github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,703 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

4703 Commits (eddd0d2f25673f011ea64440af1527b3ef27ec03)

Author SHA1 Message Date
sebres eddd0d2f25 fail2ban-regex: fixed usage of foreign filter path with relative filename (outside of config-base directory): avoid join filter filename with 'filter.d' 2019-03-27 15:12:27 +01:00
Sergey G. Brester 0e5ce68d4c
Merge pull request #2348 from szepeviktor/deb-initd-retry 
Safer, nicer, uniform Debian initd script - into 0.10
 2019-03-27 14:00:40 +01:00
sebres 320e55b8d5 Merge branch 'master' into 0.10 (merge point only, no functional changes as dovecot_log already owns it from common in 0.10) 2019-03-26 13:40:40 +01:00
sebres 6fe6ebe039 Merge branch 'fix-xarf-abuse-action' into 0.10 (closes gh-2372) 2019-03-18 10:06:55 +01:00
sebres a7ccbd46dc test cases extended to cover xarf-login-attack action 2019-03-16 00:13:22 +01:00
sebres e8401a7e65 action.d/xarf-login-attack.conf: fixes gh-2372, correction for split of addresses, interpolation is shell-independent now, etc; 
extended with option `boundary`, additionally dynamic boundary part is used (is not so predictable as it was previously);
 2019-03-16 00:05:06 +01:00
sebres ec2b5dc483 fixed log-level in error case (logging error instead of Level 39) 2019-03-15 22:28:08 +01:00
Sergey G. Brester 7a7a905ab2
0.9 - Merge pull request #2339 from cFire/master 
Add override for dovecot failed logins on debian
 2019-03-14 11:45:46 +01:00
Eli Schwartz ebf2f28294 tmpfiles.d: don't use legacy directory path 
systemd 239 (released June 22) introduces a new warning for tmpfiles.d
snippets touching paths in /var/run instead of the canonical /run

