Serg G. Brester
1e6787877a
Merge pull request #1726 from sebres/0.10-grave-fix-escape-tags-1st
...
0.10 fix escape tags
8 years ago
sebres
6ba0546824
code review and inline docu
8 years ago
Serg G. Brester
7a03c964c2
Update ChangeLog
8 years ago
sebres
bb9541b7a9
Merge pull request #1728 from sebres/_0.10/fix-gh-1719
8 years ago
sebres
43d2cae8da
small amend that correct log trace output by forget MLFID (outputs the reason why it was forgotten - close, disconnect, etc.)
8 years ago
sebres
b6886f2e51
SampleRegexsFactory extended with optional filter constraint, if testing the same log-file with multiple filters (no possibility to match by the old sshd-filter 'zzz-sshd-obsolete-multiline')
8 years ago
sebres
1971fd4bd3
don't remove MLFID from cache (can recognize multiple attempt within the same connection)
8 years ago
sebres
f13fac5ae9
amend to 5561423be3b2d4636f5484183c3ad470fd326d06: fixed incorrect failure counting despite the `<F-NOFAIL>` marked regex;
...
extra: introduced new tag `<F-MLFFORGET>` as mark to forget current multi-line MLFID (e. g. connection closed);
Closes gh-1727
8 years ago
sebres
32f3c1dbf3
test coverage
8 years ago
sebres
57e9c25449
bug fix in the config readers: mixing with the init section should affect only own init options (from init section only bypass default section);
...
the situation details:
value of "_daemon" from default section "default" (with init section) falsely overwrites it from definition section "test" -
the resulting value of "_daemon" should be "test" in all 3 resulting failregex's (as specified in test.local),
fixed and covered now;
additionally more complex cases covered also (all filter parameters in jail via "%(known/...)s", dynamical interpolation across all, etc);
8 years ago
sebres
4f1473724b
fixed grave vulnerability by wrong escape of tags by executing of shell actions
8 years ago
sebres
e5c9f9ec1c
[interim commit] try to fix possible escape vulnerability in actions
8 years ago
sebres
93ec9e01d4
fixes a small blemish by output in beautifier;
...
command "unban" returns a count of tickets that were flushed
8 years ago
Serg G. Brester
da808fe67b
Merge pull request #1720 from sebres/_0.10/fix-gh-1719
...
fix gh-1719: sshd format changed
8 years ago
sebres
5561423be3
filter.d/sshd.conf: fixed failregex format - some parts are optional, new ddos more precise rule (Connection reset by with host entry);
...
closes gh-1719
8 years ago
sebres
97d417926d
repairs testing of missing samples for all regex after filter settings (mode) changed
8 years ago
Viktor Szépe
d79267c424
Updated xarf-specification repo URL in xarf action
8 years ago
sebres
482e5265d7
output execution time of each test case if verbosity > 2
8 years ago
Serg G. Brester
77229a65b5
Merge pull request #1716 from sebres/fix-stop-replace-in-callable
...
Prohibit recursive replacement of action info (calling map)
8 years ago
sebres
ccfd1ccb2d
code review, increase coverage, etc.
8 years ago
sebres
5030e3a122
[Important] Prohibit replacement of recursive "tags" in the action info resp. calling map (very bad idea to do this):
...
- the calling map contains normally dynamic values only (no recursive tags);
- recursive replacement can be vulnerable, because can contain foreign (user) input captured from log (will be replaced in the shell arguments);
8 years ago
sebres
c1da6611ec
[BF] prevents always converting of calling map items in replaceTag (without direct access of item):
...
substituteRecursiveTags: ignore replacing callable items from calling map - should be converted on demand only (by get)
8 years ago
sebres
92d83274d9
fixes cache overload in the test cases (increase max count and max time of CACHE_ipToName - too many entries in mock-up preset, longer time testing)
8 years ago
Serg G. Brester
3fec546fc0
Merge pull request #1715 from sebres/fix-f2b-regex-debuggex-url
...
fail2ban-regex debuggex url fix
8 years ago
sebres
295f7b88c9
increase coverage
8 years ago
sebres
3cba2310ff
Fixes debuggex URL (tag replacement) and missing line stat by matched lines (without time - `matched_lines_timeextracted`);
...
