Commit Graph

354 Commits (db4c21acde6830eb8fbcdd34d1a5e71a11ed9e34)

Author SHA1 Message Date
Daniel Black 8ce9c78474 TST: apache-auth digest logs 2013-07-18 00:36:17 +10:00
Daniel Black 4eca2c0bd5 TST: apache-auth client denied by server configuration 2013-07-17 23:24:19 +10:00
Daniel Black e0292913eb ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner 2013-07-17 23:05:04 +10:00
Daniel Black 40cc336cd5 TST: testcases and logs for apache-auth basic 2013-07-17 22:46:04 +10:00
Steven Hiscocks bf05f2ac95 Merge branch 'filter-failregex-return'
Conflicts:
	server/filter.py
2013-07-16 21:17:18 +01:00
Yaroslav Halchenko f6a8a04cf3 ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback
I also used non-greedy .*? for the login portion since not sure if space could
be there and trying to minimize possibility of reacting on injected "from
<HOST>" somewhere within the trailing .*
2013-07-16 15:07:32 -04:00
Yaroslav Halchenko 0a02cfe9e8 ENH: <HOST> must end with alphanumeric \w (not a dot or a dash etc)
Otherwise <HOST> regexp might swallow period in the sentence right after the address.
I have decided to enforce alphanumeric instead of switching to non-greedy +? ... because
I think it is closer to what we actually want here
2013-07-16 15:03:06 -04:00
Steven Hiscocks 1a2b6442a0 ENH+BF+TST: Filter now returns reference to failregex and ignoreregex
This avoids duplication of code across fail2ban-regex and samples test
cases. This also now more neatly resolves the issue of double counting
date templates matches in fail2ban-regex.
In addition, the samples test cases now also print a warning message
that not all regexs have samples for them, with future plan to change
this to an assertion.
2013-07-15 22:22:13 +01:00
Steven Hiscocks 4855cae487 Merge branch 'sample-log-meta-data'
Conflicts:
    testcases/files/logs/dovecot
2013-07-14 18:29:36 +01:00
Steven Hiscocks 1116f23151 TST: Sample log regex test now warns if no log for a filter
Also checks that at least some tests are present
2013-07-14 18:19:16 +01:00
Steven Hiscocks 728399c39e Merge pull request #281 from kwirk/dovecot-filter
ENH: dovecot filter additions for session, time value and blank user
2013-07-14 05:18:04 -07:00
Steven Hiscocks 94376bfbe1 TST: Handle lack of `json` library in python2.5 for samples test case 2013-07-14 11:15:45 +01:00
Steven Hiscocks 40f67c64b8 TST: Test sample logs' entries are matched by filter regexs 2013-07-13 23:03:01 +01:00
Daniel Black 1bb427cc14 TST: remove dup test log entry 2013-07-12 09:09:24 +10:00
Daniel Black 6ce41a611d BF: fix filter on apache-auth. Closes #286 2013-07-11 22:13:51 +10:00
Daniel Black 5412d7336f DOC: ChangeLog confict 2013-07-09 08:23:44 +10:00
Yaroslav Halchenko 5f04b4954f Merge pull request #280 from yarikoptic/master
BF+ENHs: polling backend tracks ino and size now in addition to mtime, filters do not read file unless it has content + few other minor issues
2013-07-07 08:33:55 -07:00
Daniel Black 619603fe05 BF: match asterisk InvalidPassword correctly 2013-07-07 17:48:20 +10:00
Steven Hiscocks bfa2b9dec3 ENH: dovecot filter additions for session, time value and blank user 2013-07-05 18:36:02 +01:00
Yaroslav Halchenko 47ac39fb34 TST: minor enhancement to test failure msg 2013-07-02 23:37:41 -04:00
Yaroslav Halchenko 052e7ff9da ENH: deprecate sophisticated MTimeSleep in favor of no sleeping at all
all invocations of mtimesleep() are left in the tests for now
2013-07-02 20:44:28 -04:00
Yaroslav Halchenko 8c125b6053 ENH: do not sleep 1 sec only on older Pythons while testing filters 2013-07-02 19:50:22 -04:00
Daniel Black d6dece4900 ENH: Split log and provide jail examples 2013-07-03 07:42:47 +10:00
Yaroslav Halchenko e9c8a51ce4 ENH: further tighten up detection of mtimesleep duration + log what was assigned 2013-07-02 17:26:41 -04:00
Yaroslav Halchenko 8f3671bc94 BF: figure out minimal sleep time needed for mtime changes to get detected. Close #223, and probably #103 2013-07-02 17:10:00 -04:00
Yaroslav Halchenko e6ebcf6687 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
* 'dovecot' of https://github.com/grooverdan/fail2ban:
  ENH: remove non-capturing groups for readibility
  BF: fix dovecot filter for when no TLS is enabled on pop/imap

Conflicts:
	ChangeLog -- changelog entries.  Also untabified few other spots
2013-07-02 10:12:51 -04:00
Yaroslav Halchenko f0f237fa05 Merge pull request #269 from grooverdan/asterisk
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
2013-07-02 07:04:10 -07:00
Daniel Black 4777cfd4e7 ENH: split out exim-spam into speparate filter 2013-07-02 20:03:16 +10:00
Yaroslav Halchenko 54cce29b3e Merge pull request #271 from yarikoptic/master
BF: support apache 2.4 more detailed error log format. Close #268

