Showing preview only (2,388K chars total). Download the full file or copy to clipboard to get everything.
Repository: fail2ban/fail2ban
Branch: master
Commit: 8be17b0981ab
Files: 521
Total size: 2.2 MB
Directory structure:
gitextract_iv3lnxih/
├── .codespellrc
├── .coveragerc
├── .gitattributes
├── .github/
│ ├── FUNDING.yml
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.md
│ │ ├── feature_request.md
│ │ └── filter_request.md
│ ├── PULL_REQUEST_TEMPLATE.md
│ └── workflows/
│ ├── codespell.yml
│ ├── main.yml
│ └── publish.yml
├── .gitignore
├── .mailmap
├── .pylintrc
├── .typos.toml
├── CONTRIBUTING.md
├── COPYING
├── ChangeLog
├── DEVELOP
├── FILTERS
├── MANIFEST
├── MANIFEST.in
├── README.Solaris
├── README.md
├── RELEASE
├── THANKS
├── TODO
├── Vagrantfile
├── bin/
│ ├── fail2ban-client
│ ├── fail2ban-regex
│ ├── fail2ban-server
│ └── fail2ban-testcases
├── config/
│ ├── action.d/
│ │ ├── abuseipdb.conf
│ │ ├── apf.conf
│ │ ├── apprise.conf
│ │ ├── blocklist_de.conf
│ │ ├── bsd-ipfw.conf
│ │ ├── cloudflare-token.conf
│ │ ├── cloudflare.conf
│ │ ├── complain.conf
│ │ ├── csf.conf
│ │ ├── dshield.conf
│ │ ├── dummy.conf
│ │ ├── firewallcmd-allports.conf
│ │ ├── firewallcmd-common.conf
│ │ ├── firewallcmd-ipset.conf
│ │ ├── firewallcmd-multiport.conf
│ │ ├── firewallcmd-new.conf
│ │ ├── firewallcmd-rich-logging.conf
│ │ ├── firewallcmd-rich-rules.conf
│ │ ├── helpers-common.conf
│ │ ├── hostsdeny.conf
│ │ ├── ipfilter.conf
│ │ ├── ipfw.conf
│ │ ├── iptables-allports.conf
│ │ ├── iptables-ipset-proto4.conf
│ │ ├── iptables-ipset-proto6-allports.conf
│ │ ├── iptables-ipset-proto6.conf
│ │ ├── iptables-ipset.conf
│ │ ├── iptables-multiport-log.conf
│ │ ├── iptables-multiport.conf
│ │ ├── iptables-new.conf
│ │ ├── iptables-xt_recent-echo.conf
│ │ ├── iptables.conf
│ │ ├── ipthreat.conf
│ │ ├── mail-buffered.conf
│ │ ├── mail-whois-common.conf
│ │ ├── mail-whois-lines.conf
│ │ ├── mail-whois.conf
│ │ ├── mail.conf
│ │ ├── mikrotik.conf
│ │ ├── mynetwatchman.conf
│ │ ├── netscaler.conf
│ │ ├── nftables-allports.conf
│ │ ├── nftables-multiport.conf
│ │ ├── nftables.conf
│ │ ├── nginx-block-map.conf
│ │ ├── npf.conf
│ │ ├── nsupdate.conf
│ │ ├── osx-afctl.conf
│ │ ├── osx-ipfw.conf
│ │ ├── pf.conf
│ │ ├── route.conf
│ │ ├── sendmail-buffered.conf
│ │ ├── sendmail-common.conf
│ │ ├── sendmail-geoip-lines.conf
│ │ ├── sendmail-whois-ipjailmatches.conf
│ │ ├── sendmail-whois-ipmatches.conf
│ │ ├── sendmail-whois-lines.conf
│ │ ├── sendmail-whois-matches.conf
│ │ ├── sendmail-whois.conf
│ │ ├── sendmail.conf
│ │ ├── shorewall-ipset-proto6.conf
│ │ ├── shorewall.conf
│ │ ├── smtp.py
│ │ ├── symbiosis-blacklist-allports.conf
│ │ ├── ufw.conf
│ │ └── xarf-login-attack.conf
│ ├── fail2ban.conf
│ ├── filter.d/
│ │ ├── 3proxy.conf
│ │ ├── apache-auth.conf
│ │ ├── apache-badbots.conf
│ │ ├── apache-botsearch.conf
│ │ ├── apache-common.conf
│ │ ├── apache-fakegooglebot.conf
│ │ ├── apache-modsecurity.conf
│ │ ├── apache-nohome.conf
│ │ ├── apache-noscript.conf
│ │ ├── apache-overflows.conf
│ │ ├── apache-pass.conf
│ │ ├── apache-shellshock.conf
│ │ ├── assp.conf
│ │ ├── asterisk.conf
│ │ ├── bitwarden.conf
│ │ ├── botsearch-common.conf
│ │ ├── centreon.conf
│ │ ├── common.conf
│ │ ├── counter-strike.conf
│ │ ├── courier-auth.conf
│ │ ├── courier-smtp.conf
│ │ ├── cyrus-imap.conf
│ │ ├── dante.conf
│ │ ├── directadmin.conf
│ │ ├── domino-smtp.conf
│ │ ├── dovecot.conf
│ │ ├── dropbear.conf
│ │ ├── drupal-auth.conf
│ │ ├── ejabberd-auth.conf
│ │ ├── exim-common.conf
│ │ ├── exim-spam.conf
│ │ ├── exim.conf
│ │ ├── freeswitch.conf
│ │ ├── froxlor-auth.conf
│ │ ├── gitlab.conf
│ │ ├── grafana.conf
│ │ ├── groupoffice.conf
│ │ ├── gssftpd.conf
│ │ ├── guacamole.conf
│ │ ├── haproxy-http-auth.conf
│ │ ├── horde.conf
│ │ ├── ignorecommands/
│ │ │ └── apache-fakegooglebot
│ │ ├── kerio.conf
│ │ ├── lighttpd-auth.conf
│ │ ├── mongodb-auth.conf
│ │ ├── monit.conf
│ │ ├── monitorix.conf
│ │ ├── mssql-auth.conf
│ │ ├── murmur.conf
│ │ ├── mysqld-auth.conf
│ │ ├── nagios.conf
│ │ ├── named-refused.conf
│ │ ├── nginx-bad-request.conf
│ │ ├── nginx-botsearch.conf
│ │ ├── nginx-error-common.conf
│ │ ├── nginx-forbidden.conf
│ │ ├── nginx-http-auth.conf
│ │ ├── nginx-limit-req.conf
│ │ ├── nsd.conf
│ │ ├── openhab.conf
│ │ ├── openvpn.conf
│ │ ├── openwebmail.conf
│ │ ├── oracleims.conf
│ │ ├── pam-generic.conf
│ │ ├── perdition.conf
│ │ ├── php-url-fopen.conf
│ │ ├── phpmyadmin-syslog.conf
│ │ ├── portsentry.conf
│ │ ├── postfix.conf
│ │ ├── proftpd.conf
│ │ ├── proxmox.conf
│ │ ├── pure-ftpd.conf
│ │ ├── qmail.conf
│ │ ├── recidive.conf
│ │ ├── roundcube-auth.conf
│ │ ├── routeros-auth.conf
│ │ ├── scanlogd.conf
│ │ ├── screensharingd.conf
│ │ ├── selinux-common.conf
│ │ ├── selinux-ssh.conf
│ │ ├── sendmail-auth.conf
│ │ ├── sendmail-reject.conf
│ │ ├── sieve.conf
│ │ ├── slapd.conf
│ │ ├── softethervpn.conf
│ │ ├── sogo-auth.conf
│ │ ├── solid-pop3d.conf
│ │ ├── squid.conf
│ │ ├── squirrelmail.conf
│ │ ├── sshd.conf
│ │ ├── stunnel.conf
│ │ ├── suhosin.conf
│ │ ├── tine20.conf
│ │ ├── traefik-auth.conf
│ │ ├── uwimap-auth.conf
│ │ ├── vaultwarden.conf
│ │ ├── vsftpd.conf
│ │ ├── webmin-auth.conf
│ │ ├── wuftpd.conf
│ │ ├── xinetd-fail.conf
│ │ ├── xrdp.conf
│ │ ├── znc-adminlog.conf
│ │ └── zoneminder.conf
│ ├── jail.conf
│ ├── paths-arch.conf
│ ├── paths-common.conf
│ ├── paths-debian.conf
│ ├── paths-fedora.conf
│ ├── paths-freebsd.conf
│ ├── paths-opensuse.conf
│ └── paths-osx.conf
├── doc/
│ ├── Doxyfile
│ ├── Makefile
│ ├── conf.py
│ ├── develop.rst
│ ├── fail2ban.client.actionreader.rst
│ ├── fail2ban.client.beautifier.rst
│ ├── fail2ban.client.configparserinc.rst
│ ├── fail2ban.client.configreader.rst
│ ├── fail2ban.client.configurator.rst
│ ├── fail2ban.client.csocket.rst
│ ├── fail2ban.client.fail2banreader.rst
│ ├── fail2ban.client.filterreader.rst
│ ├── fail2ban.client.jailreader.rst
│ ├── fail2ban.client.jailsreader.rst
│ ├── fail2ban.client.rst
│ ├── fail2ban.exceptions.rst
│ ├── fail2ban.helpers.rst
│ ├── fail2ban.protocol.rst
│ ├── fail2ban.rst
│ ├── fail2ban.server.action.rst
│ ├── fail2ban.server.actions.rst
│ ├── fail2ban.server.asyncserver.rst
│ ├── fail2ban.server.banmanager.rst
│ ├── fail2ban.server.database.rst
│ ├── fail2ban.server.datedetector.rst
│ ├── fail2ban.server.datetemplate.rst
│ ├── fail2ban.server.failmanager.rst
│ ├── fail2ban.server.failregex.rst
│ ├── fail2ban.server.filter.rst
│ ├── fail2ban.server.filterpoll.rst
│ ├── fail2ban.server.filterpyinotify.rst
│ ├── fail2ban.server.filtersystemd.rst
│ ├── fail2ban.server.jail.rst
│ ├── fail2ban.server.jails.rst
│ ├── fail2ban.server.jailthread.rst
│ ├── fail2ban.server.mytime.rst
│ ├── fail2ban.server.rst
│ ├── fail2ban.server.server.rst
│ ├── fail2ban.server.strptime.rst
│ ├── fail2ban.server.ticket.rst
│ ├── fail2ban.server.transmitter.rst
│ ├── fail2ban.server.utils.rst
│ ├── fail2ban.version.rst
│ ├── filters.rst
│ ├── index.rst
│ ├── release.rst
│ ├── requirements.txt
│ └── run-rootless.txt
├── fail2ban/
│ ├── __init__.py
│ ├── client/
│ │ ├── __init__.py
│ │ ├── actionreader.py
│ │ ├── beautifier.py
│ │ ├── configparserinc.py
│ │ ├── configreader.py
│ │ ├── configurator.py
│ │ ├── csocket.py
│ │ ├── fail2banclient.py
│ │ ├── fail2bancmdline.py
│ │ ├── fail2banreader.py
│ │ ├── fail2banregex.py
│ │ ├── fail2banserver.py
│ │ ├── filterreader.py
│ │ ├── jailreader.py
│ │ └── jailsreader.py
│ ├── compat/
│ │ ├── asynchat.py
│ │ └── asyncore.py
│ ├── exceptions.py
│ ├── helpers.py
│ ├── protocol.py
│ ├── server/
│ │ ├── __init__.py
│ │ ├── action.py
│ │ ├── actions.py
│ │ ├── asyncserver.py
│ │ ├── banmanager.py
│ │ ├── database.py
│ │ ├── datedetector.py
│ │ ├── datetemplate.py
│ │ ├── failmanager.py
│ │ ├── failregex.py
│ │ ├── filter.py
│ │ ├── filterpoll.py
│ │ ├── filterpyinotify.py
│ │ ├── filtersystemd.py
│ │ ├── ipdns.py
│ │ ├── jail.py
│ │ ├── jails.py
│ │ ├── jailthread.py
│ │ ├── mytime.py
│ │ ├── observer.py
│ │ ├── server.py
│ │ ├── strptime.py
│ │ ├── ticket.py
│ │ ├── transmitter.py
│ │ └── utils.py
│ ├── setup.py
│ ├── tests/
│ │ ├── __init__.py
│ │ ├── action_d/
│ │ │ ├── __init__.py
│ │ │ └── test_smtp.py
│ │ ├── actionstestcase.py
│ │ ├── actiontestcase.py
│ │ ├── banmanagertestcase.py
│ │ ├── clientbeautifiertestcase.py
│ │ ├── clientreadertestcase.py
│ │ ├── config/
│ │ │ ├── action.d/
│ │ │ │ ├── action.conf
│ │ │ │ └── brokenaction.conf
│ │ │ ├── fail2ban.conf
│ │ │ ├── filter.d/
│ │ │ │ ├── checklogtype.conf
│ │ │ │ ├── checklogtype_test.conf
│ │ │ │ ├── simple.conf
│ │ │ │ ├── test.conf
│ │ │ │ ├── test.local
│ │ │ │ ├── zzz-generic-example.conf
│ │ │ │ └── zzz-sshd-obsolete-multiline.conf
│ │ │ └── jail.conf
│ │ ├── databasetestcase.py
│ │ ├── datedetectortestcase.py
│ │ ├── dummyjail.py
│ │ ├── fail2banclienttestcase.py
│ │ ├── fail2banregextestcase.py
│ │ ├── failmanagertestcase.py
│ │ ├── files/
│ │ │ ├── action.d/
│ │ │ │ ├── action.py
│ │ │ │ ├── action_checkainfo.py
│ │ │ │ ├── action_errors.py
│ │ │ │ ├── action_modifyainfo.py
│ │ │ │ ├── action_noAction.py
│ │ │ │ └── action_nomethod.py
│ │ │ ├── config/
│ │ │ │ └── apache-auth/
│ │ │ │ ├── README
│ │ │ │ ├── basic/
│ │ │ │ │ ├── authz_owner/
│ │ │ │ │ │ ├── .htaccess
│ │ │ │ │ │ ├── .htpasswd
│ │ │ │ │ │ └── cant_get_me.html
│ │ │ │ │ └── file/
│ │ │ │ │ ├── .htaccess
│ │ │ │ │ └── .htpasswd
│ │ │ │ ├── digest/
│ │ │ │ │ ├── .htaccess
│ │ │ │ │ └── .htpasswd
│ │ │ │ ├── digest.py
│ │ │ │ ├── digest_anon/
│ │ │ │ │ ├── .htaccess
│ │ │ │ │ └── .htpasswd
│ │ │ │ ├── digest_time/
│ │ │ │ │ ├── .htaccess
│ │ │ │ │ └── .htpasswd
│ │ │ │ ├── digest_wrongrelm/
│ │ │ │ │ ├── .htaccess
│ │ │ │ │ └── .htpasswd
│ │ │ │ └── noentry/
│ │ │ │ └── .htaccess
│ │ │ ├── filter.d/
│ │ │ │ ├── substitution.conf
│ │ │ │ ├── testcase-common.conf
│ │ │ │ ├── testcase01.conf
│ │ │ │ ├── testcase02.conf
│ │ │ │ └── testcase02.local
│ │ │ ├── ignorecommand.py
│ │ │ ├── logs/
│ │ │ │ ├── 3proxy
│ │ │ │ ├── apache-auth
│ │ │ │ ├── apache-badbots
│ │ │ │ ├── apache-botsearch
│ │ │ │ ├── apache-fakegooglebot
│ │ │ │ ├── apache-modsecurity
│ │ │ │ ├── apache-nohome
│ │ │ │ ├── apache-noscript
│ │ │ │ ├── apache-overflows
│ │ │ │ ├── apache-pass
│ │ │ │ ├── apache-shellshock
│ │ │ │ ├── assp
│ │ │ │ ├── asterisk
│ │ │ │ ├── bitwarden
│ │ │ │ ├── bsd/
│ │ │ │ │ ├── syslog-plain.txt
│ │ │ │ │ ├── syslog-v.txt
│ │ │ │ │ └── syslog-vv.txt
│ │ │ │ ├── centreon
│ │ │ │ ├── counter-strike
│ │ │ │ ├── courier-auth
│ │ │ │ ├── courier-smtp
│ │ │ │ ├── cyrus-imap
│ │ │ │ ├── dante
│ │ │ │ ├── directadmin
│ │ │ │ ├── domino-smtp
│ │ │ │ ├── dovecot
│ │ │ │ ├── dropbear
│ │ │ │ ├── drupal-auth
│ │ │ │ ├── ejabberd-auth
│ │ │ │ ├── exim
│ │ │ │ ├── exim-spam
│ │ │ │ ├── freeswitch
│ │ │ │ ├── froxlor-auth
│ │ │ │ ├── gitlab
│ │ │ │ ├── grafana
│ │ │ │ ├── groupoffice
│ │ │ │ ├── gssftpd
│ │ │ │ ├── guacamole
│ │ │ │ ├── haproxy-http-auth
│ │ │ │ ├── horde
│ │ │ │ ├── kerio
│ │ │ │ ├── lighttpd-auth
│ │ │ │ ├── mongodb-auth
│ │ │ │ ├── monit
│ │ │ │ ├── monitorix
│ │ │ │ ├── mssql-auth
│ │ │ │ ├── murmur
│ │ │ │ ├── mysqld-auth
│ │ │ │ ├── nagios
│ │ │ │ ├── named-refused
│ │ │ │ ├── nginx-bad-request
│ │ │ │ ├── nginx-botsearch
│ │ │ │ ├── nginx-forbidden
│ │ │ │ ├── nginx-http-auth
│ │ │ │ ├── nginx-limit-req
│ │ │ │ ├── nsd
│ │ │ │ ├── openhab
│ │ │ │ ├── openvpn
│ │ │ │ ├── openwebmail
│ │ │ │ ├── oracleims
│ │ │ │ ├── pam-generic
│ │ │ │ ├── perdition
│ │ │ │ ├── php-url-fopen
│ │ │ │ ├── phpmyadmin-syslog
│ │ │ │ ├── portsentry
│ │ │ │ ├── postfix
│ │ │ │ ├── proftpd
│ │ │ │ ├── proxmox
│ │ │ │ ├── pure-ftpd
│ │ │ │ ├── qmail
│ │ │ │ ├── recidive
│ │ │ │ ├── roundcube-auth
│ │ │ │ ├── routeros-auth
│ │ │ │ ├── scanlogd
│ │ │ │ ├── screensharingd
│ │ │ │ ├── selinux-ssh
│ │ │ │ ├── sendmail-auth
│ │ │ │ ├── sendmail-reject
│ │ │ │ ├── sieve
│ │ │ │ ├── slapd
│ │ │ │ ├── softethervpn
│ │ │ │ ├── sogo-auth
│ │ │ │ ├── solid-pop3d
│ │ │ │ ├── squid
│ │ │ │ ├── squirrelmail
│ │ │ │ ├── sshd
│ │ │ │ ├── sshd-journal
│ │ │ │ ├── stunnel
│ │ │ │ ├── suhosin
│ │ │ │ ├── tine20
│ │ │ │ ├── traefik-auth
│ │ │ │ ├── uwimap-auth
│ │ │ │ ├── vaultwarden
│ │ │ │ ├── vsftpd
│ │ │ │ ├── webmin-auth
│ │ │ │ ├── wuftpd
│ │ │ │ ├── xinetd-fail
│ │ │ │ ├── xrdp
│ │ │ │ ├── znc-adminlog
│ │ │ │ ├── zoneminder
│ │ │ │ ├── zzz-generic-example
│ │ │ │ └── zzz-sshd-obsolete-multiline
│ │ │ ├── test-ign-ips-file
│ │ │ ├── testcase-journal.log
│ │ │ ├── testcase-multiline.log
│ │ │ ├── testcase-usedns.log
│ │ │ ├── testcase-wrong-char.log
│ │ │ ├── testcase01.log
│ │ │ ├── testcase01a.log
│ │ │ ├── testcase02.log
│ │ │ ├── testcase03.log
│ │ │ ├── testcase04.log
│ │ │ └── zzz-sshd-obsolete-multiline.log
│ │ ├── filtertestcase.py
│ │ ├── misctestcase.py
│ │ ├── observertestcase.py
│ │ ├── samplestestcase.py
│ │ ├── servertestcase.py
│ │ ├── sockettestcase.py
│ │ ├── tickettestcase.py
│ │ └── utils.py
│ └── version.py
├── fail2ban-testcases-all
├── fail2ban-testcases-all-python3
├── files/
│ ├── bash-completion
│ ├── cacti/
│ │ ├── README
│ │ ├── cacti_host_template_fail2ban.xml
│ │ └── fail2ban_stats.sh
│ ├── debian-initd
│ ├── fail2ban-logrotate
│ ├── fail2ban-openrc.conf
│ ├── fail2ban-openrc.init.in
│ ├── fail2ban.service.in
│ ├── fail2ban.upstart
│ ├── gen_badbots
│ ├── ipmasq-ZZZzzz_fail2ban.rul
│ ├── logwatch/
│ │ ├── fail2ban
│ │ ├── fail2ban-0.8.log
│ │ └── fail2ban-0.9.log
│ ├── macosx-initd
│ ├── monit/
│ │ └── fail2ban
│ ├── nagios/
│ │ ├── README
│ │ └── check_fail2ban
│ ├── redhat-initd
│ ├── solaris-fail2ban.xml
│ ├── solaris-svc-fail2ban
│ └── suse-initd
├── kill-server
├── man/
│ ├── fail2ban-client.1
│ ├── fail2ban-client.h2m
│ ├── fail2ban-python.1
│ ├── fail2ban-python.h2m
│ ├── fail2ban-regex.1
│ ├── fail2ban-regex.h2m
│ ├── fail2ban-server.1
│ ├── fail2ban-server.h2m
│ ├── fail2ban-testcases.1
│ ├── fail2ban-testcases.h2m
│ ├── fail2ban.1
│ ├── generate-man
│ └── jail.conf.5
├── setup.cfg
└── setup.py
================================================
FILE CONTENTS
================================================
================================================
FILE: .codespellrc
================================================
[codespell]
# THANKS - names
skip = .git,*.pdf,*.svg,venv,.codespellrc,.typos.toml,THANKS,*test*.log,logs
check-hidden = true
# Ignore all acronyms etc as plenty e.g. in fail2ban/server/strptime.py
# Try to identify incomplete words which are part of a regex, hence having [] at the beginning
# Ignore all urls as something with :// in it
# Ignore all lines with codespell-ignore in them for pragma annotation
ignore-regex = (\b([A-Z][A-Z][A-Z]+|gir\.st)\b)|\[[a-zA-Z]+\][a-z]+\b|[a-z]+://\S+|.*codespell-ignore.*
# some oddly named variables, some names, etc
# wee -- comes in regex etc for weeks
ignore-words-list = assertIn,theis,timere,alls,wee,wight,ans,re-use,pre-emptive
================================================
FILE: .coveragerc
================================================
[run]
branch = True
source =
config
fail2ban
[report]
exclude_lines =
pragma: ?no ?cover
pragma: ?${F2B_PY}.x no ?cover
pragma: ?systemd no ?cover
================================================
FILE: .gitattributes
================================================
ChangeLog linguist-language=Markdown
================================================
FILE: .github/FUNDING.yml
================================================
# These are supported funding model platforms
github: [sebres]
custom: [https://paypal.me/sebres]
liberapay: sebres
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.md
================================================
---
name: Bug report
about: Report a bug within the fail2ban engines (not filters or jails)
title: '[BR]: '
labels: bug
assignees: ''
---
<!--
- Before reporting, please make sure to search the open and closed issues for any reports in the past.
- Use this issue template to report a bug in the fail2ban engine (not in a filter or jail).
- If you want to request a feature or a new filter, please use "Feature request" or "Filter request" instead.
- If you have rather some question, please open or join to some discussion.
We will be very grateful, if your problem was described as completely as possible,
enclosing excerpts from logs (if possible within DEBUG mode, if no errors evident
within INFO mode), and configuration in particular of effected relevant settings
(e.g., with ` fail2ban-client -d | grep 'affected-jail-name' ` for a particular
jail troubleshooting).
Thank you in advance for the details, because such issues like "It does not work"
alone could not help to resolve anything!
Thanks!
(you can remove this paragraph and other comments upon reading)
-->
### Environment:
<!--
Fill out and check (`[x]`) the boxes which apply. If your Fail2Ban version is outdated,
and you can't verify that the issue persists in the recent release, better seek support
from the distribution you obtained Fail2Ban from
-->
- Fail2Ban version <!-- including any possible distribution suffixes --> :
- OS, including release name/version :
- [ ] Fail2Ban installed via OS/distribution mechanisms
- [ ] You have not applied any additional foreign patches to the codebase
- [ ] Some customizations were done to the configuration (provide details below is so)
### The issue:
<!-- summary here -->
#### Steps to reproduce
#### Expected behavior
#### Observed behavior
#### Any additional information
### Configuration, dump and another helpful excerpts
#### Any customizations done to /etc/fail2ban/ configuration
<!-- put your configuration excerpts between next 2 lines -->
```
```
#### Relevant parts of /var/log/fail2ban.log file:
<!-- preferably obtained while running fail2ban with `loglevel = 4` -->
<!-- put your log excerpt between next 2 lines -->
```
```
#### Relevant lines from monitored log files:
<!-- put your log excerpt between next 2 lines -->
```
```
================================================
FILE: .github/ISSUE_TEMPLATE/feature_request.md
================================================
---
name: Feature request
about: Suggest an idea or an enhancement for this project
title: '[RFE]: '
labels: enhancement
assignees: ''
---
<!--
- Before requesting, please make sure to search the open and closed issues for any requests in the past.
- Use this issue template to request a feature in the fail2ban engine (not a new filter or jail).
- If you want to request a new filter or failregex, please use "Filter request" instead.
- If you have rather some question, please open or join to some discussion.
-->
#### Feature request type
<!--
Please provide a summary description of the feature request.
-->
#### Description
<!--
Please describe the feature in more detail.
-->
#### Considered alternatives
<!--
A clear and concise description of any alternative solutions or features you've considered.
-->
#### Any additional information
<!--
Add any other context or screenshots about the feature request here.
-->
================================================
FILE: .github/ISSUE_TEMPLATE/filter_request.md
================================================
---
name: Filter request
about: Request a new jail or filter to be supported or existing filter extended with new failregex
title: '[FR]: '
labels: filter-request
assignees: ''
---
<!--
- Before requesting, please make sure to search the open and closed issues for any requests in the past.
- Sometimes failregex have been already requested before but are not implemented yet due to various reasons.
- If there are no hits for your concerns, please proceed otherwise add a comment to the related issue (also if it is closed).
- If you want to request a new feature, please use "Feature request" instead.
- If you have rather some question, please open or join to some discussion.
-->
### Environment:
<!--
Fill out and check (`[x]`) the boxes which apply.
-->
- Fail2Ban version <!-- including any possible distribution suffixes --> :
- OS, including release name/version :
#### Service, project or product which log or journal should be monitored
- Name of filter or jail in Fail2Ban (if already exists) :
- Service, project or product name, including release name/version :
- Repository or URL (if known) :
- Service type :
- Ports and protocols the service is listening :
#### Log or journal information
<!-- Delete unrelated group -->
<!-- Log file -->
- Log file name(s) :
<!-- Systemd journal -->
- Journal identifier or unit name :
#### Any additional information
### Relevant lines from monitored log files:
#### failures in sense of fail2ban filter (fail2ban must match):
<!-- put your log excerpt between next 2 lines -->
```
```
#### legitimate messages (fail2ban should not consider as failures):
<!-- put your log excerpt between next 2 lines -->
```
```
================================================
FILE: .github/PULL_REQUEST_TEMPLATE.md
================================================
Before submitting your PR, please review the following checklist:
- [ ] **CONSIDER adding a unit test** if your PR resolves an issue
- [ ] **LIST ISSUES** this PR resolves or describe the approach in detail
- [ ] **MAKE SURE** this PR doesn't break existing tests
- [ ] **KEEP PR small** so it could be easily reviewed
- [ ] **AVOID** making unnecessary stylistic changes in unrelated code
- [ ] **ACCOMPANY** each new `failregex` for filter `X` with sample log lines
(and `# failJSON`) within `fail2ban/tests/files/logs/X` file
- [ ] **PROVIDE ChangeLog** entry describing the pull request
================================================
FILE: .github/workflows/codespell.yml
================================================
---
name: Codespell
on:
push:
branches: [master]
pull_request:
branches: [master]
permissions:
contents: read
jobs:
codespell:
name: Check for spelling errors
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Codespell
uses: codespell-project/actions-codespell@v2
================================================
FILE: .github/workflows/main.yml
================================================
name: CI
# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the master branch
on:
push:
paths-ignore:
- 'doc/**'
- 'files/**'
- 'man/**'
pull_request:
paths-ignore:
- 'doc/**'
- 'files/**'
- 'man/**'
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.8, 3.9, '3.10', '3.11', '3.12', '3.13', '3.14', '3.15.0-alpha.5', pypy3.11]
fail-fast: false
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Grant systemd-journal access
run: sudo usermod -a -G systemd-journal "$USER" || echo 'no systemd-journal access'
- name: Python version
run: |
F2B_PY=$(python -c "import sys; print(sys.version)")
echo "Python: ${{ matrix.python-version }} -- ${F2B_PY/$'\n'/ }"
F2B_PYV=$(echo "${F2B_PY}" | grep -oP '^\d+(?:\.\d+)')
F2B_PY=${F2B_PY:0:1}
echo "Set F2B_PY=$F2B_PY, F2B_PYV=$F2B_PYV"
echo "F2B_PY=$F2B_PY" >> $GITHUB_ENV
echo "F2B_PYV=$F2B_PYV" >> $GITHUB_ENV
# for GHA we need to monitor all journals, since it cannot be found using SYSTEM_ONLY(4):
echo "F2B_SYSTEMD_DEFAULT_FLAGS=0" >> $GITHUB_ENV
- name: Install dependencies
run: |
#if [[ "$F2B_PY" = 3 ]]; then python -m pip install --upgrade pip || echo "can't upgrade pip"; fi
#sudo apt-get -y install python${F2B_PY/2/}-pyinotify || echo 'inotify not available'
python -m pip install pyinotify || echo 'inotify not available'
sudo apt-get -y install sqlite3 || echo 'sqlite3 not available'
#sudo apt-get -y install python${F2B_PY/2/}-systemd || echo 'systemd not available'
sudo apt-get -y install libsystemd-dev || echo 'systemd dependencies seems to be unavailable'
python -m pip install systemd-python || echo 'systemd not available'
# readline if available as module:
python -c 'import readline' 2> /dev/null || python -m pip install readline || echo 'readline not available'
# asyncore/asynchat:
if dpkg --compare-versions "$F2B_PYV" ge 3.12; then
#sudo apt-get -y install python${F2B_PY/2/}-setuptools || echo 'setuptools not unavailable'
python -m pip install setuptools || echo "can't install setuptools"
# don't install async* modules, we need to cover bundled-in libraries:
#python -m pip install pyasynchat || echo "can't install pyasynchat";
#python -m pip install pyasyncore || echo "can't install pyasyncore";
fi
# aiosmtpd in test_smtp (for 3.10+, no need to test it everywhere):
if dpkg --compare-versions "$F2B_PYV" ge 3.10; then
#sudo apt-get -y install python${F2B_PY/2/}-aiosmtpd || echo 'aiosmtpd not available'
python -m pip install aiosmtpd || echo 'aiosmtpd not available'
fi
- name: Before scripts
run: |
cd "$GITHUB_WORKSPACE"
_debug() { echo -n "$1 "; err=$("${@:2}" 2>&1) && echo 'OK' || echo -e "FAIL\n$err"; }
# (debug) output current preferred encoding:
echo 'Encodings:' $(python -c 'import locale, sys; from fail2ban.helpers import PREFER_ENC; print(PREFER_ENC, locale.getpreferredencoding(), (sys.stdout and sys.stdout.encoding))')
# (debug) backend availabilities:
echo 'Backends:'
_debug '- systemd:' python -c 'from fail2ban.server.filtersystemd import FilterSystemd'
#_debug '- systemd (root): ' sudo python -c 'from fail2ban.server.filtersystemd import FilterSystemd'
_debug '- pyinotify:' python -c 'from fail2ban.server.filterpyinotify import FilterPyinotify'
- name: Test suite
run: |
#python setup.py test
python bin/fail2ban-testcases --verbosity=2
#- name: Test suite (debug some systemd tests only)
#run: python bin/fail2ban-testcases --verbosity=2 "[sS]ystemd|[jJ]ournal"
#run: python bin/fail2ban-testcases --verbosity=2 -l 5 "test_WrongChar"
- name: Build
run: python setup.py build
#- name: Test initd scripts
# run: shellcheck -s bash -e SC1090,SC1091 files/debian-initd
================================================
FILE: .github/workflows/publish.yml
================================================
name: Upload Package to PyPI
on:
workflow_dispatch:
release:
types: [created]
jobs:
pypi-publish:
name: Publish release to PyPI
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/fail2ban
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.x"
- name: Install dependencies
run: |
python -m pip install --upgrade pip || echo "can't upgrade pip"
pip install setuptools wheel || echo "can't install/update setuptools or wheel"
- name: Build package
run: |
# python -m build ...
python setup.py sdist bdist_wheel
- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
================================================
FILE: .gitignore
================================================
*~
build
dist
*.pyc
htmlcov
.coverage
*.orig
*.rej
*.bak
__pycache__
.vagrant/
.idea/
.venv/
================================================
FILE: .mailmap
================================================
Lee Clemens <java@leeclemens.net>
Serg G. Brester <info@sebres.de>
Serg G. Brester <serg.brester@sebres.de>
Serg G. Brester <sergey.brester@W7-DEHBG0189.wincor-nixdorf.com>
Viktor Szépe <viktor@szepe.net>
================================================
FILE: .pylintrc
================================================
# Custom pylint configuration for the Fail2Ban project
#
# Set your PYLINTRC environment variable to point to this file
# e.g.
# export PYLINTRC=$PWD/.pylintrc
[FORMAT]
indent-string='\t'
[BASIC]
# Fail2Ban uses non-conventional to Python world camel-casing
# These regexps were originally borrowed from 0.4.x series of
# PyMVPA which had similar conventions.
# Regular expression which should only match correct module names
module-rgx=(([a-z][a-z0-9_]*)|([A-Z][a-zA-Z0-9_]+))$
attr-rgx=[a-z_][a-zA-Z0-9_]{2,30}
# Regular expression which should only match correct class names
class-rgx=[A-Z_]+[a-zA-Z0-9]+$
# Regular expression which should only match correct function names
function-rgx=[a-z_]+[a-z_][a-zA-Z0-9]*$
# Regular expression which should only match correct method names
method-rgx=([a-z_]|__)[a-zA-Z0-9]*(__)?$
# Regular expression which should only match correct argument names
argument-rgx=[a-z][a-zA-Z0-9]*_*[a-zA-Z0-9]*_*[a-zA-Z0-9]*_?$
# Regular expression which should only match correct variable names
variable-rgx=([a-z_]+[a-zA-Z0-9]*_*[a-zA-Z0-9]*_*[a-zA-Z0-9]*_?||(__.*__))$||[A-Z]
# Regular expression which should only match correct module level names
# Default: (([A-Z_][A-Z1-9_]*)|(__.*__))$
const-rgx=([a-z_]+[a-zA-Z0-9]*_*[a-zA-Z0-9]*_*[a-zA-Z0-9]*_?|__.*__)$||[A-Z]
================================================
FILE: .typos.toml
================================================
[files]
extend-exclude = [
".git/",
".codespellrc",
"fail2ban/tests/files/logs/",
]
ignore-hidden = false
[default]
extend-ignore-re = [
"Christoph Theis",
"\\[[0-9a-f]{7,8}\\]",
"hash_[0-9a-f]{38}",
"\t[0-9.-]+[ A-Z]+",
"Erreur d'authentification",
"WebEMailExtrac",
"ssh2: RSA 14:ba:xx",
"\\[Cc\\]lient",
"\\[Gg\\]ot",
"\\[nN\\]ot",
"\\[Uu\\]nknown",
"\\[uU\\]ser",
"\\[Uu\\]\\(\\?:ser",
]
[default.extend-words]
"alls" = "alls"
"helo" = "helo"
[default.extend-identifiers]
"failManager2nd" = "failManager2nd"
"log2nd" = "log2nd"
"routeros" = "routeros"
"REFERERS" = "REFERERS"
"tre_search" = "tre_search"
================================================
FILE: CONTRIBUTING.md
================================================
Guidelines on Fail2Ban contributions
====================================
### You found a severe security vulnerability in Fail2Ban?
email details to fail2ban-vulnerabilities at lists dot sourceforge dot net .
### You need some new features, you found bugs?
visit [Issues](https://github.com/fail2ban/fail2ban/issues)
and if your issue is not yet known -- file a bug report. See
[Fail2Ban wiki](http://www.fail2ban.org/wiki/index.php/HOWTO_Seek_Help)
on further instructions.
### You would like to troubleshoot or discuss?
join the [mailing list](https://lists.sourceforge.net/lists/listinfo/fail2ban-users)
### You would like to contribute (new filters/actions/code/documentation)?
send a [pull request](https://github.com/fail2ban/fail2ban/pulls)
Pull requests guidelines
========================
- If there is an issue on github to be closed by the pull request, include
```Closes #ISSUE``` (where ISSUE is issue's number)
- Add a brief summary of the change to the ChangeLog file into a corresponding
section out of Fixes, New Features or Enhancements (improvements to existing
features)
================================================
FILE: COPYING
================================================
The following copyright applies to all files present in the Fail2ban package,
except if a different copyright is explicitly defined in this file.
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
---------------------------------
The file server/iso8601.py is licensed under the following terms.
Copyright (c) 2007 Michael Twomey
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
================================================
FILE: ChangeLog
================================================
<!-- vim: syntax=Markdown -->
__ _ _ ___ _
/ _|__ _(_) |_ ) |__ __ _ _ _
| _/ _` | | |/ /| '_ \/ _` | ' \
|_| \__,_|_|_/___|_.__/\__,_|_||_|
Fail2Ban: Changelog
===================
ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition
-----------
### Compatibility
* `action.d/iptables.conf` rewritten due to support of multiple chains (gh-3909), therefore user-level derivations
(action including iptables-based action) may become incompatible, e. g. some tags if used need to be replaced,
e. g. `<chain>` with `$chain` or `<_ipt_for_proto-iter>` with `<_ipt-iter>`;
* `filter.d/exim.conf` - several rules of mode `normal` moved to new mode `more`, because of too risky handling (see [gh-3940](https://github.com/fail2ban/fail2ban/pull/3940)),
to use it as before set `mode = more` for exim jail, but be aware of the consequences.
### Fixes
* fixes `systemd` bug with missing journal descriptor after rotation by reopening of journal if it is recognized as not alive (gh-3929)
* improve threaded clean-up of all filters, new thread functions `afterStop` (to force clean-up after stop) and `done`, invoking `afterStop` once
* ensure journal-reader is always closed (additional prevention against leaks and "too many open files"), thereby avoid sporadic segfault
in systemd module (see https://github.com/systemd/python-systemd/issues/143)
* fixes `systemd` causing "too many open files" error for a lot of journal files and large amount of systemd jails
(see new parameter `rotated` below, gh-3391);
* passing of arguments from jails to action or filter will affect conditional section too (gh-4069),
e. g. setting `blocktype="DROP"` via jail for action would now apply for IPv4 and IPv6 chains,
to submit different `blocktype` for IPv4 and IPv6 from jail, one can pass them like in this example:
`banaction = iptables-ipset[blocktype="...", blocktype?family=inet6="..."]`
* `jail.conf`:
- default banactions need to be specified in `paths-*.conf` (maintainer level) now
- since stock fail2ban includes `paths-debian.conf` by default, banactions are `nftables`
(can be overwritten in `jail.local` by user)
* `paths-common.conf`:
- changed default `mysql_log` path (default `logpath` of `mysqld-auth` jail without maintainer overrides, gh-3932)
* `paths-debian.conf`:
- default banactions are `nftables`
- sshd backend switched to `systemd` (gh-3292)
- postfix backend switched to `systemd` (gh-3527)
* `action.d/firewallcmd-ipset.conf`:
- rename `ipsettype` to `ipsetbackend` (gh-2620), parameter `ipsettype` will be used now to the real set type (gh-3760)
* `action.d/nftables.conf`:
- action fixed for SELinux without execmem permission, rewrite capturing with `grep -P` using `grep -E` or `sed`
(PCRE-JIT by `grep -P` may cause SELinux denial for execmem, see gh-4137)
* `action.d/xarf-login-attack.conf` - ignore errors or warnings in output of `dig` provided as comment (gh-4068)
* `filter.d/apache-badbots.conf`, `filter.d/apache-fakegooglebot.conf`:
- regexs rewritten more strict (removed catch-alls, etc);
- regexs fixed to match lines with vhost in accesslog (gh-1594)
* `filter.d/apache-noscript.conf` - consider new log-format with "AH02811: stderr from /..." (gh-3900)
* `filter.d/apache-overflows.conf` - consider AH10244: invalid URI path (gh-3778, gh-3900)
* `filter.d/asterisk.conf` - fixed RE for "no matching endpoint" with retry info (like `after X tries in Y ms`) at end,
loosening of end anchor (ignore any simple text tokens at end if no single quote found), gh-4037
* `filter.d/exim.conf`:
- several rules of mode `normal` moved to new mode `more`, because of too risky handling (gh-3940),
thereby mode `aggressive` is not affected, because it fully includes mode `more` now;
- mode `aggressive` extended to catch dropped by ACL failures, e.g. "ACL: Country is banned"
* `filter.d/freeswitch.conf` - bypass some new info in prefix before [WARNING] (changed default `_pref_line`),
FreeSWITCH log line prefix has changed in newer versions (gh-3143)
* `filter.d/lighttpd-auth.conf` - fixed regex (if failures generated by systemd-journal), bypass several prefixes now (gh-3955)
* `filter.d/postfix.conf`:
- consider CONNECT and other rejected commands as a valid `_pref` (gh-3800)
- default `_daemon` in prefix-line is loosened - can match everything starting with word postfix, like `postfix-example.com/smtpd` (gh-3297)
- add optional `NOQUEUE:` prefix to ddos regex (gh-4072)
- internal parameter `_pref` is renamed to `_cmd`, `_pref` matches now optional prefix like `NOQUEUE: ` etc
- modes `ddos` and `aggressive` extended to match `rate limit exceeded` for connection or message delivery request rates (gh-3265, gh-4073)
* `filter.d/dropbear.conf`:
- recognizes extra pid/timestamp if logged into stdout/journal, added `journalmatch` (gh-3597)
- failregex extended to match different format of "Exit before auth" message (gh-3791)
* `filter.d/recidive.conf` - restore possibility to set jail name in the filter, _jailname is positive now (gh-3769)
* `filter.d/roundcube-auth.conf` - improved RE better matching log format of roundcube version 1.4+ (gh-3816)
* `filter.d/sendmail-reject.conf`: (gh-4020)
- support `<F-MLFID>` for BSD-style logfiles
- add match for `User unknown` to default
- the relay field may not always have a hostname before the ip address
- mode `aggressive` enables match for `lost input channel` and `Cannot resolve PTR record`
* `filter.d/sshd.conf`:
- adapted to conform possible new daemon name sshd-session, since OpenSSH 9.8
several log messages will be tagged with as originating from a process named "sshd-session" rather than "sshd" (gh-3782)
- `ddos` and `aggressive` modes: regex extended for timeout before authentication (optional connection from part, gh-3907)
* `filter.d/vsftpd.conf` - fixed regex (if failures generated by systemd-journal, gh-3954)
* `filter.d/froxlor-auth.conf` - updated the regex to the new logging situation for froxlor and changed logpath in jail.conf (gh-4075).
### New Features and Enhancements
* backend `systemd` extended with new parameter `rotated` (default `false`, as prevention against "too many open files"),
that allows to monitor only actual journals and ignore now a lot of rotated files by default; so can drastically reduce
amount of used file descriptors, normally to 1 or 2 descriptors per jail (gh-3391)
* new jail option `skip_if_nologs` to ignore jail if no `logpath` matches found, fail2ban continue to start with warnings/errors,
thus other jails become running (gh-2756)
* implements automatic switch `backend = auto` to backend `systemd`, when the following is true (RFE gh-3768):
- no files matching `logpath` found for this jail;
- no `systemd_if_nologs = false` is specified for the jail (`true` by default);
- option `journalmatch` is set for the jail or its filter (otherwise it'd be too heavy to allow all auto-jails,
even if they have never been foreseen for journal monitoring);
(option `skip_if_nologs` will be ignored if we could switch backend to `systemd`)
* configuration `ignoreip` and fail2ban-client commands `addignoreip`/`delignoreip` extended with `file:...` syntax
to ignore IPs from file-ip-set (containing IP, subnet, dns/fqdn or raw strings); the file would be read lazy on demand,
by first ban (and automatically reloaded by update after small latency to avoid expensive stats check on every compare);
the entries inside the file can be separated by comma, space or new line with optional comments (text following chars
`#` or `;` after space or newline would be ignored up to next newline)
* `action.d/apprise.conf` - updated to support tagging and other command line args (gh-4141)
* `action.d/*-ipset.conf`:
- parameter `ipsettype` to set type of ipset, e. g. hash:ip, hash:net, etc (gh-3760)
* `action.d/iptables.conf` - action and few derivatives of it extended to handle multiple chains,
e. g. would also accept `chain = INPUT,FORWARD` (gh-3909)
* `action.d/nftables.conf` (gh-3291):
- new parameter `addr_options` for addr-set (default `flags interval\;`, allows to store CIDR or address ranges);
can be set to empty value to create simple addresses set (restore previous behavior).
* `action.d/firewallcmd-rich-*.conf` - fixed incorrect quoting, disabling port variable expansion
by substitution of rich rule (gh-3815)
* `filter.d/dovecot.conf`:
- add support for latest Dovecot 2.4 release (gh-4016)
- mode `aggressive` covered new variant for `no auth attempts in X secs` with `Login aborted` and `(no_auth_attempts)`
- mode `aggressive` extended to match `disconnected during TLS handshake` with `no application protocol` and `no shared cipher`
* `filter.d/nginx-http-auth.conf`:
- extended with `prefregex` to capture content of error only (bypass common prefix and suffix, like server, request, host, referrer);
- extended to match PAM authentication failures (gh-4071)
- modes `fallback` and `aggressive` extended to match more SSL failures by SSL_do_handshake or SSL_read (gh-4142, gh-2881)
* `filter.d/nginx-limit-req.conf` - extended to ban hosts failed by limit connection in ngx_http_limit_conn_module (gh-3674, gh-4047)
* `filter.d/proxmox.conf` - add support to Proxmox Web GUI (gh-2966)
* `filter.d/openvpn.conf` - new filter and jail for openvpn recognizing failed TLS handshakes (gh-2702)
* `filter.d/sendmail-reject.conf` - also recognize "Domain of sender address ... does not resolve" (gh-4035)
* `filter.d/vaultwarden.conf` - new filter and jail for Vaultwarden (gh-3979)
* `filter.d/xrdp.conf` - new filter for XRDP, an open source RDP server (gh-3254)
* `fail2ban-regex` extended with new option `-i` or `--invert` to output not-matched lines by `-o` or `--out` (gh-4001)
ver. 1.1.0 (2024/04/25) - object-found--norad-59479-cospar-2024-069a--altitude-36267km
-----------
### Compatibility
* the minimum supported python version is now 3.5, if you have previous python version
you can use the 0.11 or 1.0 version of fail2ban or upgrade python (or even build it from source).
