From 351abeb4ff77dfca4049e7401553900b46e8db40 Mon Sep 17 00:00:00 2001 From: sebres Date: Thu, 12 Oct 2017 13:25:14 +0200 Subject: [PATCH 01/11] prepare release: bump version, update ChangeLog, man's and MANIFEST etc. --- ChangeLog | 2 +- MANIFEST | 6 +++++- README.md | 6 +++--- fail2ban/version.py | 2 +- man/fail2ban-client.1 | 7 +++++-- man/fail2ban-regex.1 | 2 +- man/fail2ban-server.1 | 10 +++++----- man/fail2ban-testcases.1 | 2 +- 8 files changed, 22 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index df0f96be..80e31e14 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,7 +31,7 @@ Incompatibility list (compared to v.0.9): IPv6-capable now. -ver. 0.10.1-dev-1 (2016/??/??) - development edition +ver. 0.10.1 (2017/10/12) - succeeded-before-friday-the-13th ----------- ### Fixes diff --git a/MANIFEST b/MANIFEST index a6fdae5a..d69ca029 100644 --- a/MANIFEST +++ b/MANIFEST @@ -120,6 +120,7 @@ config/filter.d/openwebmail.conf config/filter.d/oracleims.conf config/filter.d/pam-generic.conf config/filter.d/perdition.conf +config/filter.d/phpmyadmin-syslog.conf config/filter.d/php-url-fopen.conf config/filter.d/portsentry.conf config/filter.d/postfix.conf @@ -148,6 +149,7 @@ config/filter.d/vsftpd.conf config/filter.d/webmin-auth.conf config/filter.d/wuftpd.conf config/filter.d/xinetd-fail.conf +config/filter.d/zoneminder.conf config/jail.conf config/paths-arch.conf config/paths-common.conf @@ -309,6 +311,7 @@ fail2ban/tests/files/logs/openwebmail fail2ban/tests/files/logs/oracleims fail2ban/tests/files/logs/pam-generic fail2ban/tests/files/logs/perdition +fail2ban/tests/files/logs/phpmyadmin-syslog fail2ban/tests/files/logs/php-url-fopen fail2ban/tests/files/logs/portsentry fail2ban/tests/files/logs/postfix @@ -336,6 +339,7 @@ fail2ban/tests/files/logs/vsftpd fail2ban/tests/files/logs/webmin-auth fail2ban/tests/files/logs/wuftpd fail2ban/tests/files/logs/xinetd-fail +fail2ban/tests/files/logs/zoneminder fail2ban/tests/files/logs/zzz-generic-example fail2ban/tests/files/logs/zzz-sshd-obsolete-multiline fail2ban/tests/files/testcase01a.log @@ -363,7 +367,7 @@ files/cacti/fail2ban_stats.sh files/cacti/README files/debian-initd files/fail2ban-logrotate -files/fail2ban.service +files/fail2ban.service.in files/fail2ban-tmpfiles.conf files/fail2ban.upstart files/gen_badbots diff --git a/README.md b/README.md index bb87b935..f082f808 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ / _|__ _(_) |_ ) |__ __ _ _ _ | _/ _` | | |/ /| '_ \/ _` | ' \ |_| \__,_|_|_/___|_.__/\__,_|_||_| - v0.10.1 2016/??/?? + v0.10.1 2017/10/12 ## Fail2Ban: ban hosts that cause multiple authentication errors @@ -43,8 +43,8 @@ Optional: To install, just do: - tar xvfj fail2ban-0.10.0.tar.bz2 - cd fail2ban-0.10.0 + tar xvfj fail2ban-0.10.1.tar.bz2 + cd fail2ban-0.10.1 python setup.py install This will install Fail2Ban into the python library directory. The executable diff --git a/fail2ban/version.py b/fail2ban/version.py index f9638bab..bcf9e9b3 100644 --- a/fail2ban/version.py +++ b/fail2ban/version.py @@ -24,4 +24,4 @@ __author__ = "Cyril Jaquier, Yaroslav Halchenko, Steven Hiscocks, Daniel Black" __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2005-2016 Yaroslav Halchenko, 2013-2014 Steven Hiscocks, Daniel Black" __license__ = "GPL-v2+" -version = "0.10.1.dev1" +version = "0.10.1" diff --git a/man/fail2ban-client.1 b/man/fail2ban-client.1 index 2215d70e..a10fc3e0 100644 --- a/man/fail2ban-client.1 +++ b/man/fail2ban-client.1 @@ -1,12 +1,12 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. -.TH FAIL2BAN-CLIENT "1" "August 2017" "fail2ban-client v0.10.0" "User