Commit graph

3894 commits

Author SHA1 Message Date
sebres
de49f0c27f ChangeLog entry 2017-01-13 19:45:10 +01:00
sebres
ee3c787cc6 Recognize restored (from database) tickets after restart (tell action restored state of the ticket);
Prevent executing of several actions (e.g. mail, send-mail etc) on restart (bans were already notified).
Test cases extended (smtp and by restart in ServerReloadTest).
Closes gh-1141
Closes gh-921
2017-01-13 19:06:17 +01:00
oliverdorn
4a65e069e1 Solution for issue #1665
Solves the issue of authentic GoogleBots being banned by apache-fakegooglebots.
2017-01-13 08:59:45 +01:00
Serg G. Brester
6f190b6e61 readme.md: added IPv6 launch logo for 0.10th branch
Closes gh-1647
2017-01-12 12:41:08 +01:00
sebres
bf872213bd amend for 7019640eb3 (fix-gh-1658): sshd test-cases extended with IPv6 to cover this fix 2017-01-10 13:48:17 +01:00
sebres
7019640eb3 Merge branch 'fix-gh-1658' into 0.10 2017-01-10 12:59:51 +01:00
sebres
a9523aefbb sshd.conf: fixed non-anchored part of regex (misleading match of colon inside IPv6 address instead of : in the reason-part by missing space). 2017-01-10 12:58:44 +01:00
sebres
c9f32f75e6 Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10) 2017-01-10 11:25:41 +01:00
sebres
f8d35a7c9c changelog entry 2017-01-10 11:16:17 +01:00
sebres
2009f1c434 fail2ban-regex: fix for systemd-journal (see gh-1657) 2017-01-10 11:13:18 +01:00
sebres
fb27d9ce83 fail2ban-regex: fix for systemd-journal (see gh-1657) 2017-01-10 10:59:53 +01:00
Yaroslav Halchenko
31a1560eaa minor typos (thanks Vincent Lefevre, Debian #847785) 2016-12-11 15:13:11 -05:00
Yaroslav Halchenko
4a1fd888f0 Carry on development 2016-12-11 00:49:09 -05:00
Yaroslav Halchenko
3605155978 updated man pages 2016-12-09 09:36:08 -05:00
Yaroslav Halchenko
482252dbd4 ENH: prep for 0.9.6 release (as of tomorrow) 2016-12-09 09:35:03 -05:00
Yaroslav Halchenko
e550850b9c BF: added missing entires into MANIFEST 2016-12-09 09:34:44 -05:00
Serg G. Brester
556a9373ce Update ChangeLog 2016-11-28 23:40:33 +01:00
Serg G. Brester
feae7370ce Update THANKS 2016-11-28 23:19:24 +01:00
sebres
45f1d811c9 Merge branch 'alex1702-1586' 2016-11-28 18:54:02 +01:00
sebres
67c14afd8e ChangeLog entry added + jail.conf review 2016-11-28 18:51:23 +01:00
sebres
425170cef3 code review, makes the test cases workable, added dev-notes 2016-11-28 18:39:07 +01:00
Serg G. Brester
8d9fe5d3da Merge pull request #1583 from sebres/_0.10/fix-datedetector-grave-fix-v2
0.10/datedetector grave fix
2016-11-28 17:37:36 +01:00
sebres
8018796b45 wrong indentation (important code-piece in if log-level only) 2016-11-28 17:17:48 +01:00
sebres
39c343bd06 better reorder templates handling, code coverage increase (a small part of _reorderTemplate was not covered at all) 2016-11-28 15:18:31 +01:00
sebres
5d5ab27435 small amend: removed unreachable code + coverage increase 2016-11-28 13:17:36 +01:00
Serg G. Brester
f827675822 Merge pull request #1627 from sebres/fix-gh-1626
Fix gh-1626: one space after ModSecurity
2016-11-28 12:00:53 +01:00
sebres
b8c41dcb49 ChangeLog update 2016-11-28 11:31:51 +01:00
sebres
931eab84b5 filter.d/apache-modsecurity.conf
- fixed for newer version (one space, closes gh-1626)
reviewed and optimized:
  - non-greedy catch-all replaced for safer match
  - unneeded catch-all anchoring removed
  - non-capturing groups
2016-11-28 11:28:27 +01:00
sebres
c06084d7d9 _start_params - fix: symlinks should be absolute paths 2016-11-28 11:04:37 +01:00
sebres
40cbe96352 Merge remote-tracking branch 0.10 into _0.10/fix-datedetector-grave-fix-v2 2016-11-28 11:03:11 +01:00
