| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
closes gh-2936
|
|
|
|
|
|
| |
skip or truncate of parameters, produces more verbose error message in case of incorrect syntax; added more tests covering several cases
WARN: potential incompatibility (since it doesn't silently ignore wrong syntax anymore)
|
|
|
|
| |
on broken pipe (on long output), don't close stdout explicitly (allows usage of modules like cProfile, which outputs result on exit), just flush it before exit.
|
|
|
|
|
|
| |
(splitWithOptions separates by space between mains words, but not in options), so defining `action = a b` would specify 2 actions `a` and `b`;
it is additionally more precise now (see fixed typo with closed bracket `]` instead of comma in testServerReloadTest)
|
|
|
|
| |
(don't clear replacement counts of tags, rather consider replacement count by tax X in tag Y)
|
|
|
|
|
|
| |
name and [pid] by normal non-verbose logging, padding without truncate now; test coverage for getVerbosityFormat;
closes #2734
|
|
|
|
| |
like `... | head -n 100`), exit if stdout channel is closed
|
| |
|
|
|
|
| |
avoid repair by unban/stop etc...
|
|
|
|
| |
the name with \0 exceeds 16 bytes, the string is silently truncated by prctl).
|
|
|
|
| |
g. top -H, ps -e -T, pstree, etc)
|
|
|
|
|
|
| |
convert it to string (for replacement); fix substituteRecursiveTags using auto-convert to string.
Closes gh-2241.
|
| |
|
|
|
|
|
|
|
|
| |
handling, using injection on _log-method of Logger class;
additionally provides more info if handler/conversion failed (with double protection inside catch-case);
tests/utils.py: log handler "_MemHandler" of LogCaptureTestCase fixed now to be safe also (test-cases only);
tests/misctestcase.py: the safe logging of all possible constellations is covered in testSafeLogging now.
|
| |
|
| |
|
| |
|
|
|
|
| |
and str), provide new universal helper `uni_string`, which uses safe explicit conversion to string (also if default encoding is ascii); avoid conversion errors on wrong-chars by replace tags.
|
| |
|
| |
|
|
|
|
|
|
| |
backwards compatibility purposes);
Closes gh-2099.
|
|
|
|
|
|
|
|
| |
socket close in async_chat;
better error handling with error counting, differentiate special case ([Errno 24] Too many open files), with resulting stop of the server
(avoid flood the log file, closes gh-991 and similar issues);
restored auto-garbage, because of non-reference-counting python's (like pypy), otherwise it may leak there on objects like unix-socket, etc.
|
| |
|
|
|
|
| |
client-side);
|
|
|
|
| |
systemd-service (in opposite to "STDOUT" don't log time-stamps).
|
|
|
|
|
|
|
|
|
| |
variables 'LANGUAGE', 'LC_ALL', 'LC_CTYPE', and 'LANG'
(especially critical if default value `encoding = auto` configured).