### Fixes
* circumvent SEGFAULT in a python's socket module by getaddrinfo with disabled IPv6 (gh-3438)
* avoid sporadic error in pyinotify backend if pending file deleted in other thread, e. g. by flushing logs (gh-3635)
* `action.d/cloudflare-token.conf` - fixes gh-3479, url-encode args by unban
* `action.d/*ipset*`: make `maxelem` ipset option configurable through banaction arguments (gh-3564)
* `filter.d/apache-common.conf` - accepts remote besides client (gh-3622)
* `filter.d/mysqld-auth.conf` - matches also if no suffix in message (mariadb 10.3 log format, gh-3603)
* `filter.d/nginx-*.conf` - nginx error-log filters extended with support of journal format (gh-3646)
* `filter.d/postfix.conf`:
- "rejected" rule extended to match "Access denied" too (gh-3474)
- avoid double counting ('lost connection after AUTH' together with message 'disconnect ...', gh-3505)
- add Sender address rejected: Malformed DNS server reply (gh-3590)
- add to postfix syslog daemon format (gh-3690)
- change journalmatch postfix, allow sub-units with postfix@-.service (gh-3692)
* `filter.d/recidive.conf`: support for systemd-journal, conditional RE depending on logtype (for file or journal, gh-3693)
* `filter.d/slapd.conf` - filter rewritten for single-line processing, matches errored result without `text=...` (gh-3604)
### New Features and Enhancements
* supports python 3.12 and 3.13 (gh-3487)
* bundling async modules removed in python 3.12+ (fallback to local libraries pyasyncore/pyasynchat if import would miss them, gh-3487)
* `fail2ban-client` extended (gh-2975):
- `fail2ban-client status --all [flavor]` - returns status of fail2ban and all jails in usual form
- `fail2ban-client stats` - returns statistic in form of table (jail, backend, found and banned counts)
- `fail2ban-client statistic` or `fail2ban-client statistics` - same as `fail2ban-client stats` (aliases for stats)
- `fail2ban-client status --all stats` - (undocumented, flavor "stats") returns statistic of all jails in form of python dict
* `fail2ban-regex` extended to load settings from jail (by simple name it'd prefer jail to the filter now, gh-2655);
to load the settings from filter one could use:
```diff
- fail2ban-regex ... sshd ; # jail
+ fail2ban-regex ... sshd.conf ; # filter
# or:
+ fail2ban-regex ... filter.d/sshd ; # filter
```
* better auto-detection for IPv6 support (`allowipv6 = auto` by default), trying to check sysctl net.ipv6.conf.all.disable_ipv6
(value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`) if available, otherwise seeks over local IPv6 from network interfaces
if available for platform and uses DNS to find local IPv6 as a fallback only
* improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132)
* `action.d/mikrotik.conf` - new action for mikrotik routerOS, adds and removes entries from address lists on the router (gh-2860)
* `action.d/pf.conf` - pf action extended with support of `protocol=all` (gh-3503)
* `action.d/smtp.py` - added optional support for TLS connections via the `ssl` arg.
* `filter.d/dante.conf` - new filter for Dante SOCKS server (gh-2112)
* `filter.d/exim.conf`, `filter.d/exim-spam.conf`:
- messages are prefiltered by `prefregex` now
- filter can bypass additional timestamp or pid that may be logged via systemd-journal or syslog-ng (gh-3060)
- rewrite host line regex for all varied exim's log_selector states (gh-3263, gh-3701, gh-3702)
- fixed "dropped: too many ..." regex, also matching unrecognized commands now (gh-3502)
* `filter.d/named-refused.conf` - denied allows any reason in parenthesis as suffix (gh-3697)
* `filter.d/nginx-forbidden.conf` - new filter to ban forbidden locations, e. g. using `deny` directive (gh-2226)
* `filter.d/routeros-auth.conf` - new filter detecting failed login attempts in the log produced by MikroTik RouterOS
* `filter.d/sshd.conf`:
- avoid double counting for "maximum authentication attempts exceeded" (gh-3502)
- message "Disconnecting ... Too many authentication failures" is not a failure anymore
- mode `ddos`/`aggressive` extended to match new messages caused by port scanner, wrong payload on ssh port (gh-3486):
* message authentication code incorrect [preauth]
* connection corrupted [preauth]
* timeout before authentication
ver. 1.0.2 (2022/11/09) - finally-war-game-test-tape-not-a-nuclear-alarm
-----------
### Fixes
* backend `systemd`: code review and several fixes:
- wait only if it is necessary, e. g. in operational mode and if no more entries retrieved (end of journal);
- ensure we give enough time after possible rotation, vacuuming or adding/removing journal files,
and move cursor back and forth to avoid entering dead space
* `filter.d/named-refused.conf`:
- support BIND named log categories, gh-3388
- allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)
* `filter.d/dovecot.conf`:
- fixes regression introduced in gh-3210: resolve extremely long search by repeated apply of non-greedy RE-part
with following branches (it may be extremely slow up to infinite search depending on message), gh-3370
- fixes regression and matches new format in aggressive mode too (amend to gh-3210)
### New Features and Enhancements
ver. 1.0.1 (2022/09/27) - energy-equals-mass-times-the-speed-of-light-squared
-----------
### Compatibility
* the minimum supported python version is now 2.7, if you have previous python version
you can use the 0.11 version of fail2ban or upgrade python (or even build it from source).
* potential incompatibility by parsing of options of `backend`, `filter` and `action` parameters (if they
are partially incorrect), because fail2ban could throw an error now (doesn't silently bypass it anymore).
* due to fix for CVE-2021-32749 (GHSA-m985-3f3v-cwmm) the mailing action using mailutils may require extra configuration,
if it is not compatible or doesn't support `-E 'set escape'` (e. g. with `mailcmd` parameter), see gh-3059
* automatic invocation of 2to3 is removed in setup now (gh-3098), there is also no option `--disable-2to3` anymore,
`./fail2ban-2to3` should be called outside before setup
* to v.0.11:
- due to change of `actioncheck` behavior (gh-488), some actions can be incompatible as regards
the invariant check, if `actionban` or `actionunban` would not throw an error (exit code
different from 0) in case of unsane environment.
- actions that have used tag `<ip>` (instead of `<fid>` or `<F-ID>`) to get failure-ID may become
incompatible, if filter uses IP-related tags (like `<ADDR>` or `<HOST>`) additionally to `<F-ID>`
and the values are different (gh-3217)
### Fixes
* theoretical RCE vulnerability in mailing action using mailutils (mail-whois), CVE-2021-32749, GHSA-m985-3f3v-cwmm
* readline fixed to consider interim new-line character as part of code point in multi-byte logs
(e. g. unicode encoding like utf-16be, utf-16le);
* [stability] solves race condition with uncontrolled growth of failure list (jail with too many matches,
that did not cause ban), behavior changed to ban ASAP, gh-2945
* fixes search for the best datepattern - e. g. if line is too short, boundaries check for previously known
imprecise pattern may fail on incomplete lines (logging break-off, no flush, etc), gh-3020
* [stability, performance] backend `systemd`:
- fixes error "local variable 'line' referenced before assignment", introduced in 55d7d9e2, gh-3097
- don't update database too often (every 10 ticks or ~ 10 seconds in production)
- fixes wrong time point of "in operation" mode, gh-2882
- better avoidance of landing in dead space by seeks over journals (improved seek to time)
- fixes missing space in message (tag `<matches>`) between timestamp and host if the message read from systemd journal, gh-3293
* [stability] backend `pyinotify`: fixes sporadic runtime error "dictionary changed size during iteration"
* several backends optimizations (in file and journal filters):
- don't need to wait if we still had log-entries from last iteration (which got interrupted for servicing)
- rewritten update log/journal position, it is more stable and faster now (fewer DB access and surely up-to-date at end)
* `paths-debian.conf`:
- add debian path to roundcube error logs
* `action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;"
reverted the incompatibility gh-3047 introduced in a038fd5, gh-2821, because this depends now on firewalld backend
(e. g. `-` vs. `:` related to `iptables` vs. `nftables`)
* `action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949)
* `action.d/ufw.conf`:
- fixed handling on IPv6 (using prepend, gh-2331, gh-3018)
- application names containing spaces can be used now (gh-656, gh-1532, gh-3018)
* `filter.d/apache-fakegooglebot.conf`:
- better, more precise regex and datepattern (closes possible weakness like gh-3013)
- `filter.d/ignorecommands/apache-fakegooglebot` - added timeout parameter (default 55 seconds), avoid fail with timeout
(default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast), gh-2951
* `filter.d/apache-overflows.conf` - extended to match AH00126 error (Invalid URI ...), gh-2908
* `filter.d/asterisk.conf` - add transport to asterisk RE: call rejection messages can have the transport prefixed to the IP address, gh-2913
* `filter.d/courier-auth.conf`:
- consider optional port after IP, gh-3211
- regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now
* `filter.d/dovecot.conf`:
- adjusted for updated dovecot log format with `read(size=...)` in message (gh-3210)
- parse everything in parenthesis by auth-worker info, e. g. can match (pid=...,uid=...) too (amend to gh-2553)
- extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:`
(authenticate from external service like exim), gh-2553
- fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)
* `filter.d/drupal-auth.conf` - more strict regex, extended to match "Login attempt failed from" (gh-2742)
* `filter.d/exim-common.conf` - pid-prefix extended to match `mx1 exim[...]:` (gh-2553)
* `filter.d/lighttpd-auth.conf` - adjusted to the current source code + avoiding catch-all's, etc (gh-3116)
* `filter.d/named-refused.conf`:
- added support for alternate names (suffix), FreeIPA renames the BIND9 named daemon to named-pkcs11, gh-2636
- fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp), gh-2899
* `filter.d/nginx-*.conf` - added journalmatch to nginx filters, gh-2935
* `filter.d/nsd.conf` - support for current log format, gh-2965
* `filter.d/postfix.conf`: fixes and new vectors, review and combining several regex to single RE:
- mode `ddos` (and `aggressive`) extended:
* to consider abusive handling of clients hitting command limit, gh-3040
* to handle postscreen's PREGREET and HANGUP messages, gh-2898
- matches rejects with "undeliverable address" (sender/recipient verification) additionally to "Unknown user", gh-3039
both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters
- reject: BDAT/DATA from, gh-2927
- (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now
(RCPT, EHLO, VRFY, DATA, BDAT or something else)
- matches "Command rejected" and "Data command rejected" now
- matches RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995
- matches 550 5.7.25 Client host rejected, gh-2996
* `filter.d/sendmail-auth.conf`:
- detect several "authentication failure" messages, sendmail 8.16.1, gh-2757
- detect user not found, gh-3030
- detect failures without user part, gh-3324
* `filter.d/sendmail-reject.conf`:
- fix reverse DNS for ... (gh-3012)
- fixed regex to consider "Connection rate limit exceeded" with different combination of arguments
* `filter.d/sshd.conf`:
- mode `ddos` extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear", gh-3086
(fixed possible regression of f77398c)
- mode `ddos` extended - recognizes new message "banner exchange: invalid format" generated by port scanner
(https payload on ssh port), gh-3169
* `filter.d/zoneminder.conf` - support new log format (ERR instead of WAR), add detection of non-existent user login attempts, gh-2984
* amend to gh-980 fixing several actions (correctly supporting new enhancements now)
* fixed typo by `--dump-pretty` option which did never work (only `--dp` was working)
* fixes start of fail2ban-client in docker: speedup daemonization process by huge open files limit, gh-3334
* provides details of failed regex compilation in the error message we throw in Regex-constructor
(it's good to know what exactly is wrong)
* fixed failed update of database didn't signal with an error, gh-3352:
- client and server exit with error code by failure during start process (in foreground mode)
- added fallback to repair if database cannot be upgraded
### New Features and Enhancements
* python 3.10 and 3.11 compatibility (and GHA-CI support)
* `actioncheck` behavior is changed now (gh-488), so invariant check as well as restore or repair
of sane environment (in case of recognized unsane state) would only occur on action errors (e. g.
if ban or unban operations are exiting with other code as 0)
* better recognition of log rotation, better performance by reopen: avoid unnecessary seek to begin of file
(and hash calculation)
* file filter reads only complete lines (ended with new-line) now, so waits for end of line (for its completion)
* datedetector:
- token `%Z` must recognize zone abbreviation `Z` (GMT/UTC) also (similar to `%z`)
- token `%Z` recognizes all known zone abbreviation besides Z, GMT, UTC correctly, if it is matching
(`%z` remains unchanged for backwards-compatibility, see comment in code)
- date patterns `%ExY` and `%Exy` accept every year from 19xx up to current century (+3 years) in `fail2ban-regex`
- better grouping algorithm for resulting century RE for `%ExY` and `%Exy`
* actions differentiate tags `<ip>` and `<fid>` (`<F-ID>`), if IP-address deviates from ID then the value
of `<ip>` is not equal `<fid>` anymore (gh-3217)
* action info extended with new members for jail info (usable as tags in command actions), gh-10:
- `<jail.found>`, `<jail.found_total>` - current and total found failures
- `<jail.banned>`, `<jail.banned_total>` - current and total bans
* `filter.d/monitorix.conf` - added new filter and jail for Monitorix, gh-2679
* `filter.d/mssql-auth.conf` - new filter and jail for Microsoft SQL Server, gh-2642
* `filter.d/nginx-bad-request.conf` - added filter to find bad requests (400), gh-2750
* `filter.d/nginx-http-auth.conf` - extended with parameter mode, so additionally to `auth` (or `normal`)
mode `fallback` (or combined as `aggressive`) can find SSL errors while SSL handshaking, gh-2881
* `filter.d/scanlogd.conf` - new filter and jail, add support for filtering out detected port scans via scanlogd, gh-2950
* `action.d/apprise.conf` - added Apprise support (50+ Notifications), gh-2565
* `action.d/badips.*` - removed actions, badips.com is no longer active, gh-2889
* `action.d/cloudflare.conf` - better IPv6 capability, gh-2891
* `action.d/cloudflare-token.conf` - added support for Cloudflare Token APIs. This method is more restrictive and therefore safter than using API Keys.
* `action.d/ipthreat.conf` - new action for IPThreat integration, gh-3349
* `action.d/ufw.conf` (gh-3018):
- new option `add` (default `prepend`), can be supplied as `insert 1` for ufw versions before v.0.36 (gh-2331, gh-3018)
- new options `kill-mode` and `kill` to drop established connections of intruder (see action for details, gh-3018)
* `iptables` and `iptables-ipset` actions extended to support multiple protocols with single action
for multiport or oneport type (back-ported from nftables action);
* `iptables` actions are more breakdown-safe: start wouldn't fail if chain or rule already exists
(e. g. created by previous instance and doesn't get purged properly); ultimately closes gh-980
* `ipset` actions are more breakdown-safe: start wouldn't fail if set with this name already exists
(e. g. created by previous instance and don't deleted properly)
* replace internals of several `iptables` and `iptables-ipset` actions using internals of iptables include:
- better check mechanism (using `-C`, option `--check` is available long time);
- additionally iptables-ipset is a common action for `iptables-ipset-proto6-*` now (which become obsolete now);
- many features of different iptables actions are combinable as single chain/rule (can be supplied to action as parameters);
- iptables is a replacement for iptables-common now, several actions using this as include now become obsolete;
* new logtarget SYSTEMD-JOURNAL, gh-1403
* fail2ban.conf: new fail2ban configuration option `allowipv6` (default `auto`), can be used to allow or disallow IPv6
interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces), gh-2804
* invalidate IP/DNS caches by reload, so inter alia would allow to recognize IPv6IsAllowed immediately, previously
retarded up to cache max-time (5m), gh-2804
* OpenRC (Gentoo, mainly) service script improvements, gh-2182
* suppress unneeded info "Jail is not a JournalFilter instance" (moved to debug level), gh-3186
* implements new interpolation variable `%(fail2ban_confpath)s` (automatically substituted from config-reader path,
default `/etc/fail2ban` or `/usr/local/etc/fail2ban` depending on distribution); `ignorecommands_dir` is unneeded anymore,
thus removed from `paths-common.conf`, fixes gh-3005
* `fail2ban-regex`: accepts filter parameters containing new-line
ver. 0.11.2 (2020/11/23) - heal-the-world-with-security-tools
-----------
### Compatibility
* to v.0.10:
- 0.11 is totally compatible to 0.10 (configuration- and API-related stuff), but the database
got some new tables and fields (auto-converted during the first start), so once updated to 0.11, you
have to remove the database /var/lib/fail2ban/fail2ban.sqlite3 (or its different to 0.10 schema)
if you would need to downgrade to 0.10 for some reason.
* to v.0.9:
- Filter (or `failregex`) internal capture-groups:
* If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should
rewrite the regex like in example below resp. using `(?:(?P=ip4)|(?P=ip6)` instead of `(?P=host)`
(or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding your `usedns` and `raw` settings).
Of course you can always define your own capture-group (like below `_cond_ip_`) to do this.
```
testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1"
fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$"
```
* New internal groups (currently reserved for internal usage):
`ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if
mapping from tag `<F-*>` used in failregex (e. g. `user` by `<F-USER>`).
- v.0.10 and 0.11 use more precise date template handling, that can be theoretically incompatible to some
user configurations resp. `datepattern`.
- Since v0.10 fail2ban supports the matching of IPv6 addresses, but not all ban actions are
IPv6-capable now.
### Fixes
* [stability] prevent race condition - no ban if filter (backend) is continuously busy if
too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)
* pyinotify-backend sporadically avoided initial scanning of log-file by start
* python 3.9 compatibility (and Travis CI support)
* restoring a large number (500+ depending on files ulimit) of current bans when using PyPy fixed
* manual ban is written to database, so can be restored by restart (gh-2647)
* `jail.conf`: don't specify `action` directly in jails (use `action_` or `banaction` instead)
* no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified
per jail or in default section in jail.local), closes gh-2357
* ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686)
* don't use `%(banaction)s` interpolation because it can be complex value (containing `[...]` and/or quotes),
so would bother the action interpolation
* fixed type conversion in config readers (take place after all interpolations get ready), that allows to
specify typed parameters variable (as substitutions) as well as to supply it in other sections or as init parameters.
* `action.d/*-ipset*.conf`: several ipset actions fixed (no timeout per default anymore), so no discrepancy
between ipset and fail2ban (removal from ipset will be managed by fail2ban only, gh-2703)
* `action.d/cloudflare.conf`: fixed `actionunban` (considering new-line chars and optionally real json-parsing
with `jq`, gh-2140, gh-2656)
* `action.d/nftables.conf` (type=multiport only): fixed port range selector, replacing `:` with `-` (gh-2763)
* `action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-` (gh-2821)
* `action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num` (gh-2836)
* `filter.d/common.conf`: avoid substitute of default values in related `lt_*` section, `__prefix_line`
should be interpolated in definition section (inside the filter-config, gh-2650)
* `filter.d/dovecot.conf`:
- add managesieve and submission support (gh-2795);
- accept messages with more verbose logging (gh-2573);
* `filter.d/courier-smtp.conf`: prefregex extended to consider port in log-message (gh-2697)
* `filter.d/traefik-auth.conf`: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle
the match of username differently (gh-2693):
- `normal`: matches 401 with supplied username only
- `ddos`: matches 401 without supplied username only
- `aggressive`: matches 401 and any variant (with and without username)
* `filter.d/sshd.conf`: normalizing of user pattern in all RE's, allowing empty user (gh-2749)
### New Features and Enhancements
* fail2ban-regex:
- speedup formatted output (bypass unneeded stats creation)
- extended with prefregex statistic
- more informative output for `datepattern` (e. g. set from filter) - pattern : description
* parsing of action in jail-configs considers space between action-names as separator also
(previously only new-line was allowed), for example `action = a b` would specify 2 actions `a` and `b`
* new filter and jail for GitLab recognizing failed application logins (gh-2689)
* new filter and jail for Grafana recognizing failed application logins (gh-2855)
* new filter and jail for SoftEtherVPN recognizing failed application logins (gh-2723)
* `filter.d/guacamole.conf` extended with `logging` parameter to follow webapp-logging if it's configured (gh-2631)
* `filter.d/bitwarden.conf` enhanced to support syslog (gh-2778)
* introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex;
* datetemplate: improved anchor detection for capturing groups `(^...)`;
* datepattern: improved handling with wrong recognized timestamps (timezones, no datepattern, etc)
as well as some warnings signaling user about invalid pattern or zone (gh-2814):
- filter gets mode in-operation, which gets activated if filter starts processing of new messages;
in this mode a timestamp read from log-line that appeared recently (not an old line), deviating too much
from now (up too 24h), will be considered as now (assuming a timezone issue), so could avoid unexpected
bypass of failure (previously exceeding `findtime`);
- better interaction with non-matching optional datepattern or invalid timestamps;
- implements special datepattern `{NONE}` - allow to find failures totally without date-time in log messages,
whereas filter will use now as timestamp (gh-2802)
* performance optimization of `datepattern` (better search algorithm in datedetector, especially for single template);
* fail2ban-client: extended to unban IP range(s) by subnet (CIDR/mask) or hostname (DNS), gh-2791;
* extended capturing of alternate tags in filter, allowing combine of multiple groups to single tuple token with new tag
prefix `<F-TUPLE_`, that would combine value of `<F-V>` with all value of `<F-TUPLE_V?_n?>` tags (gh-2755)
ver. 0.11.1 (2020/01/11) - this-is-the-way
-----------
### Fixes
* purge database will be executed now (within observer).
* restoring currently banned ip after service restart fixed
(now < timeofban + bantime), ignore old log failures (already banned)
* upgrade database: update new created table `bips` with entries from table `bans` (allows restore
current bans after upgrade from version <= 0.10)
### New Features
* Increment ban time (+ observer) functionality introduced.
* Database functionality extended with bad ips.
* New tags (usable in actions):
- `<bancount>` - ban count of this offender if known as bad (started by 1 for unknown)
- `<bantime>` - current ban-time of the ticket (prolongation can be retarded up to 10 sec.)
* Introduced new action command `actionprolong` to prolong ban-time (e. g. set new timeout if expected);
Several actions (like ipset, etc.) rewritten using net logic with `actionprolong`.
Note: because ban-time is dynamic, it was removed from jail.conf as timeout argument (check jail.local).
### Enhancements
* algorithm of restore current bans after restart changed: update the restored ban-time (and therefore
end of ban) of the ticket with ban-time of jail (as maximum), for all tickets with ban-time greater
(or persistent); not affected if ban-time of the jail is unchanged between stop/start.
* added new setup-option `--without-tests` to skip building and installing of tests files (gh-2287).
* added new command `fail2ban-client get <JAIL> banip ?sep-char|--with-time?` to get the banned ip addresses (gh-1916).
ver. 0.10.5 (2020/01/10) - deserve-more-respect-a-jedis-weapon-must
-----------
Yes, Hrrrm...
### Fixes
* [compatibility] systemd backend: default flags changed to SYSTEM_ONLY(4), fixed in gh-2444 in order to ignore
user session files per default, so could prevent "Too many open files" errors on a lot of user sessions (see gh-2392)
* [grave] fixed parsing of multi-line filters (`maxlines` > 1) together with systemd backend,
now systemd-filter replaces newlines in message from systemd journal with `\n` (otherwise
multi-line parsing may be broken, because removal of matched string from multi-line buffer window
is confused by such extra new-lines, so they are retained and got matched on every followed
message, see gh-2431)
* [stability] prevent race condition - no unban if the bans occur continuously (gh-2410);
now an unban-check will happen not later than 10 tickets get banned regardless there are
still active bans available (precedence of ban over unban-check is 10 now)
* fixed read of included config-files (`.local` overwrites options of `.conf` for config-files
included with before/after)
* `action.d/abuseipdb.conf`: switched to use AbuseIPDB API v2 (gh-2302)
* `action.d/badips.py`: fixed start of banaction on demand (which may be IP-family related), gh-2390
* `action.d/helpers-common.conf`: rewritten grep arguments, now options `-wF` used to match only
whole words and fixed string (not as pattern), gh-2298
* `filter.d/apache-auth.conf`:
- ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548);
- extended with option `mode` - `normal` (default) and `aggressive`
* `filter.d/sshd.conf`:
- matches `Bad protocol version identification` in `ddos` and `aggressive` modes (gh-2404).
- captures `Disconnecting ...: Change of username or service not allowed` (gh-2239, gh-2279)
- captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra`
(with supplied user only) and `ddos`/`aggressive` mode (gh-2115, gh-2239, gh-2279)
* `filter.d/mysqld-auth.conf`:
- MYSQL 8.0.13 compatibility (log-error-verbosity = 3), log-format contains few additional words
enclosed in brackets after "[Note]" (gh-2314)
* `filter.d/sendmail-reject.conf`:
- `mode=extra` now captures port IDs of `TLSMTA` and `MSA` (defaults for ports 465 and 587 on some distros)
* `files/fail2ban.service.in`: fixed systemd-unit template - missing nftables dependency (gh-2313)
* several `action.d/mail*`: fixed usage with multiple log files (ultimate fix for gh-976, gh-2341)
* `filter.d/sendmail-reject.conf`: fixed journal usage for some systems (e. g. CentOS): if only identifier
set to `sm-mta` (no unit `sendmail`) for some messages (gh-2385)
* `filter.d/asterisk.conf`: asterisk can log additional timestamp if logs into systemd-journal
(regex extended with optional part matching this, gh-2383)
* `filter.d/postfix.conf`:
- regexp's accept variable suffix code in status of postfix for precise messages (gh-2442)
- extended with new postfix filter mode `errors` to match "too many errors" (gh-2439),
also included within modes `normal`, `more` (`extra` and `aggressive`), since postfix
parameter `smtpd_hard_error_limit` is default 20 (additionally consider `maxretry`)
* `filter.d/named-refused.conf`:
- support BIND 9.11.0 log format (includes an additional field @0xXXX..., gh-2406);
- `prefregex` extended, more selective now (denied/NOTAUTH suffix moved from failregex, so no catch-all there anymore)
* `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` :
- ID in prefix can be longer as 14 characters (gh-2563);
* all filters would accept square brackets around IPv4 addresses also (e. g. monit-filter, gh-2494)
* avoids unhandled exception during flush (gh-2588)
* fixes pass2allow-ftp jail - due to inverted handling, action should prohibit access per default for any IP,
therefore reset start on demand parameter for this action (it will be started immediately by repair);
* auto-detection of IPv6 subsystem availability (important for not on-demand actions or jails, like pass2allow);
### New Features
* new replacement tags for failregex to match subnets in form of IP-addresses with CIDR mask (gh-2559):
- `<CIDR>` - helper regex to match CIDR (simple integer form of net-mask);
- `<SUBNET>` - regex to match sub-net addresses (in form of IP/CIDR, also single IP is matched, so part /CIDR is optional);
* grouped tags (`<ADDR>`, `<HOST>`, `<SUBNET>`) recognize IP addresses enclosed in square brackets
* new failregex-flag tag `<F-MLFGAINED>` for failregex, signaled that the access to service was gained
(ATM used similar to tag `<F-NOFAIL>`, but it does not add the log-line to matches, gh-2279)
* filters: introduced new configuration parameter `logtype` (default `file` for file-backends, and
`journal` for journal-backends, gh-2387); can be also set to `rfc5424` to force filters (which include common.conf)
to use RFC 5424 conform prefix-line per default (gh-2467);
* for better performance and safety the option `logtype` can be also used to
select short prefix-line for file-backends too for all filters using `__prefix_line` (`common.conf`),
if message logged only with `hostname svc[nnnn]` prefix (often the case on several systems):
```ini
[jail]
backend = auto
filter = flt[logtype=short]
```
* `filter.d/common.conf`: differentiate `__prefix_line` for file/journal logtype's (speedup and fix parsing
of systemd-journal);
* `filter.d/traefik-auth.conf`: used to ban hosts, that were failed through traefik
* `filter.d/znc-adminlog.conf`: new filter for ZNC (IRC bouncer); requires the adminlog module to be loaded
### Enhancements
* introduced new options: `dbmaxmatches` (fail2ban.conf) and `maxmatches` (jail.conf) to control
how many matches per ticket fail2ban can hold in memory and store in database (gh-2402, gh-2118);
* fail2ban.conf: introduced new section `[Thread]` and option `stacksize` to configure default size
of the stack for threads running in fail2ban (gh-2356), it could be set in `fail2ban.local` to
avoid runtime error "can't start new thread" (see gh-969);
* jail-reader extended (amend to gh-1622): actions support multi-line options now (interpolations
containing new-line);
* fail2ban-client: extended to ban/unban multiple tickets (see gh-2351, gh-2349);
Syntax:
- `fail2ban-client set <jain> banip <ip1> ... <ipN>`
- `fail2ban-client set <jain> unbanip [--report-absent] <ip1> ... <ipN>`
* fail2ban-client: extended with new feature which allows to inform fail2ban about single or multiple
attempts (failure) for IP (resp. failure-ID), see gh-2351;
Syntax:
- `fail2ban-client set <jail> attempt <ip> [<failure-message1> ... <failure-messageN>]`
* `action.d/nftables.conf`:
- isolate fail2ban rules into a dedicated table and chain (gh-2254)
- `nftables-allports` supports multiple protocols in single rule now
- combined nftables actions to single action `nftables`:
* `nftables-common` is removed (replaced with single action `nftables` now)
* `nftables-allports` is obsolete, superseded by `nftables[type=allports]`
* `nftables-multiport` is obsolete, superseded by `nftables[type=multiport]`
- allowed multiple protocols in `nftables[type=multiport]` action (single set with multiple rules
in chain), following configuration in jail would replace 3 separate actions, see
https://github.com/fail2ban/fail2ban/pull/2254#issuecomment-534684675
* `action.d/badips.py`: option `loglevel` extended with level of summary message,
following example configuration logging summary with NOTICE and rest with DEBUG log-levels:
`action = badips.py[loglevel="debug, notice"]`
* samplestestcase.py (testSampleRegexsFactory) extended:
- allow coverage of journal logtype;
- new option `fileOptions` to set common filter/test options for whole test-file;
* large enhancement: auto-reban, improved invariant check and conditional operations (gh-2588):
- improves invariant check and repair (avoid unhandled exception, consider family on conditional operations, etc),
prepared for bulk re-ban in repair case (if bulk-ban becomes implemented);
- automatic reban (repeat banning action) after repair/restore sane environment, if already logged ticket causes
new failures (via new action operation `actionreban` or `actionban` if still not defined in action);
* introduces banning epoch for actions and tickets (to distinguish or recognize removed set of the tickets);
* invariant check avoids repair by unban/stop (unless parameter `actionrepair_on_unban` set to `true`);
* better handling for all conditional operations (distinguish families for certain operations like
repair/flush/stop, prepared for other families, e. g. if different handling for subnets expected, etc);
* partially implements gh-980 (more breakdown safe handling);
* closes gh-1680 (better as large-scale banning implementation with on-demand reban by failure,
at least unless a bulk-ban gets implemented);
* fail2ban-regex - several enhancements and fixes:
- improved usage output (don't put a long help if an error occurs);
- new option `--no-check-all` to avoid check of all regex's (first matched only);
- new option `-o`, `--out` to set token only provided in output (disables check-all and outputs only expected data).
ver. 0.10.4 (2018/10/04) - ten-four-on-due-date-ten-four
-----------
### Fixes
* `filter.d/dovecot.conf`:
- failregex enhancement to catch sql password mismatch errors (gh-2153);
- disconnected with "proxy dest auth failed" (gh-2184);
* `filter.d/freeswitch.conf`:
- provide compatibility for log-format from gh-2193:
* extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover
`YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional);
* more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);
- extended with mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)`
(see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter
how to set it to mode `normal`.
* `filter.d/domino-smtp.conf`:
- recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
- failregex extended to catch connections rejected for policy reasons (gh-2228);
* `action.d/hostsdeny.conf`: fix parameter in config (dynamic parameters stating with '_' are protected
and don't allowed in command-actions), see gh-2114;
* decoding stability fix by wrong encoded characters like utf-8 surrogate pairs, etc (gh-2171):
- fail2ban running in the preferred encoding now (as default encoding also within python 2.x), mostly
`UTF-8` in opposite to `ascii` previously, so minimizes influence of implicit conversions errors;
- actions: avoid possible conversion errors on wrong-chars by replace tags;
- database: improve adapter/converter handlers working on invalid characters in sense of json and/or sqlite-database;
additionally both are exception-safe now, so avoid possible locking of database (closes gh-2137);
- logging in fail2ban is process-wide exception-safe now.
* repaired start-time of initial seek to time (as well as other log-parsing related data),
if parameter `logpath` specified before `findtime`, `backend`, `datepattern`, etc (gh-2173)
* systemd: fixed type error on option `journalflags`: an integer is required (gh-2125);
### New Features
* new option `ignorecache` to improve performance of ignore failure check (using caching of `ignoreip`,
`ignoreself` and `ignorecommand`), see `man jail.conf` for syntax-example;
* `ignorecommand` extended to use actions-similar replacement (capable to interpolate
all possible tags like `<ip-host>`, `<family>`, `<fid>`, `F-USER` etc.)
### Enhancements
* `filter.d/dovecot.conf`: extended with tags F-USER (and alternatives) to collect user-logins (gh-2168)
* since v.0.10.4, fail2ban-client, fail2ban-server and fail2ban-regex will return version without logo info,
additionally option `-V` can be used to get version in normalized machine-readable short format.
ver. 0.10.3 (2018/04/04) - the-time-is-always-right-to-do-what-is-right
-----------
### ver. 0.10.3.1:
* fixed JSON serialization for the set-object within dump into database (gh-2103).
### Fixes
* `filter.d/asterisk.conf`: fixed failregex prefix by log over remote syslog server (gh-2060);
* `filter.d/exim.conf`: failregex extended - SMTP call dropped: too many syntax or protocol errors (gh-2048);
* `filter.d/recidive.conf`: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069;
* `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` :
- fixed failregex, sendmail uses prefix 'IPv6:' logging of IPv6 addresses (gh-2064);
* `filter.d/sshd.conf`:
- failregex got an optional space in order to match new log-format (see gh-2061);
- fixed ddos-mode regex to match refactored message (some versions can contain port now, see gh-2062);
- fixed root login refused regex (optional port before preauth, gh-2080);
- avoid banning of legitimate users when pam_unix used in combination with other password method, so
bypass pam_unix failures if accepted available for this user gh-2070;
- amend to gh-1263 with better handling of multiple attempts (failures for different user-names recognized immediately);
- mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode
it counts failure on closing connection within preauth-stage (gh-2085);
* `action.d/abuseipdb.conf`: fixed curl cypher errors and comment quote-issue (gh-2044, gh-2101);
* `action.d/badips.py`: implicit convert IPAddr to str, solves an issue "expected string, IPAddr found" (gh-2059);
* `action.d/hostsdeny.conf`: fixed IPv6 syntax (enclosed in square brackets, gh-2066);
* (Free)BSD ipfw actionban fixed to allow same rule added several times (gh-2054);
### New Features
* several stability and performance optimizations, more effective filter parsing, etc;
* stable runnable within python versions 3.6 (as well as within 3.7-dev);
### Enhancements
* `filter.d/apache-auth.conf`: detection of Apache SNI errors resp. misredirect attempts (gh-2017, gh-2097);
* `filter.d/apache-noscript.conf`: extend failregex to match "Primary script unknown", e. g. from php-fpm (gh-2073);
* date-detector extended with long epoch (`LEPOCH`) to parse milliseconds/microseconds posix-dates (gh-2029);
* possibility to specify own regex-pattern to match epoch date-time, e. g. `^\[{EPOCH}\]` or `^\[{LEPOCH}\]` (gh-2038);
the epoch-pattern similar to `{DATE}` patterns does the capture and cuts out the match of whole pattern from the log-line,
e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line.
* badips.py now uses https instead of plain http when requesting badips.com (gh-2057);
* add support for "any" badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056);
* Introduced new parameter `padding` for logging within fail2ban-server (default on, excepting SYSLOG):
Usage `logtarget = target[padding=on|off]`
ver. 0.10.2 (2018/01/18) - nothing-burns-like-the-cold
-----------
### Incompatibility list:
* The configuration for jails using banaction `pf` can be incompatible after upgrade, because pf-action uses
anchors now (see `action.d/pf.conf` for more information). If you want use obsolete handling without anchors,
just rewrite it in the `jail.local` by overwrite of `pfctl` parameter, e. g. like `banaction = pf[pfctl="pfctl"]`.
### Fixes
* Fixed logging to systemd-journal: new logtarget value SYSOUT can be used instead of STDOUT, to avoid
write of the time-stamp, if logging to systemd-journal from foreground mode (gh-1876)
* Fixed recognition of the new date-format on mysqld-auth filter (gh-1639)
* jail.conf: port `imap3` replaced with `imap` everywhere, since imap3 is not a standard port and old rarely
(if ever) used and can missing on some systems (e. g. debian stretch), see gh-1942.
* config/paths-common.conf: added missing initial values (and small normalization in config/paths-*.conf)
in order to avoid errors while interpolating (e. g. starting with systemd-backend), see gh-1955.
* `action.d/pf.conf`:
- fixed syntax error in achnor definition (documentation, see gh-1919);
- enclose ports in braces for multiport jails (see gh-1925);
* `action.d/firewallcmd-ipset.conf`: fixed create of set for ipv6 (missing `family inet6`, gh-1990)
* `filter.d/sshd.conf`:
- extended failregex for modes "extra"/"aggressive": now finds all possible (also future)
forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found",
see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors (gh-1943, gh-1944);
- fixed failregex in order to avoid banning of legitimate users with multiple public keys (gh-2014, gh-1263);
### New Features
* datedetector: extended default date-patterns (allows extra space between the date and time stamps);
introduces 2 new format directives (with corresponding %Ex prefix for more precise parsing):
- %k - one- or two-digit number giving the hour of the day (0-23) on a 24-hour clock,
(corresponds %H, but allows space if not zero-padded).
- %l - one- or two-digit number giving the hour of the day (12-11) on a 12-hour clock,
(corresponds %I, but allows space if not zero-padded).
* `filter.d/exim.conf`: added mode `aggressive` to ban flood resp. DDOS-similar failures (gh-1983);
* New Actions:
- `action.d/nginx-block-map.conf` - in order to ban not IP-related tickets via nginx (session blacklisting in
nginx-location with map-file);
### Enhancements
* jail.conf: extended with new parameter `mode` for the filters supporting it (gh-1988);
* action.d/pf.conf: extended with bulk-unban, command `actionflush` in order to flush all bans at once.
* Introduced new parameters for logging within fail2ban-server (gh-1980).
Usage `logtarget = target[facility=..., datetime=on|off, format="..."]`:
- `facility` - specify syslog facility (default `daemon`, see https://docs.python.org/2/library/logging.handlers.html#sysloghandler
for the list of facilities);
- `datetime` - add date-time to the message (default on, ignored if `format` specified);
- `format` - specify own format how it will be logged, for example for short-log into STDOUT:
`fail2ban-server -f --logtarget 'stdout[format="%(relativeCreated)5d | %(message)s"]' start`;
* Automatically recover or recreate corrupt persistent database (e. g. if failed to open with
'database disk image is malformed'). Fail2ban will create a backup, try to repair the database,
if repair fails - recreate new database (gh-1465, gh-2004).
ver. 0.10.1 (2017/10/12) - succeeded-before-friday-the-13th
-----------
### Fixes
* fix Gentoo init script's shebang to use openrc-run instead of runscript (gh-1891)
* jail "pass2allow-ftp" supply blocktype and returntype parameters to the action (gh-1884)
* avoid using "ANSI_X3.4-1968" as preferred encoding (if missing environment variables
'LANGUAGE', 'LC_ALL', 'LC_CTYPE', and 'LANG', see gh-1587).
* action.d/pf.conf: several fixes for pf-action like anchoring, etc. (see gh-1866, gh-1867);
* fixed ignoreself issue "Retrieving own IPs of localhost failed: inet_pton() argument 2 must be string, not int" (see gh-1865);
* fixed tags `<fq-hostname>` and `<sh-hostname>`, could be used without ticket (a. g. in `actionstart` etc., gh-1859).
* setup.py: fixed several setup facilities (gh-1874):
- don't check return code by dry-run: returns 256 on some python/setuptool versions;
- `files/fail2ban.service` renamed as template to `files/fail2ban.service.in`;
- setup process generates `build/fail2ban.service` from `files/fail2ban.service.in` using distribution related bin-path;
- bug-fixing by running setup with option `--dry-run`;
### New Features
* introduced new command-line options `--dp`, `--dump-pretty` to dump the configuration using more
human readable representation (opposite to `-d`);
### Enhancements
* nftables actions are IPv6-capable now (gh-1893)
* filter.d/dovecot.conf: introduced mode `aggressive` for cases like "disconnected before auth was ready" (gh-1880)
ver. 0.10.0 (2017/08/09) - long-awaited 0.10th version
-----------
TODO: implementing of options resp. other tasks from PR #1346
documentation should be extended (new options, etc)
### Fixes
* `filter.d/apache-auth.conf`:
- better failure recognition using short form of regex (url/referer are foreign inputs, see gh-1645)
* `filter.d/apache-common.conf` (`filter.d/apache-*.conf`):
- support of apache log-format if logging into syslog/systemd (gh-1695), using parameter `logging`,
parameter usage for jail:
filter = apache-auth[logging=syslog]
parameter usage for `apache-common.local`:
logging = syslog
* `filter.d/pam-generic.conf`:
- [grave] injection on user name to host fixed
* `filter.d/sshd.conf`:
- rewritten using `prefregex` and used MLFID-related multi-line parsing
(by using tag `<F-MLFID>` instead of buffering with `maxlines`);
- optional parameter `mode` rewritten: normal (default), ddos, extra or aggressive (combines all),
see sshd for regex details)
* `filter.d/sendmail-reject.conf`:
- rewritten using `prefregex` and used MLFID-related multi-line parsing;
- optional parameter `mode` introduced: normal (default), extra or aggressive
* `filter.d/haproxy-http-auth`: do not mistake client port for part of an IPv6 address (gh-1745)
* `filter.d/postfix.conf`:
- updated to latest postfix formats
- joined several postfix filter together (normalized and optimized version, gh-1825)
- introduced new parameter `mode` (see gh-1825): more (default, combines normal and rbl), auth, normal,
rbl, ddos, extra or aggressive (combines all)
- postfix postscreen (resp. other RBL's compatibility fix, gh-1764, gh-1825)
* `filter.d/postfix-rbl.conf`: removed (replaced with `postfix[mode=rbl]`)
* `filter.d/postfix-sasl.conf`: removed (replaced with `postfix[mode=auth]`)
* `filter.d/roundcube-auth.conf`:
- fixed regex when `X-Real-IP` or/and `X-Forwarded-For` are present after host (gh-1303);
- fixed regex when logging authentication errors to journal instead to a local file (gh-1159);
- additionally fixed more complex injections on username (e. g. using dot after fake host).
* `filter.d/ejabberd-auth.conf`: fixed failregex - accept new log-format (gh-993)
* `action.d/complain.conf`
- fixed using new tag `<ip-rev>` (sh/dash compliant now)
* `action.d/sendmail-geoip-lines.conf`
- fixed using new tag `<ip-host>` (without external command execution)
* fail2ban-regex: fixed matched output by multi-line (buffered) parsing
* fail2ban-regex: support for multi-line debuggex URL implemented (gh-422)
* fixed ipv6-action errors on systems not supporting ipv6 and vice versa (gh-1741)
* fixed directory-based log-rotate for pyinotify-backend (gh-1778)
### New Features
* New Actions:
* New Filters:
### Enhancements
* Introduced new filter option `prefregex` for pre-filtering using single regular expression (gh-1698);
* Many times faster and fewer CPU-hungry because of parsing with `maxlines=1`, so without
line buffering (scrolling of the buffer-window).
Combination of tags `<F-MLFID>` and `<F-NOFAIL>` can be used now to process multi-line logs
using single-line expressions:
- tag `<F-MLFID>`: used to identify resp. store failure info for groups of log-lines with the same
identifier (e. g. combined failure-info for the same conn-id by `<F-MLFID>(?:conn-id)</F-MLFID>`,
see sshd.conf for example);
- tag `<F-MLFFORGET>`: can be used as mark to forget current multi-line MLFID (e. g. by connection
closed, reset or disconnect etc);
- tag `<F-NOFAIL>`: used as mark for no-failure (helper to accumulate common failure-info,
e. g. from lines that contain IP-address);
Opposite to obsolete multi-line parsing (using buffering with `maxlines`) it is more precise and
can recognize multiple failure attempts within the same connection (MLFID).
* Several filters optimized with pre-filtering using new option `prefregex`, and multiline filter
using `<F-MLFID>` + `<F-NOFAIL>` combination;
* Exposes filter group captures in actions (non-recursive interpolation of tags `<F-...>`,
see gh-1698, gh-1110)
* Some filters extended with user name (can be used in gh-1243 to distinguish IP and user,
resp. to remove after success login the user-related failures only);
* Safer, more stable and faster replaceTag interpolation (switched from cycle over all tags
to re.sub with callable)
* substituteRecursiveTags optimization + moved in helpers facilities (because currently used
commonly in server and in client)
* New tags (usable in actions):
- `<fid>` - failure identifier (if raw resp. failures without IP address)
- `<ip-rev>` - PTR reversed representation of IP address
- `<ip-host>` - host name of the IP address
- `<bancount>` - ban count of this offender if known as bad (started by 1 for unknown)
- `<bantime>` - current ban-time of the ticket (prolongation can be retarded up to 10 sec.)
- `<F-...>` - interpolates to the corresponding filter group capture `...`
- `<fq-hostname>` - fully-qualified name of host (the same as `$(hostname -f)`)
- `<sh-hostname>` - short hostname (the same as `$(uname -n)`)
* Introduced new action command `actionprolong` to prolong ban-time (e. g. set new timeout if expected);
Several actions (like ipset, etc.) rewritten using net logic with `actionprolong`.
Note: because ban-time is dynamic, it was removed from jail.conf as timeout argument (check jail.local).
* Allow to use filter options by `fail2ban-regex`, example:
fail2ban-regex text.log "sshd[mode=aggressive]"
* Samples test case factory extended with filter options - dict in JSON to control
filter options (e. g. mode, etc.):
# filterOptions: {"mode": "aggressive"}
* Introduced new jail option "ignoreself", specifies whether the local resp. own IP addresses
should be ignored (default is true). Fail2ban will not ban a host which matches such addresses.
