github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,281 Commits
33 Branches
229 Tags
19 MiB
Commit Graph

3281 Commits (fe8d585d9161c7a8f90e933bd002a1fa7babb652)

Author SHA1 Message Date
Yaroslav Halchenko fe8d585d91 Merge pull request #1225 from opoplawski/journaldefault 
Add *_backend options for services to allow distros to set the default backend
 2015-11-14 10:49:45 -05:00
Orion Poplawski c656cb0d36 Merge branch 'master' into journaldefault 
Conflicts:
	ChangeLog
 2015-11-13 15:22:59 -07:00
Yaroslav Halchenko b3ed19b36a DOC: tune up to jail.conf.5 - some line breaks, typos etc 2015-11-10 08:47:13 -05:00
Yaroslav Halchenko 6af6e40b62 Merge pull request #1241 from sebres/known/param-tag 
New interpolation feature for definition config readers - `<known/parameter>`
 2015-11-10 08:35:57 -05:00
Yaroslav Halchenko 441dffbe2a ENH: Pruned some "pragma: no cover"s in fail2banregex 
This code should and can be unit-tested, so no reason to keep it with
no cover
 2015-11-10 08:31:56 -05:00
Yaroslav Halchenko 584f3af5af Merge pull request #1240 from yarikoptic/master 
ENH: .mailmap file to bring some names together for git shortlog -sn
 2015-11-10 08:30:06 -05:00
Yaroslav Halchenko aa0588dd1a Merge pull request #1250 from sebres/_sb/fail2ban-regex-coverage 
RF: fail2ban-regex code moved into client/ codebase, unittested
 2015-11-10 08:28:56 -05:00
sebres 689dfa1e6a debuggexURL fixed for wrong encoded character; test cases extended; 2015-11-10 13:29:54 +01:00
sebres 38f09b417a fail2ban-regex command line (after fail2ban-regex functionality moved to the client) 2015-11-10 13:26:34 +01:00
sebres 0877d66228 fail2ban-regex moved to the client + test cases for initial coverage added 2015-11-10 11:46:19 +01:00
sebres 46b116e86a filter test cases improved + log captured inside such tests + python 3.x compatibility; 
changelog entry;
 2015-11-09 22:02:05 +01:00
sebres a42aa726ab fixed fail2ban-regex reads invalid character (in sense of given encoding); continuing to process line ignoring invalid characters (still has no test cases). 
filter test cases added for same issue inside fail2ban-server / fail2ban-testcases;
closes gh-1248
 2015-11-09 20:47:15 +01:00
Yaroslav Halchenko b100ee6302 Merge pull request #1244 from opoplawski/typo 
Fix typo
 2015-11-02 17:55:30 -05:00
Orion Poplawski ba76f4ca2f Fix typo 2015-11-02 15:21:14 -07:00
sebres 94cffece12 New interpolation feature for definition config readers - `<known/parameter>`, as extension to interpolation `%(known/parameter)s`, that does not works for filter and action init parameters; 2015-11-02 21:45:03 +01:00
Yaroslav Halchenko b40c6cbd9a ENH: .mailmap file to bring some names together for git shortlog -sn 2015-11-01 11:28:58 -05:00
sebres 5767191988 fixed misleading documentation of `banaction` 2015-11-01 17:08:00 +01:00
sebres fcf03790f4 fixed misleading documentation of `banaction` 2015-11-01 17:05:02 +01:00
Serg G. Brester eef7771b4e Merge pull request #1238 from sebres/fix/gh-1216 
Fixed directly defined banaction for allports jails like pam-generic, recidive, etc
 2015-10-31 13:17:04 +01:00
sebres e825e977cc Nginx log paths extended (prefixed with "*" wildcard) 
closes gh-1237
 2015-10-30 17:51:30 +01:00
sebres f359ed8c36 Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added); 
closes gh-1216
 2015-10-30 15:36:18 +01:00
sebres 53b39162a1 Shortly, much faster and stable version of regexp (possible because expression is start-anchored and does not contains closely to catch-all sub expressions) 2015-10-29 23:55:23 +01:00
sebres 6884593ab8 New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) 2015-10-29 23:15:20 +01:00
Orion Poplawski 0661aece46 Merge branch 'master' into journaldefault 
Conflicts:
	ChangeLog
 2015-10-29 15:22:37 -06:00
sebres eb87638ead ChangeLog entry for OpenHAB home automation filter (gh-1223) 2015-10-26 15:56:01 +01:00
1technophile 2861a957a9 filter for openhab domotic software authentication failure with the rest api and web interface + test cases; 
closes gh-1223
 2015-10-26 15:48:23 +01:00
Serg G. Brester 26517b0464 Merge pull request #1226 from pablorf-dev/master 
Minor fix and enhancement (fake google domains)
 2015-10-22 14:23:47 +02:00
Pablo Rodriguez Fernandez 2c576c64f8 Change domain filter regex 
Change domain filter regex since there are other Google crawlers.
See "Google crawlers"
<https://support.google.com/webmasters/answer/1061943?hl=en>
 2015-10-20 10:46:00 +02:00
Pablo Rodriguez Fernandez 74fcb219ab Enhanced Google domain detection in apache-fakegooglebot 
Previously, an attacker could fake a domain like
crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change
avoids to resolve fake Google domains.
 2015-10-20 10:45:53 +02:00
Orion Poplawski 3a9cf2b3da Add and use default_backend to set individual backend defaults to auto 2015-10-19 19:50:03 -06:00
Orion Poplawski 81a26266a9 Add changlog entry for postfix-rbl logpath change 2015-10-19 19:46:43 -06:00
Orion Poplawski ced7be94b2 Fix postfix_log typo 2015-10-19 19:43:10 -06:00
Orion Poplawski 75d33c0f09 Add *_backend options for services to allow distros to set the default backend 
per service.
Set default to systemd for Fedora as appropriate.
 2015-10-18 20:18:50 -06:00
Pablo 7e6964dd9d Fix section jail.conf.5 manpage 
The section of jail.conf manpage is wrong, should be 5, not 10
 2015-10-15 10:40:56 +02:00
Serg G. Brester 3a5d4fdd26 Merge pull request #1221 from pablorf-dev/master 
Add check in apache-fakegooglebot to protect against PTR fake record (gh-1221)
 2015-10-14 11:33:06 +02:00
Pablo Rodriguez Fernandez a28e6b442e Add check in apache-fakegooglebot to protect against PTR fake record 
An attacker may return a PTR record which fakes a Googlebot's domain
name. This modification resolves the PTR records to verify it.

