sebres
3161bcf78b
filter.d/exim.conf: optional part `(...)` after host-name before `[IP]`, normalized over whole config file.
...
# Conflicts:
# config/filter.d/exim.conf
8 years ago
sebres
507034c5be
filter.d/apache-auth.conf: joined some similar expressions
8 years ago
Serg G. Brester
e35ed1cdf7
Update ChangeLog
...
Changes of #1645
8 years ago
Serg G. Brester
6dfd080e20
Update apache-auth.conf
...
remove forgotten referer, that may prevent failure recognition (belongs to gh-1645)
8 years ago
Serg G. Brester
dffda63d59
Merge pull request #1645 from benrubson/issue1644
...
Apache URIs can contain spaces
8 years ago
Serg G. Brester
311f8fea83
Merge branch '0.10' into issue1644
8 years ago
sebres
efd6fff7a0
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
...
# Conflicts:
# fail2ban/tests/utils.py
8 years ago
Serg G. Brester
17922b621c
Update ChangeLog
...
replaced german in entry ;)
8 years ago
Yaroslav Halchenko
a0cf31903d
Merge pull request #1754 from yarikoptic/bf-tzdata
...
BF: specify explicit time offset not a time zone name to avoid needing tzdata during testing
8 years ago
Paul Brook
a639f0b083
BF: specify explicit time offset not a time zone name to avoid needing tzdata during testing
8 years ago
Serg G. Brester
36814c4274
Merge pull request #1749 from petervanderdoes/bugfix/problem_with_mail_command
...
Parameter `-s` is already a part of `mailcmd` interpolation
8 years ago
Peter van der Does
bb79e7f413
Parameter not needed
...
The parameter '-s' causes an error as the <mailcmd> already has the parameter.
8 years ago
Serg G. Brester
61e73b9694
Merge pull request #1746 from gracinet/0.10-haproxy-ipv6
...
haproxy-http-auth IPv6 (Closes #1745 )
8 years ago
Serg G. Brester
4f0f22702a
Update haproxy-http-auth.conf
...
little bit more precise expression
8 years ago
Georges Racinet
07023436ac
haproxy-http-auth: added a test for IPv4-mapped-in-IPv6
...
This what one gets in logis if haproxy is binding to ::
on a dual-stack system.
8 years ago
Georges Racinet
4fc6323ff0
haproxy-http-auth: avoid port number in IPv6 addresses
...
The solution taken is to consume the port number explicitely in
the regexp.
8 years ago
Serg G. Brester
e7f1fc5cb3
Update ChangeLog
...
enhancements of #1743
8 years ago
Serg G. Brester
e63af0aa4e
Merge pull request #1743 from sebres/0.10-flush-bulk-unban
...
0.10 - flush resp. bulk unban
8 years ago
sebres
97e8b42d34
dummy action extended with more examples and test-covered now
8 years ago
sebres
042a060a54
additionally complex test-case coverage for `actionflush` inside server via actions-mechanism of fail2ban - reload with removing action, unban all, stopping of jails and actions, etc.
8 years ago
sebres
d03872fbbf
bulk unban: add new command `actionflush` default for several iptables/iptables-ipset actions (and common include):
...
iptables-common
iptables
iptables-allports
iptables-multiport-log
iptables-multiport
iptables-new
iptables-ipset-proto4
iptables-ipset-proto6
iptables-ipset-proto6-allports
executing `actionflush` command covered for this actions now
8 years ago
sebres
a1e9cc552c
bulk unban: introduced new command `actionflush`: executed in order to flush all bans at once (e. g. by unban all, reload with removing action, stop, shutdown the system);
...
the actions having `actionflush` do not execute `actionunban` for each single ticket
8 years ago
Serg G. Brester
44a26c6159
Update ChangeLog
...
amend to gh-1742
8 years ago
Serg G. Brester
4dcdcc3002
Merge pull request #1742 from sebres/0.10-actionstart-on-demand
...
