mirrors/fail2ban
1
0
Fork 0
mirror of https://github.com/fail2ban/fail2ban.git synced 2025-11-26 14:20:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
5,752 Commits 34 Branches 230 Tags
5dcbc0dd551f711ade5b24ba5ae706d965c9fb0e
Commit Graph

5752 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Łukasz Turon
5dcbc0dd55 Update .gitignore 
Please add this entry for virtual python interpreter. This directory name is needed in the PyCharm environment.
 2023-02-18 23:49:28 +01:00
sebres
f93a538693 gh-3447: fix careless mistake arisen in b12a3acb06 by attempt to implement new reload capacity (rewritten latter): causing error "'noduplicates' is not defined" by double jail configuration 2023-01-17 12:53:39 +01:00
sebres
a3a3fffa54 Merge branch 'fix-gh-3438': 
* circumvent SEGFAULT in a python's socket module by getaddrinfo with disabled IPv6 (gh-3438)
* improve auto-detection of IPv6 support (`allowipv6 = auto` by default)
* improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132)
 2023-01-11 18:41:15 +01:00
sebres
ed135b6a93 changelog entries (gh-3438, gh-3132) 2023-01-11 18:30:37 +01:00
sebres
582436aadf don't add subnets to local addresses of ignoreself from network interfaces, use only IPs instead (subnets may be too heavy and not wanted, todo: make it configurable later) 2023-01-11 18:27:44 +01:00
sebres
cb8674e68a amend with few improvements, IPv6IsAllowed prefers IPs from network interfaces (if available for platform) and uses DNS (socket.getaddrinfo) as a fallback only 2023-01-10 12:20:48 +01:00
sebres
09c23fd5b8 try to obtain local addresses from network interfaces before DNS to IP lookup (closes gh-3132); 
DNSUtils.getSelfIP returns IPAddrSet now (because own IPs may be the subnets now, so the check `ignoreself` must check whether any of subnets contains the IP)
 2023-01-09 21:52:12 +01:00
sebres
d8a9812adc improve auto detection of IPv6 - try to check sysctl net.ipv6.conf.all.disable_ipv6 (prefer value read from /proc/sys/net/ipv6/conf/all/disable_ipv6) 2023-01-09 16:21:36 +01:00
sebres
58834b6734 better auto-detection for IPv6 support (allowipv6 = auto by default); circumvent SF in some python's socket module by getaddrinfo with disabled IPv6 (closes gh-3438) 2023-01-06 14:50:25 +01:00
Sergey G. Brester
432e7e1e93 no warning if no config value but default (debug message now) 
closes #3420
 2022-11-28 13:21:15 +01:00
Sergey G. Brester
bd6e7aeff0 Merge pull request #2112 from al42and/dante 
Create filter for Dante SOCKS server
 2022-11-18 12:43:44 +01:00
Sergey G. Brester
efbbcb41ea non capturing group 2022-11-18 12:32:15 +01:00
Sergey G. Brester
996553f330 review, simplify regex and capture user name 2022-11-18 12:31:11 +01:00
Andrey Alekseenko
df91b047d2 Dante SOCKS server: handle "1 byte/second" case 
Thanks to @Loriowar and @sebres for pointing it out
 2022-11-17 23:22:56 +01:00
Andrey Alekseenko
05c162ef10 Create filter for Dante SOCKS server 2022-11-17 23:22:55 +01:00
Sergey G. Brester
ae5fe2e003 amend to #3405, eliminate catch-all 2022-11-15 14:29:59 +01:00
sebres
36af3f2502 Merge branch 'gh-3405' 2022-11-15 14:23:28 +01:00
sebres
a58fcb8786 fix cut out of match for pattern with {EPOCH} (similar to other datepatterns group capturing whole regex only added if no groups specified at all); 
allows to specify more precise anchored patterns, for example `datepattern = ^type=\S+ msg=audit\(({EPOCH})` for selinux-filters
 2022-11-14 19:28:18 +01:00
sebres
cbb097a2b3 small amend (non capturing group) 2022-11-14 18:56:01 +01:00
sebres
82506f0586 filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new format with GS and additional parameters, e. g. grantors) 2022-11-14 18:51:06 +01:00
sebres
eba33d6205 version bump 2022-11-14 18:13:01 +01:00
sebres
e1d3006b03 update 1.0.2 -- finally-war-game-test-tape-not-a-nuclear-alarm 1.0.2 2022-11-09 16:46:15 +01:00
