Commit Graph

1686 Commits (f2d75f612ad23e5934e94b900eea213c52fed35d)

Author SHA1 Message Date
Yaroslav Halchenko 6495942550 DOC: minor (untabify, utf8) for ChangeLog 2012-07-30 13:57:00 -04:00
Yaroslav Halchenko 25077092e9 adjusted revision 2012-07-20 09:56:36 -04:00
Yaroslav Halchenko 954254008b Merge commit '0.8.6-100-gdca5634' into debian-devel -- inotify backend should work
* commit '0.8.6-100-gdca5634':
  RF: reordered tests + enabled gamin now that its fix is pending in Debian
  ENH+BF: filtergamin -- to be more inline with current design of filterinotify
  ENH: 1 more sleep_4_poll to guarantee difference in time stamp
  ENH: few more delays for cases relying on time stamps
2012-07-20 09:55:37 -04:00
Yaroslav Halchenko dca5634717 Merge branch '_enh/test_backends' -- fixing inotify backend, RF backends, unittests
* _enh/test_backends:
  RF: reordered tests + enabled gamin now that its fix is pending in Debian
  ENH+BF: filtergamin -- to be more inline with current design of filterinotify
  ENH: 1 more sleep_4_poll to guarantee difference in time stamp
  ENH: few more delays for cases relying on time stamps
  ENH: tests much more robust now across pythons 2.4 -- 2.7
  BF+RF: pyinotify refreshes watcher upon CREATE, unified/simplified *(add|del)LogPath among *Filters
  ENH: fail2ban-testcases -- custom logging format to ease debugging, non-0 exit code in case of failure
  ENH: Filter's testcases -- rename, del + list again --- a bit unstable, might still fail from time to time
  BF: pyinotify -- monitor the parent directory for IN_CREATE + process freshly added file (Closes gh-44)
  ENH: first working unittest for checking polling and inotify backends
  RF/BF: just use pyinotify.ThreadedNotifier thread in filterpyinotify
  RF: filter.py -- single readline in a loop
  ENH: FilterPoll -- adjusted some msgs + allowed to operate without jail (for testing)
  Minor additional comment to DEVELOP
  ENH: extended test LogfileMonitor
2012-07-20 09:50:08 -04:00
Yaroslav Halchenko 481b1530d6 RF: reordered tests + enabled gamin now that its fix is pending in Debian
reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542361
2012-07-19 23:08:33 -04:00
Yaroslav Halchenko c6f5d854d3 ENH+BF: filtergamin -- to be more inline with current design of filterinotify 2012-07-19 23:07:43 -04:00
Yaroslav Halchenko 337f3f6f7b ENH: 1 more sleep_4_poll to guarantee difference in time stamp 2012-07-19 23:07:08 -04:00
Yaroslav Halchenko e9964846fa ENH: few more delays for cases relying on time stamps 2012-07-19 21:41:04 -04:00
Yaroslav Halchenko b8a8720a49 updated changelog 2012-07-19 17:30:25 -04:00
Yaroslav Halchenko cbce65574b Merge commit '0.8.6-95-gc0c1232' into debian-devel
* commit '0.8.6-95-gc0c1232':
  ENH: tests much more robust now across pythons 2.4 -- 2.7
  BF+RF: pyinotify refreshes watcher upon CREATE, unified/simplified *(add|del)LogPath among *Filters
  Ask users to report bugs to github's issues
  Replace "|" with "_" in ipmasq-ZZZzzz|fail2ban.rul (Closes gh-66)
2012-07-19 17:29:54 -04:00
Yaroslav Halchenko c0c1232c5f Merge branch 'master' into _enh/test_backends
* master:
  Ask users to report bugs to github's issues
  Replace "|" with "_" in ipmasq-ZZZzzz|fail2ban.rul (Closes gh-66)
2012-07-19 17:29:35 -04:00
Yaroslav Halchenko a1a67d34a9 ENH: tests much more robust now across pythons 2.4 -- 2.7
* needed additional sleeps for polling filter since that one relies on
  time-stamps and too rapid changes would not be caught by the
  PollFilter
* in python 2.4, time stamps are up to a second (int's) so sleeps longer
* test_new_bogus_file -- just to make sure that addition of new files
  does not alter our monitoring
2012-07-19 17:29:12 -04:00
Yaroslav Halchenko d9248a6cf8 BF+RF: pyinotify refreshes watcher upon CREATE, unified/simplified *(add|del)LogPath among *Filters
* all of the *Filters had too much of common logic in their *LogPath
  methods, which is now handled by FileFilter and derived classes only
  add custom actions in corresponding _(add|del)LogPath methods

pyinotify:

