mirrors/fail2ban
1
0
Fork 0
mirror of https://github.com/fail2ban/fail2ban.git synced 2025-11-26 14:20:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,114 Commits 34 Branches 230 Tags
fix-pythonic-build-install
Commit Graph

6114 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
sebres
97a57daa13 implemented new command install-ex and option --prefix (similar to deprecated install method for lib and bin directories only); 2025-05-06 02:16:51 +02:00
sebres
8c6e34ba66 retrieve library and binary path using sysconfig (and generate error if it's not possible) 2025-05-03 23:36:13 +02:00
sebres
e8f9e37d34 review, clean-up 2025-05-03 22:47:59 +02:00
sebres
b70adfa107 rename commands to build-ex and install-ex and use build-ex instead of build in GHA 2025-05-03 22:37:15 +02:00
sebres
2b27d52bdd setup.py: enhanced with 2 new commands, f2b-build and f2b-install (not yet ready) to fulfill the build and installation processes 
if deprecated `install` method gets removed and pip (setuptools-via-PEP517) wouldn't install anything excepting library;
closes gh-3999
 2025-05-03 21:38:26 +02:00
Sergey G. Brester
f7aaaf50b8 filter.d/exim.conf: colon must be outside of F-RCPT group 2025-04-27 23:00:09 +02:00
sebres
f0a083449a coverage for non zero journalflags 2025-04-24 00:12:26 +02:00
sebres
9ecf6150c8 increase max wait time a bit - some (systemd) tests may fail occasionally in fast mode 2025-04-24 00:11:45 +02:00
sebres
cbc3cb431c amend to a0093b557e (systemd-review): flags cannot be specified simultaneously with files too; 2025-04-24 00:04:37 +02:00
Sergey G. Brester
d731b385f9 Merge pull request #3909 from avcbvamorec/patch-1 
Enhancement on iptables: allow bans to be effective on multiple chains at the same time
 2025-04-17 12:46:51 +02:00
Sergey G. Brester
52d239483d typo 2025-04-16 17:18:36 +02:00
sebres
0d4a926029 ChangeLog (enhancement and compat entries) 2025-04-16 17:13:58 +02:00
sebres
cbe14c70c5 iptables.conf rewritten to affect all derivative actions (multiple chains are also supported by iptables-ipset etc); 
iptables-xt_recent-echo.conf adjusted to be compatible to new syntax of inherited iptables.conf;
test coverage fixed to new handling
 2025-04-16 16:56:46 +02:00
Arnaud
37f72f88ef Reverting chains to chain in order to preserve backward compatibilityu 
backing to the option named "chain", using "iteredchain" a new variable to iterate over.
 2025-04-16 16:06:29 +02:00
Arnaud
139151ec81 Update iptables.conf - allow bans to be efective on multiple chains at the same time 
This patch allows the ban to be applied on the INPUT and the FORWARD chain at the time. May be useful at least on routing devices and on docker hosting machines.
 2025-04-16 16:06:28 +02:00
sebres
c76e90fbb1 * Merge pull request #3940 from exim-pr-mode-more 
`filter.d/exim.conf` - fewer REs by default, introduces mode `more`
 2025-04-02 15:11:38 +02:00
Sergey G. Brester
6538d43a8e Update ChangeLog 2025-04-02 14:57:03 +02:00
Sergey G. Brester
bfd80ce522 Merge pull request #3979 from LearningSpot/vaultwarden 
Added jail for Vaultwarden
 2025-04-02 14:41:38 +02:00
Sergey G. Brester
70ce1cef08 Update ChangeLog 2025-04-02 14:40:04 +02:00
Sergey G. Brester
426eeca62a fixed times in test-log (test suite working in TZ CET) 2025-04-02 13:52:58 +02:00
Sergey G. Brester
6104444bb4 improve regex (anchored from left, no catch-alls, <ADDR> for IP, etc) 2025-04-01 17:28:58 +02:00
Rajib Sharia
cf9135983c Update jail.conf 
Added jail for vaultwarden
 2025-04-01 20:40:15 +08:00
Rajib Sharia
c7f7bc55bb Create vaultwarden.conf 
Filter for unsuccessful Vaultwarden authentication attempts
 2025-04-01 20:36:53 +08:00
Rajib Sharia
6b57e46070 Create vaultwarden test log 2025-04-01 20:32:00 +08:00
sebres
fc3e8a5d37 remove help command from protocol (the command was never supported); 
closes gh-3241
 2025-03-31 02:29:51 +02:00
sebres
1d6ff06856 amend to a0093b557e: filter only readable journal files by retrieving non-rotated files (if user is not root) 2025-03-31 02:28:40 +02:00
sebres
767c89f863 satisfy spellcheck 2025-03-31 01:27:52 +02:00
sebres
a0093b557e Merge branch 'systemd-review' 
Large set of fixes and enhancements for `systemd` and `auto` backends:
* fixes `systemd` bug with missing journal descriptor after rotation by reopening of journal if it is recognized as not alive (gh-3929)
* improve threaded clean-up of all filters, new thread functions `afterStop` (to force clean-up after stop) and `done`, invoking `afterStop` once
* ensure journal-reader is always closed (additional prevention against leaks and "too many open files"), thereby avoid sporadic segfault in systemd module (see https://github.com/systemd/python-systemd/issues/143)
* fixes `systemd` causing "too many open files" error for a lot of journal files and large amout of systemd jails (see new parameter `rotated` below, gh-3391);
* backend `systemd` extended with new parameter `rotated` (default `false`, as prevention against "too many open files"),