Commands" +.TH FAIL2BAN-CLIENT "1" "October 2017" "fail2ban-client v0.10.1" "User Commands" .SH NAME fail2ban-client \- configure and control the server .SH SYNOPSIS .B fail2ban-client [\fI\,OPTIONS\/\fR] \fI\,\/\fR .SH DESCRIPTION -Fail2Ban v0.10.0 reads log file that contains password failure report +Fail2Ban v0.10.1 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. .SH OPTIONS .TP @@ -29,6 +29,9 @@ logging level \fB\-d\fR dump configuration. For debugging .TP +\fB\-\-dp\fR, \fB\-\-dump\-pretty\fR +dump the configuration using more human readable representation +.TP \fB\-t\fR, \fB\-\-test\fR test configuration (can be also specified with start parameters) .TP diff --git a/man/fail2ban-regex.1 b/man/fail2ban-regex.1 index c414bec3..19f42c76 100644 --- a/man/fail2ban-regex.1 +++ b/man/fail2ban-regex.1 @@ -1,5 +1,5 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. -.TH FAIL2BAN-REGEX "1" "August 2017" "fail2ban-regex 0.10.0" "User Commands" +.TH FAIL2BAN-REGEX "1" "October 2017" "fail2ban-regex 0.10.1" "User Commands" .SH NAME fail2ban-regex \- test Fail2ban "failregex" option .SH SYNOPSIS diff --git a/man/fail2ban-server.1 b/man/fail2ban-server.1 index 5151821e..0201c4d9 100644 --- a/man/fail2ban-server.1 +++ b/man/fail2ban-server.1 @@ -1,12 +1,12 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. -.TH FAIL2BAN-SERVER "1" "August 2017" "fail2ban-server v0.10.0" "User Commands" +.TH FAIL2BAN-SERVER "1" "October 2017" "fail2ban-server v0.10.1" "User Commands" .SH NAME fail2ban-server \- start the server .SH SYNOPSIS .B fail2ban-server [\fI\,OPTIONS\/\fR] .SH DESCRIPTION -Fail2Ban v0.10.0 reads log file that contains password failure report +Fail2Ban v0.10.1 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. .SH OPTIONS .TP @@ -23,15 +23,15 @@ pidfile path logging level .HP \fB\-\-logtarget\fR |STDOUT|STDERR|SYSLOG -logging target -.br -Note. If fail2ban running as systemd-service, for logging to the systemd-journal, the logtarget could be set to STDOUT .HP \fB\-\-syslogsocket\fR auto| .TP \fB\-d\fR dump configuration. For debugging .TP +\fB\-\-dp\fR, \fB\-\-dump\-pretty\fR +dump the configuration using more human readable representation +.TP \fB\-t\fR, \fB\-\-test\fR test configuration (can be also specified with start parameters) .TP diff --git a/man/fail2ban-testcases.1 b/man/fail2ban-testcases.1 index e4566005..e1fb7bbb 100644 --- a/man/fail2ban-testcases.1 +++ b/man/fail2ban-testcases.1 @@ -1,5 +1,5 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. -.TH FAIL2BAN-TESTCASES "1" "August 2017" "fail2ban-testcases 0.10.0" "User Commands" +.TH FAIL2BAN-TESTCASES "1" "October 2017" "fail2ban-testcases 0.10.1" "User Commands" .SH NAME fail2ban-testcases \- run Fail2Ban unit-tests .SH SYNOPSIS From 028f32b74b50ae163cbfb1d228d9a8c09ed51ed8 Mon Sep 17 00:00:00 2001 From: sebres Date: Thu, 12 Oct 2017 14:00:41 +0200 Subject: [PATCH 02/11] bump version (0.10.1 -> 0.10.2.dev1) --- ChangeLog | 10 ++++++++++ README.md | 2 +- fail2ban/version.py | 2 +- man/fail2ban-client.1 | 4 ++-- man/fail2ban-regex.1 | 2 +- man/fail2ban-server.1 | 4 ++-- man/fail2ban-testcases.1 | 2 +- 7 files changed, 18 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 80e31e14..7c9319a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,16 @@ Incompatibility list (compared to v.0.9): IPv6-capable now. +ver. 0.10.2-dev-1 (2017/??/??) - development edition +----------- + +### Fixes + +### New Features + +### Enhancements + + ver. 0.10.1 (2017/10/12) - succeeded-before-friday-the-13th ----------- diff --git a/README.md b/README.md index f082f808..0821e691 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ / _|__ _(_) |_ ) |__ __ _ _ _ | _/ _` | | |/ /| '_ \/ _` | ' \ |_| \__,_|_|_/___|_.