Release 2.1.3 (#69)

* turning up version number

* negative permabancount means disabled (fixes #73)

* #64 dont return whitelisted ips for temp ban list (#75)

* #58 add all temp bans to perma (#76)

* Add configuration for the Windows OpenSSH service. (#77)


* Add configuration for the Windows OpenSSH service.

* fixing a potential sec vulnerability

* Update CONTRIBUTING.md (#78)

* disable tasks with non existing bugs (#79)

* finishing the release 2.1.3

Co-authored-by: Zackary Lowery <zlowery@xcjs.com>

Author: devnulli

CONTRIBUTING.md

@@ -4,7 +4,7 @@ If there is anything you can contribute, PLEASE do so, for whatever reason (spec
 Just make a pull request, and request it to be merged. If there are any issues you resolve with the pull request, make sure to link to them.
 
 ## Making a pull request.
-There is always branch for version that is currently up next (for example "v2.1.3" ). When you make a pull request, please let it base on that branch, never on master.
+There is always branch for version that is currently up next (for example "v2.1.4" ). When you make a pull request, please let it base on that branch, never on master.
 Thats all.
 
 Every once in a while, all the things in the new version branch will be put to the test and finally become a new release.

NEWS.md

@@ -1,6 +1,14 @@
 ## NEWS 
 
-### 2021-06-03 release of v.2. was completed
+### 2021-06-03 release of v.2.1.3 was completed
+- a negative perma-ban setting means that perma banning is disabled 
+- whitelisted ips will - though they are not really banned - no longer show up in the temp ban list of the console
+- there is now a button that will add all temporary bans to the permanent ban list 
+- will now protect openssh out of the box
+- fixed a potential security issue 
+- tasks that rely on log sources that are not present are now disabled, instead of throwing an error on every iteration (30 secs default)
+
+### 2021-06-03 release of v.2.1.2 was completed
 - a small typo in the license was fixed
 - severity of some messages was adjusted (moved from info to verbose) to keep a cleaner event log
 - it contains minor bugfixes and corrections, but nothing interesting apart from that its signed now.

README.md

@@ -5,7 +5,7 @@ It's basically a fail2ban for windows. Its goals are also mainly what we love ab
 - *no-initial-fucking-around-with-scripts-or-config-files*
 - *install-and-forget*
 
-You can download it [here](https://github.com/devnulli/EvlWatcher/blob/master/Versions/v2/EvlWatcher-v2.1.2-setup.exe) :new: ( v2.1.2 - June 2021 ) :new: .
+You can download it [here](https://github.com/devnulli/EvlWatcher/blob/master/Versions/v2/EvlWatcher-v2.1.3-setup.exe) ( v2.1.3 - September 2021 ) .
 
 ## Also, we love issues!
 

SECURITY.md

@@ -2,10 +2,10 @@
 
 ## Supported Versions
 
-| Version | Supported          |
-| ------- | ------------------ |
-| 2.x     | :white_check_mark: |
-| < 2.x   | :x:                |
+| Version | Supported          
+| ------- | ------------------ 
+| 2.1.3   | :white_check_mark: 
+| < 2.1.3 | :x:                
 
 ## Reporting a Vulnerability
 

Source/EvlWatcher/EvlWatcher.WCF/IEvlWatcherService.cs

@@ -25,6 +25,9 @@ public interface IEvlWatcherService
         void SetPermanentBan(IPAddress address);
         [OperationContract]
         [FaultContract(typeof(ServiceFaultDTO))]
+        void SetPermanentBans(IPAddress[] address);
+        [OperationContract]
+        [FaultContract(typeof(ServiceFaultDTO))]
         void ClearPermanentBan(IPAddress address);
         [OperationContract]
         [FaultContract(typeof(ServiceFaultDTO))]

Source/EvlWatcher/EvlWatcher.WCF/Properties/AssemblyInfo.cs

@@ -32,5 +32,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]
+[assembly: AssemblyVersion("2.1.3.0")]
+[assembly: AssemblyFileVersion("2.1.3.0")]

Source/EvlWatcher/EvlWatcher/EvlWatcher.cs

@@ -44,7 +44,7 @@ public class EvlWatcher : ServiceBase, IEvlWatcherService
         /// <summary>
         /// all loaded tasks
         /// </summary>
-        private static readonly IList<LogTask> _logTasks = new List<LogTask>();
+        private static readonly List<LogTask> _logTasks = new List<LogTask>();
 
         /// <summary>
         /// adds some extra output
@@ -142,7 +142,7 @@ public void SetPermanentBan(IPAddress address)
         {
             EnsureClientPrivileges();
 
