github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,028 Commits
34 Branches
230 Tags
19 MiB
Commit Graph

5028 Commits (c75748c5d3b4de1e51318e1db4a5b72519c47c1f)

Author SHA1 Message Date
sebres c75748c5d3 fail2ban.conf: added new fail2ban configuration option "allowipv6" (default auto), can be used to allow or disallow IPv6 interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces). 
closes gh-2804
 2021-01-27 17:06:14 +01:00
sebres 3700a9e523 invalidate IP/DNS caches by reload, so inter alia would allow to recognize IPv6IsAllowed immediately, previously retarded up to cache max-time (5m); 
closes gh-2804
 2021-01-26 20:35:14 +01:00
sebres 913c37db80 more fixes and optimizations, better RE's for patterns, allow parse date without time with such a datepattern (assume 00:00:00 then), etc 2021-01-21 19:00:56 +01:00
sebres 0f44a3408a amend to 747d4683221b5584f9663695fb48145689b42ceb: 
fail2ban-regex: loosen up date patterns %ExY, %Exy - let accept every year from 19xx up to current century (+3 years)
 2021-01-21 19:00:53 +01:00
Sergey G. Brester 164105fab1
added new parameter `namespace` for systemd backend 
closes gh-2910
 2021-01-16 17:10:12 +01:00
Sergey G. Brester 5f3f4d1e2f
action.d/cloudflare.conf: better IPv6 capability 
closes gh-2891
 2021-01-11 15:23:40 +01:00
sebres 9df332fdef filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...); 
closes gh-2908
 2021-01-11 15:10:53 +01:00
sebres 747d468322 fixes century selector of %ExY and %Exy in datepattern for tests, considering interval from 2005 (alternate now) to now; + better grouping algorithm for resulting century RE 2021-01-04 02:45:16 +01:00
sebres 73b39e0894 filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp) 
closes gh-2899
 2020-12-29 21:22:47 +01:00
sebres 27e435a7f5 fix cymru test cases 2020-12-22 20:36:01 +01:00
sebres e768f8637a release 0.10.6 -- just what the doctor ordered 2020-11-23 19:37:26 +01:00
sebres 79b61e009a ChangeLog 2020-11-23 19:18:35 +01:00
sebres 7965d652a1 filter.d/dovecot.conf: allow more verbose logging 
closes #2573
 2020-11-23 18:17:29 +01:00
sebres a6de9459fc typo 2020-11-23 18:08:38 +01:00
RyuaNerin bba8844af8 typo 2020-11-23 18:07:49 +01:00
sebres 31a4a27ee3 better assert message in sample regex factory 2020-11-23 18:06:13 +01:00
Sergey G. Brester fe716743ed
Merge pull request #2795 from mateusz834/managesieve-dovecot 
add managesieve and submission support in dovecot filter
 2020-11-23 17:50:16 +01:00
sebres 8672950c15 added test cases covering PR #2795 2020-11-23 17:47:47 +01:00
mpoliwczak834 595ee7ed74 add submission 2020-11-23 17:42:12 +01:00
mpoliwczak834 0c12cb7970 add managesieve support dovecot filter 2020-11-23 17:42:11 +01:00
sebres cc64ef25f6 filter.d/apache-noscript.conf: extended to match "script not found" with error AH02811 (and cgi-bin path segment in script) 
closes gh-2805
 2020-11-23 17:25:41 +01:00
sebres 5d0e74d2ab man/jail.conf.5: documentation extended (prefregex, etc) 
closes gh-2820
 2020-11-23 16:55:55 +01:00
sebres a107a8e7d2 setup.py: cherry-pick from 0.11 (option --without-tests) 2020-11-23 14:59:45 +01:00
Sergey G. Brester 9c8dcbd6eb
Merge pull request #2855 from benrubson/grafana 
Add Grafana jail
 2020-11-10 15:12:46 +01:00
Sergey G. Brester 1c1a9b868c
no catch-alls, user name and error message stored in ticket 2020-11-09 15:36:30 +01:00
benrubson 840f0ff10a Add Grafana jail 2020-11-09 15:31:06 +01:00
Sergey G. Brester 267cbf5861
Merge pull request #2778 from Mart124/bitwarden 
