You can subscribe to this list here.
2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(24) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2007 |
Jan
(31) |
Feb
(17) |
Mar
(14) |
Apr
(5) |
May
(14) |
Jun
(8) |
Jul
(9) |
Aug
(14) |
Sep
(4) |
Oct
(5) |
Nov
(3) |
Dec
(14) |
2008 |
Jan
(6) |
Feb
(5) |
Mar
(29) |
Apr
(6) |
May
(12) |
Jun
|
Jul
(5) |
Aug
(7) |
Sep
|
Oct
(5) |
Nov
|
Dec
|
2009 |
Jan
(7) |
Feb
(8) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(17) |
Sep
(6) |
Oct
|
Nov
|
Dec
(2) |
2010 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
(3) |
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
2011 |
Jan
|
Feb
|
Mar
(10) |
Apr
|
May
(1) |
Jun
(2) |
Jul
(3) |
Aug
(9) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
From: <yar...@us...> - 2011-03-23 20:36:03
|
Revision: 767 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=767&view=rev Author: yarikoptic Date: 2011-03-23 20:35:56 +0000 (Wed, 23 Mar 2011) Log Message: ----------- BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232 It should be robust since /var/run/fail2ban is guaranteed to exist to carry the socket file, and it will be owned by root (or some other dedicated fail2ban user) thus avoiding possibility for the exploit Modified Paths: -------------- branches/FAIL2BAN-0_8/config/action.d/dshield.conf branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf Modified: branches/FAIL2BAN-0_8/config/action.d/dshield.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/dshield.conf 2010-09-27 13:18:32 UTC (rev 766) +++ branches/FAIL2BAN-0_8/config/action.d/dshield.conf 2011-03-23 20:35:56 UTC (rev 767) @@ -206,5 +206,5 @@ # Notes.: Base name of temporary files used for buffering # Values: [ STRING ] Default: /tmp/fail2ban-dshield # -tmpfile = /tmp/fail2ban-dshield +tmpfile = /var/run/fail2ban/tmp-dshield Modified: branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf 2010-09-27 13:18:32 UTC (rev 766) +++ branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf 2011-03-23 20:35:56 UTC (rev 767) @@ -81,7 +81,7 @@ # Default temporary file # -tmpfile = /tmp/fail2ban-mail.txt +tmpfile = /var/run/fail2ban/tmp-mail.txt # Destination/Addressee of the mail # Modified: branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf 2010-09-27 13:18:32 UTC (rev 766) +++ branches/FAIL2BAN-0_8/config/action.d/mynetwatchman.conf 2011-03-23 20:35:56 UTC (rev 767) @@ -141,4 +141,4 @@ # Notes.: Base name of temporary files # Values: [ STRING ] Default: /tmp/fail2ban-mynetwatchman # -tmpfile = /tmp/fail2ban-mynetwatchman +tmpfile = /var/run/fail2ban/tmp-mynetwatchman Modified: branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf =================================================================== --- branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf 2010-09-27 13:18:32 UTC (rev 766) +++ branches/FAIL2BAN-0_8/config/action.d/sendmail-buffered.conf 2011-03-23 20:35:56 UTC (rev 767) @@ -101,5 +101,5 @@ # Default temporary file # -tmpfile = /tmp/fail2ban-mail.txt +tmpfile = /var/run/fail2ban/tmp-mail.txt This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <yar...@us...> - 2010-09-27 13:18:39
|
Revision: 766 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=766&view=rev Author: yarikoptic Date: 2010-09-27 13:18:32 +0000 (Mon, 27 Sep 2010) Log Message: ----------- spellcheck jail.conf. Thanks Christoph Anton Mitterer Modified Paths: -------------- branches/FAIL2BAN-0_8/config/jail.conf Modified: branches/FAIL2BAN-0_8/config/jail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/jail.conf 2010-09-27 13:10:48 UTC (rev 765) +++ branches/FAIL2BAN-0_8/config/jail.conf 2010-09-27 13:18:32 UTC (rev 766) @@ -5,7 +5,7 @@ # $Revision$ # -# The DEFAULT allows a global definition of the options. They can be override +# The DEFAULT allows a global definition of the options. They can be overridden # in each jail afterwards. [DEFAULT] @@ -212,7 +212,7 @@ # This jail blocks UDP traffic for DNS requests. # !!! WARNING !!! -# Since UDP is connectionless protocol, spoofing of IP and immitation +# Since UDP is connection-less protocol, spoofing of IP and imitation # of illegal actions is way too simple. Thus enabling of this filter # might provide an easy way for implementing a DoS against a chosen # victim. See This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <yar...@us...> - 2010-09-27 13:10:54
|
