Commit Graph

4027 Commits (fa20b0aff2be0f0fff5ed796cd2bd31ec79f275f)

Author SHA1 Message Date
sebres ee1727ecca Merge pull request #1563 from niklasf/fix-lazy-ipv6-regex (and sebres/fix-lazy-ipv6-regex) into 0.10 2016-09-30 13:34:54 +02:00
sebres 276759b6c2 ExtendedCymruInfo code review and availability check in test cases;
max sleep time check of too long sleep increased to 1 second
2016-09-30 13:19:00 +02:00
sebres 9bf8985e2a nginx-limit-req.conf: more precise failregex (word-boundary if `<HOST>` should be non-greedy for some reasons) 2016-09-30 12:33:43 +02:00
sebres 06674bb989 use common regex for IP addresses (removed code duplication) 2016-09-30 12:33:41 +02:00
Serg G. Brester ba9a88977f Merge pull request #1562 from sebres/_0.10/fix-stability-and-speed
0.10/fix stability and speed optimization
2016-09-30 12:14:51 +02:00
sebres 8b0f6c5413 badips test cases check availability of badips service (and skip this tests if it not available) 2016-09-30 12:03:27 +02:00
sebres 9a7c753372 fixes method-related filter for tests of suite loaded with loadTestsFromName (they may be a suite self) 2016-09-30 11:26:49 +02:00
Niklas Fiekas 057f2f3c56 make the ipv6 host regex greedy
Previously the regex was lazily matching ``2606:2800:220:1:248:1893:25c8:1946``
as ``2606:2800:220:1:248:1893:25c8:1``.
2016-09-30 11:08:07 +02:00
sebres 77ec9df678 standardize and normalize verbosity parameters for fail2ban-regex / fail2ban-testcases (-v ... -vvvv, or --verbosity=0..4) 2016-09-30 10:01:21 +02:00
sebres 2cfaf845ca standardize and normalize logging and verbosity formats, logging level etc between command lines (server, client, test-cases);
test cases could pass (so increase) verbosity to the client (and furthermore client to the server also), usable for debug purposes resp. simplifying read of the log-file;
custom and precise numeric log-levels can be given in test cases now;
2016-09-29 21:23:37 +02:00
sebres 62b8664175 speedup server start/stop (waiting for communicate, etc);
extend server socket with timeouts, extend ping with timeout parameter;
2016-09-29 21:11:54 +02:00
sebres 542419acab filtertestcase: use shorter sleep (almost just for the context switch here) 2016-09-29 21:08:27 +02:00
sebres b615ba49ff disengage testExecuteTimeout test-case from -fast option, just make it faster (timeout shorter) in this case 2016-09-29 21:08:25 +02:00
sebres b011cf17b2 increase performance of executeCmd (actions), thereby introduced new shorter interval for fast operations (leaves unchanged default wait operation intervals (sleep time, threshold interval) - for the same inertance, to save same system (load by many jails resp. log files);
extends wait_for with callable timeout (test case fixed);
2016-09-29 21:07:46 +02:00
sebres 310d4e224d Merge branch master (0.9) into 0.10 2016-09-29 19:46:11 +02:00
Serg G. Brester 8e3e333d54 Update ChangeLog 2016-09-27 14:17:45 +02:00
Serg G. Brester d9e1a4f547 Merge pull request #1556 from szepeviktor/master
Monit config: scripting is not supported in path
2016-09-27 14:16:52 +02:00
Serg G. Brester a0d8581a2c Merge pull request #1557 from sebres/_0.10/fix-reload-bug
0.10/reload-and-more: reload without restart, stability and performance fixes
2016-09-26 15:25:36 +02:00
sebres 5151c4fa6d ChangeLog entries added 2016-09-26 15:12:50 +02:00
sebres 5e4fdb60c8 extended test-cases (coverage) 2016-09-26 10:50:02 +02:00
sebres 449c46aec4 extended test-cases (coverage) 2016-09-23 15:21:23 +02:00
sebres 004879b5b1 code review: switch MAX_TIME to 0X7FFFFFFFFFFF (is enough, because 4461763-th year, but better performance) 2016-09-23 09:32:10 +02:00
sebres e00be5f308 Fixed sporadically error in testCymruInfoNxdomain, because of unsorted values:
```
AssertionError: Dictionaries differ:
{'country': ['unknown', 'nxdomain'], 'asn': ['4565', 'nxdomain'], 'rir': ['other', 'nxdomain']} !=
{'country': ['nxdomain', 'unknown'], 'asn': ['nxdomain', '4565'], 'rir': ['nxdomain', 'other']}
```
Added assertDictEqual for compatibility to early python versions (< 2.7);
2016-09-22 22:45:54 +02:00
sebres e7fa74b989 smaller inertance inside test-cases (amend to d153555a07 with decreasing default wait operation that litle bit speedup test-cases) 2016-09-22 22:45:52 +02:00
sebres ab0c28260b switch down log level for some annoying messages to tracedebug or heavydebug (to 7 or even 5);
added verification of specified log-level before transmitting to the server;
numeric log-level allowed now in server (resp. fail2ban.conf);
2016-09-22 22:44:46 +02:00
Viktor Szépe a406c6eb3a By the author:
> Yes, scripting is not supported in path.