Option "ignoreip" affects additionally to "ignoreself" and don't need to include the DNS
resp. IPs of the host self.
* Regex will be compiled as MULTILINE only if needed (buffering with `maxlines` > 1), that enables:
- to improve performance by the single line parsing (see gh-1733);
- make regex more precise (because distinguish between anchors `^`/`$` for the begin/end of string
and the new-line character '\n', e. g. if coming from filters (like systemd journal) that allow
the parsing of log-entries contain new-line chars (as single entry);
- if multiline regex however expected (by single-line parsing without buffering) - prefix `(?m)`
could be used in regex to enable it;
* Implemented execution of `actionstart` on demand (conditional), if action depends on `family` (gh-1742):
- new action parameter `actionstart_on_demand` (bool) can be set to prevent/allow starting action
on demand (default retrieved automatically, if some conditional parameter `param?family=...`
presents in action properties), see `action.d/pf.conf` for example;
- additionally `actionstop` will be executed only for families previously executing `actionstart`
(starting on demand only)
* Introduced new command `actionflush`: executed in order to flush all bans at once
e. g. by unban all, reload with removing action, stop, shutdown the system (gh-1743),
the actions having `actionflush` do not execute `actionunban` for each single ticket
* Add new command `actionflush` default for several iptables/iptables-ipset actions (and common include);
* Add new jail option `logtimezone` to force the timezone on log lines that don't have an explicit one (gh-1773)
* Implemented zone abbreviations (like CET, CEST, etc.) and abbr+-offset functionality (accept zones
like 'CET+0100'), for the list of abbreviations see strptime.TZ_STR;
* Introduced new option `--timezone` (resp. `--TZ`) for `fail2ban-regex`.
* Tokens `%z` and `%Z` are changed (more precise now);
* Introduced new tokens `%Exz` and `%ExZ` that fully support zone abbreviations and/or offset-based
zones (implemented as enhancement using custom `datepattern`, because may be too dangerous for default
patterns and tokens like `%z`);
Note: the extended tokens supported zone abbreviations, but it can parse 1 or 3-5 char(s) in lowercase.
Don't use them in default date-patterns (if not anchored, few precise resp. optional).
Because python currently does not support mixing of case-sensitive with case-insensitive matching,
the TZ (in uppercase) cannot be combined with `%a`/`%b` etc (that are currently case-insensitive),
to avoid invalid date-time recognition in strings like '11-Aug-2013 03:36:11.372 error ...' with
wrong TZ "error".
Hence `%z` currently match literal Z|UTC|GMT only (and offset-based), and `%Exz` - all zone
abbreviations.
* `filter.d/courier-auth.conf`: support failed logins with method only
* Config reader's: introduced new syntax `%(section/option)s`, in opposite to extended interpolation of
python 3 `${section:option}` work with all supported python version in fail2ban and this syntax is
like our another features like `%(known/option)s`, etc. (gh-1750)
* Variable `default_backend` switched to `%(default/backend)s`, so totally backwards compatible now,
but now the setting of parameter `backend` in default section of `jail.local` can overwrite default
backend also (see gh-1750). In the future versions parameter `default_backend` can be removed (incompatibility,
possibly some distributions affected).
ver. 0.10.0-alpha-1 (2016/07/14) - ipv6-support-etc
-----------
### Fixes
* [Grave] memory leak's fixed (gh-1277, gh-1234)
* [Grave] Misleading date patterns defined more precisely (using extended syntax
`%Ex[mdHMS]` for exact two-digit match or e. g. `%ExY` as more precise year
pattern, within same century of last year and the next 3 years)
* [Grave] extends date detector template with distance (position of match in
log-line), to prevent grave collision using (re)ordered template list (e.g.
find-spot of wrong date-match inside foreign input, misleading date patterns
by ambiguous formats, etc.)
* Distance collision check always prefers template with shortest distance
(left for right) if date pattern is not anchored
* Tricky bug fix: last position of log file will be never retrieved (gh-795),
because of CASCADE all log entries will be deleted from logs table together with jail,
if used "INSERT OR REPLACE" statement
* Asyncserver (asyncore) code fixed and test cases repaired (again gh-161)
* testSocket: sporadical bug repaired - wait for server thread starts a socket (listener)
* testExecuteTimeoutWithNastyChildren: sporadical bug repaired - wait for pid file inside bash,
kill tree in any case (gh-1155)
* purge database will be executed now (within observer).
* restoring currently banned ip after service restart fixed
(now < timeofban + bantime), ignore old log failures (already banned)
* Fixed high-load of pyinotify-backend,
see https://github.com/fail2ban/fail2ban/issues/885#issuecomment-248964591
* Database: stability fix - repack cursor iterator as long as locked
* File filter backends: stability fix for sporadically errors - always close file
handle, otherwise may be locked (prevent log-rotate, etc.)
* Pyinotify-backend: stability fix for sporadically errors in multi-threaded
environment (without lock)
* Fixed sporadically error in testCymruInfoNxdomain, because of unsorted values
* Misleading errors logged from ignorecommand in success case on retcode 1 (gh-1194)
* fail2ban.service - systemd service updated (gh-1618):
- starting service in normal mode (without forking)
- does not restart if service exited normally (exit-code 0, e.g. stopped via fail2ban-client)
- does not restart if service can not start (exit-code 255, e.g. wrong configuration, etc.)
- service can be additionally started/stopped with commands (fail2ban-client, fail2ban-server)
- automatically creates `/var/run/fail2ban` directory before start fail2ban
(systems with virtual resp. memory-based FS for `/var/run`), see gh-1531
- if fail2ban running as systemd-service, for logging to the systemd-journal,
the `logtarget` could be set to STDOUT
- value `logtarget` for system targets allowed also in lowercase (stdout, stderr, syslog, etc.)
* Fixed UTC/GMT named time zone, using `%Z` and `%z` patterns
(special case with 0 zone offset, see gh-1575)
* `filter.d/freeswitch.conf`
- Optional prefixes (server, daemon, dual time) if systemd daemon logs used (gh-1548)
- User part rewritten to accept IPv6 resp. domain after "@" (gh-1548)
### New Features
* IPv6 support:
- IP addresses are now handled as objects rather than strings capable for
handling both address types IPv4 and IPv6
- iptables related actions have been amended to support IPv6 specific actions
additionally
- hostsdeny and route actions have been tested to be aware of v4 and v6 already
- pf action for *BSD systems has been improved and supports now also v4 and v6
- name resolution is now working for either address type
- new conditional section functionality used in config resp. includes:
- [Init?family=inet4] - IPv4 qualified hosts only
- [Init?family=inet6] - IPv6 qualified hosts only
* Increment ban time (+ observer) functionality introduced.
Thanks Serg G. Brester (sebres)
* Database functionality extended with bad ips.
* New reload functionality (now totally without restart, unbanning/rebanning, etc.),
see gh-1557
* Several commands extended and new commands introduced:
- `restart [--unban] [--if-exists] <JAIL>` - restarts the jail \<JAIL\>
(alias for `reload --restart ... <JAIL>`)
- `reload [--restart] [--unban] [--all]` - reloads the configuration without restarting
of the server, the option `--restart` activates completely restarting of affected jails,
thereby can unban IP addresses (if option `--unban` specified)
- `reload [--restart] [--unban] [--if-exists] <JAIL>` - reloads the jail \<JAIL\>,
or restarts it (if option `--restart` specified), at the same time unbans all IP addresses
banned in this jail, if option `--unban` specified
- `unban --all` - unbans all IP addresses (in all jails and database)
- `unban <IP> ... <IP>` - unbans \<IP\> (in all jails and database) (see gh-1388)
- introduced new option `-t` or `--test` to test configuration resp. start server only
if configuration is clean (fails by wrong configured jails if option `-t` specified)
* New command action parameter `actionrepair` - command executed in order to restore
sane environment in error case of `actioncheck`.
* Reporting via abuseipdb.com:
- Bans can now be reported to abuseipdb
- Categories must be set in the config
- Relevant log lines included in report
### Enhancements
* Huge increasing of fail2ban performance and especially test-cases performance (see gh-1109)
* Datedetector: in-place reordering using hits and last used time:
matchTime, template list etc. rewritten because of performance degradation
* Prevent out of memory situation if many IP's makes extremely many failures (maxEntries)
* Introduced string to seconds (str2seconds) for configuration entries with time,
use `1h` instead of `3600`, `1d` instead of `86400`, etc
* seekToTime - prevent completely read of big files first time (after start of service),
initial seek to start time using half-interval search algorithm (see issue gh-795)
* Ticket and some other modules prepared to easy merge with newest version of 'ban-time-incr'
* Cache dnsToIp, ipToName to prevent long wait during retrieving of ip/name,
especially for wrong dns or lazy dns-system
* FailManager memory-optimization: increases performance,
prevents memory leakage, because don't copy failures list on some operations
* fail2ban-testcases - new options introduced:
- `-f`, `--fast` to decrease wait intervals, avoid passive waiting, and skip
few very slow test cases (implied memory database, see `-m` and no gamin tests `-g`)
- `-g`, `--no-gamin` to prevent running of tests that require the gamin (slow)
- `-m`, `--memory-db` - run database tests using memory instead of file
- `-i`, `--ignore` - negate [regexps] filter to ignore tests matched specified regexps
* Background servicing: prevents memory leak on some platforms/python versions, using forced GC
in periodic intervals (latency and threshold)
* executeCmd partially moved from action to new module utils
* Several functionality of class `DNSUtils` moved to new class `IPAddr`,
both classes moved to new module `ipdns`
* Pseudo-conditional section introduced, for conditional substitution resp.
evaluation of parameters for different family qualified hosts,
syntax `[Section?family=inet6]` (currently use for IPv6-support only).
* All the backends were rewritten to get reload-possibility, performance increased,
so fewer greedy regarding cpu- resp. system-load now
* Numeric log-level allowed now in server (resp. fail2ban.conf);
* Implemented better error handling in some multi-threaded routines; shutdown of jails
rewritten (faster and safer, does not breaks shutdown process if some error occurred)
* Possibility for overwriting some configuration options (read with config-readers)
with command line option, e. g.:
```bash
## start server with DEBUG log-level (ignore level read from fail2ban.conf):
fail2ban-client --loglevel DEBUG start
## or
fail2ban-server -c /cfg/path --loglevel DEBUG start
## keep server log-level by reload (without restart it)
fail2ban-client --loglevel DEBUG reload
## switch log-level back to INFO:
fail2ban-client set loglevel INFO
```
* Optimized BanManager: increase performance, fewer system load, try to prevent
memory leakage:
- better ban/unban handling within actions (e.g. used dict instead of list)
- don't copy bans resp. its list on some operations;
- added new unbantime handling to relieve unBanList (prevent permanent
searching for tickets to unban)
- prefer failure-ID as identifier of the ticket to its IP (most of the time
the same, but it can be something else e.g. user name in some complex jails,
as introduced in 0.10)
* Regexp enhancements:
- build replacement of `<HOST>` substitution corresponding parameter
`usedns` - dns-part will be added only if `usedns` is not `no`,
also using fail2ban-regex
- new replacement for `<ADDR>` in opposition to `<HOST>`, for separate
usage of 2 address groups only (regardless of `usedns`), `ip4` and `ip6`
together, without host (dns)
* Misconfigured jails don't prevent fail2ban from starting, server starts
nevertheless, as long as one jail was successful configured (gh-1619)
Message about wrong jail configuration logged in client log (stdout, systemd
journal etc.) and in server log with error level
* More precise date template handling (WARNING: theoretically possible incompatibilities):
- datedetector rewritten more strict as earlier;
- default templates can be specified exacter using prefix/suffix syntax (via `datepattern`);
- more as one date pattern can be specified using option `datepattern` now
(new-line separated);
- some default options like `datepattern` can be specified directly in
section `[Definition]`, that avoids contrary usage of unnecessarily `[Init]`
section, because of performance (each extra section costs time);
- option `datepattern` can be specified in jail also (e. g. jails without filters
or custom log-format, new-line separated for multiple patterns);
- if first unnamed group specified in pattern, only this will be cut out from
search log-line (e. g.: `^date:[({DATE})]` will cut out only datetime match
pattern, and leaves `date:[] ...` for searching in filter);
- faster match and fewer searching of appropriate templates
(DateDetector.matchTime calls rarer DateTemplate.matchDate now);
- several standard filters extended with exact prefixed or anchored date templates;
* Added possibility to recognize restored state of the tickets (see gh-1669).
New option `norestored` introduced, to ignore restored tickets (after restart).
To avoid execution of ban/unban for the restored tickets, `norestored = true`
could be added in definition section of action.
For conditional usage in the shell-based actions an interpolation `<restored>`
could be used also. E. g. it is enough to add following script-piece at begin
of `actionban` (or `actionunban`) to prevent execution:
`if [ '<restored>' = '1' ]; then exit 0; fi;`
Several actions extended now using `norestored` option:
- complain.conf
- dshield.conf
- mail-buffered.conf
- mail-whois-lines.conf
- mail-whois.conf
- mail.conf
- sendmail-buffered.conf
- sendmail-geoip-lines.conf
- sendmail-whois-ipjailmatches.conf
- sendmail-whois-ipmatches.conf
- sendmail-whois-lines.conf
- sendmail-whois-matches.conf
- sendmail-whois.conf
- sendmail.conf
- smtp.py
- xarf-login-attack.conf
* fail2ban-testcases:
- `assertLogged` extended with parameter wait (to wait up to specified timeout,
before we throw assert exception) + test cases rewritten using that
- added `assertDictEqual` for compatibility to early python versions (< 2.7);
- new `with_foreground_server_thread` decorator to test several client/server commands
ver. 0.9.8 (2016/XX/XXX) - wanna-be-released
-----------
0.9.x line is no longer heavily developed. If you are interested in
new features (e.g. IPv6 support), please consider 0.10 branch and its
releases.
### Fixes
* Fix for systemd-backend: fail2ban hits the ulimit (out of file descriptors), see gh-991.
Partially back-ported from v.0.10.
* action.d/bsd-ipfw.conf
- Make the rule number, the action starts looking for a free slot to insert
the new rule, configurable (gh-1689)
- Replace not posix-compliant grep option: fgrep with `-q` option can cause
141 exit code in some cases (gh-1389)
* filter.d/apache-overflows.conf:
- Fixes resources greedy expression (see gh-1790);
- Rewritten without end-anchor ($), because of potential vulnerability on very long URLs.
* filter.d/apache-badbots.conf - extended to recognize Jorgee Vulnerability Scanner (gh-1882)
* filter.d/asterisk.conf
- fixed failregex AMI Asterisk authentication failed (see gh-1302)
- removed invalid (vulnerable) regex blocking IPs using forign data (from header "from")
thus not the IP-address that really originates the request (see gh-1927)
- fixed failregex for the SQL-injection attempts with single-quotes in connect-string (see gh-2011)
* filter.d/dovecot.conf:
- fixed failregex, see gh-1879 (partially cherry-picked from gh-1880)
- extended to match pam_authenticate failures with "Permission denied" (gh-1897)
* filter.d/exim.conf
- fixed failregex for case of flood attempts with `D=0s` (gh-1887)
- fixed failregex of "AUTH command used when not advertised" to better handle the foreign
input SMTP command (lower/mixed case auth command, prevent injection) (gh-1979)
* filter.d/postfix-*.conf - added optional port regex (gh-1902)
* filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)
* filter.d/nginx-http-auth.conf - match usernames with spaces (gh-2015)
### New Features
### Enhancements
* action.d/cloudflare.conf - Cloudflare API v4 implementation (gh-1651)
* action.d/firewallcmd-ipset.conf - new parameter `actiontype`, provides `allports` capability (gh-1167)
* filter.d/kerio.conf - filter extended with new rules (see gh-1455)
* filter.d/phpmyadmin-syslog.conf - new filter for phpMyAdmin using syslog for auth logging
* filter.d/zoneminder.conf - new filter for ZoneMinder (gh-1376)
ver. 0.9.7 (2017/05/11) - awaiting-victory
-----------
### Fixes
* Fixed a systemd-journal handling in fail2ban-regex (gh-1657)
* filter.d/sshd.conf
- Fixed non-anchored part of failregex (misleading match of colon inside
IPv6 address instead of `: ` in the reason-part by missing space, gh-1658)
(0.10th resp. IPv6 relevant only, amend for gh-1479)
* config/pathes-freebsd.conf
- Fixed filenames for apache and nginx log files (gh-1667)
* filter.d/exim.conf
- optional part `(...)` after host-name before `[IP]` (gh-1751)
- new reason "Unrouteable address" for "rejected RCPT" regex (gh-1762)
- match of complex time like `D=2m42s` in regex "no MAIL in SMTP connection" (gh-1766)
* filter.d/sshd.conf
- new aggressive rules (gh-864):
- Connection reset by peer (multi-line rule during authorization process)
- No supported authentication methods available
- single line and multi-line expression optimized, added optional prefixes
and suffix (logged from several ssh versions), according to gh-1206;
- fixed expression received disconnect auth fail (optional space after port
part, gh-1652)
and suffix (logged from several ssh versions), according to gh-1206;
* filter.d/suhosin.conf
- greedy catch-all before `<HOST>` fixed (potential vulnerability)
* filter.d/cyrus-imap.conf
- accept entries without login-info resp. hostname before IP address (gh-1707)
* Filter tests extended with check of all config-regexp, that contains greedy catch-all
before `<HOST>`, that is hard-anchored at end or precise sub expression after `<HOST>`
### New Features
* New Actions:
- action.d/netscaler: Block IPs on a Citrix Netscaler ADC (gh-1663)
* New Filters:
- filter.d/domino-smtp: IBM Domino SMTP task (gh-1603)
### Enhancements
* Introduced new log-level `MSG` (as INFO-2, equivalent to 18)
ver. 0.9.6 (2016/12/10) - stretch-is-coming
-----------
### Fixes
* Misleading add resp. enable of (already available) jail in database, that
induced a subsequent error: last position of log file will be never retrieved (gh-795)
* Fixed a distribution related bug within testReadStockJailConfForceEnabled
(e.g. test-cases faults on Fedora, see gh-1353)
* Fixed pythonic filters and test scripts (running via wrong python version,
uses "fail2ban-python" now);
* Fixed test case "testSetupInstallRoot" for not default python version (also
using direct call, out of virtualenv);
* Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512);
* FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540)
* Monit config: scripting is not supported in path (gh-1556)
* `filter.d/apache-modsecurity.conf`
- Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all
replaced for safer match, unneeded catch-all anchoring removed, non-capturing
* `filter.d/asterisk.conf`
- Fixed to match different asterisk log prefix (source file: method:)
* `filter.d/dovecot.conf`
- Fixed failregex ignores failures through some not relevant info (gh-1623)
* `filter.d/ignorecommands/apache-fakegooglebot`
- Fixed error within apache-fakegooglebot, that will be called
with wrong python version (gh-1506)
* `filter.d/assp.conf`
- Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494)
* `filter.d/postfix-sasl.conf`
- Allow for having no trailing space after 'failed:' (gh-1497)
* `filter.d/vsftpd.conf`
- Optional reason part in message after FAIL LOGIN (gh-1543)
* `filter.d/sendmail-reject.conf`
- removed mandatory double space (if dns-host available, gh-1579)
* filter.d/sshd.conf
- recognized "Failed publickey for" (gh-1477);
- optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479)
- eliminated possible complex injections (on user-name resp. auth-info, see gh-1479)
- optional port part after host (see gh-1533, gh-1581)
### New Features
* New Actions:
- `action.d/npf.conf` for NPF, the latest packet filter for NetBSD
* New Filters:
- `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine)
(gh-1586, gh-1606 and gh-1607)
### Enhancements
* DateTemplate regexp extended with the word-end boundary, additionally to
word-start boundary
* Introduces new command "fail2ban-python", as automatically created symlink to
python executable, where fail2ban currently installed (resp. its modules are located):
- allows to use the same version, fail2ban currently running, e.g. in
external scripts just via replace python with fail2ban-python:
```diff
-#!/usr/bin/env python
+#!/usr/bin/env fail2ban-python
```
- always the same pickle protocol
- the same (and also guaranteed available) fail2ban modules
- simplified stand-alone install, resp. stand-alone installation possibility
via setup (like gh-1487) is getting closer
* Several test cases rewritten using new methods assertIn, assertNotIn
* New forward compatibility method assertRaisesRegexp (normally python >= 2.7).
Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged
are test covered now
* Jail configuration extended with new syntax to pass options to the backend (see gh-1408),
examples:
- `backend = systemd[journalpath=/run/log/journal/machine-1]`
- `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]`
- `backend = systemd[journalflags=2]`
ver. 0.9.5 (2016/07/15) - old-not-obsolete
-----------
### Fixes
* `filter.d/monit.conf`
- Extended failregex with new monit "access denied" version (gh-1355)
- failregex of previous monit version merged as single expression
* `filter.d/postfix.conf`, `filter.d/postfix-sasl.conf`
- Extended failregex daemon part, matching also `postfix/smtps/smtpd`
now (gh-1391)
* Fixed a grave bug within tags substitutions because of incorrect
detection of recursion in case of multiple inline substitutions
of the same tag (affected actions: `bsd-ipfw`, etc). Now tracks
the actual list of the already substituted tags (per tag instead
of single list)
* `filter.d/common.conf`
- Unexpected extra regex-space in generic `__prefix_line` (gh-1405)
- All optional spaces normalized in `common.conf`, test covered now
- Generic `__prefix_line` extended with optional brackets for the
date ambit (gh-1421), added new parameter `__date_ambit`
* `gentoo-initd` fixed `--pidfile` bug: `--pidfile` is option of
`start-stop-daemon`, not argument of fail2ban (see gh-1434)
* `filter.d/asterisk.conf`
- Fixed security log support for PJSIP and Asterisk 13+ (gh-1456)
- Improved log support for PJSIP and Asterisk 13+ with different
callID (gh-1458)
### New Features
* New Actions:
- `action.d/firewallcmd-rich-rules` and `action.d/firewallcmd-rich-logging`
(gh-1367)
* New filters:
- slapd - ban hosts, that were failed to connect with invalid
credentials: error code 49 (gh-1478)
### Enhancements
* Extreme speedup of all sqlite database operations (gh-1436),
by using of following sqlite options:
- (synchronous = OFF) write data through OS without syncing
- (journal_mode = MEMORY) use memory for the transaction logging
- (temp_store = MEMORY) temporary tables and indices are kept in memory
* journald journalmatch for pure-ftpd (gh-1362)
* Added additional regex filter for dovecot ldap authentication failures (gh-1370)
* `filter.d/exim*conf`
- Added additional regexes (gh-1371)
- Made port entry optional
ver. 0.9.4 (2016/03/08) - for-you-ladies
-----------
### Fixes
* `roundcube-auth` jail typo for logpath
* Fix dnsToIp resolver for fqdn with large list of IPs (gh-1164)
* `filter.d/apache-badbots.conf`
- Updated useragent string regex adding escape for `+`
* `filter.d/mysqld-auth.conf`
- Updated "Access denied ..." regex for MySQL 5.6 and later (gh-1211, gh-1332)
* `filter.d/sshd.conf`
- Updated "Auth fail" regex for OpenSSH 5.9 and later
* Treat failed and killed execution of commands identically (only
different log messages), which addresses different behavior on different
exit codes of dash and bash (gh-1155)
* Fix jail.conf.5 man's section (gh-1226)
* Fixed default banaction for allports jails like pam-generic, recidive, etc
with new default variable `banaction_allports` (gh-1216)
* Fixed `fail2ban-regex` stops working on invalid (wrong encoded) character
for python version < 3.x (gh-1248)
* Use postfix_log logpath for postfix-rbl jail
* `filters.d/postfix.conf` - add 'Sender address rejected: Domain not found' failregex
* use `fail2ban_agent` as user-agent in actions badips, blocklist_de, etc (gh-1271)
* Fix ignoring the sender option by action_mw, action_mwl and action_c_mwl
* Changed `filter.d/asterisk` regex for "Call from ..." (few vulnerable now)
* Removed compression and rotation count from logrotate (inherit them from
the global logrotate config)
### New Features
* New interpolation feature for definition config readers - `<known/parameter>`
(means last known init definition of filters or actions with name `parameter`).
This interpolation makes possible to extend a parameters of stock filter or
action directly in jail inside jail.local file, without creating a separately
`filter.d/*.local` file.
As extension to interpolation `%(known/parameter)s`, that does not works for
filter and action init parameters
* New actions:
- `nftables-multiport` and `nftables-allports` - filtering using nftables
framework. Note: it requires a pre-existing chain for the filtering rule.
* New filters:
- `openhab` - domotic software authentication failure with the
rest api and web interface (gh-1223)
- `nginx-limit-req` - ban hosts, that were failed through nginx by limit
request processing rate (ngx_http_limit_req_module)
- `murmur` - ban hosts that repeatedly attempt to connect to
murmur/mumble-server with an invalid server password or certificate.
- `haproxy-http-auth` - filter to match failed HTTP Authentications against a
HAProxy server
* New jails:
- `murmur` - bans TCP and UDP from the bad host on the default murmur port.
* `sshd` filter got new failregex to match "maximum authentication
attempts exceeded" (introduced in openssh 6.8)
* Added filter for Mac OS screen sharing (VNC) daemon
### Enhancements
* Do not rotate empty log files
* Added new date pattern with year after day (e.g. `Sun Jan 23 2005 21:59:59`)
http://bugs.debian.org/798923
* Added openSUSE path configuration (Thanks Johannes Weberhofer)
* Allow to split ignoreip entries by ',' as well as by ' ' (gh-1197)
* Added a timeout (3 sec) to urlopen within badips.py action
(Thanks M. Maraun)
* Added check against atacker's Googlebot PTR fake records
(Thanks Pablo Rodriguez Fernandez)
* Enhance filter against atacker's Googlebot PTR fake records
(gh-1226)
* Nginx log paths extended (prefixed with "*" wildcard) (gh-1237)
* Added filter for openhab domotic software authentication failure with the
rest api and web interface (gh-1223)
* Add `*_backend` options for services to allow distros to set the default
backend per service, set default to systemd for Fedora as appropriate
* Performance improvements while monitoring large number of files (gh-1265).
Use associative array (dict) for monitored log files to speed up lookup
operations. Thanks @kshetragia
* Specified that fail2ban is PartOf iptables.service `firewalld.service` in
`.service` file -- would reload fail2ban if those services are restarted
* Provides new default `fail2ban_version` and interpolation variable
`fail2ban_agent` in jail.conf
* Enhance filter 'postfix' to ban incoming SMTP client with no fqdn hostname,
and to support multiple instances of postfix having varying suffix (gh-1331)
(Thanks Tom Hendrikx)
* `files/gentoo-initd` to use `start-stop-daemon` to robustify restarting the service
ver. 0.9.3 (2015/08/01) - lets-all-stay-friends
----------
### IMPORTANT incompatible changes
* `filter.d/roundcube-auth.conf`
- Changed logpath to 'errors' log (was 'userlogins')
* `action.d/iptables-common.conf`
- All calls to iptables command now use -w switch introduced in
iptables 1.4.20 (some distribution could have patched their
earlier base version as well) to provide this locking mechanism
useful under heavy load to avoid contesting on iptables calls.
If you need to disable, define `action.d/iptables-common.local`
with empty value for 'lockingopt' in `[Init]` section.
* `mail-whois-lines`, `sendmail-geoip-lines` and `sendmail-whois-lines`
actions now include by default only the first 1000 log lines in
the emails. Adjust `<grepopts>` to augment the behavior.
### Fixes
* reload in interactive mode appends all the jails twice (gh-825)
* reload server/jail failed if database used (but was not changed) and
some jail active (gh-1072)
* `filter.d/dovecot.conf` - also match unknown user in passwd-file.
Thanks Anton Shestakov
* Fix fail2ban-regex not parsing journalmatch correctly from filter config
* `filter.d/asterisk.conf` - fix security log support for Asterisk 12+
* `filter.d/roundcube-auth.conf`
- Updated regex to work with 'errors' log (1.0.5 and 1.1.1)
- Added regex to work with 'userlogins' log
* `action.d/sendmail*.conf` - use LC_ALL (superseding LC_TIME) to override
locale on systems with customized LC_ALL
* performance fix: minimizes connection overhead, close socket only at
communication end (gh-1099)
* unbanip always deletes ip from database (independent of bantime, also if
currently not banned or persistent)
* guarantee order of dbfile to be before dbpurgeage (gh-1048)
* always set 'dbfile' before other database options (gh-1050)
* kill the entire process group of the child process upon timeout (gh-1129).
Otherwise could lead to resource exhaustion due to hanging whois
processes.
* resolve `/var/run/fail2ban` path in setup.py to help installation
on platforms with `/var/run` -> /run symlink (gh-1142)
### New Features
* RETURN iptables target is now a variable: `<returntype>`
* New type of operation: pass2allow, use fail2ban for "knocking",
opening a closed port by swapping blocktype and returntype
* New filters:
- froxlor-auth - Thanks Joern Muehlencord
- apache-pass - filter Apache access log for successful authentication
* New actions:
- shorewall-ipset-proto6 - using proto feature of the Shorewall. Still requires
manual pre-configuration of the shorewall. See the action file for detail.
* New jails:
- pass2allow-ftp - allows FTP traffic after successful HTTP authentication
### Enhancements
* `action.d/cloudflare.conf` - improved documentation on how to allow
multiple CF accounts, and jail.conf got new compound action
definition action_cf_mwl to submit cloudflare report.
* Check access to socket for more detailed logging on error (gh-595)
* fail2ban-testcases man page
* `filter.d/apache-badbots.conf`, `filter.d/nginx-botsearch.conf` - add
HEAD method verb
* Revamp of Travis and coverage automated testing
* Added a space between IP address and the following colon
in notification emails for easier text selection
* Character detection heuristics for whois output via optional setting
in mail-whois*.conf. Thanks Thomas Mayer.
Not enabled by default, if _whois_command is set to be
%(_whois_convert_charset)s (e.g. in `action.d/mail-whois-common.local`),
it
- detects character set of whois output (which is undefined by
RFC 3912) via heuristics of the file command
- converts whois data to UTF-8 character set with iconv
- sends the whois output in UTF-8 character set to mail program
- avoids that heirloom mailx creates binary attachment for input with
unknown character set
ver. 0.9.2 (2015/04/29) - better-quick-now-than-later
----------
### Fixes
* Fix ufw action commands
* infinite busy loop on _escapedTags match in substituteRecursiveTags gh-907.
Thanks TonyThompson
* port[s] typo in jail.conf/nginx-http-auth gh-913. Thanks Frederik Wagner
(fnerdwq)
* $ typo in jail.conf. Thanks Skibbi. Debian bug #767255
* grep'ing for IP in *mail-whois-lines.conf should now match also
at the beginning and EOL. Thanks Dean Lee
* `jail.conf`
- `php-url-fopen`: separate logpath entries by newline
* failregex declared direct in jail was joined to single line (specifying of
multiple expressions was not possible).
* `filters.d/exim.conf` - cover different settings of exim logs
details. Thanks bes.internal
* `filter.d/postfix-sasl.conf` - failregex is now case insensitive
* `filters.d/postfix.conf` - add 'Client host rejected error message' failregex
* `fail2ban/__init__.py` - add strptime thread safety hack-around
* recidive uses `iptables-allports` banaction by default now.
Avoids problems with iptables versions not understanding 'all' for
protocols and ports
* `filter.d/dovecot.conf`
- match pam_authenticate line from EL7
- match unknown user line from EL7
* Use `use_poll=True` for Python 2.7 and >=3.4 to overcome "Bad file
descriptor" msgs issue (gh-161)
* `filter.d/postfix-sasl.conf` - tweak failregex and add ignoreregex to ignore
system authentication issues
* fail2ban-regex reads filter file(s) completely, incl. '.local' file etc.
(gh-954)
* firewallcmd-* actions: split output into separate lines for grepping (gh-908)
* Guard unicode encode/decode issues while storing records in the database.
Fixes "binding parameter error (unsupported type)" (gh-973), thanks to kot
for reporting
* `filter.d/sshd` added regex for matching openSUSE ssh authentication failure
* `filter.d/asterisk.conf`:
- Dropped "Sending fake auth rejection" failregex since it incorrectly
targets the asterisk server itself
- match "hacking attempt detected" logs
### New Features
* New filters:
- postfix-rbl Thanks Lee Clemens
- apache-fakegooglebot.conf Thanks Lee Clemens
- nginx-botsearch Thanks Frantisek Sumsal
- drupal-auth Thanks Lee Clemens
* New recursive embedded substitution feature added:
- `<<PREF>HOST>` becomes `<IPV4HOST>` for PREF=`IPV4`;
- `<<PREF>HOST>` becomes `1.2.3.4` for PREF=`IPV4` and IPV4HOST=`1.2.3.4`;
* New interpolation feature for config readers - `%(known/parameter)s`.
(means last known option with name `parameter`). This interpolation makes
possible to extend a stock filter or jail regexp in .local file
(opposite to simply set failregex/ignoreregex that overwrites it),
see gh-867.
* Monit config for fail2ban in `files/monit/`
* New actions:
- `action.d/firewallcmd-multiport` and `action.d/firewallcmd-allports` Thanks Donald Yandt
- `action.d/sendmail-geoip-lines.conf`
- `action.d/nsupdate` to update DNSBL. Thanks Andrew St. Jean
* New status argument for fail2ban-client -- flavor:
`fail2ban-client status <jail> [flavor]`
- empty or "basic" works as-is
- "cymru" additionally prints (ASN, Country RIR) per banned IP
(requires dnspython or dnspython3)
* Flush log at USR1 signal
### Enhancements
* Enable multiport for firewallcmd-new action. Closes gh-834
* files/debian-initd migrated from the debian branch and should be
suitable for manual installations now (thanks Juan Karlo de Guzman)
* Define empty ignoreregex in filters which didn't have it to avoid
warnings (gh-934)
* `action.d/{sendmail-*,xarf-login-attack}.conf` - report local
timezone not UTC time/zone. Closes gh-911
* Conditionally log Ignore IP with reason (dns, ip, command). Closes gh-916
* Absorbed DNSUtils.cidr into addr2bin in filter.py, added unittests
* Added syslogsocket configuration to fail2ban.conf
* Note in the `jail.conf` for the recidive jail to increase dbpurgeage (gh-964)
ver. 0.9.1 (2014/10/29) - better, faster, stronger
----------
### Refactoring (IMPORTANT -- Please review your setup and configuration)
* `iptables-common.conf` replaced `iptables-blocktype.conf`
(`iptables-blocktype.local` should still be read) and now also
provides defaults for the chain, port, protocol and name tags
### Fixes
* start of file2ban aborted (on slow hosts, systemd considers the server has
been timed out and kills him), see gh-824
* UTF-8 fixes in pure-ftp thanks to Johannes Weberhofer. Closes gh-806.
* systemd backend error on bad utf-8 in python3
* badips.py action error when logging HTTP error raised with badips request
* fail2ban-regex failed to work in python3 due to space/tab mix
* recidive regex samples incorrect log level
* journalmatch for recidive incorrect PRIORITY
* loglevel couldn't be changed in fail2ban.conf
* Handle case when no sqlite library is available for persistent database
* Only reban once per IP from database on fail2ban restart
* Nginx filter to support missing server_name. Closes gh-676
* fail2ban-regex assertion error caused by miscount missed lines with
multiline regex
* Fix actions failing to execute for Python 3.4.0. Workaround for
http://bugs.python.org/issue21207
* Database now returns persistent bans on restart (bantime < 0)
* Recursive action tags now fully processed. Fixes issue with bsd-ipfw
action
* Fixed TypeError with "ipfailures" and "ipjailfailures" action tags.
Thanks Serg G. Brester
* Correct times for non-timezone date times formats during DST
* Pass a copy of, not original, aInfo into actions to avoid side-effects
* Per-distribution paths to the exim's main log
* Ignored IPs are no longer banned when being restored from persistent
database
* Manually unbanned IPs are now removed from persistent database, such they
won't be banned again when Fail2Ban is restarted
* Pass "bantime" parameter to the actions in default jail's action
definition(s)
* `filters.d/sieve.conf` - fixed typo in _daemon. Thanks Jisoo Park
* cyrus-imap -- also catch also failed logins via secured (imaps/pop3s).
Regression was introduced while strengthening failregex in 0.8.11 (bd175f)
Debian bug #755173
* postfix-sasl - added journalmatch. Thanks Luc Maisonobe
* postfix* - match with a new daemon string (postfix/submission/smtpd).
Closes gh-804 . Thanks Paul Traina
* apache - added filter for AH01630 client denied by server configuration.
### New Features
* New filters:
- monit Thanks Jason H Martin
- directadmin Thanks niorg
- apache-shellshock Thanks Eugene Hopkinson (SlowRiot)
* New actions:
- symbiosis-blacklist-allports for Bytemark symbiosis firewall
- fail2ban-client can fetch the running server version
- Added Cloudflare API action
### Enhancements
* Start performance of fail2ban-client (and tests) increased, start time
and cpu usage rapidly reduced. Introduced a shared storage logic, to
bypass reading lots of config files (see gh-824).
Thanks to Joost Molenaar for good catch (reported gh-820).
* Fail2ban-regex - add print-all-matched option. Closes gh-652
* Suppress fail2ban-client warnings for non-critical config options
* Match non "Bye Bye" disconnect messages for sshd locked account regex
* courier-smtp filter:
- match lines with user names
- match lines containing "535 Authentication failed" attempts
* Add `<chain>` tag to iptables-ipsets
* Realign fail2ban log output with white space to improve readability. Does
not affect SYSLOG output
* Log unhandled exceptions
* cyrus-imap: catch "user not found" attempts
* Add support for Portsentry
ver. 0.9.0 (2014/03/14) - beta
----------
Carries all fixes, features and enhancements from 0.8.13 (unreleased) with
major changes.
The minimum supported python version is now 2.6. If you have python-2.4 or 2.5
you can use the 0.8.12 version of fail2ban.
Please take note of release notes:
https://github.com/fail2ban/fail2ban/releases/tag/0.9.0
Please test your configuration before relying on it.
Nearly all development is thanks to Steven Hiscocks (THANKS!), merging,
testcases and timezone support from Daniel Black, and code-review and minor
additions from Yaroslav Halchenko.
### Refactoring (IMPORTANT -- Please review your setup and configuration):
* [..bddbf1e] jail.conf was heavily refactored and now is similar
to how it looked on Debian systems:
- default action could be configured once for all jails
- jails definitions only provide customizations (port, logpath)
- no need to specify 'filter' if name matches jail name
* [..5aef036] Core functionality moved into fail2ban/ module.
Closes gh-26
- tests included in module to aid testing and debugging
* Added fail2ban persistent database
- default location at `/var/lib/fail2ban/fail2ban.sqlite3`
- allows active bans to be reinstated on restart
- log files read from last position after restart
* Added systemd journal backend
- Dependency on python-systemd
- New "journalmatch" option added to filter configs files
- New "systemd-journal" option added to fail2ban-regex
* Added python3 support
* Support %z (Timezone offset) and %f (sub-seconds) support for
datedetector. Enhanced existing date/time have been updated patterns to
support these. ISO8601 now defaults to localtime unless specified otherwise.
Some filters have been change as required to capture these elements in the
right timezone correctly.
* Log levels are now set by Syslog style strings e.g. DEBUG, ERROR.
- Log level INFO is now more verbose
* Optionally can read log files starting from "head" or "tail".
- See "logpath" option in jail.conf(5) man page.
* Can now set log encoding for files per jail.
- Default uses systemd locale.
### New Features
* [..c7ae460] Multiline failregex. Close gh-54
* [8af32ed] Guacamole filter and support for Apache Tomcat date
format
* [..b6059f4] 'timeout' option for actions Close gh-60 and Debian
bug #410077. Also it would now capture and include stdout and stderr
into logging messages in case of error or at DEBUG loglevel.
* Added action xarf-login-attack to report formatted attack messages
according to the XARF standard (v0.2). Close gh-105
* Support PyPy
* Add filter for apache-botsearch
* Add filter for kerio. Thanks Tony Lawrence for blog of regexs and
providing samples. Close gh-120
* Filter for stunnel
* Filter for Counter Strike 1.6. Thanks to onorua for logs.
Close gh-347
* Filter for squirrelmail. Close gh-261
* Filter for tine20. Close gh-583
* Custom date formats (strptime) can now be set in filters and jail.conf
* Python based actions can now be created.
- SMTP action for sending emails on jail start, stop and ban.
* Added action to use badips.com reporting and blacklist
- Requires Python 2.7+
### Enhancements
* Fail2ban-regex - don't accumulate lines if not printing them.
add options to suppress output of missed/ignored lines. Close gh-644
* Asterisk now supports syslog format
* Jail names increased to 26 characters and iptables prefix reduced
from fail2ban- to f2b- as suggested by buanzo in gh-462.
* Multiline filter for sendmail-spam. Close gh-418
* Multiline regex for Disconnecting: Too many authentication failures for
root [preauth]\nConnection closed by 6X.XXX.XXX.XXX [preauth]
* Multiline regex for Disconnecting: Connection from 61.XX.XX.XX port
51353\nToo many authentication failures for root [preauth]. Thanks
Helmut Grohne. Close gh-457
* Replacing use of deprecated API (.warning, .assertEqual, etc)
* [..a648cc2] Filters can have options now too which are substituted into
failregex / ignoreregex
* [..e019ab7] Multiple instances of the same action are allowed in the
same jail -- use actname option to disambiguate.
* Add honeypot email address to exim-spam filter as argument
* Properties and methods of actions accessible from fail2ban-client
- Use of properties replaces command actions "cinfo" interface
ver. 0.8.13 (2014/03/15) - maintenance-only-from-now-on
-----------
### Fixes
- action firewallcmd-ipset had non-working actioncheck. Removed.
redhat bug #1046816.
- filter pureftpd - added _daemon which got removed. Added
### New Features
- filter nagios - detects unauthorized access to the nrpe daemon (Ivo Truxa)
- filter sendmail-{auth,reject} (jserrachinha and cepheid666 and fab23).
### Enhancements
- filter asterisk now supports syslog format
- filter pureftpd - added all translations of "Authentication failed for
user"
- filter dovecot - lip= was optional and extended TLS errors can occur.
Thanks Noel Butler.
ver. 0.8.12 (2014/01/22) - things-can-only-get-better
----------
- IMPORTANT incompatible changes:
- Rename firewall-cmd-direct-new to firewallcmd-new to fit within jail name
name length. As per gh-395
- mysqld-syslog-iptables jailname was too long. Renamed to mysqld-syslog.
Part of gh-447.
### Fixes
- allow for ",milliseconds" in the custom date format of proftpd.log
- allow for ", referer ..." in apache-* filter for apache error logs.
- allow for spaces at the beginning of kernel messages. Closes gh-448
- recidive jail to block all protocols. Closes gh-440. Thanks Ioan Indreias
- smtps not a IANA standard and has been removed from Arch. Replaced with
465. Thanks Stefan. Closes gh-447
- add 'flushlogs' command to allow logrotation without clobbering logtarget
settings. Closes gh-458, Debian bug #697333, Redhat bug #891798.
- complain action - ensure where not matching other IPs in log sample.
Closes gh-467
- Fix firewall-cmd actioncheck - patch from Adam Tkac. Redhat Bug #979622
- Fix apache-common for apache-2.4 log file format. Thanks Mark White.
Closes gh-516
- Asynchat changed to use push method which verifys whether all data was
send. This ensures that all data is sent before closing the connection.
- Removed unnecessary reference to as yet undeclared $jail_name when checking
a specific jail in nagios script.
- Filter dovecot reordered session and TLS items in regex with wider scope
for session characters. Thanks Ivo Truxa. Closes gh-586
- A single bad failregex or command syntax in configuration files won't stop
fail2ban from starting. Thanks Tomasz Ciolek. Closes gh-585.
### Enhancements
- long names on jails documented based on iptables limit of 30 less
len("fail2ban-").
- remove indentation of name and loglevel while logging to SYSLOG to
resolve syslog(-ng) parsing problems. Closes Debian bug #730202.
- updated check_fail2ban to return performance data for all jails.
- filter apache-noscript now includes php cgi scripts.
Thanks dani. Closes gh-503
- exim-spam filter to match spamassassin log entry for option SAdevnull.
Thanks Ivo Truxa. Closes gh-533
- `filter.d/nsd.conf` -- also amended Unix date template to match nsd format
- Added to sshd filter expression for `Received disconnect from <HOST>: 3:
...: Auth fail`. Thanks Marcel Dopita. Closes gh-289
- loglines now also report "[PID]" after the name portion
- Added `filter.d/ejabberd-auth`
- Improved ACL-handling for Asterisk
- loglines now also report "[PID]" after the name portion
- Added improper command pipelining to postfix filter.
### New Features
- `filter.d/solid-pop3d` -- added thanks to Jacques Lav!gnotte on mailinglist.
- Add filter for apache-modsecurity.
- `filter.d/nsd.conf` -- also amended Unix date template to match nsd format
- Added openwebmail filter thanks Ivo Truxa. Closes gh-543
- Added filter for freeswitch. Thanks Jim and editors and authors of
http://wiki.freeswitch.org/wiki/Fail2ban
- Added groupoffice filter thanks to logs from Merijn Schering.
Closes gh-566
- Added filter for horde
- Added filter for squid. Thanks Roman Gelfand.
- Added filter for ejabberd-auth.
- Added `filter.d/openwebmail` filter thanks Ivo Truxa. Closes gh-543
- Added `filter.d/groupoffice` filter thanks to logs from Merijn Schering.
Closes gh-566
- Added `action.d/badips`. Thanks to Amy for making a nice API.
- Added firewallcmd-ipset action.
- Added ufw action. Thanks Guilhem Lettron. lp-#701522
- Added blocklist_de action.
ver. 0.8.11 (2013/11/13) - loves-unittests-and-tight-DoS-free-filter-regexes
----------
In light of CVE-2013-2178 that triggered our last release we have put
a significant effort into tightening all of the regexs of our filters
to avoid another similar vulnerability. All filters have been updated
and some to catch more login/authentication failures and to support
for newer application versions. There are test cases for most log
cases of failures now.
As usual, if you have other examples that demonstrate that a filter is
insufficient, or if we have inadvertently introduced a regression,
please provide us with example log lines on the github issue tracker
http://github.com/fail2ban/fail2ban/issues and NOT on a random blog in
some obscure corner of the Internet.
Many thanks to our contributors for this release Daniel Black, Yaroslav
Halchenko, Steven Hiscocks, Mark McKinstry, Andy Fragen, Orion Poplawski,
Alexander Dietrich, JP Espinosa, Jamyn Shanley, Beau Raines, François
Boulogne and others who have helped on IRC and mailing list, logged issues
and bug requests.