Revision: 765 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=765&view=rev Author: yarikoptic Date: 2010-09-27 13:10:48 +0000 (Mon, 27 Sep 2010) Log Message: ----------- default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200 Modified Paths: -------------- branches/FAIL2BAN-0_8/config/jail.conf Modified: branches/FAIL2BAN-0_8/config/jail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/jail.conf 2010-09-27 13:10:40 UTC (rev 764) +++ branches/FAIL2BAN-0_8/config/jail.conf 2010-09-27 13:10:48 UTC (rev 765) @@ -13,7 +13,7 @@ # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. -ignoreip = 127.0.0.1 +ignoreip = 127.0.0.1/8 # "bantime" is the number of seconds that a host is banned. bantime = 600 This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <yar...@us...> - 2010-09-27 13:10:46
|
Revision: 764 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=764&view=rev Author: yarikoptic Date: 2010-09-27 13:10:40 +0000 (Mon, 27 Sep 2010) Log Message: ----------- Tai64N stores time in GMT, we need to convert to local time before returning Modified Paths: -------------- branches/FAIL2BAN-0_8/server/datetemplate.py Modified: branches/FAIL2BAN-0_8/server/datetemplate.py =================================================================== --- branches/FAIL2BAN-0_8/server/datetemplate.py 2010-09-21 17:52:44 UTC (rev 763) +++ branches/FAIL2BAN-0_8/server/datetemplate.py 2010-09-27 13:10:40 UTC (rev 764) @@ -1,4 +1,4 @@ -# -*- coding: utf8 -*- +# -*- coding: utf-8 -*- # This file is part of Fail2Ban. # # Fail2Ban is free software; you can redistribute it and/or modify @@ -168,7 +168,8 @@ # extract part of format which represents seconds since epoch value = dateMatch.group() seconds_since_epoch = value[2:17] - date = list(time.gmtime(int(seconds_since_epoch, 16))) + # convert seconds from HEX into local time stamp + date = list(time.localtime(int(seconds_since_epoch, 16))) return date This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <yar...@us...> - 2010-09-21 17:52:51
|
Revision: 763 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=763&view=rev Author: yarikoptic Date: 2010-09-21 17:52:44 +0000 (Tue, 21 Sep 2010) Log Message: ----------- debug entry for lines ignored due to falling below findtime (v2) Modified Paths: -------------- branches/FAIL2BAN-0_8/server/filter.py Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2010-06-29 01:38:05 UTC (rev 762) +++ branches/FAIL2BAN-0_8/server/filter.py 2010-09-21 17:52:44 UTC (rev 763) @@ -268,7 +268,11 @@ for element in self.processLine(line): ip = element[0] unixTime = element[1] + logSys.debug("Processing line with time:%s and ip:%s" + % (unixTime, ip)) if unixTime < MyTime.time() - self.getFindTime(): + logSys.debug("Ignore line since time %s < %s - %s" + % (unixTime, MyTime.time(), self.getFindTime())) break if self.inIgnoreIPList(ip): logSys.debug("Ignore %s" % ip) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <yar...@us...> - 2010-06-29 01:38:12
|
Revision: 762 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=762&view=rev Author: yarikoptic Date: 2010-06-29 01:38:05 +0000 (Tue, 29 Jun 2010) Log Message: ----------- disabling entirely named-refused-udp jail with a big fat warning Modified Paths: -------------- trunk/config/jail.conf Modified: trunk/config/jail.conf =================================================================== --- trunk/config/jail.conf 2010-06-29 01:34:08 UTC (rev 761) +++ trunk/config/jail.conf 2010-06-29 01:38:05 UTC (rev 762) @@ -212,15 +212,23 @@ # in your named.conf to provide proper logging. # This jail blocks UDP traffic for DNS requests. -[named-refused-udp] +# !!! WARNING !!! +# Since UDP is connectionless protocol, spoofing of IP and immitation +# of illegal actions is way too simple. Thus enabling of this filter +# might provide an easy way for implementing a DoS against a chosen +# victim. See +# http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html +# Please DO NOT USE this jail unless you know what you are doing. +# +# [named-refused-udp] +# +# enabled = false +# filter = named-refused +# action = iptables-multiport[name=Named, port="domain,953", protocol=udp] +# sendmail-whois[name=Named, dest=yo...@ma...] +# logpath = /var/log/named/security.log +# ignoreip = 168.192.0.1 -enabled = false -filter = named-refused -action = iptables-multiport[name=Named, port="domain,953", protocol=udp] - sendmail-whois[name=Named, dest=yo...@ma...] -logpath = /var/log/named/security.log -ignoreip = 168.192.0.1 - # This jail blocks TCP traffic for DNS requests. [named-refused-tcp] This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <yar...@us...> - 2010-06-29 01:34:15
