b83712e3ec
fail2ban-regex: accepts filter parameters with new-line
2022-02-11 21:11:29 +01:00
96121830da
differentiate <ip> and <fid> (<F-ID>): if IP-address deviates from ID then `<ip>` is not `<fid>` anymore;
...
introduces certain backwards incompatibility against actions that have used tag `<ip>` to get failure-ID, if IP-related tags (like `<ADDR>` or `<HOST>`) used additionally to `<F-ID>` and they are different, see gh-3217
2022-02-11 19:10:26 +01:00
246d0e1100
Merge pull request #3216 from jerrykan/fix_missing_assert
...
Add missing assert in Fail2banRegexTest.testFrmtOutput
2022-02-11 18:28:37 +01:00
d17e61ed5b
Add missing assert in Fail2banRegexTest.testFrmtOutput
...
There was no associated `assertLogged()` for the "multiple id combined
to a tuple" test so nothing was actually being tested.
2022-02-11 17:38:58 +11:00
8b11c89ed4
amend to drop support of python 2.6
2022-02-10 17:04:47 +01:00
ff7fe572bf
drop support for python 2.6 (hardly possible in modern CIs, new features would expect OrderedDicts, etc)
2022-02-10 15:48:51 +01:00
5bfd9992b4
Update FUNDING.yml
2022-02-09 17:50:35 +01:00
a98c4218c1
Create FUNDING.yml
2022-02-09 17:34:51 +01:00
a2431158f6
implements new interpolation variable `%(fail2ban_confpath)s` (automatically substituted from config-reader path, default `/etc/fail2ban` or `/usr/local/etc/fail2ban` depending on distribution); `ignorecommands_dir` is unneeded anymore, thus removed from `paths-common.conf`;
...
fixes gh-3005
2022-02-09 17:10:19 +01:00
13520a0494
Merge branch '0.11'
2022-02-09 15:45:17 +01:00
8ac49b5858
Merge branch '0.10' into 0.11
2022-02-09 15:44:35 +01:00
f380d6202d
cherry pick #3210 from master
2022-02-09 15:43:21 +01:00
cdb6a46945
systemd backend: better avoidance of landing in dead space by seeks over journals;
...
increase verbosity and stability of few systemd tests (fixes sporadic timing issues);
seekToTime doesn't need to convert float to datetime, because seek_realtime accepts it as unix time (we need to convert integers only, since it means microseconds and deprecated);
2022-02-09 14:47:40 +01:00
498e473a10
filter.d/courier-auth.conf: consider optional port after IP, regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now;
...
closes #3211
2022-02-09 12:18:23 +01:00
8013cf0b90
python actions have no attribute 'consistencyCheck' by default;
...
closes gh-3214
2022-02-08 19:57:40 +01:00
810386a265
filter.d/dovecot.conf: parse everything in parenthesis by auth-worker info, e. g. can match (pid=...,uid=...) too
...
(amend to 92f90038fa
2022-02-08 19:21:37 +01:00
c7ae74ce17
amend to a147a8b0e1b2f32b6f191932afd3c2db9765e2e3: systemd journal test-cases - additional check appropriate default settings (if testing as not root/sudoer)
2022-02-08 19:10:22 +01:00
6966b7e37d
Merge pull request #3210 from karolyi/patch-1
...
Adjusting for updated dovecot log format
2022-01-28 21:47:46 +01:00
dfc866ea41
improve RE to solve conflict with expected another open parenthesis
2022-01-27 17:50:28 +01:00
af8a9f7ff9
added test to cover the new log-format
2022-01-27 17:44:58 +01:00
0f1706d4a1
Adjusting for updated dovecot log format
...
This should now match:
`Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=<sales@karolyi.hu>, rip=183.111.188.94, lip=127.0.0.19, session=<Lsz0Oo7WXti3b7xe>`
the issue is the `read(size=1003)` that probably has been added lately and which causes the rule not to discover the log message.