### IMPORTANT incompatible changes
Filter name changes:
* 'lighttpd-fastcgi' filter has been renamed to 'suhosin'
* 'sasl' has been renamed to 'postfix-sasl'
* 'exim' spam catching failregexes was split out into 'exim-spam'
These changes will require changing jail.{conf,local} if any of
those filters were used.
### Fixes
- Jonathan Lanning
* `filter.d/asterisk` -- identified another regex for blocking. Also channel
ID is hex not decimal as noted in sample logs provided.
- Daniel Black & Marcel Dopita
* `filter.d/apache-auth` -- fixed and apache auth samples provide. Closes gh-286
- Yaroslav Halchenko
* `filter.d/common.conf` -- make colon after [daemon] optional. Closes gh-267
* `filter.d/apache-common.conf` -- support apache 2.4 more detailed error
log format. Closes gh-268
* Backends changes detection and parsing. Close gh-223 and gh-103:
- Polling backend: detect changes in the files not only based on
mtime, but also on the size and inode. It should allow for
better detection of changes and log rotations on busy servers,
older python 2.4, and file systems with precision of mtime only
up to a second (e.g. ext3).
- All backends, possible race condition: do not read from a file
initially reported empty. Originally could have lead to
accounting for detected log lines multiple times.
- Do not crash if executing a command in fail2ban-client interactive
mode has failed (e.g. due to incorrect syntax). Closes gh-353
- Daniel Black & Мернов Георгий
* `filter.d/dovecot.conf` -- Fix when no TLS enabled - line doesn't end in ,
- Daniel Black & Georgiy Mernov & ftoppi & Мернов Георгий
* `filter.d/exim.conf` -- regex hardening and extra failure examples in
sample logs
* `filter.d/named-refused.conf` - BIND 9.9.3 regex changes
- Daniel Black & Sebastian Arcus
* `filter.d/asterisk` -- more regexes
- Daniel Black
* `action.d/hostsdeny` -- NOTE: new dependency 'ed'. Switched to use 'ed' across
all platforms to ensure permissions are the same before and after a ban.
Closes gh-266. hostsdeny supports daemon_list now too.
* `action.d/bsd-ipfw` - action option unused. Change blocktype to port unreach
instead of deny for consistency.
* `filter.d/dovecot` - added to support different dovecot failure
"..disallowed plaintext auth". Closes Debian bug #709324
* `filter.d/roundcube-auth` - timezone offset can be positive or negative
* `action.d/bsd-ipfw` - action option unused. Fixed to blocktype for
consistency. default to port unreach instead of deny
* `filter.d/dropbear` - fix regexs to match standard dropbear and the patched
http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch
and add PAM is it in dropbear-2013.60 source code.
* `filter.d/{asterisk,assp,dovecot,proftpd}.conf` -- regex hardening
and extra failure examples in sample logs
* `filter.d/apache-auth` - added expressions for mod_authz, mod_auth and
mod_auth_digest failures.
* `filter.d/recidive` -- support f2b syslog target and anchor regex at start
* `filter.d/mysqld-auth.conf` - mysql can use syslog
* `filter.d/sshd` - regex enhancements to support openssh-6.3. Closes Debian
bug #722970. Thanks Colin Watson for the regex analysis.
* `filter.d/wuftpd` - regex enhancements to support pam and wuftpd. Closes
Debian bug #665925
- Rolf Fokkens
* `action.d/dshield.conf` and complain.conf -- reorder mailx arguments.
https://bugzilla.redhat.com/show_bug.cgi?id=998020
- John Doe (ache)
* `action.d/bsd-ipfw.conf` - invert actionstop logic to make exist status 0.
Closes gh-343.
- JP Espinosa (Reviewed by O.Poplawski)
* files/redhat-initd - rewritten to use stock init.d functions thus
avoiding problems with getpid. Also $network and iptables moved
to Should- rc init fields
- Rick Mellor
* `filter.d/vsftp` - fix capture with tty=ftp
### New Features
- Edgar Hoch
* `action.d/firewall-cmd-direct-new.conf` - action for firewalld
from https://bugzilla.redhat.com/show_bug.cgi?id=979622
NOTE: requires firewalld-0.3.8+
- Andy Fragen and Daniel Black
* `filter.d/osx-ipfw.conf` - ipfw action for OSX based on random rule
numbers.
- Anonymous:
* `action.d/osx-afctl` - an action based on afctl for osx
- Daniel Black & ykimon
* `filter.d/3proxy.conf` -- filter added
* fail2ban-regex - now generates http://www.debuggex.com urls for debugging
regular expressions with the -D parameter.
- Daniel Black
* `filter.d/exim-spam.conf` -- a splitout of exim's spam regexes
with additions for greater control over filtering spam.
* add date expression for apache-2.4 - milliseconds
* `filter.d/nginx-http-auth` -- filter added for http basic authentication
failures in nginx. Partially fulfills gh-405.
- Christophe Carles & Daniel Black
* `filter.d/perdition.conf` -- filter added
- Mark McKinstry
* `action.d/apf.conf` - add action for Advanced Policy Firewall (apf)
- Amir Caspi and kjohnsonecl
* `filter.d/uwimap-auth` - filter for uwimap-auth IMAP/POP server
- Steven Hiscocks and Daniel Black
* `filter.d/selinux-{common,ssh`} -- add SELinux date and ssh filter
### Enhancements
- François Boulogne and Frédéric
* `filter.d/lighttpd` - auth regexs for lighttpd-1.4.31
- Daniel Black
* reorder parsing of jail.conf, `jail.d/*.conf`, `jail.local`, `jail.d/*.local`
and likewise for `fail2ban.{conf|local|d/*.conf|d/*.local`}. Closes gh-392
* jail.conf now has asterisk jail - no need for asterisk-tcp and
asterisk-udp. Users should replace existing jails with asterisk to
reduce duplicate parsing of the asterisk log file.
* `filter.d/{suhosin,pam-generic,gssftpd,sogo-auth,webmin`}- regex anchor at
start
* `filter.d/vsftpd` - anchored regex at start. disable old pam format regex
* `filter.d/pam-generic` - added syslog prefix. Disabled support for
linux-pam before version 0.99.2.0 (2005)
* `filter.d/postfix-sasl` - renamed from sasl, anchor at start and base on
syslog
* `filter.d/qmail` - rewrote regex to anchor at start. Added regex for
another "in the wild" patch to rblsmtp.
- Yaroslav Halchenko
* fail2ban-regex -- refactored to provide more details (missing and
ignored lines, control over logging, etc) while maintaining look&feel
* fail2ban-client -- log to standard error. Closes gh-264
* Fail to configure if not a single log file was found for an
enabled jail. Closes gh-63
* `<HOST>` is now enforced to end with an alphanumeric
* `filter.d/roundcube-auth.conf` -- anchored version
* date matching - for standard asctime formats prefer more detailed
first (thus use year if available)
* files/gen_badbots was added and `filter.d/apache-badbots.conf` was
regenerated to get updated (although now still an old) list of
"bad" bots
- Alexander Dietrich
* `action.d/sendmail-common.conf` -- added common sendmail settings file
and made the sender display name configurable
- Steven Hiscocks
* `filter.d/dovecot` - Addition of session, time values and possible blank
user
- Zurd and Daniel Black
* `filter.d/named-refused` - added refused on zone transfer
* `filter.d/{courier{login,smtp},proftpd,sieve,wuftpd,xinetd`} - General
regex improvements
- Zurd
* `filter.d/postfix` - add filter for VRFY failures. Closes gh-322.
- Orion Poplawski
* `fail2ban.d/` and `jail.d/` directories are added to `etc/fail2ban` to facilitate
their use
ver. 0.8.10 (2013/06/12) - wanna-be-secure
-----------
Primarily bugfix and enhancements release, triggered by "bugs" in
apache- filters. If you are relying on listed below apache- filters,
upgrade asap and seek your distributions to patch their fail2ban
distribution with [6ccd5781].
### Fixes
- Yaroslav Halchenko
* [6ccd5781] `filter.d/apache-{auth,nohome,noscript,overflows`} - anchor
failregex at the beginning (and where applicable at the end).
Addresses a possible DoS. Closes gh-248
* `action.d/{route,shorewall}.conf` - blocktype must be defined
within [Init]. Closes gh-232
### Enhancements
- Yaroslav Halchenko
* jail.conf -- assure all jails have actions and remove unused
ports specifications
- Terence Namusonge
* `filter.d/roundcube-auth.conf` -- support roundcube 0.9+
- Daniel Black
* `files/suse-initd` -- update to the copy from stock SUSE
silviogarbes & Daniel Black
* Updates to asterisk filter. Closes gh-227/gh-230.
- Carlos Alberto Lopez Perez
* Updates to asterisk to include AUTH_UNKNOWN_DOMAIN. Closes gh-244.
ver. 0.8.9 (2013/05/13) - wanna-be-stable
----------
Originally targeted as a bugfix release, it incorporated many new
enhancements, few new features, and more importantly -- quite extended
tests battery with current 94% coverage (from 56% of 0.8.8).
This release introduces over 200 of non-merge commits from 16
contributors (sorted by number of commits): Yaroslav Halchenko, Daniel
Black, Steven Hiscocks, James Stout, Orion Poplawski, Enrico Labedzki,
ArndRa, hamilton5, pigsyn, Erwan Ben Souiden, Michael Gebetsroither,
Artur Penttinen, blotus, sebres, Nicolas Collignon, Pascal Borreli.
Special Kudos also go to Fabian Wenk, Arturo 'Buanzo' Busleiman, Tom
Hendrikx, Yehuda Katz and other TBN heroes supporting users on
fail2ban-users mailing list and IRC.
### Fixes
- Yaroslav Halchenko
* [6f4dad46] python-2.4 is the minimal version.
* [1eb23cf8] do not rely on scripts being under /usr -- might differ e.g.
on Fedora. Closes gh-112. Thanks to Camusensei for the bug report.
* [bf4d4af1] Changes for atomic writes. Thanks to Steven Hiscocks for
insight. Closes gh-103.
* [ab044b75] delay check for the existence of config directory until read.
* [3b4084d4] fixing up for handling of TAI64N timestamps.
* [154aa38e] do not shutdown logging until all jails stop.
* [f2156604] pyinotify -- monitor IN_MOVED_TO events. Closes gh-184.
Thanks to Jon Foster for report and troubleshooting.
- Orion Poplawski
* [e4aedfdc00] pyinotify - use bitwise op on masks and do not try tracking
newly created directories.
- Nicolas Collignon
* [39667ff6] Avoid leaking file descriptors. Closes gh-167.
- Sergey Brester
* [b6bb2f88 and d17b4153] invalid date recognition, irregular because of
sorting template list.
- Steven Hiscocks
* [7a442f07] When changing log target with python2.{4,5} handle KeyError.
Closes gh-147, gh-148.
* [b6a68f51] Fix delaction on server side. Closes gh-124.
- Daniel Black
* [f0610c01] Allow more that a one word command when changing and Action via
the fail2ban-client. Closes gh-134.
* [945ad3d9] Fix dates on email actions to work in different locals. Closes
gh-70. Thanks to iGeorgeX for the idea.
- blotus
* [96eb8986] ' and " should also be escaped in action tags Closes gh-109
- Christoph Theis, Nick Hilliard, Daniel Black
* [b3bd877d,cde71080] Make `syslog -v` and `syslog -vv` formats work on FreeBSD
### New Features
- Yaroslav Halchenko
* [9ba27353] Add support for `jail.d/{confilefile}` and `fail2ban.d/{configfile}`
to provide additional flexibility to system administrators. Thanks to
beilber for the idea. Closes gh-114.
* [3ce53e87] Add exim filter.
- Erwan Ben Souiden
* [d7d5228] add nagios integration documentation and script to ensure
fail2ban is running. Closes gh-166.
- Artur Penttinen
* [29d0df5] Add mysqld filter. Closes gh-152.
- ArndRaphael Brandes
* [bba3fd8] Add Sogo filter. Closes gh-117.
- Michael Gebetsriother
* [f9b78ba] Add action route to block at routing level.
- Teodor Micu & Yaroslav Halchenko
* [5f2d383] Add roundcube auth filter. Closes Debian bug #699442.
- Daniel Black
* [be06b1b] Add action for iptables-ipsets. Closes gh-102.
- Nick Munger, Ken Menzel, Daniel Black, Christoph Theis & Fabian Wenk
* [b6d0e8a] Add and enhance the bsd-ipfw action from
FreeBSD ports.
- Soulard Morgan
* [f336d9f] Add filter for webmin. Closes gh-99.
- Steven Hiscocks
* [..746c7d9] bash interactive shell completions for fail2ban-*'s
- Nick Hilliard
* [0c5a9c5] Add pf action.
### Enhancements
- Enrico Labedzki
* [24a8d07] Added new date format for ASSP SMTP Proxy.
- Steven Hiscocks
* [3d6791f] Ensure restart of Actions after a check fails occurs
consistently. Closes gh-172.
* [MANY] Improvements to test cases, travis, and code coverage (coveralls).
* [b36835f] Add get cinfo to fail2ban-client. Closes gh-124.
* [ce3ab34] Added ability to specify PID file.
- Orion Poplawski
* [ddebcab] Enhance fail2ban.service definition dependencies and Pidfile.
Closes gh-142.
- Yaroslav Halchenko
* [MANY] Lots of improvements to log messages, man pages and test cases.
* [91d5736] Postfix filter improvements - empty helo, from and rcpt to.
Closes gh-126. Bug report by Michael Heuberger.
* [40c5a2d] adding more of diagnostic messages into -client while starting
the daemon.
* [8e63d4c] Compare against None with 'is' instead of '=='.
* [6fef85f] Strip CR and LF while analyzing the log line
- Daniel Black
* [3aeb1a9] Add jail.conf manual page. Closes gh-143.
* [MANY] man page edits.
* [7cd6dab] Added help command to fail2ban-client.
* [c8c7b0b,23bbc60] Better logging of log file read errors.
* [3665e6d] Added code coverage to development process.
* [41b9f7b,32d10e9,39750b8] More complete ssh filter rules to match openssh
source. Also include BSD changes.
* [1d9abd1] Action files can have tags in definition that refer to other
tags.
* [10886e7,cec5da2,adb991a] Change actions to response with ICMP port
unreachable rather than just a drop of the packet.
- Pascal Borreli
* [a2b29b4] Fixed lots of typos in config files and documentation.
- hamilton5
* [7ede1e8] Update dovecot filter config.
- Romain Riviere
* [0ac8746] Enhance named-refused filter for views.
- James Stout
* [..2143cdf] Solaris support enhancements:
- `README.Solaris`
- failregex'es tune ups (`sshd.conf`)
- hostsdeny: do not rely on support of '-i' in sed
ver. 0.8.8 (2012/12/06) - stable
----------
### Fixes
- Alan Jenkins
* [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid
banning due to misconfigured DNS. Closes gh-64
- Yaroslav Halchenko
* [83109bc] IMPORTANT: escape the content of <matches> (if used in
custom action files) since its value could contain arbitrary
symbols. Thanks for discovery go to the NBS System security
team
* [0935566,5becaf8] Various python 2.4 and 2.5 compatibility fixes. Closes gh-83
* [b159eab] do not enable pyinotify backend if pyinotify < 0.8.3
* [37a2e59] store IP as a base, non-unicode str to avoid spurious messages
in the console. Closes gh-91
### New Features
- David Engeset
* [2d672d1,6288ec2] 'unbanip' command for the client + avoidance of touching
the log file to take 'banip' or 'unbanip' in effect. Closes gh-81, gh-86
### Enhancements
* [2d66f31] replaced uninformative "Invalid command" message with warning log
exception why command actually failed
* [958a1b0] improved failregex to "support" auth.backend = "htdigest"
* [9e7a3b7] until we make it proper module -- adjusted sys.path only if
system-wide run
* [f52ba99] downgraded "already banned" from WARN to INFO level. Closes gh-79
* [f105379] added hints into the log on some failure return codes (e.g. 0x7f00
for this gh-87)
* Various others: travis-ci integration, script to run tests
against all available Python versions, etc
ver. 0.8.7.1 (2012/07/31) - stable
----------
### Fixes
* [e9762f3] Removed sneaked in comment on sys.path.insert
ver. 0.8.7 (2012/07/31) - stable
----------
### Fixes
- Tom Hendrikx & Jeremy Olexa
* [0eaa4c2,444e4ac] Fix Gentoo init script: $opts variable is deprecated.
See http://forums.gentoo.org/viewtopic-t-899018.html
- Chris Reffett
* [a018a26] Fixed addBannedIP to add enough failures to trigger a ban,
rather than just one failure.
- Yaroslav Halchenko
* [4c76fb3] allow trailing white-spaces in lighttpd-auth.conf
* [25f1e8d] allow trailing whitespace in few missing it regexes for sshd.conf
* [ed16ecc] enforce "ip" field returned as str, not unicode so that log
message stays non-unicode. Close gh-32
* [b257be4] added %m-%d-%Y pattern + do not add %Y for Feb 29 fix if
already present in the pattern
* [47e956b] replace "|" with "_" in ipmasq-ZZZzzz|fail2ban.rul to be
friend to developers stuck with Windows (Closes gh-66)
* [80b191c] anchor grep regexp in actioncheck to not match partial names
of the jails (Closes: #672228) (Thanks Szépe Viktor for the report)
### New Features
- François Boulogne
* [a7cb20e..] add lighttpd-auth filter/jail
- Lee Clemens & Yaroslav Halchenko
* [e442503] pyinotify backend (default if backend='auto' and pyinotify
is available)
* [d73a71f,3989d24] usedns parameter for the jails to allow disabling
use of DNS
- Tom Hendrikx
* [f94a121..] 'recidive' filter/jail to monitor fail2ban.conf to ban
repeated offenders. Close gh-19
- Xavier Devlamynck
* [7d465f9..] Add asterisk support
- Zbigniew Jędrzejewski-Szmek
* [de502cf..] allow running fail2ban as non-root user (disabled by
default) via xt_recent. See doc/run-rootless.txt
### Enhancements
- Lee Clemens
* [47c03a2] files/nagios - spelling/grammar fixes
* [b083038] updated Free Software Foundation's address
* [9092a63] changed TLDs to invalid domains, in accordance with RFC 2606
* [642d9af,3282f86] reformatted printing of jail's name to be consistent
with init's info messages
* [3282f86] uniform use of capitalized Jail in the messages
- Leonardo Chiquitto
* [4502adf] Fix comments in dshield.conf and mynetwatchman.conf
to reflect code
* [a7d47e8] Update Free Software Foundation's address
- Petr Voralek
* [4007751] catch failed ssh logins due to being listed in DenyUsers.
Close gh-47 (Closes: #669063)
- Yaroslav Halchenko
* [MANY] extended and robustified unittests: test different backends
* [d9248a6] refactored Filter's to avoid duplicate functionality
* [7821174] direct users to issues on github
* [d2ffee0..] re-factored fail2ban-regex -- more condensed output by
default with -v to control verbosity
* [b4099da] adjusted header for config/*.conf to mention .local and way
to comment (Thanks Stefano Forli for the note)
* [6ad55f6] added failregex for wu-ftpd to match against syslog instead
of DoS-prone auth.log's rhost (Closes: #514239)
* [2082fee] match possibly present "pam_unix(sshd:auth):" portion for
sshd filter (Closes: #648020)
- Yehuda Katz & Yaroslav Halchenko
* [322f53e,bd40cc7] ./DEVELOP -- documentation for developers
ver. 0.8.6 (2011/11/28) - stable
----------
### Fixes
- Markos Chandras & Yaroslav Halchenko
* [492d8e5,bd658fc] Use hashlib (instead of deprecated md5) where available
- Robert Trace & Michael Lorant
* [c48c2b1] gentoo-initd cleanup and fixes: assure `/var/run` + remove stale
sock file
- Michael Saavedra
* [3a58d0e] Lock server's executeCmd to prevent racing among iptables calls:
see http://bugs.debian.org/554162
- Yaroslav Halchenko
* [3eb5e3b] Allow for trailing spaces in sasl logs
* [1632244] Stop server-side communication before stopping the
jails (prevents lockup if actions use fail2ban-client upon
unban): see https://github.com/fail2ban/fail2ban/issues/7
* [5a2d518] Various changes to reincarnate unittests
- Yehuda Katz
* Wiki was cleaned from SPAM
### Enhancements
- Adam Spiers
* [3152afb] Recognise time-stamped kernel messages
- Guido Bozzetto
* [713fea6] Added ipmasq rule file to restart fail2ban when iptables are
wiped out: see http://bugs.debian.org/461417
- Łukasz
* [5f23542] Matching of month names in Polish (thanks michaelberg79
for QA)
- Tom Hendrikx
* [9fa54cf] Added Date: header for sendmail*.conf actions
- Yaroslav Halchenko & Tom Hendrikx
* [b52d420..22b7007] <matches> in action files now can be used
to provide matched loglines which triggered action
- Yaroslav Halchenko
* [ed0bf3a] Removed duplicate entry for DataCha0s/2\.0 in badbots:
see http://bugs.debian.org/519557
* [dad91f7] sshd.conf: allow user names to have spaces and
trailing spaces in the line
* [a9be451] removed expansions for few Date and Revision SVN keywords
* [a33135c] set/getFile for ticket.py -- found in source distribution
of 0.8.4
* [fbce415] additional logging while stopping the jails
ver. 0.8.5 (2011/07/28) - stable
----------
- Fix: use addfailregex instead of failregex while processing per-jail
"failregex" parameter (Fixed Debian bug #635830, LP: #635036). Thanks to
Marat Khayrullin for the patch and Daniel T Chen for forwarding to
Debian.
- Fix: use os.path.join to generate full path - fixes includes in configs
given local filename (5 weeks ago) [yarikoptic]
- Fix: allowed for trailing spaces in proftpd logs
- Fix: escaped () in pure-ftpd filter. Thanks to Teodor
- Fix: allowed space in the trailing of failregex for sasl.conf:
see http://bugs.debian.org/573314
- Fix: use `/var/run/fail2ban` instead of `/tmp` for temp files in actions:
see http://bugs.debian.org/544232
- Fix: Tai64N stores time in GMT, needed to convert to local time before
returning
- Fix: disabled named-refused-udp jail entirely with a big fat warning
- Fix: added time module. Bug reported in buanzo's blog:
see http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
- Fix: Patch to make log file descriptors cloexec to stop leaking file
descriptors on fork/exec. Thanks to Jonathan Underwood:
see https://bugzilla.redhat.com/show_bug.cgi?id=230191#c24
- Enhancement: added author for dovecot filter and pruned unneeded space
in the regexp
- Enhancement: proftpd filter -- if login failed -- count regardless of the
reason for failure
- Enhancement: added <chain> to `action.d/iptables*`. Thanks to Matthijs Kooijman:
see http://bugs.debian.org/515599
- Enhancement: added `filter.d/dovecot.conf` from Martin Waschbuesch
- Enhancement: made `filter.d/apache-overflows.conf` catch more:
see http://bugs.debian.org/574182
- Enhancement: added dropbear filter from Francis Russell and Zak B. Elep:
see http://bugs.debian.org/546913
- Enhancement: changed default ignoreip to ignore entire loopback zone (/8):
see http://bugs.debian.org/598200
- Minor: spell-checked jail.conf. Thanks to Christoph Anton Mitterer
- Few minor cosmetic changes
ver. 0.8.4 (2009/09/07) - stable
----------
- Check the inode number for rotation in addition to checking the first line of
the file. Thanks to Jonathan Kamens. Red Hat #503852. Tracker #2800279.
- Moved the shutdown of the logging subsystem out of Server.quit() to
the end of Server.start(). Fixes the 'cannot release un-acquired lock'
error.
- Added "Ban IP" command. Thanks to Arturo 'Buanzo' Busleiman.
- Added two new filters: lighttpd-fastcgi and php-url-fopen.
- Fixed the 'unexpected communication error' problem by means of
use_poll=False in Python >= 2.6.
- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
- Use current day and month instead of Jan 1st if both are not available in the
log. Thanks to Andreas Itzchak Rehberg.
- Try to match the regex even if the line does not contain a valid date/time.
Described in Debian #491253. Thanks to Yaroslav Halchenko.
- Added/improved filters and date formats.
- Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to
Russell Odom.
- Suse init script. Remove socket file on startup is fail2ban crashed. Thanks to
Detlef Reichelt.
- Removed begin-line anchor for "standard" timestamp. Fixed Debian bug #500824.
- Added nagios script. Thanks to Sebastian Mueller.
- Added CPanel date format. Thanks to David Collins. Tracker #1967610.
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115.
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953.
- Changed `<HOST>` template to be more restrictive. Debian bug #514163.
- Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100% correct
fix but seems to work. Tracker #2500276.
- Made the named-refused regex a bit less restrictive in order to match logs
with "view". Thanks to Stephen Gildea.
- Fixed maxretry/findtime rate. Many thanks to Christos Psonis. Tracker #2019714
ver. 0.8.3 (2008/07/17) - stable
----------
- Process failtickets as long as failmanager is not empty.
- Added "pam-generic" filter and more configuration fixes. Thanks to Yaroslav
Halchenko.
- Fixed socket path in redhat and suse init script. Thanks to Jim Wight.
- Fixed PID file while started in daemon mode. Thanks to Christian Jobic who
submitted a similar patch.
- Fixed `fail2ban-client get <jail> logpath`. Bug #1916986.
- Added gssftpd filter. Thanks to Kevin Zembower.
- Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to Dennis
Winter.
- Fixed ignoreregex processing in fail2ban-client. Thanks to René Berber.
- Added ISO 8601 date/time format.
- Added and changed some logging level and messages.
- Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
- Use poll instead of select in asyncore.loop. This should solve the "Unknown
error 514". Thanks to Michael Geiger and Klaus Lehmann.
ver. 0.8.2 (2008/03/06) - stable
----------
- Fixed named filter. Thanks to Yaroslav Halchenko
- Fixed wrong path for apache-auth in jail.conf. Thanks to Vincent Deffontaines
- Fixed timezone bug with epoch date template. Thanks to Michael Hanselmann
- Added "full line failregex" patch. Thanks to Yaroslav Halchenko. It will be
possible to create stronger failregex against log injection
- Fixed ipfw action script. Thanks to Nick Munger
- Removed date from logging message when using SYSLOG. Thanks to Iain Lea
- Fixed "ignore IPs". Only the first value was taken into account. Thanks to
Adrien Clerc
- Moved socket to `/var/run/fail2ban`.
- Rewrote the communication server.
- Refactoring. Reduced number of files.
- Removed Python 2.4. Minimum required version is now Python 2.3.
- New log rotation detection algorithm.
- Print monitored files in status.
- Create a PID file in `/var/run/fail2ban/`. Thanks to Julien Perez.
- Fixed "Feb 29" bug. Thanks to James Andrewartha who pointed this out. Thanks
to Yaroslav Halchenko for the fix.
- `reload <jail>` reloads a single jail and the parameters in fail2ban.conf.
- Added Mac OS/X startup script. Thanks to Bill Heaton.
- Absorbed some Debian patches. Thanks to Yaroslav Halchenko.
- Replaced "echo" with "printf" in actions. Fix #1839673
- Replaced "reject" with "drop" in shorwall action. Fix #1854875
- Fixed Debian bug #456567, #468477, #462060, #461426
- readline is now optional in fail2ban-client (not needed in fail2ban-server).
ver. 0.8.1 (2007/08/14) - stable
----------
- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
- Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko
- Improved regular expressions. Thanks to Yaroslav Halchenko and others
- Added sendmail actions. The action started with "mail" are now deprecated.
Thanks to Raphaël Marichez
- Added "ignoreregex" support to fail2ban-regex
- Updated suse-initd and added it to MANIFEST. Thanks to Christian Rauch
- Tightening up the pid check in redhat-initd. Thanks to David Nutter
- Added webmin authentication filter. Thanks to Guillaume Delvit
- Removed textToDns() which is not required anymore. Thanks to Yaroslav
Halchenko
- Added new action iptables-allports. Thanks to Yaroslav Halchenko
- Added "named" date format to date detector. Thanks to Yaroslav Halchenko
- Added filter file for named (bind9). Thanks to Yaroslav Halchenko
- Fixed vsftpd filter. Thanks to Yaroslav Halchenko
ver. 0.8.0 (2007/05/03) - stable
----------
- Fixed RedHat init script. Thanks to Jonathan Underwood
- Added Solaris 10 files. Thanks to Hanno 'Rince' Wagner
ver. 0.7.9 (2007/04/19) - release candidate
----------
- Close opened handlers. Thanks to Yaroslav Halchenko
- Fixed "reload" bug. Many many thanks to Yaroslav Halchenko
- Added date format for asctime without year
- Modified filters config. Thanks to Michael C. Haller
- Fixed a small bug in mail-buffered.conf
ver. 0.7.8 (2007/03/21) - release candidate
----------
- Fixed asctime pattern in datedetector.py
- Added new filters/actions. Thanks to Yaroslav Halchenko
- Added Suse init script and modified gentoo-initd. Thanks to Christian Rauch
- Moved every locking statements in a try..finally block
ver. 0.7.7 (2007/02/08) - release candidate
----------
- Added signal handling in fail2ban-client
- Added a wonderful visual effect when waiting on the server
- fail2ban-client returns an error code if configuration is not valid
- Added new filters/actions. Thanks to Yaroslav Halchenko
- Call Python interpreter directly (instead of using "env")
- Added file support to fail2ban-regex. Benchmark feature has been removed
- Added cacti script and template.
- Added IP list in "status <JAIL>". Thanks to Eric Gerbier
ver. 0.7.6 (2007/01/04) - beta
----------
- Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
- Use `/dev/log` for SYSLOG output. Thanks to Joerg Sommrey
- Use numeric output for iptables in "actioncheck"
- Fixed removal of host in hosts.deny. Thanks to René Berber
- Added new date format (2006-12-21 06:43:20) and Exim4 filter. Thanks to mEDI
- Several "failregex" and "ignoreregex" are now accepted. Creation of rules
should be easier now.
- Added license in COPYING. Thanks to Axel Thimm
- Allow comma in action options. The value of the option must be escaped with "
or '. Thanks to Yaroslav Halchenko
- Now Fail2ban goes in `/usr/share/fail2ban` instead of `/usr/lib/fail2ban`. This is
more compliant with FHS. Thanks to Axel Thimm and Yaroslav Halchenko
ver. 0.7.5 (2006/12/07) - beta
----------
- Do not ban a host that is currently banned. Thanks to Yaroslav Halchenko
- The supported tags in "action(un)ban" are `<ip>`, `<failures>` and `<time>`
- Fixed refactoring bug (getLastcommand -> getLastAction)
- Added option "ignoreregex" in filter scripts and `jail.conf`.
Feature Request #1283304
- Fixed a bug in user defined time regex/pattern
- Improved documentation
- Moved `version.py` and `protocol.py` to `common/`
- Merged "maxtime" option with "findtime"
- Added `<HOST>` tag support in failregex which matches default IP
address/hostname. `(?P<host>\S)` is still valid and supported
- Fixed exception when calling fail2ban-server with unknown option
- Fixed Debian bug 400162. The "socket" option is now handled correctly by
`fail2ban-client`
- Fixed RedHat init script. Thanks to Justin Shore
- Changed timeout to 30 secondes before assuming the server cannot be started.
Thanks to Joël Bertrand
ver. 0.7.4 (2006/11/01) - beta
----------
- Improved configuration files. Thanks to Yaroslav Halchenko
- Added man page for "fail2ban-regex"
- Moved ban/unban messages from "info" level to "warn"
- Added "-s" option to specify the socket path and "socket" option in
"fail2ban.conf"
- Added "backend" option in "jail.conf"
- Added more filters/actions and jail samples. Thanks to Nick Munger, Christoph
Haas
- Improved testing framework
- Fixed a bug in the return code handling of the executed commands. Thanks to
Yaroslav Halchenko
- Signal handling. There is a bug with join() and signal in Python
- Better debugging output for "fail2ban-regex"
- Added support for more date format
- cPickle does not work with Python 2.5. Use pickle instead (performance is not
a problem in our case)
ver. 0.7.3 (2006/09/28) - beta
----------
- Added man pages. Thanks to Yaroslav Halchenko
- Added wildcard support for "logpath"
- Added Gamin (file and directory monitoring system) support
- (Re)added "ignoreip" option
- Added more concurrency protection
- First attempt at solving bug #1457620 (locale issue)
- Performance improvements
- (Re)added permanent banning with banTime < 0
- Added DNS support to "ignoreip". Feature Request #1285859
ver. 0.7.2 (2006/09/10) - beta
----------
- Refactoring and code cleanup
- Improved client output
- Added more get/set commands
- Added more configuration templates
- Removed "logpath" and "maxretry" from filter templates. They must be defined
in jail.conf now
- Added interactive mode. Use "-i"
- Added a date detector. "timeregex" and "timepattern" are no more needed
- Added "fail2ban-regex". This is a tool to help finding "failregex"
- Improved server communication. Start a new thread for each incoming request.
Fail2ban is not really thread-safe yet
ver. 0.7.1 (2006/08/23) - alpha
----------
- Fixed daemon mode bug
- Added Gentoo init.d script
- Fixed path bug when trying to start "fail2ban-server"
- Fixed reload command
ver. 0.7.0 (2006/08/23) - alpha
----------
- Almost a complete rewrite :) Fail2ban design is really better (IMHO). There is
a lot of new features
- Client/Server architecture
- Multithreading. Each jail has its own threads: one for the log reading and
another for the actions
- Execute several actions
- Split configuration files. They are more readable and easy to use
- failregex uses group (<host>) now. This feature was already present in the
Debian package
- lots of things...
ver. 0.6.1 (2006/03/16) - stable
----------
- Added permanent banning. Set banTime to a negative value to enable this
feature (-1 is perfect). Thanks to Mannone
- Fixed locale bug. Thanks to Fernando José
- Fixed crash when time format does not match data
- Propagated patch from Debian to fix fail2ban search path addition to the path
search list: now it is added first. Thanks to Nick Craig-Wood
- Added SMTP authentication for mail notification. Thanks to Markus Hoffmann
- Removed debug mode as it is confusing for people
- Added parsing of timestamp in TAI64N format (#1275325). Thanks to Mark
Edgington
- Added patch #1382936 (Default formatted syslog logging). Thanks to Patrick
Börjesson
- Removed 192.168.0.0/16 from ignoreip. Attacks could also come from the local
network.
- Robust startup: if iptables module does not get fully initialized after
startup of fail2ban, fail2ban will do "maxreinit" attempts to initialize its
own firewall. It will sleep between attempts for "polltime" number of seconds
(closes Debian: #334272). Thanks to Yaroslav Halchenko
- Added "interpolations" in fail2ban.conf. This is provided by the ConfigParser
module. Old configuration files still work. Thanks to Yaroslav Halchenko
- Added initial support for hosts.deny and shorewall. Need more testing. Please
test. Thanks to kojiro from Gentoo forum for hosts.deny support
- Added support for vsftpd. Thanks to zugeschmiert
ver. 0.6.0 (2005/11/20) - stable
----------
- Propagated patches introduced by Debian maintainer (Yaroslav Halchenko):
* Added an option to report local time (including timezone) or GMT in mail
notification.
ver. 0.5.5 (2005/10/26) - beta
----------
- Propagated patches introduced by Debian maintainer (Yaroslav Halchenko):
* Introduced fwcheck option to verify consistency of the chains. Implemented
automatic restart of fail2ban main function in case check of fwban or
fwunban command failed (closes: #329163, #331695). (Introduced patch was
further adjusted by upstream author).
* Added -f command line parameter for [findtime].
* Added a cleanup of firewall rules on emergency shutdown when unknown
exception is caught.
* Fail2ban should not crash now if a wrong file name is specified in config.
* reordered code a bit so that log targets are setup right after background
and then only loglevel (verbose, debug) is processed, so the warning could
be seen in the logs
* Added a keyword `<section>` in parsing of the subject and the body of an email
sent out by fail2ban (closes: #330311)
ver. 0.5.4 (2005/09/13) - beta
----------
- Fixed bug #1286222.
- Propagated patches introduced by Debian maintainer (Yaroslav Halchenko):
* Fixed handling of SYSLOG logging target. Now it can log to any SYSLOG target
and facility as directed by the config
* Format of SYSLOG entries fixed to look closer to standard
* Fixed errata in config/gentoo-confd
* Introduced findtime configuration variable to control the lifetime of caught
"failed" log entries
ver. 0.5.3 (2005/09/08) - beta
----------
- Fixed a bug when overriding "maxfailures" or "bantime". Thanks to Yaroslav
Halchenko
- Added more debug output if an error occurs when sending mail. Thanks to
Stephen Gildea
- Renamed "maxretry" to "maxfailures" and changed default value to 5. Thanks to
Stephen Gildea
- Hopefully fixed bug #1256075
- Fixed bug #1262345
- Fixed exception handling in PIDLock
- Removed warning when using "-V" or "-h" with no config file. Thanks to
Yaroslav Halchenko
- Removed "-i eth0" from config file. Thanks to Yaroslav Halchenko
ver. 0.5.2 (2005/08/06) - beta
----------
- Better PID lock file handling. Should close #1239562
- Added man pages
- Removed log4py dependency. Use logging module instead
- "maxretry" and "bantime" can be overridden in each section
- Fixed bug #1246278 (excessive memory usage)
- Fixed crash on wrong option value in configuration file
- Changed custom chains to lowercase
ver. 0.5.1 (2005/07/23) - beta
----------
- Fixed bugs #1241756, #1239557
- Added log targets in configuration file. Removed -l option
- Changed iptables rules in order to create a separated chain for each section
- Fixed static banList in firewall.py
- Added an initd script for Debian. Thanks to Yaroslav Halchenko
- Check for obsolete files after install
ver. 0.5.0 (2005/07/12) - beta
----------
- Added support for CIDR mask in ignoreip
- Added mail notification support
- Fixed bug #1234699
- Added tags replacement in rules definition. Should allow a clean solution for
Feature Request #1229479
- Removed "interface" and "firewall" options
- Added start and end commands in the configuration file. Thanks to Yaroslav
Halchenko
- Added firewall rules definition in the configuration file
- Cleaned fail2ban.py
- Added an initd script for RedHat/Fedora. Thanks to Andrey G. Grozin
ver. 0.4.1 (2005/06/30) - stable
----------
- Fixed textToDNS method which generated wrong matches for "rhost=12-xyz...".
Thanks to Tom Pike
- `fail2ban.conf` modified for readability. Thanks to Iain Lea
- Added an initd script for Gentoo
- Changed default PID lock file location from `/tmp` to `/var/run`
ver. 0.4.0 (2005/04/24) - stable
----------
- Fixed textToDNS which did not recognize strings like
"12-345-67-890.abcd.mnopqr.xyz"
ver. 0.3.1 (2005/03/31) - beta
----------
- Corrected level of messages
- Added DNS lookup support
- Improved parsing speed. Only parse the new log messages
- Added a second verbose level (-vv)
ver. 0.3.0 (2005/02/24) - beta
----------
- Re-writing of parts of the code in order to handle several log files with
different rules
- Removed `sshd.py` because it is no more needed
- Fixed a bug when exiting with IP in the ban list
- Added PID lock file
- Improved some parts of the code
- Added `ipfw-start-rule` option (thanks to Robert Edeker)
- Added -k option which kills a currently running Fail2Ban
ver. 0.1.2 (2004/11/21) - beta
----------
- Add ipfw and ipfwadm support. The rules are taken from BlockIt. Thanks to
Robert Edeker
- Add -e option which allows to set the interface. Thanks to Robert Edeker who
reminded me this
- Small code cleaning
ver. 0.1.1 (2004/10/23) - beta
----------
- Add SIGTERM handler in order to exit nicely when in daemon mode
- Add -r option which allows to set the maximum number of login failures
- Remove the Metalog class as the log file are not so syslog daemon specific
- Rewrite log reader to be service centered. Sshd support added. Match "Failed
password" and "Illegal user"
- Add `/etc/fail2ban.conf` configuration support
- Code documentation
ver. 0.1.0 (2004/10/12) - alpha
----------
- Initial release
================================================
FILE: DEVELOP
================================================
.. __ _ _ ___ _
/ _|__ _(_) |_ ) |__ __ _ _ _
| _/ _` | | |/ /| '_ \/ _` | ' \
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
How to develop for Fail2Ban
================================================================================
Fail2Ban uses GIT (http://git-scm.com/) distributed source control. This gives
each developer their own complete copy of the entire repository. Developers can
add and switch branches and commit changes when ever they want and then ask a
maintainer to merge their changes.
Fail2Ban uses GitHub (https://github.com/fail2ban/fail2ban) to manage access to
the Git repository. GitHub provides free hosting for open-source projects as
well as a web-based Git repository browser and an issue tracker.
If you are familiar with Python and you have a bug fix or a feature that you
would like to add to Fail2Ban, the best way to do so it to use the GitHub Pull
Request feature. You can find more details on the Fail2Ban wiki
(http://www.fail2ban.org/wiki/index.php/Get_Involved)
Pull Requests
=============
When submitting pull requests on GitHub we ask you to:
* Clearly describe the problem you're solving;
* Don't introduce regressions that will make it hard for systems administrators
to update;
* If adding a major feature rebase your changes on master and get to a single commit;
* Include test cases (see below);
* Include sample logs (if relevant);
* Include a change to the relevant section of the ChangeLog; and
* Include yourself in THANKS if not already there.
If you are developing filters see the FILTERS file for documentation.
Code Testing
============
Existing tests can be run by executing `bin/fail2ban-testcases`. It has
options like --log-level that will probably be useful. Run
`bin/fail2ban-testcases --help` for the full list of options.
Test cases should cover all usual cases, all exception cases and all inside
/ outside boundary conditions.
Test cases should cover all branches. The coverage tool will help identify
missing branches. Also see http://nedbatchelder.com/code/coverage/branch.html
for more details.
Install the package python-coverage to visualise your test coverage. Run the
following (note: on Debian-based systems, the script is called
`python-coverage`)::
coverage run bin/fail2ban-testcases
coverage report
Optionally:
coverage html
And then browse htmlcov/index.html and see how much coverage your test cases
exert over the code base. Full coverage is a good thing however it may not be
complete. Try to ensure tests cover as many independent paths through the
code.
Manual Execution. To run in a development environment do::
./fail2ban-client -c config/ -s /tmp/f2b.sock -i start
some quick commands::
status
add test pyinotify
status test
set test addaction iptables
set test actionban iptables echo <ip> <cidr> >> /tmp/ban
set test actionunban iptables echo <ip> <cidr> >> /tmp/unban
get test actionban iptables
get test actionunban iptables
set test banip 192.168.2.2
status test
Testing with vagrant
--------------------
Testing can now be done inside a vagrant VM. Vagrantfile provided in
source code repository established two VMs:
- VM "secure" which can be used for testing fail2ban code.
- VM "attacker" which can be used to perform attack against our "secure" VM.
Both VMs are sharing the 192.168.200/24 network. If you are using this network
take a look into the Vagrantfile and change the IP.
Coding Standards
================
Style
-----
Please use tabs for now. Keep to 80 columns, at least for readable text.
Tests
-----
Add tests. They should test all the code you add in a meaning way.
Coverage
--------
Test coverage should always increase as you add code.
You may use "# pragma: no cover" in the code for branches of code that support
older versions on python. For all other uses of "pragma: no cover" or
"pragma: no branch" document the reason why its not covered. "I haven't written
a test case" isn't a sufficient reason.
pyflakes
--------
pyflakes can be used to find unused imports, and unused, undefined and
redefined variables. pyflakes should be run in any python code, including
python based actions::
pyflakes bin/ config/ fail2ban/
Documentation
-------------
Ensure this documentation is up to date after changes. Also ensure that the man
pages still are accurate. Ensure that there is sufficient documentation for
your new features to be used.
Bugs
----
Remove them and don't add any more.
Git
---
Use the following tags in your commit messages:
* 'BF:' for bug fixes
* 'DOC:' for documentation fixes
* 'ENH:' for enhancements
* 'TST:' for commits concerning tests only (thus not touching the main code-base)
Multiple tags could be joined with +, e.g. "BF+TST:".
Use the text "closes #333"/"resolves #333 "/"fixes #333" where 333 represents
an issue that is closed. Other text and details in link below.
See: https://help.github.com/articles/closing-issues-via-commit-messages
If merge resulted in conflicts, clarify what changes were done to
corresponding files in the 'Conflicts:' section of the merge commit
message. See e.g. https://github.com/fail2ban/fail2ban/commit/f5a8a8ac
Adding Actions
--------------
If you add an action.d/*.conf file also add a example in config/jail.conf
with enabled=false and maxretry=5 for ssh.
Design
======
Fail2Ban was initially developed with Python 2.3 (IIRC). It should
still be compatible with Python 2.4 and such compatibility assurance
makes code ... old-fashioned in many places (RF-Note). In 0.7 the
design went through major re-factoring into client/server,
a-thread-per-jail design which made it a bit difficult to follow.
