github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
6,051 Commits
34 Branches
230 Tags
19 MiB
Commit Graph

6051 Commits (e3ab969047cd340333dba9fc27b253797efa1dfc)

Author SHA1 Message Date
sebres e3ab969047 increase interval for up-to-date check (to 1 minute) after error, to avoid continuous flood in log on further possible errors 2025-03-04 00:07:31 +01:00
sebres 9145db8de3 small code review of FileIPAddrSet: encapsulate check for changed logic to _isModified and slightly increase coverage for it (latency, changed, unchanged) 2025-03-03 23:59:36 +01:00
sebres 7233edd0bf amend ChangeLog updated: `ignoreip` extended with `file:...` syntax to ignore IPs from file-ip-set; 
+ silence codespell
 2025-03-03 20:07:05 +01:00
sebres c54f1a4603 Merge branch 'ignore-file-ip-addr-set': 
configuration `ignoreip` and fail2ban-client commands `addignoreip`/`delignoreip` extended with `file:...` syntax to ignore IPs from file-ip-set (containing IP, subnet, dns/fqdn or raw strings);
the file would be read lazy on demand, by first ban (and automatically reloaded by update after small latency to avoid expensive stats check on every compare);
the entries inside the file can be separated by comma, space or new line with optional comments (text following chars # or ; after space or newline would be ignored up to next newline)
 2025-03-03 20:00:32 +01:00
sebres 5bea1c87f1 add few comments to test-ign-ips-file for the sake of completeness and coverage 2025-03-03 19:52:23 +01:00
sebres 6efa3a3144 man extended (`ignoreip` supports file://path/file-with-ip-set) 2025-03-03 19:19:21 +01:00
sebres fe37047061 test coverage for FileIPAddrSet and ignoreip for file://... 2025-03-03 19:06:08 +01:00
sebres 81a5b1596b filter and configuration `ignoreip` extended with file:... to ignore IPs from file-ip-set (containing IP, subnet, dns/fqdn or raw strings); the file would be read lazy on demand, by first ban (and automatically reloaded by update after small latency) 2025-03-03 19:03:48 +01:00
sebres d684339edd allow comments in file with ip-set: text followed # or ; chars after space or newline would be ignored 2025-03-03 19:00:09 +01:00
sebres bdae15b522 ipdns.py: implemented FileIPAddrSet supporting file with IP-set, what may contain IP, subnet, or dns, with lazy load and dynamically reloaded by changes (with small latency to avoid expensive stats check on every compare) 2025-03-03 18:40:15 +01:00
Sergey G. Brester c9b5e845ba
`action.d/cloudflare-token.conf`: fixes `actionunban` retrieving of CF-ID from IP: 
force adding parameters to URL as query string (add `-G` to curl);
closes gh-3952
 2025-03-01 20:19:35 +01:00
Sergey G. Brester e5199aee92
action.d/ufw.conf: update comment: 
fix syntax in example, because `dst` as command parameter doesn't have precedence over or-expression, so second `sport` would ignore `dst` and kill any connection for https regardless the IP
 2025-03-01 00:23:55 +01:00
sebres 1c61836169 main.yml: merge branch 'gha-try-new-runner': 
- update runner image (20.04 gets end of date)
- update python versions (v.3.7 is unsupported for 24.04, bump v.3.14 to next alpha)
 2025-02-25 18:38:19 +01:00
Sergey G. Brester fdac34a3ee
main.yml: update python versions 
v.3.7 is unsupported for 24.04, bump v.3.14 to next alpha
 2025-02-25 18:29:26 +01:00
Sergey G. Brester c340fb0ef4
main.yml: update runner image 
(20.04 gets end of date)
 2025-02-25 18:24:40 +01:00
sebres 882e6d5e00 `filter.d/exim.conf` - mode `aggressive` extended to catch dropped by ACL failures, e.g. "ACL: Country is banned" 2025-02-10 17:30:07 +01:00
Sergey G. Brester 2d736ad755 small amend 2025-01-31 19:54:24 +01:00
Sergey G. Brester a44c8dc3ec
Update FILTERS: clarify and improve docu, update some urls, etc 
(related #3934)
 2025-01-31 19:51:29 +01:00
Sergey G. Brester 6fb3532c45
Merge pull request #3931 from brianjmurrell/patch-2 
`from '[^']*'` is not always present …
 2025-01-30 14:06:00 +01:00
sebres a1268f37c3 amend (move ChangeLog entry) 2025-01-30 14:04:00 +01:00
sebres b55c20594e `paths-common.conf`: changed default `mysql_log` path (default `logpath` of `mysqld-auth` jail without maintainer overrides); adjusted comments (`log_error_verbosity = 3` instead of `log-warnings = 2`) 
closes gh-3932
 2025-01-30 14:00:43 +01:00
Sergey G. Brester 6d3308ecb4
Merge pull request #2702 from pburndorfer/master 
New openvpn jail
 2025-01-30 13:16:44 +01:00
Brian J. Murrell b8ab346257
Merge branch 'fail2ban:master' into patch-2 2025-01-29 19:36:54 -05:00
sebres d2c60a168f combine several regexes to single RE 2025-01-30 01:13:49 +01:00
sebres e1fc569291 normalize jail (defaults, etc); added missing tests for all REs; common prefix for failregex, no catch-alls, etc 2025-01-30 01:13:48 +01:00
Philipp Burndorfer 95710e9dac Adapted changelog. 2025-01-30 01:13:47 +01:00
Philipp Burndorfer 88385eb6c1 New openvpn jail. 2025-01-30 01:13:46 +01:00
sebres 7a5e2c8419 Merge branch 'example-com-ips': fixed test-suite (adjusted fqdn/ips, codespell) 2025-01-30 01:12:37 +01:00
sebres 8c6d7dc12f GHA main.yml: update python versions ('3.14.0-alpha.4') 2025-01-30 01:09:20 +01:00
sebres 5b6c13f0aa example.com changes the IPs, again... additionally it got more IPs, which look unstable now (depends on resolver), so replaced with fail2ban.org, that seems to resolve to single IPv4 and IPv6 (can be adjusted later for something more persistent) 2025-01-30 01:05:30 +01:00
sebres 155a0855f2 silence codespell 2025-01-29 21:59:35 +01:00
Brian J. Murrell eb1fc5b261
Add test line 
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
 2025-01-28 13:22:04 -05:00
Brian J. Murrell 325613a8f8
from '[^']*' is not always present … 
In the message from asterisk.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
 2025-01-28 13:09:29 -05:00
sebres 9dde3d019e typo, shall be negative lookbehind ignoring escaped open parenthesis, like `\(?iu)` 2024-12-29 20:27:03 +01:00
sebres a796cc9b91 `filter.d/dropbear.conf`: failregex extended to match different format of "Exit before auth" message; 
closes gh-3791
 2024-12-27 16:43:33 +01:00
Sergey G. Brester 4b6f69a14a
Merge pull request #3597 from MichaIng/patch-1 
Fix Dropbear filter when logging to STDOUT
 2024-12-27 16:16:34 +01:00
MichaIng eb8b44370a
Make Dropbear regex more compatible and simpler 
Dropbear uses `strftime` `"%b %d %H:%M:%S` to print its timestamps, hence we know the day and time format, but the month could be localized. We hence allow any 3 word characters for it, and additionally simplify the day and time pattern into a single group.