  that allows to monitor only actual journals and ignore now a lot of rotated files by default; so can drastically reduce
  amount of used file descriptors, normally to 1 or 2 descriptors per jail (gh-3391)
* implements automatic switch `backend = auto` to backend `systemd`, when the following is true (RFE gh-3768):
  - no files matching `logpath` found for this jail;
  - no `systemd_if_nologs = false` is specified for the jail (`true` by default);
  - option `journalmatch` is set for the jail or its filter (otherwise it'd be too heavy to allow all auto-jails,
    even if they have never been foreseen for journal monitoring);
  (option `skip_if_nologs` will be ignored if we could switch backend to `systemd`)
 2025-03-31 01:18:53 +02:00
sebres
d5718503ad update changelog and documentation (new features and handling) 2025-03-31 01:13:02 +02:00
sebres
6b56259f9a amend, obtain argument namespace before we'll use it 2025-03-31 01:11:05 +02:00
sebres
b2352f113e implements the feature of automatic switch backend = auto to backend systemd, when: 
- no files matching `logpath` found for this jail;
- no `systemd_if_nologs = false` (`true` by default) is specified for the jail;
- option `journalmatch` is set for the jail or its filter (otherwise it'd be too heavy to allow all auto-jails, even if they have never been foreseen for journal);
- option `skip_if_nologs` will be ignored if we could switch backend to `systemd`;
closes gh-3768
 2025-03-30 22:31:44 +02:00
sebres
5a2fd9b31c split new test to 2 tests (allows to cover _globJournalFiles even if system-journal is not available) 2025-03-30 20:13:39 +02:00
sebres
4eef68b3d3 backend systemd extended with new parameter rotated (default false, as prevention against "too many open files"), that allows to monitor only actual journals and ignore a lot of rotated files by default; so can drastically reduce amount of used file descriptors (to 1 or 2 per jail); 
closes #3391
 2025-03-30 19:03:32 +02:00
sebres
7a4985178f amend 2025-03-30 18:59:18 +02:00
sebres
786d5b7e9e test-suite: increase wait-time for fast-mode for long waiting intervals (stability, avoid sporadic errors) 2025-03-30 06:07:17 +02:00
sebres
191d1e9533 improve threaded clean-up of filters, new functions afterStop (to force clean-up after stop) and done, invoking afterStop once; ensure journal-reader is always closed (prevention against "too many open files"), thereby avoid sporadic segfault in systemd module (https://github.com/systemd/python-systemd/issues/143) 2025-03-30 06:04:49 +02:00
sebres
9f0b6382bf idle must be before anything else in loop (to avoid endless errors if something continuously fails and filter will be placed to idle state after 100 unhandled errors) 2025-03-30 06:04:47 +02:00
sebres
f49d50b8fd ensure the reader is really closed before reopen (preventing leaks if some handles or whatever are still open) 2025-03-30 06:04:44 +02:00
sebres
994a0b69da fixes systemd bug with missing journal descriptor after rotation by reopening of journal if it is recognized (it is not alive); 
closes gh-3929
 2025-03-30 00:53:27 +01:00
Sergey G. Brester
16ae53e888 Update main.yml 
GHA: update python, 3.14.0-alpha.6 and pypy3.11
 2025-03-28 23:07:27 +01:00
sebres
ee421dfbd6 filter.d/apache-noscript.conf - consider new log-format with "AH02811: stderr from /..."; 
closes gh-3900
 2025-03-28 22:52:51 +01:00
sebres
b0d4eb07e5 command-line: test config shall output error directly and not using logger 2025-03-19 02:44:32 +01:00
sebres
d02a613e89 configreaders: don't swallow return code by decoding error (whole jail or fail2ban config failed to read due to some error like encoding etc), so dump or test of config would get an error at end (and coverage for #3971) 2025-03-19 02:19:16 +01:00
sebres
8ae6eaf39a filter.d/postfix.conf - default _daemon in prefix-line is loosened - can match everything starting with word postfix, like postfix-example.com/smtpd; 
closes gh-3297
 2025-03-10 22:35:26 +01:00
Sergey G. Brester
505d51fd5d Update PULL_REQUEST_TEMPLATE.md 2025-03-04 19:19:57 +01:00
sebres
4bb1fd519d test-suite: if failed, sample regexs factory would show responsible header line (failJSON) together with the error line 2025-03-04 14:39:24 +01:00
sebres
cf9c8f1e9b test-suite: fixed sample regexs factory counting of line number (if it errors, the line number showing in error line was incorrect, because of missing increment) 2025-03-04 14:27:21 +01:00
Sergey G. Brester
c035428535 Merge pull request #3954 from luckylittle/feature/systemd-journal-vsftpd 
`filter.d/vsftpd.conf` - fixed regex (if failures generated by systemd-journal)
 2025-03-04 14:20:01 +01:00
sebres
79346e4f2c updated ChangeLog 2025-03-04 14:15:14 +01:00
sebres
94fe9cf4a8 more fixes, capture user names, more tests... 
since line 7 matches successfully now (it was disabled in gh-358 because of obsolete format), it is marked as match:true (line can be removed later if unneeded)
 2025-03-04 14:13:07 +01:00