Commit graph

3494 commits

Author SHA1 Message Date
agentmoller001
617302fcc2 Updated route.conf to clear warnings
Does not throw warnings when starting/restarting by adding three lines of code.
2015-10-09 18:16:36 -07:00
Yaroslav Halchenko
6fb5e3a494 removed outdated and "problematic" .pydevproject 2015-10-09 14:10:02 -04:00
Serg G. Brester
42598fbf26 Merge pull request #1215 from paulmenzel/strip-trailing-whitespace-from-files-under-files
files: Strip trailing whitespace from files
2015-10-08 18:39:40 +02:00
Paul Menzel
078e2048f2 files: Strip trailing whitespace from files
Run the command `StripWhitespace` from the [Vim Better Whitespace
Plugin](https://github.com/ntpeters/vim-better-whitespace).
2015-10-08 16:18:08 +02:00
sebres
2696ede251 mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later
closes gh-1211
2015-10-07 14:34:13 +02:00
sebres
61ac481703 IpToName test case fixed ('66.249.66.1' resp. 'crawl-66-249-66-1.googlebot.com' seems to be unresolvable) 2015-10-07 13:36:21 +02:00
Serg G. Brester
68db52474d Merge pull request #1206 from kevinoid/ssh-match-auth-fail
ssh.conf: Fix disconnect "Auth fail" matching
2015-10-05 10:15:53 +02:00
Kevin Locke
2a5c93cfb5 Update ChangeLog and THANKS for "Auth fail" changes
Document the changes from 36919d9f in the ChangeLog and add myself to
the THANKS file (at @sebres suggestion).

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
2015-10-05 00:31:13 -07:00
Kevin Locke
42b0e9258d Test cases for ssh.conf disconnect "Auth fail"
Add test coverage for the new disconnect "Auth fail" matching added in
36919d9f.

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
2015-10-02 15:56:26 -07:00
Kevin Locke
36919d9f97 ssh.conf: Fix disconnect "Auth fail" matching
The regex for matching against "Auth fail" disconnect log message does
not match against current versions of ssh.  OpenSSH 5.9 introduced
privilege separation of the pre-auth process, which included
[logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114)
which adds " [preauth]" to the end of each message and causes the log
level to be prepended to each message.

It also fails to match against clients which send a disconnect message
with a description that is either empty or includes a space, since this
is the content in the log message after the disconnect code, per
[packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215),
which was matched by \S+.  Although I have not observed this yet, I
couldn't find anything which would preclude it in [RFC
4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the
message is attacker-controlled it provides a way to avoid getting
banned.

This commit fixes both issues.

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
2015-10-02 15:46:29 -07:00
Yaroslav Halchenko
8311bad4ea Merge pull request #1204 from szepeviktor/patch-8
Added CloudFlare API error codes URL
2015-09-30 07:54:30 -07:00
Viktor Szépe
0d8968daa9 Added CloudFlare API error codes URL 2015-09-30 16:07:45 +02:00
Yaroslav Halchenko
7f3b31aa37 Merge pull request #1198 from yarikoptic/enh-split-comma
ENH: allow to split ignoreip by space and/or comma (Closes #1197)
2015-09-27 11:09:55 -04:00
Yaroslav Halchenko
ff06176e9e Merge remote-tracking branch 'origin/master' into enh-split-comma
* origin/master:
  DOC: changelog for the timeout change
  Set Timeout at urlopen to 3 seconds
  README :: init/service example mentions debian based systems as the example
  README :: fitted paragraph style
  BF: disable testing on python 3.2 until coverage gets a fix
  README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
  Set Timeout at urlopen to 3 seconds
2015-09-27 00:52:14 -04:00
Yaroslav Halchenko
4c48e994eb Merge pull request #1201 from yoosefi/master
README :: Some style/grammar tweaks, and init/service script mention.…
2015-09-27 00:51:16 -04:00
Yaroslav Halchenko
6c0f898ec7 DOC: changelog for the timeout change 2015-09-27 00:49:57 -04:00
Yaroslav Halchenko
166e99d2ba Merge pull request #1203 from maxbeth/master
Add a timeout (3 sec) to urlopen within badips.py action
2015-09-27 00:48:50 -04:00
M. Maraun
ebfd223320 Merge branch 'master' of github.com:maxbeth/fail2ban 2015-09-26 21:30:04 +02:00
M. Maraun
2895d981fa Set Timeout at urlopen to 3 seconds 2015-09-26 21:26:55 +02:00
Ryan Yoosefi
0610791ffe README :: init/service example mentions debian based systems as the example 2015-09-25 02:25:11 -07:00
Ryan Yoosefi
c1b80a5e1b README :: fitted paragraph style 2015-09-25 02:23:08 -07:00
Yaroslav Halchenko
d618ee3d90 BF: disable testing on python 3.2 until coverage gets a fix 2015-09-24 09:53:55 -04:00
Ryan Yoosefi
4744e16539 README :: Some style/grammar tweaks, and init/service script mention. Re: #1193 2015-09-24 06:37:01 -07:00
Yaroslav Halchenko
8cf614e221 ENH: allow to split ignoreip by space and/or comma (Closes #1197)
Way too many people ran into this gotcha, so lets just do it
2015-09-23 12:13:52 -04:00
Yaroslav Halchenko
24f875ad3e Merge pull request #1196 from yarikoptic/bf-longer-margin
BF: relax 1 sec delay testing to 100ms margin (Closes #1195)
2015-09-23 09:58:41 -04:00
Yaroslav Halchenko
84afcd8b1f BF(PY26): no assertGreater in 2.6 -- use explicit comparison 2015-09-23 09:45:51 -04:00
Yaroslav Halchenko
17a4289798 BF: relax 1 sec delay testing to 100ms margin (Closes #1195) 2015-09-23 08:38:51 -04:00
Yaroslav Halchenko
55e542b273 Merge remote-tracking branch 'pr/1170/head' -- opensuse paths
* pr/1170/head:
  Updated ChangeLog regarding openSUSE's path config
  Added configuration for opensuse path
2015-09-17 21:59:45 -04:00
Yaroslav Halchenko
82e528d1dd Merge pull request #1191 from yarikoptic/enh-year-after-day
ENH: new date pattern with year after day (not after entire entry)
2015-09-17 21:50:46 -04:00
Yaroslav Halchenko
db1a3f17e1 ENH: new date pattern with year after day (not after entire entry) 2015-09-16 08:56:46 -04:00
Yaroslav Halchenko
41edfe8caf Merge pull request #1188 from yarikoptic/rf-assertLogged
RF(TST): self.assertTrue(self._is_logged()) -> self.assertLogged
2015-09-15 09:14:58 -04:00
Yaroslav Halchenko
d0e6644acd Merge branch 'rf-assertLogged'
* rf-assertLogged:
  RF/BF: py26 has no {} sets, so just pass multiple entries as *args
  RF(TST): self.assertTrue(self._is_logged()) -> self.assertLogged
2015-09-15 08:58:15 -04:00
Yaroslav Halchenko
d60c52b84f Merge pull request #1187 from yarikoptic/bf-nasty-children-tests
BF+RF: executeCmd should only return bool status on success and not throw exceptions (when timedout/killed) (Closes #1155)
2015-09-15 08:56:59 -04:00
Yaroslav Halchenko
fbdd0b74a1 DOC: Changelog entry for this fix 2015-09-13 10:45:39 -04:00
Yaroslav Halchenko
c2c4c40805 Merge remote-tracking branch 'origin/master' into bf-nasty-children-tests
* origin/master:
  Comment spelling fixes
  logrotate: Do not rotate empty logs
  logrotate: Remove outdated Fedora comment
  Updated Changelog
  Bugfix for dnsToIp resolver for fqdn with large list of IPs; closes #1164
  Added apache-badbots.conf
  Update gen_badbots
  Update apache-badbots.conf
  changelog for freshly merged PR (roundcube-auth definition of logpath)
  Fixed line suspected to be faulty
  renamed <NAME> to correct <ACT> in protocol