Thanks @grooverdan for the review
2013-07-01 20:52:36 -07:00
Daniel Black c7d64c3c7f TST: url reference fix 2013-07-01 21:58:03 +10:00
Daniel Black ca996ace5e ENH: remove temporary failures from local_scan in line with comments in gh-258 2013-07-01 21:56:02 +10:00
Daniel Black 72f9e6a51e ENH/TST: more samples and rejection types for sender verify fail and rejected RCPT 2013-07-01 21:50:35 +10:00
Daniel Black 3b76fc79f9 BF: fix dovecot filter for when no TLS is enabled on pop/imap 2013-07-01 21:12:51 +10:00
Steven Hiscocks b670b5c792 TST: Change depreciated assertEquals to assertEqual in some tests 2013-06-29 20:17:42 +01:00
Yaroslav Halchenko 1b170b2aef BF: support apache 2.4 more detailed error log format. Close #268 2013-06-28 09:49:36 -04:00
Yaroslav Halchenko 6d331bcbea BF: make colon after [daemon] optional. Close #267 2013-06-27 11:44:47 -04:00
Daniel Black fa7a105483 ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages 2013-06-27 09:16:14 +10:00
Yaroslav Halchenko b9e971c25d Merge branch 'exim' of https://github.com/grooverdan/fail2ban
* 'exim' of https://github.com/grooverdan/fail2ban:
  DOC: credits/blame to me for changes to exim
  ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries
  TST/ENH: Improve regex around exim
2013-06-23 00:21:28 -04:00
Yaroslav Halchenko 057f0ad135 ENH: allow_no_files option for jail's convert to allow testing of stock jail.conf 2013-06-21 12:44:37 -04:00
Daniel Black b8cfda68b8 ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries 2013-06-16 00:19:37 +10:00
Daniel Black d441d61a1e TST/ENH: Improve regex around exim
rejected by local_scan now has test cases.

Unrouteable address error messages now normalised after looking into
exim code.
2013-06-15 12:34:16 +10:00
Yaroslav Halchenko 9d4b613ee4 Merge branch '3proxy' of https://github.com/grooverdan/fail2ban
* '3proxy' of https://github.com/grooverdan/fail2ban:
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
  BF: need to anchor the start to avoid another repeat of DoS injection like Apache
  ENH: stricter regex thanks to Steven Hiscocks (kwirk)
  DOC: credits

Conflicts:
	ChangeLog
2013-06-14 12:32:51 -04:00
Yaroslav Halchenko 173fe48e77 Merge branch 'exim' of https://github.com/grooverdan/fail2ban
* 'exim' of https://github.com/grooverdan/fail2ban:
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  ENH/BF: exim improvements with sample

Conflicts:
	ChangeLog
2013-06-14 12:28:07 -04:00
Yaroslav Halchenko ec629ab4e8 Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban
* 'proftpd' of https://github.com/grooverdan/fail2ban:
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: proftp regex hardening and log messages

Conflicts:
	ChangeLog
2013-06-14 12:16:59 -04:00
Daniel Black 8cc13b5b40 BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address 2013-06-14 18:12:53 +10:00
Daniel Black e8b6acfa65 TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15 2013-06-14 00:53:03 +10:00
Daniel Black 2e2ec5d1f5 ENH: injection of fail data into USER field 2013-06-14 00:17:41 +10:00
Daniel Black dbe7ffe050 ENH: dovecot regexs rewritten and extra failures 2013-06-13 23:52:15 +10:00
Daniel Black 4c67a269bf ENH: proftp regex hardening and log messages 2013-06-13 22:11:05 +10:00
Daniel Black 3e3802512a ENH/BF: exim improvements with sample 2013-06-13 17:44:18 +10:00
Daniel Black 9dbaec0894 ENH: sample log + more specific regex 2013-06-13 10:23:14 +10:00
Yaroslav Halchenko 6ccd57813c BF: anchor apache- filters. Close #248
See https://vndh.net/note:fail2ban-089-denial-service for more information
2013-06-11 19:19:25 -04:00
Daniel Black 16d63434ef DOC: credits 2013-06-11 23:56:09 +10:00
Carlos Alberto Lopez Perez 7248ef4564 Filter Asterisk: Add sample log entry to testcase.
* Sample log entry for AUTH_UNKNOWN_DOMAIN (Not a local domain)
2013-06-11 02:13:37 +02:00
Daniel Black 916b5a7c23 TST: normalize logs to use example.com and 1.2.3.4 as IP 2013-05-30 10:24:48 +10:00
Daniel Black eceede175a Merge branch 'patch-4' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:37:00 +10:00
Yaroslav Halchenko fae2d5c0ce Merge branch 'patch-3' extending roundcube failregex to support v0.9+ (from https://github.com/teroz/fail2ban)
* 'patch-3' of https://github.com/teroz/fail2ban:
  failregex when roundcube log driver is set to 'syslog'
  fixed failregex line for roundcube 0.9+
2013-05-29 09:38:35 -04:00
Steven Hiscocks 7a4db4b4b9 TST: Fix fail2ban.conf reader test for unreliable dictionary order 2013-05-26 14:36:51 +01:00
Terence Namusonge 098c88a67b failregex when roundcube log driver is set to 'syslog' 2013-05-26 07:46:29 +02:00
Yaroslav Halchenko 8a57ffd2fb TST: test all stock jails to have actions and correctly specifying blocktype 2013-05-24 14:33:48 -04:00
silviogarbes 52fa5f19b0 Update asterisk 2013-05-14 12:58:43 -03:00
Yaroslav Halchenko 04bf9eceb6 BF: (travis) relax the test for needed to be presented installed directories -- allow new
on travis scripts install into user's home by default
2013-05-12 23:42:57 -04:00
Yaroslav Halchenko 6aed705f3d BF: (travis) if tests ran under coverage -- there is a traceback parts to report (thus > would be present) 2013-05-12 23:42:01 -04:00
Yaroslav Halchenko 1b301d723d ENH: also print the failing traceback line in case of failure
Also to troubleshoot
https://travis-ci.org/fail2ban/fail2ban/jobs/7112324
2013-05-12 23:27:32 -04:00
Yaroslav Halchenko f345c4d7dc ENH: include explicit list of new files which should not be there upon "install --root"
that is to figure out what gets there on failing travis tests:

e.g. https://travis-ci.org/fail2ban/fail2ban/jobs/7112324
2013-05-12 23:22:55 -04:00
Yaroslav Halchenko 571ff33fde ENH: issue a warning if jail name is longer than 19 symbols (Close #222) 2013-05-12 22:19:50 -04:00
Yaroslav Halchenko bdc86e5f1d ENH: use the same python executable for setup.py test
This doesn't anyhow resolve gh-161 which was revealed consistently on Debian sytem
after adding this testSetupInstallRoot
2013-05-10 11:17:04 -04:00
Yaroslav Halchenko 281d310b7e ENH: actually tune up TraceBack to determine "unittest" portions of the stack across all python releases
before for 2.7 it would spit out "suite" and other components of unittest module
2013-05-10 00:02:49 -04:00
Yaroslav Halchenko dc05eee0f5 TST: Some primarily smoke tests for tests utils 2013-05-09 23:43:22 -04:00
Yaroslav Halchenko e70d01bc10 TST: cover few more lines in fail2banreader.py 2013-05-09 23:16:03 -04:00
Yaroslav Halchenko 26715d5e5e ENH: basic test for setup.py itself (when applicable, should greatly improve coverage ;) ) 2013-05-09 23:08:20 -04:00
Yaroslav Halchenko 90d6a4a6cd ENH: consistent operation of formatExceptionInfo + unittest for it 2013-05-09 22:46:59 -04:00
Yaroslav Halchenko 7a6eecbe21 ENH: close open file in a test 2013-05-09 13:25:29 -04:00
Yaroslav Halchenko 0e5f7b5951 Merge branch '_enh/strip_crlf'
* _enh/strip_crlf:
  Changelog for preceeding commit
  ENH: strip CR and LF while analyzing the lines (processLine) (Close #202)
2013-05-08 16:36:14 -04:00
Yaroslav Halchenko 28794d842d ENH: close files in _test_move_into_file 2013-05-08 15:14:28 -04:00
Yaroslav Halchenko 582d1c5ea5 ENH: remove use of $Revision and $Date SVN tags 2013-05-08 13:59:09 -04:00
Yaroslav Halchenko 6fef85ff2d ENH: strip CR and LF while analyzing the lines (processLine) (Close #202)
This should allow to resolve issues with logs written in MS-DOS fashion,
e.g. with daemontools

See https://github.com/fail2ban/fail2ban/issues/202\#issuecomment-17393613
2013-05-08 12:07:29 -04:00
Yaroslav Halchenko 571cadd80c ENH: Use real (resolving) example.com instead of test.example.com 2013-05-08 10:30:38 -04:00
Yaroslav Halchenko 976a65bb89 Merge branch 'bsd_logs' of https://github.com/grooverdan/fail2ban
* 'bsd_logs' of https://github.com/grooverdan/fail2ban:
  ENH: separate out regex and escape a .
  BF: missed MANIFEST include
  DOC: credits for bsd log
  DOC: bsd syslog files thanks to Nick Hilliard
  BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD

Conflicts:
	config/filter.d/common.conf
2013-05-08 10:30:04 -04:00
Yaroslav Halchenko 5e1d8b07e8 ENH: logs/sshd -- have ":" after [daemon] (other uses are uncommon)
See https://github.com/fail2ban/fail2ban/issues/216\#issuecomment-17535577
for the analysis
2013-05-07 12:30:05 -04:00
Yaroslav Halchenko ffcac2ccee ENH: logs/sshd -- use example.com as the resolved hostname in sample log lines 2013-05-07 12:26:13 -04:00
Yaroslav Halchenko 2143cdff39 Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups
Origin: from https://github.com/jamesstout/fail2ban

* 'OpenSolaris' of https://github.com/jamesstout/fail2ban:
  ENH: Removed unused log line
  BF: fail2ban.local needs section headers
  ENH: Use .local config files for logtarget and jail
  ENH+TST: ssh failure messages for OpenSolaris and OS X
  ENH: fail message matching for OpenSolaris and OS X
  ENH: extra daemon info regex
  ENH: actionunban back to a sed command
  Readme for config on Solaris
  create socket/pid dir if needed
  Extra patterns for Solaris
  change sed to perl for Solaris