2022-01-27 11:28:20 +00:00
f4641dfc00
observer API simplification (no failmanager in call of failureFound, jail.filter.failManager is enough)
2022-01-26 21:51:50 +01:00
06d2623c5e
iptables and iptables-ipset actions extended to support multiple protocols with single action for multiport or oneport type (back-ported from nftables action);
...
amend to gh-980 fixing several actions (correctly supporting new enhancements now)
2022-01-26 21:51:11 +01:00
ffc9fb4aa6
Merge branch '1.0-breakdown-safe-actions';
...
closes gh-980
2022-01-25 00:40:51 +01:00
b639c8869c
make several iptables actions more breakdown-safe: start wouldn't fail if chain or rule already exists (e. g. created by previous instance and doesn't get purged properly);
...
ultimately closes gh-980
2022-01-25 00:35:14 +01:00
3d7e3bc2fb
make ipset actions more breakdown-safe: start wouldn't fail if set with this name already exists (e. g. created by previous instance and don't deleted properly)
2022-01-24 22:56:16 +01:00
7db1c97a3e
Merge remote-tracking branch 'remotes/sebres/1.0-breakdown-safe-actions' with master;
...
conflicts resolved
2022-01-24 22:31:51 +01:00
970573d1cb
Merge branch '0.11'
2022-01-18 16:17:49 +01:00
35d73d9758
Merge branch '0.10' into 0.11
2022-01-18 16:17:07 +01:00
bf689c27b8
filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of f77398c49d);
...
closes gh-3086
2022-01-18 15:42:35 +01:00
8bf15db688
filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port;
...
closes gh-3169
2022-01-18 15:41:27 +01:00
ea7bbb4757
Merge pull request #2182 from orlitzky/openrc-improvements
...
OpenRC service script improvements
2022-01-10 14:39:11 +01:00
8f83242c25
suppress unneeded info (moved to debug level)
...
see #3186
2021-12-20 15:39:57 +01:00
095aeda840
Merge branch '0.11'
2021-12-02 18:56:19 +01:00
3fb02527a4
Merge branch '0.10' into 0.11
2021-12-02 18:52:13 +01:00
25a61ce632
Merge branch 'gh-actions--test-systemd' into 0.10 + several revisions cherry-picked from 0.11/master
2021-12-02 18:48:59 +01:00
21d94ff178
amend to fix gh-3098: no option `--disable-2to3` anymore
2021-12-02 18:44:24 +01:00
196c55e931
fix gh-3098: build fails with error in fail2ban setup command: use_2to3 is invalid (setuptools 58+)
2021-12-02 18:44:22 +01:00
0fa76ef75a
gh-actions: temporary ignore tests of systemd backend for python >= v.3.10 (otherwise it fails with "PY_SSIZE_T_CLEAN macro must be defined for '#' formats")
2021-12-02 18:33:10 +01:00
a147a8b0e1
gh-actions: coverage for systemd backend (to monitor journals in test-suite in GHA-env we need to use 0 as default flags, because otherwise it cannot be found using SYSTEM_ONLY(4))
2021-12-02 18:33:08 +01:00
1bcb62e31c
gh-actions: python releases upgrade + debug/test systemd backend availability in GHA
2021-12-02 18:33:05 +01:00
a57643404c
mytime.seconds2str: small amend with speed-up, code simplification and few tests
2021-11-04 14:34:04 +01:00
80805cabfc
Merge branch '0.11'
2021-11-03 16:01:00 +01:00
4fe4ac8dde
amend to merge: replace timedelta string representation with new function seconds2str
2021-11-03 15:58:57 +01:00
0b3ad780fe
Merge branch '0.10' into 0.11
2021-11-03 15:48:21 +01:00
ebf5784b8c
Merge branch 'fix-gh-2882' into 0.10
...
closes gh-2882
2021-11-03 15:47:45 +01:00
3b02098817
several backends optimizations (in file and journal filters):
...
- don't need to wait if we still had log-entries from last iteration (which got interrupted for servicing)
- rewritten update log/journal position, it is more stable and faster now (fewer DB access and surely up-to-date at end)
2021-11-03 15:41:50 +01:00
96661f25ab
filtersystemd.py: fixes wrong time point of "in operation" mode
...
todo: need more tests to cover any step of switch to inOperationMode (all branches)
2021-11-03 15:41:40 +01:00
7678f59827
better format of time delta (using seconds2str); increase stability for systemd test-cases
2021-11-03 12:57:57 +01:00
4b54a07d71
Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;"
...
This reverts the incompatibility #3047 introduced by commit a038fd5dfe#2821 ).
2021-11-01 11:45:40 +01:00
sebres