summaryrefslogtreecommitdiff
path: root/fail2ban
Commit message (Collapse)AuthorAgeFilesLines
* failregex.py: resolve deprecation warning for sre_constantsHEADmasterSergey G. Brester2023-05-031-2/+1
| | | closes gh-3508
* avoid confusion of path as failure ID with IP/CIDR notation, improve IP/CIDR ↵sebres2023-04-264-10/+53
| | | | | | | parsing; wrong CIDR notation or invalid plen always causes a fallback to raw string now; fixes recognition of `::` and `::/32`
* new test messages for exim (gh-3497)Sergey G. Brester2023-04-241-0/+4
|
* fail2banregextestcase: compatibility fix for testWrongRESergey G. Brester2023-04-041-1/+1
|
* filtertestcase.py: byte related copy of lines in tests (locale independent); ↵sebres2023-04-042-27/+37
| | | | closes gh-2936
* Merge branch 'master' into nginx-forbiddenSergey G. Brester2023-03-23109-2409/+7132
|\
| * gh-3447: fix careless mistake arisen in ↵sebres2023-01-171-2/+1
| | | | | | | | b12a3acb06fed4f240e1cea20f4b07f913edf221 by attempt to implement new reload capacity (rewritten latter): causing error "'noduplicates' is not defined" by double jail configuration
| * don't add subnets to local addresses of `ignoreself` from network ↵sebres2023-01-112-23/+41
| | | | | | | | interfaces, use only IPs instead (subnets may be too heavy and not wanted, todo: make it configurable later)
| * amend with few improvements, IPv6IsAllowed prefers IPs from network ↵sebres2023-01-102-100/+139
| | | | | | | | interfaces (if available for platform) and uses DNS (socket.getaddrinfo) as a fallback only
| * try to obtain local addresses from network interfaces before DNS to IP ↵sebres2023-01-092-23/+173
| | | | | | | | | | | | lookup (closes gh-3132); DNSUtils.getSelfIP returns IPAddrSet now (because own IPs may be the subnets now, so the check `ignoreself` must check whether any of subnets contains the IP)
| * improve auto detection of IPv6 - try to check sysctl ↵sebres2023-01-091-0/+7
| | | | | | | | net.ipv6.conf.all.disable_ipv6 (prefer value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`)
| * better auto-detection for IPv6 support (`allowipv6 = auto` by default); ↵sebres2023-01-061-4/+38
| | | | | | | | circumvent SF in some python's socket module by getaddrinfo with disabled IPv6 (closes gh-3438)
| * no warning if no config value but default (debug message now)Sergey G. Brester2022-11-281-1/+1
| | | | | | closes #3420
| * Dante SOCKS server: handle "1 byte/second" caseAndrey Alekseenko2022-11-171-0/+2
| | | | | | | | Thanks to @Loriowar and @sebres for pointing it out
| * Create filter for Dante SOCKS serverAndrey Alekseenko2022-11-171-0/+4
| |
| * Merge branch 'gh-3405'sebres2022-11-151-0/+3
| |\
| | * filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new ↵sebres2022-11-141-0/+3
| | | | | | | | | | | | format with GS and additional parameters, e. g. grantors)
| * | fix cut out of match for pattern with `{EPOCH}` (similar to other ↵sebres2022-11-142-2/+13
| |/ | | | | | | | | | | datepatterns group capturing whole regex only added if no groups specified at all); allows to specify more precise anchored patterns, for example `datepattern = ^type=\S+ msg=audit\(({EPOCH})` for selinux-filters
| * version bumpsebres2022-11-141-1/+1
| |
| * update 1.0.2 -- finally-war-game-test-tape-not-a-nuclear-alarm1.0.2sebres2022-11-091-1/+1
| |
| * Merge branch '0.11'sebres2022-11-081-13/+40
| |\
| | * Merge branch '0.10' into 0.11sebres2022-11-021-13/+40
| | |\
| | | * filtersystemd: code review, wait only if it is necessary - in operational ↵sebres2022-11-021-13/+40
| | | | | | | | | | | | | | | | | | | | | | | | mode and if no more entries retrieved (end of journal); attempt to fix gh-3396 - ensure we give enough time after journal.wait returns with INVALIDATE (due to rotation, vacuuming or journal files added/removed etc) and move cursor back and forth to avoid entering dead space