* upon CREATE event:
  - unknown files should not be handled at all
  - "watcher" for the monitored files should be recreated.
    Lead to adding _(add|del)FileWatcher helper methods
* callback now obtains full event to judge what to do
2012-07-19 17:26:09 -04:00
Yaroslav Halchenko b33ae8c194 Ask users to report bugs to github's issues 2012-07-19 14:51:46 -04:00
Yaroslav Halchenko f6137c4def Adjusting the patch new path to report bugs 2012-07-19 14:50:51 -04:00
Yaroslav Halchenko 7dbbc61319 adjusted revision 2012-07-19 14:06:44 -04:00
Yaroslav Halchenko 09dd317b20 Merge commit '0.8.6-90-g08564bd' into debian-devel
* commit '0.8.6-90-g08564bd':
  ENH: fail2ban-testcases -- custom logging format to ease debugging, non-0 exit code in case of failure
  ENH: Filter's testcases -- rename, del + list again --- a bit unstable, might still fail from time to time
  BF: pyinotify -- monitor the parent directory for IN_CREATE + process freshly added file (Closes gh-44)
  ENH: first working unittest for checking polling and inotify backends
  RF/BF: just use pyinotify.ThreadedNotifier thread in filterpyinotify
  RF: filter.py -- single readline in a loop
  ENH: FilterPoll -- adjusted some msgs + allowed to operate without jail (for testing)
  Minor additional comment to DEVELOP
  ENH: extended test LogfileMonitor
  ENH: add more verbosity levels to be controlled while running unittests
  Added few tests of FileFilter.  yet to place them into a Jail-ed execution test
  DOC: distilling some of server "design" into DEVELOP notes for common good
  ENH: minor, just  trailing spaces/tabs + reformated a string
  ENH: added a basic test for FilterPoll for detection of modifications
  clarified that the are existing test cases and the 'coming soon' is about creating new ones.
  Added beginnings of documentation for developers
  BF: usedns=no was not working at all
  RF: filtertestcase.py to put common testing into a helping subroutine
  ENH: be able to control verbosity from cmdline for fail2ban-testcases
2012-07-19 14:06:14 -04:00
Yaroslav Halchenko 08564bda1a ENH: fail2ban-testcases -- custom logging format to ease debugging, non-0 exit code in case of failure 2012-07-19 13:30:55 -04:00
Yaroslav Halchenko 6ac9fd5d26 ENH: Filter's testcases -- rename, del + list again --- a bit unstable, might still fail from time to time 2012-07-19 13:30:01 -04:00
Yaroslav Halchenko 3c95121a8b BF: pyinotify -- monitor the parent directory for IN_CREATE + process freshly added file (Closes gh-44) 2012-07-19 13:28:48 -04:00
Yaroslav Halchenko 60260bce3d ENH: first working unittest for checking polling and inotify backends 2012-07-19 01:14:55 -04:00
Yaroslav Halchenko baa09098f0 RF/BF: just use pyinotify.ThreadedNotifier thread in filterpyinotify
that seems also to overcome the problem of often locking upon stop()
2012-07-19 01:14:02 -04:00
Yaroslav Halchenko 25674a95f8 RF: filter.py -- single readline in a loop 2012-07-19 01:10:59 -04:00
Yaroslav Halchenko b3614d4ea2 ENH: FilterPoll -- adjusted some msgs + allowed to operate without jail (for testing) 2012-07-19 01:08:34 -04:00
Yaroslav Halchenko 42523dce92 Minor additional comment to DEVELOP 2012-07-19 01:04:05 -04:00
Yaroslav Halchenko 47e956bc8e Replace "|" with "_" in ipmasq-ZZZzzz|fail2ban.rul (Closes gh-66)
Surprise -- that is for Windows compatibility
2012-07-18 10:29:59 -04:00
Yaroslav Halchenko 0b842272e3 ENH: extended test LogfileMonitor 2012-07-18 10:26:42 -04:00
Yaroslav Halchenko ad6d9760f9 Adjusted url to "local DOS" issue now described in the manual 2012-07-14 11:12:54 -04:00
Alan Jenkins 8c38907016 Misconfigured DNS should not ban *successful* ssh logins
Noticed while looking at the source (to see the point of ssh-ddos).

POSSIBLE BREAK-IN ATTEMPT - sounds scary?  But keep reading
the message.  It's not a login failure.  It's a warning about
reverse-DNS.  The login can still succeed, and if it _does_ fail,
that will be logged as normal.

<exhibit n="1">
Jul  9 05:43:00 brick sshd[18971]: Address 200.41.233.234 maps to host234.advance.com.
ar, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jul  9 05:43:00 brick sshd[18971]: Invalid user html from 200.41.233.234
</exhibit>

The problem (in my mind) is that some users are stuck with bad dns.
The warning won't stop them from logging in.  I'm pretty sure they can't
even see it.  But when they exceed a threshold number of logins -
which could be all successful logins - fail2ban will trigger.

fail2ban shouldn't adding additional checks to successful logins
 - it goes against the name fail2ban :)
 - the first X "POSSIBLE BREAK-IN ATTEMPT"s would be permitted anyway
 - if you want to ban bad DNS, the right way is PARANOID in /etc/hosts.deny

I've checked the source of OpenSSH, and this will only affect the
reverse-DNS error.  (I won't be offended if you want to check
for yourself though ;)

