Commit Graph

5464 Commits (fc00681c48813b2aef121036d6d98cc32f2876a1)

Author SHA1 Message Date
sebres 2c69c0e7e5 flush jail in database: bulk remove of all IPs in the database (e. g. reload --unban). 2018-01-09 12:15:56 +01:00
Yannik Sembritzki aab54bb0dd
don't replace normal test case with specialized test case 2018-01-08 22:29:43 +01:00
Yannik Sembritzki 94f0b15c32
Allow faster parsing of hosts without ' characters in them 2018-01-08 14:54:32 +01:00
Yannik Sembritzki eaf5e88692
replace actual offenders ip with 1.2.3.4 2018-01-03 19:00:09 +01:00
Yannik Sembritzki 184202c6aa
remove duplicate testcase 2018-01-03 18:49:38 +01:00
Yannik Sembritzki a53ee46ad4
add test for asterisk pjsip attack with quote in username 2018-01-03 18:48:11 +01:00
Yannik Sembritzki b28dfb965a
Fix filter not catching asterisk requests with quote character in username (fixes #2010) 2018-01-03 18:39:30 +01:00
sebres 1e39c2600c cherry-pick from 0.11: changes in updateDb because it can be executed after repair, and some tables can be missing. 2017-12-22 17:21:11 +01:00
sebres 277edd5fe5 amend to pull request #2004: merge remote-tracking branch 'sebres/auto-repair-database' into 0.10 2017-12-22 16:21:22 +01:00
sebres ab3d03beec Better variant of repair database: recreate all tables/indices, that can be missing after supposedly successful rescue 2017-12-22 16:13:57 +01:00
Serg G. Brester 75f00a3a6c
Merge pull request #2004 from sebres/auto-repair-database
Automatically recover or recreate corrupt persistent database
2017-12-22 14:31:25 +01:00
Serg G. Brester b104da2800
Merge pull request #2005 from sebres/0.10
Stability fix for fail2banclienttestcase, avoid sporadic coverage decrease.
2017-12-22 14:27:20 +01:00
sebres a10d544ddc coverage: fix another sporadic coverage decrease, if idle mode never reached in some test-cases (e. g. by slowly reloading of jails). 2017-12-22 14:12:19 +01:00
sebres 80932af406 coverage: testErrorsInLoop should avoid sporadic coverage changes, if some communication errors not occurred sometimes. 2017-12-22 13:29:35 +01:00
sebres a1fd2c507e method `waitForServerEnd` renamed into `stopAndWaitForServerEnd` (because will also stop the server) 2017-12-22 13:00:29 +01:00
sebres 1ad587ac7c Stability fix for fail2banclienttestcase:
- provide waitForServerEnd method for decorator `with_foreground_server_thread`, to wait for real server stop if needed;
  - accept any exit code in decorator `with_foreground_server_thread`, because multi-threaded, thus server can exit in-between;
  - fix sporadic fail "AssertionError: 'Banned 5 / 5, 5 ticket(s)' was not found" (if some tickets will be processed earlier,
    thus not as chunk but separately), so in case of:
Banned 1 / 1, 1 ticket(s) in 'nginx-blck-lst'
Banned 4 / 5, 5 ticket(s) in 'nginx-blck-lst'
2017-12-22 12:36:01 +01:00
Serg G. Brester 2d23f35d26
Update ChangeLog
typo: missing newline restored.
2017-12-21 22:50:54 +01:00
sebres 79443210ad Update ChangeLog 2017-12-21 22:49:57 +01:00
sebres 9374de59f3 Automatically recover or recreate corrupt persistent database (e. g. if failed to open with 'database disk image is malformed').
Closes #1465
2017-12-21 22:38:54 +01:00
Serg G. Brester 61109d5c4f
Merge pull request #1996 from meke/firewallcmd-new_actioncheck_error
firewallcmd-new actioncheck Error
2017-12-09 15:59:40 +01:00
root 79f414c6a2 fix <family> typo 2017-12-09 15:55:45 +01:00
root 7c63eb2378 In the CentOS7 and epel environment, result of "firewall-cmd -direct -get -chains ipv4 filter" is displayed one line
Changed to be multiple lines with reference to firewallcmd-multiport.conf
2017-12-09 15:55:45 +01:00
Serg G. Brester 95a87077f7
Merge pull request #1995 from sebres/firewallcmd-ipset-flush
action.d/firewallcmd-ipset.conf: extended with actionflush to bulk unban resp. flush ipset
2017-12-06 11:43:01 +01:00
sebres bf6667d4da better (sane) stop server handling, AsyncServer.stop_communication back-ported to 0.10 (cherry-picked from 0.11); 2017-12-06 01:38:39 +01:00
sebres 6ccaa03e00 action.d/firewallcmd-ipset.conf: extended with actionflush to bulk unban resp. flush ipset 2017-12-06 01:10:56 +01:00
sebres aa9cefc3f8 proper stop server in the test cases (quit should stop all server-side threads, also if server was not really started);
fix-up for run_with_except_hook: avoid very sporadic error "'NoneType' object has no attribute 'exc_info'" (https://bugs.python.org/issue7336),
only extremely fast systems are affected ATM (2.x / 3.x), if thread ends nothing is available in .
2017-12-06 01:09:04 +01:00
sebres 2712f72650 Merge remote-tracking branch 'master' into 0.10 2017-12-06 00:09:52 +01:00
Serg G. Brester ad658a0a95
Merge pull request #1989 from sebres/logging-options
New server logging options
2017-12-06 00:07:51 +01:00
Serg G. Brester f96761927d
Merge pull request #1969 from RaidForums/patch-1
Update nginx-limit-req filter.