|
Revision: 761 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=761&view=rev Author: yarikoptic Date: 2010-06-29 01:34:08 +0000 (Tue, 29 Jun 2010) Log Message: ----------- disabling entirely named-refused-udp jail with a big fat warning Modified Paths: -------------- branches/FAIL2BAN-0_8/config/jail.conf Modified: branches/FAIL2BAN-0_8/config/jail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/jail.conf 2010-06-22 14:33:05 UTC (rev 760) +++ branches/FAIL2BAN-0_8/config/jail.conf 2010-06-29 01:34:08 UTC (rev 761) @@ -211,15 +211,23 @@ # in your named.conf to provide proper logging. # This jail blocks UDP traffic for DNS requests. -[named-refused-udp] +# !!! WARNING !!! +# Since UDP is connectionless protocol, spoofing of IP and immitation +# of illegal actions is way too simple. Thus enabling of this filter +# might provide an easy way for implementing a DoS against a chosen +# victim. See +# http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html +# Please DO NOT USE this jail unless you know what you are doing. +# +# [named-refused-udp] +# +# enabled = false +# filter = named-refused +# action = iptables-multiport[name=Named, port="domain,953", protocol=udp] +# sendmail-whois[name=Named, dest=yo...@ma...] +# logpath = /var/log/named/security.log +# ignoreip = 168.192.0.1 -enabled = false -filter = named-refused -action = iptables-multiport[name=Named, port="domain,953", protocol=udp] - sendmail-whois[name=Named, dest=yo...@ma...] -logpath = /var/log/named/security.log -ignoreip = 168.192.0.1 - # This jail blocks TCP traffic for DNS requests. [named-refused-tcp] This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <yar...@us...> - 2010-06-22 14:33:12
|
Revision: 760 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=760&view=rev Author: yarikoptic Date: 2010-06-22 14:33:05 +0000 (Tue, 22 Jun 2010) Log Message: ----------- ENH: adding gen_badbots script to generate apache-badbots.conf Modified Paths: -------------- trunk/config/filter.d/apache-badbots.conf Added Paths: ----------- trunk/files/gen_badbots Modified: trunk/config/filter.d/apache-badbots.conf =================================================================== --- trunk/config/filter.d/apache-badbots.conf 2010-05-01 13:26:02 UTC (rev 759) +++ trunk/config/filter.d/apache-badbots.conf 2010-06-22 14:33:05 UTC (rev 760) @@ -1,7 +1,7 @@ # Fail2Ban configuration file # # List of bad bots fetched from http://www.user-agents.org -# Generated on Sun Feb 11 01:09:15 EST 2007 by ./badbots.sh +# Generated on Sun Feb 11 01:09:15 EST 2007 by gen_badbots # # Author: Yaroslav Halchenko # Added: trunk/files/gen_badbots =================================================================== --- trunk/files/gen_badbots (rev 0) +++ trunk/files/gen_badbots 2010-06-22 14:33:05 UTC (rev 760) @@ -0,0 +1,83 @@ +#!/bin/bash +#-------------------------- =+- Shell script -+= -------------------------- +# +# @file badbots.sh +# @date Sun Feb 11 00:49:53 2007 +# @brief +# +# +# Yaroslav Halchenko CS@UNM, CS@NJIT +# web: http://www.onerussian.com & PSYCH@RUTGERS +# e-mail: yo...@on... ICQ#: 60653192 +# +# DESCRIPTION (NOTES): +# +# Script to fetch list of agent strings from http://www.user-agents.org +# which are known to be from mailicious bots, and create apache-badbots.conf +# filter for fail2ban +# +# COPYRIGHT: Yaroslav Halchenko 2007-2010 +# +# LICENSE: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# On Debian system see /usr/share/common-licenses/GPL for the full license. +# +#-----------------\____________________________________/------------------ + +url=http://www.user-agents.org/index.shtml +badbots=$( +for f in "" "?g_l" "?m" "?n_s" "?t_z"; do + wget -q -O- $url$f; +done \ +| grep -h -B4 '<td class="smallcell" nowrap>S </td>'\ +| sed -e 's/ //g' \ +| awk '/^--/{getline; gsub(" ",""); print $0}' \ +| sed -e 's/\([.\:|()]\)/\\\1/g' \ +| tr '\n' '|' \ +| sed -e 's/|$//g' +) + +echo $badbots >| /tmp/badbots.tmp + +cat >| apache-badbots.conf <<EOF +# Fail2Ban configuration file +# +# List of bad bots fetched from http://www.user-agents.org +# Generated on `date` by $0 +# +# Author: Yaroslav Halchenko +# +# + +[Definition] +badbotscustom = EmailCollector|WebEMailExtrac +badbots = $badbots + +# Option: failregex +# Notes.: Regexp to catch known spambots and software alike. Please verify that +# it is your intent to block IPs which were driven by abovementioned bots +# Values: TEXT +# +failregex = ^(?P<host>\S*) -.*"GET.*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"\$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = +EOF Property changes on: trunk/files/gen_badbots ___________________________________________________________________ Added: svn:executable + * This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <bu...@us...> - 2010-05-01 13:26:09
