fail2banmerge #1
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add filter to detect failed login attempts in the log produced by MikroTik RouterOS. - Add the filter to jail.conf - Add testcase for the filter Signed-off-by: Vít Kabele <[email protected]>
Change unban to find by ip address not comment
… (if some name may be equal to prefix of other name)
Add action for mikrotik routerOS
…hes unrecognized commands new vector
filter.d/exim.conf: fixes "dropped: too many ..." regex (also matches unrecognized commands)
…IP/CIDR parsing; wrong CIDR notation or invalid plen always causes a fallback to raw string now; fixes recognition of `::` and `::/32`
Gentoo moved from CVS to Git in 2015. Drop the Gentoo URL from fail2ban-logrotate, because the distro specific config file has been dropped in 2013.
Update URLs for Gentoo
add install instructions for popular linux distributions
added link to wiki page install instructions
Update README.md: added reference to wiki/How-to-install-fail2ban-packages
…("Disconnecting ..." is no failure anymore, now it's helper only);
closes gh-3485
…il if no `logpath` matches found, fail2ban continue to start with warnings/errors, thus other jails become running
The "after iptables" clause in the OpenRC service script's depend() function causes fail2ban to start after iptables, if iptables is scheduled to start. Here we add "after nftables" as well: nftables is the successor to iptables, and fail2ban supports it out-of-the-box. If nftables is scheduled to start, we want to wait until it's done before starting fail2ban.
files/fail2ban-openrc.init.in: start after nftables
Correct typo. "as" should read "has"
Update apprise.conf: typo
… be never invoked in regular case)
add support for the CSF firewall
…n-count of bad IPs into account); closes gh-3845
…ying ipset too fast (sleep a bit in error case and repeat); closes gh-3624
…RNING] (changed default `_pref_line`); closes gh-3143
…pplied with command line; also avoid after-effect with "IndexError: list index out of range" from onIgnoreRegex (the lists of REs are different in filter and fail2banregex); closes gh-3895
docs: Remove outdated link to sourcecodebrowser
docs: explicitly list supported status flavors
Fix more typos
…or timeout before authentication (optional connection from part); closes gh-3907
Since Debian Bookworm, the distribution ships Dropbear with a native systemd service instead of the default upstream init.d service, and accordingly uses the `-F` and `-E` flags, to run it in foreground and have it logging to STDOUT instead of syslog. As usual, timestamps and also the PID are now included by the log message emitted by Dropbear, in addition to the systemd journal log prefix. The Dropbear filter hence does not match anymore. This commit adds the PID and timestamp as optional pattern between prefix and fail log text, to support Dropbear on Debian Bookworm and newer (and likely new versions of other distros) without breaking the old pattern when running Dropbear without `-E` flag. Additionally, for performance reasons, this commit adds a `journalmatch` entry, matching Debian's and Fedora's `dropbear.service` with `dropbear` executable/identifier, the most likely match for a Dropbear systemd service. Signed-off-by: MichaIng <[email protected]>
Dropbear uses `strftime` `"%b %d %H:%M:%S` to print its timestamps, hence we know the day and time format, but the month could be localized. We hence allow any 3 word characters for it, and additionally simplify the day and time pattern into a single group. Signed-off-by: MichaIng <[email protected]>
Fix Dropbear filter when logging to STDOUT
…t of "Exit before auth" message; closes gh-3791
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Before submitting your PR, please review the following checklist:
against certain release version, choose
0.9,0.10or0.11branch,for dev-edition use
masterbranchfailregexfor filterXwith sample log lineswithin
fail2ban/tests/files/logs/Xfile