https://bitbucket.org/tildeslash/monit/issues/372/webadmin-shows-only-the-first-part-of#comment-27946048
2016-09-22 20:29:26 +00:00
sebres 48ebe3e735 FilterPyinotify: high cpu load fix - timeout for pyinotify must be set in milliseconds (our time values are floats contain seconds); 2016-09-22 20:15:12 +02:00
sebres c0373a7158 repair typo bug in reloading for systemd-filter;
JailThread get method `join` for safe usage of it, also for not started threads (test-cases or in case of error), that will be used for cleanup resp. wait purposes also (see join of pyinotify-filter);
2016-09-22 19:00:54 +02:00
sebres d153555a07 increase default wait operation (sleep time, threshold interval) - avowedly greater inertance, but fewer system load by many jails resp. log files;
waiting with `wait_for` extended with verifying of active flag;
implemented better error handling in some multi-threaded routines;
shutdown of jails rewritten (faster and safer, does not breaks shutdown process if some error occurred);
2016-09-22 18:10:42 +02:00
sebres 35ce1166b6 allows to update some configuration options (read with config-readers) with command line option, e. g.:
```bash
## start server with DEBUG log-level (ignore level read from fail2ban.conf):
fail2ban-client --loglevel DEBUG start
## or
fail2ban-server -c /cfg/path --loglevel DEBUG start
## keep server log-level by reload (without restart it)
fail2ban-client --loglevel DEBUG reload
## switch log-level back to INFO:
fail2ban-client set loglevel INFO
```
2016-09-22 14:21:31 +02:00
Serg G. Brester 28e286cd2d Merge pull request #1551 from fail2ban/sebres-patch-fips-gh-1540
filter.py: FIPS compliant fix (use sha1 instead of md5 if not allowed)
2016-09-21 09:35:25 +02:00
sebres 0f1d1a0d4d ChangeLog: FIPS compliant 2016-09-21 09:22:18 +02:00
Serg G. Brester 1071db2256 filter.py: easy-fix to use sha1 instead of md5 if its usage prohibited by some systems following strict standards (like FIPS)
closes gh-1540
2016-09-20 00:00:26 +02:00
Serg G. Brester fad953ade6 Merge pull request #1544 from sebres/fix/vsftpd-gh-1543
filter.d/vsftpd.conf: optional reason part in message after FAIL LOGIN
2016-09-09 20:39:51 +02:00
sebres 20b92f3ead fail2ban-regex: build replacement of `<HOST>` substitution corresponding parameter `usedns` - now also in fail2ban-regex (amend) 2016-09-09 20:31:52 +02:00
sebres ebd864660a normalize usage of preferred encoding (and decode any to string);
python 3.x compatibility (used uni_decode for string representation of stdout/stderr, unified test cases)
amend for #1542
2016-09-09 20:29:55 +02:00
sebres e0347bb3a0 assertLogged extended with parameter wait (to wait up to specified timeout, before we throw assert exception) + test cases rewritten using that 2016-09-09 17:50:25 +02:00
sebres a20f325f80 database: stability fix - repack cursor iterator as long as locked 2016-09-09 17:36:01 +02:00
sebres f6197200a9 introduced new flag "banned" as property, used to recognize the ticket was really banned;
get/set restored flag functions rewritten to property "restored" similar to "banned";
several code optimizations and tests extensions;
2016-09-09 16:12:48 +02:00
sebres 2108216d33 file filter-backends: stability fix for sporadically errors - always close file handle, otherwise may be locked (prevent log-rotate, etc.) 2016-09-09 16:08:28 +02:00
sebres 4404642fa3 pyinotify-backend: stability fix for sporadically errors in multi-threaded environment (without lock) 2016-09-09 10:56:35 +02:00
sebres 8c4eebc3e3 reload actions amend, code review and test cases extended for update/start/stop of actions by reloading 2016-09-09 10:45:09 +02:00
sebres 9fb167b5e1 filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543 2016-09-09 09:20:15 +02:00
sebres 4fb511294e temp commit: reload now supported actions and action reloading (parameters, unban obsolete removed actions, etc.) 2016-09-08 23:56:32 +02:00
sebres d1ef33cc45 New command action parameter `actionrepair` - command executed in order to restore sane environment in error case of `actioncheck`.
# [WARNING] TODO: be sure all banactions get a repair command, because otherwise stop/start will theoretically remove all the bans, but the tickets are still in BanManager, so in case of new failures it will not be banned, because "already banned" will happen.
2016-09-08 20:06:22 +02:00
sebres 8cba537f6c code review and use new logger-signals for waiting; + regenerated man-files 2016-09-08 18:38:33 +02:00
sebres 27f6fc083a optimized BanManager: increase performance, fewer system load, try to prevent memory leakage:
- better ban/unban handling within actions (e.g. used dict instead of list)
- don't copy bans resp. its list on some operations;
- added new unbantime handling to relieve unBanList (prevent permanent searching for tickets to unban)
- prefer failure-ID as identifier of the ticket to its IP (most of the time the same, but it can be something else e.g. user name in some complex jails, as introduced in 0.10)
2016-09-08 18:27:55 +02:00
sebres d2ddc59c40 build replacement of `<HOST>` substitution corresponding parameter `usedns` - dns-part will be added only if `usedns` is not `no`;
new replacement for `<ADDR>` in opposition to `<HOST>`, for separate usage of 2 address groups only (regardless of `usedns`), `ip4` and `ip6` together, without host (dns)
2016-09-08 15:38:36 +02:00
sebres 8c26cada27 temp commit: partially cherry picked from ban-time-incr branch 2016-09-08 11:43:27 +02:00
sebres b12a3acb06 temp commit: reload not ready... 2016-09-07 21:07:50 +02:00