Commit graph

3494 commits

Author SHA1 Message Date
Yaroslav Halchenko
057f0ad135 ENH: allow_no_files option for jail's convert to allow testing of stock jail.conf 2013-06-21 12:44:37 -04:00
Yaroslav Halchenko
61f81c6b2f Changelog entries with close statements for recent changes 2013-06-21 11:12:44 -04:00
Yaroslav Halchenko
27947407bc ENH: raise an exception if not a single file was found for the jail. Close #63 2013-06-21 11:12:44 -04:00
Yaroslav Halchenko
b6be8b8243 ENH/RF: remove __readJailConfig in favor of __readConfig + catch/error exceptions while reading the configuration 2013-06-21 11:12:44 -04:00
Yaroslav Halchenko
2974cac40c RF: log all logging output from fail2ban-client to stderr. Close #264
otherwise it
1. 'interferes' with meaninful output of the client
2. if ERROR is logged it better go to stderr and separating ERROR from other levels is not that transparent with python's logging
2013-06-21 11:12:36 -04:00
Steven Hiscocks
f87c53fa52 BF: fail2ban-regex adding duplicate lines with each regex
This is another fix on top of e73b3dd to correctly resolve this issue
2013-06-19 20:03:19 +01:00
Steven Hiscocks
123ec3da13 BF: Incorrect import for 0.9 branch in fail2ban-regex 2013-06-19 20:02:49 +01:00
Yaroslav Halchenko
8487cb2e90 Merge commit '0.8.10-31-g1ab0f0f' into 0.9
* commit '0.8.10-31-g1ab0f0f': (24 commits)
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  DOC: Changelog for fail2ban-regex RF
  DOC: Changelog for asterisk hardening
  ENH: fail2ban-regex -- add specification of loglevels to enable
  RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs
  ENH: 'heavydebug' level == 5 for even more debugging in tricky cases
  ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
  BF: missed a space
  BF: [SSL-out] is optional in assp
  ENH: regex hardening on assp
  ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
  TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: dovecot regexs rewritten and extra failures
  ENH: proftp regex hardening and log messages
  ENH/BF: exim improvements with sample
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  ...

Conflicts: -- it was a messy merge/resolution.
	ChangeLog
	bin/fail2ban-regex
	fail2ban-testcases
	fail2ban/server/filter.py
2013-06-18 20:21:23 -04:00
Steven Hiscocks
9b8eaa90ef ENH: Reorder date regex and remove duplicate ISO8601 format 2013-06-18 22:19:53 +01:00
Yaroslav Halchenko
1ab0f0f9e3 Merge branch 'master' of https://github.com/yarikoptic/fail2ban
* 'master' of https://github.com/yarikoptic/fail2ban:
  DOC: Changelog for fail2ban-regex RF
  ENH: fail2ban-regex -- add specification of loglevels to enable
  RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs
  ENH: 'heavydebug' level == 5 for even more debugging in tricky cases

Conflicts:
	ChangeLog
2013-06-15 10:52:05 -04:00
Daniel Black
25c3bbfc2f DOC: credits/blame to me for changes to exim 2013-06-16 00:25:24 +10:00
Daniel Black
b8cfda68b8 ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries 2013-06-16 00:19:37 +10:00
Daniel Black
ee786671aa DOC: developing filters without DoS 2013-06-15 13:17:09 +10:00
Daniel Black
d441d61a1e TST/ENH: Improve regex around exim
rejected by local_scan now has test cases.

Unrouteable address error messages now normalised after looking into
exim code.
2013-06-15 12:34:16 +10:00
Yaroslav Halchenko
9d4b613ee4 Merge branch '3proxy' of https://github.com/grooverdan/fail2ban
* '3proxy' of https://github.com/grooverdan/fail2ban:
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
  BF: need to anchor the start to avoid another repeat of DoS injection like Apache
  ENH: stricter regex thanks to Steven Hiscocks (kwirk)
  DOC: credits

Conflicts:
	ChangeLog
2013-06-14 12:32:51 -04:00
Yaroslav Halchenko
173fe48e77 Merge branch 'exim' of https://github.com/grooverdan/fail2ban
* 'exim' of https://github.com/grooverdan/fail2ban:
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  ENH/BF: exim improvements with sample

Conflicts:
	ChangeLog
2013-06-14 12:28:07 -04:00
Yaroslav Halchenko
ec629ab4e8 Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban
* 'proftpd' of https://github.com/grooverdan/fail2ban:
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: proftp regex hardening and log messages

Conflicts:
	ChangeLog
2013-06-14 12:16:59 -04:00
Yaroslav Halchenko
ab2c738b43 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
* 'dovecot' of https://github.com/grooverdan/fail2ban:
  TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
  ENH: dovecot regexs rewritten and extra failures

Conflicts:
	ChangeLog -- merged entries
2013-06-14 12:14:40 -04:00
Daniel Black
8cc13b5b40 BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address 2013-06-14 18:12:53 +10:00
Daniel Black
a433a8ea5f ENH: readibility thanks to Yaroslav 2013-06-14 15:21:50 +10:00
Yaroslav Halchenko
948be73115 Merge branch 'assp' of https://github.com/grooverdan/fail2ban
* 'assp' of https://github.com/grooverdan/fail2ban:
  BF: missed a space
  BF: [SSL-out] is optional in assp
  ENH: regex hardening on assp