Conflicts:
    fail2ban/tests/actiontestcase.py -- due to comments fix up
2015-09-13 10:42:51 -04:00
Yaroslav Halchenko
bfa286b8e4 Merge pull request #1189 from scop/logrotate
Logrotate tweaks
2015-09-13 10:36:20 -04:00
Yaroslav Halchenko
cafc77d7db Merge pull request #1190 from scop/spelling
Comment spelling fixes
2015-09-13 10:33:41 -04:00
Ville Skyttä
943efdb1a0 Comment spelling fixes 2015-09-13 11:08:04 +03:00
Ville Skyttä
67a94733a9 logrotate: Do not rotate empty logs
As a useful side effect, prevents "Unable to contact server. Is it
running?" mails from cron when fail2ban hasn't been (intentionally)
running nor thus logging anything either.
2015-09-13 11:05:33 +03:00
Ville Skyttä
63c7ceb81d logrotate: Remove outdated Fedora comment 2015-09-13 10:57:51 +03:00
Yaroslav Halchenko
8a4dcafc8f RF/BF: py26 has no {} sets, so just pass multiple entries as *args 2015-09-12 21:37:40 -04:00
Yaroslav Halchenko
5ed731d3b3 RF(TST): self.assertTrue(self._is_logged()) -> self.assertLogged
and corresponding one for not + support for multiple entries at once,
and failure message listing actual log to ease troubleshooting
2015-09-12 19:59:55 -04:00
Yaroslav Halchenko
7cbb3980eb BF+RF: only return bool status on failed commands execution + mitigate different exit codes between bash/dash
Closes #1155
2015-09-12 19:39:44 -04:00
Yaroslav Halchenko
85b298e49c RF: try/except/finally in a single statement (while at it)
since we support now python >= 2.6
2015-09-12 12:59:37 -04:00
Yaroslav Halchenko
5b655639ab Merge pull request #1186 from EdwardBeckett/master
Updated Changelog
2015-09-11 11:43:58 -04:00
Edward Beckett
f5b88bd377 Updated Changelog 2015-09-11 10:12:57 -04:00
Yaroslav Halchenko
4a53629004 Merge pull request #1184 from fail2ban/gh-1164-fix
Bugfix for dnsToIp resolver for fqdn with large list of IPs;
2015-09-09 18:07:26 -04:00
sebres
4cf3b576b9 Bugfix for dnsToIp resolver for fqdn with large list of IPs;
closes #1164
2015-09-08 18:20:48 +02:00
Yaroslav Halchenko
818be64ae1 Merge pull request #1180 from EdwardBeckett/master
Update apache-badbots.conf
2015-09-06 09:46:47 -04:00
Edward Beckett
4bd7991573 Added apache-badbots.conf 2015-09-06 01:12:19 -04:00