Below you can find a sketchy description of the main components of the
system to orient yourself better.
server/
------
Core classes hierarchy (feel welcome to draw a better/more complete
one)::
-> inheritance
+ delegation
* storage of multiple instances
RF-Note just a note which might be useful to address while doing RF
JailThread -> Filter -> FileFilter -> {FilterPoll, FilterPyinotify, ...}
| * FileContainer
+ FailManager
+ DateDetector
+ Jail (provided in __init__) which contains this Filter
(used for passing tickets from FailManager to Jail's __queue)
Server
+ Jails
* Jail
+ Filter (in __filter)
* tickets (in __queue)
+ Actions (in __action)
* Action
+ BanManager
failmanager.py
~~~~~~~~~~~~~~
FailManager
Keeps track of failures, recorded as 'tickets'. All operations are
done via acquiring a lock
FailManagerEmpty(Exception)
raised by FailManager.toBan after reaching the list of tickets
(RF-Note: asks to become a generator ;) )
filter.py
~~~~~~~~~~
Filter(JailThread)
Wraps (non-threaded) FailManager (and proxies to it quite a bit),
and provides all primary logic for processing new lines, what IPs to
ignore, etc
.failManager [FailManager]
.dateDetector [DateDetector]
.__failRegex [list]
.__ignoreRegex [list]
Contains regular expressions for failures and ignores
.__findTime [numeric]
Used in `processLineAndAdd` to skip old lines
FileFilter(Filter):
Files-aware Filter
.__logPath [list]
keeps the tracked files (added 1-by-1 using addLogPa
gitextract_iv3lnxih/ ├── .codespellrc ├── .coveragerc ├── .gitattributes ├── .github/ │ ├── FUNDING.yml │ ├── ISSUE_TEMPLATE/ │ │ ├── bug_report.md │ │ ├── feature_request.md │ │ └── filter_request.md │ ├── PULL_REQUEST_TEMPLATE.md │ └── workflows/ │ ├── codespell.yml │ ├── main.yml │ └── publish.yml ├── .gitignore ├── .mailmap ├── .pylintrc ├── .typos.toml ├── CONTRIBUTING.md ├── COPYING ├── ChangeLog ├── DEVELOP ├── FILTERS ├── MANIFEST ├── MANIFEST.in ├── README.Solaris ├── README.md ├── RELEASE ├── THANKS ├── TODO ├── Vagrantfile ├── bin/ │ ├── fail2ban-client │ ├── fail2ban-regex │ ├── fail2ban-server │ └── fail2ban-testcases ├── config/ │ ├── action.d/ │ │ ├── abuseipdb.conf │ │ ├── apf.conf │ │ ├── apprise.conf │ │ ├── blocklist_de.conf │ │ ├── bsd-ipfw.conf │ │ ├── cloudflare-token.conf │ │ ├── cloudflare.conf │ │ ├── complain.conf │ │ ├── csf.conf │ │ ├── dshield.conf │ │ ├── dummy.conf │ │ ├── firewallcmd-allports.conf │ │ ├── firewallcmd-common.conf │ │ ├── firewallcmd-ipset.conf │ │ ├── firewallcmd-multiport.conf │ │ ├── firewallcmd-new.conf │ │ ├── firewallcmd-rich-logging.conf │ │ ├── firewallcmd-rich-rules.conf │ │ ├── helpers-common.conf │ │ ├── hostsdeny.conf │ │ ├── ipfilter.conf │ │ ├── ipfw.conf │ │ ├── iptables-allports.conf │ │ ├── iptables-ipset-proto4.conf │ │ ├── iptables-ipset-proto6-allports.conf │ │ ├── iptables-ipset-proto6.conf │ │ ├── iptables-ipset.conf │ │ ├── iptables-multiport-log.conf │ │ ├── iptables-multiport.conf │ │ ├── iptables-new.conf │ │ ├── iptables-xt_recent-echo.conf │ │ ├── iptables.conf │ │ ├── ipthreat.conf │ │ ├── mail-buffered.conf │ │ ├── mail-whois-common.conf │ │ ├── mail-whois-lines.conf │ │ ├── mail-whois.conf │ │ ├── mail.conf │ │ ├── mikrotik.conf │ │ ├── mynetwatchman.conf │ │ ├── netscaler.conf │ │ ├── nftables-allports.conf │ │ ├── nftables-multiport.conf │ │ ├── nftables.conf │ │ ├── nginx-block-map.conf │ │ ├── npf.conf │ │ ├── nsupdate.conf │ │ ├── osx-afctl.conf │ │ ├── osx-ipfw.conf │ │ ├── pf.conf │ │ ├── route.conf │ │ ├── sendmail-buffered.conf │ │ ├── sendmail-common.conf │ │ ├── sendmail-geoip-lines.conf │ │ ├── sendmail-whois-ipjailmatches.conf │ │ ├── sendmail-whois-ipmatches.conf │ │ ├── sendmail-whois-lines.conf │ │ ├── sendmail-whois-matches.conf │ │ ├── sendmail-whois.conf │ │ ├── sendmail.conf │ │ ├── shorewall-ipset-proto6.conf │ │ ├── shorewall.conf │ │ ├── smtp.py │ │ ├── symbiosis-blacklist-allports.conf │ │ ├── ufw.conf │ │ └── xarf-login-attack.conf │ ├── fail2ban.conf │ ├── filter.d/ │ │ ├── 3proxy.conf │ │ ├── apache-auth.conf │ │ ├── apache-badbots.conf │ │ ├── apache-botsearch.conf │ │ ├── apache-common.conf │ │ ├── apache-fakegooglebot.conf │ │ ├── apache-modsecurity.conf │ │ ├── apache-nohome.conf │ │ ├── apache-noscript.conf │ │ ├── apache-overflows.conf │ │ ├── apache-pass.conf │ │ ├── apache-shellshock.conf │ │ ├── assp.conf │ │ ├── asterisk.conf │ │ ├── bitwarden.conf │ │ ├── botsearch-common.conf │ │ ├── centreon.conf │ │ ├── common.conf │ │ ├── counter-strike.conf │ │ ├── courier-auth.conf │ │ ├── courier-smtp.conf │ │ ├── cyrus-imap.conf │ │ ├── dante.conf │ │ ├── directadmin.conf │ │ ├── domino-smtp.conf │ │ ├── dovecot.conf │ │ ├── dropbear.conf │ │ ├── drupal-auth.conf │ │ ├── ejabberd-auth.conf │ │ ├── exim-common.conf │ │ ├── exim-spam.conf │ │ ├── exim.conf │ │ ├── freeswitch.conf │ │ ├── froxlor-auth.conf │ │ ├── gitlab.conf │ │ ├── grafana.conf │ │ ├── groupoffice.conf │ │ ├── gssftpd.conf │ │ ├── guacamole.conf │ │ ├── haproxy-http-auth.conf │ │ ├── horde.conf │ │ ├── ignorecommands/ │ │ │ └── apache-fakegooglebot │ │ ├── kerio.conf │ │ ├── lighttpd-auth.conf │ │ ├── mongodb-auth.conf │ │ ├── monit.conf │ │ ├── monitorix.conf │ │ ├── mssql-auth.conf │ │ ├── murmur.conf │ │ ├── mysqld-auth.conf │ │ ├── nagios.conf │ │ ├── named-refused.conf │ │ ├── nginx-bad-request.conf │ │ ├── nginx-botsearch.conf │ │ ├── nginx-error-common.conf │ │ ├── nginx-forbidden.conf │ │ ├── nginx-http-auth.conf │ │ ├── nginx-limit-req.conf │ │ ├── nsd.conf │ │ ├── openhab.conf │ │ ├── openvpn.conf │ │ ├── openwebmail.conf │ │ ├── oracleims.conf │ │ ├── pam-generic.conf │ │ ├── perdition.conf │ │ ├── php-url-fopen.conf │ │ ├── phpmyadmin-syslog.conf │ │ ├── portsentry.conf │ │ ├── postfix.conf │ │ ├── proftpd.conf │ │ ├── proxmox.conf │ │ ├── pure-ftpd.conf │ │ ├── qmail.conf │ │ ├── recidive.conf │ │ ├── roundcube-auth.conf │ │ ├── routeros-auth.conf │ │ ├── scanlogd.conf │ │ ├── screensharingd.conf │ │ ├── selinux-common.conf │ │ ├── selinux-ssh.conf │ │ ├── sendmail-auth.conf │ │ ├── sendmail-reject.conf │ │ ├── sieve.conf │ │ ├── slapd.conf │ │ ├── softethervpn.conf │ │ ├── sogo-auth.conf │ │ ├── solid-pop3d.conf │ │ ├── squid.conf │ │ ├── squirrelmail.conf │ │ ├── sshd.conf │ │ ├── stunnel.conf │ │ ├── suhosin.conf │ │ ├── tine20.conf │ │ ├── traefik-auth.conf │ │ ├── uwimap-auth.conf │ │ ├── vaultwarden.conf │ │ ├── vsftpd.conf │ │ ├── webmin-auth.conf │ │ ├── wuftpd.conf │ │ ├── xinetd-fail.conf │ │ ├── xrdp.conf │ │ ├── znc-adminlog.conf │ │ └── zoneminder.conf │ ├── jail.conf │ ├── paths-arch.conf │ ├── paths-common.conf │ ├── paths-debian.conf │ ├── paths-fedora.conf │ ├── paths-freebsd.conf │ ├── paths-opensuse.conf │ └── paths-osx.conf ├── doc/ │ ├── Doxyfile │ ├── Makefile │ ├── conf.py │ ├── develop.rst │ ├── fail2ban.client.actionreader.rst │ ├── fail2ban.client.beautifier.rst │ ├── fail2ban.client.configparserinc.rst │ ├── fail2ban.client.configreader.rst │ ├── fail2ban.client.configurator.rst │ ├── fail2ban.client.csocket.rst │ ├── fail2ban.client.fail2banreader.rst │ ├── fail2ban.client.filterreader.rst │ ├── fail2ban.client.jailreader.rst │ ├── fail2ban.client.jailsreader.rst │ ├── fail2ban.client.rst │ ├── fail2ban.exceptions.rst │ ├── fail2ban.helpers.rst │ ├── fail2ban.protocol.rst │ ├── fail2ban.rst │ ├── fail2ban.server.action.rst │ ├── fail2ban.server.actions.rst │ ├── fail2ban.server.asyncserver.rst │ ├── fail2ban.server.banmanager.rst │ ├── fail2ban.server.database.rst │ ├── fail2ban.server.datedetector.rst │ ├── fail2ban.server.datetemplate.rst │ ├── fail2ban.server.failmanager.rst │ ├── fail2ban.server.failregex.rst │ ├── fail2ban.server.filter.rst │ ├── fail2ban.server.filterpoll.rst │ ├── fail2ban.server.filterpyinotify.rst │ ├── fail2ban.server.filtersystemd.rst │ ├── fail2ban.server.jail.rst │ ├── fail2ban.server.jails.rst │ ├── fail2ban.server.jailthread.rst │ ├── fail2ban.server.mytime.rst │ ├── fail2ban.server.rst │ ├── fail2ban.server.server.rst │ ├── fail2ban.server.strptime.rst │ ├── fail2ban.server.ticket.rst │ ├── fail2ban.server.transmitter.rst │ ├── fail2ban.server.utils.rst │ ├── fail2ban.version.rst │ ├── filters.rst │ ├── index.rst │ ├── release.rst │ ├── requirements.txt │ └── run-rootless.txt ├── fail2ban/ │ ├── __init__.py │ ├── client/ │ │ ├── __init__.py │ │ ├── actionreader.py │ │ ├── beautifier.py │ │ ├── configparserinc.py │ │ ├── configreader.py │ │ ├── configurator.py │ │ ├── csocket.py │ │ ├── fail2banclient.py │ │ ├── fail2bancmdline.py │ │ ├── fail2banreader.py │ │ ├── fail2banregex.py │ │ ├── fail2banserver.py │ │ ├── filterreader.py │ │ ├── jailreader.py │ │ └── jailsreader.py │ ├── compat/ │ │ ├── asynchat.py │ │ └── asyncore.py │ ├── exceptions.py │ ├── helpers.py │ ├── protocol.py │ ├── server/ │ │ ├── __init__.py │ │ ├── action.py │ │ ├── actions.py │ │ ├── asyncserver.py │ │ ├── banmanager.py │ │ ├── database.py │ │ ├── datedetector.py │ │ ├── datetemplate.py │ │ ├── failmanager.py │ │ ├── failregex.py │ │ ├── filter.py │ │ ├── filterpoll.py │ │ ├── filterpyinotify.py │ │ ├── filtersystemd.py │ │ ├── ipdns.py │ │ ├── jail.py │ │ ├── jails.py │ │ ├── jailthread.py │ │ ├── mytime.py │ │ ├── observer.py │ │ ├── server.py │ │ ├── strptime.py │ │ ├── ticket.py │ │ ├── transmitter.py │ │ └── utils.py │ ├── setup.py │ ├── tests/ │ │ ├── __init__.py │ │ ├── action_d/ │ │ │ ├── __init__.py │ │ │ └── test_smtp.py │ │ ├── actionstestcase.py │ │ ├── actiontestcase.py │ │ ├── banmanagertestcase.py │ │ ├── clientbeautifiertestcase.py │ │ ├── clientreadertestcase.py │ │ ├── config/ │ │ │ ├── action.d/ │ │ │ │ ├── action.conf │ │ │ │ └── brokenaction.conf │ │ │ ├── fail2ban.conf │ │ │ ├── filter.d/ │ │ │ │ ├── checklogtype.conf │ │ │ │ ├── checklogtype_test.conf │ │ │ │ ├── simple.conf │ │ │ │ ├── test.conf │ │ │ │ ├── test.local │ │ │ │ ├── zzz-generic-example.conf │ │ │ │ └── zzz-sshd-obsolete-multiline.conf │ │ │ └── jail.conf │ │ ├── databasetestcase.py │ │ ├── datedetectortestcase.py │ │ ├── dummyjail.py │ │ ├── fail2banclienttestcase.py │ │ ├── fail2banregextestcase.py │ │ ├── failmanagertestcase.py │ │ ├── files/ │ │ │ ├── action.d/ │ │ │ │ ├── action.py │ │ │ │ ├── action_checkainfo.py │ │ │ │ ├── action_errors.py │ │ │ │ ├── action_modifyainfo.py │ │ │ │ ├── action_noAction.py │ │ │ │ └── action_nomethod.py │ │ │ ├── config/ │ │ │ │ └── apache-auth/ │ │ │ │ ├── README │ │ │ │ ├── basic/ │ │ │ │ │ ├── authz_owner/ │ │ │ │ │ │ ├── .htaccess │ │ │ │ │ │ ├── .htpasswd │ │ │ │ │ │ └── cant_get_me.html │ │ │ │ │ └── file/ │ │ │ │ │ ├── .htaccess │ │ │ │ │ └── .htpasswd │ │ │ │ ├── digest/ │ │ │ │ │ ├── .htaccess │ │ │ │ │ └── .htpasswd │ │ │ │ ├── digest.py │ │ │ │ ├── digest_anon/ │ │ │ │ │ ├── .htaccess │ │ │ │ │ └── .htpasswd │ │ │ │ ├── digest_time/ │ │ │ │ │ ├── .htaccess │ │ │ │ │ └── .htpasswd │ │ │ │ ├── digest_wrongrelm/ │ │ │ │ │ ├── .htaccess │ │ │ │ │ └── .htpasswd │ │ │ │ └── noentry/ │ │ │ │ └── .htaccess │ │ │ ├── filter.d/ │ │ │ │ ├── substitution.conf │ │ │ │ ├── testcase-common.conf │ │ │ │ ├── testcase01.conf │ │ │ │ ├── testcase02.conf │ │ │ │ └── testcase02.local │ │ │ ├── ignorecommand.py │ │ │ ├── logs/ │ │ │ │ ├── 3proxy │ │ │ │ ├── apache-auth │ │ │ │ ├── apache-badbots │ │ │ │ ├── apache-botsearch │ │ │ │ ├── apache-fakegooglebot │ │ │ │ ├── apache-modsecurity │ │ │ │ ├── apache-nohome │ │ │ │ ├── apache-noscript │ │ │ │ ├── apache-overflows │ │ │ │ ├── apache-pass │ │ │ │ ├── apache-shellshock │ │ │ │ ├── assp │ │ │ │ ├── asterisk │ │ │ │ ├── bitwarden │ │ │ │ ├── bsd/ │ │ │ │ │ ├── syslog-plain.txt │ │ │ │ │ ├── syslog-v.txt │ │ │ │ │ └── syslog-vv.txt │ │ │ │ ├── centreon │ │ │ │ ├── counter-strike │ │ │ │ ├── courier-auth │ │ │ │ ├── courier-smtp │ │ │ │ ├── cyrus-imap │ │ │ │ ├── dante │ │ │ │ ├── directadmin │ │ │ │ ├── domino-smtp │ │ │ │ ├── dovecot │ │ │ │ ├── dropbear │ │ │ │ ├── drupal-auth │ │ │ │ ├── ejabberd-auth │ │ │ │ ├── exim │ │ │ │ ├── exim-spam │ │ │ │ ├── freeswitch │ │ │ │ ├── froxlor-auth │ │ │ │ ├── gitlab │ │ │ │ ├── grafana │ │ │ │ ├── groupoffice │ │ │ │ ├── gssftpd │ │ │ │ ├── guacamole │ │ │ │ ├── haproxy-http-auth │ │ │ │ ├── horde │ │ │ │ ├── kerio │ │ │ │ ├── lighttpd-auth │ │ │ │ ├── mongodb-auth │ │ │ │ ├── monit │ │ │ │ ├── monitorix │ │ │ │ ├── mssql-auth │ │ │ │ ├── murmur │ │ │ │ ├── mysqld-auth │ │ │ │ ├── nagios │ │ │ │ ├── named-refused │ │ │ │ ├── nginx-bad-request │ │ │ │ ├── nginx-botsearch │ │ │ │ ├── nginx-forbidden │ │ │ │ ├── nginx-http-auth │ │ │ │ ├── nginx-limit-req │ │ │ │ ├── nsd │ │ │ │ ├── openhab │ │ │ │ ├── openvpn │ │ │ │ ├── openwebmail │ │ │ │ ├── oracleims │ │ │ │ ├── pam-generic │ │ │ │ ├── perdition │ │ │ │ ├── php-url-fopen │ │ │ │ ├── phpmyadmin-syslog │ │ │ │ ├── portsentry │ │ │ │ ├── postfix │ │ │ │ ├── proftpd │ │ │ │ ├── proxmox │ │ │ │ ├── pure-ftpd │ │ │ │ ├── qmail │ │ │ │ ├── recidive │ │ │ │ ├── roundcube-auth │ │ │ │ ├── routeros-auth │ │ │ │ ├── scanlogd │ │ │ │ ├── screensharingd │ │ │ │ ├── selinux-ssh │ │ │ │ ├── sendmail-auth │ │ │ │ ├── sendmail-reject │ │ │ │ ├── sieve │ │ │ │ ├── slapd │ │ │ │ ├── softethervpn │ │ │ │ ├── sogo-auth │ │ │ │ ├── solid-pop3d │ │ │ │ ├── squid │ │ │ │ ├── squirrelmail │ │ │ │ ├── sshd │ │ │ │ ├── sshd-journal │ │ │ │ ├── stunnel │ │ │ │ ├── suhosin │ │ │ │ ├── tine20 │ │ │ │ ├── traefik-auth │ │ │ │ ├── uwimap-auth │ │ │ │ ├── vaultwarden │ │ │ │ ├── vsftpd │ │ │ │ ├── webmin-auth │ │ │ │ ├── wuftpd │ │ │ │ ├── xinetd-fail │ │ │ │ ├── xrdp │ │ │ │ ├── znc-adminlog │ │ │ │ ├── zoneminder │ │ │ │ ├── zzz-generic-example │ │ │ │ └── zzz-sshd-obsolete-multiline │ │ │ ├── test-ign-ips-file │ │ │ ├── testcase-journal.log │ │ │ ├── testcase-multiline.log │ │ │ ├── testcase-usedns.log │ │ │ ├── testcase-wrong-char.log │ │ │ ├── testcase01.log │ │ │ ├── testcase01a.log │ │ │ ├── testcase02.log │ │ │ ├── testcase03.log │ │ │ ├── testcase04.log │ │ │ └── zzz-sshd-obsolete-multiline.log │ │ ├── filtertestcase.py │ │ ├── misctestcase.py │ │ ├── observertestcase.py │ │ ├── samplestestcase.py │ │ ├── servertestcase.py │ │ ├── sockettestcase.py │ │ ├── tickettestcase.py │ │ └── utils.py │ └── version.py ├── fail2ban-testcases-all ├── fail2ban-testcases-all-python3 ├── files/ │ ├── bash-completion │ ├── cacti/ │ │ ├── README │ │ ├── cacti_host_template_fail2ban.xml │ │ └── fail2ban_stats.sh │ ├── debian-initd │ ├── fail2ban-logrotate │ ├── fail2ban-openrc.conf │ ├── fail2ban-openrc.init.in │ ├── fail2ban.service.in │ ├── fail2ban.upstart │ ├── gen_badbots │ ├── ipmasq-ZZZzzz_fail2ban.rul │ ├── logwatch/ │ │ ├── fail2ban │ │ ├── fail2ban-0.8.log │ │ └── fail2ban-0.9.log │ ├── macosx-initd │ ├── monit/ │ │ └── fail2ban │ ├── nagios/ │ │ ├── README │ │ └── check_fail2ban │ ├── redhat-initd │ ├── solaris-fail2ban.xml │ ├── solaris-svc-fail2ban │ └── suse-initd ├── kill-server ├── man/ │ ├── fail2ban-client.1 │ ├── fail2ban-client.h2m │ ├── fail2ban-python.1 │ ├── fail2ban-python.h2m │ ├── fail2ban-regex.1 │ ├── fail2ban-regex.h2m │ ├── fail2ban-server.1 │ ├── fail2ban-server.h2m │ ├── fail2ban-testcases.1 │ ├── fail2ban-testcases.h2m │ ├── fail2ban.1 │ ├── generate-man │ └── jail.conf.5 ├── setup.cfg └── setup.py
SYMBOL INDEX (1784 symbols across 75 files)
FILE: config/action.d/smtp.py
class SMTPAction (line 73) | class SMTPAction(ActionBase):
method __init__ (line 78) | def __init__(
method _sendMessage (line 135) | def _sendMessage(self, subject, text):
method start (line 204) | def start(self):
method stop (line 212) | def stop(self):
method ban (line 220) | def ban(self, aInfo):
FILE: fail2ban/__init__.py
function _Logger_notice (line 48) | def _Logger_notice(self, msg, *args, **kwargs):
function _root_notice (line 65) | def _root_notice(msg, *args, **kwargs):
function _init (line 84) | def _init():
FILE: fail2ban/client/actionreader.py
class ActionReader (line 37) | class ActionReader(DefinitionInitConfigReader):
method __init__ (line 55) | def __init__(self, file_, jailName, initOpts, **kwargs):
method setFile (line 71) | def setFile(self, fileName):
method getFile (line 75) | def getFile(self):
method setName (line 78) | def setName(self, name):
method getName (line 81) | def getName(self):
method convert (line 84) | def convert(self):
FILE: fail2ban/client/beautifier.py
class Beautifier (line 39) | class Beautifier:
method __init__ (line 46) | def __init__(self, cmd = None):
method setInputCmd (line 49) | def setInputCmd(self, cmd):
method getInputCmd (line 52) | def getInputCmd(self):
method beautify (line 55) | def beautify(self, response):
method beautifyError (line 263) | def beautifyError(self, response):
FILE: fail2ban/client/configparserinc.py
class BasicInterpolationWithName (line 38) | class BasicInterpolationWithName(BasicInterpolation):
method _interpolate_some (line 52) | def _interpolate_some(self, parser, option, accum, rest, section, map,
function _expandConfFilesWithLocal (line 63) | def _expandConfFilesWithLocal(filenames):
class SafeConfigParserWithIncludes (line 82) | class SafeConfigParserWithIncludes(SafeConfigParser):
method __init__ (line 120) | def __init__(self, share_config=None, *args, **kwargs):
method get_ex (line 128) | def get_ex(self, section, option, raw=False, vars={}):
method _map_section_options (line 157) | def _map_section_options(self, section, option, rest, defaults):
method share_config (line 215) | def share_config(self):
method _getSharedSCPWI (line 218) | def _getSharedSCPWI(self, filename):
method _getIncludes (line 237) | def _getIncludes(self, filenames, seen=[]):
method __getIncludesUncached (line 258) | def __getIncludesUncached(self, resource, seen=[]):
method get_defaults (line 292) | def get_defaults(self):
method get_sections (line 295) | def get_sections(self):
method options (line 298) | def options(self, section, withDefault=True):
method read (line 313) | def read(self, filenames, get_includes=True):
method merge_section (line 371) | def merge_section(self, section, options, pref=None):
FILE: fail2ban/client/configreader.py
function _OptionsTemplateGen (line 41) | def _OptionsTemplateGen(options):
class ConfigReader (line 62) | class ConfigReader():
method __init__ (line 68) | def __init__(self, use_config=None, share_config=None, **kwargs):
method setBaseDir (line 82) | def setBaseDir(self, basedir):
method getBaseDir (line 88) | def getBaseDir(self):
method share_config (line 95) | def share_config(self):
method read (line 98) | def read(self, name, once=True):
method _create_unshared (line 119) | def _create_unshared(self, name=''):
method sections (line 135) | def sections(self):
method has_section (line 141) | def has_section(self, sec):
method has_option (line 147) | def has_option(self, sec, opt, withDefault=True):
method merge_defaults (line 151) | def merge_defaults(self, d):
method merge_section (line 154) | def merge_section(self, section, *args, **kwargs):
method options (line 160) | def options(self, section, withDefault=False):
method get (line 170) | def get(self, sec, opt, raw=False, vars={}):
method getOptions (line 176) | def getOptions(self, section, *args, **kwargs):
class ConfigReaderUnshared (line 183) | class ConfigReaderUnshared(SafeConfigParserWithIncludes):
method __init__ (line 192) | def __init__(self, basedir=None, *args, **kwargs):
method setBaseDir (line 197) | def setBaseDir(self, basedir):
method getBaseDir (line 202) | def getBaseDir(self):
method read (line 205) | def read(self, filename):
method getOptions (line 256) | def getOptions(self, sec, options, pOptions=None, shouldExist=False, c...
class DefinitionInitConfigReader (line 293) | class DefinitionInitConfigReader(ConfigReader):
method __init__ (line 304) | def __init__(self, file_, jailName, initOpts, **kwargs):
method setFile (line 314) | def setFile(self, fileName):
method getFile (line 318) | def getFile(self):
method setJailName (line 321) | def setJailName(self, jailName):
method getJailName (line 324) | def getJailName(self):
method read (line 327) | def read(self):
method readexplicit (line 331) | def readexplicit(self):
method getOptions (line 336) | def getOptions(self, pOpts, all=False):
method convertOptions (line 371) | def convertOptions(self, opts, configOpts):
method getCombOption (line 386) | def getCombOption(self, optname):
method getCombined (line 402) | def getCombined(self, ignore=()):
method convert (line 424) | def convert(self):
FILE: fail2ban/client/configurator.py
class Configurator (line 35) | class Configurator:
method __init__ (line 37) | def __init__(self, force_enable=False, share_config=None):
method Reload (line 47) | def Reload(self):
method setBaseDir (line 51) | def setBaseDir(self, folderName):
method getBaseDir (line 55) | def getBaseDir(self):
method readEarly (line 65) | def readEarly(self):
method readAll (line 69) | def readAll(self):
method getEarlyOptions (line 74) | def getEarlyOptions(self):
method getOptions (line 77) | def getOptions(self, jail=None, updateMainOpt=None, ignoreWrong=True):
method convertToProtocol (line 81) | def convertToProtocol(self, allow_no_files=False):
method getConfigStream (line 85) | def getConfigStream(self):
FILE: fail2ban/client/csocket.py
class CSocket (line 33) | class CSocket:
method __init__ (line 35) | def __init__(self, sock="/var/run/fail2ban/fail2ban.sock", timeout=-1):
method __del__ (line 45) | def __del__(self):
method send (line 48) | def send(self, msg, nonblocking=False, timeout=None):
method settimeout (line 55) | def settimeout(self, timeout):
method close (line 58) | def close(self):
method convert (line 73) | def convert(m):
method receive (line 81) | def receive(sock, nonblocking=False, timeout=None):
FILE: fail2ban/client/fail2banclient.py
function _thread_name (line 44) | def _thread_name():
function input_command (line 47) | def input_command(): # pragma: no cover
class Fail2banClient (line 54) | class Fail2banClient(Fail2banCmdLine, Thread):
method __init__ (line 56) | def __init__(self):
method dispInteractive (line 63) | def dispInteractive(self):
method __sigTERMhandler (line 68) | def __sigTERMhandler(self, signum, frame): # pragma: no cover
method __ping (line 74) | def __ping(self, timeout=0.1):
method beautifier (line 79) | def beautifier(self):
method __processCmd (line 85) | def __processCmd(self, cmd, showRet=True, timeout=-1):
method __logSocketError (line 135) | def __logSocketError(self, prevError="", errorOnly=False):
method __prepareStartServer (line 160) | def __prepareStartServer(self):
method _set_server (line 178) | def _set_server(self, s):
method __startServer (line 182) | def __startServer(self, background=True):
method configureServer (line 224) | def configureServer(self, nonsync=True, phase=None, stream=None):
method __processCommand (line 273) | def __processCommand(self, cmd):
method __processStartStreamAfterWait (line 346) | def __processStartStreamAfterWait(self, *args):
method __waitOnServer (line 369) | def __waitOnServer(self, alive=True, maxtime=None):
method start (line 395) | def start(self, argv):
class _VisualWait (line 465) | class _VisualWait:
method __init__ (line 470) | def __init__(self, maxpos=10):
method __enter__ (line 472) | def __enter__(self):
method __exit__ (line 474) | def __exit__(self, *args):
method heartbeat (line 478) | def heartbeat(self):
class _NotVisualWait (line 494) | class _NotVisualWait:
method __enter__ (line 497) | def __enter__(self):
method __exit__ (line 499) | def __exit__(self, *args):
method heartbeat (line 501) | def heartbeat(self):
function VisualWait (line 504) | def VisualWait(verbose, *args, **kwargs):
function exec_command_line (line 510) | def exec_command_line(argv):
FILE: fail2ban/client/fail2bancmdline.py
function output (line 35) | def output(s): # pragma: no cover
class Fail2banCmdLine (line 50) | class Fail2banCmdLine():
method __init__ (line 52) | def __init__(self):
method resetConf (line 58) | def resetConf(self):
method configurator (line 71) | def configurator(self):
method applyMembers (line 82) | def applyMembers(self, obj):
method dispVersion (line 86) | def dispVersion(self, short=False):
method dispUsage (line 92) | def dispUsage(self):
method __getCmdLineOptions (line 133) | def __getCmdLineOptions(self, optList):
method initCmdLine (line 180) | def initCmdLine(self, argv):
method readConfig (line 283) | def readConfig(self, jail=None):
method dumpConfig (line 302) | def dumpConfig(cmd, pretty=False):
method _exit (line 317) | def _exit(code=0):
method exit (line 332) | def exit(code=0):
class ExitException (line 344) | class ExitException(Exception):
class ServerExecutionException (line 348) | class ServerExecutionException(Exception):
FILE: fail2ban/client/fail2banreader.py
class Fail2banReader (line 34) | class Fail2banReader(ConfigReader):
method __init__ (line 36) | def __init__(self, **kwargs):
method read (line 39) | def read(self):
method getEarlyOptions (line 42) | def getEarlyOptions(self):
method getOptions (line 52) | def getOptions(self, updateMainOpt=None):
method convert (line 73) | def convert(self):
FILE: fail2ban/client/fail2banregex.py
function debuggexURL (line 63) | def debuggexURL(sample, regex, multiline=False, useDns="yes"):
function output (line 72) | def output(args): # pragma: no cover (overridden in test-cases)
function shortstr (line 75) | def shortstr(s, l=53):
function pprint_list (line 82) | def pprint_list(l, header=None):
function journal_lines_gen (line 91) | def journal_lines_gen(flt, myjournal): # pragma: no cover
function dumpNormVersion (line 101) | def dumpNormVersion(*args):
class _f2bOptParser (line 107) | class _f2bOptParser(OptionParser):
method format_help (line 108) | def format_help(self, *args, **kwargs):
function get_opt_parser (line 131) | def get_opt_parser():
class RegexStat (line 196) | class RegexStat(object):
method __init__ (line 198) | def __init__(self, failregex):
method __str__ (line 203) | def __str__(self):
method inc (line 207) | def inc(self):
method getStats (line 210) | def getStats(self):
method getFailRegex (line 213) | def getFailRegex(self):
method appendIP (line 216) | def appendIP(self, value):
method getIPList (line 219) | def getIPList(self):
class LineStats (line 223) | class LineStats(object):
method __init__ (line 226) | def __init__(self, opts):
method __str__ (line 238) | def __str__(self):
method __getitem__ (line 242) | def __getitem__(self, key):
class Fail2banRegex (line 246) | class Fail2banRegex(object):
method __init__ (line 248) | def __init__(self, opts):
method output (line 290) | def output(self, line):
method encode_line (line 293) | def encode_line(self, line):
method setDatePattern (line 296) | def setDatePattern(self, pattern):
method setMaxLines (line 304) | def setMaxLines(self, v):
method setJournalMatch (line 310) | def setJournalMatch(self, v):
method _dumpRealOptions (line 313) | def _dumpRealOptions(self, reader, fltOpt):
method readRegex (line 332) | def readRegex(self, value, regextype):
method _onIgnoreRegex (line 491) | def _onIgnoreRegex(self, idx, ignoreRegex):
method testRegex (line 495) | def testRegex(self, line, date=None):
method _prepaireOutput (line 559) | def _prepaireOutput(self):
method process (line 622) | def process(self, test_lines):
method printLines (line 670) | def printLines(self, ltype):
method printStats (line 701) | def printStats(self):
method start (line 773) | def start(self, args):
function _loc_except_hook (line 838) | def _loc_except_hook(exctype, value, traceback):
function exec_command_line (line 844) | def exec_command_line(*args):
FILE: fail2ban/client/fail2banserver.py
class Fail2banServer (line 36) | class Fail2banServer(Fail2banCmdLine):
method startServerDirect (line 47) | def startServerDirect(conf, daemon=True, setServer=None):
method startServerAsync (line 83) | def startServerAsync(conf):
method getServerPath (line 136) | def getServerPath():
method _Fail2banClient (line 148) | def _Fail2banClient(self):
method start (line 154) | def start(self, argv):
method exit (line 227) | def exit(code=0): # pragma: no cover
function exec_command_line (line 232) | def exec_command_line(argv):
FILE: fail2ban/client/filterreader.py
class FilterReader (line 37) | class FilterReader(DefinitionInitConfigReader):
method setFile (line 49) | def setFile(self, fileName):
method getFile (line 53) | def getFile(self):
method applyAutoOptions (line 56) | def applyAutoOptions(self, backend):
method convert (line 64) | def convert(self):
method _fillStream (line 72) | def _fillStream(stream, opts, jailName):
FILE: fail2ban/client/jailreader.py
class NoJailError (line 42) | class NoJailError(ValueError):
class JailReader (line 45) | class JailReader(ConfigReader):
method __init__ (line 47) | def __init__(self, name, force_enable=False, **kwargs):
method options (line 56) | def options(self):
method setName (line 59) | def setName(self, value):
method getName (line 62) | def getName(self):
method read (line 65) | def read(self):
method isEnabled (line 74) | def isEnabled(self):
method _glob (line 79) | def _glob(path):
method getOptions (line 130) | def getOptions(self, addOpts=None):
method filter (line 235) | def filter(self):
method getCombined (line 238) | def getCombined(self):
method convert (line 243) | def convert(self, allow_no_files=False, systemd_if_nologs=True):
class JailDefError (line 315) | class JailDefError(Exception):
FILE: fail2ban/client/jailsreader.py
class JailsReader (line 35) | class JailsReader(ConfigReader):
method __init__ (line 37) | def __init__(self, force_enable=False, **kwargs):
method jails (line 50) | def jails(self):
method read (line 53) | def read(self):
method getOptions (line 57) | def getOptions(self, section=None, ignoreWrong=True):
method convert (line 91) | def convert(self, allow_no_files=False, systemd_if_nologs=True):
FILE: fail2ban/compat/asynchat.py
class async_chat (line 55) | class async_chat(asyncore.dispatcher):
method __init__ (line 70) | def __init__(self, sock=None, map=None):
method collect_incoming_data (line 84) | def collect_incoming_data(self, data):
method _collect_incoming_data (line 87) | def _collect_incoming_data(self, data):
method _get_data (line 90) | def _get_data(self):
method found_terminator (line 95) | def found_terminator(self):
method set_terminator (line 98) | def set_terminator(self, term):
method get_terminator (line 109) | def get_terminator(self):
method handle_read (line 117) | def handle_read(self):
method handle_write (line 189) | def handle_write(self):
method handle_close (line 192) | def handle_close(self):
method push (line 195) | def push(self, data):
method push_with_producer (line 207) | def push_with_producer(self, producer):
method readable (line 211) | def readable(self):
method writable (line 219) | def writable(self):
method close_when_done (line 223) | def close_when_done(self):
method initiate_send (line 227) | def initiate_send(self):
method discard_buffers (line 267) | def discard_buffers(self):
class simple_producer (line 274) | class simple_producer:
method __init__ (line 276) | def __init__(self, data, buffer_size=512):
method more (line 280) | def more(self):
function find_prefix_at_end (line 306) | def find_prefix_at_end(haystack, needle):
FILE: fail2ban/compat/asyncore.py
function _strerror (line 68) | def _strerror(err):
class ExitNow (line 76) | class ExitNow(Exception):
function read (line 81) | def read(obj):
function write (line 89) | def write(obj):
function _exception (line 97) | def _exception(obj):
function readwrite (line 105) | def readwrite(obj, flags):
function poll (line 125) | def poll(timeout=0.0, map=None):
function poll2 (line 164) | def poll2(timeout=0.0, map=None):
function loop (line 192) | def loop(timeout=30.0, use_poll=False, map=None, count=None):
class dispatcher (line 210) | class dispatcher:
method __init__ (line 220) | def __init__(self, sock=None, map=None):
method __repr__ (line 252) | def __repr__(self):
method add_channel (line 265) | def add_channel(self, map=None):
method del_channel (line 271) | def del_channel(self, map=None):
method create_socket (line 280) | def create_socket(self, family=socket.AF_INET, type=socket.SOCK_STREAM):
method set_socket (line 286) | def set_socket(self, sock, map=None):
method set_reuse_addr (line 291) | def set_reuse_addr(self):
method readable (line 308) | def readable(self):
method writable (line 311) | def writable(self):
method listen (line 318) | def listen(self, num):
method bind (line 324) | def bind(self, addr):
method connect (line 328) | def connect(self, address):
method accept (line 342) | def accept(self):
method send (line 356) | def send(self, data):
method recv (line 369) | def recv(self, buffer_size):
method close (line 387) | def close(self):
method log (line 403) | def log(self, message):
method log_info (line 406) | def log_info(self, message, type='info'):
method handle_read_event (line 410) | def handle_read_event(self):
method handle_connect_event (line 422) | def handle_connect_event(self):
method handle_write_event (line 430) | def handle_write_event(self):
method handle_expt_event (line 441) | def handle_expt_event(self):
method handle_error (line 456) | def handle_error(self):
method handle_expt (line 476) | def handle_expt(self):
method handle_read (line 479) | def handle_read(self):
method handle_write (line 482) | def handle_write(self):
method handle_connect (line 485) | def handle_connect(self):
method handle_accept (line 488) | def handle_accept(self):
method handle_accepted (line 493) | def handle_accepted(self, sock, addr):
method handle_close (line 497) | def handle_close(self):
class dispatcher_with_send (line 506) | class dispatcher_with_send(dispatcher):
method __init__ (line 508) | def __init__(self, sock=None, map=None):
method initiate_send (line 512) | def initiate_send(self):
method handle_write (line 517) | def handle_write(self):
method writable (line 520) | def writable(self):
method send (line 523) | def send(self, data):
function compact_traceback (line 533) | def compact_traceback():
function close_all (line 553) | def close_all(map=None, ignore_all=False):
class file_wrapper (line 585) | class file_wrapper:
method __init__ (line 590) | def __init__(self, fd):
method __del__ (line 593) | def __del__(self):
method recv (line 599) | def recv(self, *args):
method send (line 602) | def send(self, *args):
method getsockopt (line 605) | def getsockopt(self, level, optname, buflen=None):
method close (line 616) | def close(self):
method fileno (line 623) | def fileno(self):
class file_dispatcher (line 626) | class file_dispatcher(dispatcher):
method __init__ (line 628) | def __init__(self, fd, map=None):
method set_file (line 639) | def set_file(self, fd):
FILE: fail2ban/exceptions.py
class DuplicateJailException (line 30) | class DuplicateJailException(Exception):
class UnknownJailException (line 34) | class UnknownJailException(KeyError):
FILE: fail2ban/helpers.py
function __extend_compat_path (line 45) | def __extend_compat_path():
function uni_decode (line 72) | def uni_decode(x, enc=PREFER_ENC, errors='strict'):
function uni_string (line 81) | def uni_string(x):
function uni_bytes (line 85) | def uni_bytes(x):
function _as_bool (line 88) | def _as_bool(val):
function formatExceptionInfo (line 93) | def formatExceptionInfo():
function mbasename (line 105) | def mbasename(s):
class TraceBack (line 118) | class TraceBack(object):
method __init__ (line 122) | def __init__(self, compress=False):
method __call__ (line 134) | def __call__(self):
class FormatterWithTraceBack (line 164) | class FormatterWithTraceBack(logging.Formatter):
method __init__ (line 169) | def __init__(self, fmt, *args, **kwargs):
method format (line 174) | def format(self, record):
function __stopOnIOError (line 180) | def __stopOnIOError(logSys=None, logHndlr=None): # pragma: no cover
function __safeLog (line 195) | def __safeLog(self, level, msg, args, **kwargs):
function __safeLogFlush (line 228) | def __safeLogFlush(self):
function getLogger (line 239) | def getLogger(name):
function str2LogLevel (line 246) | def str2LogLevel(value):
function getVerbosityFormat (line 256) | def getVerbosityFormat(verbosity, fmt=' %(message)s', addtime=True, padd...
function excepthook (line 278) | def excepthook(exctype, value, traceback):
function removeComments (line 286) | def removeComments(s):
function splitwords (line 296) | def splitwords(s, ignoreComments=False):
function _merge_dicts (line 308) | def _merge_dicts(x, y):
function _merge_copy_dicts (line 315) | def _merge_copy_dicts(x, y):
function extractOptions (line 338) | def extractOptions(option):
function splitWithOptions (line 359) | def splitWithOptions(option):
function substituteRecursiveTags (line 373) | def substituteRecursiveTags(inptags, conditional='',
function prctl_set_th_name (line 473) | def prctl_set_th_name(name):
function prctl_set_th_name (line 484) | def prctl_set_th_name(name):
class BgService (line 488) | class BgService(object):
method __new__ (line 497) | def __new__(cls):
method __init__ (line 503) | def __init__(self):
method service (line 514) | def service(self, force=False, wait=False):
FILE: fail2ban/protocol.py
function output (line 29) | def output(s):
class dotdict (line 38) | class dotdict(dict):
method __getattr__ (line 39) | def __getattr__(self, name):
function printFormatted (line 163) | def printFormatted():
function printWiki (line 187) | def printWiki():
function __printWikiHeader (line 201) | def __printWikiHeader(section, desc):
FILE: fail2ban/server/action.py
class CallingMap (line 74) | class CallingMap(MutableMapping, object):
method __init__ (line 95) | def __init__(self, *args, **kwargs):
method reset (line 100) | def reset(self, immutable=True):
method _asrepr (line 108) | def _asrepr(self, calculated=False):
method _asdict (line 114) | def _asdict(self, calculated=False, checker=None):
method getRawItem (line 132) | def getRawItem(self, key):
method __getitem__ (line 139) | def __getitem__(self, key):
method __setitem__ (line 150) | def __setitem__(self, key, value):
method __unavailable (line 159) | def __unavailable(self, key):
method __delitem__ (line 162) | def __delitem__(self, key):
method __iter__ (line 175) | def __iter__(self):
method __len__ (line 178) | def __len__(self):
method copy (line 181) | def copy(self):
class ActionBase (line 185) | class ActionBase(object, metaclass=ABCMeta):
method __subclasshook__ (line 217) | def __subclasshook__(cls, C):
method __init__ (line 230) | def __init__(self, jail, name):
method start (line 235) | def start(self): # pragma: no cover - abstract
method stop (line 240) | def stop(self): # pragma: no cover - abstract
method ban (line 245) | def ban(self, aInfo): # pragma: no cover - abstract
method reban (line 256) | def reban(self, aInfo): # pragma: no cover - abstract
method _prolongable (line 268) | def _prolongable(self): # pragma: no cover - abstract
method unban (line 271) | def unban(self, aInfo): # pragma: no cover - abstract
class CommandAction (line 288) | class CommandAction(ActionBase):
method clearAllParams (line 318) | def clearAllParams(self):
method __init__ (line 344) | def __init__(self, jail, name):
method __subclasshook__ (line 354) | def __subclasshook__(cls, C):
method __setattr__ (line 357) | def __setattr__(self, name, value):
method __delattr__ (line 375) | def __delattr__(self, name):
method _properties (line 386) | def _properties(self):
method _substCache (line 403) | def _substCache(self):
method _getOperation (line 406) | def _getOperation(self, tag, family):
method _operationExecuted (line 417) | def _operationExecuted(self, tag, family, *args):
method _executeOperation (line 443) | def _executeOperation(self, tag, operation, family=[], afterExec=None):
method _hasCondSection (line 483) | def _hasCondSection(self):
method _families (line 496) | def _families(self):
method _startOnDemand (line 511) | def _startOnDemand(self):
method start (line 521) | def start(self):
method _start (line 529) | def _start(self, family=None, forceStart=False):
method ban (line 549) | def ban(self, aInfo, cmd='<actionban>'):
method _prolongable (line 572) | def _prolongable(self):
method prolong (line 576) | def prolong(self, aInfo):
method unban (line 591) | def unban(self, aInfo):
method reban (line 608) | def reban(self, aInfo):
method flush (line 623) | def flush(self):
method stop (line 642) | def stop(self):
method _stop (line 650) | def _stop(self, family=None):
method reload (line 673) | def reload(self, **kwargs):
method consistencyCheck (line 686) | def consistencyCheck(self, beforeRepair=None):
method escapeTag (line 703) | def escapeTag(cls, value):
method replaceTag (line 732) | def replaceTag(cls, query, aInfo, conditional='', addrepl=None, cache=...
method replaceDynamicTags (line 825) | def replaceDynamicTags(cls, realCmd, aInfo, escapeVal=None):
method banEpoch (line 899) | def banEpoch(self):
method invalidateBanEpoch (line 901) | def invalidateBanEpoch(self):
method _invariantCheck (line 909) | def _invariantCheck(self, family=None, beforeRepair=None, forceStart=T...
