github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,914 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

5914 Commits (c80908837fe2fae5821a53bef82988586dbef2dd)

Author SHA1 Message Date
sebres c80908837f `filter.d/exim.conf`: 
- messages are prefiltered by `prefregex` now
  - filter can bypass additional timestamp that may be logged via systemd-journal (gh-3060)
 2024-03-25 15:31:23 +01:00
Sergey G. Brester e0f1a1e02a
Merge pull request #3702 from bes-internal/exim 
exim: final `<HOST>` to `<ADDR>` conversion
 2024-03-22 22:52:11 +01:00
Vladimir Varlamov 8da0a99cde pid part may contain full hostname 2024-03-22 22:38:33 +03:00
Vladimir Varlamov 806a27cb4f final `<HOST>` to `<ADDR>` conversion 2024-03-22 22:38:33 +03:00
Sergey G. Brester 5ecc26d3ba
Merge pull request #3701 from bes-internal/exim 
filter.d/exim.conf: rewrite host line regex for all varied exim's log_selector states
 2024-03-22 16:52:33 +01:00
sebres e605415f61 simplify fields-group a bit (everything up to 4 chars long but H), so it'll be faster (no multiple branches) as well as would theoretically accept future enhancements of logged fields. 2024-03-22 16:47:54 +01:00
sebres c22a83933b let's use `<ADDR>` instead `<HOST>` - only IPs expected, since host-name bypassed before it (directly after H=) 2024-03-22 16:35:46 +01:00
Vladimir Varlamov df94ec4c52 filter.d/exim.conf: rewrite host line regex for all varied exim's log_selector states 
Depending on Exim's log_selector settings, log lines may contain additional information about the connection. And also the line itself with the address of the remote host can vary greatly. But fortunately, all states can be found in the Exim code itself and taken into account. Makes it easier to add new regexps.
Closes #3263
 2024-03-22 00:16:41 +03:00
Anton Samets 0c125ec9c9
filter.d/postfix.conf: add Sender address rejected: Malformed DNS server reply (#3590) 
* add Sender address rejected: Malformed DNS server reply
 2024-03-19 20:30:45 +01:00
sebres 77b052fdea amend to df9584505aea0e8570fb53dd5a8e43f8b3af994a (for gh-3487): setup must install fail2ban.compat 2024-03-18 14:22:39 +01:00
sebres 5a59b0bae2 filter.d/apache-common.conf: accepts remote instead of client 
(closes gh-3622)
 2024-03-15 22:40:26 +01:00
Sergey G. Brester f63868b3e8
filter.d/apache-common.conf: remote besides client, gh-3622 2024-03-15 22:36:40 +01:00
Sergey G. Brester 9ca137b42b
test for apache-auth with remote, gh-3622 2024-03-15 22:23:45 +01:00
Sergey G. Brester 529eb79ddb
Merge pull request #3692 from pingou2712/postfixSystemd 
Change journalmatch postfix
 2024-03-13 02:34:03 +01:00
Vincent Laffargue d260ed31d2 Maintain backward compatibility Postfix SYSTEMD_UNIT 2024-03-12 04:42:36 +01:00
Sergey G. Brester 8be16f1c1c
Merge pull request #3693 from pingou2712/ModifRecidive 
Change Regex Recidive and journalmatch For Systemd Match
 2024-03-11 19:12:16 +01:00
Sergey G. Brester f12917c491
recidive: test case for journal log-format 2024-03-11 17:50:09 +01:00
Sergey G. Brester dd3c78ecab
filter.d/recidive.conf: conditional RE depending on logtype (for file or journal) 2024-03-11 17:49:06 +01:00
Vincent Laffargue 0b63fc312d Change Regex Recidive and journalmatch For Systemd Match 2024-03-10 10:56:35 +01:00
Vincent Laffargue 93082ead79 Change journalmatch postfix 2024-03-10 10:10:03 +01:00
Sergey G. Brester 383adec83c
Merge pull request #3690 from karolyi/master 
Add to postfix accepted logs
 2024-03-08 14:45:53 +01:00
Sergey G. Brester 45d7f3cb97
no space in any case 2024-03-08 11:43:46 +01:00
László Károlyi ff701e94c3
Add to postfix syslog daemon format 2024-03-07 20:23:50 +01:00
sebres 3047572701 set restored mark on ticket before ignore invocation (it can be checked in `ignorecommand`, considered by `ignorecache`, etc) 2024-03-01 12:49:59 +01:00
sebres dce2c608c1 Merge branch 'gh-3486' 
filter.d/sshd.conf: ddos/aggressive mode extended to match new messages caused by port scanner, wrong payload on ssh port:
  - message authentication code incorrect [preauth]