Add Bitwarden syslog support
 2020-11-09 13:47:04 +01:00
sebres 25e006e137 review and small tweaks (more precise and safe RE) 2020-11-09 13:43:59 +01:00
Mart124 2a18b82f5f Support alternative Bitwarden log format 2020-11-09 13:34:41 +01:00
Mart124 df659a0cbc Add Bitwarden syslog support 2020-11-09 13:34:39 +01:00
Sergey G. Brester 472bdc437b
Merge pull request #2723 from benrubson/softether 
Add SoftEtherVPN jail
 2020-11-09 13:23:25 +01:00
Sergey G. Brester 010e76406f
small tweaks (both 2nd time and facility are optional, avoid catch-all, etc) 2020-11-09 13:19:25 +01:00
sebres d4adec7797 Merge branch '0.9' into 0.10 2020-11-09 12:44:07 +01:00
sebres 5430091acb jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868) 2020-11-09 12:43:34 +01:00
benrubson ec873e2dc3 Add SoftEtherVPN jail 2020-11-05 23:56:30 +01:00
sebres e700ccc667 filter apache-modsecurity: added coverage for different log-format (apache 2.4 and php-fpm, gh-2717) 2020-11-05 16:51:49 +01:00
sebres 55d6408b13 tweaks to speedup test-cases (test-suite seems to be time stable now, so we could shorten sleeping intervals) 2020-11-05 15:31:11 +01:00
sebres 7f0010be68 attempt to install systemd-python module 2020-11-05 14:12:39 +01:00
Sergey G. Brester 7cb6412f68 1st try of GH actions flow (CI only, no coverage atm) 2020-11-05 14:12:37 +01:00
Sergey G. Brester a07e6fe1a2 reduce default `maxmatches` from 50 to 5: avoid too large memory consumption if `maxretry` is large and many failures don't cause ban (but accumulated in fail-manager with all the matched lines); 
closes gh-2843
 2020-10-30 14:17:47 +01:00
sebres 02525d7b6f filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended with new rule closing flood attack vector, matching: 
error: kex_exchange_identification: Connection closed by remote host
(gh-2850)
 2020-10-08 21:07:51 +02:00
sebres c8059bf9b3 ban/unban: increase responsiveness of actions thread by (un)banning process, better waiting timeout considering pending tickets for unban (_nextUnbanTime) 2020-09-29 16:27:17 +02:00
sebres 2817a8144c `action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used) 2020-09-29 13:33:40 +02:00
sebres 1418bcdf5b `action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836) 2020-09-29 12:35:49 +02:00
sebres 24093de32d small amend (simplifying formatted help and man) 2020-09-23 19:35:17 +02:00
Nathan Henrie f518d42c59 Add a note about `journalflags` options to `systemd-journal` backend 
Also adds systemd backend configuration examples to jail.conf(5)

Closes #2696
 2020-09-23 19:09:42 +02:00
sebres 4c2539856c Merge branch 'speedup-client-status' into 0.10 2020-09-23 13:03:45 +02:00
Sergey G. Brester d977d81ef7
action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos 2020-09-17 12:39:08 +02:00
sebres f381b98246 introduces new flavor `short` for `fail2ban-client status $jail short`: output total and current counts only, without banned IPs list in order to speedup it and to provide more clear output (gh-2819), flavor `basic` (still default) is unmodified for backwards compatibility; 
it can be changed later to `short`, so for full list of IPs in newer version one should better use:
  - `fail2ban-client status $jail basic`
  - `fail2ban-client get $jail banned` or `fail2ban-client banned`
 2020-09-10 11:53:26 +02:00
sebres e8ee3ba544 resolves a bottleneck within transmitting of large data between server and client: speedup search of communications end-marker and increase max buffer size (up to 32KB) 2020-09-10 11:52:25 +02:00