Serg G. Brester
389ad10344 Merge pull request #1622 from sebres/_0.10/configreader-and-more
0.10/configreader and more:  substitution `%(param)s` from init block
2016-11-28 10:08:30 +01:00
Serg G. Brester
b8b5907706 Merge pull request #1624 from sebres/fix-gh-1623
filter.d/dovecot.conf update: ignore additionally irrelevant info in anchored regex before "auth failed"
2016-11-26 17:07:39 +01:00
sebres
5678d08a79 filter.d/dovecot.conf update:
- fixes failregex, that ignores failures through some irrelevant info (closes #1623);
- ignores whole additionally irrelevant info in anchored regex before fixed failure data `\((?:auth failed, \d+ attempts( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\)`
- review, IPv6 compatibility fix, non-capturing groups
2016-11-26 16:50:37 +01:00
sebres
ce540554c5 Merge configreader-py3-compat branch into _0.10/configreader-and-more 2016-11-25 20:14:45 +01:00
sebres
ec7bb0d6c9 python 3x compatibility fix (positional arguments vs named arguments) 2016-11-25 20:12:49 +01:00
Serg G. Brester
ac1729e473 Merge pull request #1620 from fail2ban/close-gh-1120
jail.conf: added  `knocking_url` filter-parameter of `pass2allow-ftp`...
2016-11-25 19:29:10 +01:00
sebres
a2af19c9f0 fixed several actions, that could not work with jails using multiple logpath; additionally repaired execution in default shell (bad substitution by ${x//...} executing in /bin/sh);
added helper "action.d/helpers-common.conf", and `_grep_logs` part-command for actions needed grep logs from multiple log-files
test cases: executing of some complex actions covered
2016-11-25 19:27:26 +01:00
sebres
65abc639cc allow newline in extra init-parameters of action/filter (or interpolation of it), e. g. action[..., logpath="%(logpath)s"] 2016-11-25 16:56:46 +01:00
sebres
097970781c filter/action (and its includes): substitution %(param)s may be used now (instead of <param>) for init-values specified in jail-configs via action[param1="...", param2=...];
substitution `<param>` should be used for dynamic interpolation only (todo: review configurations to replace it);
2016-11-25 16:53:46 +01:00
sebres
b856e1dadc Merge pull request #1618 from sebres/_0.10/systemd-service 2016-11-24 20:45:17 +01:00
sebres
308bba448c ChangeLog update 2016-11-24 20:43:55 +01:00
sebres
95dd76b7dd Merge pull request #1619 from sebres/_0.10/skip-wrong-jails 2016-11-24 20:27:40 +01:00
sebres
d908688b56 ChangeLog update 2016-11-24 20:25:08 +01:00
Serg G. Brester
4f5389fee5 Update jail.conf 2016-11-24 19:30:10 +01:00
sebres
45174c5eaf if fail2ban running as systemd-service, for logging to the systemd-journal, the logtarget could be set to STDOUT
small fixes by logging in stdout (+ system targets also allowed in lowercase now)
2016-11-24 12:13:47 +01:00
sebres
1cd67ecaa2 automatically creates /var/run/fail2ban before start fail2ban (systems which /var/run/ is virtual resp. memory mount device) 2016-11-24 11:37:18 +01:00
sebres
7256a5cb8e code review: back to previous code - no skipping in testReadTestJailConf 2016-11-22 17:55:27 +01:00
sebres
8ed5b44bfd no cover for sporadic executed (time-related) code pieces (just to prevent randomly increasing/decreasing of coverage) 2016-11-22 17:38:32 +01:00
sebres
fdac44ca58 introduced new option -t or --test to test configuration resp. start server only if configuration is clean (not skip wrong configured jails if option -t specified); 2016-11-22 17:08:44 +01:00
sebres
3e9852d4d2 code review, increase coverage 2016-11-22 14:56:54 +01:00