Commit Graph

2821 Commits (effdb450fc42ddf1169312b104e6f3678802442a)

Author SHA1 Message Date
Yaroslav Halchenko 6004fe7a94 just trailing spaces in setup.py 2013-02-11 16:17:52 -05:00
Yaroslav Halchenko 4d4c2d7e02 Brief changelog entry for multiline failregex. With this Close gh-54 2013-02-11 16:04:44 -05:00
Yaroslav Halchenko c7ae460b8a Merge remote-tracking branch 'github_kwirk_fail2ban/multi-line' into 0.9
* github_kwirk_fail2ban/multi-line:
  Revert changes to man/fail2ban-client.1
  Removed "common.local" include for FilterReader test
  Added 'maxlines' option to fail2ban-regex
  Regex get(Un)MatchedLines now returns whole lines only
  Added FilterReader test
  Added multiregex test for multi-line filter
  ignoreregex now functions correctly with multiline
  Minor typo in server/failregex.py
  Added <SKIPLINES> regex applicable for multi-line
  Sanitise testcase log 04
  Changed multi-line test to provided example
  Filter for multi-line now stores last time match
  Simplify and change some filter line buffer
  Initial changes and test for multi-line filtering
2013-02-11 16:01:11 -05:00
Yaroslav Halchenko 9dc662af27 Introducing 0.9.x series with 0.9.0a0
0.9.0a0 is chosen so that StrictVersion works within python 2.x
2013-02-11 16:00:05 -05:00
ArndRa 35bf84abad Create sogo-auth.conf
Regexp works with SOGo 2.0.5 or newer, following new feature implemented here: http://www.sogo.nu/bugs/view.php?id=2229
2013-02-11 08:19:48 -08:00
ArndRa 52f952e645 Update config/jail.conf
Update to use the new sogo-auth filter
2013-02-11 17:14:29 +01:00
Yaroslav Halchenko f8983872ad BF: return str(host) to avoid spurious characters in the logs (Close gh-113)
thanks to opoplawski@github
2013-02-01 16:24:04 -05:00
Yaroslav Halchenko 5f2d3832f7 NF: roundcube-auth filter (to close Debian #699442, needing debian/jail.conf section) 2013-01-31 14:41:34 -05:00
Steven Hiscocks 9c2e0cbbc8 Fix up for warning/error for inaccessible config files 2013-01-31 18:36:23 +00:00
Steven Hiscocks bf5f46c3d5 Warn if config file present but unreadable 2013-01-30 19:57:03 +00:00
Steven Hiscocks efea62e03f Revert changes to man/fail2ban-client.1 2013-01-28 20:47:32 +00:00
Steven Hiscocks 02218294bc Removed "common.local" include for FilterReader test 2013-01-28 18:41:12 +00:00
Yaroslav Halchenko d561a4c2bb BF: do not rely on scripts being under /usr -- might differ eg on Fedora -- rely on import of common.version (Closes gh-112)
This is also not ideal, since if there happens to be some systemwide common.version -- we are doomed

but otherwise, we cannot keep extending comparison check to /bin, /sbin whatelse
2013-01-28 09:54:12 -05:00
Yaroslav Halchenko acab23bdfe RF: move exceptions used by both client and server into common/exceptions.py
this prevents importing of server while operating with client only
2013-01-28 09:46:50 -05:00
Steven Hiscocks b48c17b8c4 Added 'maxlines' option to fail2ban-regex
This allows multi-line regex to be tested
2013-01-27 10:47:13 +00:00
Steven Hiscocks 99914ac0f3 Regex get(Un)MatchedLines now returns whole lines only
Fix issue where for regexs not anchored at start/end of line, that
getMatchedLines and getUnmatchedLines returned partial lines
2013-01-27 09:17:48 +00:00
Yaroslav Halchenko f8c8a5583e Merge remote-tracking branch 'gh-yarikoptic/master'
* gh-yarikoptic/master:
  BF: pyinotify - use bitwise op on masks and do not try tracking newly created directories
2013-01-26 12:36:49 -05:00
Yaroslav Halchenko c900c08eed Merge pull request #111 from opoplawski/nonettest
Initial support for --no-network option for fail2ban-testcases (Closes gh-110)
2013-01-25 16:45:01 -08:00
Orion Poplawski 431489c9b9 Remove unneeded setting of opts.no_network 2013-01-25 14:19:10 -07:00
Yaroslav Halchenko 6b2e76ba7f BF: pyinotify - use bitwise op on masks and do not try tracking newly created directories 2013-01-25 16:06:41 -05:00
Orion Poplawski fdd9dfb4b5 Initial support for --no-network option for fail2ban-testcases 2013-01-25 12:56:00 -07:00
Steven Hiscocks d05f420758 Added FilterReader test 2013-01-25 18:28:48 +00:00
Yaroslav Halchenko b8a861d012 Merge remote-tracking branch 'gh-yarikoptic/master'
* gh-yarikoptic/master:
  ENH: Added login authenticator failed regexp for exim filter
  DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333)
2013-01-25 13:27:30 -05:00
Steven Hiscocks 7234c2a3aa Added multiregex test for multi-line filter 2013-01-25 18:16:55 +00:00
Steven Hiscocks ea466d59f4 ignoreregex now functions correctly with multiline
Ignore regexs are now only compared to lines that match the failregex.
Supporting test also added for multiline regex and overlapping
multiline regex matches.
2013-01-25 18:11:40 +00:00
Yaroslav Halchenko 4a48844027 Merge pull request #107 from opoplawski/master
sshd filter - avoid banning on pam failures since might be too early. Close gh-106

