Releases: clearlinux/tallow
Releases · clearlinux/tallow
v21
v20
v19
v18
v17
v16
v15: Convert patterns to JSON input files.
Tallow will now read JSON files from /usr/share/tallow/ and /etc/tallow and parse them to retrieve filters and patterns. The sshd patterns are converted to JSON and used to test this change. If a file exists in /etc/tallow with the same name as a file in /usr/share/tallow, only the file in /etc/tallow will be parsed. This change allows much more dynamic insertion of rules and people to create custom patterns and filters and monitor the logs of other daemons besides sshd that may be subject to brutefoce login attempts. Potential use cases: - IMAP/POP services - SMTP - HTTP services permitted they log to syslog - DNS servers logging malformed requests - etc.
v14
v11: Possibly handle journald restarts better.
I've encountered two runaway tallow daemons now that seem to coincide with journald restarts that send it spinning tight on the `continue` statement and hitting the same _get_data() error (ENOENT). I'm unsure if the `break` will fix it, but the `continue` is definitely broken here. Hopefully the `sd_journal_wait()` will properly reassess the journal state and notify us of rotations or other issues.
untagged-b3f44d644b7903f8fa67: Possibly handle journald restarts better.
I've encountered two runaway tallow daemons now that seem to coincide with journald restarts that send it spinning tight on the `continue` statement and hitting the same _get_data() error (ENOENT). I'm unsure if the `break` will fix it, but the `continue` is definitely broken here. Hopefully the `sd_journal_wait()` will properly reassess the journal state and notify us of rotations or other issues.