0.10 - Execution of `actionstart` on demand (fixes gh-1741)
8 years ago
sebres
daa13eb5dd
no cover for unreachable and abstract
8 years ago
sebres
ca18270beb
fix artificial test cases ('family' becomes mandatory in the action info, but dict was supplied in the test case)
8 years ago
sebres
8bf79fa483
implemented execution of `actionstart` on demand, if action depends on `family` (closes gh-1741);
...
new action parameter "actionstart_on_demand" (bool) can be set to prevent/allow starting action on demand (default retrieved automatically, if some conditional parameter `param?family=...` presents in action properties);
8 years ago
Serg G. Brester
05f5c6efcc
Update README.md
...
added wiki-reference;
fixed mail-representation (after github swiched markdown syntax)
8 years ago
Serg G. Brester
1a59a5c5a7
Merge pull request #1740 from sebres/0.10-strptime-perf
...
strptime.py: small code review and performance optimization
8 years ago
sebres
ee3c9fcb75
"%y" - in the fail2ban parsed year without century should be always relative current century (>= 2000);
...
cover several format specifiers and different "assume" cases (without year, without date, greater as now, etc.);
8 years ago
sebres
7437fbd75b
strptime.py: small code review and performance optimization (get some properties on demand, etc.)
8 years ago
Serg G. Brester
ec19aed489
Merge pull request #1739 from gracinet/0.10-test_smtp-no-network
...
Fixes test_smtp connects to wrong inet (if listening on ::1 instead of 127.0.0.1)
8 years ago
Georges Racinet
7b93f111e1
test_smtp inconsistency for py3+IPv6
...
It appears that, under Python3, on an IPv6 enabled machine,
the testing SMTP server on 'localhost' can turn out to listen on ::1 only,
which makes those tests break if the SMTP client part uses 127.0.0.1
directly. Using 'localhost' there as well makes the tests pass.
8 years ago
sebres
873f97c6c5
Merge branch '0.9-log-level-msg' into 0.10
8 years ago
sebres
7982d1e627
Update ChangeLog
8 years ago
sebres
e8596cfce7
amend resp. restore of change from 59c35bc44a
(gh-129):
...
- logging of "Log rotation detected" with new MSG level
- introduces new log-level MSG (as INFO-2, 18)
8 years ago
Serg G. Brester
d26060ead0
Update ChangeLog
...
belongs to #1733
8 years ago
Serg G. Brester
cea8ba7831
Merge pull request #1733 from sebres/0.10-repl-skiplines
...
Normalizes replacement of `<SKIPLINES>` + no multiline failregex per default
8 years ago
Seth Reeser
c82495353f
Update mysqld-auth.conf ( #1725 )
8 years ago
Serg G. Brester
52c1950371
Update mysqld-auth.conf
...
small typo, closes gh-1725 (Thx @seth-reeser)
8 years ago
sebres
6ac5c55edc
the sequence in args-dict is currently undefined (so can be 1st argument with `?` instead of `&`)
8 years ago
sebres
990d9a66da
fail2ban-regex: fixed matched output by multi-line (buffered) parsing + and multi-line debuggex URL;
...
test coverage extended;
8 years ago
sebres
bc888e0753
Regex compiled in multi-line parsing mode only if `maxlines` > 1 (buffering), if however expected - prefix `(?m)` could be used in regex to enable it;
...
Removed warning "Mutliline regex set for jail ... but maxlines not greater than 1", because can be expected situation now:
non multi-line entry from systemd-filter containing new-lines (that should be ignored by anchors resp. entry parsed as single string);
small code review;
8 years ago
sebres
61c1bdfe79
Normalizes replacement of `<SKIPLINES>` (moved to _resolveHostTag, so will be replaced together with another tags);
...
Regex will be compiled as MULTILINE only if needed (buffering with `maxlines` > 1), that enables:
- improve performance by the single line parsing;
- make regex more precise (because distinguish between anchors `^`/`$` for the begin/end of string and the new-line character '\n', e. g. if coming from filters (like systemd journal) that allow the parsing of log-entries contain new-line chars (as single entry);
8 years ago
Serg G. Brester
b650503f00
Merge pull request #1732 from sebres/0.10-ignoreself
...
0.10 `ignoreself` for ignore own IP addresses
8 years ago
sebres
e7052e9625
update man/jail.conf.5 (docu for the ignoreself)
8 years ago
sebres
30352c5f03
fix sporadic coverage changes (sometimes produces "no such process" in popen.poll after terminate/kill in timeout test cases)
8 years ago
sebres
663bc9903d
increase coverage (was decreased since "ignoreip" was set to default empty)
8 years ago
sebres
6c4b1c7204
Update ChangeLog
8 years ago
sebres
5e93bf9bd3
Introduced new option "ignoreself", specifies whether the local resp. own IP addresses should be ignored (default is true).
...
Fail2ban will not ban a host which matches such addresses.
Option "ignoreip" affects additionally to "ignoreself" and don't need to include the DNS resp. IPs of the host self.
8 years ago