github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,496 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

5496 Commits (d6ac7c29f46a8a3f7cf48eb002991767f3ca4e2b)

Author SHA1 Message Date
sebres e636567d23 filter.d/exim.conf: failregex extended with SMTP call dropped: too many syntax or protocol errors. 2018-02-19 09:50:46 +01:00
sebres 19a5a2f8c0 filter.d/murmur.conf: fixed detection of failures reading from journal (systemd-backend only): 
- extended with optional prefix for the systemd-journal (with second date-pattern as optional match);
- added `journalmatch` filtering;
closes gh-2043
 2018-02-09 11:43:55 +01:00
sebres 3e15343343 fail2ban-regex: bug fixed, if running over systemd-journal and `journalmatch` missing in filter. 2018-02-09 11:34:02 +01:00
sebres 98f4d70371 fixed cymru-info resolved to answers with multiple data-records (as comma-separated list now) 2018-02-06 18:00:50 +01:00
Sergey G. Brester 3b8b9c4acf
README: extended systemd-prerequirements: python-systemd package 2018-02-06 17:02:23 +01:00
sebres f1661d35ea fix sporadic error, wait for shutdown/exit messages by assert-check, better prevention of dual (parallel) stop 2018-02-01 18:30:00 +01:00
sebres 2c03f5ad28 simple syntax change (wrong escape in string): no functional changes 2018-02-01 18:04:04 +01:00
Sergey G. Brester 3a1c386958
Update ChangeLog 2018-01-31 12:18:56 +01:00
Sergey G. Brester 0e0e478483
Merge pull request #2038 from sebres/long-epoch-and-epoch-pattern 
Long epoch and epoch pattern
 2018-01-31 12:13:46 +01:00
sebres dcbf904876 allow to parse milliseconds as float + more test cases; 
normalize capturing with epoch-pattern match - similar to `{DATE}` should capture and cut out the whole pattern match from the log-line;
 2018-01-31 11:07:49 +01:00
sebres 3e8098d427 python 3.x compatibility: fix replacement string (may fail with errors like `bad escape \d ...`, etc) 2018-01-31 11:07:48 +01:00
sebres 442b0b1c59 extends date-detector with long epoch (LEPOCH) to parse milliseconds/microseconds posix-dates; 
provide opportunity to specify own regex-pattern to match epoch date-time, e. g. "^\[{EPOCH}\]";
closes gh-2029
 2018-01-31 11:07:46 +01:00
Sergey G. Brester 01f3df03c8
Merge pull request #2034 from sebres/0.10_/fix-gh-2028 
0.10 - extend section-related interpolation, fix gh-2028
 2018-01-31 11:04:06 +01:00
sebres 0ed11817c1 restore coverage: no cover for normally unreachable scopes (only if test cases failed) 2018-01-30 13:30:31 +01:00
sebres 0be0e43d47 amend to 03b577d7b92a120e325abe20a99b6956a7e0657c: add new-line after matches via tag `<br>` without usage of interim variable 2018-01-30 12:52:26 +01:00
sebres 03b577d7b9 action.d/blocklist_de.conf: fixed tag substitution (in 0.10 it can be variables supplied via shell-arguments), expand `<matches>` with trailing newline; 
tests extended;
closes gh-2028
 2018-01-30 12:27:03 +01:00
sebres 435f359a06 allow substitute section-related parameters like `<Definition/option>` in all config-readers as well as during substitute after supply of init arguments; 
test cases extended;
 2018-01-30 12:15:36 +01:00
sebres f547a7c7b1 LogCaptureTestCase: use almost non-blocking handling by getvalue/_is_logged (especially important in tests with waiting for logged via `assertLogged(..., wait=TO)`): 
- try to acquire lock without blocking, if not possible - return cached/empty (max 5 times, otherwise do lock);
- minimized time of the lock of messages list;
- avoid sporadic dead-locking during cross lock together with lock within handling of self._strm.