|
Revision: 759 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=759&view=rev Author: buanzo Date: 2010-05-01 13:26:02 +0000 (Sat, 01 May 2010) Log Message: ----------- added psad filter and jail, needs some reviewing. works OK. Modified Paths: -------------- trunk/config/jail.conf Added Paths: ----------- trunk/config/filter.d/psad.conf Added: trunk/config/filter.d/psad.conf =================================================================== --- trunk/config/filter.d/psad.conf (rev 0) +++ trunk/config/filter.d/psad.conf 2010-05-01 13:26:02 UTC (rev 759) @@ -0,0 +1,19 @@ +# Fail2Ban configuration file +# +# Author: Arturo 'Buanzo' Busleiman <bu...@bu...> +# + +[Definition] + +# Option: failregex +# Notes.: regex to match psad "scan detected" line, example: +# +# Apr 30 23:35:06 mx4 psad: scan detected: 221.192.199.49 -> 85.13.200.90 tcp: [8000] flags: SYN tcp pkts: 1 DL: 2 +# +failregex = ^.*\ psad\:\ scan\ detected\:\ <HOST>\ \-\>\ .*$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = Modified: trunk/config/jail.conf =================================================================== --- trunk/config/jail.conf 2010-03-04 17:15:12 UTC (rev 758) +++ trunk/config/jail.conf 2010-05-01 13:26:02 UTC (rev 759) @@ -153,8 +153,9 @@ logpath = /var/log/apache2/error_log # Ban attackers that try to use PHP's URL-fopen() functionality -# through GET/POST variables. - Experimental, with more than a year -# of usage in production environments. +# through GET/POST variables. +# Make sure you edit the filter if you need to allow certain requests. +# Adapt logpath as required! [php-url-fopen] @@ -231,3 +232,16 @@ logpath = /var/log/named/security.log ignoreip = 168.192.0.1 + +# PSAD support for fail2ban by Buanzo. +# psad detects portscans, and logs the details to /var/log/messages +# With this jail, you can ban attackers that portscan you (for example, with the excellent Nmap) +# TODO: It needs a proper action, and decide on default port range/list + +[psad] + +enabled = false +port = ssh,http,https,smtp,ftp +filter = psad +logpath = /var/log/messages +maxretry = 1 This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <bu...@us...> - 2010-03-04 17:15:18
|
Revision: 758 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=758&view=rev Author: buanzo Date: 2010-03-04 17:15:12 +0000 (Thu, 04 Mar 2010) Log Message: ----------- added time module. bug reported in buanzo's blog at http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html Modified Paths: -------------- branches/FAIL2BAN-0_8/server/filter.py Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2009-12-15 22:57:54 UTC (rev 757) +++ branches/FAIL2BAN-0_8/server/filter.py 2010-03-04 17:15:12 UTC (rev 758) @@ -31,7 +31,7 @@ from mytime import MyTime from failregex import FailRegex, Regex, RegexException -import logging, re, os, fcntl +import logging, re, os, fcntl, time # Gets the instance of the logger. logSys = logging.getLogger("fail2ban.filter") This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2009-12-15 22:58:02
|
Revision: 757 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=757&view=rev Author: lostcontrol Date: 2009-12-15 22:57:54 +0000 (Tue, 15 Dec 2009) Log Message: ----------- - Patch to make log file descriptors cloexec to stop leaking file descriptors on fork/exec. Thanks to Jonathan Underwood. https://bugzilla.redhat.com/show_bug.cgi?id=230191#c24 Modified Paths: -------------- branches/FAIL2BAN-0_8/server/filter.py Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2009-12-15 22:54:57 UTC (rev 756) +++ branches/FAIL2BAN-0_8/server/filter.py 2009-12-15 22:57:54 UTC (rev 757) @@ -31,7 +31,7 @@ from mytime import MyTime from failregex import FailRegex, Regex, RegexException -import logging, re, os +import logging, re, os, fcntl # Gets the instance of the logger. logSys = logging.getLogger("fail2ban.filter") @@ -469,6 +469,9 @@ def open(self): self.__handler = open(self.__filename) + # Set the file descriptor to be FD_CLOEXEC + fd = self.__handler.fileno() + fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC) firstLine = self.__handler.readline() # Computes the MD5 of the first line. myHash = md5.new(firstLine).digest() This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2009-12-15 22:55:05