-            SetPermanentBanInternal(address);
+            SetPermanentBanInternal(new IPAddress[] { address });
         }
 
         public void ClearPermanentBan(IPAddress address)
@@ -181,6 +181,7 @@ public IPAddress[] GetTemporarilyBannedIPs()
                 List<IPAddress> result = new List<IPAddress>(_lastPolledTempBans);
 
                 result.RemoveAll(p => _serviceconfiguration.BlacklistAddresses.Contains(p));
+                result.RemoveAll(p => IsWhiteListed(p));
 
                 return result.ToArray();
             }
@@ -296,7 +297,6 @@ private void EnsureClientPrivileges()
         /// <summary>
         /// creates generic log tasks from configuration
         /// </summary>
-        /// <param name="d"></param>
         private void InitWorkersFromConfig(IQueryable<IPersistentTaskConfiguration> taskConfigurations)
         {
             lock (_syncObject)
@@ -409,7 +409,7 @@ private void Run()
                         eventTypesToTimeFramedEvents.Clear();
 
                         //first read all relevant events (events that are required by any of the tasks)
-                        foreach (string requiredEventType in requiredEventTypesToLogTasks.Keys)
+                        foreach (string requiredEventType in requiredEventTypesToLogTasks.Keys.ToList())
                         {
                             _logger.Dump($"Scanning {requiredEventType}", SeverityLevel.Debug);
                             eventTypesToNewEvents.Add(requiredEventType, new List<ExtractedEventRecord>());
@@ -462,7 +462,10 @@ private void Run()
                             }
                             catch (EventLogNotFoundException)
                             {
-                                _logger.Dump($"Event Log {requiredEventType} was not found, tasks that require these events will not work", SeverityLevel.Error);
+                                _logger.Dump($"Event Log {requiredEventType} was not found, tasks that require these events will not work and are disabled.", SeverityLevel.Info);
+                                _logTasks.RemoveAll(l => l.EventPath.Contains(requiredEventType));
+                                requiredEventTypesToLogTasks.Remove(requiredEventType);
+
                             }
                         }
 
@@ -507,8 +510,7 @@ private void Run()
                         {
                             if (t is IPBlockingLogTask ipTask)
                             {
-                                foreach (IPAddress perma in ipTask.GetPermaBanVictims())
-                                    SetPermanentBanInternal(perma);
+                                SetPermanentBanInternal(ipTask.GetPermaBanVictims().ToArray());
 
                                 List<IPAddress> blockedIPs = ipTask.GetTempBanVictims();
 
@@ -568,9 +570,10 @@ private void Run()
             }
         }
 
-        private void SetPermanentBanInternal(IPAddress address)
+        private void SetPermanentBanInternal(IPAddress[] addressList)
         {
-            _serviceconfiguration.AddBlackListAddress(address);
+            foreach (IPAddress address in addressList)
+                _serviceconfiguration.AddBlackListAddress(address);
 
             PushBanList();
         }
@@ -624,6 +627,13 @@ public void RemoveTemporaryBan(IPAddress address)
             }
         }
 
+        public void SetPermanentBans(IPAddress[] addressList)
+        {
+            EnsureClientPrivileges();
+
+            SetPermanentBanInternal(addressList);
+        }
+
         #endregion
     }
 }

Source/EvlWatcher/EvlWatcher/NSIS/Signing instructions.pdf

@@ -2,7 +2,7 @@ Name "EvlWatcher"
 
 ; The file to write
 Icon EvlWatcher.ico
-OutFile "EvlWatcher-v2.1.2-setup.exe"
+OutFile "EvlWatcher-v2.1.3-setup.exe"
 
 ; The default installation directory
 InstallDir $PROGRAMFILES\EvlWatcher
@@ -78,7 +78,7 @@ Section "EvlWatcher Service"
   WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\EvlWatcher" "NoRepair" 1
   WriteUninstaller "uninstall.exe"
 
-  nsSCM::Install /NOUNLOAD "EvlWatcher" "EvlWatcher service" 16 2 "$INSTDIR\EvlWatcher.exe" "" "" "" ""
+  nsSCM::Install /NOUNLOAD "EvlWatcher" "EvlWatcher service" 16 2 "$\"$INSTDIR\EvlWatcher.exe$\"" "" "" "" ""
   nsSCM::Start /NOUNLOAD "EvlWatcher"
 
 SectionEnd

Source/EvlWatcher/EvlWatcher/NSIS/make.nsi

@@ -28,5 +28,5 @@
 //      Build Number
 //      Revision
 //
-[assembly: AssemblyVersion("2.1.2.0")]
-[assembly: AssemblyFileVersion("2.1.2.0")]
+[assembly: AssemblyVersion("2.1.3.0")]
+[assembly: AssemblyFileVersion("2.1.3.0")]