As PoC and coverage (this case fails without this "fix"):
$ env -i PATH="$PATH" bin/fail2ban-testcases --fast --no-network testAddBanInvalidEncoded
|
| |
|
|
|
|
|
|
|
| |
resp. calling map (very bad idea to do this):
- the calling map contains normally dynamic values only (no recursive tags);
- recursive replacement can be vulnerable, because can contain foreign (user) input captured from log (will be replaced in the shell arguments);
|
|
|
|
|
|
| |
direct access of item):
substituteRecursiveTags: ignore replacing callable items from calling map - should be converted on demand only (by get)
|
| |
|
|
|
|
| |
currently used commonly in server and in client)
|
|
|
|
|
|
|
| |
between command lines (server, client, test-cases);
test cases could pass (so increase) verbosity to the client (and furthermore client to the server also), usable for debug purposes resp. simplifying read of the log-file;
custom and precise numeric log-levels can be given in test cases now;
|
|
|
|
|
|
|
| |
(to 7 or even 5);
added verification of specified log-level before transmitting to the server;
numeric log-level allowed now in server (resp. fail2ban.conf);
|
|
|
|
|
| |
python 3.x compatibility (used uni_decode for string representation of stdout/stderr, unified test cases)
amend for #1542
|
|\
| |
| |
| |
| |
| | |
# Conflicts:
# fail2ban/client/jailreader.py
# fail2ban/helpers.py
|
| |
| |
| |
| | |
characters together
|
| |
| |
| |
| |
| |
| | |
lines
Closes #1432
|
|/
|
|
|
|
| |
leak on some platforms/python versions, using forced GC in periodic intervals (latency and threshold);
Side effect: GC is disabled now inside fail2ban-server (to avoid multiple garbage collect)
|
|
|
|
| |
Way too many people ran into this gotcha, so lets just do it
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Now allows for tests to be removed from package if desired
|
|
|
|
|
|
| |
Epnoc of selinux is now true UTC
Merge multiline support and date detection in filter
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release 0.8.9
* tag '0.8.9':
BF: add missing files to MANIFEST (I think we shoult not rely on sdist anyways -- 'git tag' tarballs are more thorough ;) )
All the (version) updates for the release of 0.8.9
BF: (travis) relax the test for needed to be presented installed directories -- allow new
BF: (travis) if tests ran under coverage -- there is a traceback parts to report (thus > would be present)
ENH: also print the failing traceback line in case of failure
ENH: include explicit list of new files which should not be there upon "install --root"
ENH: now we know that logging handlers closing was still buggy in 2.6.2
ENH: issue a warning if jail name is longer than 19 symbols (Close #222)
DOC: inline commends with ';' are in effect only if ';' follows as space
BF: Fix for filterpoll incorrectly checking for jailless state
ENH: strengthen detection of working pyinotify
ENH: use the same python executable for setup.py test
ENH: actually tune up TraceBack to determine "unittest" portions of the stack across all python releases
TST: Some primarily smoke tests for tests utils
TST: cover few more lines in fail2banreader.py
ENH: basic test for setup.py itself (when applicable, should greatly improve coverage ;) )
ENH: consistent operation of formatExceptionInfo + unittest for it
ENH: point to the status of master branch on travis
Conflicts:
ChangeLog
MANIFEST
README.md
fail2ban/version.py -- all of the above obvious version changes
below files primarily needed just a bit of help in resolution
config/jail.conf
fail2ban/server/filterpoll.py
fail2ban/server/server.py
fail2ban/tests/servertestcase.py
and following were more difficult -- git wasn't able to track renames/moves of the code
fail2ban-testcases -- needed to introduce those changes to tests/utils.py
testcases/clientreadertestcase.py -- manually applied patch from master
testcases/utils.py -- manually applied patch from master
|
|
|
|
|
|
|
|
|
|
| |
* master:
ENH: close files in _test_move_into_file
ENH: remove use of $Revision and $Date SVN tags
Add README.Solaris into distribution
Conflicts:
client/actionreader.py
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* master: (51 commits)
ENH: Use real (resolving) example.com instead of test.example.com
DOC: Slight tune ups to ChangeLog -- we must release!
Changelog entries for the latest merges
BF: add bash-completion to MANIFEST
DOC: ChangeLog for default action type change
ENH: consolidate where blocktype is defined for iptables rules
BF: default type to unreachable
ENH: separate out regex and escape a .
ENH: logs/sshd -- have ":" after [daemon] (other uses are uncommon)
ENH: logs/sshd -- use example.com as the resolved hostname in sample log lines
ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
DOC: Drop sudo from bash-completion
DOC: Added bash-completion script
ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
ENH: Removed unused log line
ENH: logrotate file
BF: missed MANIFEST include
BF: missed MANIFEST include
BF: missed MANIFEST include
ENH: some form of logrotate based on what distros are doing
...
Conflicts:
ChangeLog
MANIFEST
client/actionreader.py
config/jail.conf
fail2ban/server/datedetector.py
fail2ban/tests/datedetectortestcase.py
|