2de7ff2f
RF: COND_FAMILIES - use tuple
...
no need for a dict where tuple would be preferable (deterministic order)
2018-01-22 21:08:44 -05:00
8cfd97a68f
skip a testRepairDb if no sqlite3 command-helper available; code review (removed unnecessary code-pieces resp. code-duplication)
...
closes #2026
2018-01-22 10:42:33 +01:00
9d5f20aab2
FilterPyinotify: fixed sporadic test-case error (multi-threaded) - 'NoneType' object has no attribute 'stop'.
2018-01-19 12:32:24 +01:00
9a38d5697f
bump version (0.10.2 -> 0.10.3.dev1)
2018-01-18 16:40:48 +01:00
a45488465e
prepare release: bump version, update ChangeLog, man's and MANIFEST etc.
2018-01-18 14:49:01 +01:00
81b61fe30c
ChangeLog update
2018-01-18 14:19:55 +01:00
f69e28adfc
action.d/pf.conf: compatibility fix - recognizes that parameter `port` specified as empty, with or without braces (should be more backwards compatible to 0.9 now).
2018-01-18 14:05:22 +01:00
ed22ddbbbb
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2018-01-17 16:42:56 +01:00
37f5a6975e
Merge pull request #2015 from BenediktSeidl/nginx-http-auth--spaces-fix
...
nginx-http-auth: match usernames with spaces
2018-01-17 16:40:54 +01:00
63e906b2c1
regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name
2018-01-17 16:35:32 +01:00
fed6c49c2d
nginx-http-auth: match usernames with spaces
...
# Conflicts:
# ChangeLog
2018-01-17 16:35:31 +01:00
9a8c4a9869
Merge pull request #2018 from riceru/patch-1
...
lighttpd-auth.conf: new log-format (http_auth -> mod_auth)
2018-01-17 12:14:38 +01:00
b6c6565a7e
regex updated using non-capturing groups
2018-01-16 14:23:47 +01:00
9a46590486
extended test-cases to cover new log-format (http_auth -> mod_auth)
2018-01-16 14:20:51 +01:00
6a1bbbf101
Update lighttpd-auth.conf
...
I have lighttpd 1.4.45 (Debian 9) and auth error log is different.
Now printing mod_auth and not http_auth.
I think that the change was in Lighttp 1.4.42
2018-01-16 12:39:55 +00:00
2b7b0da943
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2018-01-15 18:16:43 +01:00
2bce0c5e3e
file-filter's: provide stop function in order to explicitly delete/stop monitoring of each file.
2018-01-15 18:00:15 +01:00
81c86fa83f
Remove annoying error-message "rm_watch: cannot remove WD=2, Errno=Invalid argument (EINVAL)", logged from pyinotify-module if rm_watch called with non-existing watch file descriptor (probably multi-threaded issue by dual-remove).
...
Closes gh-1865
2018-01-15 17:12:07 +01:00
b644d2d73f
should fix sporadic coverage decrease (don't cover "return", because too sporadic to get idle in pyinotify-callback);
2018-01-11 20:23:22 +01:00
7516cd025d
fixed restoring sane environment (via stop/start) if invariant check failed: bypass possible errors in stop (if start/check succeeded hereafter);
...
test cases extended to cover such situation.
Closes gh-1997
2018-01-11 13:21:36 +01:00
7e05976ead
action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now.
...
Closes #2000
2018-01-11 12:38:34 +01:00
29e1fe9479
micro-fix: delete temporary file (forgotten in test-case `test_move_dir` by reassign to directory)
2018-01-11 11:15:58 +01:00
6251fcf5f7
Merge pull request #2014 from sebres/sshd-fix-connects-with-mult-pub-keys
...
stop ban of legitimate users with multiple public keys (e. g. git, etc)
2018-01-11 10:27:35 +01:00
1c0fc73e48
Update ChangeLog
2018-01-11 10:27:38 +01:00
2112145eb4
stop ban of legitimate users with multiple public keys (e. g. git, etc), thereby
...
differentiate between "invalid user" (going banned earlier) and valid users with public keys, for which the rejects of not valid public keys (failures) will be retarded up to "Too many authentication failures" resp. disconnect without success (accepted public key).
2018-01-10 19:07:20 +01:00
314e402fe0
filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)
2018-01-10 14:49:06 +01:00
c36fbdf743
test cases extended in order to cover `firewallcmd-ipset` with `allports`
2018-01-10 12:13:07 +01:00
c30144b37a
Merge branch '0.9' into 0.10
...
# Conflicts:
# config/action.d/firewallcmd-ipset.conf
# config/filter.d/asterisk.conf
# Merge-point after cherry-pick, no changes:
# fail2ban/client/jailreader.py
# fail2ban/helpers.py
2018-01-10 12:05:26 +01:00
029cd5aa24
Update ChangeLog
2018-01-10 11:47:59 +01:00
597a27576e
Merge pull request #1908 from GetPageSpeed/firewallcmd-ipset-allports
...
New ban mode `allports` for `firewallcmd-ipset`. Closes #1167
2018-01-10 11:43:44 +01:00
131b94e11e
firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage:
...
banaction = firewallcmd-ipset[actiontype="<allports>"]
2018-01-10 10:58:03 +01:00
c190631f88
New ban action firewallcmd-ipset-allports. Closes #1167
2018-01-10 10:58:01 +01:00
3d9a112c8f
cherry-pick newer version of extractOptions, in order to avoid large discrepancy between 0.10 and 0.9 config-parsers:
...
allow to use dual parameter lists (coming through substitutions), e. g.: `name[p1=0, p2="..."][p3='...']`;
simplified explanation: `][` treats as `,` in new version.
cherry-picked from 0.10.
2018-01-10 10:57:59 +01:00
82f8bd8639
Merge pull request #2011 from Yannik/patch-1
...
Fix filter not catching asterisk requests with quote character in username (fixes #2010 )
2018-01-10 09:27:29 +01:00
f7e2d3610b
Update ChangeLog
2018-01-09 21:19:01 +01:00
sebres