Conflicts:
	config/filter.d/sshd.conf
2013-05-06 11:11:12 -04:00
Yaroslav Halchenko bcecf085f1 Merge pull request #209 from grooverdan/tst_br
TST: test case for <br> tags in action
2013-05-06 07:53:41 -07:00
jamesstout 932bd102fe ENH: Removed unused log line
removed #9 per
https://github.com/fail2ban/fail2ban/pull/182#discussion_r4068885
2013-05-04 18:38:05 +08:00
Daniel Black 503602b332 TST: test case for <br> tags in action 2013-05-03 16:58:21 +10:00
Daniel Black cde7108033 DOC: bsd syslog files thanks to Nick Hilliard 2013-05-03 16:12:19 +10:00
Daniel Black 495f2dd877 DOC: purge of svn tags 2013-05-03 16:03:38 +10:00
Yaroslav Halchenko 89adcd7ff7 Merge branch PR #193 ASSP SMTP Proxy support (with some manual squashing)
Origin: https://github.com/lenrico/fail2ban

Squashing was done via rebase -i 1524b076d6
to eliminate massive assp sample log file originally added

  fixed test date thx to steven
  tight control of the filter for ASSP
  as yaroslav wishes
  as daniel desires
  changed from DateASSPlike class to DateStrptime
  fixed little things
  added new date format support for ASSP SMTP Proxy
2013-05-03 00:57:49 -04:00
Enrico Labedzki fd01649a61 fixed test date thx to steven 2013-05-03 00:56:53 -04:00
Enrico Labedzki 24a8d07c20 added new date format support for ASSP SMTP Proxy 2013-05-03 00:56:46 -04:00
Yaroslav Halchenko 7c409dd24f Merge branch 'master' of git://github.com/fail2ban/fail2ban
* 'master' of git://github.com/fail2ban/fail2ban:
  BF: log error only if there were missed config files that couldn't be read
  DOC: missing cinfo tags are ok. Log error for self referencing definitions
  DOC: s/defination/definition/g learn to spell
  ENH: remove stats of config files and use results of SafeConfigParserWithIncludes.read to facilitate meaningful error messages
  DOC: ChangeLog for recursive tag substition
  ENH: allow recursive tag substitution in action files.
2013-05-02 23:28:18 -04:00
jamesstout 018913db6a ENH+TST: ssh failure messages for OpenSolaris and OS X 2013-04-30 04:24:56 +08:00
Yaroslav Halchenko f21566049c BF: pyinotify backend should also handle IN_MOVED_TO events 2013-04-29 13:54:14 -04:00
Daniel Black 1d9abd1b39 ENH: allow recursive tag substitution in action files. 2013-04-29 12:37:16 +10:00
Daniel Black 0ac8746d05 ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458 2013-04-28 11:03:44 +10:00
Steven Hiscocks 94956bee84 TST: test all valid loglevels in server testcases 2013-04-14 15:59:05 +01:00
Steven Hiscocks 4c4b60f4b4 TST: Add tag replace and escape test for actions 2013-04-14 15:58:35 +01:00
Yaroslav Halchenko ffaa9697ee Adjusting previous PR (MySQL logs) according to my comments 2013-04-09 18:00:40 -04:00
Yaroslav Halchenko 3e6be243bf Merge branch 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban
* 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban:
  Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
  Added support for MySQL logfiles

Conflicts:
	testcases/datedetectortestcase.py -- conflictde with other added test cases
2013-04-09 17:55:14 -04:00
Yaroslav Halchenko 33a31e096a RF+TST: bring inBanList back from private to protected and enabled its rudimentary unittests 2013-03-29 15:33:08 -04:00
Yaroslav Halchenko e7184e70f6 ENH: increase waiting to 4 sec for gamin/pyinotify
This will be the last gesture from me for the bloody tests:
https://travis-ci.org/kwirk/fail2ban/jobs/5904668
2013-03-29 14:59:52 -04:00
Yaroslav Halchenko ef3f2b7e99 TST: be more aggressive in cleanup of temp files + use mktemp instead of mkstemp 2013-03-27 23:40:50 -04:00
Yaroslav Halchenko bf4d4af1d4 ENH(BF?): overload open() (for buffering) within filtertestcase to guarantee atomic writing
This is with the hope to further resolve random tests failures
( primarily on fast travis-ci systems ;) )
2013-03-27 15:11:49 -04:00
Yaroslav Halchenko ab044b75ea BF: delay check for the existence of config directory until read() 2013-03-27 12:22:39 -04:00
Yaroslav Halchenko f643e2e907 non-static (get|set)BaseDir for Configurator. fixes #160
ConfigReader's (get|set)BaseDir are no longer static as a result of
.d/ support RFing
2013-03-27 11:51:07 -04:00
Yaroslav Halchenko 72b06479a5 ENH: Slight tune ups for fresh SOGo filter + comment into the sample log file 2013-03-27 11:09:54 -04:00
Yaroslav Halchenko 105306e1a8 Merge remote-tracking branch 'pr/117/head' -- SOGo filters
* pr/117/head:
  An example of failed logins against sogo
  Update sogo-auth.conf
  Update config/filter.d/sogo-auth.conf
  Create sogo-auth.conf
  Update config/jail.conf
2013-03-27 11:09:35 -04:00
Yaroslav Halchenko cd57d9c552 Merge pull request #155 from yarikoptic/master
TST+ENH: enable basic (smoke) testing of the default jail.conf + improve postfix filter
2013-03-27 05:43:55 -07:00
Yaroslav Halchenko 91d5736c12 ENH: postfix filter -- react also on (450 4.7.1) with empty from/to. fixes #126 2013-03-26 09:40:04 -04:00
Yaroslav Halchenko c06b7abb46 TST: basic testing of reading the shipped jail.conf (forcing all jails to be enabled) 2013-03-26 00:01:56 -04:00
Yaroslav Halchenko 7064a411c2 ENH: _copy_lines_between_files -- read all needed, and only then write/flush at once
I think this is the one which should resolve
https://github.com/fail2ban/fail2ban/issues/103
2013-03-25 23:05:55 -04:00
Yaroslav Halchenko 52af29a080 ENH: adding ability to incorporate tracebacks into log lines while running tests 2013-03-25 23:05:48 -04:00
Yaroslav Halchenko f72bc13111 BF: allow to wait longer for FilterPoll in test_move_file 2013-03-25 23:05:47 -04:00
Yaroslav Halchenko e6983b4f9b BF: Remove custom __str__ for MonitorFailures and just adjust __name__ of the generated class
Also to guarantee unique file names across tests -- append incremental
numeric suffix.

