sebres
ee1727ecca
Merge pull request #1563 from niklasf/fix-lazy-ipv6-regex (and sebres/fix-lazy-ipv6-regex) into 0.10
2016-09-30 13:34:54 +02:00
sebres
276759b6c2
ExtendedCymruInfo code review and availability check in test cases;
...
max sleep time check of too long sleep increased to 1 second
2016-09-30 13:19:00 +02:00
sebres
9bf8985e2a
nginx-limit-req.conf: more precise failregex (word-boundary if `<HOST>` should be non-greedy for some reasons)
2016-09-30 12:33:43 +02:00
sebres
06674bb989
use common regex for IP addresses (removed code duplication)
2016-09-30 12:33:41 +02:00
Serg G. Brester
ba9a88977f
Merge pull request #1562 from sebres/_0.10/fix-stability-and-speed
...
0.10/fix stability and speed optimization
2016-09-30 12:14:51 +02:00
sebres
8b0f6c5413
badips test cases check availability of badips service (and skip this tests if it not available)
2016-09-30 12:03:27 +02:00
sebres
9a7c753372
fixes method-related filter for tests of suite loaded with loadTestsFromName (they may be a suite self)
2016-09-30 11:26:49 +02:00
Niklas Fiekas
057f2f3c56
make the ipv6 host regex greedy
...
Previously the regex was lazily matching ``2606:2800:220:1:248:1893:25c8:1946``
as ``2606:2800:220:1:248:1893:25c8:1``.
2016-09-30 11:08:07 +02:00
sebres
77ec9df678
standardize and normalize verbosity parameters for fail2ban-regex / fail2ban-testcases (-v ... -vvvv, or --verbosity=0..4)
2016-09-30 10:01:21 +02:00
sebres
2cfaf845ca
standardize and normalize logging and verbosity formats, logging level etc between command lines (server, client, test-cases);
...
test cases could pass (so increase) verbosity to the client (and furthermore client to the server also), usable for debug purposes resp. simplifying read of the log-file;
custom and precise numeric log-levels can be given in test cases now;
2016-09-29 21:23:37 +02:00
sebres
62b8664175
speedup server start/stop (waiting for communicate, etc);
...
extend server socket with timeouts, extend ping with timeout parameter;
2016-09-29 21:11:54 +02:00
sebres
542419acab
filtertestcase: use shorter sleep (almost just for the context switch here)
2016-09-29 21:08:27 +02:00
sebres
b615ba49ff
disengage testExecuteTimeout test-case from -fast option, just make it faster (timeout shorter) in this case
2016-09-29 21:08:25 +02:00
sebres
b011cf17b2
increase performance of executeCmd (actions), thereby introduced new shorter interval for fast operations (leaves unchanged default wait operation intervals (sleep time, threshold interval) - for the same inertance, to save same system (load by many jails resp. log files);
...
extends wait_for with callable timeout (test case fixed);
2016-09-29 21:07:46 +02:00
sebres
310d4e224d
Merge branch master (0.9) into 0.10
2016-09-29 19:46:11 +02:00
Serg G. Brester
8e3e333d54
Update ChangeLog
2016-09-27 14:17:45 +02:00
Serg G. Brester
d9e1a4f547
Merge pull request #1556 from szepeviktor/master
...
Monit config: scripting is not supported in path
2016-09-27 14:16:52 +02:00
Serg G. Brester
a0d8581a2c
Merge pull request #1557 from sebres/_0.10/fix-reload-bug
...
0.10/reload-and-more: reload without restart, stability and performance fixes
2016-09-26 15:25:36 +02:00
sebres
5151c4fa6d
ChangeLog entries added
2016-09-26 15:12:50 +02:00
sebres
5e4fdb60c8
extended test-cases (coverage)
2016-09-26 10:50:02 +02:00
sebres
449c46aec4
extended test-cases (coverage)
2016-09-23 15:21:23 +02:00
sebres
004879b5b1
code review: switch MAX_TIME to 0X7FFFFFFFFFFF (is enough, because 4461763-th year, but better performance)
2016-09-23 09:32:10 +02:00
sebres
e00be5f308
Fixed sporadically error in testCymruInfoNxdomain, because of unsorted values:
...
```
AssertionError: Dictionaries differ:
{'country': ['unknown', 'nxdomain'], 'asn': ['4565', 'nxdomain'], 'rir': ['other', 'nxdomain']} !=
{'country': ['nxdomain', 'unknown'], 'asn': ['nxdomain', '4565'], 'rir': ['nxdomain', 'other']}
```
Added assertDictEqual for compatibility to early python versions (< 2.7);
2016-09-22 22:45:54 +02:00
sebres
e7fa74b989
smaller inertance inside test-cases (amend to d153555a07
with decreasing default wait operation that litle bit speedup test-cases)
2016-09-22 22:45:52 +02:00
sebres
ab0c28260b
switch down log level for some annoying messages to tracedebug or heavydebug (to 7 or even 5);
...
added verification of specified log-level before transmitting to the server;
numeric log-level allowed now in server (resp. fail2ban.conf);
2016-09-22 22:44:46 +02:00
Viktor Szépe
a406c6eb3a
By the author:
...
> Yes, scripting is not supported in path.
https://bitbucket.org/tildeslash/monit/issues/372/webadmin-shows-only-the-first-part-of#comment-27946048
2016-09-22 20:29:26 +00:00
sebres
48ebe3e735
FilterPyinotify: high cpu load fix - timeout for pyinotify must be set in milliseconds (our time values are floats contain seconds);
2016-09-22 20:15:12 +02:00
sebres
c0373a7158
repair typo bug in reloading for systemd-filter;
...
