github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
2,500 Commits
32 Branches
229 Tags
17 MiB
Commit Graph

2500 Commits (ce586b6e167a3b130a6e0d45c4434d2bc1beffcc)

Author SHA1 Message Date
Daniel Black 4780451883 Merge pull request #472 from grooverdan/banip-ignoreconflict 
ENH: banning an IP in the ignoreIPList now issues warning to log, but still does the ban
 2013-12-05 12:45:13 -08:00
Daniel Black 51f2619878 Merge pull request #473 from grooverdan/whois-missing 
ENH: Whois missing in actions? Include output to say so
 2013-12-05 12:44:35 -08:00
Daniel Black e07ba41870 Merge pull request #463 from grooverdan/firewall-cmd-direct-new-length-too-long 
BF: firewall-cmd-direct-new was too long. Thanks Joel.
 2013-12-05 12:42:55 -08:00
Steven Hiscocks a19b33cc72 ENH: blocklist.de action added fail2ban version as user agent 2013-12-05 18:12:15 +00:00
Steven Hiscocks f742ed0e4b DOC: when to use blocklist.de reporting 
Taken from commit 1846056606
 2013-12-05 18:06:53 +00:00
Steven Hiscocks e810ec009d ENH: Added blocklist.de reporting API action 2013-12-05 08:22:20 +00:00
Steven Hiscocks 60d298d898 BF: fail2ban-regex erroneously reporting multiple regexs had matched 2013-12-04 23:36:45 +00:00
Steven Hiscocks c03a50b44b BF: Allow handle case when SKIPLINES lines is not matched 
Example is when one or more SKIPLINES is optional in a regex
 2013-12-04 23:13:27 +00:00
Steven Hiscocks c886414e2e ENH+BF: Capture multiline matched lines into fail ticket 
Previously only the last line of the match was being saved, not all
lines involved in matching.

Log lines are now broken into 3 part tuple, with the line pre-datetime,
the datetime, and post-datetime. Allows reformation of full line, but
also use of the line without the datetime present.
Attempting to use the term "tupleLine(s)" where possible, to avoid
confusion with normal read lines.

May also wish to consider that regexs could be made to capture more
lines of interest if some form of unique reference is available. This
may allow more lines of interest to be captured, which may not be picked
up by the traditional "grep <ip>" approach i.e. ones which do not have
the ip address in.

This also simplified the fail2ban-regex statistics for missed lines.
Also resolved bug with missed lines time extracted for debuggex having
some lines present which were captured in a multiline regex.
Also resolved independent issue with ignored line check including the
datetime, which raised assertion error in the rare case the datetime
matched the ignore regex, and the rest of line only matched a failregex
 2013-12-04 22:26:22 +00:00
Daniel Black 4dc51e5def BF: put notice in email if whois program could not provide more information. Closes gh-471 2013-12-04 22:43:06 +11:00
Daniel Black 97d7f46bb7 DOC: correct grammar - s/Here are more information/Here is more information/ 2013-12-04 22:40:48 +11:00
Daniel Black e108de3f6d ENH: banning an IP in the ignoreIPList now issues warning to log, but still continues 2013-12-04 22:27:23 +11:00
Daniel Black b5d6310d28 BF: create flushlogs command to prevent logrotation clobbering logtarget. Closes gh-458 2013-12-04 20:51:30 +11:00
Daniel Black 8aead9ab79 BF: escape quotes when splitting addresses for xarf 2013-12-04 08:19:05 +11:00
Daniel Black 1846056606 DOC: when to use xarf messages to network owner 2013-12-03 20:40:42 +11:00
Daniel Black 8c37d2e4de ENH: remove dependency on querycontacts 2013-12-03 20:34:21 +11:00
Daniel Black bfd435091d ENH: jail examples for xarf-login-attack 2013-12-01 20:29:43 +11:00
Daniel Black dd356c3cef BF: fixed for sendmail and tested the MTA aspects of this action 2013-12-01 19:08:28 +11:00
Daniel Black 9df5f4eec8 BF: remove debugging tee command on xarf-login-attack 2013-12-01 17:53:34 +11:00
Daniel Black 9c1a679b7f DOC: changelog for xarf-login-attack action 2013-12-01 17:51:31 +11:00
Daniel Black d015f7f4fc BF/ENH: fixed so xarf-login-attack works 2013-12-01 17:49:35 +11:00
Yaroslav Halchenko 2c1199cce0 Let's progress and mark a2 release toward 0.9.0 2013-11-30 12:25:17 -05:00
Daniel Black 0495aa098e BF: grep matches on <ip> shouldn't include other IPs 2013-11-30 18:01:45 +11:00
Daniel Black 95845b7b65 BF: complain action could match too many IP addresses 2013-11-30 17:47:10 +11:00
Daniel Black 5cc7173fd4 ENH: add xarf email sender for login-attack type 2013-11-30 14:16:26 +11:00
Yaroslav Halchenko 3a5983ab0b Merge branch 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban 
* 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban:
  Changelog entries for the last changes
  ENH: added optional [PID] matching in recidive.conf
  ENH: reintroducing levelnameinto syslog msgs, time stamp and indentation in non-syslog msgs
  BF/ENH: include [PID] into logging msgs, remove indentation from syslog messages