This should prevent unittest from not reporting specific unittest method names,
thus complicating the analysis of failures
2013-03-25 23:05:07 -04:00
Yaroslav Halchenko 755f27493e Merge branch '_tent/conf_d'. fixes #114
It also fixes #115 since current implementation provides similarly informative
error messages.  But see #153 for possible improvements

* _tent/conf_d:
  Reincarnated removed (by mistake) test for SplitAction
  ENH: made log messages while parsing files more informative + test for inaccessible file (Closes: gh-24)
  NF: allow customization configuration under corresponding .d directories (Closes gh-114)
  Fix up for warning/error for inaccessible config files
  Warn if config file present but unreadable

Conflicts:
	fail2ban-testcases
2013-03-25 11:53:45 -04:00
Yaroslav Halchenko 007827fac6 ENH: increase timeout to 20 sec from 10 sec in assert_correct_last_attempt
This is done with a hope to resolve randomly failing tests on travis-ci
and thus fixing the #103
2013-03-25 11:03:55 -04:00
Yaroslav Halchenko 3b4084d471 BF: fixing up for handling of TAI64N timestamps and adding some unittest for prev commit (not effective much though) 2013-03-25 10:41:13 -04:00
Artur Penttinen edc0eb2a9c Added testcase for MySQL date format to testcases/datedetectortestcase.py
and example of MySQL log file.
2013-03-25 16:00:07 +02:00
ArndRa ebb6e5f4eb An example of failed logins against sogo 2013-03-25 09:11:51 +01:00
Yaroslav Halchenko 996e23455c DOC: reverted unneeded stripping of DoW + added comments for why [:6] 2013-03-22 20:56:45 -04:00
Yaroslav Halchenko e3d3a6ac02 Merge branch 'datedetector-testcase' of https://github.com/kwirk/fail2ban
* 'datedetector-testcase' of https://github.com/kwirk/fail2ban:
  Correct datedetector testcases for TAI64N format
  Additional date/time formats for datedetector testcases
2013-03-22 20:27:39 -04:00
Steven Hiscocks ec87e3edbd TST: Break out server testcases that modify logging settings 2013-03-22 21:15:37 +00:00
Yaroslav Halchenko 99bf14851f BF+TST: Introduce delay before stopping all jails in testStartStopAllJail. fixes #146 2013-03-22 09:20:21 -04:00
Yaroslav Halchenko 1330c7d4b8 Merge branch 'socket-testcase' of https://github.com/kwirk/fail2ban
* 'socket-testcase' of https://github.com/kwirk/fail2ban:
  Update MANIFEST with and author of testcases/sockettestcase.py
  Added testcase for csocket and asyncserver
2013-03-17 10:10:11 -04:00
Steven Hiscocks 43b8a66482 Update MANIFEST with and author of testcases/sockettestcase.py 2013-03-17 09:18:14 +00:00
Steven Hiscocks 86d48a854f Correct datedetector testcases for TAI64N format 2013-03-16 18:18:27 +00:00
Steven Hiscocks 883892a683 Additional date/time formats for datedetector testcases
Also made a note that some workarounds for certain date/time formats
may cause week/year day to be incorrect. This does not affect
functionality of fail2ban so no urgency to fix.
2013-03-16 17:55:22 +00:00
Steven Hiscocks d4362859ef Added testcase for csocket and asyncserver 2013-03-11 17:22:57 +00:00
Steven Hiscocks 4bbbc07872 Added additional Transmitter tests, and some associated fixes
This includes some tweaks such that errors are raised for certain
commands
2013-03-10 14:55:39 +00:00
Daniel Black 3665e6dc44 Add development documentation and framework for code coverage measurement 2013-03-10 15:18:42 +11:00
Steven Hiscocks b36835f6f0 Added transmitter get cinfo option for action 2013-02-20 23:33:39 +00:00
Steven Hiscocks b6a68f5138 Fix for missing value in transmitter delaction 2013-02-20 23:24:46 +00:00
Steven Hiscocks 088e40c481 Rewrite and enable server testcase for Transmitter 2013-02-20 23:14:42 +00:00
Yaroslav Halchenko ec3080cba5 Reincarnated removed (by mistake) test for SplitAction 2013-02-17 17:21:03 -05:00
Yaroslav Halchenko 2312b1d950 ENH: made log messages while parsing files more informative + test for inaccessible file (Closes: gh-24) 2013-02-17 17:19:09 -05:00
Yaroslav Halchenko 9ba27353b6 NF: allow customization configuration under corresponding .d directories (Closes gh-114)
Additional changes:
  ENH: make basedir for Config's a kwarg to the constructor
  ENH: improved analysis/reporting on presence/accessibility of config
       files.  Got carried away and forgot about existing  work done by
	   Steven Hiscocks in the gh-115 -- will merge it in the next
       commit for the fair ack of his work

Now for any X.conf configuration file we have following ways to
provide customizations

  X.local -- read after .conf (kept for backward compatibility)
  X.d/ -- directory to contain additional .conf files, sorted
               alphabetically, e.g
  X.d/01_enable.conf       - to enable the jail
  X.d/02_custom_port.conf  - to change the port

X could be a 'jail' or 'fail2ban' or any other configuration file in
fail2ban.