method _processCmd (line 949) | def _processCmd(self, cmd, aInfo=None):
method executeCmd (line 1013) | def executeCmd(realCmd, timeout=60, **kwargs):
FILE: fail2ban/server/actions.py
class Actions (line 50) | class Actions(JailThread, Mapping):
method __init__ (line 78) | def __init__(self, jail):
method _load_python_module (line 93) | def _load_python_module(pythonModule):
method add (line 105) | def add(self, name, pythonModule=None, initOpts=None, reload=False):
method reload (line 151) | def reload(self, begin=True):
method __getitem__ (line 172) | def __getitem__(self, name):
method __delitem__ (line 178) | def __delitem__(self, name):
method __iter__ (line 184) | def __iter__(self):
method __len__ (line 187) | def __len__(self):
method __eq__ (line 190) | def __eq__(self, other): # Required for Threading
method __hash__ (line 193) | def __hash__(self): # Required for Threading
method setBanTime (line 201) | def setBanTime(self, value):
method getBanTime (line 211) | def getBanTime(self):
method getBanned (line 214) | def getBanned(self, ids):
method getBanList (line 222) | def getBanList(self, withTime=False):
method addBannedIP (line 232) | def addBannedIP(self, ip):
method removeBannedIP (line 245) | def removeBannedIP(self, ip=None, db=True, ifexists=False):
method stopActions (line 303) | def stopActions(self, actions=None):
method run (line 319) | def run(self):
class ActionInfo (line 370) | class ActionInfo(CallingMap):
method __init__ (line 405) | def __init__(self, ticket, jail=None, immutable=True, data=AI_DICT):
method copy (line 412) | def copy(self): # pragma: no cover
method _getBanTime (line 415) | def _getBanTime(self):
method _mi4ip (line 420) | def _mi4ip(self, overalljails=False):
method _getActionInfo (line 463) | def _getActionInfo(self, ticket):
method __getFailTickets (line 469) | def __getFailTickets(self, count=100):
method __checkBan (line 479) | def __checkBan(self, tickets=None):
method __reBan (line 564) | def __reBan(self, ticket, actions=None, log=True):
method _prolongBan (line 598) | def _prolongBan(self, ticket):
method __checkUnBan (line 621) | def __checkUnBan(self, maxCount=None):
method __flushBan (line 635) | def __flushBan(self, db=False, actions=None, stop=False):
method __unBan (line 689) | def __unBan(self, ticket, actions=None, log="Unban"):
method status (line 720) | def status(self, flavor="basic"):
FILE: fail2ban/server/asyncserver.py
class RequestHandler (line 56) | class RequestHandler(asynchat.async_chat):
method __init__ (line 58) | def __init__(self, conn, transmitter):
method __close (line 66) | def __close(self):
method handle_close (line 76) | def handle_close(self):
method collect_incoming_data (line 80) | def collect_incoming_data(self, data):
class LoadError (line 85) | class LoadError(Exception):
method found_terminator (line 93) | def found_terminator(self):
method handle_error (line 131) | def handle_error(self):
function loop (line 144) | def loop(active, timeout=None, use_poll=False, err_count=None):
class AsyncServer (line 198) | class AsyncServer(asyncore.dispatcher):
method __init__ (line 200) | def __init__(self, transmitter):
method writable (line 212) | def writable(self):
method handle_accept (line 215) | def handle_accept(self):
method start (line 246) | def start(self, sock, force, timeout=None, use_poll=False):
method close (line 277) | def close(self):
method stop_communication (line 305) | def stop_communication(self):
method stop (line 313) | def stop(self):
method isActive (line 318) | def isActive(self):
method _remove_sock (line 324) | def _remove_sock(self):
method __markCloseOnExec (line 338) | def __markCloseOnExec(sock):
class AsyncServerException (line 347) | class AsyncServerException(Exception):
FILE: fail2ban/server/banmanager.py
class BanManager (line 43) | class BanManager:
method __init__ (line 50) | def __init__(self):
method setBanTime (line 68) | def setBanTime(self, value):
method getBanTime (line 77) | def getBanTime(self):
method setBanTotal (line 85) | def setBanTotal(self, value):
method getBanTotal (line 93) | def getBanTotal(self):
method getBanList (line 101) | def getBanList(self, ordered=False, withTime=False):
method __iter__ (line 123) | def __iter__(self):
method handleBlankResult (line 133) | def handleBlankResult(value):
method getBanListExtendedCymruInfo (line 144) | def getBanListExtendedCymruInfo(self, timeout=10):
method geBanListExtendedASN (line 223) | def geBanListExtendedASN(self, cymru_info):
method geBanListExtendedCountry (line 238) | def geBanListExtendedCountry(self, cymru_info):
method geBanListExtendedRIR (line 253) | def geBanListExtendedRIR(self, cymru_info):
method addBanTicket (line 268) | def addBanTicket(self, ticket, reason={}):
method size (line 305) | def size(self):
method _inBanList (line 316) | def _inBanList(self, ticket):
method unBanList (line 326) | def unBanList(self, time, maxCount=0x7fffffff):
method flushBanList (line 368) | def flushBanList(self):
method getTicketByID (line 378) | def getTicketByID(self, fid):
FILE: fail2ban/server/database.py
function _json_default (line 42) | def _json_default(x):
function _json_dumps_safe (line 48) | def _json_dumps_safe(x):
function _json_loads_safe (line 58) | def _json_loads_safe(x):
function commitandrollback (line 71) | def commitandrollback(f):
class Fail2BanDb (line 84) | class Fail2BanDb(object):
method __init__ (line 166) | def __init__(self, filename, purgeAge=24*60*60, outDatedFactor=3):
method _connectDB (line 174) | def _connectDB(self, checkIntegrity=False):
method close (line 255) | def close(self):
method _dbBackupFilename (line 261) | def _dbBackupFilename(self):
method repairDB (line 268) | def repairDB(self):
method filename (line 304) | def filename(self):
method purgeage (line 310) | def purgeage(self):
method purgeage (line 316) | def purgeage(self, value):
method _createDb (line 319) | def _createDb(self, cur, incremental=False):
method createDb (line 333) | def createDb(self, cur, incremental=False):
method _tableExists (line 336) | def _tableExists(self, cur, table):
method updateDb (line 343) | def updateDb(self, cur, version):
method addJail (line 396) | def addJail(self, cur, jail):
method delJail (line 413) | def delJail(self, cur, jail):
method delAllJails (line 426) | def delAllJails(self, cur):
method getJailNames (line 433) | def getJailNames(self, cur, enabled=None):
method addLog (line 451) | def addLog(self, cur, jail, container):
method _addLog (line 469) | def _addLog(self, cur, jail, name, pos=0, md5=None):
method getLogPaths (line 489) | def getLogPaths(self, cur, jail=None):
method updateLog (line 513) | def updateLog(self, cur, jail, container):
method _updateLog (line 525) | def _updateLog(self, cur, jail, name, pos, md5):
method getJournalPos (line 536) | def getJournalPos(self, cur, jail, name, time=0, iso=None):
method updateJournal (line 554) | def updateJournal(self, cur, jail, name, time, iso):
method addBan (line 567) | def addBan(self, cur, jail, ticket):
method delBan (line 606) | def delBan(self, cur, jail, *args):
method _getBans (line 632) | def _getBans(self, cur, jail=None, bantime=None, ip=None):
method getBans (line 650) | def getBans(self, **kwargs):
method getBansMerged (line 676) | def getBansMerged(self, ip=None, jail=None, bantime=None):
method getBan (line 748) | def getBan(self, cur, ip, jail=None, forbantime=None, overalljails=Non...
method _getCurrentBans (line 770) | def _getCurrentBans(self, cur, jail = None, ip = None, forbantime=None...
method getCurrentBans (line 791) | def getCurrentBans(self, jail=None, ip=None, forbantime=None, fromtime...
method _cleanjails (line 863) | def _cleanjails(self, cur):
method _purge_bips (line 871) | def _purge_bips(self, cur):
method purge (line 881) | def purge(self, cur):
FILE: fail2ban/server/datedetector.py
function _getPatternTemplate (line 44) | def _getPatternTemplate(pattern, key=None):
function _getAnchoredTemplate (line 68) | def _getAnchoredTemplate(template, wrap=lambda s: '{^LN-BEG}' + s):
class DateDetectorCache (line 89) | class DateDetectorCache(object):
method __init__ (line 92) | def __init__(self):
method templates (line 97) | def templates(self):
method _cacheTemplate (line 108) | def _cacheTemplate(self, template):
method defaultTemplates (line 180) | def defaultTemplates(self):
method _addDefaultTemplate (line 187) | def _addDefaultTemplate(self):
class DateDetectorTemplate (line 199) | class DateDetectorTemplate(object):
method __init__ (line 205) | def __init__(self, template):
method weight (line 213) | def weight(self):
method __getattr__ (line 216) | def __getattr__(self, name):
class DateDetector (line 222) | class DateDetector(object):
method __init__ (line 231) | def __init__(self):
method _appendTemplate (line 247) | def _appendTemplate(self, template, ignoreDup=False):
method appendTemplate (line 258) | def appendTemplate(self, template):
method addDefaultTemplate (line 298) | def addDefaultTemplate(self, filterTemplate=None, preMatch=None, allDe...
method templates (line 322) | def templates(self):
method matchTime (line 327) | def matchTime(self, line):
method default_tz (line 468) | def default_tz(self):
method default_tz (line 472) | def default_tz(self, value):
method getTime (line 475) | def getTime(self, line, timeMatch=None):
method _reorderTemplate (line 511) | def _reorderTemplate(self, num):
FILE: fail2ban/server/datetemplate.py
class DateTemplate (line 57) | class DateTemplate(object):
method __init__ (line 74) | def __init__(self):
method getRegex (line 83) | def getRegex(self):
method setRegex (line 86) | def setRegex(self, regex, wordBegin=True, wordEnd=True):
method _compileRegex (line 154) | def _compileRegex(self):
method matchDate (line 165) | def matchDate(self, line, *args):
method getDate (line 178) | def getDate(self, line, dateMatch=None, default_tz=None):
method unboundPattern (line 200) | def unboundPattern(pattern):
class DateEpoch (line 208) | class DateEpoch(DateTemplate):
method __init__ (line 220) | def __init__(self, lineBeginOnly=False, pattern=None, longFrm=False):
method getDate (line 243) | def getDate(self, line, dateMatch=None, default_tz=None):
class DatePatternRegex (line 271) | class DatePatternRegex(DateTemplate):
method __init__ (line 289) | def __init__(self, pattern=None, **kwargs):
method pattern (line 296) | def pattern(self):
method pattern (line 308) | def pattern(self, pattern):
method setRegex (line 311) | def setRegex(self, pattern, wordBegin=True, wordEnd=True):
method getDate (line 334) | def getDate(self, line, dateMatch=None, default_tz=None):
class DateTai64n (line 359) | class DateTai64n(DateTemplate):
method __init__ (line 368) | def __init__(self, wordBegin=False):
method getDate (line 374) | def getDate(self, line, dateMatch=None, default_tz=None):
FILE: fail2ban/server/failmanager.py
class FailManager (line 38) | class FailManager:
method __init__ (line 40) | def __init__(self):
method setFailTotal (line 49) | def setFailTotal(self, value):
method getFailTotal (line 52) | def getFailTotal(self):
method getFailCount (line 55) | def getFailCount(self):
method setMaxRetry (line 60) | def setMaxRetry(self, value):
method getMaxRetry (line 63) | def getMaxRetry(self):
method setMaxTime (line 66) | def setMaxTime(self, value):
method getMaxTime (line 69) | def getMaxTime(self):
method addFailure (line 72) | def addFailure(self, ticket, count=1, observed=False):
method size (line 126) | def size(self):
method cleanup (line 129) | def cleanup(self, time):
method delFailure (line 150) | def delFailure(self, fid):
method toBan (line 157) | def toBan(self, fid=None):
class FailManagerEmpty (line 168) | class FailManagerEmpty(Exception):
FILE: fail2ban/server/failregex.py
function mapTag2Opt (line 100) | def mapTag2Opt(tag):
class Regex (line 120) | class Regex:
method __init__ (line 129) | def __init__(self, regex, multiline=False, **kwargs):
method __str__ (line 163) | def __str__(self):
method _resolveHostTag (line 173) | def _resolveHostTag(regex, useDns="yes"):
method getRegex (line 227) | def getRegex(self):
method _tupleLinesBuf (line 234) | def _tupleLinesBuf(tupleLines):
method search (line 245) | def search(self, tupleLines, orgLines=None):
method hasMatched (line 291) | def hasMatched(self):
method _getGroups (line 301) | def _getGroups(self):
method _getGroupsWithAlt (line 304) | def _getGroupsWithAlt(self):
method getGroups (line 325) | def getGroups(self): # pragma: no cover - abstract function (replaced ...
method getSkippedLines (line 334) | def getSkippedLines(self):
method getUnmatchedTupleLines (line 359) | def getUnmatchedTupleLines(self):
method getUnmatchedLines (line 365) | def getUnmatchedLines(self):
method getMatchedTupleLines (line 378) | def getMatchedTupleLines(self):
method getMatchedLines (line 384) | def getMatchedLines(self):
class RegexException (line 394) | class RegexException(Exception):
class FailRegex (line 414) | class FailRegex(Regex):
method __init__ (line 423) | def __init__(self, regex, prefRegex=None, **kwargs):
method getFailID (line 439) | def getFailID(self, groups=FAILURE_ID_GROPS):
method getHost (line 461) | def getHost(self):
method getIP (line 464) | def getIP(self):
FILE: fail2ban/server/filter.py
class Filter (line 57) | class Filter(JailThread):
method __init__ (line 65) | def __init__(self, jail, useDns='warn'):
method __repr__ (line 134) | def __repr__(self):
method jailName (line 138) | def jailName(self):
method clearAllParams (line 141) | def clearAllParams(self):
method reload (line 148) | def reload(self, begin=True):
method mlfidCache (line 163) | def mlfidCache(self):
method prefRegex (line 170) | def prefRegex(self):
method prefRegex (line 173) | def prefRegex(self, value):
method addFailRegex (line 186) | def addFailRegex(self, value):
method delFailRegex (line 196) | def delFailRegex(self, index=None):
method getFailRegex (line 213) | def getFailRegex(self):
method addIgnoreRegex (line 223) | def addIgnoreRegex(self, value):
method delIgnoreRegex (line 231) | def delIgnoreRegex(self, index=None):
method getIgnoreRegex (line 248) | def getIgnoreRegex(self):
method setUseDns (line 258) | def setUseDns(self, value):
method getUseDns (line 273) | def getUseDns(self):
method setFindTime (line 283) | def setFindTime(self, value):
method getFindTime (line 294) | def getFindTime(self):
method setDatePattern (line 302) | def setDatePattern(self, pattern):
method getDatePattern (line 320) | def getDatePattern(self):
method setLogTimeZone (line 339) | def setLogTimeZone(self, tz):
method getLogTimeZone (line 349) | def getLogTimeZone(self):
method setMaxRetry (line 357) | def setMaxRetry(self, value):
method getMaxRetry (line 366) | def getMaxRetry(self):
method setMaxLines (line 374) | def setMaxLines(self, value):
method getMaxLines (line 385) | def getMaxLines(self):
method setLogEncoding (line 393) | def setLogEncoding(self, encoding):
method getLogEncoding (line 406) | def getLogEncoding(self):
method run (line 416) | def run(self): # pragma: no cover
method ignoreCommand (line 424) | def ignoreCommand(self):
method ignoreCommand (line 428) | def ignoreCommand(self, command):
method ignoreCache (line 436) | def ignoreCache(self):
method ignoreCache (line 441) | def ignoreCache(self, command):
method performBan (line 449) | def performBan(self, ip=None):
method performSvc (line 460) | def performSvc(self, force=False):
method addAttempt (line 469) | def addAttempt(self, ip, *matches):
method ignoreSelf (line 498) | def ignoreSelf(self):
method ignoreSelf (line 502) | def ignoreSelf(self, value):
method addIgnoreIP (line 512) | def addIgnoreIP(self, ipstr):
method delIgnoreIP (line 536) | def delIgnoreIP(self, ip=None):
method logIgnoreIp (line 554) | def logIgnoreIp(self, ip, log_ignore, ignore_source="unknown source"):
method getIgnoreIP (line 558) | def getIgnoreIP(self):
method inIgnoreIPList (line 569) | def inIgnoreIPList(self, ip, log_ignore=True):
method _inIgnoreIPList (line 578) | def _inIgnoreIPList(self, ip, ticket, log_ignore=True):
method _logWarnOnce (line 626) | def _logWarnOnce(self, nextLTM, *args):
method processLine (line 635) | def processLine(self, line, date=None):
method processLineAndAdd (line 718) | def processLineAndAdd(self, line, date=None):
method commonError (line 755) | def commonError(self, reason="common", exc=None):
method _ignoreLine (line 765) | def _ignoreLine(self, buf, orgBuffer, failRegex=None):
method _updateUsers (line 786) | def _updateUsers(self, fail, user=()):
method _mergeFailure (line 796) | def _mergeFailure(self, mlfid, fail, failRegex):
method findFailure (line 856) | def findFailure(self, tupleLine, date, noDate=False):
method status (line 995) | def status(self, flavor="basic"):
class FileFilter (line 1005) | class FileFilter(Filter):
method __init__ (line 1007) | def __init__(self, jail, **kwargs):
method addLogPath (line 1018) | def addLogPath(self, path, tail=False, autoSeek=True):
method _addLogPath (line 1037) | def _addLogPath(self, path):
method delLogPath (line 1047) | def delLogPath(self, path):
method _delLogPath (line 1056) | def _delLogPath(self, path): # pragma: no cover - overwritten function
method getLogPaths (line 1066) | def getLogPaths(self):
method getLogs (line 1074) | def getLogs(self):
method getLogCount (line 1082) | def getLogCount(self):
method containsLogPath (line 1091) | def containsLogPath(self, path):
method setLogEncoding (line 1099) | def setLogEncoding(self, encoding):
method getLog (line 1104) | def getLog(self, path):
method getFailures (line 1114) | def getFailures(self, filename, inOperation=None):
method seekToTime (line 1186) | def seekToTime(self, container, date, accuracy=3):
method status (line 1273) | def status(self, flavor="basic"):
method _updateDBPending (line 1283) | def _updateDBPending(self):
method afterStop (line 1294) | def afterStop(self):
class FileContainer (line 1326) | class FileContainer:
method __init__ (line 1328) | def __init__(self, filename, encoding, tail=False, doOpen=False):
method __hash__ (line 1361) | def __hash__(self):
method __eq__ (line 1363) | def __eq__(self, other):
method __repr__ (line 1367) | def __repr__(self):
method getFileName (line 1370) | def getFileName(self):
method getFileSize (line 1373) | def getFileSize(self):
method setEncoding (line 1380) | def setEncoding(self, encoding):
method getEncoding (line 1384) | def getEncoding(self):
method getHash (line 1387) | def getHash(self):
method getPos (line 1390) | def getPos(self):
method setPos (line 1393) | def setPos(self, value):
method open (line 1396) | def open(self, forcePos=None):
method seek (line 1439) | def seek(self, offs, endLine=True):
method tell (line 1452) | def tell(self):
method decode_line (line 1457) | def decode_line(filename, enc, line):
method readline (line 1480) | def readline(self, complete=True):
method close (line 1535) | def close(self):
method __iter__ (line 1543) | def __iter__(self):
method __next__ (line 1545) | def __next__(self):
class JournalFilter (line 1560) | class JournalFilter(Filter): # pragma: systemd no cover
method clearAllParams (line 1562) | def clearAllParams(self):
method addJournalMatch (line 1566) | def addJournalMatch(self, match): # pragma: no cover - Base class, not...
method delJournalMatch (line 1569) | def delJournalMatch(self, match=None): # pragma: no cover - Base class...
method getJournalMatch (line 1572) | def getJournalMatch(self, match): # pragma: no cover - Base class, not...
FILE: fail2ban/server/filterpoll.py
class FilterPoll (line 46) | class FilterPoll(FileFilter):
method __init__ (line 54) | def __init__(self, jail):
method _addLogPath (line 66) | def _addLogPath(self, path):
method _delLogPath (line 75) | def _delLogPath(self, path):
method getModified (line 82) | def getModified(self, modlst):
method run (line 95) | def run(self):
method isModified (line 135) | def isModified(self, filename):
method getPendingPaths (line 175) | def getPendingPaths(self):
FILE: fail2ban/server/filterpyinotify.py
function _pyinotify_logger_init (line 53) | def _pyinotify_logger_init(): # pragma: no cover
class FilterPyinotify (line 65) | class FilterPyinotify(FileFilter):
method __init__ (line 72) | def __init__(self, jail):
method callback (line 84) | def callback(self, event, origin=''):
method _process_file (line 130) | def _process_file(self, path):
method _addPending (line 139) | def _addPending(self, path, reason, isDir=False):
method _delPending (line 148) | def _delPending(self, path):
method getPendingPaths (line 153) | def getPendingPaths(self):
method _checkPending (line 156) | def _checkPending(self):
method _refreshWatcher (line 201) | def _refreshWatcher(self, oldPath, newPath=None, isDir=False):
method _addFileWatcher (line 212) | def _addFileWatcher(self, path):
method _delWatch (line 220) | def _delWatch(self, wdInt):
method _delFileWatcher (line 232) | def _delFileWatcher(self, path):
method _addDirWatcher (line 243) | def _addDirWatcher(self, path_dir):
method _delDirWatcher (line 252) | def _delDirWatcher(self, path_dir):
method _addLogPath (line 267) | def _addLogPath(self, path):
method _delLogPath (line 280) | def _delLogPath(self, path):
method __process_default (line 297) | def __process_default(self, event):
method __notify_maxtout (line 308) | def __notify_maxtout(self):
method run (line 319) | def run(self):
method afterStop (line 377) | def afterStop(self):
method join (line 388) | def join(self):
method __cleanup (line 397) | def __cleanup(self):
FILE: fail2ban/server/filtersystemd.py
function _getSystemdPath (line 42) | def _getSystemdPath(path):
function _globJournalFiles (line 55) | def _globJournalFiles(flags=None, path=None):
class FilterSystemd (line 93) | class FilterSystemd(JournalFilter): # pragma: systemd no cover
method __init__ (line 100) | def __init__(self, jail, **kwargs):
method _getJournalArgs (line 112) | def _getJournalArgs(kwargs):
method _journalAlive (line 168) | def _journalAlive(self):
method _reopenJournal (line 183) | def _reopenJournal(self): # pragma: no cover
method _addJournalMatches (line 211) | def _addJournalMatches(self, matches):
method addJournalMatch (line 228) | def addJournalMatch(self, match):
method resetJournalMatches (line 250) | def resetJournalMatches(self):
method delJournalMatch (line 268) | def delJournalMatch(self, match=None):
method getJournalMatch (line 288) | def getJournalMatch(self):
method getJournalReader (line 296) | def getJournalReader(self):
method getJrnEntTime (line 299) | def getJrnEntTime(self, logentry):
method formatJournalEntry (line 312) | def formatJournalEntry(self, logentry):
method seekToTime (line 356) | def seekToTime(self, date):
method inOperationMode (line 361) | def inOperationMode(self):
method run (line 373) | def run(self):
method closeJournal (line 530) | def closeJournal(self):
method status (line 540) | def status(self, flavor="basic"):
method _updateDBPending (line 548) | def _updateDBPending(self):
method afterStop (line 559) | def afterStop(self):
FILE: fail2ban/server/ipdns.py
function asip (line 40) | def asip(ip):
function getfqdn (line 46) | def getfqdn(name=''):
class DNSUtils (line 78) | class DNSUtils:
method dnsToIp (line 87) | def dnsToIp(dns):
method ipToName (line 117) | def ipToName(ip):
method textToIp (line 132) | def textToIp(text, useDns):
method getHostname (line 155) | def getHostname(fqdn=True):
method getSelfNames (line 180) | def getSelfNames():
method getNetIntrfIPs (line 198) | def getNetIntrfIPs():
method getSelfIPs (line 217) | def getSelfIPs():
method getIPsFromFile (line 236) | def getIPsFromFile(fileName, noError=True):
method _IPv6IsSupportedBySystem (line 252) | def _IPv6IsSupportedBySystem():
method setIPv6IsAllowed (line 284) | def setIPv6IsAllowed(value):
method IPv6IsAllowed (line 293) | def IPv6IsAllowed():
class IPAddr (line 319) | class IPAddr(object):
method _AF2FAM (line 343) | def _AF2FAM(v):
method __new__ (line 346) | def __new__(cls, ipstr, cidr=CIDR_UNSPEC):
method __wrap_ipstr (line 374) | def __wrap_ipstr(ipstr):
method __init (line 395) | def __init(self, ipstr, cidr=CIDR_UNSPEC):
method __repr__ (line 450) | def __repr__(self):
method __str__ (line 453) | def __str__(self):
method __reduce__ (line 456) | def __reduce__(self):
method addr (line 465) | def addr(self):
method family (line 469) | def family(self):
method familyStr (line 474) | def familyStr(self):
method instanceType (line 478) | def instanceType(self):
method plen (line 482) | def plen(self):
method raw (line 486) | def raw(self):
method isValid (line 495) | def isValid(self):
method isSingle (line 501) | def isSingle(self):
method __eq__ (line 506) | def __eq__(self, other):
method __ne__ (line 520) | def __ne__(self, other):
method __lt__ (line 523) | def __lt__(self, other):
method __add__ (line 531) | def __add__(self, other):
method __radd__ (line 536) | def __radd__(self, other):
method __hash__ (line 541) | def __hash__(self):
method hexdump (line 547) | def hexdump(self):
method ntoa (line 559) | def ntoa(self):
method getPTR (line 581) | def getPTR(self, suffix=None):
method getHost (line 602) | def getHost(self):
method isIPv4 (line 608) | def isIPv4(self):
method isIPv6 (line 614) | def isIPv6(self):
method isInNet (line 619) | def isInNet(self, net):
method contains (line 641) | def contains(self, ip):
method __contains__ (line 646) | def __contains__(self, ip):
method __getMaskMap (line 650) | def __getMaskMap():
method maskplen (line 665) | def maskplen(self):
method masktoplen (line 676) | def masktoplen(mask):
method searchIP (line 684) | def searchIP(text):
class IPAddrSet (line 700) | class IPAddrSet(set):
method __init__ (line 704) | def __init__(self, ips=[]):
method _list2set (line 710) | def _list2set(ips):
method instanceType (line 720) | def instanceType(self):
method set (line 723) | def set(self, ips):
method add (line 729) | def add(self, ip):
method __contains__ (line 734) | def __contains__(self, ip):
class FileIPAddrSet (line 740) | class FileIPAddrSet(IPAddrSet):
method __init__ (line 751) | def __init__(self, fileName=''):
method instanceType (line 756) | def instanceType(self):
method __eq__ (line 759) | def __eq__(self, other):
method _isModified (line 768) | def _isModified(self):
method load (line 785) | def load(self, forceReload=False, noError=True):
method __repr__ (line 800) | def __repr__(self):
method __contains__ (line 805) | def __contains__(self, ip):
function _NetworkInterfacesAddrs (line 813) | def _NetworkInterfacesAddrs(withMask=False):
FILE: fail2ban/server/jail.py
class Jail (line 39) | class Jail(object):
method __init__ (line 71) | def __init__(self, name, backend = "auto", db=None):
method __repr__ (line 89) | def __repr__(self):
method _setBackend (line 92) | def _setBackend(self, backend):
method _initPolling (line 130) | def _initPolling(self, **kwargs):
method _initPyinotify (line 135) | def _initPyinotify(self, **kwargs):
method _initSystemd (line 141) | def _initSystemd(self, **kwargs): # pragma: systemd no cover
method name (line 148) | def name(self):
method database (line 154) | def database(self):
method database (line 160) | def database(self, value):
method filter (line 164) | def filter(self):
method actions (line 170) | def actions(self):
method idle (line 176) | def idle(self):
method idle (line 182) | def idle(self, value):
method status (line 186) | def status(self, flavor="basic"):
method hasFailTickets (line 200) | def hasFailTickets(self):
method putFailTicket (line 205) | def putFailTicket(self, ticket):
method getFailTicket (line 214) | def getFailTicket(self):
method setBanTimeExtra (line 225) | def setBanTimeExtra(self, opt, value):
method getBanTimeExtra (line 270) | def getBanTimeExtra(self, opt=None):
method getMaxBanTime (line 275) | def getMaxBanTime(self):
method restoreCurrentBans (line 281) | def restoreCurrentBans(self, correctBanTime=True):
method start (line 317) | def start(self):
method stop (line 329) | def stop(self, stop=True, join=True):
method isAlive (line 350) | def isAlive(self):
FILE: fail2ban/server/jails.py
class Jails (line 34) | class Jails(Mapping):
method __init__ (line 44) | def __init__(self):
method add (line 48) | def add(self, name, backend, db=None):
method exists (line 74) | def exists(self, name):
method __getitem__ (line 77) | def __getitem__(self, name):
method __delitem__ (line 86) | def __delitem__(self, name):
method __len__ (line 95) | def __len__(self):
method __iter__ (line 102) | def __iter__(self):
FILE: fail2ban/server/jailthread.py
class JailThread (line 35) | class JailThread(Thread):
method __init__ (line 52) | def __init__(self, name=None):
method _bootstrap (line 81) | def _bootstrap(self):
method status (line 86) | def status(self, flavor="basic"): # pragma: no cover - abstract
method start (line 91) | def start(self):
method onStop (line 98) | def onStop(self): # pragma: no cover - absract
method stop (line 103) | def stop(self):
method done (line 113) | def done(self):
method run (line 123) | def run(self): # pragma: no cover - absract
method afterStop (line 128) | def afterStop(self):
method join (line 132) | def join(self):
FILE: fail2ban/server/mytime.py
class MyTime (line 33) | class MyTime:
method setAlternateNow (line 48) | def setAlternateNow(t):
method setTime (line 61) | def setTime(t):
method time (line 72) | def time():
method gmtime (line 84) | def gmtime():
method now (line 95) | def now():
method localtime (line 107) | def localtime(x=None):
method time2str (line 118) | def time2str(unixTime, format="%Y-%m-%d %H:%M:%S"):
method str2seconds (line 150) | def str2seconds(val):
class seconds2str (line 178) | class seconds2str():
method __init__ (line 189) | def __init__(self, sec):
method __str__ (line 191) | def __str__(self):
method __repr__ (line 234) | def __repr__(self):
FILE: fail2ban/server/observer.py
class ObserverThread (line 40) | class ObserverThread(JailThread):
method __init__ (line 63) | def __init__(self):
method __getitem__ (line 84) | def __getitem__(self, i):
method __delitem__ (line 90) | def __delitem__(self, i):
method __iter__ (line 96) | def __iter__(self):
method __len__ (line 99) | def __len__(self):
method __eq__ (line 102) | def __eq__(self, other): # Required for Threading
method __hash__ (line 105) | def __hash__(self): # Required for Threading
method add_named_timer (line 108) | def add_named_timer(self, name, starttime, *event):
method add_timer (line 121) | def add_timer(self, starttime, *event):
method _delayedEvent (line 136) | def _delayedEvent(self, endMyTime, endTime, event):
method pulse_notify (line 146) | def pulse_notify(self):
method add (line 155) | def add(self, *event):
method add_wn (line 163) | def add_wn(self, *event):
method call_lambda (line 170) | def call_lambda(self, l, *args):
method run (line 173) | def run(self):
method isAlive (line 253) | def isAlive(self):
method isActive (line 257) | def isActive(self, fromStr=None):
method start (line 263) | def start(self):
method stop (line 268) | def stop(self, wtime=5, forceQuit=True):
method is_full (line 292) | def is_full(self):
method wait_empty (line 296) | def wait_empty(self, sleeptime=None):
method wait_idle (line 316) | def wait_idle(self, sleeptime=None):
method paused (line 331) | def paused(self):
method paused (line 335) | def paused(self, pause):
method status (line 344) | def status(self):
method db_set (line 353) | def db_set(self, db):
method db_purge (line 356) | def db_purge(self):
method failureFound (line 367) | def failureFound(self, jail, ticket):
class BanTimeIncr (line 417) | class BanTimeIncr:
method __init__ (line 418) | def __init__(self, banTime, banCount):
method calcBanTime (line 422) | def calcBanTime(self, jail, banTime, banCount):
method incrBanTime (line 426) | def incrBanTime(self, jail, banTime, ticket):
method banFound (line 467) | def banFound(self, ticket, jail, btime):
method prolongBan (line 509) | def prolongBan(self, ticket, jail):
class _Observers (line 525) | class _Observers:
method __init__ (line 526) | def __init__(self):
FILE: fail2ban/server/server.py
function _thread_name (line 58) | def _thread_name():
function _make_file_path (line 61) | def _make_file_path(name):
class Server (line 74) | class Server:
method __init__ (line 76) | def __init__(self, daemon=False):
method __sigTERMhandler (line 97) | def __sigTERMhandler(self, signum, frame): # pragma: no cover - indire...
method __sigUSR1handler (line 101) | def __sigUSR1handler(self, signum, fname): # pragma: no cover - indire...
method _rebindSignal (line 105) | def _rebindSignal(self, s, new):
method start (line 110) | def start(self, sock, pidfile, force=False, observer=True, conf={}):
method quit (line 190) | def quit(self):
method addJail (line 237) | def addJail(self, name, backend):
method delJail (line 257) | def delJail(self, name, stop=True, join=True):
method startJail (line 266) | def startJail(self, name):
method stopJail (line 277) | def stopJail(self, name):
method stopAllJail (line 281) | def stopAllJail(self):
method clearCaches (line 291) | def clearCaches(self):
method reloadJails (line 296) | def reloadJails(self, name, opts, begin):
method setIdleJail (line 351) | def setIdleJail(self, name, value):
method getIdleJail (line 355) | def getIdleJail(self, name):
method setIgnoreSelf (line 359) | def setIgnoreSelf(self, name, value):
method getIgnoreSelf (line 362) | def getIgnoreSelf(self, name):
method addIgnoreIP (line 365) | def addIgnoreIP(self, name, ip):
method delIgnoreIP (line 368) | def delIgnoreIP(self, name, ip):
method getIgnoreIP (line 371) | def getIgnoreIP(self, name):
method addLogPath (line 374) | def addLogPath(self, name, fileName, tail=False):
method delLogPath (line 379) | def delLogPath(self, name, fileName):
method getLogPath (line 384) | def getLogPath(self, name):
method addJournalMatch (line 392) | def addJournalMatch(self, name, match): # pragma: systemd no cover
method delJournalMatch (line 397) | def delJournalMatch(self, name, match): # pragma: systemd no cover
method getJournalMatch (line 402) | def getJournalMatch(self, name): # pragma: systemd no cover
method setLogEncoding (line 410) | def setLogEncoding(self, name, encoding):
method getLogEncoding (line 414) | def getLogEncoding(self, name):
method setFindTime (line 418) | def setFindTime(self, name, value):
method getFindTime (line 421) | def getFindTime(self, name):
method setDatePattern (line 424) | def setDatePattern(self, name, pattern):
method getDatePattern (line 427) | def getDatePattern(self, name):
method setLogTimeZone (line 430) | def setLogTimeZone(self, name, tz):
method getLogTimeZone (line 433) | def getLogTimeZone(self, name):
method setIgnoreCommand (line 436) | def setIgnoreCommand(self, name, value):
method getIgnoreCommand (line 439) | def getIgnoreCommand(self, name):
method setIgnoreCache (line 442) | def setIgnoreCache(self, name, value):
method getIgnoreCache (line 446) | def getIgnoreCache(self, name):
method setPrefRegex (line 449) | def setPrefRegex(self, name, value):
method getPrefRegex (line 454) | def getPrefRegex(self, name):
method addFailRegex (line 457) | def addFailRegex(self, name, value, multiple=False):
method delFailRegex (line 464) | def delFailRegex(self, name, index=None):
method getFailRegex (line 467) | def getFailRegex(self, name):
method addIgnoreRegex (line 470) | def addIgnoreRegex(self, name, value, multiple=False):
method delIgnoreRegex (line 477) | def delIgnoreRegex(self, name, index):
method getIgnoreRegex (line 480) | def getIgnoreRegex(self, name):
method setUseDns (line 483) | def setUseDns(self, name, value):
method getUseDns (line 486) | def getUseDns(self, name):
method setMaxMatches (line 489) | def setMaxMatches(self, name, value):
method getMaxMatches (line 492) | def getMaxMatches(self, name):
method setMaxRetry (line 495) | def setMaxRetry(self, name, value):
method getMaxRetry (line 498) | def getMaxRetry(self, name):
method setMaxLines (line 501) | def setMaxLines(self, name, value):
method getMaxLines (line 504) | def getMaxLines(self, name):
method addAction (line 508) | def addAction(self, name, value, *args):
method getActions (line 513) | def getActions(self, name):
method delAction (line 516) | def delAction(self, name, value):
method getAction (line 519) | def getAction(self, name, value):
method setBanTime (line 522) | def setBanTime(self, name, value):
method addAttemptIP (line 525) | def addAttemptIP(self, name, *args):
method setBanIP (line 528) | def setBanIP(self, name, value):
method setUnbanIP (line 531) | def setUnbanIP(self, name=None, value=None, ifexists=True):
method banned (line 545) | def banned(self, name=None, ids=None):
method getBanTime (line 571) | def getBanTime(self, name):
method getBanList (line 574) | def getBanList(self, name, withTime=False):
method setBanTimeExtra (line 589) | def setBanTimeExtra(self, name, opt, value):
method getBanTimeExtra (line 592) | def getBanTimeExtra(self, name, opt):
method isStarted (line 595) | def isStarted(self):
method isAlive (line 598) | def isAlive(self, jailnum=None):
method status (line 607) | def status(self, name="", flavor="basic"):
method statusJail (line 628) | def statusJail(self, name, flavor="basic"):
method setLogLevel (line 644) | def setLogLevel(self, value):
method getLogLevel (line 661) | def getLogLevel(self):
method setLogTarget (line 671) | def setLogTarget(self, target):
method setSyslogSocket (line 780) | def setSyslogSocket(self, syslogsocket):
method getLogTarget (line 789) | def getLogTarget(self):
method getSyslogSocket (line 793) | def getSyslogSocket(self):
method flushLogs (line 797) | def flushLogs(self):
method setIPv6IsAllowed (line 814) | def setIPv6IsAllowed(value):
method setThreadOptions (line 818) | def setThreadOptions(self, value):
method getThreadOptions (line 825) | def getThreadOptions(self):
method setDatabase (line 828) | def setDatabase(self, filename):
method getDatabase (line 851) | def getDatabase(self):
method __get_fdlist (line 855) | def __get_fdlist():
method __createDaemon (line 874) | def __createDaemon(self): # pragma: no cover
class ServerInitializationError (line 956) | class ServerInitializationError(Exception):
FILE: fail2ban/server/strptime.py
function _updateTimeRE (line 73) | def _updateTimeRE():
function getTimePatternRE (line 118) | def getTimePatternRE():
function validateTimeZone (line 141) | def validateTimeZone(tz):
function zone2offset (line 160) | def zone2offset(tz, dt):
function reGroupDictStrptime (line 189) | def reGroupDictStrptime(found_dict, msec=False, default_tz=None):
function _init_TZ_ABBR (line 384) | def _init_TZ_ABBR():
FILE: fail2ban/server/ticket.py
class Ticket (line 35) | class Ticket(object):
method __init__ (line 43) | def __init__(self, ip=None, time=None, matches=None, data={}, ticket=N...
method __str__ (line 66) | def __str__(self):
method __repr__ (line 72) | def __repr__(self):
method __eq__ (line 75) | def __eq__(self, other):
method update (line 83) | def update(self, ticket):
method setID (line 89) | def setID(self, value):
method getID (line 95) | def getID(self):
method getIP (line 98) | def getIP(self):
method setTime (line 101) | def setTime(self, value):
method getTime (line 104) | def getTime(self):
method setBanTime (line 107) | def setBanTime(self, value):
method getBanTime (line 110) | def getBanTime(self, defaultBT=None):
method setBanCount (line 113) | def setBanCount(self, value, always=False):
method incrBanCount (line 117) | def incrBanCount(self, value=1):
method getBanCount (line 120) | def getBanCount(self):
method getEndOfBanTime (line 123) | def getEndOfBanTime(self, defaultBT=None):
method isTimedOut (line 131) | def isTimedOut(self, time, defaultBT=None):
method setAttempt (line 139) | def setAttempt(self, value):
method getAttempt (line 142) | def getAttempt(self):
method setMatches (line 145) | def setMatches(self, matches):
method getMatches (line 154) | def getMatches(self):
method restored (line 159) | def restored(self):
method restored (line 162) | def restored(self, value):
method banned (line 169) | def banned(self):
method banned (line 172) | def banned(self, value):
method setData (line 178) | def setData(self, *args, **argv):
method getData (line 196) | def getData(self, key=None, default=None):
method banEpoch (line 218) | def banEpoch(self):
method banEpoch (line 221) | def banEpoch(self, value):
class FailTicket (line 225) | class FailTicket(Ticket):
method __init__ (line 227) | def __init__(self, ip=None, time=None, matches=None, data={}, ticket=N...
method setRetry (line 238) | def setRetry(self, value):
method getRetry (line 249) | def getRetry(self):
method adjustTime (line 255) | def adjustTime(self, time, maxTime):
method inc (line 268) | def inc(self, matches=None, attempt=1, count=1):
method wrap (line 279) | def wrap(o):
class BanTicket (line 288) | class BanTicket(FailTicket):
method wrap (line 291) | def wrap(o):
FILE: fail2ban/server/transmitter.py
class Transmitter (line 37) | class Transmitter:
method __init__ (line 44) | def __init__(self, server):
method proceed (line 54) | def proceed(self, command):
method __commandHandler (line 72) | def __commandHandler(self, command):
method __commandSet (line 156) | def __commandSet(self, command, multiple=False):
method __commandGet (line 412) | def __commandGet(self, command):
method status (line 513) | def status(self, command):
FILE: fail2ban/server/utils.py
class Utils (line 56) | class Utils():
class Cache (line 66) | class Cache(object):
method __init__ (line 70) | def __init__(self, *args, **kwargs):
method setOptions (line 75) | def setOptions(self, maxCount=1000, maxTime=60):
method __len__ (line 79) | def __len__(self):
method get (line 82) | def get(self, k, defv=None):
method set (line 90) | def set(self, k, v):
method unset (line 106) | def unset(self, k):
method clear (line 110) | def clear(self):
method setFBlockMode (line 116) | def setFBlockMode(fhandle, value):
method buildShellCmd (line 126) | def buildShellCmd(realCmd, varsDict):
method executeCmd (line 149) | def executeCmd(realCmd, timeout=60, shell=True, output=False, tout_kil...
