f8f59dd31a
added test cases covering different messages adjusted to new log-format (gh-3116)
2021-10-01 14:58:25 +02:00
5ee482bc9a
Merge pull request #3053 from db48x/fix-grammar-of-timestamp-warnings
...
Improve grammar and readability of timestamp warnings
2021-09-21 16:16:52 +02:00
d086317cc8
Update filter.py
2021-09-21 16:05:53 +02:00
17eed32e03
Update filtertestcase.py
2021-09-21 16:00:37 +02:00
621d8cae17
restore backwards compatibility for date None
2021-09-20 02:20:22 +02:00
ec043cd202
simplifying logic and shortening messages (delta in minutes; removed clock synchronization, because it is rarely an issue on fail2ban side, e. g. for remote logs only, etc)
2021-09-19 21:58:42 +02:00
d7afcde2e1
add a warning message for dates in the future
...
and a test that checks which message was output for which time deltas.
2021-09-19 19:39:52 +02:00
1929e7a76b
include more specific information in the warning
2021-09-19 19:39:49 +02:00
320a3dcdd5
remove old warnings from filtertestcase.py
...
assertLogged only checks that at least one listed message is found, so
it isn’t necessary to repeat them in the test.
2021-09-19 19:39:45 +02:00
a98cc08b31
Updated the warning messages created when fail2ban sees unexpected timestamps
...
to improve their grammar and to remove jargon.
Partially fixes #2822
2021-09-19 19:39:41 +02:00
974ba688d4
Merge branch 'patch-3098' into 0.10
2021-09-19 18:41:24 +02:00
7f22c4873a
remove 2to3 in setup (should be called outside before setup)
2021-09-19 18:36:02 +02:00
1414a44b8e
Update main.yml
...
CI: try to install dependencies via apt, add build test
2021-09-19 18:24:36 +02:00
c0f9348db5
Merge branch 'sebres/gh-3097--fix-unh-except' into 0.10;
...
closes #3097
2021-09-08 20:08:30 +02:00
d709ec8179
GH actions: use newest python version for 3.10 (3.10.0-rc.2)
2021-09-08 20:00:41 +02:00
ba282b794c
pyinotify: amend to 1e4a14fb25d88e32f3ca9c06fb1d6b8d3b4813ab: one fix more for sporadic runtime error "dictionary changed size during iteration" (watched files)
2021-09-08 19:56:02 +02:00
e323c148e1
backend systemd: fixes error "local variable 'line' referenced before assignment", introduced in 55d7d9e214f72bbe4f39a2d17aa004d80bfc7299;
...
don't update database too often (every 10 ticks or ~ 10 seconds in production);
closes gh-3097
2021-09-08 19:44:49 +02:00
1e4a14fb25
pyinotify: fixes sporadic runtime error "dictionary changed size during iteration" (if something outside changes the pending dict during _checkPending evaluation) - simply deserialize to a list for iteration, without any lock, because unneeded here due to small and mostly empty dictionary (logrotate, etc), not to mention that pending check is normally called once per minute;
...
don't call process file inside of server thread calling of addLogPath (always retard it as pending event);
ensure to wake-up as soon as possible to process pending events (e. g. if file gets added).
2021-09-08 19:17:44 +02:00
2f99d5accb
test coverage for unhandled exception in run of several filter (gh-3097)
2021-09-08 18:22:31 +02:00
e3f2fcfab4
merge point (GHSA-m985-3f3v-cwmm 0.9/0.10)
2021-07-07 11:50:49 +02:00
2ed414ed09
fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence
...
closes GHSA-m985-3f3v-cwmm for 0.9
2021-07-07 11:46:28 +02:00
410a6ce5c8
fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence
2021-06-21 17:12:53 +02:00
92f90038fa
filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553
2021-05-29 21:12:34 +02:00
8b984a0135
filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553)
2021-05-29 20:47:56 +02:00
6be1a5a0b1
filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)
2021-05-29 20:25:28 +02:00
8afea37494
filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757)
2021-05-29 20:09:57 +02:00
c5f1598a21
filter.d/postfix.conf: extended to cover new vectors:
...
