Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | failregex.py: resolve deprecation warning for sre_constantsHEADmaster | Sergey G. Brester | 2023-05-03 | 1 | -2/+1 |
| | | | closes gh-3508 | ||||
* | avoid confusion of path as failure ID with IP/CIDR notation, improve IP/CIDR ↵ | sebres | 2023-04-26 | 4 | -10/+53 |
| | | | | | | | parsing; wrong CIDR notation or invalid plen always causes a fallback to raw string now; fixes recognition of `::` and `::/32` | ||||
* | new test messages for exim (gh-3497) | Sergey G. Brester | 2023-04-24 | 1 | -0/+4 |
| | |||||
* | fail2banregextestcase: compatibility fix for testWrongRE | Sergey G. Brester | 2023-04-04 | 1 | -1/+1 |
| | |||||
* | filtertestcase.py: byte related copy of lines in tests (locale independent); ↵ | sebres | 2023-04-04 | 2 | -27/+37 |
| | | | | closes gh-2936 | ||||
* | Merge branch 'master' into nginx-forbidden | Sergey G. Brester | 2023-03-23 | 109 | -2409/+7132 |
|\ | |||||
| * | gh-3447: fix careless mistake arisen in ↵ | sebres | 2023-01-17 | 1 | -2/+1 |
| | | | | | | | | b12a3acb06fed4f240e1cea20f4b07f913edf221 by attempt to implement new reload capacity (rewritten latter): causing error "'noduplicates' is not defined" by double jail configuration | ||||
| * | don't add subnets to local addresses of `ignoreself` from network ↵ | sebres | 2023-01-11 | 2 | -23/+41 |
| | | | | | | | | interfaces, use only IPs instead (subnets may be too heavy and not wanted, todo: make it configurable later) | ||||
| * | amend with few improvements, IPv6IsAllowed prefers IPs from network ↵ | sebres | 2023-01-10 | 2 | -100/+139 |
| | | | | | | | | interfaces (if available for platform) and uses DNS (socket.getaddrinfo) as a fallback only | ||||
| * | try to obtain local addresses from network interfaces before DNS to IP ↵ | sebres | 2023-01-09 | 2 | -23/+173 |
| | | | | | | | | | | | | lookup (closes gh-3132); DNSUtils.getSelfIP returns IPAddrSet now (because own IPs may be the subnets now, so the check `ignoreself` must check whether any of subnets contains the IP) | ||||
| * | improve auto detection of IPv6 - try to check sysctl ↵ | sebres | 2023-01-09 | 1 | -0/+7 |
| | | | | | | | | net.ipv6.conf.all.disable_ipv6 (prefer value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`) | ||||
| * | better auto-detection for IPv6 support (`allowipv6 = auto` by default); ↵ | sebres | 2023-01-06 | 1 | -4/+38 |
| | | | | | | | | circumvent SF in some python's socket module by getaddrinfo with disabled IPv6 (closes gh-3438) | ||||
| * | no warning if no config value but default (debug message now) | Sergey G. Brester | 2022-11-28 | 1 | -1/+1 |
| | | | | | | closes #3420 | ||||
| * | Dante SOCKS server: handle "1 byte/second" case | Andrey Alekseenko | 2022-11-17 | 1 | -0/+2 |
| | | | | | | | | Thanks to @Loriowar and @sebres for pointing it out | ||||
| * | Create filter for Dante SOCKS server | Andrey Alekseenko | 2022-11-17 | 1 | -0/+4 |
| | | |||||
| * | Merge branch 'gh-3405' | sebres | 2022-11-15 | 1 | -0/+3 |
| |\ | |||||
| | * | filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new ↵ | sebres | 2022-11-14 | 1 | -0/+3 |
| | | | | | | | | | | | | format with GS and additional parameters, e. g. grantors) | ||||
| * | | fix cut out of match for pattern with `{EPOCH}` (similar to other ↵ | sebres | 2022-11-14 | 2 | -2/+13 |
| |/ | | | | | | | | | | | datepatterns group capturing whole regex only added if no groups specified at all); allows to specify more precise anchored patterns, for example `datepattern = ^type=\S+ msg=audit\(({EPOCH})` for selinux-filters | ||||
| * | version bump | sebres | 2022-11-14 | 1 | -1/+1 |
| | | |||||
| * | update 1.0.2 -- finally-war-game-test-tape-not-a-nuclear-alarm1.0.2 | sebres | 2022-11-09 | 1 | -1/+1 |
| | | |||||
| * | Merge branch '0.11' | sebres | 2022-11-08 | 1 | -13/+40 |
| |\ | |||||
| | * | Merge branch '0.10' into 0.11 | sebres | 2022-11-02 | 1 | -13/+40 |
| | |\ | |||||
| | | * | filtersystemd: code review, wait only if it is necessary - in operational ↵ | sebres | 2022-11-02 | 1 | -13/+40 |
| | | | | | | | | | | | | | | | | | | | | | | | | mode and if no more entries retrieved (end of journal); attempt to fix gh-3396 - ensure we give enough time after journal.wait returns with INVALIDATE (due to rotation, vacuuming or journal files added/removed etc) and move cursor back and forth to avoid entering dead space | ||||