method wait_for (line 284) | def wait_for(cond, timeout, interval=None):
method pid_exists (line 327) | def pid_exists(pid):
method pid_exists (line 340) | def pid_exists(pid):
method load_python_module (line 353) | def load_python_module(pythonModule):
FILE: fail2ban/setup.py
function updatePyExec (line 27) | def updatePyExec(bindir, executable=None):
FILE: fail2ban/tests/action_d/test_smtp.py
class _SMTPActionTestCase (line 32) | class _SMTPActionTestCase():
method _reset_smtpd (line 34) | def _reset_smtpd(self):
method _exec_and_wait (line 39) | def _exec_and_wait(self, doaction, timeout=3, short=False):
method testStart (line 45) | def testStart(self):
method testStop (line 54) | def testStop(self):
method _testBan (line 62) | def _testBan(self, restored=False):
method testBan (line 97) | def testBan(self):
method testNOPByRestored (line 100) | def testNOPByRestored(self):
method testOptions (line 103) | def testOptions(self):
class TestSMTPServer (line 120) | class TestSMTPServer(smtpd.SMTPServer):
method __init__ (line 122) | def __init__(self, *args):
method process_message (line 126) | def process_message(self, peer, mailfrom, rcpttos, data, **kwargs):
class SMTPActionTest (line 136) | class SMTPActionTest(unittest.TestCase, _SMTPActionTestCase):
method setUpClass (line 138) | def setUpClass():
method tearDownClass (line 153) | def tearDownClass():
method setUp (line 160) | def setUp(self):
method tearDown (line 173) | def tearDown(self):
class TestSMTPHandler (line 190) | class TestSMTPHandler:
method __init__ (line 191) | def __init__(self, *args):
method handle_DATA (line 194) | async def handle_DATA(self, server, session, envelope):
method handle_exception (line 204) | async def handle_exception(self, error):
class AIOSMTPActionTest (line 209) | class AIOSMTPActionTest(unittest.TestCase, _SMTPActionTestCase):
method create_temp_self_signed_cert (line 212) | def create_temp_self_signed_cert(cls):
method _del_cert (line 257) | def _del_cert(cls):
method _free_port (line 266) | def _free_port():
method setUpClass (line 271) | def setUpClass():
method tearDownClass (line 287) | def tearDownClass():
method setUp (line 293) | def setUp(self):
method tearDown (line 309) | def tearDown(self):
FILE: fail2ban/tests/actionstestcase.py
class ExecuteActions (line 39) | class ExecuteActions(LogCaptureTestCase):
method setUp (line 41) | def setUp(self):
method tearDown (line 47) | def tearDown(self):
method defaultAction (line 50) | def defaultAction(self, o={}):
method testActionsAddDuplicateName (line 61) | def testActionsAddDuplicateName(self):
method testActionsManipulation (line 65) | def testActionsManipulation(self):
method testAddBannedIP (line 80) | def testAddBannedIP(self):
method testActionsOutput (line 90) | def testActionsOutput(self):
method testAddActionPython (line 102) | def testAddActionPython(self):
method testAddPythonActionNOK (line 133) | def testAddPythonActionNOK(self):
method testBanActionsAInfo (line 152) | def testBanActionsAInfo(self):
method testUnbanOnBusyBanBombing (line 178) | def testUnbanOnBusyBanBombing(self):
method testActionsConsistencyCheck (line 215) | def testActionsConsistencyCheck(self):
method testActionsConsistencyCheckDiffFam (line 293) | def testActionsConsistencyCheckDiffFam(self):
method testActionsRebanBrokenAfterRepair (line 409) | def testActionsRebanBrokenAfterRepair(self, tmp):
FILE: fail2ban/tests/actiontestcase.py
class CommandActionTest (line 40) | class CommandActionTest(LogCaptureTestCase):
method setUp (line 42) | def setUp(self):
method tearDown (line 54) | def tearDown(self):
method testSubstituteRecursiveTags (line 60) | def testSubstituteRecursiveTags(self):
method testSubstRec_DontTouchUnusedCallable (line 159) | def testSubstRec_DontTouchUnusedCallable(self):
method testReplaceTag (line 190) | def testReplaceTag(self):
method testReplaceNoTag (line 230) | def testReplaceNoTag(self):
method testReplaceTagSelfRecursion (line 237) | def testReplaceTagSelfRecursion(self):
method testReplaceTagConditionalCached (line 257) | def testReplaceTagConditionalCached(self):
method testExecuteActionBan (line 299) | def testExecuteActionBan(self, tmp):
method testExecuteActionEmptyUnban (line 324) | def testExecuteActionEmptyUnban(self):
method testExecuteActionStartCtags (line 345) | def testExecuteActionStartCtags(self, tmp):
method testExecuteActionCheckRestoreEnvironment (line 355) | def testExecuteActionCheckRestoreEnvironment(self, tmp):
method testExecuteActionCheckOnBanFailure (line 374) | def testExecuteActionCheckOnBanFailure(self, tmp):
method testExecuteActionCheckRepairEnvironment (line 413) | def testExecuteActionCheckRepairEnvironment(self, tmp):
method testExecuteActionChangeCtags (line 432) | def testExecuteActionChangeCtags(self):
method testExecuteActionUnbanAinfo (line 437) | def testExecuteActionUnbanAinfo(self):
method testExecuteActionStartEmpty (line 457) | def testExecuteActionStartEmpty(self):
method testExecuteWithVars (line 467) | def testExecuteWithVars(self):
method testExecuteReplaceEscapeWithVars (line 484) | def testExecuteReplaceEscapeWithVars(self):
method testExecuteIncorrectCmd (line 512) | def testExecuteIncorrectCmd(self):
method testExecuteTimeout (line 516) | def testExecuteTimeout(self):
method testExecuteTimeoutWithNastyChildren (line 527) | def testExecuteTimeoutWithNastyChildren(self):
method testCaptureStdOutErr (line 588) | def testCaptureStdOutErr(self):
method testCallingMap (line 596) | def testCallingMap(self):
method testCallingMapModify (line 607) | def testCallingMapModify(self):
method testCallingMapRep (line 642) | def testCallingMapRep(self):
method testActionsIdleMode (line 665) | def testActionsIdleMode(self):
FILE: fail2ban/tests/banmanagertestcase.py
class AddFailure (line 35) | class AddFailure(unittest.TestCase):
method setUp (line 36) | def setUp(self):
method tearDown (line 43) | def tearDown(self):
method testAdd (line 48) | def testAdd(self):
method testAddDuplicate (line 55) | def testAddDuplicate(self):
method testAddDuplicateWithTime (line 60) | def testAddDuplicateWithTime(self):
method testInListOK (line 92) | def testInListOK(self):
method testInListNOK (line 97) | def testInListNOK(self):
method testBanTimeIncr (line 102) | def testBanTimeIncr(self):
method testUnban (line 121) | def testUnban(self):
method testUnbanPermanent (line 147) | def testUnbanPermanent(self):
method testBanList (line 158) | def testBanList(self):
class StatusExtendedCymruInfo (line 174) | class StatusExtendedCymruInfo(unittest.TestCase):
method setUp (line 175) | def setUp(self):
method tearDown (line 188) | def tearDown(self):
method _getBanListExtendedCymruInfo (line 195) | def _getBanListExtendedCymruInfo(self):
method testCymruInfo (line 208) | def testCymruInfo(self):
method testCymruInfoASN (line 215) | def testCymruInfoASN(self):
method testCymruInfoCountry (line 220) | def testCymruInfoCountry(self):
method testCymruInfoRIR (line 225) | def testCymruInfoRIR(self):
method testCymruInfoNxdomain (line 230) | def testCymruInfoNxdomain(self):
FILE: fail2ban/tests/clientbeautifiertestcase.py
class BeautifierTest (line 31) | class BeautifierTest(unittest.TestCase):
method setUp (line 33) | def setUp(self):
method tearDown (line 39) | def tearDown(self):
method testGetInputCmd (line 43) | def testGetInputCmd(self):
method testPing (line 48) | def testPing(self):
method testVersion (line 52) | def testVersion(self):
method testAddJail (line 56) | def testAddJail(self):
method testStartJail (line 60) | def testStartJail(self):
method testStopJail (line 64) | def testStopJail(self):
method testShutdown (line 68) | def testShutdown(self):
method testStatus (line 72) | def testStatus(self):
method testStatusStats (line 172) | def testStatusStats(self):
method testFlushLogs (line 196) | def testFlushLogs(self):
method testSyslogSocket (line 200) | def testSyslogSocket(self):
method testLogTarget (line 205) | def testLogTarget(self):
method testLogLevel (line 210) | def testLogLevel(self):
method testDbFile (line 215) | def testDbFile(self):
method testDbPurgeAge (line 222) | def testDbPurgeAge(self):
method testLogPath (line 228) | def testLogPath(self):
method testLogEncoding (line 247) | def testLogEncoding(self):
method testJournalMatch (line 252) | def testJournalMatch(self):
method testDatePattern (line 270) | def testDatePattern(self):
method testIgnoreIP (line 281) | def testIgnoreIP(self):
method testIgnoreIPFile (line 300) | def testIgnoreIPFile(self):
method testFailRegex (line 307) | def testFailRegex(self):
method testActions (line 316) | def testActions(self):
method testActionProperties (line 325) | def testActionProperties(self):
method testActionMethods (line 335) | def testActionMethods(self):
method testBeautifyError (line 348) | def testBeautifyError(self):
FILE: fail2ban/tests/clientreadertestcase.py
class ConfigReaderTest (line 53) | class ConfigReaderTest(unittest.TestCase):
method setUp (line 55) | def setUp(self):
method tearDown (line 61) | def tearDown(self):
method _write (line 66) | def _write(self, fname, value=None, content=None):
method _remove (line 83) | def _remove(self, fname):
method _getoption (line 87) | def _getoption(self, f='c'):
method testConvert (line 91) | def testConvert(self):
method testInaccessibleFile (line 106) | def testInaccessibleFile(self):
method testOptionalDotDDir (line 119) | def testOptionalDotDDir(self):
method testLocalInIncludes (line 145) | def testLocalInIncludes(self):
method testInterpolations (line 193) | def testInterpolations(self):
method testComments (line 216) | def testComments(self):
method testTargetedSectionOptions (line 228) | def testTargetedSectionOptions(self):
class JailReaderTest (line 263) | class JailReaderTest(LogCaptureTestCase):
method __init__ (line 265) | def __init__(self, *args, **kwargs):
method testSplitWithOptions (line 268) | def testSplitWithOptions(self):
method testIncorrectJail (line 279) | def testIncorrectJail(self):
method testJailActionEmpty (line 283) | def testJailActionEmpty(self):
method testJailActionFilterMissing (line 291) | def testJailActionFilterMissing(self):
method testJailActionBrokenDef (line 299) | def testJailActionBrokenDef(self):
method testJailLogTimeZone (line 307) | def testJailLogTimeZone(self):
method testJailFilterBrokenDef (line 315) | def testJailFilterBrokenDef(self):
method testStockSSHJail (line 323) | def testStockSSHJail(self):
method testOverrideFilterOptInJail (line 333) | def testOverrideFilterOptInJail(self):
method testLogTypeOfBackendInJail (line 359) | def testLogTypeOfBackendInJail(self):
method testSplitOption (line 374) | def testSplitOption(self):
method testMultiLineOption (line 427) | def testMultiLineOption(self):
method testVersionAgent (line 451) | def testVersionAgent(self):
method testGlob (line 485) | def testGlob(self, d):
method testCommonFunction (line 501) | def testCommonFunction(self):
class FilterReaderTest (line 512) | class FilterReaderTest(LogCaptureTestCase):
method testConvert (line 514) | def testConvert(self):
method testConvertOptions (line 558) | def testConvertOptions(self):
method testFilterReaderSubstitutionDefault (line 567) | def testFilterReaderSubstitutionDefault(self):
method testFilterReaderSubstKnown (line 576) | def testFilterReaderSubstKnown(self):
method testFilterReaderSubstitutionSet (line 587) | def testFilterReaderSubstitutionSet(self):
method testFilterReaderSubstitutionKnown (line 596) | def testFilterReaderSubstitutionKnown(self):
method testFilterReaderSubstitutionSection (line 607) | def testFilterReaderSubstitutionSection(self):
method testFilterReaderSubstitutionFail (line 618) | def testFilterReaderSubstitutionFail(self):
method testFilterReaderExplicit (line 632) | def testFilterReaderExplicit(self):
class JailsReaderTestCache (line 650) | class JailsReaderTestCache(LogCaptureTestCase):
method _readWholeConf (line 652) | def _readWholeConf(self, basedir, force_enable=False, share_config=None):
method _getLoggedReadCount (line 662) | def _getLoggedReadCount(self, filematch):
method testTestJailConfCache (line 670) | def testTestJailConfCache(self, basedir):
class JailsReaderTest (line 708) | class JailsReaderTest(LogCaptureTestCase):
method __init__ (line 710) | def __init__(self, *args, **kwargs):
method testProvidingBadBasedir (line 713) | def testProvidingBadBasedir(self):
method testReadTestJailConf (line 718) | def testReadTestJailConf(self):
method testReadStockActionConf (line 784) | def testReadStockActionConf(self):
method testReadStockJailConf (line 811) | def testReadStockJailConf(self):
method testReadStockJailFilterComplete (line 874) | def testReadStockJailFilterComplete(self):
method testReadStockJailConfForceEnabled (line 893) | def testReadStockJailConfForceEnabled(self):
method testStockConfigurator (line 956) | def testStockConfigurator(self):
method testMultipleSameAction (line 1009) | def testMultipleSameAction(self, basedir):
method testLogPathFileFilterBackend (line 1038) | def testLogPathFileFilterBackend(self):
method testLogPathSkipJailIfNoLogs (line 1042) | def testLogPathSkipJailIfNoLogs(self):
method testLogPathSystemdBackend (line 1047) | def testLogPathSystemdBackend(self):
method _testLogPath (line 1056) | def _testLogPath(self, basedir, backend, skip_if_nologs=False):
FILE: fail2ban/tests/databasetestcase.py
function getFail2BanDb (line 48) | def getFail2BanDb(filename):
class DatabaseTest (line 54) | class DatabaseTest(LogCaptureTestCase):
method setUp (line 56) | def setUp(self):
method db (line 69) | def db(self):
method db (line 74) | def db(self, value):
method tearDown (line 79) | def tearDown(self):
method testGetFilename (line 88) | def testGetFilename(self):
method testPurgeAge (line 93) | def testPurgeAge(self):
method testCreateInvalidPath (line 100) | def testCreateInvalidPath(self):
method testCreateAndReconnect (line 106) | def testCreateAndReconnect(self):
method _mockupFailedDB (line 118) | def _mockupFailedDB(): # pragma: no cover -- only sqlite >= 3.42
method testRepairDb (line 136) | def testRepairDb(self):
method testUpdateDb (line 178) | def testUpdateDb(self):
method testUpdateDb2 (line 201) | def testUpdateDb2(self):
method testAddJail (line 234) | def testAddJail(self):
method _testAddLog (line 241) | def _testAddLog(self):
method testUpdateLog (line 253) | def testUpdateLog(self):
method testUpdateJournal (line 292) | def testUpdateJournal(self):
method testAddBan (line 301) | def testAddBan(self):
method testAddBanInvalidEncoded (line 311) | def testAddBanInvalidEncoded(self):
method _testAdd3Bans (line 371) | def _testAdd3Bans(self):
method testDelBan (line 380) | def testDelBan(self):
method testFlushBans (line 389) | def testFlushBans(self):
method testGetBansWithTime (line 395) | def testGetBansWithTime(self):
method testGetBansMerged_MaxMatches (line 407) | def testGetBansMerged_MaxMatches(self):
method testGetBansMerged (line 464) | def testGetBansMerged(self):
method testActionWithDB (line 569) | def testActionWithDB(self):
method testDelAndAddJail (line 590) | def testDelAndAddJail(self):
method testPurge (line 609) | def testPurge(self):
FILE: fail2ban/tests/datedetectortestcase.py
class DateDetectorTest (line 40) | class DateDetectorTest(LogCaptureTestCase):
method setUp (line 42) | def setUp(self):
method tearDown (line 48) | def tearDown(self):
method datedetector (line 54) | def datedetector(self):
method testGetEpochTime (line 60) | def testGetEpochTime(self):
method testGetEpochMsTime (line 81) | def testGetEpochMsTime(self):
method testGetEpochPattern (line 104) | def testGetEpochPattern(self):
method testGetEpochPatternCut (line 123) | def testGetEpochPatternCut(self):
method testGetTime (line 132) | def testGetTime(self):
method testDefaultTimeZone (line 143) | def testDefaultTimeZone(self):
method testVariousTimes (line 192) | def testVariousTimes(self):
method testAllUniqueTemplateNames (line 276) | def testAllUniqueTemplateNames(self):
method testFullYearMatch_gh130 (line 280) | def testFullYearMatch_gh130(self):
method testDateTemplate (line 300) | def testDateTemplate(self):
method testNotAnchoredCollision (line 342) | def testNotAnchoredCollision(self):
method testAmbiguousInOrderedTemplates (line 363) | def testAmbiguousInOrderedTemplates(self):
method testLowLevelLogging (line 388) | def testLowLevelLogging(self):
method testWrongTemplate (line 408) | def testWrongTemplate(self):
class CustomDateFormatsTest (line 420) | class CustomDateFormatsTest(unittest.TestCase):
method setUp (line 422) | def setUp(self):
method tearDown (line 427) | def tearDown(self):
method testIso8601 (line 432) | def testIso8601(self):
method testAmbiguousDatePattern (line 467) | def testAmbiguousDatePattern(self):
method testVariousFormatSpecs (line 548) | def testVariousFormatSpecs(self):
FILE: fail2ban/tests/dummyjail.py
class DummyActions (line 31) | class DummyActions(Actions):
method checkBan (line 32) | def checkBan(self):
class DummyJail (line 36) | class DummyJail(Jail):
method __init__ (line 39) | def __init__(self, name='DummyJail', backend=None):
method __len__ (line 45) | def __len__(self):
method isEmpty (line 49) | def isEmpty(self):
method isFilled (line 53) | def isFilled(self):
method hasFailTickets (line 58) | def hasFailTickets(self):
method putFailTicket (line 61) | def putFailTicket(self, ticket):
method getFailTicket (line 65) | def getFailTicket(self):
method idle (line 73) | def idle(self):
method idle (line 77) | def idle(self, value):
method actions (line 81) | def actions(self):
method isAlive (line 84) | def isAlive(self):
FILE: fail2ban/tests/fail2banclienttestcase.py
function _test_output (line 74) | def _test_output(*args):
function _time_shift (line 81) | def _time_shift(shift):
function _observer_wait_idle (line 89) | def _observer_wait_idle():
function _observer_wait_before_incrban (line 95) | def _observer_wait_before_incrban(cond, timeout=MID_WAITTIME):
class ExitException (line 116) | class ExitException(fail2bancmdline.ExitException):
class FailExitException (line 121) | class FailExitException(fail2bancmdline.ExitException):
function _test_input_command (line 132) | def _test_input_command(*args):
function _write_file (line 147) | def _write_file(fn, mode, *lines):
function _read_file (line 152) | def _read_file(fn):
function _start_params (line 162) | def _start_params(tmp, use_stock=False, use_stock_cfg=None,
function _inherited_log (line 247) | def _inherited_log(startparams):
function _get_pid_from_file (line 253) | def _get_pid_from_file(pidfile):
function _kill_srv (line 263) | def _kill_srv(pidfile):
function with_kill_srv (line 307) | def with_kill_srv(f):
function with_foreground_server_thread (line 321) | def with_foreground_server_thread(startextra={}):
class Fail2banClientServerBase (line 391) | class Fail2banClientServerBase(LogCaptureTestCase):
method _setLogLevel (line 395) | def _setLogLevel(self, *args, **kwargs):
method setUp (line 398) | def setUp(self):
method tearDown (line 406) | def tearDown(self):
method _test_exit (line 416) | def _test_exit(code=0):
method _wait_for_srv (line 422) | def _wait_for_srv(self, tmp, ready=True, startparams=None, phase=None):
method execCmd (line 452) | def execCmd(self, exitType, startparams, *args):
method execCmdDirect (line 456) | def execCmdDirect(self, startparams, *args):
method _testStartForeground (line 467) | def _testStartForeground(self, tmp, startparams, phase):
method testStartForeground (line 484) | def testStartForeground(self, tmp, startparams):
method testStartFailsInForeground (line 496) | def testStartFailsInForeground(self, tmp):
class Fail2banClientTest (line 528) | class Fail2banClientTest(Fail2banClientServerBase):
method testConsistency (line 532) | def testConsistency(self):
method testClientUsage (line 536) | def testClientUsage(self):
method testClientDump (line 551) | def testClientDump(self, tmp):
method testClientStartBackgroundInside (line 564) | def testClientStartBackgroundInside(self, tmp):
method testClientStartBackgroundCall (line 595) | def testClientStartBackgroundCall(self, tmp):
method testClientFailStart (line 686) | def testClientFailStart(self, tmp):
method testClientFailCommands (line 716) | def testClientFailCommands(self, tmp):
method testVisualWait (line 733) | def testVisualWait(self):
class Fail2banServerTest (line 745) | class Fail2banServerTest(Fail2banClientServerBase):
method testServerUsage (line 749) | def testServerUsage(self):
method testServerStartBackground (line 756) | def testServerStartBackground(self, tmp):
method testServerFailStart (line 781) | def testServerFailStart(self, tmp):
method testServerTestFailStart (line 801) | def testServerTestFailStart(self, tmp):
method testKillAfterStart (line 847) | def testKillAfterStart(self, tmp):
method testServerReloadTest (line 875) | def testServerReloadTest(self, tmp, startparams):
method testServerActions_NginxBlockMap (line 1388) | def testServerActions_NginxBlockMap(self, tmp, startparams):
method testServerJails_Sendmail (line 1488) | def testServerJails_Sendmail(self, tmp, startparams):
method testServerObserver (line 1569) | def testServerObserver(self, tmp, startparams):
method _testServerStartStop (line 1717) | def _testServerStartStop(self, tmp, startparams):
method testServerStartStop (line 1721) | def testServerStartStop(self):
FILE: fail2ban/tests/fail2banregextestcase.py
function _test_output (line 38) | def _test_output(*args):
function _Fail2banRegex (line 48) | def _Fail2banRegex(*args):
function _test_exec (line 56) | def _test_exec(*args):
class ExitException (line 60) | class ExitException(Exception):
method __init__ (line 61) | def __init__(self, code):
function _test_exec_command_line (line 65) | def _test_exec_command_line(*args):
function _reset (line 84) | def _reset():
class Fail2banRegexTest (line 125) | class Fail2banRegexTest(LogCaptureTestCase):
method setUp (line 127) | def setUp(self):
method tearDown (line 133) | def tearDown(self):
method testWrongRE (line 138) | def testWrongRE(self):
method testWrongIgnoreRE (line 151) | def testWrongIgnoreRE(self):
method testWrongFilterOptions (line 159) | def testWrongFilterOptions(self):
method testDirectFound (line 165) | def testDirectFound(self):
method testDirectNotFound (line 174) | def testDirectNotFound(self):
method testDirectIgnored (line 182) | def testDirectIgnored(self):
method testDirectRE_1 (line 191) | def testDirectRE_1(self):
method testDirectRE_1raw (line 205) | def testDirectRE_1raw(self):
method testDirectRE_1raw_noDns (line 213) | def testDirectRE_1raw_noDns(self):
method testDirectRE_2 (line 236) | def testDirectRE_2(self):
method testVerbose (line 244) | def testVerbose(self):
method testVerboseFullSshd (line 256) | def testVerboseFullSshd(self):
method testFastSshd (line 278) | def testFastSshd(self):
method testLoadFromJail (line 291) | def testLoadFromJail(self):
method testMultilineSshd (line 301) | def testMultilineSshd(self):
method testFullGeneric (line 313) | def testFullGeneric(self):
method testDirectMultilineBuf (line 334) | def testDirectMultilineBuf(self):
method testDirectMultilineBufDebuggex (line 349) | def testDirectMultilineBufDebuggex(self):
method testSinglelineWithNLinContent (line 359) | def testSinglelineWithNLinContent(self):
method testRegexEpochPatterns (line 368) | def testRegexEpochPatterns(self):
method testRegexSubnet (line 379) | def testRegexSubnet(self):
method testFrmtOutput (line 391) | def testFrmtOutput(self):
method testStalledIPByNoFailFrmtOutput (line 466) | def testStalledIPByNoFailFrmtOutput(self):
method testNoDateTime (line 503) | def testNoDateTime(self):
method testIncompleteDateTime (line 519) | def testIncompleteDateTime(self):
method testFrmtOutputWrapML (line 531) | def testFrmtOutputWrapML(self):
method testOutputNoPendingFailuresAfterGained (line 575) | def testOutputNoPendingFailuresAfterGained(self):
method testWrongFilterFile (line 597) | def testWrongFilterFile(self):
method testWrongChar (line 603) | def testWrongChar(self):
method testWrongCharDebuggex (line 618) | def testWrongCharDebuggex(self):
method testNLCharAsPartOfUniChar (line 632) | def testNLCharAsPartOfUniChar(self):
method testExecCmdLine_Usage (line 662) | def testExecCmdLine_Usage(self):
method testExecCmdLine_Direct (line 670) | def testExecCmdLine_Direct(self):
method testExecCmdLine_MissFailID (line 677) | def testExecCmdLine_MissFailID(self):
method testExecCmdLine_ErrorParam (line 684) | def testExecCmdLine_ErrorParam(self):
method testLogtypeSystemdJournal (line 697) | def testLogtypeSystemdJournal(self): # pragma: no cover
FILE: fail2ban/tests/failmanagertestcase.py
class AddFailure (line 35) | class AddFailure(unittest.TestCase):
method setUp (line 37) | def setUp(self):
method tearDown (line 43) | def tearDown(self):
method _addDefItems (line 47) | def _addDefItems(self):
method testFailManagerAdd (line 64) | def testFailManagerAdd(self):
method testFailManagerAdd_MaxMatches (line 72) | def testFailManagerAdd_MaxMatches(self):
method testFailManagerMaxTime (line 122) | def testFailManagerMaxTime(self):
method testDel (line 129) | def testDel(self):
method testCleanupOK (line 136) | def testCleanupOK(self):
method testCleanupNOK (line 142) | def testCleanupNOK(self):
method testbanOK (line 148) | def testbanOK(self):
method testbanNOK (line 175) | def testbanNOK(self):
method testWindow (line 180) | def testWindow(self):
method testBgService (line 188) | def testBgService(self):
class FailmanagerComplex (line 212) | class FailmanagerComplex(unittest.TestCase):
method setUp (line 214) | def setUp(self):
method tearDown (line 222) | def tearDown(self):
method _ip_range (line 228) | def _ip_range(maxips):
method testCheckIPGenerator (line 250) | def testCheckIPGenerator(self):
FILE: fail2ban/tests/files/action.d/action.py
class TestAction (line 5) | class TestAction(ActionBase):
method __init__ (line 7) | def __init__(self, jail, name, opt1, opt2=None):
method start (line 14) | def start(self):
method stop (line 17) | def stop(self):
method ban (line 20) | def ban(self, aInfo):
method unban (line 23) | def unban(self, aInfo):
method testmethod (line 26) | def testmethod(self, text):
FILE: fail2ban/tests/files/action.d/action_checkainfo.py
class TestAction (line 5) | class TestAction(ActionBase):
method ban (line 7) | def ban(self, aInfo):
method unban (line 15) | def unban(self, aInfo):
FILE: fail2ban/tests/files/action.d/action_errors.py
class TestAction (line 5) | class TestAction(ActionBase):
method __init__ (line 7) | def __init__(self, jail, name):
method start (line 10) | def start(self):
method stop (line 13) | def stop(self):
method ban (line 16) | def ban(self):
method unban (line 19) | def unban(self):
FILE: fail2ban/tests/files/action.d/action_modifyainfo.py
class TestAction (line 5) | class TestAction(ActionBase):
method ban (line 7) | def ban(self, aInfo):
method unban (line 11) | def unban(self, aInfo):
method flush (line 15) | def flush(self):
FILE: fail2ban/tests/files/action.d/action_noAction.py
class TestAction (line 5) | class TestAction(ActionBase):
FILE: fail2ban/tests/files/action.d/action_nomethod.py
class TestAction (line 2) | class TestAction():
method __init__ (line 4) | def __init__(self, jail, name):
method start (line 7) | def start(self):
FILE: fail2ban/tests/files/config/apache-auth/digest.py
function auth (line 14) | def auth(v):
function preauth (line 49) | def preauth():
FILE: fail2ban/tests/filtertestcase.py
function open (line 59) | def open(*args):
function _killfile (line 70) | def _killfile(f, name):
class _tmSerial (line 88) | class _tmSerial():
method _tm (line 94) | def _tm(time):
function _assert_equal_entries (line 116) | def _assert_equal_entries(utest, found, output, count=None):
function _ticket_tuple (line 141) | def _ticket_tuple(ticket):
function _assert_correct_last_attempt (line 151) | def _assert_correct_last_attempt(utest, filter_, output, count=None):
function _copy_lines_between_files (line 201) | def _copy_lines_between_files(in_, fout, n=None, skip=0, mode='a', termi...
function _copy_lines_to_journal (line 248) | def _copy_lines_to_journal(in_, fields={},n=None, skip=0, terminal_line=...
class BasicFilter (line 279) | class BasicFilter(unittest.TestCase):
method setUp (line 281) | def setUp(self):
method testGetSetUseDNS (line 285) | def testGetSetUseDNS(self):
method testGetSetDatePattern (line 293) | def testGetSetDatePattern(self):
method testGetSetLogTimeZone (line 301) | def testGetSetLogTimeZone(self):
method testAssertWrongTime (line 311) | def testAssertWrongTime(self):
method testTest_tm (line 319) | def testTest_tm(self):
method testWrongCharInTupleLine (line 327) | def testWrongCharInTupleLine(self):
class IgnoreIP (line 340) | class IgnoreIP(LogCaptureTestCase):
method setUp (line 342) | def setUp(self):
method testIgnoreSelfIP (line 349) | def testIgnoreSelfIP(self):
method testIgnoreIPOK (line 362) | def testIgnoreIPOK(self):
method testIgnoreIPNOK (line 369) | def testIgnoreIPNOK(self):
method testIgnoreIPCIDR (line 380) | def testIgnoreIPCIDR(self):
method testIgnoreIPMask (line 389) | def testIgnoreIPMask(self):
method testWrongIPMask (line 398) | def testWrongIPMask(self):
method testIgnoreIPDNS (line 402) | def testIgnoreIPDNS(self):
method testIgnoreIPFileIPAddr (line 467) | def testIgnoreIPFileIPAddr(self):
method testIgnoreInProcessLine (line 478) | def testIgnoreInProcessLine(self):
method _testTimeJump (line 489) | def _testTimeJump(self, inOperation=False):
method testTimeJump (line 526) | def testTimeJump(self):
method testTimeJump_InOperation (line 528) | def testTimeJump_InOperation(self):
method testWrongTimeOrTZ (line 531) | def testWrongTimeOrTZ(self):
method testAddAttempt (line 594) | def testAddAttempt(self):
method testIgnoreCommand (line 602) | def testIgnoreCommand(self):
method testIgnoreCommandForTicket (line 611) | def testIgnoreCommandForTicket(self):
method testIgnoreCache (line 629) | def testIgnoreCache(self):
method testIgnoreCauseOK (line 665) | def testIgnoreCauseOK(self):
method testIgnoreCauseNOK (line 671) | def testIgnoreCauseNOK(self):
class IgnoreIPDNS (line 676) | class IgnoreIPDNS(LogCaptureTestCase):
method setUp (line 678) | def setUp(self):
method testIgnoreIPDNS (line 685) | def testIgnoreIPDNS(self):
method testIgnoreCmdApacheFakegooglebot (line 715) | def testIgnoreCmdApacheFakegooglebot(self):
class LogFile (line 743) | class LogFile(LogCaptureTestCase):
method setUp (line 747) | def setUp(self):
method tearDown (line 750) | def tearDown(self):
method testMissingLogFiles (line 753) | def testMissingLogFiles(self):
method testDecodeLineWarn (line 757) | def testDecodeLineWarn(self):
class LogFileFilterPoll (line 771) | class LogFileFilterPoll(unittest.TestCase):
method setUp (line 775) | def setUp(self):
method tearDown (line 781) | def tearDown(self):
method testIsModified (line 788) | def testIsModified(self):
method testSeekToTimeSmallFile (line 792) | def testSeekToTimeSmallFile(self):
method testSeekToTimeLargeFile (line 878) | def testSeekToTimeLargeFile(self):
class LogFileMonitor (line 924) | class LogFileMonitor(LogCaptureTestCase):
method setUp (line 927) | def setUp(self):
method tearDown (line 939) | def tearDown(self):
method isModified (line 945) | def isModified(self, delay=2):
method notModified (line 950) | def notModified(self, delay=2):
method testUnaccessibleLogFile (line 955) | def testUnaccessibleLogFile(self):
method testNoLogFile (line 972) | def testNoLogFile(self):
method testErrorProcessLine (line 977) | def testErrorProcessLine(self):
method testRemovingFailRegex (line 1001) | def testRemovingFailRegex(self):
method testRemovingIgnoreRegex (line 1007) | def testRemovingIgnoreRegex(self):
method testNewChangeViaIsModified (line 1011) | def testNewChangeViaIsModified(self):
method testNewChangeViaGetFailures_simple (line 1041) | def testNewChangeViaGetFailures_simple(self):
method testNewChangeViaGetFailures_rewrite (line 1058) | def testNewChangeViaGetFailures_rewrite(self):
method testNewChangeViaGetFailures_move (line 1078) | def testNewChangeViaGetFailures_move(self):
class CommonMonitorTestCase (line 1098) | class CommonMonitorTestCase(unittest.TestCase):
method setUp (line 1100) | def setUp(self):
method tearDown (line 1105) | def tearDown(self):
method waitFailTotal (line 1109) | def waitFailTotal(self, count, delay=1):
method isFilled (line 1118) | def isFilled(self, delay=1):
method isEmpty (line 1123) | def isEmpty(self, delay=5):
method waitForTicks (line 1128) | def waitForTicks(self, ticks, delay=2):
method commonFltError (line 1134) | def commonFltError(self, reason="common", exc=None):
function get_monitor_failures_testcase (line 1145) | def get_monitor_failures_testcase(Filter_):
function get_monitor_failures_journal_testcase (line 1444) | def get_monitor_failures_journal_testcase(Filter_): # pragma: systemd no...
class GetFailures (line 1778) | class GetFailures(LogCaptureTestCase):
method setUp (line 1791) | def setUp(self):
method tearDown (line 1804) | def tearDown(self):
method testFilterAPI (line 1809) | def testFilterAPI(self):
method testTail (line 1819) | def testTail(self):
method testNoLogAdded (line 1829) | def testNoLogAdded(self):
method testGetFailures01 (line 1839) | def testGetFailures01(self, filename=None, failures=None):
method testCRLFFailures01 (line 1848) | def testCRLFFailures01(self):
method testNLCharAsPartOfUniChar (line 1864) | def testNLCharAsPartOfUniChar(self):
method testGetFailures02 (line 1895) | def testGetFailures02(self):
method testGetFailures03 (line 1906) | def testGetFailures03(self):
method testGetFailures03_InOperation (line 1915) | def testGetFailures03_InOperation(self):
method testGetFailures03_Seek1 (line 1924) | def testGetFailures03_Seek1(self):
method testGetFailures03_Seek2 (line 1933) | def testGetFailures03_Seek2(self):
method testGetFailures04 (line 1943) | def testGetFailures04(self):
method testGetFailuresWrongChar (line 1964) | def testGetFailuresWrongChar(self):
method testGetFailuresUseDNS (line 2004) | def testGetFailuresUseDNS(self):
method testGetFailuresMultiRegex (line 2047) | def testGetFailuresMultiRegex(self):
method testGetFailuresIgnoreRegex (line 2059) | def testGetFailuresIgnoreRegex(self):
method testGetFailuresMultiLine (line 2069) | def testGetFailuresMultiLine(self):
method testGetFailuresMultiLineIgnoreRegex (line 2084) | def testGetFailuresMultiLineIgnoreRegex(self):
method testGetFailuresMultiLineMultiRegex (line 2101) | def testGetFailuresMultiLineMultiRegex(self):
class DNSUtilsTests (line 2121) | class DNSUtilsTests(unittest.TestCase):
method testCache (line 2123) | def testCache(self):
method testCacheMaxSize (line 2136) | def testCacheMaxSize(self):
method testCacheMaxTime (line 2152) | def testCacheMaxTime(self):
method testOverflowedIPCache (line 2167) | def testOverflowedIPCache(self):
class DNSUtilsNetworkTests (line 2207) | class DNSUtilsNetworkTests(unittest.TestCase):
method setUp (line 2209) | def setUp(self):
method test_IPAddr (line 2220) | def test_IPAddr(self):
method test_IPAddr_Raw (line 2244) | def test_IPAddr_Raw(self):
method testUseDns (line 2278) | def testUseDns(self):
method testTextToIp (line 2289) | def testTextToIp(self):
method testIpToIp (line 2305) | def testIpToIp(self):
method testIpToName (line 2314) | def testIpToName(self):
method testAddr2bin (line 2330) | def testAddr2bin(self):
method testIPAddr_Equal6 (line 2353) | def testIPAddr_Equal6(self):
method testIPAddr_InInet (line 2364) | def testIPAddr_InInet(self):
method testIPAddr_Compare (line 2397) | def testIPAddr_Compare(self):
method testIPAddr_CIDR (line 2442) | def testIPAddr_CIDR(self):
method testIPAddr_CIDR_Wrong (line 2466) | def testIPAddr_CIDR_Wrong(self):
method testIPAddr_CIDR_Repr (line 2474) | def testIPAddr_CIDR_Repr(self):
method testIPAddr_CompareDNS (line 2479) | def testIPAddr_CompareDNS(self):
method testIPAddr_wrongDNS_IP (line 2486) | def testIPAddr_wrongDNS_IP(self):
method testIPAddr_Cached (line 2491) | def testIPAddr_Cached(self):
method test_NetworkInterfacesAddrs (line 2498) | def test_NetworkInterfacesAddrs(self):
method test_IPAddrSet (line 2510) | def test_IPAddrSet(self):
method test_FileIPAddrSet (line 2543) | def test_FileIPAddrSet(self):
method test_FileIPAddrSet_Update (line 2549) | def test_FileIPAddrSet_Update(self):
method testFQDN (line 2600) | def testFQDN(self):
method testFQDN_DNS (line 2614) | def testFQDN_DNS(self):
class JailTests (line 2619) | class JailTests(unittest.TestCase):
method testSetBackend_gh83 (line 2621) | def testSetBackend_gh83(self):
FILE: fail2ban/tests/misctestcase.py
class HelpersTest (line 41) | class HelpersTest(unittest.TestCase):
method testFormatExceptionInfoBasic (line 43) | def testFormatExceptionInfoBasic(self):
method testFormatExceptionConvertArgs (line 51) | def testFormatExceptionConvertArgs(self):
method testsplitwords (line 60) | def testsplitwords(self):
method testSplitNoComments (line 71) | def testSplitNoComments(self):
function _sh_call (line 82) | def _sh_call(cmd):
function _getSysPythonVersion (line 87) | def _getSysPythonVersion():
class SetupTest (line 91) | class SetupTest(unittest.TestCase):
method setUp (line 93) | def setUp(self):
method testSetupInstallDryRun (line 109) | def testSetupInstallDryRun(self):
method testSetupInstallRoot (line 125) | def testSetupInstallRoot(self):
class TestsUtilsTest (line 191) | class TestsUtilsTest(LogCaptureTestCase):
method testmbasename (line 193) | def testmbasename(self):
method testUniConverters (line 201) | def testUniConverters(self):
method testSafeLogging (line 208) | def testSafeLogging(self):
method testTraceBack (line 250) | def testTraceBack(self):
method _testAssertionErrorRE (line 282) | def _testAssertionErrorRE(self, regexp, fun, *args, **kwargs):
method testExtendedAssertRaisesRE (line 285) | def testExtendedAssertRaisesRE(self):
method testExtendedAssertMethods (line 307) | def testExtendedAssertMethods(self):
method testVerbosityFormat (line 409) | def testVerbosityFormat(self):
method testFormatterWithTraceBack (line 417) | def testFormatterWithTraceBack(self):
method testLazyLogging (line 437) | def testLazyLogging(self):
class MyTimeTest (line 445) | class MyTimeTest(unittest.TestCase):
method testStr2Seconds (line 447) | def testStr2Seconds(self):
method testSec2Str (line 461) | def testSec2Str(self):
FILE: fail2ban/tests/observertestcase.py
class BanTimeIncr (line 44) | class BanTimeIncr(LogCaptureTestCase):
method setUp (line 46) | def setUp(self):
method tearDown (line 53) | def tearDown(self):
method calcBanTime (line 56) | def calcBanTime(self, banTime, banCount):
method testDefault (line 59) | def testDefault(self, multipliers = None):
method testMultipliers (line 122) | def testMultipliers(self):
method testFormula (line 128) | def testFormula(self):
class BanTimeIncrDB (line 179) | class BanTimeIncrDB(LogCaptureTestCase):
method setUp (line 181) | def setUp(self):
method tearDown (line 197) | def tearDown(self):
method incrBanTime (line 207) | def incrBanTime(self, ticket, banTime=None):
method testBanTimeIncr (line 217) | def testBanTimeIncr(self):
method testObserver (line 450) | def testObserver(self):
class ObserverTest (line 571) | class ObserverTest(LogCaptureTestCase):
method setUp (line 573) | def setUp(self):
method tearDown (line 577) | def tearDown(self):
method testObserverBanTimeIncr (line 581) | def testObserverBanTimeIncr(self):
class _BadObserver (line 612) | class _BadObserver(ObserverThread):
method run (line 613) | def run(self):
method testObserverBadRun (line 616) | def testObserverBadRun(self):
FILE: fail2ban/tests/samplestestcase.py
class FilterSamplesRegex (line 49) | class FilterSamplesRegex(unittest.TestCase):
method setUp (line 51) | def setUp(self):
method tearDown (line 58) | def tearDown(self):
method testFiltersPresent (line 63) | def testFiltersPresent(self):
method testReWrongGreedyCatchAll (line 71) | def testReWrongGreedyCatchAll(self):
method _readFilter (line 85) | def _readFilter(self, fltName, name, basedir, opts=None):
method _filterOptions (line 139) | def _filterOptions(opts):
function testSampleRegexsFactory (line 142) | def testSampleRegexsFactory(name, basedir):
FILE: fail2ban/tests/servertestcase.py
class TestServer (line 59) | class TestServer(Server):
method setLogLevel (line 60) | def setLogLevel(self, *args, **kwargs):
method setLogTarget (line 63) | def setLogTarget(self, *args, **kwargs):
class TransmitterBase (line 67) | class TransmitterBase(LogCaptureTestCase):
method setUp (line 71) | def setUp(self):
method tearDown (line 81) | def tearDown(self):
method setGetTest (line 87) | def setGetTest(self, cmd, inValue, outValue=(None,), outCode=0, jail=N...
method setGetTestNOK (line 109) | def setGetTestNOK(self, cmd, inValue, jail=None):
method jailAddDelTest (line 122) | def jailAddDelTest(self, cmd, values, jail):
method jailAddDelRegexTest (line 139) | def jailAddDelRegexTest(self, cmd, inValues, outValues, jail):
class Transmitter (line 161) | class Transmitter(TransmitterBase):
method testServerIsNotStarted (line 163) | def testServerIsNotStarted(self):
method testStopServer (line 168) | def testStopServer(self):
method testPing (line 171) | def testPing(self):
method testVersion (line 174) | def testVersion(self):
method testSetIPv6 (line 177) | def testSetIPv6(self):
method testSleep (line 190) | def testSleep(self):
method testDatabase (line 201) | def testDatabase(self):
method testAddJail (line 249) | def testAddJail(self):
method testStartStopJail (line 267) | def testStartStopJail(self):
method testStartStopAllJail (line 279) | def testStartStopAllJail(self):
method testJailIdle (line 297) | def testJailIdle(self):
method testJailFindTime (line 308) | def testJailFindTime(self):
method testJailBanTime (line 315) | def testJailBanTime(self):
method testDatePattern (line 322) | def testDatePattern(self):
method testLogTimeZone (line 334) | def testLogTimeZone(self):
method testJailUseDNS (line 338) | def testJailUseDNS(self):
method testJailBanIP (line 349) | def testJailBanIP(self):
method testJailAttemptIP (line 378) | def testJailAttemptIP(self):
method testJailBanList (line 405) | def testJailBanList(self):
method testJailMaxMatches (line 448) | def testJailMaxMatches(self):
method testJailMaxRetry (line 454) | def testJailMaxRetry(self):
method testJailMaxLines (line 460) | def testJailMaxLines(self):
method testJailLogEncoding (line 466) | def testJailLogEncoding(self):
method testJailLogPath (line 473) | def testJailLogPath(self):
method testJailLogPathInvalidFile (line 515) | def testJailLogPathInvalidFile(self):
method testJailLogPathBrokenSymlink (line 522) | def testJailLogPathBrokenSymlink(self):
method testJailIgnoreIP (line 532) | def testJailIgnoreIP(self):
method testJailIgnoreCommand (line 569) | def testJailIgnoreCommand(self):
method testJailIgnoreCache (line 572) | def testJailIgnoreCache(self):
method testJailPrefRegex (line 579) | def testJailPrefRegex(self):
method testJailRegex (line 582) | def testJailRegex(self):
method testJailIgnoreRegex (line 606) | def testJailIgnoreRegex(self):
method testStatus (line 643) | def testStatus(self):
method testJailStatus (line 661) | def testJailStatus(self):
method testJailStatusBasic (line 666) | def testJailStatusBasic(self):
method testJailStatusBasicKwarg (line 671) | def testJailStatusBasicKwarg(self):
method testJailStatusCymru (line 676) | def testJailStatusCymru(self):
method testAction (line 706) | def testAction(self):
method testPythonActionMethodsAndProperties (line 766) | def testPythonActionMethodsAndProperties(self):
method testNOK (line 802) | def testNOK(self):
method testSetNOK (line 805) | def testSetNOK(self):
method testGetNOK (line 809) | def testGetNOK(self):
method testStatusNOK (line 813) | def testStatusNOK(self):
method testJournalMatch (line 817) | def testJournalMatch(self): # pragma: systemd no cover
method testJournalFlagsMatch (line 888) | def testJournalFlagsMatch(self): # pragma: systemd no cover
class TransmitterLogging (line 911) | class TransmitterLogging(TransmitterBase):
method setUp (line 915) | def setUp(self):
method testLogTarget (line 921) | def testLogTarget(self):
method testLogTargetSYSLOG (line 941) | def testLogTargetSYSLOG(self):
method testSyslogSocket (line 948) | def testSyslogSocket(self):
method testSyslogSocketNOK (line 951) | def testSyslogSocketNOK(self):
method testLogLevel (line 966) | def testLogLevel(self):
method testFlushLogs (line 979) | def testFlushLogs(self):
method testBanTimeIncr (line 1027) | def testBanTimeIncr(self):
class JailTests (line 1037) | class JailTests(unittest.TestCase):
method testLongName (line 1039) | def testLongName(self):
class RegexTests (line 1046) | class RegexTests(unittest.TestCase):
method testInit (line 1048) | def testInit(self):
method testStr (line 1054) | def testStr(self):
method testHost (line 1060) | def testHost(self):
class _BadThread (line 1131) | class _BadThread(JailThread):
method run (line 1132) | def run(self):
class LoggingTests (line 1136) | class LoggingTests(LogCaptureTestCase):
method testGetF2BLogger (line 1138) | def testGetF2BLogger(self):
method testFail2BanExceptHook (line 1143) | def testFail2BanExceptHook(self):
method testStartFailedSockExists (line 1158) | def testStartFailedSockExists(self):
class ServerConfigReaderTests (line 1180) | class ServerConfigReaderTests(LogCaptureTestCase):
method __init__ (line 1182) | def __init__(self, *args, **kwargs):
method setUp (line 1186) | def setUp(self):
method tearDown (line 1191) | def tearDown(self):
method _executeCmd (line 1195) | def _executeCmd(self, realCmd, timeout=60):
method _testActionInfos (line 1203) | def _testActionInfos(self):
method _testExecActions (line 1213) | def _testExecActions(self, server):
method testCheckStockJailActions (line 1247) | def testCheckStockJailActions(self):
method getDefaultJailStream (line 1298) | def getDefaultJailStream(self, jail, act):
method testCheckStockAllActions (line 1313) | def testCheckStockAllActions(self):
method testCheckStockCommandActions (line 1333) | def testCheckStockCommandActions(self):
method _executeMailCmd (line 2256) | def _executeMailCmd(self, realCmd, timeout=60):
method testComplexMailActionMultiLog (line 2274) | def testComplexMailActionMultiLog(self):
FILE: fail2ban/tests/sockettestcase.py
function TestMsgError (line 44) | def TestMsgError(*args):
class TestMsg (line 46) | class TestMsg(object):
method __init__ (line 47) | def __init__(self, unpickle=(TestMsgError, ())):
method __reduce__ (line 49) | def __reduce__(self):
class Socket (line 53) | class Socket(LogCaptureTestCase):
method setUp (line 55) | def setUp(self):
method tearDown (line 65) | def tearDown(self):
method proceed (line 73) | def proceed(message):
method _createServerThread (line 77) | def _createServerThread(self, force=False):
method _stopServerThread (line 86) | def _stopServerThread(self):
method testStopPerCloseUnexpected (line 93) | def testStopPerCloseUnexpected(self):
method _serverSocket (line 106) | def _serverSocket(self):
method testSocket (line 112) | def testSocket(self):
method testSocketConnectBroken (line 145) | def testSocketConnectBroken(self):
method testStopByCommunicate (line 160) | def testStopByCommunicate(self):
method testLoopErrors (line 184) | def testLoopErrors(self):
method testSocketForce (line 206) | def testSocketForce(self):
class ClientMisc (line 223) | class ClientMisc(LogCaptureTestCase):
method testErrorsInLoop (line 225) | def testErrorsInLoop(self):
method testPrintFormattedAndWiki (line 238) | def testPrintFormattedAndWiki(self):
FILE: fail2ban/tests/tickettestcase.py
class TicketTests (line 31) | class TicketTests(unittest.TestCase):
method testTicket (line 33) | def testTicket(self):
method testDiffIDAndIPTicket (line 121) | def testDiffIDAndIPTicket(self):
method testTicketFlags (line 132) | def testTicketFlags(self):
method testTicketData (line 150) | def testTicketData(self):
FILE: fail2ban/tests/utils.py
class DefaultTestOptions (line 71) | class DefaultTestOptions(optparse.Values):
method __init__ (line 72) | def __init__(self):
function getOptParser (line 83) | def getOptParser(doc=""):
function initProcess (line 124) | def initProcess(opts):
class F2B (line 177) | class F2B(DefaultTestOptions):
method __init__ (line 182) | def __init__(self, opts):
method SkipIfFast (line 187) | def SkipIfFast(self):
method SkipIfNoNetwork (line 189) | def SkipIfNoNetwork(self):
method SkipIfCfgMissing (line 192) | def SkipIfCfgMissing(self, **kwargs):
method skip_if_cfg_missing (line 205) | def skip_if_cfg_missing(self, **decargs):
method maxWaitTime (line 216) | def maxWaitTime(self, wtime=True):
function with_tmpdir (line 226) | def with_tmpdir(f):
function with_alt_time (line 242) | def with_alt_time(f):
function initTests (line 254) | def initTests(opts):
function mtimesleep (line 346) | def mtimesleep():
function setUpMyTime (line 354) | def setUpMyTime():
function tearDownMyTime (line 360) | def tearDownMyTime():
function gatherTests (line 364) | def gatherTests(regexps=None, opts=None):
function assertDictEqual (line 532) | def assertDictEqual(self, d1, d2, msg=None):
function assertSortedEqual (line 544) | def assertSortedEqual(self, a, b, level=1, nestedOnly=False, key=repr, m...
function assertIn (line 600) | def assertIn(self, a, b, msg=None):
function assertNotIn (line 611) | def assertNotIn(self, a, b, msg=None):
function _customSetUp (line 624) | def _customSetUp(self):
function _customTearDown (line 635) | def _customTearDown(self):
class LogCaptureTestCase (line 643) | class LogCaptureTestCase(unittest.TestCase):
class _MemHandler (line 645) | class _MemHandler(logging.Handler):
method __init__ (line 654) | def __init__(self, lazy=True):
method truncate (line 665) | def truncate(self, size=None):
method __write (line 675) | def __write(self, record):
method getvalue (line 685) | def getvalue(self):
method handle (line 719) | def handle(self, record): # pragma: no cover
method _handle_lazy (line 726) | def _handle_lazy(self, record):
method setUp (line 733) | def setUp(self):
method tearDown (line 749) | def tearDown(self):
method _is_logged (line 758) | def _is_logged(self, *s, **kwargs):
method assertLogged (line 774) | def assertLogged(self, *s, **kwargs):
method assertNotLogged (line 807) | def assertNotLogged(self, *s, **kwargs):
method pruneLog (line 828) | def pruneLog(self, logphase=None):
method getLog (line 833) | def getLog(self):
method dumpFile (line 837) | def dumpFile(fn, handle=logSys.debug):
FILE: fail2ban/version.py
function normVersion (line 29) | def normVersion():
FILE: setup.py
class install_scripts_f2b (line 50) | class install_scripts_f2b(install_scripts):
method get_outputs (line 52) | def get_outputs(self):
method update_scripts (line 72) | def update_scripts(self, dry_run=False):
class install_command_f2b (line 105) | class install_command_f2b(install):
method initialize_options (line 109) | def initialize_options(self):
method finalize_options (line 112) | def finalize_options(self):
method run (line 121) | def run(self):
Condensed preview — 521 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (2,503K chars).
