github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
6,135 Commits
34 Branches
230 Tags
19 MiB
Commit Graph

6135 Commits (e84c1108c2bea6cb01d2dc787d13be091bdc7304)

Author SHA1 Message Date
Bill e84c1108c2
Merge e1bb0ef4cb into 793d0c6555 2025-07-21 01:53:14 +00:00
Bill e1bb0ef4cb
Merge branch 'master' into sendmail 2025-07-20 21:53:11 -04:00
bill c2bcdbe4e4 remove the host ip from this match because it is not present in the current log line, but cached from prior mlfid 2025-07-20 21:36:20 -04:00
Sergey G. Brester 793d0c6555
Merge pull request #4037 from kusaka-0107/fix/asterisk-conf-regex 
filter.d/asterisk: fix regex to match "No matching endpoint found" with retry info (like `after X tries in Y ms`)
 2025-07-20 15:17:17 +02:00
Sergey G. Brester 7bb86822d0
Update ChangeLog 2025-07-20 15:15:38 +02:00
Sergey G. Brester 6d3bfa8781
revert RE back, but relive the end-anchor a bit (ignore any text without single quote, so also preventing false match by injection on foreign data) 2025-07-20 15:04:15 +02:00
177ac b309cf6b3c Add test line 2025-07-20 18:06:33 +09:00
177ac e97df4672a filter.d/asterisk: fix regex to match "No matching endpoint found" with retry info 2025-07-20 18:05:35 +09:00
sebres 1c2ace2958 GHA: update python 3.14.0-beta.4 2025-07-13 01:08:50 +02:00
sebres b710d5b6c7 `filter.d/sendmail-reject.conf` - also recognize "Domain of sender address ... does not resolve"; 
closes gh-4035
 2025-07-13 01:03:53 +02:00
bill 21fe225f5e fix unit tests for nofail mlfid caching 2025-07-07 11:02:34 -04:00
bill baeaf262e3 test cases 2025-07-06 23:09:18 -04:00
sebres dc899e438f avoid error "Unable to get failures" by stop (if file gets removed from filter, but filter already entered getFailures for the file); 
closes gh-4032
 2025-07-07 01:04:35 +02:00
Bill Forsyth 8e68cbcd19 add optional regex for 450 errors (bad/no PTR) 
Extpression matches these lines:

Jun 18 08:05:17 <mail.notice> myhost sm-mta[17002]: 55IC59VD017002: ruleset=check_rcpt, arg1=<spameri@tiscali.it>, relay=[45.125.66.67], reject=450 4.4.0 <spameri@tiscali.it>... Relaying temporarily denied. Cannot resolve PTR record for 45.125.66.67
Jun 18 08:39:01 <mail.notice> myhost sm-mta[18321]: 55ICcxnU018321: ruleset=check_rcpt, arg1=<spameri@tiscali.it>, relay=[45.125.66.67], reject=450 4.4.0 <spameri@tiscali.it>... Relaying temporarily denied. Cannot resolve PTR record for 45.125.66.67
Jun 19 15:57:25 <mail.notice> myhost sm-mta[1995]: 55JJvOSJ001995: ruleset=check_rcpt, arg1=<spameri@tiscali.it>, relay=[165.154.217.238], reject=450 4.4.0 <spameri@tiscali.it>... Relaying temporarily denied. Cannot resolve PTR record for 165.154.217.238
Signed-off-by: bill <git@billforsyth.net>
 2025-06-27 12:48:40 -04:00
Bill Forsyth 8fe2697a34 update regex for modern sendmail 
Signed-off-by: bill <git@billforsyth.net>
 2025-06-17 13:55:27 -04:00
sebres 86b9adb2f5 workflows/publish.yml: amend (allow manual trigger for publishing) 2025-06-16 22:09:46 +02:00
sebres 85faeab644 workflows/publish.yml: flow to publish package on pypi 2025-06-16 21:55:58 +02:00
Sergey G. Brester 9ef134c17d
Merge pull request #4016 from nabbi/dovecot-2.4 
add Dovecot 2.4 support
 2025-06-15 18:09:40 +02:00
Sergey G. Brester 8a4f373617
integrate new RE in already existing (combine new and old format) 2025-06-15 18:07:43 +02:00
Nic Boet 646832d5bd dovecot 2.4 into changelog 
Signed-off-by: Nic Boet <nic@boet.cc>
 2025-06-13 17:00:47 -05:00
Nic Boet 04ff4c060c Dovecot 2.4 filter support 
Dovecot 2.4 release is a major upgrade
Logger event structure has changed, all messages are now
prefixed with:

        "Login aborted: " <reason> "auth failed"

Maintain 2.3 support as many folks have yet to migrate,
community edition is still receiving cretial security patches