Mention that all files still must contain the corresponding sections
(most of the time duplicating it across all of them).
2013-02-17 17:03:23 -05:00
Yaroslav Halchenko 5f2d3832f7 NF: roundcube-auth filter (to close Debian #699442, needing debian/jail.conf section) 2013-01-31 14:41:34 -05:00
Yaroslav Halchenko 9a39292813 ENH: Added login authenticator failed regexp for exim filter 2013-01-04 15:23:05 -05:00
Yaroslav Halchenko 21e966e4bb example logs should carry the same name as the filter they are devised for 2012-12-13 08:24:02 -05:00
pigsyn 123d457924 Update testcases/files/logs/Webmin 2012-12-13 08:33:07 +01:00
pigsyn 38dd1506cc Sample Webmin logs 2012-12-12 23:25:31 -08:00
Yaroslav Halchenko 68c1defb76 ENH: added dovecot example from Daniel Black + example with DoS attempt via injected rhost 2012-12-12 09:16:27 -05:00
Yaroslav Halchenko 6d804df504 Merge branch 'patch-2' of https://github.com/hamilton5/fail2ban (dovecot log examples)
* 'patch-2' of https://github.com/hamilton5/fail2ban:
  Update testcases/files/logs/dovecot
  Update testcases/files/logs/dovecot
2012-12-12 09:11:34 -05:00
hamilton5 ccc62ddbf3 Update testcases/files/logs/dovecot 2012-12-11 12:05:01 -05:00
Yaroslav Halchenko 67145d8b78 ENH: assure that all date templates have unique names 2012-12-11 11:18:52 -05:00
Yaroslav Halchenko 2b6366656f BF: make sorting of date templates stable
Before, it would first do stable sort followed with explicit reverse.
Now reverse is given as an argument to sort, and it results in actually
preserving the order in case of e.g. no sorting needed
2012-12-11 11:18:52 -05:00
hamilton5 c534c1d03d Update testcases/files/logs/dovecot 2012-12-11 11:05:22 -05:00
Yaroslav Halchenko fc27e00290 ENH: tune up sshd-ddos to use common.conf and allow training spaces 2012-12-07 15:24:34 -05:00
Yaroslav Halchenko 37a2e59d69 BF: guarantee that IP is stored as a base, non-unicode str (Closes gh-91)
Otherwise it might lead to spurious characters dumped into the
terminal at few places, unless casted upon every use in the logs.  To
prevent those issues in the source, store IP as a basic string if it
is a string at all
2012-11-26 12:01:42 -05:00
Yaroslav Halchenko f10537941b ENH: To help with gh-87 added hints into the log on some failure return codes (e.g. 0x7f00 for this one) 2012-11-07 11:33:17 -05:00
Yaroslav Halchenko 1e12c220e6 minor: added a note on now "negative" log entries on "POSSIBLE BREAK-IN ATTEMPT" 2012-11-05 21:22:33 -05:00
Yaroslav Halchenko 5becaf8ef2 BF: (python 2.[45]) store backends names in a list to use .index later on (Closes gh-83)
.index() got into tuple's API only in 2.6
2012-11-01 15:34:20 -04:00
François Boulogne 958a1b0a40 Lighttpd: support auth.backend = "htdigest" 2012-09-30 13:27:21 +02:00
Yaroslav Halchenko 2082fee7b1 ENH: match possibly present "pam_unix(sshd:auth):" portion for sshd (Closes: #648020) 2012-07-31 15:53:41 -04:00
Yaroslav Halchenko 6ad55f64b3 ENH: add wu-ftpd failregex for use against syslog (Closes: #514239) 2012-07-31 15:43:13 -04:00
Yaroslav Halchenko 337f3f6f7b ENH: 1 more sleep_4_poll to guarantee difference in time stamp 2012-07-19 23:07:08 -04:00
Yaroslav Halchenko e9964846fa ENH: few more delays for cases relying on time stamps 2012-07-19 21:41:04 -04:00
Yaroslav Halchenko a1a67d34a9 ENH: tests much more robust now across pythons 2.4 -- 2.7
* needed additional sleeps for polling filter since that one relies on
  time-stamps and too rapid changes would not be caught by the
  PollFilter
* in python 2.4, time stamps are up to a second (int's) so sleeps longer
* test_new_bogus_file -- just to make sure that addition of new files
  does not alter our monitoring
2012-07-19 17:29:12 -04:00
Yaroslav Halchenko 6ac9fd5d26 ENH: Filter's testcases -- rename, del + list again --- a bit unstable, might still fail from time to time 2012-07-19 13:30:01 -04:00
Yaroslav Halchenko 60260bce3d ENH: first working unittest for checking polling and inotify backends 2012-07-19 01:14:55 -04:00
Yaroslav Halchenko 0b842272e3 ENH: extended test LogfileMonitor 2012-07-18 10:26:42 -04:00
Yaroslav Halchenko 398cc73d3d Added few tests of FileFilter. yet to place them into a Jail-ed execution test
At the moment they are, despite  being provided different  backends,
pretty much test FileFilter functionality.
2012-06-30 00:35:08 -04:00
Yaroslav Halchenko 215c3cc5c5 ENH: added a basic test for FilterPoll for detection of modifications
The test class MonitorFailures is intended to be excercised for all
Filter*'s, i.e. backends. It is just atm it is useful only for Poll
2012-06-29 12:56:32 -04:00
Yaroslav Halchenko 3989d24967 BF: usedns=no was not working at all
it was not adding any detected address, IP or not to the list of failed attempts
This commit also adds appropriate unittest
2012-06-15 23:43:11 -04:00
Yaroslav Halchenko 971406f722 RF: filtertestcase.py to put common testing into a helping subroutine 2012-06-15 22:23:38 -04:00
Petr Voralek 4007751191 ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 (Closes: #669063) 2012-04-16 20:36:53 -04:00
Yaroslav Halchenko 71a3fb17e2 Merge remote-tracking branch 'gh-magicrhesus/master'
* gh-magicrhesus/master:
  Add the INCLUDE section to use __pid_re feature
  Disable asterisk jail by default
  Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
  Change NOTICE by NOTICE%(__pid_re)s
  Remove custom bantime
  Add sample log file for asterisk
  Add $ at the end of the failregex
  Add asterisk support