- reject: BDAT/DATA from (gh-2927)
- (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else)
- matches "Command rejected" and "Data command rejected" now
2021-05-29 19:48:24 +02:00
ae3e9b9149
filter.d/postfix.conf: extended to cover 2 new vectors:
...
- RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995
- 550 5.7.25 Client host rejected, gh-2996
review combining several regex to single one
2021-05-29 19:21:27 +02:00
87f717e0e0
filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012)
2021-05-29 18:45:59 +02:00
1627d4f573
filter.d/sendmail-auth.conf: user not found, closes gh-3030
2021-05-25 23:16:29 +02:00
ef5c826c74
fixes search for the best datepattern (gh-3020) - e. g. if line is too short, boundaries check for previously known unprecise pattern may fail on incomplete lines (logging break-off, no flush, etc)
2021-05-07 01:18:54 +02:00
2918849f9e
fixes precise year pattern %ExY - accept years 20xx up to current century (using almost the same pattern in tests and production now)
2021-05-07 01:10:26 +02:00
319cfefac2
fix travis build (unsupported pythons and pypy versions), update 3.10 in GH actions
2021-04-27 13:41:57 +02:00
d3f5d2d52b
documentation (interpolation tags)
2021-04-21 11:50:07 +02:00
f0214b3d36
filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments
2021-04-20 18:13:40 +02:00
d135aeea16
fixes restore of original logging withing tests (`LogCaptureTestCase.tearDown`) - python 3 seemed still to log wordy after tear down (setting of log.level does not restore the level for related log objects - e. g. for logger of `fail2ban.jail` etc, so `fail2ban-testcases '(testVersion|testLongName).*servertest'` generating messages in stdout handler in testLongName)
2021-03-24 14:14:47 +01:00
8757563be1
close fork
2021-03-23 14:20:10 +01:00
e587526ede
tests: add missing constraint (causing incomplete comparison in below cycle if fewer lines as expected was found)
2021-03-22 00:56:40 +01:00
04aba6168c
fixed typo, `--` is not expected in options declaration, so `--dump-pretty` did never work (only `--dp` is working)
2021-03-03 13:02:00 +01:00
a45b1c974c
filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast);
...
closes gh-2951
2021-03-02 19:35:27 +01:00
63acc862b1
`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action
2021-02-24 18:21:42 +01:00
6f4b6ec8cc
action.d/badips.* removed (badips.com is no longer active, gh-2889)
2021-02-24 13:05:04 +01:00
e3d43d1241
Merge branch 'fix-rc-on-too-many-failures' into 0.10: resolves RC with uncontrolled growth of failure list (jail with too many matches that did not cause ban, gh-2945)
2021-02-24 12:45:15 +01:00
92a2242174
amend fixing journal tests (systemd backend only)
2021-02-23 15:54:48 +01:00
e353fb8024
fixed test cases (ban ASAP also followed in test suite now, so failure reached maxretry causes immediate ban now)
2021-02-23 02:46:44 +01:00
55d7d9e214
*WiP* try to solve RC on jails with too many failures without ban, gh-2945 ...
2021-02-22 18:39:58 +01:00
294ec73f62
Merge branch 'py-3-10-alpha-5' into 0.10
2021-02-17 18:49:06 +01:00
9f1d1f4fbd
amend for `Mapping` (jails)
2021-02-17 18:47:42 +01:00
42dee38ad2
amend for `Mapping`
2021-02-17 18:47:40 +01:00
2b6bb2c1be
follow bpo-37324: :ref:`collections-abstract-base-classes` moved to the :mod:`collections.abc` module
...
(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
2021-02-17 18:47:38 +01:00
Sergey G. Brester