|
Revision: 756 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=756&view=rev Author: lostcontrol Date: 2009-12-15 22:54:57 +0000 (Tue, 15 Dec 2009) Log Message: ----------- - Changed to SVN version. Modified Paths: -------------- branches/FAIL2BAN-0_8/common/version.py Modified: branches/FAIL2BAN-0_8/common/version.py =================================================================== --- branches/FAIL2BAN-0_8/common/version.py 2009-09-07 19:15:32 UTC (rev 755) +++ branches/FAIL2BAN-0_8/common/version.py 2009-12-15 22:54:57 UTC (rev 756) @@ -24,4 +24,4 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier" __license__ = "GPL" -version = "0.8.4" +version = "0.8.4-SVN" This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2009-09-07 19:15:47
|
Revision: 755 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=755&view=rev Author: lostcontrol Date: 2009-09-07 19:15:32 +0000 (Mon, 07 Sep 2009) Log Message: ----------- - Release 0.8.4. Added Paths: ----------- tags/FAIL2BAN-0_8_4/ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2009-09-07 19:13:52
|
Revision: 754 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=754&view=rev Author: lostcontrol Date: 2009-09-07 19:13:45 +0000 (Mon, 07 Sep 2009) Log Message: ----------- - Release 0.8.4. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog branches/FAIL2BAN-0_8/README branches/FAIL2BAN-0_8/common/version.py Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2009-09-01 21:29:13 UTC (rev 753) +++ branches/FAIL2BAN-0_8/ChangeLog 2009-09-07 19:13:45 UTC (rev 754) @@ -4,10 +4,10 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ================================================================================ -Fail2Ban (version 0.8.4) 2009/02/?? +Fail2Ban (version 0.8.4) 2009/09/07 ================================================================================ -ver. 0.8.4 (2009/??/??) - stable +ver. 0.8.4 (2009/09/07) - stable ---------- - Check the inode number for rotation in addition to checking the first line of the file. Thanks to Jonathan Kamens. Red Hat #503852. Tracker #2800279. Modified: branches/FAIL2BAN-0_8/README =================================================================== --- branches/FAIL2BAN-0_8/README 2009-09-01 21:29:13 UTC (rev 753) +++ branches/FAIL2BAN-0_8/README 2009-09-07 19:13:45 UTC (rev 754) @@ -4,7 +4,7 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ================================================================================ -Fail2Ban (version 0.8.4) 2009/??/?? +Fail2Ban (version 0.8.4) 2009/09/07 ================================================================================ Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many @@ -71,7 +71,8 @@ Thimm, Eric Gerbier, Christian Rauch, Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner, Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann, Vincent Deffontaines, -Bill Heaton, Russell Odom, Christos Psonis and many others. +Bill Heaton, Russell Odom, Christos Psonis, Arturo 'Buanzo' Busleiman and many +others. License: -------- Modified: branches/FAIL2BAN-0_8/common/version.py =================================================================== --- branches/FAIL2BAN-0_8/common/version.py 2009-09-01 21:29:13 UTC (rev 753) +++ branches/FAIL2BAN-0_8/common/version.py 2009-09-07 19:13:45 UTC (rev 754) @@ -24,4 +24,4 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier" __license__ = "GPL" -version = "0.8.3-SVN" +version = "0.8.4" This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2009-09-01 21:29:26
|
Revision: 753 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=753&view=rev Author: lostcontrol Date: 2009-09-01 21:29:13 +0000 (Tue, 01 Sep 2009) Log Message: ----------- - Oups... Forgot the ChangeLog... Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2009-09-01 21:21:30 UTC (rev 752) +++ branches/FAIL2BAN-0_8/ChangeLog 2009-09-01 21:29:13 UTC (rev 753) @@ -9,6 +9,8 @@ ver. 0.8.4 (2009/??/??) - stable ---------- +- Check the inode number for rotation in addition to checking the first line of + the file. Thanks to Jonathan Kamens. Red Hat #503852. Tracker #2800279. - Moved the shutdown of the logging subsystem out of Server.quit() to the end of Server.start(). Fixes the 'cannot release un-acquired lock' error. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2009-09-01 21:21:40
