github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,215 Commits
32 Branches
229 Tags
17 MiB
Commit Graph

4215 Commits (d1de20dd4181c9506c29d218c20b16fc7239cf38)

Author SHA1 Message Date
sebres 75a5440acf extends date detector template with distance (position of match in log-line), to prevent grave collision using (re)ordered template list (e.g. find-spot of wrong date-match inside foreign input, misleading date patterns by ambiguous formats, etc.); 
By change of the distance (e.g. another format found), the pattern with smallest distance will be always preferred now.
To speedup (template lookup) resp. minimize of list reorder counts, the distance will be used as divider factor of the template weight by the templates comparison.
 2016-10-17 11:18:24 +02:00
sebres 84fe55b99b [temp commit] 2nd try to optimize datedetector/datetemplate functionality (almost ready, needs fine tuning) 2016-10-17 11:18:19 +02:00
sebres a7d9de8c52 [temp commit] 1st try to optimize datedetector/datetemplate functionality (fix ambiguous resp. misleading date detection if several formats used in log resp. by format switch after restart of some services): 
* Misleading date patterns defined more precisely (using extended syntax %E[mdHMS]
  for exact two-digit match)
* `filter.d/freeswitch.conf`
    - Optional prefixes (server, daemon, dual time) if systemd daemon logs used (gh-1548)
    - User part rewritten to accept IPv6 resp. domain after "@" (gh-1548)
 2016-10-17 11:16:20 +02:00
Aaron Lindsay 7805f9972d filter.d/sshd.conf: Match 'Invalid user' with 'port \d*' 2016-10-15 15:52:19 -04:00
Yaroslav Halchenko 5502e47486 Merge pull request #1579 from sebres/fix-gh-1578 
filter.d/sendmail-reject.conf: double space (should be by missing dns-host only)
 2016-10-15 13:18:52 -04:00
sebres 10bdadaef2 fixed sporadically (multi-threading) errors by reload/stop/start of polling filter inside getModified (so prevents to stop running main cycle) 2016-10-15 19:12:11 +02:00
sebres 519e355bf2 ChangeLog entry added 2016-10-15 14:59:36 +02:00
sebres 84c3eb3e0e filter.d/sendmail-reject.conf: double space (should be by missing dns-host only) 
Closes #1578
 2016-10-15 14:53:45 +02:00
Serg G. Brester c1174d7935 Merge pull request #1577 from sebres/_0.10/code-review-fix-log-fmt-auto-verbosity 
0.10/code review + fix log format by auto verbosity
 2016-10-15 13:01:19 +02:00
sebres 7f8c48d59e code review (e. g. remove code duplication) and coverage 2016-10-15 00:39:25 +02:00
sebres 5b40309052 code coverage of server module: switch backend 2016-10-14 23:57:52 +02:00
sebres 57a7795282 code coverage of server module: multiple ignoreregex 2016-10-14 23:57:35 +02:00
sebres 1ef367e77a fixes log format by starting server with `--loglevel=debug` without specifying of verbosity level 2016-10-14 23:30:12 +02:00
sebres 98f87a1a52 better server-ready event: notify waiting thread if server really ready (communication ready) or failed to start 2016-10-14 22:50:30 +02:00
sebres c809c3e61e Merge branch 'master' into 0.10 2016-10-13 19:01:13 +02:00
sebres 15dc2db8bb Merge pull request #1498 from ahpnils:npf to master: 
This new action files adds support for the NPF packet filter, available on NetBSD since version 6.0.
Closes #1498
 2016-10-13 19:00:54 +02:00
Nils f7df6026a3 Update Changelog to reflect the new np.conf action 2016-10-13 18:53:16 +02:00
Nils d08db22b92 Create npf.conf for the NPF packet filter 
This file adds support for the NPF packet filter, available on NetBSD since version 6.0
 2016-10-13 18:50:54 +02:00
Serg G. Brester 77f2dcfdb6 Merge pull request #1576 from sebres/_0.10/fail2ban-regex-coverage 
tests of fail2ban-regex extended to cover exec_command_line also
 2016-10-13 18:42:07 +02:00
sebres 44f93bfbff increase coverage, better test and output of errors 2016-10-13 18:27:59 +02:00
sebres 7e8575cc56 tests of fail2ban-regex extended to cover exec_command_line also; 
Closes #1573
 2016-10-13 17:32:38 +02:00
Serg G. Brester 733d0ef596 Merge pull request #1569 from sebres/_0.10/fix-fakegooglebot 
fixes deprecated DNSUtils.IsValidIP in fakegooglebot ignore command
 2016-10-06 12:15:49 +02:00
sebres 2d2d4cf185 amend to c2d2e79b0d48bf66b04c3772c2419f30a4b1f9db: fixed sporadically bug in getBanListExtendedCymruInfo: 
except dns.resolver.NXDOMAIN:
UnboundLocalError: local variable 'dns' referenced before assignment
 2016-10-05 15:43:39 +02:00
sebres 0ae932ba5e setup fix for python3, bypass directories (__pycache__) created after ignore command was tested 2016-10-05 15:29:56 +02:00
