e323c148e1
backend systemd: fixes error "local variable 'line' referenced before assignment", introduced in 55d7d9e214f72bbe4f39a2d17aa004d80bfc7299;
...
don't update database too often (every 10 ticks or ~ 10 seconds in production);
closes gh-3097
2021-09-08 19:44:49 +02:00
1e4a14fb25
pyinotify: fixes sporadic runtime error "dictionary changed size during iteration" (if something outside changes the pending dict during _checkPending evaluation) - simply deserialize to a list for iteration, without any lock, because unneeded here due to small and mostly empty dictionary (logrotate, etc), not to mention that pending check is normally called once per minute;
...
don't call process file inside of server thread calling of addLogPath (always retard it as pending event);
ensure to wake-up as soon as possible to process pending events (e. g. if file gets added).
2021-09-08 19:17:44 +02:00
2f99d5accb
test coverage for unhandled exception in run of several filter (gh-3097)
2021-09-08 18:22:31 +02:00
e3f2fcfab4
merge point (GHSA-m985-3f3v-cwmm 0.9/0.10)
2021-07-07 11:50:49 +02:00
2ed414ed09
fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence
...
closes GHSA-m985-3f3v-cwmm for 0.9
2021-07-07 11:46:28 +02:00
410a6ce5c8
fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence
2021-06-21 17:12:53 +02:00
92f90038fa
filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553
2021-05-29 21:12:34 +02:00
8b984a0135
filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553)
2021-05-29 20:47:56 +02:00
6be1a5a0b1
filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)
2021-05-29 20:25:28 +02:00
8afea37494
filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757)
2021-05-29 20:09:57 +02:00
c5f1598a21
filter.d/postfix.conf: extended to cover new vectors:
...
- reject: BDAT/DATA from (gh-2927)
- (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else)
- matches "Command rejected" and "Data command rejected" now
2021-05-29 19:48:24 +02:00
ae3e9b9149
filter.d/postfix.conf: extended to cover 2 new vectors:
...
- RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995
- 550 5.7.25 Client host rejected, gh-2996
review combining several regex to single one
2021-05-29 19:21:27 +02:00
87f717e0e0
filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012)
2021-05-29 18:45:59 +02:00
1627d4f573
filter.d/sendmail-auth.conf: user not found, closes gh-3030
2021-05-25 23:16:29 +02:00
ef5c826c74
fixes search for the best datepattern (gh-3020) - e. g. if line is too short, boundaries check for previously known unprecise pattern may fail on incomplete lines (logging break-off, no flush, etc)
2021-05-07 01:18:54 +02:00
2918849f9e
fixes precise year pattern %ExY - accept years 20xx up to current century (using almost the same pattern in tests and production now)
2021-05-07 01:10:26 +02:00
319cfefac2
fix travis build (unsupported pythons and pypy versions), update 3.10 in GH actions
2021-04-27 13:41:57 +02:00
d3f5d2d52b
documentation (interpolation tags)
2021-04-21 11:50:07 +02:00
f0214b3d36
filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments
2021-04-20 18:13:40 +02:00
d135aeea16
fixes restore of original logging withing tests (`LogCaptureTestCase.tearDown`) - python 3 seemed still to log wordy after tear down (setting of log.level does not restore the level for related log objects - e. g. for logger of `fail2ban.jail` etc, so `fail2ban-testcases '(testVersion|testLongName).*servertest'` generating messages in stdout handler in testLongName)
2021-03-24 14:14:47 +01:00
8757563be1
close fork
2021-03-23 14:20:10 +01:00
e587526ede
tests: add missing constraint (causing incomplete comparison in below cycle if fewer lines as expected was found)
2021-03-22 00:56:40 +01:00
04aba6168c
fixed typo, `--` is not expected in options declaration, so `--dump-pretty` did never work (only `--dp` is working)
2021-03-03 13:02:00 +01:00
a45b1c974c
filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast);
...
