github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,730 Commits
33 Branches
229 Tags
18 MiB
Commit Graph

5730 Commits (fd3805b40a24bf1f40045a59c8c0282c1588be05)

Author SHA1 Message Date
Sergey G. Brester fbfc85d8c0
common.conf: fixed typo in comment (rfc5424 for logtype) 
no functional changes; closes #3274
 2022-05-12 18:09:09 +02:00
Logic-32 d11ad3b90f Adding jail name to notes to disambiguate between jails. 2022-05-07 20:52:39 -06:00
Logic-32 e89b2c0ff7 Moving inet6 family block to the end so other config doesn't get added to it. 2022-05-07 20:41:33 -06:00
Logic-32 7e7b9f4a35 Adding support for Cloudflare Token API. 
Closes #3080
 2022-04-27 14:19:18 -06:00
sebres f81f85569d Merge branch '0.11' 2022-03-03 15:18:11 +01:00
sebres 8c4d02403b Merge branch '0.10' into 0.11 2022-03-03 15:15:43 +01:00
sebres e2d50f38a6 amend to #2279: ensure that `<F-MLFGAINED>` match would reset all pending multi-line failures 2022-03-03 15:04:34 +01:00
sebres 7eac4ac06f fail2ban-regex: accepts filter parameters with new-line 2022-03-03 14:46:16 +01:00
sebres 3a9f5c0b5d Revert "highlighting got broken, so comment out unless GH/linguist gets fixed" 
This reverts commit 1e5d5a446a.
 2022-02-22 18:19:44 +01:00
Sergey G. Brester 03bcfa24ca
Merge pull request #3230 from szepeviktor/patch-9 
Render Changelog as Markdown
 2022-02-22 12:04:05 +01:00
Viktor Szépe 45e08cc07f
Render Changelog as Markdown 2022-02-21 18:29:04 +00:00
Sergey G. Brester 8e62c8a569
syntax 2022-02-21 17:02:24 +01:00
Sergey G. Brester 1e5d5a446a
highlighting got broken, so comment out unless GH/linguist gets fixed 
revert #3126
 2022-02-21 16:59:38 +01:00
sebres bc075ea682 Merge branch 'differentiate-ip-fid--gh-3217' 2022-02-18 20:22:28 +01:00
sebres b903059419 ChangeLog for RFE gh-3217 (with compat warning) 2022-02-18 20:19:43 +01:00
sebres 8eb521694e fulfill getIP with getID replacement; added simple tests for ticket 2022-02-11 21:25:31 +01:00
sebres cf2695a253 more test cases (coverage for fail2ban-regex on constellations with different IP/ID) 2022-02-11 21:13:30 +01:00
sebres c6e93db278 filter reader stream: don't need to generate None values from filter config 2022-02-11 21:12:59 +01:00
sebres b83712e3ec fail2ban-regex: accepts filter parameters with new-line 2022-02-11 21:11:29 +01:00
sebres 96121830da differentiate <ip> and <fid> (<F-ID>): if IP-address deviates from ID then `<ip>` is not `<fid>` anymore; 
introduces certain backwards incompatibility against actions that have used tag `<ip>` to get failure-ID, if IP-related tags (like `<ADDR>` or `<HOST>`) used additionally to `<F-ID>` and they are different, see gh-3217
 2022-02-11 19:10:26 +01:00
Sergey G. Brester 246d0e1100
Merge pull request #3216 from jerrykan/fix_missing_assert 
Add missing assert in Fail2banRegexTest.testFrmtOutput
 2022-02-11 18:28:37 +01:00
John Kristensen d17e61ed5b Add missing assert in Fail2banRegexTest.testFrmtOutput 
There was no associated `assertLogged()` for the "multiple id combined
to a tuple" test so nothing was actually being tested.
 2022-02-11 17:38:58 +11:00
sebres 8b11c89ed4 amend to drop support of python 2.6 2022-02-10 17:04:47 +01:00
sebres ff7fe572bf drop support for python 2.6 (hardly possible in modern CIs, new features would expect OrderedDicts, etc) 2022-02-10 15:48:51 +01:00
Sergey G. Brester 5bfd9992b4
Update FUNDING.yml 2022-02-09 17:50:35 +01:00
Sergey G. Brester a98c4218c1
Create FUNDING.yml 2022-02-09 17:34:51 +01:00
sebres a2431158f6 implements new interpolation variable `%(fail2ban_confpath)s` (automatically substituted from config-reader path, default `/etc/fail2ban` or `/usr/local/etc/fail2ban` depending on distribution); `ignorecommands_dir` is unneeded anymore, thus removed from `paths-common.conf`; 
fixes gh-3005
 2022-02-09 17:10:19 +01:00
sebres 13520a0494 Merge branch '0.11' 2022-02-09 15:45:17 +01:00
sebres 8ac49b5858 Merge branch '0.10' into 0.11 2022-02-09 15:44:35 +01:00
László Károlyi f380d6202d cherry pick #3210 from master 2022-02-09 15:43:21 +01:00
sebres cdb6a46945 systemd backend: better avoidance of landing in dead space by seeks over journals; 
increase verbosity and stability of few systemd tests (fixes sporadic timing issues);
seekToTime doesn't need to convert float to datetime, because seek_realtime accepts it as unix time (we need to convert integers only, since it means microseconds and deprecated);
 2022-02-09 14:47:40 +01:00
sebres 498e473a10 filter.d/courier-auth.conf: consider optional port after IP, regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now; 
closes #3211
 2022-02-09 12:18:23 +01:00
sebres 8013cf0b90 python actions have no attribute 'consistencyCheck' by default; 
closes gh-3214
 2022-02-08 19:57:40 +01:00
sebres 810386a265 filter.d/dovecot.conf: parse everything in parenthesis by auth-worker info, e. g. can match (pid=...,uid=...) too 
(amend to 92f90038fa)
 2022-02-08 19:21:37 +01:00
sebres c7ae74ce17 amend to a147a8b0e1b2f32b6f191932afd3c2db9765e2e3: systemd journal test-cases - additional check appropriate default settings (if testing as not root/sudoer) 2022-02-08 19:10:22 +01:00
Sergey G. Brester 6966b7e37d
Merge pull request #3210 from karolyi/patch-1 
Adjusting for updated dovecot log format
 2022-01-28 21:47:46 +01:00
Sergey G. Brester dfc866ea41
improve RE to solve conflict with expected another open parenthesis 2022-01-27 17:50:28 +01:00
Sergey G. Brester af8a9f7ff9
added test to cover the new log-format 2022-01-27 17:44:58 +01:00
László Károlyi 0f1706d4a1
Adjusting for updated dovecot log format 
This should now match:

`Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=<sales@karolyi.hu>, rip=183.111.188.94, lip=127.0.0.19, session=<Lsz0Oo7WXti3b7xe>`

the issue is the `read(size=1003)` that probably has been added lately and which causes the rule not to discover the log message.
 2022-01-27 11:28:20 +00:00
sebres f4641dfc00 observer API simplification (no failmanager in call of failureFound, jail.filter.failManager is enough) 2022-01-26 21:51:50 +01:00
sebres 06d2623c5e iptables and iptables-ipset actions extended to support multiple protocols with single action for multiport or oneport type (back-ported from nftables action); 
amend to gh-980 fixing several actions (correctly supporting new enhancements now)
 2022-01-26 21:51:11 +01:00
sebres ffc9fb4aa6 Merge branch '1.0-breakdown-safe-actions'; 
closes gh-980
 2022-01-25 00:40:51 +01:00
sebres b639c8869c make several iptables actions more breakdown-safe: start wouldn't fail if chain or rule already exists (e. g. created by previous instance and doesn't get purged properly); 
ultimately closes gh-980
 2022-01-25 00:35:14 +01:00
sebres 3d7e3bc2fb make ipset actions more breakdown-safe: start wouldn't fail if set with this name already exists (e. g. created by previous instance and don't deleted properly) 2022-01-24 22:56:16 +01:00
sebres 7db1c97a3e Merge remote-tracking branch 'remotes/sebres/1.0-breakdown-safe-actions' with master; 
conflicts resolved
 2022-01-24 22:31:51 +01:00
sebres 970573d1cb Merge branch '0.11' 2022-01-18 16:17:49 +01:00
sebres 35d73d9758 Merge branch '0.10' into 0.11 2022-01-18 16:17:07 +01:00
sebres bf689c27b8 filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of f77398c49d); 
closes gh-3086
 2022-01-18 15:42:35 +01:00
sebres 8bf15db688 filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port; 
closes gh-3169
 2022-01-18 15:41:27 +01:00
Sergey G. Brester ea7bbb4757
Merge pull request #2182 from orlitzky/openrc-improvements 
OpenRC service script improvements
 2022-01-10 14:39:11 +01:00