Serg G. Brester
1071db2256
filter.py: easy-fix to use sha1 instead of md5 if its usage prohibited by some systems following strict standards (like FIPS)
...
closes gh-1540
8 years ago
Serg G. Brester
fad953ade6
Merge pull request #1544 from sebres/fix/vsftpd-gh-1543
...
filter.d/vsftpd.conf: optional reason part in message after FAIL LOGIN
8 years ago
sebres
9fb167b5e1
filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543
8 years ago
sebres
7ac9890bf6
forgotten obsolete code removed
8 years ago
sebres
51fd9a1027
amend to activate performance-fix (respect findtime before search of match) + code coverage
8 years ago
sebres
57458a462e
allow to set default or preferred encoding for other filters (e.g. to decode bytes from journal)
...
# Conflicts:
# fail2ban/server/filter.py
8 years ago
sebres
3119f81705
fixed journal systemd ascii/utf-8 default converting (see gh-1341, gh-1344)
8 years ago
Yaroslav Halchenko
f6258c7b69
Merge branch 'rf-exc'
...
* rf-exc:
RF: Replace old fashioned "except E , e" with "except E as e" (Closes #1537 )
8 years ago
Yaroslav Halchenko
b875e51cd7
RF: Replace old fashioned "except E , e" with "except E as e" ( Closes #1537 )
8 years ago
sebres
564b696530
Merge branch '_0.9/systemd-journal-path-gh-1408'
8 years ago
sebres
5f35b52b9a
test cases extended
...
several test-case functionality cherry picked from 0.10 (SkipTest, with_tmpdir)
8 years ago
sebres
35b5fea038
backend "systemd" can be used as prefix now - `backend = systemd[...]`
8 years ago
sebres
7ed6cab120
jail configuration extended with new syntax to pass options to the backend (see gh-1408),
...
examples:
- `backend = systemd[journalpath=/run/log/journal/machine-1]`
- `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]`
- `backend = systemd[journalflags=2]`
8 years ago
sebres
1c4733ef89
[systemd] added new constructor parameters like journalpath, journalfiles and journalflags for systemd backup
...
optimized FilterSystemd method `run`: better wait in idle (no busy-loop), better poll handling, the ban will executed anywhere (at least at 100th log-entry), also if we have never ending logging in this jail (e.g. extremely logging or too many failures)
systemd test cases extended
8 years ago
Serg G. Brester
0ab042fcce
Merge pull request #1522 from sebres/fix-asterisk-log-prefix
...
filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` (without `in`) in log prefix
8 years ago
sebres
4a1d720344
filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix
8 years ago
sebres
2c54f90469
sshd-filter: better universal regexp, that matches more complex different injects, using conditional expressions (on username and auth-info section), see new test cases also.
8 years ago
sebres
a544c5abac
sshd-filter: recognized "Failed publickey for" now (gh-1477) + improved regexp (not anchored now to recognize all "Failed anything for ... from <HOST>"
...
ChangeLog entry added
8 years ago
Serg G. Brester
f61aa3225c
Merge pull request #1512 from sebres/_fix/datepattern-right-word-boundary
...
Fix ambiguous wrong recognized date pattern resp. its optional parts
8 years ago
sebres
9935cf19c1
description provided, ChangeLog entries added
8 years ago
sebres
0bdee2556f
testAmbiguousDatePattern rewritten with DateDetector/DatePatternRegex directly (moved to misctestcase.py)
8 years ago
sebres
8e09be5fc8
test cases for boundaries for date-pattern extended (negative/positive, left/right)
8 years ago
sebres
7f55be3fad
amend to b6bb2f88c1dbb111647269590d80d95f72c81c3e: datepattern right word boundary - prevents confusions if end of date-pattern (e.g. optional year part) misleadingly match not date values (see gh-1507)
...
test cases extended to check ambiguous "unbound" patterns in log lines (match/miss resp. positive/negative cases)
8 years ago
sebres
c49fe12f70
fix fail2banregextestcase using setUpMyTime/tearDownMyTime: always use correct static time as base-time (using mock up MyTime), correct datetimes inside test
8 years ago
sebres
42b5a10f5d
Back-port pull request #1508 from sebres/_fix/python-executable-gh-1506 to master (0.10 -> 0.9)
8 years ago
sebres
cb340db220
ChangeLog entry for gh-1508
8 years ago
sebres
db30b7ce06
BF: prefer sys.argv[0] by retrieving of root resp. bin path: __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.)
8 years ago
sebres
6cdc1ce685
compatibility fix (virtualenv, running test cases in py3)
...