See "Verifying Googlebot":
<https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>
 2015-10-13 17:11:49 +02:00
Yaroslav Halchenko 16443f7b05 Merge pull request #1219 from agentmoller001/patch-1 
Updated route.conf to clear warnings (Closes #1026)
 2015-10-09 21:26:53 -04:00
agentmoller001 617302fcc2 Updated route.conf to clear warnings 
Does not throw warnings when starting/restarting by adding three lines of code.
 2015-10-09 18:16:36 -07:00
Yaroslav Halchenko 6fb5e3a494 removed outdated and "problematic" .pydevproject 2015-10-09 14:10:02 -04:00
Serg G. Brester 42598fbf26 Merge pull request #1215 from paulmenzel/strip-trailing-whitespace-from-files-under-files 
files: Strip trailing whitespace from files
 2015-10-08 18:39:40 +02:00
Paul Menzel 078e2048f2 files: Strip trailing whitespace from files 
Run the command `StripWhitespace` from the [Vim Better Whitespace
Plugin](https://github.com/ntpeters/vim-better-whitespace).
 2015-10-08 16:18:08 +02:00
sebres 2696ede251 mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later 
closes gh-1211
 2015-10-07 14:34:13 +02:00
sebres 61ac481703 IpToName test case fixed ('66.249.66.1' resp. 'crawl-66-249-66-1.googlebot.com' seems to be unresolvable) 2015-10-07 13:36:21 +02:00
Serg G. Brester 68db52474d Merge pull request #1206 from kevinoid/ssh-match-auth-fail 
ssh.conf: Fix disconnect "Auth fail" matching
 2015-10-05 10:15:53 +02:00
Kevin Locke 2a5c93cfb5 Update ChangeLog and THANKS for "Auth fail" changes 
Document the changes from 36919d9f in the ChangeLog and add myself to
the THANKS file (at @sebres suggestion).

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-05 00:31:13 -07:00
Kevin Locke 42b0e9258d Test cases for ssh.conf disconnect "Auth fail" 
Add test coverage for the new disconnect "Auth fail" matching added in
36919d9f.

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-02 15:56:26 -07:00
Kevin Locke 36919d9f97 ssh.conf: Fix disconnect "Auth fail" matching 
The regex for matching against "Auth fail" disconnect log message does
not match against current versions of ssh.  OpenSSH 5.9 introduced
privilege separation of the pre-auth process, which included
[logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114)
which adds " [preauth]" to the end of each message and causes the log
level to be prepended to each message.

It also fails to match against clients which send a disconnect message
with a description that is either empty or includes a space, since this
is the content in the log message after the disconnect code, per
[packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215),
which was matched by \S+.  Although I have not observed this yet, I
couldn't find anything which would preclude it in [RFC
4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the
message is attacker-controlled it provides a way to avoid getting
banned.

This commit fixes both issues.

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-02 15:46:29 -07:00
Yaroslav Halchenko 8311bad4ea Merge pull request #1204 from szepeviktor/patch-8 
Added CloudFlare API error codes URL
 2015-09-30 07:54:30 -07:00
Viktor Szépe 0d8968daa9 Added CloudFlare API error codes URL 2015-09-30 16:07:45 +02:00
Yaroslav Halchenko 7f3b31aa37 Merge pull request #1198 from yarikoptic/enh-split-comma 
ENH: allow to split ignoreip by space and/or comma (Closes #1197)
 2015-09-27 11:09:55 -04:00