Commit Graph

57 Commits (e584ab66ac06c4679261e518ea0e6a94cb45f979)

Author SHA1 Message Date
Yaroslav Halchenko f1b6806eb4 Merge branch 'master' into 0.9
* master: (51 commits)
  ENH: Use real (resolving) example.com instead of test.example.com
  DOC: Slight tune ups to ChangeLog -- we must release!
  Changelog entries for the latest merges
  BF: add bash-completion to MANIFEST
  DOC: ChangeLog for default action type change
  ENH: consolidate where blocktype is defined for iptables rules
  BF: default type to unreachable
  ENH: separate out regex and escape a .
  ENH: logs/sshd -- have ":" after [daemon] (other uses are uncommon)
  ENH: logs/sshd -- use example.com as the resolved hostname in sample log lines
  ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
  DOC: Drop sudo from bash-completion
  DOC: Added bash-completion script
  ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
  ENH: Removed unused log line
  ENH: logrotate file
  BF: missed MANIFEST include
  BF: missed MANIFEST include
  BF: missed MANIFEST include
  ENH: some form of logrotate based on what distros are doing
  ...

Conflicts:
	ChangeLog
	MANIFEST
	client/actionreader.py
	config/jail.conf
	fail2ban/server/datedetector.py
	fail2ban/tests/datedetectortestcase.py
2013-05-08 13:53:38 -04:00
Yaroslav Halchenko 571cadd80c ENH: Use real (resolving) example.com instead of test.example.com 2013-05-08 10:30:38 -04:00
Yaroslav Halchenko 976a65bb89 Merge branch 'bsd_logs' of https://github.com/grooverdan/fail2ban
* 'bsd_logs' of https://github.com/grooverdan/fail2ban:
  ENH: separate out regex and escape a .
  BF: missed MANIFEST include
  DOC: credits for bsd log
  DOC: bsd syslog files thanks to Nick Hilliard
  BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD

Conflicts:
	config/filter.d/common.conf
2013-05-08 10:30:04 -04:00
Yaroslav Halchenko 5e1d8b07e8 ENH: logs/sshd -- have ":" after [daemon] (other uses are uncommon)
See https://github.com/fail2ban/fail2ban/issues/216\#issuecomment-17535577
for the analysis
2013-05-07 12:30:05 -04:00
Yaroslav Halchenko ffcac2ccee ENH: logs/sshd -- use example.com as the resolved hostname in sample log lines 2013-05-07 12:26:13 -04:00
Yaroslav Halchenko 2143cdff39 Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups
Origin: from https://github.com/jamesstout/fail2ban

* 'OpenSolaris' of https://github.com/jamesstout/fail2ban:
  ENH: Removed unused log line
  BF: fail2ban.local needs section headers
  ENH: Use .local config files for logtarget and jail
  ENH+TST: ssh failure messages for OpenSolaris and OS X
  ENH: fail message matching for OpenSolaris and OS X
  ENH: extra daemon info regex
  ENH: actionunban back to a sed command
  Readme for config on Solaris
  create socket/pid dir if needed
  Extra patterns for Solaris
  change sed to perl for Solaris

Conflicts:
	config/filter.d/sshd.conf
2013-05-06 11:11:12 -04:00
jamesstout 932bd102fe ENH: Removed unused log line
removed #9 per
https://github.com/fail2ban/fail2ban/pull/182#discussion_r4068885
2013-05-04 18:38:05 +08:00
Daniel Black cde7108033 DOC: bsd syslog files thanks to Nick Hilliard 2013-05-03 16:12:19 +10:00
Enrico Labedzki 24a8d07c20 added new date format support for ASSP SMTP Proxy 2013-05-03 00:56:46 -04:00
jamesstout 018913db6a ENH+TST: ssh failure messages for OpenSolaris and OS X 2013-04-30 04:24:56 +08:00
Daniel Black 0ac8746d05 ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458 2013-04-28 11:03:44 +10:00
Yaroslav Halchenko 7a385fd442 BF: Move mysqld.log into a new location under fail2ban module 2013-04-09 19:46:24 -04:00
Yaroslav Halchenko e630b77fca Make fail2ban a full blown module. Close gh-26
AKA: Merge remote-tracking branch 'github_kwirk_fail2ban/module' into 0.9

* github_kwirk_fail2ban/module:
  BF: Added test filter.d files to setup.py package data
  TST: Fix up tests from multiline elements broken in previous merge
  TST: clientreader test now use /etc/fail2ban/ if no local config/
  ENH+TST: Move fail2ban-* scripts to bin/
  TST+ENH: Move testcases to part of fail2ban module
  TST: Update Travis CI coverage config for python module structure
  ENH+BF+TST+DOC: Make fail2ban a python module