# Conflicts:
# MANIFEST
8 years ago
sebres
38d53a72fd
introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located);
...
fixed pythonic filters and test scripts (running via "fail2ban-python" now);
fixed test case "testSetupInstallRoot" not for default python (also using direct call, out of virtualenv);
# Conflicts:
# config/filter.d/ignorecommands/apache-fakegooglebot
# fail2ban/tests/files/config/apache-auth/digest.py
# fail2ban/tests/files/ignorecommand.py
# fail2ban/tests/misctestcase.py
8 years ago
Yaroslav Halchenko
9d70c49ea8
BF: install doc files only under Linuxes and other GNU systems ( Closes #1233 ) ( #1503 )
8 years ago
Yaroslav Halchenko
123f4ceaee
Changelog for postfix-sasl fix
8 years ago
maksyms
9ddbd642f7
Accept no space after "failed:" ( #1501 )
...
yoh: Squashed to ease cherry-picking into 0.9
* accept no space after "failed:"
fix issue #1497
* accept no space after "failed:"
* Update postfix-sasl
* Update postfix-sasl
* Update postfix-sasl
8 years ago
sebres
c52aaa8b78
ASSP failregex minor fixes
8 years ago
sebres
70658d7a19
Merge pull request #1494 from rhardy613/master (branch 'sebres:pr-1494')
8 years ago
rhardy613
89f8999fe5
Add changelog entry for ASSP filter changes
...
Add changelog entry for ASSP filter changes
8 years ago
rhardy613
8265e3f0f9
Fix comments
...
For some reasons the comment changes weren't pickup in the last commit.
This fixes it.
8 years ago
rhardy613
66fe5a77ce
Fix ASSP filter to work with both ASSP V1 and V2
...
ASSP V1 development stopped at the end of 2014 and it is now deprecated.
All users were urged to upgrade to ASSP V2 which is still actively
developed.
fail2ban 0.9.5 (and trunk) still have code which only understands ASSP
V1 logs.
This means the filter ignores brute force attacks against ASSP. This fix
adds V2 support.
8 years ago
rhardy613
890a3dcbb9
Fix ASSP filter to work with current release of ASSP
...
ASSP V1 development stopped at the end of 2014 and it is now deprecated.
All users were urged to upgrade to ASSP V2 which is still actively
developed. For some reason fail2ban 0.9.5 (and trunk) still have code
which only understands ASSP V1 logs. This means the filter ignores brute
force attacks against ASSP.
Now updated with anchored patterns tested against 6 months of log data.
8 years ago
Yaroslav Halchenko
c0994b0c6c
DOC: minor typo (thanks John Bernard) Closes #1496
8 years ago
sebres
eb6e3c52ae
ChangeLog entries for the last fix (cherry pick from 0.10)
8 years ago
sebres
0083036b5f
Merge branch '0.9/gh-1492'
8 years ago
sebres
8b1225f177
several amend fixes after cherry pick from 10th branch
8 years ago
sebres
3e330604c7
several test cases rewritten using new assertIn, assertNotIn (better as own from unittest, because support generators beautifying, etc.)
...
+ new forward compatibility method assertRaisesRegexp;
+ methods assertIn, assertNotIn, assertRaisesRegexp are test covered now;
+ easy-fix for distributions compatible test cases (e.g. fedora default backend is 'systemd'), (closes gh-1353, closes gh-1490)
cherry picked from 9d56079756
(0.10 branch)
8 years ago
rhardy613
f73746d846
Fix ASSP filter to work with current release of ASSP
...
ASSP V1 development stopped at the end of 2014 and it is now deprecated.
All users were urged to upgrade to ASSP V2 which is still actively
developed. For some reason fail2ban 0.9.5 (and trunk) still have code
which only understands ASSP V1 logs. This means the filter ignores brute
force attacks against ASSP.
8 years ago
Yaroslav Halchenko
d9f039df03
Merge branch 'master' of git://github.com/fail2ban/fail2ban
...
* 'master' of git://github.com/fail2ban/fail2ban:
BF: do not rely on long relative path to upstairs config - symlink dereferenced copied during install (#1485 )
8 years ago
Yaroslav Halchenko
cee09e29ec
BF: do not rely on long relative path to upstairs config - symlink dereferenced copied during install ( #1485 )
...
* BF: do not rely on long relative path to upstairs config - symlink common.conf
* Added missing files to MANIFEST
8 years ago
Yaroslav Halchenko
dca5ff44c2
Merge branch 'bf-common-zzz'
...
* bf-common-zzz:
BF: do not rely on long relative path to upstairs config - symlink common.conf
8 years ago
Yaroslav Halchenko
79616b76bf
Added missing files to MANIFEST
8 years ago
Yaroslav Halchenko
687ea8d333
BF: do not rely on long relative path to upstairs config - symlink common.conf
8 years ago
Yaroslav Halchenko
5714ac201b
DOC: preparations for 0.9.5 release
8 years ago