e5d02bc2e9
grouped tags (`<ADDR>`, `<HOST>`, `<SUBNET>`) recognize IP addresses enclosed in square brackets, closes gh-2494
2019-11-04 12:11:00 +01:00
d44607a161
part of #927 - filter enhancement to parse IP sub-nets (IP/CIDR with correct recognition of IP-family),
...
provides new replacement tags for failregex to match subnets in form of IP-addresses with CIDR mask (gh-2559):
- `<CIDR>` - helper regex to match CIDR (simple integer form of net-mask);
- `<SUBNET>` - regex to match sub-net adresses (in form of IP/CIDR, also single IP is matched, so part /CIDR is optional);
2019-11-01 16:29:17 +01:00
9e699646f8
Add Centreon jail
2019-10-24 14:37:18 +02:00
18ba714f97
Add Centreon jail
2019-10-23 09:14:26 +02:00
3515d06979
Merge branch '0.10' into 0.11
2019-10-18 19:19:21 +02:00
5e3fef1631
Merge branch 'amend-gh-2254' into 0.10
2019-10-18 19:06:42 +02:00
85ec605358
nftables: amend to gh-2254 - implemented shutdown of action (proper clean-up) - at stop it checks now the last set was deleted and removes table completely (if table does not contain any set);
...
this is avoided if some sets were added manually or can be avoided via overwriting of parameter `_nft_shutdown_table`, for example:
banaction = nftables[_nft_shutdown_table=''][...]
2019-10-18 19:01:16 +02:00
51af193402
nftables: add options allowing to specify own table (default `f2b-table`) and chain (default `f2b-chain`)
2019-10-18 18:54:02 +02:00
955d690e56
regrouping expressions with curly braces, added more escapes (better handling in posix shell)
2019-10-18 18:34:48 +02:00
0824ad0d73
Merge branch '0.10' into 0.11
2019-10-18 12:04:38 +02:00
8b850864cf
amend to #2254 : update changelog
2019-10-18 12:00:17 +02:00
54298fe761
Merge pull request #2254
...
Nftables: isolate fail2ban rules into a dedicated table and chain
2019-10-18 11:43:38 +02:00
d1a73d3004
filter.d/apache-auth.conf:
...
- ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548);
- extended with option `mode` - `normal` (default) and `aggressive`
close gh-2548
2019-10-18 11:26:19 +02:00
8c6a547215
Merge branch '0.10' into 0.11
2019-10-11 03:01:46 +02:00
50595b70fd
filter.d/mysqld-auth.conf: ISO timestamp format (dual time) within log message
...
(https://serverfault.com/questions/982126/fail2ban-fails-to-recognize-ip )
2019-10-11 01:31:07 +02:00
9e28b6c65f
filter.d/asterisk.conf: relaxing protocol RE-part before IP in RemoteAddress (gh-2531)
2019-09-26 21:46:26 +02:00
8ea00c1d5d
fixed mistake in config (semicolon after space as comment in configs?) and coverage, suppress errors by unsupported flush, better space handling in helper _nft_get_handle_id, etc
2019-09-25 13:47:29 +02:00
492205d30e
action.d/nftables.conf: implemented `actionflush` (allows flushing nftables sets resp. fast unban of all jail tickets at all)
2019-09-24 20:00:29 +02:00
abc4d9fe37
allow to use multiple protocols in multiport (single set with multiple rules in chain):
...
`banaction = nftables[type=multiport]` with `protocol="tcp,udp,sctp"` in jail replace 3 separate actions.
more robust if deleting multiple references to set (rules in chain)
2019-09-24 19:44:59 +02:00
c753ffb11d
combine nftables actions to single action:
...
- nftables-common is removed
- nftables-allports is obsolete, replaced by nftables[type=allports]
- nftables-multiport is obsolete, replaced by nftables[type=multiport]
2019-09-24 18:53:38 +02:00
c59d49da22
nftables-allports: support multiple protocols in single rule;
...
tests/servertestcase.py: added coverage for nftables actions
2019-09-24 18:46:41 +02:00
dde51b4682
fix actionban/unban ip definition syntax
2019-09-24 13:01:14 +02:00
1cda50ce05
Rewrite nftables variables based on nftables' logic.
...
Add an example for redirecting.
2019-09-24 13:01:13 +02:00
f51712d275
Merge branch '0.10' into 0.11
2019-09-11 19:41:30 +02:00
82ddaa5771
fix order of jail options in stream:
...
