mirror of https://github.com/fail2ban/fail2ban
Merge pull request #381 from grooverdan/suhosin
ENH: filter.d/suhosin - anchor regex at startpull/379/merge
commit
500968874e
|
@ -71,6 +71,7 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
|
|||
François Boulogne and Frédéric
|
||||
* filter.d/lighttpd - auth regexs for lighttpd-1.4.31
|
||||
Daniel Black
|
||||
* filter.d/suhosin - regex anchor at start
|
||||
* filter.d/{asterisk,assp,dovecot,proftpd}.conf -- regex hardening
|
||||
and extra failure examples in sample logs
|
||||
* filter.d/apache-auth - added expressions for mod_authz, mod_auth and
|
||||
|
|
|
@ -3,14 +3,26 @@
|
|||
# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
|
||||
#
|
||||
|
||||
[INCLUDES]
|
||||
|
||||
# Read common prefixes. If any customizations available -- read them from
|
||||
# common.local
|
||||
before = common.conf
|
||||
|
||||
|
||||
[Definition]
|
||||
|
||||
_daemon = (?:lighttpd|suhosin)
|
||||
|
||||
# Option: failregex
|
||||
# Notes.: regex to match ALERTS as notified by lighttpd's FastCGI Module
|
||||
# Values: TEXT
|
||||
#
|
||||
# https://github.com/stefanesser/suhosin/blob/1fba865ab73cc98a3109f88d85eb82c1bfc29b37/log.c#L161
|
||||
failregex = ALERT - .* \(attacker '<HOST>', file '.*'(?:, line \d+)?\)$
|
||||
|
||||
_lighttpd_prefix = (?:\(mod_fastcgi\.c\.\d+\) FastCGI-stderr:\s)
|
||||
|
||||
failregex = ^%(__prefix_line)s%(_lighttpd_prefix)s?ALERT - .* \(attacker '<HOST>', file '.*'(?:, line \d+)?\)$
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
|
|
Loading…
Reference in New Issue