closes gh-2951
2021-03-02 19:35:27 +01:00
63acc862b1
`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action
2021-02-24 18:21:42 +01:00
6f4b6ec8cc
action.d/badips.* removed (badips.com is no longer active, gh-2889)
2021-02-24 13:05:04 +01:00
e3d43d1241
Merge branch 'fix-rc-on-too-many-failures' into 0.10: resolves RC with uncontrolled growth of failure list (jail with too many matches that did not cause ban, gh-2945)
2021-02-24 12:45:15 +01:00
92a2242174
amend fixing journal tests (systemd backend only)
2021-02-23 15:54:48 +01:00
e353fb8024
fixed test cases (ban ASAP also followed in test suite now, so failure reached maxretry causes immediate ban now)
2021-02-23 02:46:44 +01:00
55d7d9e214
*WiP* try to solve RC on jails with too many failures without ban, gh-2945 ...
2021-02-22 18:39:58 +01:00
294ec73f62
Merge branch 'py-3-10-alpha-5' into 0.10
2021-02-17 18:49:06 +01:00
9f1d1f4fbd
amend for `Mapping` (jails)
2021-02-17 18:47:42 +01:00
42dee38ad2
amend for `Mapping`
2021-02-17 18:47:40 +01:00
2b6bb2c1be
follow bpo-37324: :ref:`collections-abstract-base-classes` moved to the :mod:`collections.abc` module
...
(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
2021-02-17 18:47:38 +01:00
8ae9208454
try to provide coverage for 3.10-alpha.5 ( #2931 )
2021-02-17 18:47:32 +01:00
366c64cb9d
extractOptions: ensure options are parsed completely - avoids unexpected skip or truncate of parameters, produces more verbose error message in case of incorrect syntax; added more tests covering several cases
...
WARN: potential incompatibility (since it doesn't silently ignore wrong syntax anymore)
2021-02-03 14:45:30 +01:00
c75748c5d3
fail2ban.conf: added new fail2ban configuration option "allowipv6" (default auto), can be used to allow or disallow IPv6 interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces).
...
closes gh-2804
2021-01-27 17:06:14 +01:00
3700a9e523
invalidate IP/DNS caches by reload, so inter alia would allow to recognize IPv6IsAllowed immediately, previously retarded up to cache max-time (5m);
...
closes gh-2804
2021-01-26 20:35:14 +01:00
913c37db80
more fixes and optimizations, better RE's for patterns, allow parse date without time with such a datepattern (assume 00:00:00 then), etc
2021-01-21 19:00:56 +01:00
0f44a3408a
amend to 747d4683221b5584f9663695fb48145689b42ceb:
...
fail2ban-regex: loosen up date patterns %ExY, %Exy - let accept every year from 19xx up to current century (+3 years)
2021-01-21 19:00:53 +01:00
164105fab1
added new parameter `namespace` for systemd backend
...
closes gh-2910
2021-01-16 17:10:12 +01:00
5f3f4d1e2f
action.d/cloudflare.conf: better IPv6 capability
...
closes gh-2891
2021-01-11 15:23:40 +01:00
9df332fdef
filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...);
...
closes gh-2908
2021-01-11 15:10:53 +01:00
747d468322
fixes century selector of %ExY and %Exy in datepattern for tests, considering interval from 2005 (alternate now) to now; + better grouping algorithm for resulting century RE
2021-01-04 02:45:16 +01:00
73b39e0894
filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp)
...
closes gh-2899
2020-12-29 21:22:47 +01:00
27e435a7f5
fix cymru test cases
2020-12-22 20:36:01 +01:00
e768f8637a
release 0.10.6 -- just what the doctor ordered
2020-11-23 19:37:26 +01:00
79b61e009a
ChangeLog
2020-11-23 19:18:35 +01:00
7965d652a1
filter.d/dovecot.conf: allow more verbose logging
...
closes #2573
2020-11-23 18:17:29 +01:00
a6de9459fc
typo
2020-11-23 18:08:38 +01:00
sebres