| * | | `filter.d/named-refused.conf` extended (closes gh-3388):sebres2022-11-031-0/+5
| | | | | | | | | | | | | | | | | | | | - support BIND named log categories - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)
| * | | fixes gh-3370: resolve extremely long search by repeated apply of non-greedy ↵sebres2022-10-041-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests amend to gh-3210: fixes regression and matches new format in aggressive mode too
| * | | test-suite: avoid mistaken match that confuses output with working on line ↵sebres2022-09-281-13/+13
| | | | | | | | | | | | | | | | message by deep debugging of test (e. g. with `-l 4`)
| * | | version bumpsebres2022-09-271-1/+1
| | | |
| * | | release 1.0.1 -- energy-equals-mass-times-the-speed-of-light-squared1.0.1sebres2022-09-271-1/+1
| | | |
| * | | Merge branch '0.11'sebres2022-09-165-92/+155
| |\ \ \ | | |/ /
| | * | Merge branch '0.10' into 0.110.11sebres2022-09-165-93/+156
| | |\ \ | | | |/ | | | | | | | | (conflicts resolved)
| | | * explicitly close cursor if not needed anymore (GC can grab it late)0.10sebres2022-09-161-22/+28
| | | |
| | | * fixes gh-3352: failed update of database didn't signal with an errorsebres2022-09-165-38/+94
| | | | | | | | | | | | | | | | | | | | | | | | * client and server exit with error code by failure during start process (in foreground mode) * added fallback to repair if database cannot be upgraded code review and unify (more homogeneous by client and server now)
| * | | Merge branch '0.11'sebres2022-09-082-3/+11
| |\ \ \ | | |/ /
| | * | Merge branch '0.10' into 0.11sebres2022-09-082-3/+11
| | |\ \ | | | |/ | | | | | | | | (conflicts resolved)
| | | * provides details of failed regex compilation in the error message we throw ↵sebres2022-09-082-3/+11
| | | | | | | | | | | | | | | | in Regex-constructor (it's good to know what exactly is wrong)
| * | | New logtarget: systemd-journal;sebres2022-08-292-4/+8
| | | | | | | | | | | | | | | | rebased #1403 from da2x:feature-systemd-journal
| * | | Merge branch '0.11'sebres2022-08-173-6/+40
| |\ \ \ | | |/ /
| | * | Merge branch '0.10' into 0.11sebres2022-08-173-6/+40
| | |\ \ | | | |/
| | | * code review (replace deprecated setter, since python 3.10)sebres2022-08-171-1/+1
| | | |
| | | * fixes #3334: speedup daemonization process by huge open files limit (try to ↵sebres2022-08-171-5/+37
| | | | | | | | | | | | | | | | close open file descriptors obtained from `/proc/self/fd` or `/proc/fd`)
| | | * sendmail-auth: coverage for auth-failure without user partSergey G. Brester2022-08-011-0/+2
| | | | | | | | | | | | https://github.com/fail2ban/fail2ban/issues/2757#issuecomment-1199948639
| * | | no extra var needed for iteratorSergey G. Brester2022-08-091-2/+1
| | | |
| * | | reverse in a single lineTomer Shalev2022-08-071-2/+1
| | | |
| * | | Merge branch '0.11'sebres2022-06-215-2/+25
| |\ \ \ | | |/ /
| | * | Merge remote-tracking branch 'remotes/gh-upstream/0.10' into 0.11sebres2022-06-215-2/+25
| | |\ \ | | | |/
| | | * skip test if readline module missing (add it as optional module installs in ↵sebres2022-06-211-0/+5
| | | | | | | | | | | | | | | | GHA workflow)
| | | * wrap global flags like ((?i)xxx) or (?:(?i)xxx) to local flags (?i:xxx) if ↵sebres2022-06-211-0/+10
| | | | | | | | | | | | | | | | supported by RE-engine in the python version
| | | * move global groups to start of expression (python 3.11 compat)sebres2022-06-212-1/+9
| | | |
| | | * fixes typo (copy&paste) by logging of flush impossibility at consistency ↵Sergey G. Brester2022-06-191-1/+1
| | | | | | | | | | | | | | | | check, #3306
| * | | Merge branch '0.11'sebres2022-06-021-1/+1
| |\ \ \ | | |/ /
View Lorry Controller Status