1c1b671c74
Update cloudflare.conf
2020-04-27 19:26:44 +02:00
5b8fc3b51a
cloudflare: fixes ip to id conversion by unban using jq
...
normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)
2020-04-27 19:26:43 +02:00
852670bc99
CloudFlare started to indent their API responses
...
We need to use https://github.com/stedolan/jq to parse it.
2020-04-27 19:26:39 +02:00
8b3b9addd1
Change tool from 'cut' to 'sed'
...
Sed regex was tested - it works.
2020-04-27 19:12:36 +02:00
5da2422f61
Fix actionunban
...
Add command to remove new line character. Needed for working removing rule from cloudflare firewall.
2020-04-27 19:12:35 +02:00
fe84b158a5
Merge pull request #2703 from sebres/0.10-ipset-tout
...
0.10 / ipset timeout removal
2020-04-26 12:39:37 +02:00
da1652d0d7
Update ChangeLog
2020-04-26 12:26:55 +02:00
12be3ed77d
test cases fixed
2020-04-25 15:17:42 +02:00
87a1a2f1a1
action.d/*-ipset*.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only)
2020-04-25 14:52:38 +02:00
6b90ca820f
filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently:
...
- `normal`: matches 401 with supplied username only
- `ddos`: matches 401 without supplied username only
- `aggressive`: matches 401 and any variant (with and without username)
closes gh-2693
2020-04-23 13:08:24 +02:00
affd9cef5f
filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697)
2020-04-21 13:32:17 +02:00
06b46e92eb
jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead);
...
no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357;
ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686);
don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.
2020-04-15 19:00:49 +02:00
7e3061e7ac
fail2ban.service systemd unit template: don't add user site directory to python system path (avoids accessing of `/root/.local` directory, prevents SE linux audit warning at daemon startup, gh-2688)
2020-04-15 17:35:04 +02:00
78651de7e5
Update ChangeLog
2020-04-14 12:25:18 +02:00
2912bc640b
New Gitlab jail
2020-04-09 16:42:08 +02:00
136781d627
filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682)
2020-04-08 12:17:59 +02:00
d21a24de8e
more test cases for IP/DNS (and use dummies if no-network set by testing)
2020-04-06 12:39:36 +02:00
fc175fa78a
performance: optimize simplest case whether the ignoreip is a single IP (not subnet/dns) - uses a set instead of list (holds single IPs and subnets/dns in different lists);
...
decrease log level for ignored duplicates (warning is too heavy here)
2020-04-06 12:12:23 +02:00
343ec1cdd2
test-causes: avoid host-depending issue (mistakenly ignoring IP 127.0.0.2 as own address) - replace loop-back addr with test sub-net addr (and disable ignoreself)
2020-03-18 20:40:31 +01:00
38b32a9a72
Merge branch '0.10' into 0.11
2020-03-18 19:53:55 +01:00
22a04dae05
Merge branch '0.9' into 0.10 (gh-2246)
2020-03-18 16:11:53 +01:00
b1e1cab4b7
Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2
...
Improve regex in proftpd.conf
2020-03-18 15:49:18 +01:00
606bf110c9
filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE
...
(closes gh-2662)
2020-03-16 17:31:39 +01:00
6e570b8644
Merge branch '0.11'
2020-03-13 23:23:32 +01:00
5b16973f08
Merge branch '0.10' into 0.11
2020-03-13 23:23:03 +01:00
8547ea7ea0
resolve sporadic minor issue - check pending can refresh watcher (monitor) that gets deleting, and there may be no wdInt to delete
2020-03-13 23:16:04 +01:00
9905904bba
Merge branch '0.11'
2020-03-13 22:43:22 +01:00
00c5d33e45
Merge branch '0.10' into 0.11
2020-03-13 22:39:19 +01:00
b64a435b0e
ignore only not banned old (repeated and ignored) tickets
2020-03-13 22:34:15 +01:00
b43dc147b5
amend to RC-fix 9f1c6f1617 (gh-2660):
...
resolves bottleneck by initial scanning of a lot of messages (or evildoers generating many messages) causes repeated ban, that will be ignored but could cause entering of "long" sleep in actions thread previously;
speedup recognition banning queue has entries to begin check-ban process in actions thread
2020-03-13 22:22:42 +01:00
bc2b81133c
pyinotify backend: guarantees initial scanning of log-file by start (retarded via pending event if filter not yet active)
2020-03-13 22:07:32 +01:00
68f827e1f3
small optimization for manually (via client / protocol) signaled attempt (performBan only if maxretry gets reached)
2020-03-13 18:03:27 +01:00
4c22d4a801
Merge branch '0.11'
2020-03-13 17:47:03 +01:00
d42ec210cc
Merge branch '0.10' into 0.11
2020-03-13 17:44:29 +01:00
9f1c6f1617
filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)
2020-03-13 17:34:37 +01:00
ab363a2c0e
small amend with fix still one test (ban unexpected in this old artificial test-cases, todo - such tests should be rewritten or removed)
2020-03-13 17:28:33 +01:00
e3737bb7c0
filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)
2020-03-13 17:20:19 +01:00
428c75d1cd
Merge pull request #2651 from fail2ban/0.10-travis-3.9-dev
...
python 3.9 compatibility + CI
2020-03-06 20:46:02 +01:00
d4da9afd7f
Update ChangeLog
2020-03-06 20:29:48 +01:00
9d7388e684
Thread: is_alive instead of isAlive (removed in py-3.9)
2020-03-06 20:04:18 +01:00
55e76c0b80
restore isAlive method removed in python 3.9
2020-03-06 19:41:16 +01:00
781a25512b
travis CI: add 3.9-dev as target
2020-03-06 19:04:39 +01:00
8b43d54878
Merge branch '0.11'
2020-03-05 14:32:42 +01:00
32f02ef3b3
Merge branch '0.10' into 0.11
2020-03-05 14:01:14 +01:00
42714d0849
filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it);
...
amend to 62b1712d22#2387 , backend-related option `logtype`);
testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)
2020-03-05 13:47:11 +01:00
2ddf687c31
Merge branch '0.10' into 0.11 - test cases only (add ban to database was moved to observer in 0.11)
2020-03-02 19:17:16 +01:00
15158e4474
closes gh-2647: add ban to database is moved from jail.putFailTicket to actions.__CheckBan; be sure manual ban is written to database, so can be restored by restart; reload/restart test extended
2020-03-02 18:58:59 +01:00
f088e7bf76
Merge branch '0.10' into 0.11
2020-03-02 17:10:48 +01:00
6281dc3633
failmanager, ticket: avoid reset of retry count by pause between attempts near to findTime - adjust time of ticket will now change current attempts considering findTime as an estimation from rate by previous known interval (if it exceeds the findTime);
...
this should avoid some false positives as well as provide more safe handling around `maxretry/findtime` relation especially on busy circumstances.
2020-03-02 17:05:00 +01:00
4766547e1f
performance optimization of `datepattern` (better search algorithm);
...
datetemplate: improved anchor detection for capturing groups `(^...)`; introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex;
datedetector: speedup special case if only one template is defined (every match wins - no collision, no sorting, no other best match possible)
2020-02-28 14:27:21 +01:00
Sergey G. Brester