Conflicts:
	config/jail.conf -- placed asterisk jails before recidive and added blank lines after the jail headers
2012-02-28 12:03:16 -05:00
Xavier D 7a76838737 Add sample log file for asterisk 2012-02-13 17:57:55 +01:00
Yaroslav Halchenko b257be4cd1 BF+ENH: added %m-%d-%Y pattern + do not add %Y for Feb 29 fix if already present in the pattern
although %m-%d-%Y is ambioius with %d-%m-%Y it comes after so it should not
be too dangerous (i.e. in upcoming days having smth like 02-01 should work as before matching
first one first) and proper fix to select between the two should follow some time
soon
2012-01-28 12:43:42 -05:00
Lee Clemens d73a71f5cf ENH: Add usedns parameter for the jails
following commits were squashed from feature branch use_dns

commit 068c105eb5
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 22:19:04 2012 -0500

    Prevent warning when IP is read from log

commit 635ed36a8c
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 22:17:08 2012 -0500

    Removed logDebug

commit 24656d2812
Merge: 7957fbe c429f5c
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 21:13:11 2012 -0500

    Merge branch 'enh/use_dns' of github:leeclemens/fail2ban into enh/use_dns

    Conflicts:
    	testcases/filtertestcase.py

commit 7957fbe821
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 21:09:58 2012 -0500

    filtertestcase fixes from yarikoptic

commit 6ce9d04640
Author: Yaroslav Halchenko <debian@onerussian.com>
Date:   Tue Jan 10 19:26:05 2012 -0500

    RF: for consistency use_dns -> usedns

    I guess it was might fault of inconsistency suggesting that name.
    Other options/commands do not have _ in the names, so let it be
    consistent with the rest for now

commit cfb2c75b49
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 19:18:41 2012 -0500

    Updated DNSUtilsTests to test use_dns and added positive test to testTextToIp

commit f6186eff14
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 19:02:04 2012 -0500

    Changed wording of 'DNS Reverse lookup used' message

commit 82c62d29dc
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 18:53:17 2012 -0500

    Removed extraneous "n"

commit dc0ae21932
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 23:07:59 2012 -0500

    ENH: use_dns - removed debugging statements

commit 594e25818c
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 22:53:39 2012 -0500

    Added use_dns protocol to set and get per jail during runtime

commit 48ff80ffac
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 22:41:18 2012 -0500

    Completed use_dns for initial startup - with debugging statements

commit 0bdab4c2d7
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 20:05:35 2012 -0500

    ENH: Added use_dns option

commit 6d6b734ea5
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 20:01:34 2012 -0500

    ENH: Added use_dns option

commit 11ad2b6125
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 19:17:30 2012 -0500

    Added useDns flag to testcase

commit b48fa9b6af
Author: Lee Clemens <java@leeclemens.net>
Date:   Sun Jan 8 15:13:27 2012 -0500

    Added use_dns option in jail.conf

commit c429f5c91a
Merge: 4b18afb 0021906
Author: leeclemens <java@leeclemens.net>
Date:   Tue Jan 10 16:32:22 2012 -0800

    Merge pull request #3 from yarikoptic/enh/use_dns

    let's be consistent ;-)

commit 0021906358
Author: Yaroslav Halchenko <debian@onerussian.com>
Date:   Tue Jan 10 19:26:05 2012 -0500

    RF: for consistency use_dns -> usedns

    I guess it was might fault of inconsistency suggesting that name.
    Other options/commands do not have _ in the names, so let it be
    consistent with the rest for now

commit 4b18afb28a
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 19:18:41 2012 -0500

    Updated DNSUtilsTests to test use_dns and added positive test to testTextToIp

commit 4fae37e46f
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 19:02:04 2012 -0500

    Changed wording of 'DNS Reverse lookup used' message

commit e94806ce48
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 18:53:17 2012 -0500