sebres
fd3805b40a changelog: backend systemd: code review and several fixes 2022-11-08 19:26:23 +01:00
sebres
cd17906afe Merge branch '0.11' 2022-11-08 19:03:01 +01:00
sebres
d8e2b03a24 filter.d/named-refused.conf extended (closes gh-3388): 
- support BIND named log categories
  - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)
 2022-11-03 11:41:21 +01:00
sebres
6d19d2e800 Merge branch '0.10' into 0.11 2022-11-02 21:06:46 +01:00
sebres
04c252c34b filtersystemd: code review, wait only if it is necessary - in operational mode and if no more entries retrieved (end of journal); 
attempt to fix gh-3396 - ensure we give enough time after journal.wait returns with INVALIDATE (due to rotation, vacuuming or journal files added/removed etc) and move cursor back and forth to avoid entering dead space
 2022-11-02 21:05:18 +01:00
sebres
ca2b94c522 fixes gh-3370: resolve extremely long search by repeated apply of non-greedy RE (?:: (?:[^\(]+|\w+\([^\)]*\))+)? with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests 
amend to gh-3210: fixes regression and matches new format in aggressive mode too
 2022-10-04 14:10:45 +02:00
sebres
fc7dbcc6a7 test-suite: avoid mistaken match that confuses output with working on line message by deep debugging of test (e. g. with -l 4) 2022-09-28 15:37:52 +02:00
sebres
f8fcaf943b version bump 2022-09-27 22:57:50 +02:00
sebres
677da51562 release 1.0.1 -- energy-equals-mass-times-the-speed-of-light-squared 1.0.1 2022-09-27 18:27:51 +02:00
sebres
bd94b7a47d make up leeway of ChangeLog (prepare release of 1.0) 2022-09-23 21:52:14 +02:00
sebres
2df58c5281 close fork 2022-09-16 19:20:44 +02:00
sebres
7bd4f41171 Merge branch '0.11' 2022-09-16 19:17:55 +02:00
sebres
94dac78afe Merge branch '0.10' into 0.11 
(conflicts resolved)
 2022-09-16 19:14:50 +02:00
sebres
485c50228a explicitly close cursor if not needed anymore (GC can grab it late) 2022-09-16 18:34:47 +02:00
sebres
45ef36276f fixes gh-3352: failed update of database didn't signal with an error 
* client and server exit with error code by failure during start process (in foreground mode)
  * added fallback to repair if database cannot be upgraded
code review and unify (more homogeneous by client and server now)
 2022-09-16 17:58:24 +02:00
Jeff Johnson
f9f78ed9d2 IPThreat integration (#3349) 
new IPThreat action
 2022-09-13 11:01:46 +02:00
sebres
934e1b606d Merge branch '0.11' 2022-09-08 21:22:23 +02:00
sebres
8dccf099e4 Merge branch '0.10' into 0.11 
(conflicts resolved)
 2022-09-08 16:32:34 +02:00
sebres
5e74499ffd provides details of failed regex compilation in the error message we throw in Regex-constructor (it's good to know what exactly is wrong) 2022-09-08 16:04:46 +02:00
sebres
d6896eb26d New logtarget: systemd-journal; 
rebased #1403 from da2x:feature-systemd-journal
 2022-08-29 12:30:05 +02:00
sebres
a08b925468 Merge branch '0.11' 2022-08-17 16:59:02 +02:00
sebres
467024797f Merge branch '0.10' into 0.11 2022-08-17 16:56:10 +02:00
sebres
35eb9acaee Merge branch 'test-gh-3334' into 0.10 - speedup daemonization process by huge open files limit 
Closes #3334
 2022-08-17 16:51:36 +02:00
sebres
476136281c Revert "check large nofile limit issue (#3334)" (back to original open files limit) 
This reverts commit 24b1dea197.
 2022-08-17 16:04:10 +02:00
sebres
38026e5963 code review (replace deprecated setter, since python 3.10) 2022-08-17 16:01:04 +02:00
sebres
535a982dcc fixes #3334: speedup daemonization process by huge open files limit (try to close open file descriptors obtained from /proc/self/fd or /proc/fd) 2022-08-17 15:07:30 +02:00
Sergey G. Brester
24b1dea197 check large nofile limit issue (#3334) 2022-08-17 13:10:02 +02:00
Sergey G. Brester
92d5455bdd Merge pull request #3330 from tomers/reverse-in-a-single-line 
Reverse in a single line
 2022-08-09 17:23:18 +02:00