|
Revision: 752 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=752&view=rev Author: lostcontrol Date: 2009-09-01 21:21:30 +0000 (Tue, 01 Sep 2009) Log Message: ----------- - Check the inode number for rotation in addition to checking the first line of the file. Thanks to Jonathan Kamens. - Red Hat Bugzilla - Bug 503852 - SF.net Bug #2800279. Modified Paths: -------------- branches/FAIL2BAN-0_8/server/filter.py Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2009-09-01 20:25:32 UTC (rev 751) +++ branches/FAIL2BAN-0_8/server/filter.py 2009-09-01 21:21:30 UTC (rev 752) @@ -31,7 +31,7 @@ from mytime import MyTime from failregex import FailRegex, Regex, RegexException -import logging, re +import logging, re, os # Gets the instance of the logger. logSys = logging.getLogger("fail2ban.filter") @@ -449,6 +449,8 @@ self.__handler = None # Try to open the file. Raises an exception if an error occured. handler = open(filename) + stats = os.fstat(handler.fileno()) + self.__ino = stats.st_ino try: firstLine = handler.readline() # Computes the MD5 of the first line. @@ -470,10 +472,12 @@ firstLine = self.__handler.readline() # Computes the MD5 of the first line. myHash = md5.new(firstLine).digest() - # Compare hash. - if not self.__hash == myHash: + stats = os.fstat(self.__handler.fileno()) + # Compare hash and inode + if self.__hash != myHash or self.__ino != stats.st_ino: logSys.info("Log rotation detected for %s" % self.__filename) self.__hash = myHash + self.__ino = stats.st_ino self.__pos = 0 # Sets the file pointer to the last position. self.__handler.seek(self.__pos) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2009-09-01 20:25:40
|
Revision: 751 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=751&view=rev Author: lostcontrol Date: 2009-09-01 20:25:32 +0000 (Tue, 01 Sep 2009) Log Message: ----------- - Fixed typo. Thanks to Dudi Goldenberg. Modified Paths: -------------- branches/FAIL2BAN-0_8/common/protocol.py Modified: branches/FAIL2BAN-0_8/common/protocol.py =================================================================== --- branches/FAIL2BAN-0_8/common/protocol.py 2009-09-01 17:33:04 UTC (rev 750) +++ branches/FAIL2BAN-0_8/common/protocol.py 2009-09-01 20:25:32 UTC (rev 751) @@ -52,7 +52,7 @@ ["set <JAIL> addignoreip <IP>", "adds <IP> to the ignore list of <JAIL>"], ["set <JAIL> delignoreip <IP>", "removes <IP> from the ignore list of <JAIL>"], ["set <JAIL> addlogpath <FILE>", "adds <FILE> to the monitoring list of <JAIL>"], -["set <JAIL> dellogpath <FILE>", "removes <FILE> to the monitoring list of <JAIL>"], +["set <JAIL> dellogpath <FILE>", "removes <FILE> from the monitoring list of <JAIL>"], ["set <JAIL> addfailregex <REGEX>", "adds the regular expression <REGEX> which must match failures for <JAIL>"], ["set <JAIL> delfailregex <INDEX>", "removes the regular expression at <INDEX> for failregex"], ["set <JAIL> addignoreregex <REGEX>", "adds the regular expression <REGEX> which should match pattern to exclude for <JAIL>"], This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <bu...@us...> - 2009-09-01 17:33:14
|
Revision: 750 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=750&view=rev Author: buanzo Date: 2009-09-01 17:33:04 +0000 (Tue, 01 Sep 2009) Log Message: ----------- added traceback to asyncserver.py's import. Modified Paths: -------------- branches/FAIL2BAN-0_8/server/asyncserver.py Modified: branches/FAIL2BAN-0_8/server/asyncserver.py =================================================================== --- branches/FAIL2BAN-0_8/server/asyncserver.py 2009-08-31 14:42:45 UTC (rev 749) +++ branches/FAIL2BAN-0_8/server/asyncserver.py 2009-09-01 17:33:04 UTC (rev 750) @@ -26,7 +26,7 @@ from pickle import dumps, loads, HIGHEST_PROTOCOL from common import helpers -import asyncore, asynchat, socket, os, logging, sys +import asyncore, asynchat, socket, os, logging, sys, traceback # Gets the instance of the logger. logSys = logging.getLogger("fail2ban.server") This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <bu...@us...> - 2009-08-31 14:42:52
|
