Commit Graph

4027 Commits (fa20b0aff2be0f0fff5ed796cd2bd31ec79f275f)

Author SHA1 Message Date
sebres fa20b0aff2 Merge branch 'py-3.6-compat' into 0.10-full 2017-02-15 19:18:35 +01:00
sebres cf53a834f7 python-3.6 compatibility:
- dynamical string replacement within call of regexp.sub fixed with lambda-replacement (otherwise "sre_constants.error: bad escape \s at position");
- optional arguments (3.6 has more agrs by calling of SMTPServer.process_message);
- implicit convert byte to string, because python3.6 fails on binary data (test_smtp).
2017-02-15 19:05:45 +01:00
sebres 01db0b5028 small performance fix after merge with 0.10
(cherry picked from commit 8e2711681c)
2017-02-15 19:04:24 +01:00
sebres 63f7916886 fix test cases by testing with multi-threaded execution (wait for threaded execution done)
(cherry picked from commit 1ec6782f32)

# Conflicts:
#	fail2ban/tests/observertestcase.py (not yet available in 0.10)
2017-02-15 18:58:40 +01:00
sebres a4ec017d1c Merge branch '0.10' into 0.10-full 2017-02-15 09:26:01 +01:00
sebres f35aa6d258 coverage: added python3.6 2017-02-15 08:46:27 +01:00
sebres 40837754c9 python3.6 compatibility fix 2017-02-15 08:45:15 +01:00
Serg G. Brester ac7be38dbe Merge pull request #1686 from Slamdunk/postfix-rbl-554-SMTP
Postfix RBL: 554 & SMTP
2017-02-07 15:37:18 +01:00
Filippo Tessarotto 607568f5da Postfix RBL: 554 & SMTP 2017-02-07 15:26:06 +01:00
sebres 8c54675750 fix sporadic time related errors after fail2ban restart resp. reload jail:
- ValueError: need more than N values to unpack
- empty banip from restoreCurrentBans, etc.
2017-01-23 11:45:29 +01:00
sebres 0636b3247d observer fix: wait it becomes idle in reload test case (complete writing of failures to database); 2017-01-23 09:52:04 +01:00
sebres 8e2711681c small performance fix after merge with 0.10 2017-01-23 09:51:52 +01:00
sebres 99634638ba Merge branch '0.10' into 0.10-full 2017-01-23 09:51:36 +01:00
sebres 96d404f0fb Merge branch 'master' into 0.10 2017-01-23 09:27:40 +01:00
sebres c4dc698d98 evil symlink removed: does not supported by some file systems (e. g. development over net share) 2017-01-23 09:26:05 +01:00
sebres 1823571e0f Merge branch 'ssh-filter-new-regexp' into 0.10 2017-01-23 08:58:43 +01:00
sebres c4d56ea84a Merge branch 'ssh-filter-new-regexp' 2017-01-23 08:58:03 +01:00
sebres 9d06f0ee40 sshd-amend: optional space after port part 2017-01-23 08:56:47 +01:00
sebres e8a1556562 Merge remote-tracking branch 'master' into 0.10
# Conflicts:
#	fail2ban/tests/samplestestcase.py
2017-01-21 16:59:41 +01:00
Serg G. Brester 3ccb026840 Merge pull request #1209 from sebres/ssh-filter-new-regexp
sshd-aggressive (new ssh rules added (gh-864) and code review...)
2017-01-21 16:29:42 +01:00
sebres 54a8c681ce suhosin.conf: removed greedy match 2017-01-21 16:26:07 +01:00
sebres 8aa9516d50 sshd.conf: fixed expression "received disconnect ... auth fail" - optional space after port part (gh-1652) 2017-01-21 16:18:03 +01:00
sebres c8f473110c change log update after rebase 2017-01-21 15:59:27 +01:00
sebres 3276bd6d54 sshd: additionally aggressive filter rules - no matching cipher resp. no matching key exchange method (gh-1545, gh-1117) 2017-01-21 15:57:05 +01:00
sebres 628789f9a9 sshd: conditional parameter "mode" for sshd jail (normal, ddos, aggressive)
filter sshd-ddos and new filter sshd-aggressive are both derivation of sshd-filter
2017-01-21 15:54:49 +01:00