  - connection corrupted [preauth]
  - timeout before authentication
 2024-02-13 16:59:08 +01:00
sebres 4f679a56e0 filter.d/sshd.conf: ddos/aggressive mode extended to match new messages caused by port scanner, wrong payload on ssh port: 
- message authentication code incorrect [preauth]
  - connection corrupted [preauth]
  - timeout before authentication
closes gh-3486
 2024-02-13 16:53:21 +01:00
sebres 9bedc3c383 Merge branch 'gh-2655--f2b-regex-4-jail': implemented loading of jail settings in fail2ban-regex; 
closes gh-2655
 2024-01-03 13:43:44 +01:00
sebres 302252b25c ChangeLog, gh-2655 2024-01-03 13:38:14 +01:00
sebres cab6f93364 fail2ban-regex: fixes forgotten basedir (-c "$basedir") of jailreader 2024-01-03 13:18:33 +01:00
sebres b3178851fe test coverage (restore usage with filter and load setting from jail) 2023-12-31 17:03:38 +01:00
sebres 781321d609 fail2ban-regex: loading parsing settings from jail now (by simple name it'd prefer jail to the filter now), fallback: 
- fail2ban-regex ... sshd
  + fail2ban-regex ... filter.d/sshd
closes gh-2655
 2023-12-31 16:38:18 +01:00
sebres 7de1057f94 avoid DNS of local names in fast tests (small optimization) 2023-12-31 12:48:22 +01:00
sebres dd4431cd63 remove remaining tweaks for obsolete python 2023-12-31 12:45:24 +01:00
Sergey G. Brester e1b7720d43
Merge pull request #3268 from Logic-32/feature/smtp-ssl 
`action.d/smtp.py` - add support for TLS SMTP connections.
 2023-12-30 21:56:01 +01:00
sebres 0c2edfacb0 combine smtpd and aiosmtpd tests; encapsulate smtp facilities to setUpClass/tearDownClass (behaves like a singleton, doesn't start smtp server per test); don't generate cert every time (too slow by RSA:2048, use short ECC:256 instead); 
drastically speedup all smtp-action tests
 2023-12-30 21:27:35 +01:00
Logic-32 b161e55ca7 Adding STARTTLS test with the help of aiosmtp. Make sure SMTP specifies host/port in addition to connect() due to bug with starttls. 2023-12-30 16:42:31 +01:00
Sergey G. Brester 6fb3198a41 attempt to fix action for 2.x 
self.host cannot be supplied to SMTP because it can contain port (but `connect` takes place few lines below)
 2023-12-30 16:42:27 +01:00
Logic-32 6a1da5e164 Removing logging in favor of just throwing. Removing user from message as it doesn't add any value. 2023-12-30 16:42:23 +01:00
Logic-32 419e380870 Add support for TLS SMTP connections. 2023-12-30 16:42:18 +01:00
sebres 6fb89d1709 testIPToName: switch from google to one of the root-servers (8.8.4.4 seems not to have rDNS anymore) 2023-12-30 15:49:44 +01:00
sebres 3190febb27 IPv6 fix (second IP logged in form for IPv6); pam authentication failure (part of gh-3410) 2023-12-30 15:10:37 +01:00
sebres c6244a8509 `fail2ban-regex`: don't error by output if stdout pipe gets closed (e. g. using together with `head`); 
amend to gh-2758 (see gh-3653)
 2023-12-22 14:08:39 +01:00
sebres 7523a777f0 amend for python 3.x switch: BrokenPipeError is a build-in exception since 3.3 2023-12-22 14:05:04 +01:00
sebres 093cd763ce filter.d/postfix.conf: "rejected" extended to match "Access denied" too; 
closes gh-3474
 2023-12-15 01:03:30 +01:00
sebres ff4a2a12fc filter.d/postfix.conf: avoid double counting ('lost connection after AUTH' together with message 'disconnect ...'); 
closes gh-3505
 2023-12-15 00:32:48 +01:00
sebres cabcc9b3f4 fixes testRepairDb for sqlite >= 3.42; 
closes gh-3586
 2023-12-15 00:07:43 +01:00
sebres f2d7f16d2f satisfy CI spelling (let's use original asyncore lib as long as possible) 2023-12-12 15:41:40 +01:00
sebres 1024452fe1 Merge fix-gh-3487: bundling async modules removed in python 3.12 into f2b (fallback to local libraries if import would miss them); 
closes gh-3487
 2023-12-12 15:35:39 +01:00
sebres 86cacca9e4 pyasyncore and pyasynchat optional for python 3.12+ (bundled-in within fail2ban) 2023-12-12 15:30:41 +01:00
sebres 1371c91512 don't install async* modules, we need to cover bundled-in libraries and their successful import 2023-12-12 15:23:10 +01:00