Dovecot 2.4.1
Python 3.12.10

Signed-off-by: Nic Boet <nic@boet.cc>
 2025-06-13 16:44:57 -05:00
Sergey G. Brester cfa3356e0f
Merge pull request #4001 from sebres/f2b-regex--inverted-out 
fail2ban-regex: new feature `-i` or `--invert` to output not-matched lines by `-o` or `--out`
 2025-06-03 22:23:19 +02:00
sebres 4254d6bcd3 man and changelog 2025-06-03 22:19:54 +02:00
Sergey G. Brester afe9bc08ec
Merge pull request #4006 from pzl/smtp-py-wrap 
Line-wrap long messages in smtp.py
 2025-06-02 12:40:45 +02:00
pzl a5d7127109
construct smtp.py email wrap long lines 
RFC 5322 2.1.1 requires <=998 chars per line.
If matches are included, and are very long lines,
the email will be rejected. Constructing the mail
as a message instead of a subpart (mimetext) fixes this
 2025-05-20 14:55:03 -04:00
sebres cca2de984f fail2ban-regex: implemented new feature `-i` or `--invert` - inverting the sense of matching, to output non-matching lines. 2025-05-06 18:15:05 +02:00
Sergey G. Brester f7aaaf50b8
`filter.d/exim.conf`: colon must be outside of F-RCPT group 2025-04-27 23:00:09 +02:00
sebres f0a083449a coverage for non zero journalflags 2025-04-24 00:12:26 +02:00
sebres 9ecf6150c8 increase max wait time a bit - some (systemd) tests may fail occasionally in fast mode 2025-04-24 00:11:45 +02:00
sebres cbc3cb431c amend to a0093b557e (systemd-review): flags cannot be specified simultaneously with files too; 2025-04-24 00:04:37 +02:00
Sergey G. Brester d731b385f9
Merge pull request #3909 from avcbvamorec/patch-1 
Enhancement on iptables: allow bans to be effective on multiple chains at the same time
 2025-04-17 12:46:51 +02:00
Sergey G. Brester 52d239483d
typo 2025-04-16 17:18:36 +02:00
sebres 0d4a926029 ChangeLog (enhancement and compat entries) 2025-04-16 17:13:58 +02:00
sebres cbe14c70c5 iptables.conf rewritten to affect all derivative actions (multiple chains are also supported by `iptables-ipset` etc); 
iptables-xt_recent-echo.conf adjusted to be compatible to new syntax of inherited iptables.conf;
test coverage fixed to new handling
 2025-04-16 16:56:46 +02:00
Arnaud 37f72f88ef Reverting chains to chain in order to preserve backward compatibilityu 
backing to the option named "chain", using "iteredchain" a new variable to iterate over.
 2025-04-16 16:06:29 +02:00
Arnaud 139151ec81 Update iptables.conf - allow bans to be efective on multiple chains at the same time 
This patch allows the ban to be applied on the INPUT and the FORWARD chain at the time. May be useful at least on routing devices and on docker hosting machines.
 2025-04-16 16:06:28 +02:00
sebres c76e90fbb1 * Merge pull request #3940 from exim-pr-mode-more 
`filter.d/exim.conf` - fewer REs by default, introduces mode `more`
 2025-04-02 15:11:38 +02:00
Sergey G. Brester 6538d43a8e
Update ChangeLog 2025-04-02 14:57:03 +02:00
Sergey G. Brester bfd80ce522
Merge pull request #3979 from LearningSpot/vaultwarden 
Added jail for Vaultwarden
 2025-04-02 14:41:38 +02:00
Sergey G. Brester 70ce1cef08
Update ChangeLog 2025-04-02 14:40:04 +02:00
Sergey G. Brester 426eeca62a
fixed times in test-log (test suite working in TZ CET) 2025-04-02 13:52:58 +02:00
Sergey G. Brester 6104444bb4
improve regex (anchored from left, no catch-alls, `<ADDR>` for IP, etc) 2025-04-01 17:28:58 +02:00
Rajib Sharia cf9135983c
Update jail.conf 
Added jail for vaultwarden
 2025-04-01 20:40:15 +08:00
Rajib Sharia c7f7bc55bb
Create vaultwarden.conf 
Filter for unsuccessful Vaultwarden authentication attempts
 2025-04-01 20:36:53 +08:00
Rajib Sharia 6b57e46070
Create vaultwarden test log 2025-04-01 20:32:00 +08:00
sebres fc3e8a5d37 remove help command from protocol (the command was never supported); 
closes gh-3241
 2025-03-31 02:29:51 +02:00
sebres 1d6ff06856 amend to a0093b557e920d5635ee714b8ba87c4b588651fe: filter only readable journal files by retrieving non-rotated files (if user is not root) 2025-03-31 02:28:40 +02:00
sebres 767c89f863 satisfy spellcheck 2025-03-31 01:27:52 +02:00
sebres a0093b557e Merge branch 'systemd-review' 
Large set of fixes and enhancements for `systemd` and `auto` backends:
* fixes `systemd` bug with missing journal descriptor after rotation by reopening of journal if it is recognized as not alive (gh-3929)
* improve threaded clean-up of all filters, new thread functions `afterStop` (to force clean-up after stop) and `done`, invoking `afterStop` once
* ensure journal-reader is always closed (additional prevention against leaks and "too many open files"), thereby avoid sporadic segfault in systemd module (see https://github.com/systemd/python-systemd/issues/143)
* fixes `systemd` causing "too many open files" error for a lot of journal files and large amout of systemd jails (see new parameter `rotated` below, gh-3391);
* backend `systemd` extended with new parameter `rotated` (default `false`, as prevention against "too many open files"),
  that allows to monitor only actual journals and ignore now a lot of rotated files by default; so can drastically reduce
  amount of used file descriptors, normally to 1 or 2 descriptors per jail (gh-3391)
* implements automatic switch `backend = auto` to backend `systemd`, when the following is true (RFE gh-3768):
  - no files matching `logpath` found for this jail;
  - no `systemd_if_nologs = false` is specified for the jail (`true` by default);
  - option `journalmatch` is set for the jail or its filter (otherwise it'd be too heavy to allow all auto-jails,
    even if they have never been foreseen for journal monitoring);
  (option `skip_if_nologs` will be ignored if we could switch backend to `systemd`)
 2025-03-31 01:18:53 +02:00
sebres d5718503ad update changelog and documentation (new features and handling) 2025-03-31 01:13:02 +02:00