fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	f5ea40c7da	Merge branch '0.11' into master	2020-11-11 11:19:05 +01:00
sebres	adbfdc222d	Merge branch '0.10' into 0.11	2020-11-11 11:17:15 +01:00
benrubson	840f0ff10a	Add Grafana jail	2020-11-09 15:31:06 +01:00
Mart124	df659a0cbc	Add Bitwarden syslog support	2020-11-09 13:34:39 +01:00
benrubson	ec873e2dc3	Add SoftEtherVPN jail	2020-11-05 23:56:30 +01:00
sebres	690ad20958	Merge branch '0.11' into master	2020-11-05 16:16:17 +01:00
sebres	6ef69b48ca	Merge branch '0.10' into 0.11	2020-11-05 16:12:31 +01:00
sebres	1418bcdf5b	`action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836)	2020-09-29 12:35:49 +02:00
sebres	960e30cfcd	Merge branch '0.11'	2020-09-23 19:41:04 +02:00
sebres	74b73bce8a	Merge branch '0.10' into 0.11	2020-09-04 13:09:47 +02:00
sebres	a038fd5dfe	`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`; small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules); closes gh-2821	2020-09-03 16:41:23 +02:00
sebres	4d2734dd86	Merge branch '0.10' into 0.11	2020-09-02 20:23:07 +02:00
sebres	f09ba1b399	action in jail-config extended to consider space as separator now (splitWithOptions separates by space between mains words, but not in options), so defining `action = a b` would specify 2 actions `a` and `b`; it is additionally more precise now (see fixed typo with closed bracket `]` instead of comma in testServerReloadTest)	2020-09-02 20:09:06 +02:00
sebres	a3a148078e	fail2ban-regex: more informative output for `datepattern` (e. g. set from filter) - pattern : description, example: Use datepattern : ^%Y-%m-%d %H:%M:%S : ^Year-Month-Day 24hour:Minute:Second	2020-08-28 14:12:57 +02:00
sebres	17a6ba44b3	fail2ban-regex: speedup formatted output (bypass unneeded stats creation); fail2ban-regex: extended with prefregex statistic	2020-08-28 13:52:09 +02:00
sebres	8bc7623388	Merge branch '0.11'	2020-08-26 13:49:41 +02:00
sebres	e9071b642a	Merge branch '0.10' into 0.11	2020-08-25 18:28:18 +02:00
sebres	2945fe8cbd	changelog	2020-08-25 18:25:32 +02:00
sebres	7327fee2c8	Merge branch '0.11'	2020-08-24 16:33:30 +02:00
sebres	4bc8bc9d5f	Merge branch '0.10' into 0.11	2020-08-24 16:31:48 +02:00
sebres	295630cccf	documentation and changelog	2020-08-24 16:12:55 +02:00
sebres	7d172faa50	implements gh-2791: fail2ban-client extended to unban IP range(s) by subnet (CIDR/mask) or hostname (DNS)	2020-08-11 16:01:52 +02:00
sebres	1ea36c3045	Merge branch '0.11'	2020-08-04 17:19:51 +02:00
sebres	9d076af9a2	Merge branch '0.11-combine-multiple-captures' into 0.11	2020-08-04 17:15:28 +02:00
sebres	98983adf76	update ChangeLog	2020-08-04 17:14:13 +02:00
sebres	067b76fc9e	Merge branch '0.10' into 0.11	2020-08-04 15:40:59 +02:00
sebres	62a6771b33	Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763 action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)	2020-08-04 13:51:20 +02:00
sebres	78fc99ec7e	Merge branch '0.11'	2020-06-11 12:52:34 +02:00
sebres	1da9ab78be	Merge branch '0.10' into 0.11	2020-06-11 12:52:13 +02:00
sebres	5a0edf61c9	filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749)	2020-06-08 14:38:26 +02:00
sebres	6cff2bb007	Merge branch '0.11'	2020-05-25 19:09:29 +02:00
sebres	1588200274	Merge branch '0.10' into 0.11	2020-05-25 18:58:05 +02:00
Sergey G. Brester	368aa9e775	Merge pull request #2689 from benrubson/gitlab New Gitlab jail	2020-05-04 19:19:13 +02:00
Sergey G. Brester	42aef09d69	Update ChangeLog	2020-04-27 19:38:48 +02:00
Sergey G. Brester	da1652d0d7	Update ChangeLog	2020-04-26 12:26:55 +02:00
sebres	6b90ca820f	filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently: - `normal`: matches 401 with supplied username only - `ddos`: matches 401 without supplied username only - `aggressive`: matches 401 and any variant (with and without username) closes gh-2693	2020-04-23 13:08:24 +02:00
sebres	affd9cef5f	filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697)	2020-04-21 13:32:17 +02:00