Revision: 749 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=749&view=rev Author: buanzo Date: 2009-08-31 14:42:45 +0000 (Mon, 31 Aug 2009) Log Message: ----------- Added item about logging subsystem shutdown being moved, to Changelog. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2009-08-31 14:14:02 UTC (rev 748) +++ branches/FAIL2BAN-0_8/ChangeLog 2009-08-31 14:42:45 UTC (rev 749) @@ -9,6 +9,9 @@ ver. 0.8.4 (2009/??/??) - stable ---------- +- Moved the shutdown of the logging subsystem out of Server.quit() to + the end of Server.start(). Fixes the 'cannot release un-acquired lock' + error. - Added "Ban IP" command. Thanks to Arturo 'Buanzo' Busleiman. - Added two new filters: lighttpd-fastcgi and php-url-fopen. - Fixed the 'unexpected communication error' problem by means of This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <bu...@us...> - 2009-08-31 14:14:09
|
Revision: 748 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=748&view=rev Author: buanzo Date: 2009-08-31 14:14:02 +0000 (Mon, 31 Aug 2009) Log Message: ----------- moved logging shutdown out of quit(), into end of start() in server.py Modified Paths: -------------- branches/FAIL2BAN-0_8/server/server.py Modified: branches/FAIL2BAN-0_8/server/server.py =================================================================== --- branches/FAIL2BAN-0_8/server/server.py 2009-08-31 13:57:32 UTC (rev 747) +++ branches/FAIL2BAN-0_8/server/server.py 2009-08-31 14:14:02 UTC (rev 748) @@ -96,11 +96,6 @@ except OSError, e: logSys.error("Unable to remove PID file: %s" % e) logSys.info("Exiting Fail2ban") - - def quit(self): - self.stopAllJail() - # Stop communication - self.__asyncServer.stop() # Shutdowns the logging. try: self.__loggingLock.acquire() @@ -108,6 +103,11 @@ finally: self.__loggingLock.release() + def quit(self): + self.stopAllJail() + # Stop communication + self.__asyncServer.stop() + def addJail(self, name, backend): self.__jails.add(name, backend) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <bu...@us...> - 2009-08-31 13:57:39
|
Revision: 747 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=747&view=rev Author: buanzo Date: 2009-08-31 13:57:32 +0000 (Mon, 31 Aug 2009) Log Message: ----------- Disabled jail lighttpd-fastcgi by default. Modified Paths: -------------- branches/FAIL2BAN-0_8/config/jail.conf Modified: branches/FAIL2BAN-0_8/config/jail.conf =================================================================== --- branches/FAIL2BAN-0_8/config/jail.conf 2009-08-30 21:07:37 UTC (rev 746) +++ branches/FAIL2BAN-0_8/config/jail.conf 2009-08-31 13:57:32 UTC (rev 747) @@ -173,7 +173,7 @@ [lighttpd-fastcgi] -enabled = true +enabled = false port = http,https filter = lighttpd-fastcgi # adapt the following two items as needed This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2009-08-30 21:50:34
|
Revision: 746 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=746&view=rev Author: lostcontrol Date: 2009-08-30 21:07:37 +0000 (Sun, 30 Aug 2009) Log Message: ----------- - Added entry for "Ban IP" command. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2009-08-30 18:26:15 UTC (rev 745) +++ branches/FAIL2BAN-0_8/ChangeLog 2009-08-30 21:07:37 UTC (rev 746) @@ -9,6 +9,7 @@ ver. 0.8.4 (2009/??/??) - stable ---------- +- Added "Ban IP" command. Thanks to Arturo 'Buanzo' Busleiman. - Added two new filters: lighttpd-fastcgi and php-url-fopen. - Fixed the 'unexpected communication error' problem by means of use_poll=False in Python >= 2.6. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <bu...@us...> - 2009-08-30 18:26:27
|
Revision: 745 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=745&view=rev Author: buanzo Date: 2009-08-30 18:26:15 +0000 (Sun, 30 Aug 2009) Log Message: ----------- added "Ban IP" command to fail2ban branch 0.8 Modified Paths: -------------- branches/FAIL2BAN-0_8/common/protocol.py branches/FAIL2BAN-0_8/server/filter.py branches/FAIL2BAN-0_8/server/server.py branches/FAIL2BAN-0_8/server/transmitter.py Modified: branches/FAIL2BAN-0_8/common/protocol.py =================================================================== --- branches/FAIL2BAN-0_8/common/protocol.py 2009-08-30 14:49:16 UTC (rev 744) +++ branches/FAIL2BAN-0_8/common/protocol.py 2009-08-30 18:26:15 UTC (rev 745) @@ -59,6 +59,7 @@ ["set <JAIL> delignoreregex <INDEX>", "removes the regular expression at <INDEX> for ignoreregex"], ["set <JAIL> findtime <TIME>", "sets the number of seconds <TIME> for which the filter will look back for <JAIL>"], ["set <JAIL> bantime <TIME>", "sets the number of seconds <TIME> a host will be banned for <JAIL>"], +["set <JAIL> banip <IP>", "manually Ban <IP> for <JAIL>"], ["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"], ["set <JAIL> addaction <ACT>", "adds a new action named <NAME> for <JAIL>"], ["set <JAIL> delaction <ACT>", "removes the action <NAME> from <JAIL>"], Modified: branches/FAIL2BAN-0_8/server/filter.py =================================================================== --- branches/FAIL2BAN-0_8/server/filter.py 2009-08-30 14:49:16 UTC (rev 744) +++ branches/FAIL2BAN-0_8/server/filter.py 2009-08-30 18:26:15 UTC (rev 745) @@ -184,6 +184,17 @@ raise Exception("run() is abstract") ## + # Ban an IP - http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html + # Arturo 'Buanzo' Busleiman <bu...@bu...> + # + # to enable banip fail2ban-client BAN command + + def addBannedIP(self, ip): + unixTime = time.time() + self.failManager.addFailure(FailTicket(ip, unixTime)) + return ip + + ## # Add an IP/DNS to the ignore list. # # IP addresses in the ignore list are not taken into account Modified: branches/FAIL2BAN-0_8/server/server.py =================================================================== --- branches/FAIL2BAN-0_8/server/server.py 2009-08-30 14:49:16 UTC (rev 744) +++ branches/FAIL2BAN-0_8/server/server.py 2009-08-30 18:26:15 UTC (rev 745) @@ -221,6 +221,9 @@ def setBanTime(self, name, value): self.__jails.getAction(name).setBanTime(value) + def setBanIP(self, name, value): + return self.__jails.getFilter(name).addBannedIP(value) + def getBanTime(self, name): return self.__jails.getAction(name).getBanTime() Modified: branches/FAIL2BAN-0_8/server/transmitter.py =================================================================== --- branches/FAIL2BAN-0_8/server/transmitter.py 2009-08-30 14:49:16 UTC (rev 744) +++ branches/FAIL2BAN-0_8/server/transmitter.py 2009-08-30 18:26:15 UTC (rev 745) @@ -164,6 +164,9 @@ value = command[2] self.__server.setBanTime(name, int(value)) return self.__server.getBanTime(name) + elif command[1] == "banip": + value = command[2] + return self.__server.setBanIP(name,value) elif command[1] == "addaction": value = command[2] self.__server.addAction(name, value) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2009-08-30 14:49:22
|
Revision: 744 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=744&view=rev Author: lostcontrol Date: 2009-08-30 14:49:16 +0000 (Sun, 30 Aug 2009) Log Message: ----------- - Added two new filters: lighttpd-fastcgi and php-url-fopen. Modified Paths: -------------- branches/FAIL2BAN-0_8/ChangeLog Modified: branches/FAIL2BAN-0_8/ChangeLog =================================================================== --- branches/FAIL2BAN-0_8/ChangeLog 2009-08-30 14:21:41 UTC (rev 743) +++ branches/FAIL2BAN-0_8/ChangeLog 2009-08-30 14:49:16 UTC (rev 744) @@ -9,6 +9,7 @@ ver. 0.8.4 (2009/??/??) - stable ---------- +- Added two new filters: lighttpd-fastcgi and php-url-fopen. - Fixed the 'unexpected communication error' problem by means of use_poll=False in Python >= 2.6. - Merged patches from Debian package. Thanks to Yaroslav Halchenko. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <los...@us...> - 2009-08-30 14:21:51
|
Revision: 743 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=743&view=rev Author: lostcontrol Date: 2009-08-30 14:21:41 +0000 (Sun, 30 Aug 2009) Log Message: ----------- - Moved last entries in the config/ part. Modified Paths: -------------- branches/FAIL2BAN-0_8/MANIFEST Modified: branches/FAIL2BAN-0_8/MANIFEST =================================================================== --- branches/FAIL2BAN-0_8/MANIFEST 2009-08-30 14:17:29 UTC (rev 742) +++ branches/FAIL2BAN-0_8/MANIFEST 2009-08-30 14:21:41 UTC (rev 743) @@ -68,12 +68,14 @@ config/filter.d/cyrus-imap.conf config/filter.d/exim.conf config/filter.d/gssftpd.conf +config/filter.d/lighttpd-fastcgi.conf config/filter.d/named-refused.conf config/filter.d/postfix.conf config/filter.d/proftpd.conf config/filter.d/pure-ftpd.conf config/filter.d/qmail.conf config/filter.d/pam-generic.conf +config/filter.d/php-url-fopen.conf config/filter.d/sasl.conf config/filter.d/sieve.conf config/filter.d/sshd.conf @@ -122,5 +124,3 @@ files/cacti/README files/nagios/check_fail2ban files/nagios/f2ban.txt -config/filter.d/lighttpd-fastcgi.conf -config/filter.d/php-url-fopen.conf This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |