Commit Graph

4647 Commits (c5453151927453d5068c2befc992c8e3e6494564)

Author SHA1 Message Date
Yaroslav Halchenko d9b9b6ba22 RF: exit codes are positive, so exit(255) instead of exit(-1) 2018-07-24 13:24:24 -04:00
sebres 22d37cdce2 sshd: fixed failregex for ddos (resp. aggressive) mode, to cover "authenticating user" case in log-message:
Connection closed by authenticating user root 192.0.2.10 ... [preauth]
tests extended (also with few injection tries).
closes gh-2185.
2018-07-18 15:31:04 +02:00
sebres 64d9e164cf extends samples test-case factory to see the matched regex number and expression in assert message (helps if some similar regexp's available in filter) 2018-07-18 15:30:06 +02:00
sebres d92381aaa9 fail2ban-regex: ignore lines having not empty match of `<F-NOFAIL>` from failregex (not a failure, so count as ignored and not as matched). 2018-07-18 15:23:56 +02:00
sebres 8fe07e29ad filter.d/dovecot.conf: failregex enhancement to catch disconnected with "proxy dest auth failed";
closes gh-2184
2018-07-17 15:06:42 +02:00
sebres 94ffd00328 fixes initialization bug if sys.stdout.encoding is None (closes gh-2177). 2018-07-11 13:21:53 +02:00
Sergey G. Brester cc321b78da
Merge pull request #2176 from sebres/ignore-cache
Introduces cache for ignore-facilities (for `ignoreip`, `ignoreself` and `ignorecommand`)
2018-07-10 19:31:50 +02:00
sebres f8f01d5ab7 introduced new option `ignorecache` to improve performance of ignore failure check (using caching of `ignoreip`, `ignoreself` and `ignorecommand`) 2018-07-09 14:58:39 +02:00
sebres 9b6d17d07e extend `ignorecommand` to use actions-similar replacement (ticket-based now, so capable to interpolate all possible tags) 2018-07-09 13:01:16 +02:00
Sergey G. Brester 11c1bf0149
Update ChangeLog 2018-07-06 18:05:59 +02:00
Daniel Dương a719ba81e9 Fix cymru reference link 2018-07-06 17:50:51 +02:00
sebres d9b9bb5f40 Merge pull request #2125 from jodlajodla/0.11 (rebased) 2018-07-06 17:43:30 +02:00
sebres 1e44b3f085 systemd no cover (currently unsupported by travis) 2018-07-06 17:42:28 +02:00
Jan Sušnik 54a04b3a6a Fixed data type of journal flags from str to int 2018-07-06 17:32:34 +02:00
Jan Sušnik df33322f9f Added test to prove bug when specifying journal flags to systemd backend 2018-07-06 17:32:32 +02:00
Sergey G. Brester 75330568d9
Merge pull request #2168 from dpavlin/dovecot-add-F-USER
dovecot: collect F-USER and variants
2018-07-06 17:16:43 +02:00
sebres f7962469a9 Merge pull request #2173 from mattsta/fix/findtime-backsearch-on-file-load (rebased) 2018-07-06 17:11:35 +02:00
sebres 1eb93e2556 filter.py: repair start-time of initial seek to time (regardless the position of `findtime` option in config);
jailreader.py: additionally relocate the option `logpath` after all log-related data (backend, date-pattern, etc) that may be needed by the first usage (gh-2173).
Thanks to Matt Stancliff (mattsta)
2018-07-06 17:04:10 +02:00
Matt Stancliff 00a0e98041 Load logpath only after findtime is configured
When new log paths are configured, their start offset is immediately determined
by a filter searching for (now - findTime).
But, since findTime is configured *after* the log is loaded and
searched, logs are only searched back by the default 10 minute findTime,
regardless of user configuration of jail settings.

So, findTime must be configured before logpath or else the default findtime
is used, which ignores any findtime time defined by the user.