Closes gh-1394
8 years ago
Serg G. Brester
1bcde678c6
Merge pull request #1710 from sebres/0.10-test-with-filter-options
...
0.10 filter options extension
8 years ago
sebres
30b53bb2ce
update ChangeLog and man/fail2ban-regex.1
8 years ago
sebres
eb3623e90c
configreader.py: correct reading real relative path (starting with "./");
...
fail2ban-regex: catch read exceptions by wrong config files (raise exception in verbose mode only);
8 years ago
sebres
6a26602ba8
allow to use filter options by fail2ban-regex, example:
...
fail2ban-regex text.log "sshd[mode=aggressive]"
8 years ago
sebres
8af7a73bfc
update ChangeLog
8 years ago
sebres
0c1707afda
filter.d/sshd.conf:
...
- optional parameter `mode` rewritten: normal (default), ddos, extra or aggressive (combines all), see sshd for regex details);
test cases reformatted (since "filterOptions", we don't need multiple test log-files anymore);
8 years ago
sebres
7e442c5b27
filter.d/sendmail-reject.conf:
...
- rewritten using `prefregex` and used MLFID-related multi-line parsing (by using tag `<F-MLFID>` instead of buffering with `maxlines`);
- optional parameter `mode` introduced: normal (default), extra or aggressive (see sendmail-reject for regex details);
test cases extended
8 years ago
sebres
a683e88a74
samples test case factory extended with filter options - dict in JSON to control filter options (e. g. mode, etc.):
...
# filterOptions: {"mode": "aggressive"}
8 years ago
sebres
52ed6597b2
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
8 years ago
Serg G. Brester
d3b644acae
Merge pull request #1708 from sebres/fix-gh-1707
...
filter.d/cyrus-imap.conf: accept entries without login-info resp. hostname before IP address (gh-1707)
8 years ago
sebres
0f8cb1749f
Update ChangeLog
8 years ago
sebres
8768776d68
filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address
8 years ago
Serg G. Brester
d042981954
Merge pull request #1655 from ajcollett/0.10
...
Added config for AbuseIPDB
8 years ago
Serg G. Brester
b1f5ac9484
Update abuseipdb.conf
8 years ago
Serg G. Brester
62fa02241f
Update jail.conf
8 years ago
Serg G. Brester
e71f3d595f
Merge pull request #1705 from sebres/0.10-tag-ip-host
...
New actions tag `<ip-host>` introduced: can be used in actions to retrieve the host name (dns) from the IP address
8 years ago
sebres
6a2c95da95
`action.d/sendmail-geoip-lines.conf` fixed using new tag `<ip-host>` (dns-cache and without external command execution);
...
changelog updated;
8 years ago
sebres
59cf761129
Real action info instead of calling map in test cases, covering of the new tag '<ip-host>';
...
dns lookup: pre-caching within test cases - prevent slow dns-resolving and failures if no-network, of if some IP addresses will be changed later
8 years ago
sebres
a0bb51ef92
New tag '<ip-host>' introduced: can be used in actions to retrieve the host name (dns) from the IP address
8 years ago
sebres
b832b77e3c
small amendment for test-coverage;
...
dynamical monitor failures test classes get proper names running in python3.x (wrong __qualname__)
8 years ago
Serg G. Brester
32ac383d06
Update ChangeLog
8 years ago
Serg G. Brester
81129f0e5c
Merge pull request #1698 from sebres/0.10-filter-captures-to-actions
...
0.10 filter captures to actions
8 years ago
sebres
e4a265c75f
test coverage
8 years ago
sebres
d2a3d093c6
rewritten CallingMap: performance optimized, immutable, self-referencing, template possibility (used in new ActionInfo objects);
...
new ActionInfo handling: saves content between actions, without interim copying (save original on demand, recoverable via reset);
test cases extended
8 years ago