[
{
"path": ".codespellrc",
"chars": 678,
"preview": "[codespell]\n# THANKS - names\nskip = .git,*.pdf,*.svg,venv,.codespellrc,.typos.toml,THANKS,*test*.log,logs\ncheck-hidden ="
},
{
"path": ".coveragerc",
"chars": 169,
"preview": "\n[run]\nbranch = True\nsource =\n config\n fail2ban\n\n[report]\nexclude_lines =\n pragma: ?no ?cover\n pragma: ?${F2"
},
{
"path": ".gitattributes",
"chars": 37,
"preview": "ChangeLog linguist-language=Markdown\n"
},
{
"path": ".github/FUNDING.yml",
"chars": 117,
"preview": "# These are supported funding model platforms\n\ngithub: [sebres]\ncustom: [https://paypal.me/sebres]\nliberapay: sebres\n"
},
{
"path": ".github/ISSUE_TEMPLATE/bug_report.md",
"chars": 2320,
"preview": "---\nname: Bug report\nabout: Report a bug within the fail2ban engines (not filters or jails)\ntitle: '[BR]: '\nlabels: bug\n"
},
{
"path": ".github/ISSUE_TEMPLATE/feature_request.md",
"chars": 944,
"preview": "---\nname: Feature request\nabout: Suggest an idea or an enhancement for this project\ntitle: '[RFE]: '\nlabels: enhancement"
},
{
"path": ".github/ISSUE_TEMPLATE/filter_request.md",
"chars": 1706,
"preview": "---\nname: Filter request\nabout: Request a new jail or filter to be supported or existing filter extended with new failre"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"chars": 598,
"preview": "Before submitting your PR, please review the following checklist:\n\n- [ ] **CONSIDER adding a unit test** if your PR reso"
},
{
"path": ".github/workflows/codespell.yml",
"chars": 355,
"preview": "---\nname: Codespell\n\non:\n push:\n branches: [master]\n pull_request:\n branches: [master]\n\npermissions:\n contents:"
},
{
"path": ".github/workflows/main.yml",
"chars": 4780,
"preview": "name: CI\n\n# Controls when the action will run. Triggers the workflow on push or pull request\n# events but only for the m"
},
{
"path": ".github/workflows/publish.yml",
"chars": 878,
"preview": "name: Upload Package to PyPI\n\non:\n workflow_dispatch:\n release:\n types: [created]\n\njobs:\n pypi-publish:\n name: "
},
{
"path": ".gitignore",
"chars": 93,
"preview": "*~\nbuild\ndist\n*.pyc\nhtmlcov\n.coverage\n*.orig\n*.rej\n*.bak\n__pycache__\n.vagrant/\n.idea/\n.venv/\n"
},
{
"path": ".mailmap",
"chars": 205,
"preview": "Lee Clemens <java@leeclemens.net>\nSerg G. Brester <info@sebres.de>\nSerg G. Brester <serg.brester@sebres.de>\nSerg G. Bres"
},
{
"path": ".pylintrc",
"chars": 1311,
"preview": "# Custom pylint configuration for the Fail2Ban project\n#\n# Set your PYLINTRC environment variable to point to this file\n"
},
{
"path": ".typos.toml",
"chars": 675,
"preview": "[files]\nextend-exclude = [\n \".git/\",\n \".codespellrc\",\n \"fail2ban/tests/files/logs/\",\n]\nignore-hidden = false\n\n["
},
{
"path": "CONTRIBUTING.md",
"chars": 1107,
"preview": "Guidelines on Fail2Ban contributions\n====================================\n\n### You found a severe security vulnerability"
},
{
"path": "COPYING",
"chars": 19296,
"preview": "The following copyright applies to all files present in the Fail2ban package,\nexcept if a different copyright is explici"
},
{
"path": "ChangeLog",
"chars": 154832,
"preview": "<!-- vim: syntax=Markdown -->\n __ _ _ ___ _\n / _|__ _(_) |_ ) |__ "
},
{
"path": "DEVELOP",
"chars": 8619,
"preview": ".. __ _ _ ___ _\n / _|__ _(_) |_ ) |__ __ _ _ _\n "
},
{
"path": "FILTERS",
"chars": 19836,
"preview": ".. __ _ _ ___ _\n / _|__ _(_) |_ ) |__ __ _ _ _\n "
},
{
"path": "MANIFEST",
"chars": 15305,
"preview": "bin/fail2ban-client\nbin/fail2ban-regex\nbin/fail2ban-server\nbin/fail2ban-testcases\nChangeLog\nconfig/action.d/abuseipdb.co"
},
{
"path": "MANIFEST.in",
"chars": 199,
"preview": "include ChangeLog COPYING DEVELOP FILTERS README.* THANKS TODO CONTRIBUTING* Vagrantfile\ngraft doc\ngraft files\nrecursive"
},
{
"path": "README.Solaris",
"chars": 4189,
"preview": "# vim:tw=80:ft=txt\n\nREADME FOR SOLARIS INSTALLATIONS\n\nBy Roy Sigurd Karlsbakk <roy@karlsbakk.net>\n\nABOUT\n\nThis README is"
},
{
"path": "README.md",
"chars": 5377,
"preview": " __ _ _ ___ _ \n / _|__ _(_) |_ ) |__ __ _ _ _ \n "
},
{
"path": "RELEASE",
"chars": 6569,
"preview": ".. __ _ _ ___ _\n / _|__ _(_) |_ ) |__ __ _ _ _\n "
},
{
"path": "THANKS",
"chars": 2406,
"preview": "Fail2Ban is an open source project which was conceived and originally\ndeveloped by Cyril Jaquier until 2010. Since then"
},
{
"path": "TODO",
"chars": 908,
"preview": " __ _ _ ___ _ \n / _|__ _(_) |_ ) |__ __ _ _ _ \n "
},
{
"path": "Vagrantfile",
"chars": 963,
"preview": "Vagrant.configure(\"2\") do |config|\n\n config.vm.define \"secure\" do |secure|\n secure.vm.box = \"ubuntu/trusty64\"\n"
},
{
"path": "bin/fail2ban-client",
"chars": 1423,
"preview": "#!/usr/bin/env python3\n# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-\n# vi: set ft=python sts=4"
},
{
"path": "bin/fail2ban-regex",
"chars": 1284,
"preview": "#!/usr/bin/env python3\n# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-\n# vi: set ft=python sts=4"
},
{
"path": "bin/fail2ban-server",
"chars": 1421,
"preview": "#!/usr/bin/env python3\n# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-\n# vi: set ft=python sts=4"
},
{
"path": "bin/fail2ban-testcases",
"chars": 2289,
"preview": "#!/usr/bin/env python3\n# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-\n# vi: set ft=python sts=4"
},
{
"path": "config/action.d/abuseipdb.conf",
"chars": 3724,
"preview": "# Fail2ban configuration file\n#\n# Action to report IP address to abuseipdb.com\n# You must sign up to obtain an API key f"
},
{
"path": "config/action.d/apf.conf",
"chars": 587,
"preview": "# Fail2Ban configuration file\n# https://www.rfxn.com/projects/advanced-policy-firewall/\n#\n# Note: APF doesn't play nicel"
},
{
"path": "config/action.d/apprise.conf",
"chars": 3467,
"preview": "# Fail2Ban configuration file\n#\n# Author: Chris Caron <lead2gold@gmail.com>\n#\n# ban & send a notification to one or more"
},
{
"path": "config/action.d/blocklist_de.conf",
"chars": 2790,
"preview": "# Fail2Ban configuration file\n#\n# Author: Steven Hiscocks\n#\n#\n\n# Action to report IP address to blocklist.de\n# Blocklist"
},
{
"path": "config/action.d/bsd-ipfw.conf",
"chars": 3226,
"preview": "# Fail2Ban configuration file\n#\n# Author: Nick Munger\n# Modified by: Ken Menzel\n# Daniel Black (start/stop)"
},
{
"path": "config/action.d/cloudflare-token.conf",
"chars": 3075,
"preview": "#\n# Author: Logic-32\n#\n# IMPORTANT\n#\n# Please set jail.local's permission to 640 because it contains your CF API token.\n"
},
{
"path": "config/action.d/cloudflare.conf",
"chars": 3037,
"preview": "#\n# Author: Mike Rushton\n#\n# IMPORTANT\n#\n# Please set jail.local's permission to 640 because it contains your CF API key"
},
{
"path": "config/action.d/complain.conf",
"chars": 4772,
"preview": "# Fail2Ban configuration file\n#\n# Author: Russell Odom <russ@gloomytrousers.co.uk>, Daniel Black\n# Sends a complaint e-m"
},
{
"path": "config/action.d/csf.conf",
"chars": 581,
"preview": "# Fail2Ban configuration file\n# http://configserver.com/cp/csf.html\n#\n# Note: CSF doesn't play nicely with other actions"
},
{
"path": "config/action.d/dshield.conf",
"chars": 7684,
"preview": "# Fail2Ban configuration file\n#\n# Author: Russell Odom <russ@gloomytrousers.co.uk>\n# Submits attack reports to DShield ("
},
{
"path": "config/action.d/dummy.conf",
"chars": 1717,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n\n[Definition]\n\n# Option: actionstart\n# Notes.: command exe"
},
{
"path": "config/action.d/firewallcmd-allports.conf",
"chars": 1501,
"preview": "# Fail2Ban configuration file\n#\n# Author: Donald Yandt \n# Because of the --remove-rules in stop this action requires fir"
},
{
"path": "config/action.d/firewallcmd-common.conf",
"chars": 2649,
"preview": "# Fail2Ban configuration file\n#\n# Author: Donald Yandt\n#\n\n[Init]\n\n# Option: name\n# Notes Default name of the chain\n#"
},
{
"path": "config/action.d/firewallcmd-ipset.conf",
"chars": 4223,
"preview": "# Fail2Ban action file for firewall-cmd/ipset\n#\n# This requires:\n# ipset (package: ipset)\n# firewall-cmd (package: firew"
},
{
"path": "config/action.d/firewallcmd-multiport.conf",
"chars": 1270,
"preview": "# Fail2Ban configuration file\n#\n# Author: Donald Yandt \n# Because of the --remove-rules in stop this action requires fir"
},
{
"path": "config/action.d/firewallcmd-new.conf",
"chars": 1898,
"preview": "# Fail2Ban configuration file\n#\n# Because of the --remove-rules in stop this action requires firewalld-0.3.8+\n\n[INCLUDES"
},
{
"path": "config/action.d/firewallcmd-rich-logging.conf",
"chars": 1021,
"preview": "# Fail2Ban configuration file\n#\n# Authors: Donald Yandt, Sergey G. Brester\n# \n# Because of the rich rule commands requir"
},
{
"path": "config/action.d/firewallcmd-rich-rules.conf",
"chars": 1761,
"preview": "# Fail2Ban configuration file\n#\n# Author: Donald Yandt \n# \n# Because of the rich rule commands requires firewalld-0.3.1+"
},
{
"path": "config/action.d/helpers-common.conf",
"chars": 592,
"preview": "[DEFAULT]\n\n# Usage:\n# _grep_logs_args = 'test'\n# (printf %%b \"Log-excerpt contains 'test':\\n\"; %(_grep_logs)s; print"
},
{
"path": "config/action.d/hostsdeny.conf",
"chars": 1657,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n# Edited for cross platform by: James Stout, Yaroslav Halchenko "
},
{
"path": "config/action.d/ipfilter.conf",
"chars": 1573,
"preview": "# Fail2Ban configuration file\n#\n# NetBSD ipfilter (ipf command) ban/unban\n#\n# Author: Ed Ravin <eravin@panix.com>\n#\n#\n\n["
},
{
"path": "config/action.d/ipfw.conf",
"chars": 1505,
"preview": "# Fail2Ban configuration file\n#\n# Author: Nick Munger\n# Modified by: Cyril Jaquier\n#\n#\n\n[Definition]\n\n# Option: actions"
},
{
"path": "config/action.d/iptables-allports.conf",
"chars": 291,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n# Modified: Yaroslav O. Halchenko <debian@onerussian.com>\n# \t\t\tm"
},
{
"path": "config/action.d/iptables-ipset-proto4.conf",
"chars": 2221,
"preview": "# Fail2Ban configuration file\n#\n# Author: Daniel Black\n#\n# This is for ipset protocol 4 (ipset v4.2). If you have a late"
},
{
"path": "config/action.d/iptables-ipset-proto6-allports.conf",
"chars": 814,
"preview": "# Fail2Ban configuration file\n#\n# Author: Daniel Black\n#\n# This is for ipset protocol 6 (and hopefully later) (ipset v6."
},
{
"path": "config/action.d/iptables-ipset-proto6.conf",
"chars": 773,
"preview": "# Fail2Ban configuration file\n#\n# Author: Daniel Black\n#\n# This is for ipset protocol 6 (and hopefully later) (ipset v6."
},
{
"path": "config/action.d/iptables-ipset.conf",
"chars": 3052,
"preview": "# Fail2Ban configuration file\n#\n# Authors: Sergey G Brester (sebres), Daniel Black, Alexander Koeppe\n#\n# This is for ips"
},
{
"path": "config/action.d/iptables-multiport-log.conf",
"chars": 2163,
"preview": "# Fail2Ban configuration file\n#\n# Author: Guido Bozzetto\n# Modified: Cyril Jaquier\n#\n# make \"f2b-<name>\" chain to match "
},
{
"path": "config/action.d/iptables-multiport.conf",
"chars": 232,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n# Modified by Yaroslav Halchenko for multiport banning\n#\n# Obsol"
},
{
"path": "config/action.d/iptables-new.conf",
"chars": 332,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n# Copied from iptables.conf and modified by Yaroslav Halchenko \n"
},
{
"path": "config/action.d/iptables-xt_recent-echo.conf",
"chars": 2875,
"preview": "# Fail2Ban configuration file\n#\n# Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>\n#\n# Modified: Alexander Koeppe"
},
{
"path": "config/action.d/iptables.conf",
"chars": 4861,
"preview": "# Fail2Ban configuration file\n#\n# Authors: Sergey G. Brester (sebres), Cyril Jaquier, Daniel Black, \n# Yaroslav"
},
{
"path": "config/action.d/ipthreat.conf",
"chars": 4290,
"preview": "# IPThreat configuration file\n#\n# Added to fail2ban by Jeff Johnson (jjxtra)\n#\n# Action to report IP address to ipthreat"
},
{
"path": "config/action.d/mail-buffered.conf",
"chars": 2495,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n\n[Definition]\n\n# bypass ban/unban for restored tickets\nnores"
},
{
"path": "config/action.d/mail-whois-common.conf",
"chars": 1051,
"preview": "# Fail2Ban configuration file\n#\n# Common settings for mail actions\n#\n# Users can override the defaults in mail-whois-com"
},
{
"path": "config/action.d/mail-whois-lines.conf",
"chars": 2459,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n# Modified-By: Yaroslav Halchenko to include grepping on IP over"
},
{
"path": "config/action.d/mail-whois.conf",
"chars": 1890,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n\n[INCLUDES]\n\nbefore = mail-whois-common.conf\n\n[Definition]\n\n"
},
{
"path": "config/action.d/mail.conf",
"chars": 1757,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n\n[Definition]\n\n# bypass ban/unban for restored tickets\nnores"
},
{
"path": "config/action.d/mikrotik.conf",
"chars": 2546,
"preview": "# Fail2Ban configuration file\n#\n# Mikrotik routerOS action to add/remove address-list entries\n#\n# Author: Duncan Bellamy"
},
{
"path": "config/action.d/mynetwatchman.conf",
"chars": 5321,
"preview": "# Fail2Ban configuration file\n#\n# Author: Russell Odom <russ@gloomytrousers.co.uk>\n# Submits attack reports to myNetWatc"
},
{
"path": "config/action.d/netscaler.conf",
"chars": 1493,
"preview": "# Fail2ban Citrix Netscaler Action\n# by Juliano Jeziorny\n# juliano@jeziorny.eu\n#\n# The script will add offender IPs to a"
},
{
"path": "config/action.d/nftables-allports.conf",
"chars": 383,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n# Modified: Yaroslav O. Halchenko <debian@onerussian.com>\n# \t\t\tm"
},
{
"path": "config/action.d/nftables-multiport.conf",
"chars": 384,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n# Modified: Yaroslav O. Halchenko <debian@onerussian.com>\n# \t\t\tm"
},
{
"path": "config/action.d/nftables.conf",
"chars": 6622,
"preview": "# Fail2Ban configuration file\n#\n# Author: Daniel Black\n# Author: Cyril Jaquier\n# Modified: Yaroslav O. Halchenko <debian"
},
{
"path": "config/action.d/nginx-block-map.conf",
"chars": 4010,
"preview": "# Fail2Ban configuration file for black-listing via nginx\n#\n# Author: Serg G. Brester (aka sebres)\n#\n# To use 'nginx-blo"
},
{
"path": "config/action.d/npf.conf",
"chars": 1524,
"preview": "# Fail2Ban configuration file\n#\n# NetBSD npf ban/unban\n#\n# Author: Nils Ratusznik <nils@NetBSD.org>\n# Based on pf.conf a"
},
{
"path": "config/action.d/nsupdate.conf",
"chars": 3234,
"preview": "# Fail2Ban configuration file\n#\n# Author: Andrew St. Jean\n#\n# Use nsupdate to perform dynamic DNS updates on a BIND zone"
},
{
"path": "config/action.d/osx-afctl.conf",
"chars": 497,
"preview": "# Fail2Ban configuration file for using afctl on Mac OS X Server 10.5\n#\n# Anonymous author\n# http://www.fail2ban.org/wik"
},
{
"path": "config/action.d/osx-ipfw.conf",
"chars": 2302,
"preview": "# Fail2Ban configuration file\n#\n# Author: Nick Munger\n# Modified by: Andy Fragen and Daniel Black\n#\n# Mod for OS X, usin"
},
{
"path": "config/action.d/pf.conf",
"chars": 4082,
"preview": "# Fail2Ban configuration file\n#\n# OpenBSD pf ban/unban\n#\n# Author: Nick Hilliard <nick@foobar.org>\n# Modified by: Alexan"
},
{
"path": "config/action.d/route.conf",
"chars": 1023,
"preview": "# Fail2Ban configuration file\n#\n# Author: Michael Gebetsroither\n#\n# This is for blocking whole hosts through blackhole r"
},
{
"path": "config/action.d/sendmail-buffered.conf",
"chars": 2806,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n\n[INCLUDES]\n\nbefore = sendmail-common.conf\n\n[Definition]\n\n# "
},
{
"path": "config/action.d/sendmail-common.conf",
"chars": 1938,
"preview": "# Fail2Ban configuration file\n#\n# Common settings for sendmail actions\n#\n# Users can override the defaults in sendmail-c"
},
{
"path": "config/action.d/sendmail-geoip-lines.conf",
"chars": 1760,
"preview": "# Fail2Ban configuration file\n#\n# Author: Viktor Szépe\n#\n#\n\n[INCLUDES]\n\nbefore = sendmail-common.conf\n helpers-c"
},
{
"path": "config/action.d/sendmail-whois-ipjailmatches.conf",
"chars": 1055,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n\n[INCLUDES]\n\nbefore = sendmail-common.conf\n mail-who"
},
{
"path": "config/action.d/sendmail-whois-ipmatches.conf",
"chars": 1036,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n\n[INCLUDES]\n\nbefore = sendmail-common.conf\n mail-who"
},
{
"path": "config/action.d/sendmail-whois-lines.conf",
"chars": 1299,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n\n[INCLUDES]\n\nbefore = sendmail-common.conf\n mail-who"
},
{
"path": "config/action.d/sendmail-whois-matches.conf",
"chars": 1000,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n\n[INCLUDES]\n\nbefore = sendmail-common.conf\n mail-who"
},
{
"path": "config/action.d/sendmail-whois.conf",
"chars": 950,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n\n[INCLUDES]\n\nbefore = sendmail-common.conf\n mail-who"
},
{
"path": "config/action.d/sendmail.conf",
"chars": 829,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n\n[INCLUDES]\n\nbefore = sendmail-common.conf\n\n[Definition]\n\n# "
},
{
"path": "config/action.d/shorewall-ipset-proto6.conf",
"chars": 3952,
"preview": "# Fail2Ban configuration file\n#\n# Author: Eduardo Diaz\n#\n# This is for ipset protocol 6 (and hopefully later) (ipset v6."
},
{
"path": "config/action.d/shorewall.conf",
"chars": 2156,
"preview": "# Fail2Ban configuration file\n#\n# Author: Cyril Jaquier\n#\n#\n# The default Shorewall configuration is with \"BLACKLISTNEWO"
},
{
"path": "config/action.d/smtp.py",
"chars": 6725,
"preview": "# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-\n# vi: set ft=python sts=4 ts=4 sw=4 noet :\n\n# Th"
},
{
"path": "config/action.d/symbiosis-blacklist-allports.conf",
"chars": 1503,
"preview": "# Fail2Ban configuration file for Bytemark Symbiosis firewall\n#\n# Author: Yaroslav Halchenko\n#\n\n[INCLUDES]\n\nbefore = ipt"
},
{
"path": "config/action.d/ufw.conf",
"chars": 2382,
"preview": "# Fail2Ban action configuration file for ufw\n#\n# You are required to run \"ufw enable\" before this will have any effect.\n"
},
{
"path": "config/action.d/xarf-login-attack.conf",
"chars": 6679,
"preview": "# Fail2Ban action for sending xarf Login-Attack messages to IP owner\n#\n# IMPORTANT:\n#\n# Emailing a IP owner of abuse is "
},
{
"path": "config/fail2ban.conf",
"chars": 3017,
"preview": "# Fail2Ban main configuration file\n#\n# Comments: use '#' for comment lines and ';' (following a space) for inline commen"
},
{
"path": "config/filter.d/3proxy.conf",
"chars": 467,
"preview": "# Fail2Ban filter for 3proxy\n#\n#\n\n[Definition]\n\n\nfailregex = ^\\s[+-]\\d{4} \\S+ \\d{3}0[1-9] \\S+ <HOST>:\\d+ [\\d.]+:\\d+ \\d+ "
},
{
"path": "config/filter.d/apache-auth.conf",
"chars": 3229,
"preview": "# Fail2Ban apache-auth filter\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any customizations available -- read them from\n#"
},
{
"path": "config/filter.d/apache-badbots.conf",
"chars": 2901,
"preview": "# Fail2Ban configuration file\n#\n# Regexp to catch known spambots and software alike. Please verify\n# that it is your int"
},
{
"path": "config/filter.d/apache-botsearch.conf",
"chars": 1265,
"preview": "# Fail2Ban filter to match web requests for selected URLs that don't exist\n#\n# This filter is aimed at blocking specific"
},
{
"path": "config/filter.d/apache-common.conf",
"chars": 1630,
"preview": "# Generic configuration items (to be used as interpolations) in other\n# apache filters.\n\n[INCLUDES]\n\nbefore = common.con"
},
{
"path": "config/filter.d/apache-fakegooglebot.conf",
"chars": 436,
"preview": "# Fail2Ban filter for fake Googlebot User Agents\n\n[Definition]\n\nvhostpref = (?:[\\w]+[\\w\\-\\.]*\\s+)?\nfailregex = ^\\s*%(vho"
},
{
"path": "config/filter.d/apache-modsecurity.conf",
"chars": 511,
"preview": "# Fail2Ban apache-modsec filter\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any customizations available -- read them from"
},
{
"path": "config/filter.d/apache-nohome.conf",
"chars": 596,
"preview": "# Fail2Ban filter to web requests for home directories on Apache servers\n#\n# Regex to match failures to find a home dire"
},
{
"path": "config/filter.d/apache-noscript.conf",
"chars": 1347,
"preview": "# Fail2Ban filter to block web requests for scripts (on non scripted websites)\n#\n# This matches many types of scripts th"
},
{
"path": "config/filter.d/apache-overflows.conf",
"chars": 2189,
"preview": "# Fail2Ban filter to block web requests on a long or suspicious nature\n#\n\n[INCLUDES]\n\n# overwrite with apache-common.loc"
},
{
"path": "config/filter.d/apache-pass.conf",
"chars": 361,
"preview": "# Fail2Ban Apache pass filter\n# This filter is for access.log, NOT for error.log\n#\n# The knocking request must have a re"
},
{
"path": "config/filter.d/apache-shellshock.conf",
"chars": 1020,
"preview": "# Fail2Ban filter to block web requests containing custom headers attempting to exploit the shellshock bug\n#\n#\n\n[INCLUDE"
},
{
"path": "config/filter.d/assp.conf",
"chars": 3492,
"preview": "# Fail2Ban filter for Anti-Spam SMTP Proxy Server (ASSP)\n# Filter works in theory for both ASSP V1 and V2. Recommende"
},
{
"path": "config/filter.d/asterisk.conf",
"chars": 2395,
"preview": "# Fail2Ban filter for asterisk authentication failures\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any customizations avai"
},
{
"path": "config/filter.d/bitwarden.conf",
"chars": 427,
"preview": "# Fail2Ban filter for Bitwarden\n# Detecting failed login attempts\n# Logged in bwdata/logs/identity/Identity/log.txt\n\n[IN"
},
{
"path": "config/filter.d/botsearch-common.conf",
"chars": 522,
"preview": "# Generic configuration file for -botsearch filters\n\n[Init]\n\n# Block is the actual non-found directories to block\nblock "
},
{
"path": "config/filter.d/centreon.conf",
"chars": 307,
"preview": "# Fail2Ban filter for Centreon Web\n# Detecting unauthorized access to the Centreon Web portal\n# typically logged in /var"
},
{
"path": "config/filter.d/common.conf",
"chars": 2776,
"preview": "# Generic configuration items (to be used as interpolations) in other\n# filters or actions configurations\n#\n\n[INCLUDES]"
},
{
"path": "config/filter.d/counter-strike.conf",
"chars": 244,
"preview": "# Fail2Ban filter for failure attempts in Counter Strike-1.6\n#\n#\n\n[Definition]\n\nfailregex = ^: Bad Rcon: \"rcon \\d+ \"\\S+\""
},
{
"path": "config/filter.d/courier-auth.conf",
"chars": 463,
"preview": "# Fail2Ban filter for courier authentication failures\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any customizations avail"
},
{
"path": "config/filter.d/courier-smtp.conf",
"chars": 512,
"preview": "# Fail2Ban filter to block relay attempts though a Courier smtp server\n#\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any c"
},
{
"path": "config/filter.d/cyrus-imap.conf",
"chars": 444,
"preview": "# Fail2Ban filter for authentication failures on Cyrus imap server\n#\n#\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any cus"
},
{
"path": "config/filter.d/dante.conf",
"chars": 467,
"preview": "# Fail2Ban filter for dante\n#\n# Make sure you have \"log: error\" set in your \"client pass\" directive\n#\n\n[INCLUDES]\nbefore"
},
{
"path": "config/filter.d/directadmin.conf",
"chars": 338,
"preview": "# Fail2Ban configuration file for Directadmin\n#\n#\n#\n\n[INCLUDES]\n\nbefore = common.conf\n\n[Definition]\n\nfailregex = ^: \\'<H"
},
{
"path": "config/filter.d/domino-smtp.conf",
"chars": 2107,
"preview": "# Fail2Ban configuration file for IBM Domino SMTP Server TASK to detect failed login attempts\n#\n# Author: Christian Bran"
},
{
"path": "config/filter.d/dovecot.conf",
"chars": 2814,
"preview": "# Fail2Ban filter Dovecot authentication and pop3/imap server\n#\n\n[INCLUDES]\n\nbefore = common.conf\n\n[Definition]\n\n_daemon"
},
{
"path": "config/filter.d/dropbear.conf",
"chars": 2011,
"preview": "# Fail2Ban filter for dropbear\n#\n# NOTE: The regex below is ONLY intended to work with a patched\n# version of Dropbear a"
},
{
"path": "config/filter.d/drupal-auth.conf",
"chars": 547,
"preview": "# Fail2Ban filter to block repeated failed login attempts to Drupal site(s)\n#\n#\n# Drupal must be setup to use Syslog, wh"
},
{
"path": "config/filter.d/ejabberd-auth.conf",
"chars": 1572,
"preview": "# Fail2Ban configuration file\n#\n# Author: Steven Hiscocks\n#\n#\n\n[Definition]\n\n# Option: failregex\n# Notes.: regex to ma"
},
{
"path": "config/filter.d/exim-common.conf",
"chars": 1473,
"preview": "# Fail2Ban filter file for common exim expressions\n#\n# This is to be used by other exim filters\n\n[INCLUDES]\n\n# Load cust"
},
{
"path": "config/filter.d/exim-spam.conf",
"chars": 2114,
"preview": "# Fail2Ban filter for exim the spam rejection messages\n#\n# Honeypot traps are very useful for fighting spam. You just ac"
},
{
"path": "config/filter.d/exim.conf",
"chars": 2249,
"preview": "# Fail2Ban filter for exim\n#\n# This includes the rejection messages of exim. For spam and filter\n# related bans use the "
},
{
"path": "config/filter.d/freeswitch.conf",
"chars": 1892,
"preview": "# Fail2Ban configuration file\n#\n# Enable \"log-auth-failures\" on each Sofia profile to monitor\n# <param name=\"log-auth-fa"
},
{
"path": "config/filter.d/froxlor-auth.conf",
"chars": 1301,
"preview": "# Fail2Ban configuration file to block repeated failed login attempts to Frolor installation(s)\n# \n# Froxlor needs to lo"
},
{
"path": "config/filter.d/gitlab.conf",
"chars": 236,
"preview": "# Fail2Ban filter for Gitlab\n# Detecting unauthorized access to the Gitlab Web portal\n# typically logged in /var/log/git"
},
{
"path": "config/filter.d/grafana.conf",
"chars": 388,
"preview": "# Fail2Ban filter for Grafana\n# Detecting unauthorized access\n# Typically logged in /var/log/grafana/grafana.log\n\n[Init]"
},
{
"path": "config/filter.d/groupoffice.conf",
"chars": 236,
"preview": "# Fail2Ban filter for Group-Office\n#\n# Enable logging with:\n# $config['info_log']='/home/groupoffice/log/info.log';\n#\n\n["
},
{
"path": "config/filter.d/gssftpd.conf",
"chars": 322,
"preview": "# Fail2Ban filter file for gssftp\n#\n# Note: gssftp is part of the krb5-appl-servers in Fedora\n#\n[INCLUDES]\n\nbefore = com"
},
{
"path": "config/filter.d/guacamole.conf",
"chars": 1447,
"preview": "# Fail2Ban configuration file for guacamole\n#\n# Author: Steven Hiscocks\n#\n\n[Definition]\n\nlogging = catalina\nfailregex = "
},
{
"path": "config/filter.d/haproxy-http-auth.conf",
"chars": 1170,
"preview": "# Fail2Ban filter configuration file to match failed login attempts to\n# HAProxy HTTP Authentication protected servers.\n"
},
{
"path": "config/filter.d/horde.conf",
"chars": 404,
"preview": "# fail2ban filter configuration for horde\n\n\n[Definition]\n\n\nfailregex = ^ HORDE \\[error\\] \\[(horde|imp)\\] FAILED LOGIN fo"
},
{
"path": "config/filter.d/ignorecommands/apache-fakegooglebot",
"chars": 1418,
"preview": "#!/usr/bin/env fail2ban-python\n# Inspired by https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/\n#\n# Writte"
},
{
"path": "config/filter.d/kerio.conf",
"chars": 938,
"preview": "# Fail2ban filter for kerio\n\n[Definition]\n\nfailregex = ^ SMTP Spam attack detected from <HOST>,\n ^ IP address"
},
{
"path": "config/filter.d/lighttpd-auth.conf",
"chars": 487,
"preview": "# Fail2Ban filter to match wrong passwords as notified by lighttpd's auth Module\n#\n\n[Definition]\n\nfailregex = ^[^\\)]*\\(?"
},
{
"path": "config/filter.d/mongodb-auth.conf",
"chars": 2278,
"preview": "# Fail2Ban filter for unsuccessful MongoDB authentication attempts\n#\n# Logfile /var/log/mongodb/mongodb.log\n#\n# add sett"
},
{
"path": "config/filter.d/monit.conf",
"chars": 787,
"preview": "# Fail2Ban filter for monit.conf, looks for failed access attempts\n#\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any custo"
},
{
"path": "config/filter.d/monitorix.conf",
"chars": 640,
"preview": "# Fail2Ban filter for Monitorix (HTTP built-in server)\n#\n\n[INCLUDES]\n\nbefore = common.conf\n\n[Definition]\n\n_daemon = moni"
},
{
"path": "config/filter.d/mssql-auth.conf",
"chars": 440,
"preview": "# Fail2Ban filter for failed MSSQL Server authentication attempts\n\n[Definition]\n\nfailregex = ^\\s*Logon\\s+Login failed fo"
},
{
"path": "config/filter.d/murmur.conf",
"chars": 927,
"preview": "# Fail2Ban filter for murmur/mumble-server\n#\n\n[Definition]\n\n_daemon = murmurd\n\n# N.B. If you allow users to have usernam"
},
{
"path": "config/filter.d/mysqld-auth.conf",
"chars": 1181,
"preview": "# Fail2Ban filter for unsuccessful MySQL authentication attempts\n#\n#\n# To log wrong MySQL access attempts add to /etc/my"
},
{
"path": "config/filter.d/nagios.conf",
"chars": 400,
"preview": "# Fail2Ban filter for Nagios Remote Plugin Executor (nrpe2)\n# Detecting unauthorized access to the nrpe2 daemon \n# typic"
},
{
"path": "config/filter.d/named-refused.conf",
"chars": 1616,
"preview": "# Fail2Ban filter file for named (bind9).\n#\n\n# This filter blocks attacks against named (bind9) however it requires spec"
},
{
"path": "config/filter.d/nginx-bad-request.conf",
"chars": 474,
"preview": "# Fail2Ban filter to match bad requests to nginx\n#\n\n[Definition]\n\n# The request often doesn't contain a method, only som"
},
{
"path": "config/filter.d/nginx-botsearch.conf",
"chars": 740,
"preview": "# Fail2Ban filter to match web requests for selected URLs that don't exist\n#\n\n[INCLUDES]\n\n# Load regexes for filtering\nb"
},
{
"path": "config/filter.d/nginx-error-common.conf",
"chars": 768,
"preview": "# Generic nginx error_log configuration items (to be used as interpolations) in other\n# filters monitoring nginx error-l"
},
{
"path": "config/filter.d/nginx-forbidden.conf",
"chars": 914,
"preview": "# fail2ban filter configuration for nginx forbidden accesses\n#\n# If you have configured nginx to forbid some paths in yo"
},
{
"path": "config/filter.d/nginx-http-auth.conf",
"chars": 1242,
"preview": "# fail2ban filter configuration for nginx\n\n[INCLUDES]\n\nbefore = nginx-error-common.conf\n\n[Definition]\n\nmode = normal\n\n__"
},
{
"path": "config/filter.d/nginx-limit-req.conf",
"chars": 1677,
"preview": "# Fail2ban filter configuration for nginx :: limit_req\n# used to ban hosts, that were failed through nginx by limit requ"
},
{
"path": "config/filter.d/nsd.conf",
"chars": 779,
"preview": "# Fail2Ban configuration file\n#\n# Author: Bas van den Dikkenberg\n#\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any customi"
},
{
"path": "config/filter.d/openhab.conf",
"chars": 452,
"preview": "# Openhab brute force auth filter: /etc/fail2ban/filter.d/openhab.conf:\n#\n# Block IPs trying to auth openhab by web or r"
},
{
"path": "config/filter.d/openvpn.conf",
"chars": 480,
"preview": "# Fail2Ban filter for openvpn server\n# Detecting wrong TLS handshakes\n# typically logged in /var/log/syslog\n# Author: Ph"
},
{
"path": "config/filter.d/openwebmail.conf",
"chars": 495,
"preview": "# Fail2Ban filter for Openwebmail\n# banning hosts with authentication errors in /var/log/openwebmail.log\n# OpenWebMail h"
},
{
"path": "config/filter.d/oracleims.conf",
"chars": 1937,
"preview": "# Fail2Ban configuration file\n# for Oracle IMS with XML logging\n#\n# Author: Joel Snyder/jms@opus1.com/2014-June-01\n#\n#\n\n"
},
{
"path": "config/filter.d/pam-generic.conf",
"chars": 947,
"preview": "# Fail2Ban configuration file for generic PAM authentication errors\n#\n\n[INCLUDES]\n\nbefore = common.conf\n\n[Definition]\n\n#"
},
{
"path": "config/filter.d/perdition.conf",
"chars": 568,
"preview": "# Fail2Ban filter for perdition\n#\n#\n\n[INCLUDES]\n\nbefore = common.conf\n\n[Definition]\n\n_daemon=perdition.\\S+\n\nfailregex = "
},
{
"path": "config/filter.d/php-url-fopen.conf",
"chars": 891,
"preview": "# Fail2Ban filter for URLs with a URL as a script parameters\n# which can be an indication of a fopen url php injection\n#"
},
{
"path": "config/filter.d/phpmyadmin-syslog.conf",
"chars": 278,
"preview": "# Fail2Ban filter for the phpMyAdmin-syslog\n#\n\n[INCLUDES]\n\nbefore = common.conf\n\n[Definition]\n\n_daemon = phpMyAdmin\n\nfai"
},
{
"path": "config/filter.d/portsentry.conf",
"chars": 242,
"preview": "# Fail2Ban filter for failure attempts in Counter Strike-1.6\n#\n#\n\n[Definition]\n\nfailregex = \\/<HOST> Port\\: [0-9]+ (TCP|"
},
{
"path": "config/filter.d/postfix.conf",
"chars": 3704,
"preview": "# Fail2Ban filter for selected Postfix SMTP rejections\n#\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any customizations av"
},
{
"path": "config/filter.d/proftpd.conf",
"chars": 1163,
"preview": "# Fail2Ban filter for the Proftpd FTP daemon\n#\n# Set \"UseReverseDNS off\" in proftpd.conf to avoid the need for DNS.\n# Se"
},
{
"path": "config/filter.d/proxmox.conf",
"chars": 383,
"preview": "# Fail2Ban filter for Proxmox Web GUI\n#\n# Jail example:\n# [proxmox]\n# enabled = true\n# port = https,http,8006\n#"
},
{
"path": "config/filter.d/pure-ftpd.conf",
"chars": 2315,
"preview": "# Fail2Ban filter for pureftp\n#\n# Disable hostname based logging by:\n#\n# Start pure-ftpd with the -H switch or on Ubuntu"
},
{
"path": "config/filter.d/qmail.conf",
"chars": 795,
"preview": "# Fail2Ban filters for qmail RBL patches/fake proxies\n#\n# the default djb RBL implementation doesn't log any rejections "
},
{
"path": "config/filter.d/recidive.conf",
"chars": 1740,
"preview": "# Fail2Ban filter for repeat bans\n#\n# This filter monitors the fail2ban log file, and enables you to add long \n# time ba"
},
{
"path": "config/filter.d/roundcube-auth.conf",
"chars": 1507,
"preview": "# Fail2Ban configuration file for roundcube web server\n#\n# By default failed logins are printed to 'errors'. The first r"
},
{
"path": "config/filter.d/routeros-auth.conf",
"chars": 225,
"preview": "# Fail2Ban filter for failure attempts in MikroTik RouterOS\n#\n#\n\n[Definition]\n\nfailregex = ^\\s*\\S+ system,error,critical"
},
{
"path": "config/filter.d/scanlogd.conf",
"chars": 354,
"preview": "# Fail2Ban filter for port scans detected by scanlogd\n\n[INCLUDES]\n\n# Read common prefixes. If any customizations availab"
},
{
"path": "config/filter.d/screensharingd.conf",
"chars": 821,
"preview": "# Fail2Ban configuration file\n#\n# Author: Simon Brown\n#\n# Filter for Mac OS X Screen Sharing service\n\n[INCLUDES]\n\n# Read"
},
{
"path": "config/filter.d/selinux-common.conf",
"chars": 549,
"preview": "# Fail2Ban configuration file for generic SELinux audit messages\n#\n# This file is not intended to be used directly, and "
},
{
"path": "config/filter.d/selinux-ssh.conf",
"chars": 653,
"preview": "# Fail2Ban configuration file for SELinux ssh authentication errors\n#\n\n[INCLUDES]\n\nafter = selinux-common.conf\n\n[Definit"
},
{
"path": "config/filter.d/sendmail-auth.conf",
"chars": 790,
"preview": "# Fail2Ban filter for sendmail authentication failures\n#\n\n[INCLUDES]\n\nbefore = common.conf\n\n[Definition]\n\n_daemon = (?:s"
},
{
"path": "config/filter.d/sendmail-reject.conf",
"chars": 3961,
"preview": "# Fail2Ban filter for sendmail spam/relay type failures\n#\n# Some of the below failregex will only work properly, when th"
},
{
"path": "config/filter.d/sieve.conf",
"chars": 371,
"preview": "# Fail2Ban filter for sieve authentication failures\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any customizations availab"
},
{
"path": "config/filter.d/slapd.conf",
"chars": 657,
"preview": "# slapd (Stand-alone LDAP Daemon) openldap daemon filter\n#\n# Detecting invalid credentials: error code 49\n# http://www.o"
},
{
"path": "config/filter.d/softethervpn.conf",
"chars": 451,
"preview": "# Fail2Ban filter for SoftEtherVPN\n# Detecting unauthorized access to SoftEtherVPN\n# typically logged in /usr/local/vpns"
},
{
"path": "config/filter.d/sogo-auth.conf",
"chars": 723,
"preview": "# Fail2ban filter for SOGo authentication\n#\n# Log file usually in /var/log/sogo/sogo.log\n\n[Definition]\n\nfailregex = ^ so"
},
{
"path": "config/filter.d/solid-pop3d.conf",
"chars": 1094,
"preview": "# Fail2Ban filter for unsuccessful solid-pop3 authentication attempts\n#\n# Doesn't currently provide PAM support as PAM l"
},
{
"path": "config/filter.d/squid.conf",
"chars": 260,
"preview": "# Fail2Ban filter for Squid attempted proxy bypasses\n#\n#\n\n[Definition]\n\nfailregex = ^\\s+\\d\\s<HOST>\\s+[A-Z_]+_DENIED/403 "
},
{
"path": "config/filter.d/squirrelmail.conf",
"chars": 191,
"preview": "\n[Definition]\n\nfailregex = ^ \\[LOGIN_ERROR\\].*from <HOST>: Unknown user or password incorrect\\.$\n\nignoreregex =\n\ndatepat"
},
{
"path": "config/filter.d/sshd.conf",
"chars": 8441,
"preview": "# Fail2Ban filter for openssh\n#\n# If you want to protect OpenSSH from being bruteforced by password\n# authentication the"
},
{
"path": "config/filter.d/stunnel.conf",
"chars": 363,
"preview": "# Fail2ban filter for stunnel\n\n[Definition]\n\nfailregex = ^ LOG\\d\\[\\d+:\\d+\\]:\\ SSL_accept from <HOST>:\\d+ : (?P<CODE>[\\dA"
},
{
"path": "config/filter.d/suhosin.conf",
"chars": 649,
"preview": "# Fail2Ban filter for suhosian PHP hardening\n#\n# This occurs with lighttpd or directly from the plugin\n#\n\n[INCLUDES]\n\n# "
},
{
"path": "config/filter.d/tine20.conf",
"chars": 890,
"preview": "# Fail2Ban filter for Tine 2.0 authentication\n#\n# Enable logging with:\n# $config['info_log']='/var/log/tine20/tine20.log"
},
{
"path": "config/filter.d/traefik-auth.conf",
"chars": 2388,
"preview": "# Fail2ban filter configuration for traefik :: auth\n# used to ban hosts, that were failed through traefik\n#\n# Author: Cr"
},
{
"path": "config/filter.d/uwimap-auth.conf",
"chars": 374,
"preview": "# Fail2Ban filter for uwimap\n#\n\n[INCLUDES]\n\nbefore = common.conf\n\n[Definition]\n\n_daemon = (?:ipop3d|imapd)\n\nfailregex = "
},
{
"path": "config/filter.d/vaultwarden.conf",
"chars": 419,
"preview": "# Fail2Ban filter for unsuccessful Vaultwarden authentication attempts\n# Logged in /var/log/vaultwarden.log\n# Author: Le"
},
{
"path": "config/filter.d/vsftpd.conf",
"chars": 787,
"preview": "# Fail2Ban filter for vsftp\n#\n# Configure VSFTP for \"dual_log_enable=YES\", and have fail2ban watch\n# /var/log/vsftpd.log"
},
{
"path": "config/filter.d/webmin-auth.conf",
"chars": 444,
"preview": "# Fail2Ban filter for webmin\n#\n\n[INCLUDES]\n\nbefore = common.conf\n\n[Definition]\n\n_daemon = webmin\n\nfailregex = ^%(__prefi"
},
{
"path": "config/filter.d/wuftpd.conf",
"chars": 520,
"preview": "# Fail2Ban configuration file for wuftpd\n#\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any customizations available -- rea"
},
{
"path": "config/filter.d/xinetd-fail.conf",
"chars": 521,
"preview": "# Fail2Ban filter for xinetd failures\n#\n# Cfr.: /var/log/(daemon\\.|sys)log\n#\n#\n\n[INCLUDES]\n\n# Read common prefixes. If a"
},
{
"path": "config/filter.d/xrdp.conf",
"chars": 669,
"preview": "#\n# Fail2Ban filter for XRDP\n#\n# Detects login attempts with invalid credentials\n#\n# Requirements:\n# - xrdp >= 0.9.19\n"
}
]
// ... and 321 more files (download for full content)
About this extraction
This page contains the full source code of the fail2ban/fail2ban GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 521 files (2.2 MB), approximately 600.0k tokens, and a symbol index with 1784 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.