If desired to ban on pam -- enable pam-generic filter, possibly even tuning in pam-generic.local the value for caught ttys in case of more detailed control needed

Provided example was:

 Jan 18 12:47:34 host sshd[23755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.123.123.123  user=myuser
 Jan 18 12:47:34 host sshd[23755]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.123.123.123 user=myuser
 Jan 18 12:47:34 host sshd[23755]: Accepted password for myuser from 123.123.123.123 port 50615 ssh2
2013-01-25 08:24:44 -08:00
Yaroslav Halchenko 7d630cb0de Merge pull request #109 from blotus/master
Escape ' and " in matches
2013-01-25 08:11:04 -08:00
blotus 96eb8986cc Escape ' and " in matches tag 2013-01-25 13:37:22 +01:00
Steven Hiscocks 28f68a693f Minor typo in server/failregex.py 2013-01-24 21:12:45 +00:00
Steven Hiscocks 9b4806bfd3 Added <SKIPLINES> regex applicable for multi-line
This allows lines captured by <SKIPLINES> regex to remain in the line
buffer in Filter
2013-01-24 18:20:43 +00:00
Steven Hiscocks 5952819a58 Sanitise testcase log 04 2013-01-23 19:32:55 +00:00
Steven Hiscocks 00ab425492 Changed multi-line test to provided example 2013-01-23 19:10:27 +00:00
Steven Hiscocks 055aeeb227 Filter for multi-line now stores last time match
This is useful for log files which dont contain a date/time on every
line
2013-01-23 18:42:25 +00:00
Steven Hiscocks 5c7e3841e0 Simplify and change some filter line buffer
Include change variable names to `fail2ban` style
2013-01-23 18:26:49 +00:00
Steven Hiscocks aec709f4c1 Initial changes and test for multi-line filtering 2013-01-22 20:54:14 +00:00
Orion Poplawski bb7628591c Update config/filter.d/sshd.conf
Do not trigger sshd bans on pam_unix authentication failures, this will trigger on successful logins on systems that use non-pam_unix authentication (sssd, ldap, etc.).
2013-01-18 14:44:49 -07:00
Yaroslav Halchenko 9a39292813 ENH: Added login authenticator failed regexp for exim filter 2013-01-04 15:23:05 -05:00
Yaroslav Halchenko b3d8ba146b DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333) 2013-01-04 15:23:05 -05:00
Yaroslav Halchenko 3ce53e8798 ENH: Added login authenticator failed regexp for exim filter 2013-01-04 15:22:18 -05:00
Yaroslav Halchenko 8f0c533d64 DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333) 2013-01-04 10:55:14 -05:00
Michael Gebetsroither 03433f79cd add example jail.conf for blocking through blackhole routes for ssh 2013-01-04 16:09:04 +01:00
Michael Gebetsroither f9b78ba927 add support for blocking through blackhole routes 2013-01-03 18:46:31 +01:00
Yaroslav Halchenko be06b1b914 Merge pull request #102 from grooverdan/ipset
Ipset
2012-12-30 19:51:15 -08:00
Daniel Black da0ba8ab4c ENH: add example jail for ipset 2012-12-31 14:38:51 +11:00
Daniel Black 9221886df6 more documentation and optimisations/fixes based on testing 2012-12-31 14:31:37 +11:00
Daniel Black abd5984234 base ipset support 2012-12-31 14:31:37 +11:00
Yaroslav Halchenko 05af52e833 ENH: fail2ban-regex -- __str__ for RegexStat + modeline 2012-12-24 11:05:44 -05:00
Yaroslav Halchenko 21e966e4bb example logs should carry the same name as the filter they are devised for 2012-12-13 08:24:02 -05:00
Yaroslav Halchenko f96ea013bb Merge pull request #99 from pigsyn/patch-2
Update config/filter.d/webmin-auth.conf for trailing spaces
2012-12-13 05:22:43 -08:00
pigsyn 123d457924 Update testcases/files/logs/Webmin 2012-12-13 08:33:07 +01:00