<exhibit n="2">
$ grep -r -h -C1 'ATTEMPT' openssh-5.5p1/
                logit("reverse mapping checking getaddrinfo for %.700s "
                    "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
                return xstrdup(ntop);
--
                logit("Address %.100s maps to %.600s, but this does not "
                    "map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
                    ntop, name);
$
</exhibit>
2012-07-13 21:41:58 +01:00
Yaroslav Halchenko 9a2b41f6ad ENH: add more verbosity levels to be controlled while running unittests 2012-06-30 00:35:43 -04:00
Yaroslav Halchenko 398cc73d3d Added few tests of FileFilter. yet to place them into a Jail-ed execution test
At the moment they are, despite  being provided different  backends,
pretty much test FileFilter functionality.
2012-06-30 00:35:08 -04:00
Yaroslav Halchenko bbab49a415 DOC: distilling some of server "design" into DEVELOP notes for common good 2012-06-29 12:59:26 -04:00
Yaroslav Halchenko 9b360bb12d ENH: minor, just trailing spaces/tabs + reformated a string 2012-06-29 12:58:53 -04:00
Yaroslav Halchenko 215c3cc5c5 ENH: added a basic test for FilterPoll for detection of modifications
The test class MonitorFailures is intended to be excercised for all
Filter*'s, i.e. backends. It is just atm it is useful only for Poll
2012-06-29 12:56:32 -04:00
Yaroslav Halchenko f970bb288a Merge pull request #59 from yakatz/doc/DEVELOP
clarified that the are existing test cases and the 'coming soon' is about creating new ones
2012-06-26 21:05:41 -07:00
Yehuda Katz bd40cc7c31 clarified that the are existing test cases and the 'coming soon' is about creating new ones. 2012-06-26 23:16:16 -04:00
Yaroslav Halchenko 25b629a75b Merge pull request #58 from yakatz/doc/DEVELOP
Added beginnings of documentation for developers
2012-06-26 14:50:55 -07:00
Yehuda Katz 322f53e26d Added beginnings of documentation for developers 2012-06-26 12:25:52 -04:00
Yaroslav Halchenko 3989d24967 BF: usedns=no was not working at all
it was not adding any detected address, IP or not to the list of failed attempts
This commit also adds appropriate unittest
2012-06-15 23:43:11 -04:00
Yaroslav Halchenko 971406f722 RF: filtertestcase.py to put common testing into a helping subroutine 2012-06-15 22:23:38 -04:00
Yaroslav Halchenko d0a322f2b8 ENH: be able to control verbosity from cmdline for fail2ban-testcases 2012-06-15 22:21:16 -04:00
Yaroslav Halchenko ffd12554e4 changelog entry for 0.8.6~+git69-gb4099da-1 2012-06-06 23:41:10 -04:00
Yaroslav Halchenko 59baf83110 Merge commit '0.8.6-69-gb4099da' into debian-devel
* commit '0.8.6-69-gb4099da': (57 commits)
  DOC: Adjusted header for config/*.conf to mention .local and way to comment
  Fixed addBannedIP to add enough failures to trigger a ban, rather than just one failure.
  Fix Gentoo initd script (drop extra_commands)
  ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 (Closes: #669063)
  DOC: comment in jail.conf for the need of multiple jails for asterisk
  Add the INCLUDE section to use __pid_re feature
  Disable asterisk jail by default
  Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
  Change NOTICE by NOTICE%(__pid_re)s
  Added a warning for the recidive jail
  BF: fail2ban-regex -- adding forgotten char for -v
  Remove custom bantime
  Add sample log file for asterisk
  Add $ at the end of the failregex
  ENH: fail2ban-regex -- quieter by default and added --verbose mode
  ENH: minor, just pythonized some parts of fail2ban-regex summary
  ENH: rudimentary __repr__ for Filter and Jail + moved usedns into set method
  BF: allow trailing whitespace in few missing it regexes for sshd.conf
  BF+ENH: added %m-%d-%Y pattern + do not add %Y for Feb 29 fix if already present in the pattern
  minor comment into TODO
  ...
2012-06-06 23:39:22 -04:00
Yaroslav Halchenko 6ad4276a4e DOC: note about way to add comments + pruned not needed authorship line and obsolete $Revision$ 2012-06-04 22:46:59 -04:00
Yaroslav Halchenko b4099dae57 DOC: Adjusted header for config/*.conf to mention .local and way to comment
thanks to Stefano Forli for reminding about comments
see Debian Bug#676146
2012-06-04 22:41:28 -04:00
Yaroslav Halchenko 958aa2e932 Merge pull request #50 from mellitus/master
Fix addBannedIP/banip command (Closes gh-31)
2012-05-01 15:11:00 -07:00
Chris Reffett a018a26133 Fixed addBannedIP to add enough failures to trigger a ban, rather than
just one failure.
2012-05-01 17:13:21 -04:00
Jeremy Olexa 444e4ac3ed Fix Gentoo initd script (drop extra_commands) 2012-04-21 22:24:51 -04:00
Petr Voralek 4007751191 ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 (Closes: #669063) 2012-04-16 20:36:53 -04:00
Yaroslav Halchenko 7b77beee0e DOC: comment in jail.conf for the need of multiple jails for asterisk 2012-02-28 12:04:24 -05:00