* commit '0.8.6-100-gdca5634':
RF: reordered tests + enabled gamin now that its fix is pending in Debian
ENH+BF: filtergamin -- to be more inline with current design of filterinotify
ENH: 1 more sleep_4_poll to guarantee difference in time stamp
ENH: few more delays for cases relying on time stamps
* _enh/test_backends:
RF: reordered tests + enabled gamin now that its fix is pending in Debian
ENH+BF: filtergamin -- to be more inline with current design of filterinotify
ENH: 1 more sleep_4_poll to guarantee difference in time stamp
ENH: few more delays for cases relying on time stamps
ENH: tests much more robust now across pythons 2.4 -- 2.7
BF+RF: pyinotify refreshes watcher upon CREATE, unified/simplified *(add|del)LogPath among *Filters
ENH: fail2ban-testcases -- custom logging format to ease debugging, non-0 exit code in case of failure
ENH: Filter's testcases -- rename, del + list again --- a bit unstable, might still fail from time to time
BF: pyinotify -- monitor the parent directory for IN_CREATE + process freshly added file (Closes gh-44)
ENH: first working unittest for checking polling and inotify backends
RF/BF: just use pyinotify.ThreadedNotifier thread in filterpyinotify
RF: filter.py -- single readline in a loop
ENH: FilterPoll -- adjusted some msgs + allowed to operate without jail (for testing)
Minor additional comment to DEVELOP
ENH: extended test LogfileMonitor
* commit '0.8.6-95-gc0c1232':
ENH: tests much more robust now across pythons 2.4 -- 2.7
BF+RF: pyinotify refreshes watcher upon CREATE, unified/simplified *(add|del)LogPath among *Filters
Ask users to report bugs to github's issues
Replace "|" with "_" in ipmasq-ZZZzzz|fail2ban.rul (Closes gh-66)
* needed additional sleeps for polling filter since that one relies on
time-stamps and too rapid changes would not be caught by the
PollFilter
* in python 2.4, time stamps are up to a second (int's) so sleeps longer
* test_new_bogus_file -- just to make sure that addition of new files
does not alter our monitoring
* all of the *Filters had too much of common logic in their *LogPath
methods, which is now handled by FileFilter and derived classes only
add custom actions in corresponding _(add|del)LogPath methods
pyinotify:
* upon CREATE event:
- unknown files should not be handled at all
- "watcher" for the monitored files should be recreated.
Lead to adding _(add|del)FileWatcher helper methods
* callback now obtains full event to judge what to do
* commit '0.8.6-90-g08564bd':
ENH: fail2ban-testcases -- custom logging format to ease debugging, non-0 exit code in case of failure
ENH: Filter's testcases -- rename, del + list again --- a bit unstable, might still fail from time to time
BF: pyinotify -- monitor the parent directory for IN_CREATE + process freshly added file (Closes gh-44)
ENH: first working unittest for checking polling and inotify backends
RF/BF: just use pyinotify.ThreadedNotifier thread in filterpyinotify
RF: filter.py -- single readline in a loop
ENH: FilterPoll -- adjusted some msgs + allowed to operate without jail (for testing)
Minor additional comment to DEVELOP
ENH: extended test LogfileMonitor
ENH: add more verbosity levels to be controlled while running unittests
Added few tests of FileFilter. yet to place them into a Jail-ed execution test
DOC: distilling some of server "design" into DEVELOP notes for common good
ENH: minor, just trailing spaces/tabs + reformated a string
ENH: added a basic test for FilterPoll for detection of modifications
clarified that the are existing test cases and the 'coming soon' is about creating new ones.
Added beginnings of documentation for developers
BF: usedns=no was not working at all
RF: filtertestcase.py to put common testing into a helping subroutine
ENH: be able to control verbosity from cmdline for fail2ban-testcases
Noticed while looking at the source (to see the point of ssh-ddos).
POSSIBLE BREAK-IN ATTEMPT - sounds scary? But keep reading
the message. It's not a login failure. It's a warning about
reverse-DNS. The login can still succeed, and if it _does_ fail,
that will be logged as normal.
<exhibit n="1">
Jul 9 05:43:00 brick sshd[18971]: Address 200.41.233.234 maps to host234.advance.com.
ar, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jul 9 05:43:00 brick sshd[18971]: Invalid user html from 200.41.233.234
</exhibit>
The problem (in my mind) is that some users are stuck with bad dns.
The warning won't stop them from logging in. I'm pretty sure they can't
even see it. But when they exceed a threshold number of logins -
which could be all successful logins - fail2ban will trigger.
fail2ban shouldn't adding additional checks to successful logins
- it goes against the name fail2ban :)
- the first X "POSSIBLE BREAK-IN ATTEMPT"s would be permitted anyway
- if you want to ban bad DNS, the right way is PARANOID in /etc/hosts.deny
I've checked the source of OpenSSH, and this will only affect the
reverse-DNS error. (I won't be offended if you want to check
for yourself though ;)
<exhibit n="2">
$ grep -r -h -C1 'ATTEMPT' openssh-5.5p1/
logit("reverse mapping checking getaddrinfo for %.700s "
"[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
return xstrdup(ntop);
--
logit("Address %.100s maps to %.600s, but this does not "
"map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
ntop, name);
$
</exhibit>
* commit '0.8.6-69-gb4099da': (57 commits)
DOC: Adjusted header for config/*.conf to mention .local and way to comment
Fixed addBannedIP to add enough failures to trigger a ban, rather than just one failure.
Fix Gentoo initd script (drop extra_commands)
ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 (Closes: #669063)
DOC: comment in jail.conf for the need of multiple jails for asterisk
Add the INCLUDE section to use __pid_re feature
Disable asterisk jail by default
Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
Change NOTICE by NOTICE%(__pid_re)s
Added a warning for the recidive jail
BF: fail2ban-regex -- adding forgotten char for -v
Remove custom bantime
Add sample log file for asterisk
Add $ at the end of the failregex
ENH: fail2ban-regex -- quieter by default and added --verbose mode
ENH: minor, just pythonized some parts of fail2ban-regex summary
ENH: rudimentary __repr__ for Filter and Jail + moved usedns into set method
BF: allow trailing whitespace in few missing it regexes for sshd.conf
BF+ENH: added %m-%d-%Y pattern + do not add %Y for Feb 29 fix if already present in the pattern
minor comment into TODO
...