Conflicts:
	ChangeLog
 2013-11-29 19:58:56 -05:00
Daniel Black f7504d5b64 MRG: conflict in THANKS 2013-11-30 10:39:19 +11:00
Daniel Black 4d86a17641 Merge pull request #453 from grooverdan/master_to_0.9 
MRG: merge Master to 0.9
 2013-11-29 15:37:44 -08:00
Daniel Black 56b6bf7d25 ENH: reduce firewalld-cmd-new -> firewallcmd-new 2013-11-30 10:30:29 +11:00
Daniel Black 04438cd1a1 BF/ENH: mysql jail - rename to mysql-syslog to be consistent with 0.8.13. Add port to syslog defination. Document mysql configuration required for mysql jails 2013-11-30 10:00:59 +11:00
Daniel Black 3f4d179612 BF: smtps not an IANA port - from #447 2013-11-30 09:52:32 +11:00
Daniel Black fe9e077acf BF: correct spelling of port for solid-pop3 jail in jail.conf 2013-11-30 09:51:30 +11:00
Daniel Black 86a0a5962a BF: revert to fail2ban- prefix as f2b- was intended for 0.9 2013-11-30 08:05:20 +11:00
Yaroslav Halchenko 982d5abbef Merge branch 'namelength20' of https://github.com/grooverdan/fail2ban 
* 'namelength20' of https://github.com/grooverdan/fail2ban:
  DOC: document rational behind 20 character jail name limit

Conflicts:
	ChangeLog
 2013-11-29 10:09:16 -05:00
Yaroslav Halchenko 25e967f23b Merge branch 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban 
* 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban:
  BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447)

Conflicts:
	ChangeLog
 2013-11-29 10:02:31 -05:00
Yaroslav Halchenko f2fed88920 Merge pull request #465 from grooverdan/smtps-not-iana-protocol 
BF: smtps not IANA standard. Closes #447

See http://en.wikipedia.org/wiki/SMTPS for more information on port 465
 2013-11-29 06:58:17 -08:00
Daniel Black 2bcc6c66b1 TST: remove python 2.5 from TravisCI 2013-11-29 21:54:36 +11:00
Daniel Black b9b2ddf996 BF: smtps not IANA standard. Closes #447 2013-11-29 21:47:53 +11:00
Daniel Black cade746307 BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447) 2013-11-29 21:45:11 +11:00
Daniel Black 9e53892708 BF: did remove instead of move 2013-11-29 19:26:24 +11:00
Daniel Black af4feb0c92 Actions to have f2b- as prefix instead of fail2ban- as per #462 2013-11-29 19:08:38 +11:00
Daniel Black b157be22d2 TST: pids don't match test case for sshd filter 2013-11-29 16:02:28 +11:00
Daniel Black fb666b69ff BF: firewall-cmd-direct-new was too long. Thanks Joel. 2013-11-28 23:35:05 +11:00
Daniel Black 99838440c8 DOC: document rational behind 20 character jail name limit 2013-11-28 23:18:34 +11:00
Daniel Black 227f27ce6b ENH: added multiline filter for sshd filter 2013-11-25 14:55:41 +11:00
Daniel Black f80fa7d7a0 Merge pull request #456 from grooverdan/apffix 
BF: add init section with name for action.d/apf. Closes #398
 2013-11-24 13:48:46 -08:00
Daniel Black 13223c33f5 MRG: recidive-protocol-all 2013-11-25 08:22:09 +11:00
Daniel Black dc154c792e BF: add init section with name for action.d/apf. Closes #398 2013-11-25 08:08:20 +11:00
Daniel Black 093aee9676 TST: no python-2.5 any more - https://github.com/travis-ci/travis-ci/issues/1668 2013-11-25 07:54:49 +11:00
Yaroslav Halchenko 085ebbe1de Changelog entries for the last changes 2013-11-24 11:55:58 -05:00