f088e7bf76
Merge branch '0.10' into 0.11
2020-03-02 17:10:48 +01:00
6281dc3633
failmanager, ticket: avoid reset of retry count by pause between attempts near to findTime - adjust time of ticket will now change current attempts considering findTime as an estimation from rate by previous known interval (if it exceeds the findTime);
...
this should avoid some false positives as well as provide more safe handling around `maxretry/findtime` relation especially on busy circumstances.
2020-03-02 17:05:00 +01:00
4766547e1f
performance optimization of `datepattern` (better search algorithm);
...
datetemplate: improved anchor detection for capturing groups `(^...)`; introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex;
datedetector: speedup special case if only one template is defined (every match wins - no collision, no sorting, no other best match possible)
2020-02-28 14:27:21 +01:00
c15c300d2a
Merge branch '0.10' into 0.11
2020-02-25 17:11:29 +01:00
e6ca04ca9d
Merge branch '0.10' into 0.11 + version bump (back to dev)
2020-02-25 16:10:31 +01:00
2e42b98cd3
Merge pull request #2638 from gurnec/pypy-ulimit-fix
...
close Popen() pipes explicitly for PyPy
2020-02-25 15:31:31 +01:00
6c6cf2a956
small amend (avoid possible error by close of not existing pipe)
2020-02-25 15:06:04 +01:00
df885586d4
close Popen() pipes explicitly for PyPy
...
Waiting for garbage collection to close pipes opened by Popen() can
lead to "Too many open files" errors with PyPy; close them explicitly.
2020-02-25 14:55:10 +01:00
e57e950ef5
version bump (back to dev)
2020-02-25 14:51:54 +01:00
ab3a7fc6d2
filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect
2020-02-17 16:24:42 +01:00
7282cf91b0
Merge branch '0.10' into 0.11
2020-02-14 12:13:29 +01:00
b3644ad413
code normalization and optimization (strip of trailing new-line, date parsing, ignoreregex mechanism, etc)
2020-02-13 21:52:54 +01:00
91eca4fdeb
automatically create not-existing path (last level folder only) for pidfile, socket and database (with default permissions)
2020-02-13 13:50:17 +01:00
14e68eed72
performance: set fetch handler getGroups depending on presence of alternate tags in RE (simplest variant or merged with alt-tags) in regex constructor
2020-02-13 12:31:15 +01:00
9137c7bb23
filter processing:
...
- avoid duplicates in "matches" (previously always added matches of pending failures to every next real failure, or nofail-helper recognized IP, now first failure only);
- several optimizations of merge mechanism (multi-line parsing);
fail2ban-regex: better output handling, extended with tag substitution (ex.: `-o 'fail <ip>, user <F-USER>: <msg>'`); consider a string containing new-line as multi-line log-excerpt (not as a single log-line)
filter.d/sshd.conf: introduced parameter `publickey` (allowing change behavior of "Failed publickey" failures):
- `nofail` (default) - consider failed publickey (legitimate users) as no failure (helper to get IP and user-name only)
- `invalid` - consider failed publickey for invalid users only;
- `any` - consider failed publickey for valid users too;
- `ignore` - ignore "Failed publickey ..." failures (don't consider failed publickey at all)
tests/samplestestcase.py: SampleRegexsFactory gets new failJSON option `constraint` to allow ignore of some tests depending on filter name, options and test parameters
2020-02-13 12:28:07 +01:00
1492ab2247
improve processing of pending failures (lines without ID/IP) - fail2ban-regex would show those in matched lines now (as well as increase count of matched RE);
...
avoid overwrite of data with empty tags by ticket constructed from multi-line failures;
amend to d1b7e2b5fb2b389d04845369d7d29db65425dcf2: better output (as well as ignoring of pending lines) using `--out msg`;
filter.d/sshd.conf: don't forget mlf-cache on "disconnecting: too many authentication failures" - message does not have IP (must be followed by "closed [preauth]" to obtain host-IP).
2020-02-11 18:44:36 +01:00
ac8e8db814
travis: switch 3.8-dev to 3.8 (released)
2020-02-11 14:18:58 +01:00
d7643fe538
Merge pull request #2630 from fail2ban/gh-2200-postfix
...
filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth
2020-02-11 12:44:21 +01:00
88cf5bcd93
Update postfix
2020-02-10 13:41:28 +01:00
774dda6105
filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth
2020-02-10 13:29:16 +01:00
34d63fccfe
close gh-2629 - jail.conf (action_blocklist_de interpolation): replace service parameter (use jail name instead of filter, which can be empty)
2020-02-10 13:03:55 +01:00
01333fc3e2
Merge branch '0.10' into 0.11
2020-02-07 13:55:20 +01:00
7a28861fc7
review of command line: more long-named options can be supplied via command line
2020-02-07 13:52:45 +01:00
3f48907064
amend to f3dbc9dda10e52610e3de26f538b5581fd905505: change main thread-name back to `fail2ban-server`;
...
implements new command line option `--pname` to specify it by start of server (default `fail2ban-server`);
closes gh-2623 (revert change of main thread-name, because it can affect process-name too, so `pgrep` & co. may be confused)
2020-02-07 11:08:01 +01:00
9c7bd80807
fail2ban-regex: stop endless logging on closed streams (redirected pipes like `... | head -n 100`), exit if stdout channel is closed
2020-02-03 20:09:13 +01:00
a7c68ea19f
Merge branch '0.10' into 0.11
2020-01-28 21:47:55 +01:00
12b3ac684a
closes #2615 : systemd backend would seek to last known position (or `now - findtime`) in journal at start.