Conflicts:
	.travis.yml -- the line for PYTHONPATH
	.travis_coveragerc -- now we do cover gamin tests
2013-04-09 19:39:58 -04:00
Yaroslav Halchenko ebfb9422d8 Merge branch 'master' into 0.9
* master:
  ENH: for consistency (and future expansion ;)) -- rename to mysqld-auth
  Adjusting previous PR (MySQL logs) according to my comments
  TST: Add gamin testing for and only coveralls coverage for python2.7
  change the license to GPLv2 + adapat text
  TST: Add gamin support for Travis CI
  fix the script name to check_fail2ban everywhere
  Replace the check_fail2ban script by a new one which respects the Nagios specs (like status, output, perfdata, help...). Also add a README which includes the content of f2ban.txt (which is now removed)
  Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
  Added support for MySQL logfiles
2013-04-09 18:49:18 -04:00
Yaroslav Halchenko ffaa9697ee Adjusting previous PR (MySQL logs) according to my comments 2013-04-09 18:00:40 -04:00
Yaroslav Halchenko 3e6be243bf Merge branch 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban
* 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban:
  Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
  Added support for MySQL logfiles

Conflicts:
	testcases/datedetectortestcase.py -- conflictde with other added test cases
2013-04-09 17:55:14 -04:00
Steven Hiscocks c4bdc48edb TST: Fix up tests from multiline elements broken in previous merge 2013-04-06 10:15:43 +01:00
Steven Hiscocks 8e0f5f8ea6 Merge branch '0.9' into module
Conflicts:
	fail2ban/tests/clientreadertestcase.py
	fail2ban/tests/filtertestcase.py
2013-04-06 09:57:44 +01:00
Steven Hiscocks e3bd2042eb TST+ENH: Move testcases to part of fail2ban module
This allows fail2ban-testcases to be run on an installed fail2ban
instance.
TODO: Fix tests requiring config files
2013-04-01 11:22:40 +01:00
Yaroslav Halchenko 03f6c42352 Merge commit '0.8.8-160-g74e76e0' into 0.9
* commit '0.8.8-160-g74e76e0': (65 commits)
  TST+BF: Use separate coveragerc for Travis CI
  RF+TST: bring inBanList back from private to protected and enabled its rudimentary unittests
  TST: coverage ignore Travis CI python virtual environments
  ENH: increase waiting to 4 sec for gamin/pyinotify
  TST+BF: Fix incorrect commands for coveralls support
  TST: Add support for coveralls for python 2.6 and python 2.7
  ENH: deleted trailing spaces in fail2ban- cmdline tools
  DOC: minor change -- refer to the fail2ban manpage
  TST: be more aggressive in cleanup of temp files + use mktemp instead of mkstemp
  ENH(BF?): overload open() (for buffering) within filtertestcase to guarantee atomic writing
  BF: delay check for the existence of config directory until read()
  DOC: minor fix ups of manpages. fixes #159
  non-static (get|set)BaseDir for Configurator. fixes #160
  ENH: Slight tune ups for fresh SOGo filter + comment into the sample log file
  ENH: postfix filter -- react also on (450 4.7.1) with empty from/to. fixes #126
  TST: basic testing of reading the shipped jail.conf (forcing all jails to be enabled)
  ENH: allow to force enable all jails (for testing), do not crash for jails without actions (just warn)
  ENH: minor -- add default value into the warning if option had none provided
  ENH: _copy_lines_between_files -- read all needed, and only then write/flush at once
  ENH: move pyinotify callback debug message into callback + delay string interpolations
  ...