    Removed extraneous "n"

commit 4d30c52907
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 23:07:59 2012 -0500

    ENH: use_dns - removed debugging statements

commit 76696d452a
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 22:53:39 2012 -0500

    Added use_dns protocol to set and get per jail during runtime

commit 0631618087
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 22:41:18 2012 -0500

    Completed use_dns for initial startup - with debugging statements

commit d23d495547
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 20:05:35 2012 -0500

    ENH: Added use_dns option

commit 9538553bc5
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 20:01:34 2012 -0500

    ENH: Added use_dns option

commit ae1e857e53
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 19:17:30 2012 -0500

    Added useDns flag to testcase

commit ace43eb941
Author: Lee Clemens <java@leeclemens.net>
Date:   Sun Jan 8 15:13:27 2012 -0500

    Added use_dns option in jail.conf
2012-01-12 23:23:41 -05:00
Lee Clemens 9092a63ce5 Changed TLDs to invalid domains, in accordance with RFC 2606 2012-01-07 15:39:31 -05:00
Leonardo Chiquitto a7d47e8b36 Update Free Software Foundation's address
The address has changed from "59 Temple Place, Suite 330, Boston,
MA  02111-1307  USA" to "51 Franklin Street, Fifth Floor, Boston,
MA  02110-1301, USA" some time ago.
2011-12-30 12:41:46 -05:00
François Boulogne 115092956f Correction of the IP in testcase for lighttpd 2011-12-25 20:15:57 +01:00
François Boulogne 683d4f269d modifications suggested by a referee (log ex+regexp) 2011-12-24 22:24:08 +01:00
Yaroslav Halchenko db39c7438a ENH: added custom timeformat with '.' as separator. Close gh-1
Probably evening effect -- can't understand why reported days of the weeks
differ and it was 1 originally at all.  Left as TODO
2011-11-21 20:01:15 -05:00
Yaroslav Halchenko fceff2d5b9 moving log samples under testcases/files 2011-11-18 11:57:20 -05:00
Yaroslav Halchenko 441cd891bc NF: adding unittests for previous commit 2011-11-18 10:16:17 -05:00
Yaroslav Halchenko 344effb437 ENH: minor unittest to see if tickets carry correct 'matches' 2011-10-07 15:49:47 -04:00
Yaroslav Halchenko ed6daa70bf ENH: modelines for emacs and vim to assure consistent indentation scheme (tabs) 2011-10-07 15:49:38 -04:00
Yaroslav Halchenko 94aa94e966 ENH: more human-accessible printout of the dates if any comparison fails 2011-10-07 15:15:18 -04:00
Cyril Jaquier 0cf733e878 - Fixed maxretry/findtime rate. Many thanks to Christos Psonis. Tracker #2019714.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@731 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-09 22:08:21 +00:00
Cyril Jaquier abd061bad8 - Changed <HOST> template to be more restrictive. Debian bug #514163.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@728 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-08 17:31:24 +00:00
Cyril Jaquier 09f41e485c - Fixed date values.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@650 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-02-02 20:07:06 +00:00
Cyril Jaquier 65dcbed591 - Split Filter into Filter and FileFilter.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@641 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-12-26 11:46:22 +00:00
Cyril Jaquier eae650fdfc - Refactoring. Merged failticket and banticket into ticket.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@638 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-12-17 20:00:36 +00:00
Cyril Jaquier cd012dda85 - Added svn:keywords
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@504 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-23 16:37:17 +00:00
Cyril Jaquier 0f31cc0feb - Added support for several "failregex" and "ignoreregex". This should simplify the configuration files.
- Configuration files are backward-compatible but need to be updated in order to take advantage of this feature.

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@503 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-23 16:31:00 +00:00
Cyril Jaquier b3143c723d - Fixed a bug in user defined regex/pattern date template
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@460 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-12 21:57:26 +00:00
Cyril Jaquier 150a6abd0d - Stop reading log file when jail is no more active
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@437 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-30 22:48:52 +00:00
Cyril Jaquier 5c668c8fed - Added action test case
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@429 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-23 20:13:21 +00:00
Cyril Jaquier e581913c1f - Added more filter test cases
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@425 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-19 21:50:30 +00:00
Cyril Jaquier ee86212435 - Updated testcases to fix the time using MyTime
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@419 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-18 22:35:32 +00:00
Cyril Jaquier 7b7d246a19 - Added DNS support for "ignoreip"
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@389 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-27 20:32:30 +00:00
Cyril Jaquier 4502c0f6ba - Organized imports (pylint)
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@382 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-25 17:03:48 +00:00
Cyril Jaquier c7451fa250 - Updated test cases
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@364 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-17 22:32:18 +00:00
Cyril Jaquier 7f7361a282 - Added Gamin (file and directory monitoring system) support
- If Gamin is not available, polling is used

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@355 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-14 22:05:32 +00:00
Cyril Jaquier e146d07394 - Added wildcards support for "logpath"
- Added "set <jail> addlogpath <path>" and "set <jail> dellogpath <path>"
- Adapted pyunit test

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@354 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-13 21:31:22 +00:00
Cyril Jaquier 8df771ce6b - Added one more test for the date detector
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@341 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-10 20:44:36 +00:00
Cyril Jaquier 438f0e8122 - Added date detector
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@326 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-05 21:17:35 +00:00
Cyril Jaquier 5c4a4f8726 - Updated setFailRegex() with group
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@285 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-20 22:54:53 +00:00