JailThread get method `join` for safe usage of it, also for not started threads (test-cases or in case of error), that will be used for cleanup resp. wait purposes also (see join of pyinotify-filter);
2016-09-22 19:00:54 +02:00
sebres
d153555a07
increase default wait operation (sleep time, threshold interval) - avowedly greater inertance, but fewer system load by many jails resp. log files;
...
waiting with `wait_for` extended with verifying of active flag;
implemented better error handling in some multi-threaded routines;
shutdown of jails rewritten (faster and safer, does not breaks shutdown process if some error occurred);
2016-09-22 18:10:42 +02:00
sebres
35ce1166b6
allows to update some configuration options (read with config-readers) with command line option, e. g.:
...
```bash
## start server with DEBUG log-level (ignore level read from fail2ban.conf):
fail2ban-client --loglevel DEBUG start
## or
fail2ban-server -c /cfg/path --loglevel DEBUG start
## keep server log-level by reload (without restart it)
fail2ban-client --loglevel DEBUG reload
## switch log-level back to INFO:
fail2ban-client set loglevel INFO
```
2016-09-22 14:21:31 +02:00
Serg G. Brester
28e286cd2d
Merge pull request #1551 from fail2ban/sebres-patch-fips-gh-1540
...
filter.py: FIPS compliant fix (use sha1 instead of md5 if not allowed)
2016-09-21 09:35:25 +02:00
sebres
0f1d1a0d4d
ChangeLog: FIPS compliant
2016-09-21 09:22:18 +02:00
Serg G. Brester
1071db2256
filter.py: easy-fix to use sha1 instead of md5 if its usage prohibited by some systems following strict standards (like FIPS)
...
closes gh-1540
2016-09-20 00:00:26 +02:00
Serg G. Brester
fad953ade6
Merge pull request #1544 from sebres/fix/vsftpd-gh-1543
...
filter.d/vsftpd.conf: optional reason part in message after FAIL LOGIN
2016-09-09 20:39:51 +02:00
sebres
20b92f3ead
fail2ban-regex: build replacement of `<HOST>` substitution corresponding parameter `usedns` - now also in fail2ban-regex (amend)
2016-09-09 20:31:52 +02:00
sebres
ebd864660a
normalize usage of preferred encoding (and decode any to string);
...
python 3.x compatibility (used uni_decode for string representation of stdout/stderr, unified test cases)
amend for #1542
2016-09-09 20:29:55 +02:00
sebres
e0347bb3a0
assertLogged extended with parameter wait (to wait up to specified timeout, before we throw assert exception) + test cases rewritten using that
2016-09-09 17:50:25 +02:00
sebres
a20f325f80
database: stability fix - repack cursor iterator as long as locked
2016-09-09 17:36:01 +02:00
sebres
f6197200a9
introduced new flag "banned" as property, used to recognize the ticket was really banned;
...
get/set restored flag functions rewritten to property "restored" similar to "banned";
several code optimizations and tests extensions;
2016-09-09 16:12:48 +02:00
sebres
2108216d33
file filter-backends: stability fix for sporadically errors - always close file handle, otherwise may be locked (prevent log-rotate, etc.)
2016-09-09 16:08:28 +02:00
sebres
4404642fa3
pyinotify-backend: stability fix for sporadically errors in multi-threaded environment (without lock)
2016-09-09 10:56:35 +02:00
sebres
8c4eebc3e3
reload actions amend, code review and test cases extended for update/start/stop of actions by reloading
2016-09-09 10:45:09 +02:00
sebres
9fb167b5e1
filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543
2016-09-09 09:20:15 +02:00
sebres
4fb511294e
temp commit: reload now supported actions and action reloading (parameters, unban obsolete removed actions, etc.)
2016-09-08 23:56:32 +02:00
sebres
d1ef33cc45
New command action parameter `actionrepair` - command executed in order to restore sane environment in error case of `actioncheck`.
...
# [WARNING] TODO: be sure all banactions get a repair command, because otherwise stop/start will theoretically remove all the bans, but the tickets are still in BanManager, so in case of new failures it will not be banned, because "already banned" will happen.
2016-09-08 20:06:22 +02:00
sebres
8cba537f6c
code review and use new logger-signals for waiting; + regenerated man-files
2016-09-08 18:38:33 +02:00
sebres
27f6fc083a
optimized BanManager: increase performance, fewer system load, try to prevent memory leakage:
...
- better ban/unban handling within actions (e.g. used dict instead of list)
- don't copy bans resp. its list on some operations;
- added new unbantime handling to relieve unBanList (prevent permanent searching for tickets to unban)
- prefer failure-ID as identifier of the ticket to its IP (most of the time the same, but it can be something else e.g. user name in some complex jails, as introduced in 0.10)
2016-09-08 18:27:55 +02:00
sebres
d2ddc59c40
build replacement of `<HOST>` substitution corresponding parameter `usedns` - dns-part will be added only if `usedns` is not `no`;
...
new replacement for `<ADDR>` in opposition to `<HOST>`, for separate usage of 2 address groups only (regardless of `usedns`), `ip4` and `ip6` together, without host (dns)
2016-09-08 15:38:36 +02:00
sebres
8c26cada27
temp commit: partially cherry picked from ban-time-incr branch
2016-09-08 11:43:27 +02:00
sebres
b12a3acb06
temp commit: reload not ready...
2016-09-07 21:07:50 +02:00