Conflicts:
	fail2ban-testcases
	testcases/clientreadertestcase.py -- fix for setBaseDir will follow
2013-03-30 18:29:39 -04:00
Yaroslav Halchenko 72b06479a5 ENH: Slight tune ups for fresh SOGo filter + comment into the sample log file 2013-03-27 11:09:54 -04:00
Yaroslav Halchenko 105306e1a8 Merge remote-tracking branch 'pr/117/head' -- SOGo filters
* pr/117/head:
  An example of failed logins against sogo
  Update sogo-auth.conf
  Update config/filter.d/sogo-auth.conf
  Create sogo-auth.conf
  Update config/jail.conf
2013-03-27 11:09:35 -04:00
Yaroslav Halchenko 91d5736c12 ENH: postfix filter -- react also on (450 4.7.1) with empty from/to. fixes #126 2013-03-26 09:40:04 -04:00
Artur Penttinen edc0eb2a9c Added testcase for MySQL date format to testcases/datedetectortestcase.py
and example of MySQL log file.
2013-03-25 16:00:07 +02:00
ArndRa ebb6e5f4eb An example of failed logins against sogo 2013-03-25 09:11:51 +01:00
Yaroslav Halchenko c7ae460b8a Merge remote-tracking branch 'github_kwirk_fail2ban/multi-line' into 0.9
* github_kwirk_fail2ban/multi-line:
  Revert changes to man/fail2ban-client.1
  Removed "common.local" include for FilterReader test
  Added 'maxlines' option to fail2ban-regex
  Regex get(Un)MatchedLines now returns whole lines only
  Added FilterReader test
  Added multiregex test for multi-line filter
  ignoreregex now functions correctly with multiline
  Minor typo in server/failregex.py
  Added <SKIPLINES> regex applicable for multi-line
  Sanitise testcase log 04
  Changed multi-line test to provided example
  Filter for multi-line now stores last time match
  Simplify and change some filter line buffer
  Initial changes and test for multi-line filtering
2013-02-11 16:01:11 -05:00
Yaroslav Halchenko 5f2d3832f7 NF: roundcube-auth filter (to close Debian #699442, needing debian/jail.conf section) 2013-01-31 14:41:34 -05:00
Steven Hiscocks 02218294bc Removed "common.local" include for FilterReader test 2013-01-28 18:41:12 +00:00
Steven Hiscocks d05f420758 Added FilterReader test 2013-01-25 18:28:48 +00:00
Steven Hiscocks 7234c2a3aa Added multiregex test for multi-line filter 2013-01-25 18:16:55 +00:00
Steven Hiscocks ea466d59f4 ignoreregex now functions correctly with multiline
Ignore regexs are now only compared to lines that match the failregex.
Supporting test also added for multiline regex and overlapping
multiline regex matches.
2013-01-25 18:11:40 +00:00
Steven Hiscocks 9b4806bfd3 Added <SKIPLINES> regex applicable for multi-line
This allows lines captured by <SKIPLINES> regex to remain in the line
buffer in Filter
2013-01-24 18:20:43 +00:00
Steven Hiscocks 5952819a58 Sanitise testcase log 04 2013-01-23 19:32:55 +00:00
Steven Hiscocks 00ab425492 Changed multi-line test to provided example 2013-01-23 19:10:27 +00:00
Steven Hiscocks 055aeeb227 Filter for multi-line now stores last time match
This is useful for log files which dont contain a date/time on every
line
2013-01-23 18:42:25 +00:00
Steven Hiscocks aec709f4c1 Initial changes and test for multi-line filtering 2013-01-22 20:54:14 +00:00
Yaroslav Halchenko 9a39292813 ENH: Added login authenticator failed regexp for exim filter 2013-01-04 15:23:05 -05:00
Yaroslav Halchenko 21e966e4bb example logs should carry the same name as the filter they are devised for 2012-12-13 08:24:02 -05:00
pigsyn 123d457924 Update testcases/files/logs/Webmin 2012-12-13 08:33:07 +01:00
pigsyn 38dd1506cc Sample Webmin logs 2012-12-12 23:25:31 -08:00
Yaroslav Halchenko 68c1defb76 ENH: added dovecot example from Daniel Black + example with DoS attempt via injected rhost 2012-12-12 09:16:27 -05:00
hamilton5 ccc62ddbf3 Update testcases/files/logs/dovecot 2012-12-11 12:05:01 -05:00
hamilton5 c534c1d03d Update testcases/files/logs/dovecot 2012-12-11 11:05:22 -05:00
Yaroslav Halchenko fc27e00290 ENH: tune up sshd-ddos to use common.conf and allow training spaces 2012-12-07 15:24:34 -05:00
Yaroslav Halchenko 1e12c220e6 minor: added a note on now "negative" log entries on "POSSIBLE BREAK-IN ATTEMPT" 2012-11-05 21:22:33 -05:00
François Boulogne 958a1b0a40 Lighttpd: support auth.backend = "htdigest" 2012-09-30 13:27:21 +02:00
Yaroslav Halchenko 2082fee7b1 ENH: match possibly present "pam_unix(sshd:auth):" portion for sshd (Closes: #648020) 2012-07-31 15:53:41 -04:00
Yaroslav Halchenko 6ad55f64b3 ENH: add wu-ftpd failregex for use against syslog (Closes: #514239) 2012-07-31 15:43:13 -04:00
Yaroslav Halchenko 3989d24967 BF: usedns=no was not working at all
it was not adding any detected address, IP or not to the list of failed attempts
This commit also adds appropriate unittest
2012-06-15 23:43:11 -04:00
Petr Voralek 4007751191 ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 (Closes: #669063) 2012-04-16 20:36:53 -04:00