2020-01-28 21:45:30 +01:00
cd42cb26d6
database: try to fix `out of sequence` error on some old platform / sqlite versions ( #2613 ) - repack iterator as long as in lock (although dirty read has no matter here and only writing operations should be serialized, but to be sure and exclude this as source of that errors).
2020-01-27 12:57:29 +01:00
569dea2b19
filter.d/mysqld-auth.conf: capture user name in filter (can be more strict if user switched, used in action or fail2ban-regex output);
...
also add coverage for mariadb 10.4 log format (gh-2611)
2020-01-22 17:24:40 +01:00
9e6d07d928
testSampleRegexsFactory: `time` is not mandatory anymore (check time only if set in json), allows usage of same line(s) matching different `logtype` option:
...
`# filterOptions: [{"logtype": "file"}, {"logtype": "short"}, {"logtype": "journal"}]`
2020-01-22 17:19:35 +01:00
3befbb1770
improved wait for observer stop on server quit (second stop would force quit), this also cause reset db in observer (to avoid out of sequence errors) before database gets ultimately closed at end of server stop process (gh-2608)
2020-01-20 16:45:01 +01:00
d2d3762ba9
Merge pull request #2605 from angeloc/0.11
...
Fixing --withouth-test install option
2020-01-16 13:45:49 +01:00
5fa1f69264
setup.py: adding option to install without tests
...
Tests files are not always needed especially when installing on low
resource systems like an embedded one.
This patch adds the --without-tests option to skip installing the
tests files.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-01-16 12:28:42 +01:00
3965d690b1
Revert "setup.py: adding option to install without tests"
...
Test should actually removed from the stup data in finalize_options
instead of being added back.
This reverts commit 9b918bba2f
2020-01-16 12:05:13 +01:00
50fbcda8b6
Merge branch '0.10' into 0.11
2020-01-15 21:54:37 +01:00
8dc6f30cdd
closes #2596 : fixed supplying of backend-related `logtype` to the jail filter - don't merge it (provide as init parameter if not set in definition section), init parameters don't affect config-cache (better implementation as in #2387 and it covered now with new test)
2020-01-15 21:49:51 +01:00
9f701bb611
Merge branch '0.10' into 0.11
2020-01-15 13:26:46 +01:00
05f9e53660
Merge branch '0.10-invariant-improve' into 0.10
2020-01-15 13:26:15 +01:00
d4c921c22a
amend to 31b8d91ba2211595182d8d3fe6d89034b562aef0: tag `<family>` is normally dynamic tag (ticket related), so better to replace it this way (may avoid confusing if tag is used directly during restore sane env process for both families); conditional replacement is not affected here
2020-01-15 13:22:55 +01:00
8694c54728
increase test stack size to 128K (on some platforms min size is greater then 32K), closes gh-2597
2020-01-14 11:51:27 +01:00
70e47c9621
Merge branch '0.10' into 0.11
2020-01-14 11:44:35 +01:00
ec37b1942c
action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596)
2020-01-14 11:39:13 +01:00
31a6c8cf5d
closes gh-2599: fixes `splitwords` for unicode string
2020-01-13 20:12:16 +01:00
b158f83aa3
testIPAddr_CompareDNS: add missing network constraint (gh-2596)
2020-01-13 12:37:19 +01:00
d004a2c79b
release 0.11.1 -- This is the Way
2020-01-11 11:01:00 +01:00
27fb4790fb
Merge branch '0.10' into 0.11
2020-01-10 15:17:54 +01:00
b25d8565fc
release 0.10.5 -- Deserve more respect a jedi's weapon must. Hrrrm, Yes
2020-01-10 13:34:46 +01:00
4e4bd43e5e
small amend for d1b7e2b5fb2b389d04845369d7d29db65425dcf2: double usage string removed, spacing fixed
...
generate-man: small fixing (avoid ../bin in usage, version fix
2020-01-10 13:28:20 +01:00
4860d69909
Merge branch '0.10' into 0.11
2020-01-09 20:55:00 +01:00
f77398c49d
filter.d/sshd.conf: captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra` (with supplied user only) and `ddos`/`aggressive` mode (`normal` mode is not affected, used there just as a helper with `<F-NOFAIL>` to capture IP for multiline failures without IP);
...
closes gh-2115, gh-2362.
2020-01-09 20:53:53 +01:00
sebres