sebres	06b46e92eb	jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead); no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357; ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686); don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.	2020-04-15 19:00:49 +02:00
Sergey G. Brester	78651de7e5	Update ChangeLog	2020-04-14 12:25:18 +02:00
sebres	9905904bba	Merge branch '0.11'	2020-03-13 22:43:22 +01:00
sebres	00c5d33e45	Merge branch '0.10' into 0.11	2020-03-13 22:39:19 +01:00
sebres	bc2b81133c	pyinotify backend: guarantees initial scanning of log-file by start (retarded via pending event if filter not yet active)	2020-03-13 22:07:32 +01:00
sebres	4c22d4a801	Merge branch '0.11'	2020-03-13 17:47:03 +01:00
sebres	d42ec210cc	Merge branch '0.10' into 0.11	2020-03-13 17:44:29 +01:00
sebres	9f1c6f1617	filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)	2020-03-13 17:34:37 +01:00
sebres	e3737bb7c0	filter stability fix: prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)	2020-03-13 17:20:19 +01:00
Sergey G. Brester	d4da9afd7f	Update ChangeLog	2020-03-06 20:29:48 +01:00
sebres	8b43d54878	Merge branch '0.11'	2020-03-05 14:32:42 +01:00
sebres	32f02ef3b3	Merge branch '0.10' into 0.11	2020-03-05 14:01:14 +01:00
sebres	42714d0849	filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it); amend to `62b1712d22` (PR #2387, backend-related option `logtype`); testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)	2020-03-05 13:47:11 +01:00
sebres	2ddf687c31	Merge branch '0.10' into 0.11 - test cases only (add ban to database was moved to observer in 0.11)	2020-03-02 19:17:16 +01:00
sebres	15158e4474	closes gh-2647: add ban to database is moved from jail.putFailTicket to actions.__CheckBan; be sure manual ban is written to database, so can be restored by restart; reload/restart test extended	2020-03-02 18:58:59 +01:00
sebres	f088e7bf76	Merge branch '0.10' into 0.11	2020-03-02 17:10:48 +01:00
sebres	4766547e1f	performance optimization of `datepattern` (better search algorithm); datetemplate: improved anchor detection for capturing groups `(^...)`; introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex; datedetector: speedup special case if only one template is defined (every match wins - no collision, no sorting, no other best match possible)	2020-02-28 14:27:21 +01:00
sebres	ef1eaf9b37	Merge branch '0.11'	2020-02-25 17:18:50 +01:00
sebres	c15c300d2a	Merge branch '0.10' into 0.11	2020-02-25 17:11:29 +01:00
sebres	e6ca04ca9d	Merge branch '0.10' into 0.11 + version bump (back to dev)	2020-02-25 16:10:31 +01:00
Christopher Gurnee	df885586d4	close Popen() pipes explicitly for PyPy Waiting for garbage collection to close pipes opened by Popen() can lead to "Too many open files" errors with PyPy; close them explicitly.	2020-02-25 14:55:10 +01:00
sebres	e57e950ef5	version bump (back to dev)	2020-02-25 14:51:54 +01:00
sebres	8cbc1e0ebb	ChangeLog (change actioncheck behavior)	2020-01-16 16:51:57 +01:00
sebres	bb0f732ae6	version bump (master is 1.0.x-dev now)	2020-01-14 20:38:26 +01:00
sebres	d004a2c79b	release 0.11.1 -- This is the Way	2020-01-11 11:01:00 +01:00
sebres	27fb4790fb	Merge branch '0.10' into 0.11	2020-01-10 15:17:54 +01:00
sebres	b25d8565fc	release 0.10.5 -- Deserve more respect a jedi's weapon must. Hrrrm, Yes	2020-01-10 13:34:46 +01:00
sebres	4860d69909	Merge branch '0.10' into 0.11	2020-01-09 20:55:00 +01:00
sebres	f77398c49d	filter.d/sshd.conf: captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra` (with supplied user only) and `ddos`/`aggressive` mode (`normal` mode is not affected, used there just as a helper with `<F-NOFAIL>` to capture IP for multiline failures without IP); closes gh-2115, gh-2362.	2020-01-09 20:53:53 +01:00
sebres	d1b7e2b5fb	fail2ban-regex - several enhancements and fixes: - improved usage output (don't put a long help if an error occurs); - new option `--no-check-all` to avoid check of all regex's (first matched only); - new option `-o`, `--out` to set token provided in output (disables check-all and outputs only expected data); - test cases optimized and extended	2020-01-09 16:59:13 +01:00