Conflicts:
	ChangeLog -- merged the two entries into 1
2013-06-13 23:32:45 -04:00
Yaroslav Halchenko
77044fce35 DOC: Changelog for fail2ban-regex RF 2013-06-13 23:21:48 -04:00
Yaroslav Halchenko
9b351350dd DOC: Changelog for asterisk hardening 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko
e91419d361 ENH: fail2ban-regex -- add specification of loglevels to enable 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko
ffe381d91c RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko
97f9cfc0b0 ENH: 'heavydebug' level == 5 for even more debugging in tricky cases
I mocked logging library directly -- seems to be Ok.
2013-06-13 23:19:28 -04:00
Yaroslav Halchenko
09302c5c25 ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
2013-06-13 23:15:48 -04:00
Daniel Black
7018d81244 BF: missed a space 2013-06-14 12:35:44 +10:00
Daniel Black
a447aa615d BF: [SSL-out] is optional in assp 2013-06-14 12:27:35 +10:00
Daniel Black
d4940563d3 ENH: regex hardening on assp 2013-06-14 08:55:25 +10:00
Daniel Black
6a09ecff5c ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal . 2013-06-14 08:41:50 +10:00
Daniel Black
e8b6acfa65 TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15 2013-06-14 00:53:03 +10:00
Daniel Black
9940cd1b6b ENH: proftpd chan accept usernames with spaces 2013-06-14 00:29:43 +10:00
Daniel Black
2e2ec5d1f5 ENH: injection of fail data into USER field 2013-06-14 00:17:41 +10:00
Daniel Black
dbe7ffe050 ENH: dovecot regexs rewritten and extra failures 2013-06-13 23:52:15 +10:00
Daniel Black
4c67a269bf ENH: proftp regex hardening and log messages 2013-06-13 22:11:05 +10:00
Daniel Black
3e3802512a ENH/BF: exim improvements with sample 2013-06-13 17:44:18 +10:00
Daniel Black
88b4598ed8 BF: fix to proxy port in 3proxy example 2013-06-13 14:43:15 +10:00
Yaroslav Halchenko
f6cb981fc0 Merge commit '0.8.10-1-g460e09a' into 0.9
* commit '0.8.10-1-g460e09a':
  it was not the end of the world and we should continue
  DOC: add information on where to report vulnerabilities + pointer to HOWTO_Seek_Help
  Changes for 0.8.10 release (changelog, version, etc)
  BF: anchor apache- filters.  Close #248
  DOC: credits for gh-244
  Filter Asterisk: Add sample log entry to testcase.
  Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
  ENH: purge a few more .*
  DOC: credits
  DOC: how to do filter enhancements
  TST: normalize logs to use example.com and 1.2.3.4 as IP
  ENH/BF: constrain regex. Fix ACL error regex
  ENH: port optional
  Update asterisk
  Update asterisk.conf

Conflicts:
	ChangeLog
	DEVELOP
	README.md
	fail2ban/version.py
2013-06-12 21:30:47 -04:00
Yaroslav Halchenko
460e09af66 it was not the end of the world and we should continue 2013-06-12 21:22:26 -04:00
Daniel Black
9dbaec0894 ENH: sample log + more specific regex 2013-06-13 10:23:14 +10:00
Daniel Black
8faf84b7f7 BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon 2013-06-13 08:34:10 +10:00
Yaroslav Halchenko
921d9a8e4b DOC: add information on where to report vulnerabilities + pointer to HOWTO_Seek_Help
originally following command was used to add header to all config files:

  sed -ie '/# Author/ i\# Please report vulnerabilities to fail2ban-vulnerabilities at lists dot sourceforge dot net\n# and see http://www.fail2ban.org/wiki/index.php/HOWTO_Seek_Help for generic bug-reports.\n#' action.d/* filter.d/*

but it would be overkill ATM causing havoc in user-tuned configs -- postponed for now

Also adjusted the release date for today (by mistake in 1 commit ... sorry)
2013-06-12 13:21:12 -04:00
Yaroslav Halchenko
728b5e8bf4 Changes for 0.8.10 release (changelog, version, etc) 2013-06-11 19:20:50 -04:00
Yaroslav Halchenko
6ccd57813c BF: anchor apache- filters. Close #248
See https://vndh.net/note:fail2ban-089-denial-service for more information
2013-06-11 19:19:25 -04:00
Daniel Black
fd9f9f16e0 BF: need to anchor the start to avoid another repeat of DoS injection like Apache 2013-06-12 08:48:30 +10:00
Daniel Black
f2fa4d53a8 ENH: stricter regex thanks to Steven Hiscocks (kwirk) 2013-06-12 08:30:59 +10:00
Daniel Black
16d63434ef DOC: credits 2013-06-11 23:56:09 +10:00
Daniel Black
4787777cee DOC: credits for gh-244 2013-06-11 10:30:56 +10:00
Daniel Black
66d8210f80 Merge pull request #244 from clopez/filter-asterisk
Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
2013-06-10 17:28:35 -07:00