This fixes new reads on startup for actual log files. The systemd filter
always performed as expected due to being setup after the jail's
findtime config submission.
2018-07-06 16:42:36 +02:00
sebres 857d6954c4 Merge pull request #2171 from sebres/0.10-fix-decoding-issues 2018-07-06 11:42:48 +02:00
sebres d0945120bf ChangeLog 2018-07-06 11:41:05 +02:00
sebres 73e89df912 amend to bcf557990e15922aff22485cc86ddd2fcf41b796: wrong logging syntax will not throw an error anymore (logged now, as logging is safe) 2018-07-05 23:04:38 +02:00
sebres bcf557990e relocate exception-safe logging from database json-handler to common logger handling, using injection on _log-method of Logger class;
additionally provides more info if handler/conversion failed (with double protection inside catch-case);
tests/utils.py: log handler "_MemHandler" of LogCaptureTestCase fixed now to be safe also (test-cases only);
tests/misctestcase.py: the safe logging of all possible constellations is covered in testSafeLogging now.
2018-07-05 22:36:30 +02:00
sebres 06f2130575 typo/indent fix (no functional changes) 2018-07-05 19:27:07 +02:00
sebres 6ce67a6d21 coverage 2018-07-05 16:27:36 +02:00
sebres bd54d472b3 extend test-cases to check the database is still operable (not locked) after all the errors during the simulation 2018-07-05 16:23:33 +02:00
sebres 3be82a9ce9 coverage 2018-07-04 20:16:11 +02:00
sebres 5a4b47464b a bit optimized helpers 2018-07-04 18:37:25 +02:00
sebres 7dffa7a2a1 coverage related, after default encoding change 2018-07-04 18:01:39 +02:00
sebres c81de46d21 remove some no cover pragma's - covered now 2018-07-04 17:17:21 +02:00
sebres 48c2cbfa0b improve failure-message of assertNotLogged in case of single match given 2018-07-04 17:05:36 +02:00
sebres 7c9146feb3 ticket can contains bytes now (if deserialized from json by py3.x) 2018-07-04 17:04:12 +02:00
sebres 930cc6c8f1 improve adapter/converter handlers working on invalid characters in sense of json and/or sqlite-database;
both should be additionally exception-safe, so avoid possible errors in log-handlers (concat, str. conversion, etc);
test cases extended to cover any possible variants (invalid chars in unicode, bytes, str + unterminated char-sequence) with both cases (with replace of chars, with and without errors inside adapter-handlers).
2018-07-04 17:03:04 +02:00
sebres 85fd1854bc minimize influence of implicit conversions errors (between unicode, bytes and str), provide new universal helper `uni_string`, which uses safe explicit conversion to string (also if default encoding is ascii); avoid conversion errors on wrong-chars by replace tags. 2018-07-04 16:51:18 +02:00
Dobrica Pavlinusic 6f1e789f31 dovecot: collect F-USER and variants
We are prefering ruser= if availble because this are credentials
presented to dovecot from remote client.
2018-06-30 16:16:03 +02:00
sebres 227550684a **interim** try to fix several conversion errors 2018-06-29 22:02:41 +02:00
sebres 79350e916e fixes issue with wrong-chars in string items of CallingMap by its representation, additionally don't calculate values implicitly (may be unexpected for some constellations resp. too slow in DEBUG) 2018-06-29 18:33:24 +02:00
sebres 2f5059ebfb test-cases: rewrite dirty-read algorithm of _MemHandler to avoid sporadic reset of dirty flag by too fast logging;
prevents sporadic tests-failures (too often by pypy) if waiting for some log-message (that was mistakenly swallowed up from cache-mechanism, so was logged but "dirty" flag is already reset)
2018-06-14 15:57:46 +02:00
sebres 8cbe1e6b13 Merge pull request #2155 2018-06-14 12:35:57 +02:00
cheese1 43db4411de small typo 2018-06-14 12:35:04 +02:00
sebres 8ec225e20a Merge pull request #2153 2018-06-11 14:36:17 +02:00
sebres 38631d0cd4 fix test-case from gh-2153 (test-suite running in year 2005) 2018-06-11 14:34:28 +02:00
Boris Gulay 34f363f6af Added test case for updated dovecot failregex. 2018-06-11 14:30:12 +02:00
Boris Gulay a923cd209b `filter.d/dovecot.conf`: failregex enhancement to catch sql password mismatch errors; 2018-06-11 14:30:10 +02:00
benrubson f54f6caece Merge Apache SNI error / misredirect attempts rules 2018-06-09 10:19:27 +02:00
sebres 61e30949b3 Merge branch '0.10-short-version' into 0.10 2018-05-28 19:13:00 +02:00
sebres f220aba26f minor: added missing new-line (no functional changes) 2018-05-28 19:09:41 +02:00
sebres e36f4667ab fail2ban-client, fail2ban-server and fail2ban-regex will return version without logo info, additionally option `-V` can be used to get version in normalized machine-readable short format;
closes gh-2122.
2018-05-28 19:07:38 +02:00
Sergey G. Brester a3cb1dbd4d
Update jailreader.py
changed log-level of annoying message "no file(s) found for glob" to NOTICE - this is rather a warning (not error).
2018-05-25 19:42:28 +02:00
sebres 1b4ba602ba normalize bool conversion, introduced common helper function `_as_bool` 2018-04-26 16:48:23 +02:00