Signed-off-by: MichaIng <micha@dietpi.com>
 2024-12-27 14:00:36 +07:00
Sergey G. Brester b7b1fff53c
Update ChangeLog 2024-12-27 14:00:35 +07:00
Sergey G. Brester 62aeb55b63
dropbear test: added description 2024-12-27 13:59:36 +07:00
MichaIng dd9f359f5c
Fix Dropbear filter when logging to STDOUT 
Since Debian Bookworm, the distribution ships Dropbear with a native systemd service instead of the default upstream init.d service, and accordingly uses the `-F` and `-E` flags, to run it in foreground and have it logging to STDOUT instead of syslog.

As usual, timestamps and also the PID are now included by the log message emitted by Dropbear, in addition to the systemd journal log prefix.

The Dropbear filter hence does not match anymore. This commit adds the PID and timestamp as optional pattern between prefix and fail log text, to support Dropbear on Debian Bookworm and newer (and likely new versions of other distros) without breaking the old pattern when running Dropbear without `-E` flag.

Additionally, for performance reasons, this commit adds a `journalmatch` entry, matching Debian's and Fedora's `dropbear.service` with `dropbear` executable/identifier, the most likely match for a Dropbear systemd service.

Signed-off-by: MichaIng <micha@dietpi.com>
 2024-12-27 13:59:35 +07:00
sebres 89b5f3bb1e `filter.d/sshd.conf`: `ddos` and `aggressive` modes, regex extended for timeout before authentication (optional connection from part); 
closes gh-3907
 2024-12-26 14:24:15 +01:00
Sergey G. Brester 51358e1587
Merge pull request #3636 from szepeviktor/typos 
Fix more typos
 2024-12-21 19:31:54 +01:00
Jesús Cea d89ded39b0 Trivial typo in "jail.conf.5" 2024-12-21 19:28:55 +01:00
Sergey G. Brester b6aebc333c
Merge pull request #3903 from pano9000/docs_status-flavor 
docs: explicitly list supported status flavors
 2024-12-21 18:43:32 +01:00
Panagiotis Papadopoulos d38f233e91 docs: explicitly list status flavors 2024-12-20 08:42:19 +01:00
Sergey G. Brester a6ca6e2a26
Merge pull request #3897 from pano9000/master 
docs: Remove outdated link to sourcecodebrowser
 2024-12-16 13:09:23 +01:00
Panagiotis Papadopoulos a57a768cb8 docs: Remove outdated link to sourcecodebrowser 2024-12-14 02:04:15 +01:00
sebres 4151eeccfe fixes mistaken usage of ignoreregex from filter, if ignoreregex is supplied with command line; 
also avoid after-effect with "IndexError: list index out of range" from onIgnoreRegex (the lists of REs are different in filter and fail2banregex);
closes gh-3895
 2024-12-11 21:55:20 +01:00
sebres 91c27d0600 `filter.d/freeswitch.conf`: bypass some new info in prefix before [WARNING] (changed default `_pref_line`); 
closes gh-3143
 2024-12-04 16:56:23 +01:00
sebres 12ff98027f GHA main.yml: update python versions ('3.13.0', '3.14.0-alpha.1') 2024-11-07 19:32:31 +01:00