* be sure usedns is before all regex(s) in stream (this option is also allowed in the config of filter now)
* logpath after all log-related data (backend, date-pattern, etc)
2019-09-11 19:38:42 +02:00
990c410877
Merge branch '0.10' into 0.11
...
# Conflicts (resolved):
# fail2ban/client/jailreader.py
2019-09-11 16:18:09 +02:00
7b3ee3dadc
allow to set all standard options of filter (like prefregex, journalmatch, etc) directly in jail (without filter or supplying parameters to filter);
...
normalize stream generation of filter-related parameters across FilterReader and JailReader (uses stream generator of filter now);
test cases extended (testOverrideFilterOptInJail) to cover this possibility.
2019-09-11 16:14:46 +02:00
a36b70c7b5
filter.d/znc-adminlog.conf: support logging format of systemd-journal, bypass port after address (optional, removed end-anchor, see gh-2520)
2019-09-10 21:02:26 +02:00
fbd4bfc595
extend murmur test cases to cover systemd journal log-format (gh-2520, note we don't use any time-stamp as systemd-backend does not expect it)
2019-09-10 19:46:44 +02:00
822f8adb6a
Merge branch '0.10' into 0.11
2019-08-22 21:33:58 +02:00
e547927075
tests: extend server test cases for some stock jails (e. g. check issue with sendmail filters gh-2493 + covering `maxmatches` / `dbmaxmatches` in server tests)
2019-08-22 21:29:46 +02:00
65da15327e
curtail some bothering continuously repeatable debug messages of filters (backend-related) to level 4 (below extra heavy-debug, so simplifying debugging and testing with level 5)
2019-08-22 21:17:45 +02:00
16b3993be6
actions: improve conditional execution of some operations, also allow to start action on demand (by first ban if `actionstart_on_demand` enabled) for non-conditional actions (backwards compatible, so actionstart_on_demand is on per default only for the actions having family-conditional sections);
...
small bug fixing (stop/flush/restore env etc) and code simplification.
2019-08-22 21:05:38 +02:00
6b7825b8c8
closes gh-2506: don't increase attempt count if `bantime.increment` is not enabled for the jail
2019-08-22 14:11:08 +02:00
15734a923b
Merge branch '0.10' into 0.11
2019-07-29 14:25:19 +02:00
39d9133baa
amend to 7520d250b0 ( #2444 ): don't use default flags (SYSTEM) if journalfiles are specified (similar journalflags set to 0);
...
fix failure of testJournalFilesArg and cover both cases now.
2019-07-29 14:23:53 +02:00
1cdd618232
Merge branch '0.10' into 0.11
2019-07-29 13:26:37 +02:00
5d5253dd70
Merge branch '0.10' into 0.11
2019-07-29 13:25:49 +02:00
19052d9789
* Merge pull request #2406 from JoeHorn/0.11
...
support bind-9.11.0 log format
2019-07-29 13:23:25 +02:00
91923b5c07
don't need to match identifier exactly (@ is precise enough as prefix), not capturing group;
...
`prefregex` extended, more selective now (denied/NOTAUTH suffix moved from `failregex`, so no catch-all there anymore);
update ChangeLog
2019-07-29 13:21:00 +02:00
5a3859c163
Update named-refused
2019-07-29 13:06:51 +02:00
4395469226
Update named-refused.conf
...
Log format changed since ver. 9.11.0
Ref. ftp://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html
"The logging format used for querylog has been altered. It now includes an additional field indicating the address in memory of the client object processing the query."
2019-07-29 13:06:49 +02:00
a395361de8
Merge pull request #2467 from sebres/logtype-option-rfc5424
...
New option `logtype` value - `rfc5424`
2019-07-24 00:02:04 +02:00
70280bfa12
Update ChangeLog
2019-07-24 00:00:24 +02:00
581f13c2db
Merge branch '0.10' into 0.11
2019-07-22 19:07:15 +02:00
d3b5befe44
update changelog ( #2404 )
2019-07-22 12:50:48 +02:00
0dfd4f1f41
Merge pull request #2404 from benrubson/badprotocol
...
filter.d/sshd.conf: matches "Bad protocol version identification" in ddos and aggressive modes.
2019-07-22 12:47:39 +02:00
eb308d0fc8
add test for injection on version identification
2019-07-22 11:50:01 +02:00
119401fced
Merge pull request #2452 from benrubson/badips
...
Badips key is only used to retrieve list
2019-07-20 12:08:22 +02:00
a98315386d
Update zzz-sshd-obsolete-multiline.conf
2019-07-19 17:59:16 +02:00
sebres