 2018-01-26 20:25:11 +01:00
sebres 5f3ba289d6 restore code coverage (decreased in latest "fixes") - no cover for unreachable cases; 2018-01-24 20:03:46 +01:00
sebres ac9d5f61e7 rewrite keywords reserved in python 3.7 (`async` -> `nonsync`) 2018-01-24 15:50:19 +01:00
Sergey G. Brester 6b7cca07ae
Merge pull request #2025 from yarikoptic/bf-0.10-debian 
A number of fixes toward making tests pass while building Debian pkg for 0.10.2
 2018-01-24 08:42:36 +01:00
sebres 7a757645bb introduces new decorator/conditional helper in order to skip some STOCK-related test-cases (if running outside of stock-config environment). 2018-01-23 22:06:22 +01:00
sebres 9af9ec25f5 allow to override use_stock_cfg values (used as default value now), e. g. actions rest filters only, reject d1afbb566f0304487b5d578b4aacef8e647ee74b 2018-01-23 22:06:20 +01:00
Yaroslav Halchenko 3f51c158cd Added manpage (still would need tuning) for fail2ban-python 2018-01-23 22:06:18 +01:00
Yaroslav Halchenko a5b9128fcc BF: RF test for "being a root" to check if actually can read the file 2018-01-23 22:06:16 +01:00
Yaroslav Halchenko 49be8de902 BF: look for system.journal also under system-state-logs (i.e. /var/log) 
as it happens on Debian systems
 2018-01-23 22:06:14 +01:00
Yaroslav Halchenko 2f0bc491e2 BF: use tests.utils.CONFIG_DIR instead of hardcoded "config" in fail2banclienttestcase 
Since otherwise cannot provide custom path to the config via env var
and thus cannot test in a build directory which is out of source
 2018-01-23 22:06:12 +01:00
Allan Nordhøy d7e320b96d
reverting linux indentation 2018-01-23 21:09:53 +01:00
Sergey G. Brester 3ac6166b48
Merge pull request #2027 from yarikoptic/bf-0.10-review 
Minor spelling typos etc
 2018-01-23 19:45:44 +01:00
Yaroslav Halchenko 527bb9a7c3 dos2unix for helpers-common.conf 
Original report: http://bugs.debian.org/888110
 2018-01-23 08:48:36 -05:00
Yaroslav Halchenko ba2538ba04 DOC: minor typos spotted around comments etc 2018-01-22 21:39:56 -05:00
Yaroslav Halchenko af2de7ff2f RF: COND_FAMILIES - use tuple 
no need for a dict where tuple would be preferable (deterministic order)
 2018-01-22 21:08:44 -05:00
Yaroslav Halchenko b9facb80d2 debian/README.Debian - Instructions on how to establish correct startup/shutdown sequence in systemd for shorewall (Closes: #847728) 
final recipe
 2018-01-22 10:38:48 -05:00
Yaroslav Halchenko 071023526f updated the patch for elderly systems to use python2 2018-01-22 10:04:52 -05:00
Yaroslav Halchenko 11911c0ccd information about new "mode" setting and new filters/actions into changelog 2018-01-22 10:01:43 -05:00
sebres 8cfd97a68f skip a testRepairDb if no sqlite3 command-helper available; code review (removed unnecessary code-pieces resp. code-duplication) 
closes #2026
 2018-01-22 10:42:33 +01:00
Yaroslav Halchenko 1c283f12f7 debian/control - sqlite3 is now needed for some tests, thus added to build-depends and suggests 2018-01-21 23:31:17 -05:00
Yaroslav Halchenko 0f24d53730 Boost policy to 4.1.3, obey lintian and demand recent debhelper (or dh-systemd), VCS fields to provide a branch 2018-01-21 22:45:32 -05:00
Yaroslav Halchenko 2cccd24ce6 NEWS entry 2018-01-21 22:35:12 -05:00
Yaroslav Halchenko f5134ae479 changlog tune up 2018-01-21 22:21:03 -05:00
Yaroslav Halchenko c7986a1089 Fixed up paths to systemd file and create monit/monitorc.d 2018-01-21 22:10:00 -05:00
Yaroslav Halchenko 2bc71e9f4b One more patch to please fakeroot 2018-01-21 22:03:27 -05:00
Yaroslav Halchenko 404dbc98d3 One more relative path in test configs + tests from upstream PR 2018-01-21 21:50:38 -05:00
Yaroslav Halchenko b2688c6c11 verbose debian build and verbose tests 2018-01-21 21:50:31 -05:00
Yaroslav Halchenko 1aa4522cd3 refreshed the patch 2018-01-21 00:27:00 -05:00
Yaroslav Halchenko 70f2b5c550 initial changelog for 0.10.2-1 2018-01-20 22:13:32 -05:00
Yaroslav Halchenko e9c1b5d6fa Merge tag '0.10.2' into debian 
* tag '0.10.2': (623 commits)
  prepare release: bump version, update ChangeLog, man's and MANIFEST etc.
  ChangeLog update
  action.d/pf.conf: compatibility fix - recognizes that parameter `port` specified as empty, with or without braces (should be more backwards compatible to 0.9 now).
  regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name
  nginx-http-auth: match usernames with spaces
  regex updated using non-capturing groups
  extended test-cases to cover new log-format (http_auth -> mod_auth)
  Update lighttpd-auth.conf
  file-filter's: provide stop function in order to explicitly delete/stop monitoring of each file.
  Remove annoying error-message "rm_watch: cannot remove WD=2, Errno=Invalid argument (EINVAL)", logged from pyinotify-module if rm_watch called with non-existing watch file descriptor (probably multi-threaded issue by dual-remove). Closes gh-1865
  should fix sporadic coverage decrease (don't cover "return", because too sporadic to get idle in pyinotify-callback);
  fixed restoring sane environment (via stop/start) if invariant check failed: bypass possible errors in stop (if start/check succeeded hereafter); test cases extended to cover such situation. Closes gh-1997
  action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now.
  micro-fix: delete temporary file (forgotten in test-case `test_move_dir` by reassign to directory)
  Update ChangeLog
  stop ban of legitimate users with multiple public keys (e. g. git, etc), thereby differentiate between "invalid user" (going banned earlier) and valid users with public keys, for which the rejects of not valid public keys (failures) will be retarded up to "Too many authentication failures" resp. disconnect without success (accepted public key).
  filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)
  test cases extended in order to cover `firewallcmd-ipset` with `allports`
  Update ChangeLog
  firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage:
  ...
 2018-01-20 21:59:34 -05:00
sebres 9d5f20aab2 FilterPyinotify: fixed sporadic test-case error (multi-threaded) - 'NoneType' object has no attribute 'stop'. 2018-01-19 12:32:24 +01:00
sebres 9a38d5697f bump version (0.10.2 -> 0.10.3.dev1) 2018-01-18 16:40:48 +01:00
sebres a45488465e prepare release: bump version, update ChangeLog, man's and MANIFEST etc. 2018-01-18 14:49:01 +01:00