| * | | | `filter.d/named-refused.conf` extended (closes gh-3388): | sebres | 2022-11-03 | 1 | -0/+5 |
| | | | | | | | | | | | | | | | | | | | | - support BIND named log categories - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info) | ||||
| * | | | fixes gh-3370: resolve extremely long search by repeated apply of non-greedy ↵ | sebres | 2022-10-04 | 1 | -0/+22 |
| | | | | | | | | | | | | | | | | | | | | | | | | RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests amend to gh-3210: fixes regression and matches new format in aggressive mode too | ||||
| * | | | test-suite: avoid mistaken match that confuses output with working on line ↵ | sebres | 2022-09-28 | 1 | -13/+13 |
| | | | | | | | | | | | | | | | | message by deep debugging of test (e. g. with `-l 4`) | ||||
| * | | | version bump | sebres | 2022-09-27 | 1 | -1/+1 |
| | | | | |||||
| * | | | release 1.0.1 -- energy-equals-mass-times-the-speed-of-light-squared1.0.1 | sebres | 2022-09-27 | 1 | -1/+1 |
| | | | | |||||
| * | | | Merge branch '0.11' | sebres | 2022-09-16 | 5 | -92/+155 |
| |\ \ \ | | |/ / | |||||
| | * | | Merge branch '0.10' into 0.110.11 | sebres | 2022-09-16 | 5 | -93/+156 |
| | |\ \ | | | |/ | | | | | | | | | (conflicts resolved) | ||||
| | | * | explicitly close cursor if not needed anymore (GC can grab it late)0.10 | sebres | 2022-09-16 | 1 | -22/+28 |
| | | | | |||||
| | | * | fixes gh-3352: failed update of database didn't signal with an error | sebres | 2022-09-16 | 5 | -38/+94 |
| | | | | | | | | | | | | | | | | | | | | | | | | * client and server exit with error code by failure during start process (in foreground mode) * added fallback to repair if database cannot be upgraded code review and unify (more homogeneous by client and server now) | ||||
| * | | | Merge branch '0.11' | sebres | 2022-09-08 | 2 | -3/+11 |
| |\ \ \ | | |/ / | |||||
| | * | | Merge branch '0.10' into 0.11 | sebres | 2022-09-08 | 2 | -3/+11 |
| | |\ \ | | | |/ | | | | | | | | | (conflicts resolved) | ||||
| | | * | provides details of failed regex compilation in the error message we throw ↵ | sebres | 2022-09-08 | 2 | -3/+11 |
| | | | | | | | | | | | | | | | | in Regex-constructor (it's good to know what exactly is wrong) | ||||
| * | | | New logtarget: systemd-journal; | sebres | 2022-08-29 | 2 | -4/+8 |
| | | | | | | | | | | | | | | | | rebased #1403 from da2x:feature-systemd-journal | ||||
| * | | | Merge branch '0.11' | sebres | 2022-08-17 | 3 | -6/+40 |
| |\ \ \ | | |/ / | |||||
| | * | | Merge branch '0.10' into 0.11 | sebres | 2022-08-17 | 3 | -6/+40 |
| | |\ \ | | | |/ | |||||
| | | * | code review (replace deprecated setter, since python 3.10) | sebres | 2022-08-17 | 1 | -1/+1 |
| | | | | |||||
| | | * | fixes #3334: speedup daemonization process by huge open files limit (try to ↵ | sebres | 2022-08-17 | 1 | -5/+37 |
| | | | | | | | | | | | | | | | | close open file descriptors obtained from `/proc/self/fd` or `/proc/fd`) | ||||
| | | * | sendmail-auth: coverage for auth-failure without user part | Sergey G. Brester | 2022-08-01 | 1 | -0/+2 |
| | | | | | | | | | | | | https://github.com/fail2ban/fail2ban/issues/2757#issuecomment-1199948639 | ||||
| * | | | no extra var needed for iterator | Sergey G. Brester | 2022-08-09 | 1 | -2/+1 |
| | | | | |||||
| * | | | reverse in a single line | Tomer Shalev | 2022-08-07 | 1 | -2/+1 |
| | | | | |||||
| * | | | Merge branch '0.11' | sebres | 2022-06-21 | 5 | -2/+25 |
| |\ \ \ | | |/ / | |||||
| | * | | Merge remote-tracking branch 'remotes/gh-upstream/0.10' into 0.11 | sebres | 2022-06-21 | 5 | -2/+25 |
| | |\ \ | | | |/ | |||||
| | | * | skip test if readline module missing (add it as optional module installs in ↵ | sebres | 2022-06-21 | 1 | -0/+5 |
| | | | | | | | | | | | | | | | | GHA workflow) | ||||
| | | * | wrap global flags like ((?i)xxx) or (?:(?i)xxx) to local flags (?i:xxx) if ↵ | sebres | 2022-06-21 | 1 | -0/+10 |
| | | | | | | | | | | | | | | | | supported by RE-engine in the python version | ||||
| | | * | move global groups to start of expression (python 3.11 compat) | sebres | 2022-06-21 | 2 | -1/+9 |
| | | | | |||||
| | | * | fixes typo (copy&paste) by logging of flush impossibility at consistency ↵ | Sergey G. Brester | 2022-06-19 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | check, #3306 | ||||
| * | | | Merge branch '0.11' | sebres | 2022-06-02 | 1 | -1/+1 |
| |\ \ \ | | |/ / |