See a2d1fb882c

Update to use the preferred path.
 2019-03-13 13:34:16 +01:00
sebres 741cf8fb0e Merge branch 'master-0.9' into 0.10 2019-03-12 16:58:08 +01:00
sebres f3cea45d2a Merge pull request #2290 from james-choncholas/0.11 (rebased) 2019-03-12 16:56:09 +01:00
sebres 1a9527e6a4 fixed catch-all on user (and simplifying) 2019-03-12 16:53:36 +01:00
jim a7f3ba87f6 filter.d/sogo-auth.conf: fixes gh-2289 - matching auth-failures when behind a proxy; 
(broken by commit 72b06479a5), replacement for gh-2290.
 2019-03-12 16:50:04 +01:00
Sergey G. Brester 415818d803
Merge pull request #2356 from sebres/0.10-th-stack-size 
default thread stack size
 2019-03-01 12:33:03 +01:00
Sergey G. Brester 6c14f1987f
Update ChangeLog 2019-03-01 12:31:17 +01:00
sebres 32ba74463f coverage - move to another tests (directly covering server) 2019-02-24 18:43:23 +01:00
sebres f6468e753b resolves py3.x compat issues in tests 2019-02-24 17:14:53 +01:00
sebres fffeb7785c code review 2019-02-24 16:56:13 +01:00
sebres 3c70fe298a closes gh-969: introduces new section `[Thread]` and option `stacksize` to configure default stack-size of the threads running in fail2ban. Example: 
```ini
[Thread]
stacksize = 32
```
 2019-02-24 16:45:14 +01:00
Sergey G. Brester af18993ba2
Merge pull request #2245 from benrubson/loglevel 
badips.py: extended option `loglevel` to supply different log-level to the summary
 2019-02-22 14:25:03 +01:00
Sergey G. Brester 410a9804b1
Update ChangeLog 2019-02-22 14:23:05 +01:00
sebres 3fcb0a868d test-cases: availability of badips-service - avoid sporadic errors (like "The handshake operation timed out") during setup of tests 2019-02-22 14:07:11 +01:00
sebres 5126068099 loglevel and shortloglevel combined to single parameter loglevel, below an example logging summary with NOTICE and rest with DEBUG log-levels: 
action = badips.py[... , loglevel="debug, notice"]
 2019-02-22 14:05:19 +01:00
Ben RUBSON 34edec297b Add changelog entry 2019-02-22 13:33:08 +01:00
benrubson 689938ee99 Add a shortloglevel badips.py option 2019-02-22 13:32:46 +01:00
sebres 140243328f coverage: try to avoid sporadic "coverage decreased" in CI 2019-02-22 13:20:40 +01:00
Sergey G. Brester 7e46ceed7e
Merge pull request #2353 from Yannik/patch-3 
Add asterisk ipv6 test cases with and without port (related to #2317)
 2019-02-22 13:09:21 +01:00
sebres 3d7b072a15 covering short form of IPv6 (written-out full form of IPv6 is safe, no matter with or without square brackets) 2019-02-22 12:50:34 +01:00
Yannik Sembritzki 62acaae327 Add asterisk ipv6 test cases with and without port (related to #2317) 2019-02-22 12:43:07 +01:00
Sergey G. Brester d3f6d6ffdd
Merge pull request #2286 from crazy-max/0.10 
New filter `traefik-auth`
 2019-02-21 22:27:04 +01:00
Sergey G. Brester dcede9b3f1
comment rewritten (belongs to the filter) 2019-02-21 22:26:28 +01:00
Sergey G. Brester d84fb8a4b1
regex rewritten (more secure now, resolves catch-all vulni) 2019-02-21 22:19:04 +01:00
sebres 9ed35c423a Merge branch '0.9' into 0.10 (gh-2317) 2019-02-21 20:13:54 +01:00
Sergey G. Brester 5c44ca714f
Merge pull request #2317 from Yannik/patch-2 
Fix asterisk filter not catching attackers when port is logged (in pjsip module)
 2019-02-21 20:09:05 +01:00
sebres 883864c774 optimizes processing of server-configuration stream by start and reload (no interim outputs produced, several calls of get-functions avoided also). 2019-02-21 15:54:56 +01:00
sebres 34dba44816 MANIFEST: forgotten test file 2019-02-21 15:50:12 +01:00
Sergey G. Brester 487e19420e
Merge pull request #2351 from sebres/0.10-multi-ban-unban-in-jail 
fail2ban-client: multi ban/unban and attempt for set jail
 2019-02-21 15:42:00 +01:00
Sergey G. Brester a48d50efc0
Update ChangeLog 2019-02-21 14:37:07 +01:00
sebres fc92021211 coverage and few enhancements 2019-02-21 14:36:18 +01:00
sebres 2dd3c546dd small code review (normalization and duplicated codes removal) 2019-02-20 16:48:11 +01:00
sebres 00a6717953 fail2ban-client: extended with new feature which allows to inform fail2ban about single or multiple attempts (failure) for IP (failure-ID), syntax: 
set <JAIL> attempt <IP> [<failure1> ... <failureN>]
 2019-02-20 16:47:53 +01:00
sebres 84cec5e861 implements gh-2349: `fail2ban-client set jain banip/unbanip ip1 .. ipN` extended to ban/unban multiple tickets; 
reorganized banning facilities (addBannedIP moved from filter to actions in order to ban directly without implication of fail-manager in between.
 2019-02-20 14:56:00 +01:00
sebres e30ebb1f3b closes gh-2277: fixed and optimized cache facilities (operations on OrderedDict are not atomic); increased max-size of IPAddr cache; don't cache raw objects (it is fast enough). 2019-02-18 17:05:11 +01:00
sebres 14f997231d add test case to cover gh-2277, testOverflowedIPCache testing overflow of IP-cache multi-threaded (2 "parasite" threads flooding cache) 2019-02-18 16:56:43 +01:00
Viktor Szépe 824afbf52d Fix whitespaces 2019-02-17 09:12:30 +00:00
Viktor Szépe 24b0e048d1 Normalizing quote usage in initd 2019-02-17 09:08:59 +00:00
Yaroslav Halchenko c545315192 ENH: travis - run shellcheck on files/debian-initd 2019-02-17 09:08:43 +00:00
Yaroslav Halchenko 62f957973d ENH: disable shell check for $DAEMON_ARGS expansion 2019-02-17 09:08:32 +00:00
Viktor Szépe dfd2a2063d Safer, nicer, uniform Debian initd script 2019-02-17 09:08:29 +00:00
Cool Fire 27526e431b Changes static logfile string to variable 
Since we don't want to re-declare a log file name we already
have a varialbe for, use the existing variable to set dovecot_log.
 2019-02-13 10:10:24 +01:00