sebres fa8184d4cc fixes deprecated DNSUtils.IsValidIP in fakegooglebot ignore command + test covered now; 
Closes #1559
 2016-10-05 15:01:33 +02:00
sebres 973ac9a45c amend to c2d2e79b0d48bf66b04c3772c2419f30a4b1f9db: missing error variable in import block; 
additionally fixes forgotten skip for cymru server case, if --no-network specified);
Closes #1568
 2016-10-05 12:18:55 +02:00
sebres c2d2e79b0d ExtendedCymruInfo: better availability check (code review and timeout's); 
max sleep time check of too long sleep increased to 1 second (typo fix)
 2016-09-30 17:01:06 +02:00
sebres ee1727ecca Merge pull request #1563 from niklasf/fix-lazy-ipv6-regex (and sebres/fix-lazy-ipv6-regex) into 0.10 2016-09-30 13:34:54 +02:00
sebres 276759b6c2 ExtendedCymruInfo code review and availability check in test cases; 
max sleep time check of too long sleep increased to 1 second
 2016-09-30 13:19:00 +02:00
sebres 9bf8985e2a nginx-limit-req.conf: more precise failregex (word-boundary if `<HOST>` should be non-greedy for some reasons) 2016-09-30 12:33:43 +02:00
sebres 06674bb989 use common regex for IP addresses (removed code duplication) 2016-09-30 12:33:41 +02:00
Serg G. Brester ba9a88977f Merge pull request #1562 from sebres/_0.10/fix-stability-and-speed 
0.10/fix stability and speed optimization
 2016-09-30 12:14:51 +02:00
sebres 8b0f6c5413 badips test cases check availability of badips service (and skip this tests if it not available) 2016-09-30 12:03:27 +02:00
sebres 9a7c753372 fixes method-related filter for tests of suite loaded with loadTestsFromName (they may be a suite self) 2016-09-30 11:26:49 +02:00
Niklas Fiekas 057f2f3c56 make the ipv6 host regex greedy 
Previously the regex was lazily matching ``2606:2800:220:1:248:1893:25c8:1946``
as ``2606:2800:220:1:248:1893:25c8:1``.
 2016-09-30 11:08:07 +02:00
sebres 77ec9df678 standardize and normalize verbosity parameters for fail2ban-regex / fail2ban-testcases (-v ... -vvvv, or --verbosity=0..4) 2016-09-30 10:01:21 +02:00
sebres 2cfaf845ca standardize and normalize logging and verbosity formats, logging level etc between command lines (server, client, test-cases); 
test cases could pass (so increase) verbosity to the client (and furthermore client to the server also), usable for debug purposes resp. simplifying read of the log-file;
custom and precise numeric log-levels can be given in test cases now;
 2016-09-29 21:23:37 +02:00
sebres 62b8664175 speedup server start/stop (waiting for communicate, etc); 
extend server socket with timeouts, extend ping with timeout parameter;
 2016-09-29 21:11:54 +02:00
sebres 542419acab filtertestcase: use shorter sleep (almost just for the context switch here) 2016-09-29 21:08:27 +02:00
sebres b615ba49ff disengage testExecuteTimeout test-case from -fast option, just make it faster (timeout shorter) in this case 2016-09-29 21:08:25 +02:00
sebres b011cf17b2 increase performance of executeCmd (actions), thereby introduced new shorter interval for fast operations (leaves unchanged default wait operation intervals (sleep time, threshold interval) - for the same inertance, to save same system (load by many jails resp. log files); 
extends wait_for with callable timeout (test case fixed);
 2016-09-29 21:07:46 +02:00
sebres 310d4e224d Merge branch master (0.9) into 0.10 2016-09-29 19:46:11 +02:00
Serg G. Brester 8e3e333d54 Update ChangeLog 2016-09-27 14:17:45 +02:00
Serg G. Brester d9e1a4f547 Merge pull request #1556 from szepeviktor/master 
Monit config: scripting is not supported in path
 2016-09-27 14:16:52 +02:00
Serg G. Brester a0d8581a2c Merge pull request #1557 from sebres/_0.10/fix-reload-bug 
0.10/reload-and-more: reload without restart, stability and performance fixes
 2016-09-26 15:25:36 +02:00
sebres 5151c4fa6d ChangeLog entries added 2016-09-26 15:12:50 +02:00
sebres 5e4fdb60c8 extended test-cases (coverage) 2016-09-26 10:50:02 +02:00
sebres 449c46aec4 extended test-cases (coverage) 2016-09-23 15:21:23 +02:00
sebres 004879b5b1 code review: switch MAX_TIME to 0X7FFFFFFFFFFF (is enough, because 4461763-th year, but better performance) 2016-09-23 09:32:10 +02:00
sebres e00be5f308 Fixed sporadically error in testCymruInfoNxdomain, because of unsorted values: 
```
AssertionError: Dictionaries differ:
{'country': ['unknown', 'nxdomain'], 'asn': ['4565', 'nxdomain'], 'rir': ['other', 'nxdomain']} !=
{'country': ['nxdomain', 'unknown'], 'asn': ['nxdomain', '4565'], 'rir': ['nxdomain', 'other']}
```
Added assertDictEqual for compatibility to early python versions (< 2.7);
 2016-09-22 22:45:54 +02:00