sebres dd373dba9f test all config-regexp, that contains greedy catch-all before <HOST>, that is hard-anchored at end or precise sub expression after <HOST>;
new ssh rule(s) added:
- Connection reset by peer (multi-line rule during authorization process);
- No supported authentication methods available;
Single line and multi-line expression optimized, added optional prefixes and suffix (logged from several ssh versions);
closes gh-864
2017-01-21 15:53:48 +01:00
Serg G. Brester 5e08298b6b Update ChangeLog 2017-01-20 08:47:30 +01:00
Christian Brandlehner a4d8426401 Support for IBM Domino SMTP task (#1603)
filter.d/domino-smtp.conf
2017-01-20 08:44:20 +01:00
Serg G. Brester 40f294e6bf Merge pull request #1663 from jjeziorny/netscaler-action
Introduced citrix netscaler action
2017-01-19 16:25:23 +01:00
Serg G. Brester 75b252e47f Update ChangeLog 2017-01-19 15:00:08 +01:00
Juliano Jeziorny 1fe554dd25 Introduced Citrix Netscaler action 2017-01-19 14:30:25 +01:00
Serg G. Brester 063a11564b Merge pull request #1673 from chtheis/master
Wrong paths for apache and nginx under FreeBSD
2017-01-18 17:12:20 +01:00
Christoph Theis fe76cd9b7d #1667: changelog entry 2017-01-17 14:05:20 +01:00
Christoph Theis 6187431629 #1667: Wrong paths for apache and nginx under FreeBSD 2017-01-17 11:48:25 +01:00
Serg G. Brester 5bfdd521f0 Merge pull request #1669 from sebres/0.10-recognize-restored-tickets
Recognize state of restored tickets
2017-01-17 09:39:56 +01:00
sebres f35da076df ChangeLog entry 2017-01-16 09:55:01 +01:00
sebres 74a6afadd5 Mail-actions switched to use new option "norestored" instead of checking of variable `restored` during shell execution (prevents executing of such actions at all). 2017-01-16 09:40:48 +01:00
sebres 8b82c6669e provide name of action to fail-message (e. g. if interpolation fails) 2017-01-16 09:34:10 +01:00
sebres 0aa241d303 Another way to recognize restored tickets - new option `norestored` of action introduced;
Complete prevents executing of ban/unban operations for actions where norestored = true.
2017-01-16 09:05:45 +01:00
sebres 2ed2e7810d normalization of DefinitionInitConfigReader (action / filter): client-side interpolation, etc. 2017-01-16 09:03:06 +01:00
sebres de49f0c27f ChangeLog entry 2017-01-13 19:45:10 +01:00
sebres ee3c787cc6 Recognize restored (from database) tickets after restart (tell action restored state of the ticket);
Prevent executing of several actions (e.g. mail, send-mail etc) on restart (bans were already notified).
Test cases extended (smtp and by restart in ServerReloadTest).
Closes gh-1141
Closes gh-921
2017-01-13 19:06:17 +01:00
oliverdorn 4a65e069e1 Solution for issue #1665
Solves the issue of authentic GoogleBots being banned by apache-fakegooglebots.
2017-01-13 08:59:45 +01:00
Serg G. Brester 6f190b6e61 readme.md: added IPv6 launch logo for 0.10th branch
Closes gh-1647
2017-01-12 12:41:08 +01:00
sebres bf872213bd amend for 7019640eb3 (fix-gh-1658): sshd test-cases extended with IPv6 to cover this fix 2017-01-10 13:48:17 +01:00
sebres 7019640eb3 Merge branch 'fix-gh-1658' into 0.10 2017-01-10 12:59:51 +01:00
sebres a9523aefbb sshd.conf: fixed non-anchored part of regex (misleading match of colon inside IPv6 address instead of `: ` in the reason-part by missing space). 2017-01-10 12:58:44 +01:00
sebres c9f32f75e6 Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10) 2017-01-10 11:25:41 +01:00
sebres f8d35a7c9c changelog entry 2017-01-10 11:16:17 +01:00
sebres 2009f1c434 fail2ban-regex: fix for systemd-journal (see gh-1657) 2017-01-10 11:13:18 +01:00