sebres	587e4ff573	Merge branch '0.10' into 0.11 (conflicts resolved)	2020-01-08 21:27:23 +01:00
sebres	f30b7ae244	update ChangeLog + spelling	2020-01-08 21:03:00 +01:00
sebres	24d1ea9aa2	Merge branch '0.10' into 0.11	2019-11-25 01:58:55 +01:00
Sergey G. Brester	e86e9b2ee9	Merge branch '0.10' into gh-927-subnet	2019-11-15 01:47:50 +01:00
sebres	27e6b0021c	ChangeLog update gh-2563	2019-11-08 13:18:57 +01:00
sebres	e5d02bc2e9	grouped tags (`<ADDR>`, `<HOST>`, `<SUBNET>`) recognize IP addresses enclosed in square brackets, closes gh-2494	2019-11-04 12:11:00 +01:00
sebres	d44607a161	part of #927 - filter enhancement to parse IP sub-nets (IP/CIDR with correct recognition of IP-family), provides new replacement tags for failregex to match subnets in form of IP-addresses with CIDR mask (gh-2559): - `<CIDR>` - helper regex to match CIDR (simple integer form of net-mask); - `<SUBNET>` - regex to match sub-net adresses (in form of IP/CIDR, also single IP is matched, so part /CIDR is optional);	2019-11-01 16:29:17 +01:00
sebres	0824ad0d73	Merge branch '0.10' into 0.11	2019-10-18 12:04:38 +02:00
Sergey G. Brester	8b850864cf	amend to #2254 : update changelog	2019-10-18 12:00:17 +02:00
sebres	d1a73d3004	filter.d/apache-auth.conf: - ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548); - extended with option `mode` - `normal` (default) and `aggressive` close gh-2548	2019-10-18 11:26:19 +02:00
sebres	1cdd618232	Merge branch '0.10' into 0.11	2019-07-29 13:26:37 +02:00
sebres	5d5253dd70	Merge branch '0.10' into 0.11	2019-07-29 13:25:49 +02:00
sebres	91923b5c07	don't need to match identifier exactly (@ is precise enough as prefix), not capturing group; `prefregex` extended, more selective now (denied/NOTAUTH suffix moved from `failregex`, so no catch-all there anymore); update ChangeLog	2019-07-29 13:21:00 +02:00
Sergey G. Brester	a395361de8	Merge pull request #2467 from sebres/logtype-option-rfc5424 New option `logtype` value - `rfc5424`	2019-07-24 00:02:04 +02:00
Sergey G. Brester	70280bfa12	Update ChangeLog	2019-07-24 00:00:24 +02:00
sebres	581f13c2db	Merge branch '0.10' into 0.11	2019-07-22 19:07:15 +02:00
Sergey G. Brester	d3b5befe44	update changelog (#2404 )	2019-07-22 12:50:48 +02:00
sebres	0a209f01c2	Merge branch '0.10' into 0.11	2019-07-11 13:28:47 +02:00
Sergey G. Brester	7520d250b0	Merge pull request #2444 from sebres/gh-2392 systemd-backend: switched default flags to SYSTEM_ONLY(4)	2019-07-11 13:25:58 +02:00
Sergey G. Brester	8a386103c1	Update ChangeLog	2019-06-25 15:49:07 +02:00
sebres	5045c4bb00	Merge branch '0.10' into 0.11	2019-06-12 16:28:57 +02:00
girst	b288ccd6b6	new filter: znc-adminlog	2019-06-12 16:25:50 +02:00
sebres	2e7a600851	Merge branch '0.10' into 0.11	2019-06-12 11:44:05 +02:00
sebres	4c81338944	update ChangeLog (gh-2390)	2019-06-12 11:28:19 +02:00
sebres	686a8bdc54	Merge branch '0.10' into 0.11	2019-06-12 00:13:39 +02:00
sebres	2725acb64b	amend to 809acb69e5928c0e678ad25b43e53b567cb23a3b: extended to avoid the vice versa race (too many outdated tickets to unban) - max count of outdated tickets is restricted also.	2019-06-12 00:11:26 +02:00
sebres	0ed3a63151	Merge branch '0.10' into 0.11	2019-06-07 16:29:38 +02:00
sebres	e5ae113215	filter.d/postfix.conf: extended with new postfix filter mode `errors` to match "too many errors" (gh-2439), also included within modes `normal`, `more` (`extra` and `aggressive`), since postfix parameter `smtpd_hard_error_limit` is default 20 (additionally consider `maxretry`)	2019-06-07 16:14:02 +02:00
sebres	3b2f75414c	filter.d/postfix.conf: extended regexp's to accept variable suffix code in status of postfix for precise messages (gh-2442)	2019-06-07 15:40:55 +02:00
sebres	3d4044084a	Merge branch '0.10' into 0.11	2019-06-07 14:48:10 +02:00
sebres	8da9bfb83a	Update ChangeLog (gh-2302, rebased to 0.10)	2019-06-07 14:47:43 +02:00
sebres	f48677db7d	Merge branch '0.10' into 0.11	2019-05-24 16:18:32 +02:00
sebres	3b51c005f8	update ChangeLog (multi-line parsing fix, gh-2431)	2019-05-24 16:17:06 +02:00

1 2 3 4 5 ...

1124 Commits (f9d3e28c7c4cab30af50d18ef73a0e635a973068)