2017-12-05 23:51:18 +01:00
sebres cc9ff31c9c Update ChangeLog: `action.d/firewallcmd-ipset.conf`: fixed create of set for ipv6 (missing `family inet6`, gh-1990) 2017-12-05 23:35:34 +01:00
sebres e384acca5f action.d/firewallcmd-ipset.conf: fixed create of set for ipv6 (missing `family inet6`) 2017-12-05 23:34:03 +01:00
Kevin Maradona 6c705d572b filter.d/nginx-limit-req.conf: nginx limit-req log-level can be set to warn or error therefore having this regex will include both of them. 2017-12-05 22:31:54 +01:00
sebres 55143ce1d9 coverage increase 2017-12-05 19:32:13 +01:00
sebres f9833ddee4 Update ChangeLog 2017-12-05 18:55:47 +01:00
sebres 1bf6636446 Introduced new parameters for logging within fail2ban-server;
Usage `logtarget = target[facility=..., datetime=on|off, format="..."]`:
  - `facility` - specify syslog facility (default `daemon`, see https://docs.python.org/2/library/logging.handlers.html#sysloghandler
     for the list of facilities);
  - `datetime` - add date-time to the message (default on, ignored if `format` specified);
  - `format` - specify own format how it will be logged, for example for short-log into STDOUT:
      `fail2ban-server -f --logtarget 'stdout[format="%(relativeCreated)5d | %(message)s"]' start`;
Closes gh-1980
2017-12-05 18:54:21 +01:00
sebres de97dedba0 move extractOptions from JailReader to helpers (common usage server- / client-side); 2017-12-05 17:49:22 +01:00
Serg G. Brester ff987b60cd
Merge pull request #1988 from sebres/exim-aggressive
Exim aggressive
2017-12-05 17:30:10 +01:00
Serg G. Brester b0ba1aa846
Update ChangeLog 2017-12-05 16:24:04 +01:00
sebres ffd6b9f6de jail.conf: extended with new parameter `mode` for the filters supporting it; 2017-12-05 16:09:18 +01:00
sebres 2b68882502 filter.d/exim.conf: provides mode "aggressive" to ban flood resp. DDOS-similar failures;
Closes #1983
2017-12-05 16:07:53 +01:00
sebres 7f89fbc33f Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-12-01 15:53:11 +01:00
Serg G. Brester f834e7826d
Merge pull request #1979 from peternowee/fix-exim-lowercase-auth
Exim failregex: Include lower/mixed case AUTH
2017-12-01 15:22:09 +01:00
Peter Nowee e4bbaf3d58
Update ChangeLog 2017-12-01 15:01:48 +01:00
Serg G. Brester f1c89f6631
Merge pull request #1981 from sebres/datedetector-dual-space
datedetector: extended default date-patterns (allows extra space between the date and time stamps)
2017-12-01 10:48:00 +01:00
sebres 5547697401 ChangeLog and typo 2017-12-01 10:16:14 +01:00
sebres 2e437937c3 datedetector: extended default date-patterns (allows extra space between the date and time stamps);
* introduces 2 new format directives (with corresponding `%Ex` prefix for more precise parsing):
  - %k - one- or two-digit number giving the hour of the day (0-23) on a 24-hour clock,
   (corresponds %H, but allows space if not zero-padded).
  - %l - one- or two-digit number giving the hour of the day (12-11) on a 12-hour clock,
   (corresponds %I, but allows space if not zero-padded).
* mysqld-auth test extended to cover new date-format in log.
Closes gh-1639
2017-11-30 17:06:37 +01:00
Serg G. Brester cbd63d9cd5
added test to cover quoted injecting on AUTH command 2017-11-30 12:45:11 +01:00
Serg G. Brester 4f63180611
Avoid injection using quotes after `auth` command;
Added non-greedy fallback for quoted something (with lookahead simulated possessive greedy catch of non-quoted parts `[^"]*(?=")`).
Note that because host-info's are hereafter (with foreign input in-between), we would not use greedy or non-greedy catch-alls (`.*` or `.*?`) here (preventing performance losses).
2017-11-30 12:32:24 +01:00
Serg G. Brester f59df2e156
Avoid any injecting on protocol (e. g. tries using camel-case)
The phrase "AUTH command used when not advertised" is precise enough as anchor here, so prevent by any foreign-input (any auth protocol error).
2017-11-29 20:55:48 +01:00
Peter Nowee aa158ac05f
Exim failregex: Include lower/mixed case AUTH
When reporting the error `AUTH command used when not advertised`, Exim
starts with `SMTP protocol error in "........."`. Here, Exim logs the
SMTP command as it was provided by the connecting client.
https://github.com/Exim/exim/blob/exim-4_89+fixes/src/src/smtp_in.c#L2850

According to RFC 5321 (SMTP) "[..] a command verb [..] MAY be encoded
in upper case, lower case, or any mixture of upper and lower case with
no impact on its meaning."
https://tools.ietf.org/html/rfc5321#section-2.4

Lower case `auth login` brute-force attempts were seen in the wild and
were not caught by the current failregex.

This commit makes the failregex case-insensitive for the `AUTH`
command, so that lower case (`auth`) or mixed case (`aUtH`) now also
match. The failregex was already case-insensitive for the command
arguments (e.g. `AUTH login` already matched).
2017-11-29 15:14:43 +01:00