__/\__,_|_||_| - v0.10.1 2017/10/12 + v0.10.2 2017/??/?? ## Fail2Ban: ban hosts that cause multiple authentication errors diff --git a/fail2ban/version.py b/fail2ban/version.py index bcf9e9b3..2fa9b6a5 100644 --- a/fail2ban/version.py +++ b/fail2ban/version.py @@ -24,4 +24,4 @@ __author__ = "Cyril Jaquier, Yaroslav Halchenko, Steven Hiscocks, Daniel Black" __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2005-2016 Yaroslav Halchenko, 2013-2014 Steven Hiscocks, Daniel Black" __license__ = "GPL-v2+" -version = "0.10.1" +version = "0.10.2.dev1" diff --git a/man/fail2ban-client.1 b/man/fail2ban-client.1 index a10fc3e0..26e5ee59 100644 --- a/man/fail2ban-client.1 +++ b/man/fail2ban-client.1 @@ -1,12 +1,12 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. -.TH FAIL2BAN-CLIENT "1" "October 2017" "fail2ban-client v0.10.1" "User Commands" +.TH FAIL2BAN-CLIENT "1" "October 2017" "fail2ban-client v0.10.2.dev1" "User Commands" .SH NAME fail2ban-client \- configure and control the server .SH SYNOPSIS .B fail2ban-client [\fI\,OPTIONS\/\fR] \fI\,\/\fR .SH DESCRIPTION -Fail2Ban v0.10.1 reads log file that contains password failure report +Fail2Ban v0.10.2.dev1 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. .SH OPTIONS .TP diff --git a/man/fail2ban-regex.1 b/man/fail2ban-regex.1 index 19f42c76..a2347b1f 100644 --- a/man/fail2ban-regex.1 +++ b/man/fail2ban-regex.1 @@ -1,5 +1,5 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. -.TH FAIL2BAN-REGEX "1" "October 2017" "fail2ban-regex 0.10.1" "User Commands" +.TH FAIL2BAN-REGEX "1" "October 2017" "fail2ban-regex 0.10.2.dev1" "User Commands" .SH NAME fail2ban-regex \- test Fail2ban "failregex" option .SH SYNOPSIS diff --git a/man/fail2ban-server.1 b/man/fail2ban-server.1 index 0201c4d9..cb71e288 100644 --- a/man/fail2ban-server.1 +++ b/man/fail2ban-server.1 @@ -1,12 +1,12 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. -.TH FAIL2BAN-SERVER "1" "October 2017" "fail2ban-server v0.10.1" "User Commands" +.TH FAIL2BAN-SERVER "1" "October 2017" "fail2ban-server v0.10.2.dev1" "User Commands" .SH NAME fail2ban-server \- start the server .SH SYNOPSIS .B fail2ban-server [\fI\,OPTIONS\/\fR] .SH DESCRIPTION -Fail2Ban v0.10.1 reads log file that contains password failure report +Fail2Ban v0.10.2.dev1 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. .SH OPTIONS .TP diff --git a/man/fail2ban-testcases.1 b/man/fail2ban-testcases.1 index e1fb7bbb..6feb0162 100644 --- a/man/fail2ban-testcases.1 +++ b/man/fail2ban-testcases.1 @@ -1,5 +1,5 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. -.TH FAIL2BAN-TESTCASES "1" "October 2017" "fail2ban-testcases 0.10.1" "User Commands" +.TH FAIL2BAN-TESTCASES "1" "October 2017" "fail2ban-testcases 0.10.2.dev1" "User Commands" .SH NAME fail2ban-testcases \- run Fail2Ban unit-tests .SH SYNOPSIS From ea1b663f859242b6647ef877ff63dc2579307531 Mon Sep 17 00:00:00 2001 From: Harry Wood Date: Mon, 16 Oct 2017 01:15:58 +0100 Subject: [PATCH 03/11] typo spell "positive" (...but also somebody should finish this sentence) --- config/filter.d/apache-botsearch.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/filter.d/apache-botsearch.conf b/config/filter.d/apache-botsearch.conf index 5687d405..5e1ee5fa 100644 --- a/config/filter.d/apache-botsearch.conf +++ b/config/filter.d/apache-botsearch.conf @@ -3,7 +3,7 @@ # This filter is aimed at blocking specific URLs that don't exist. This # could be a set of URLs places in a Disallow: directive in robots.txt or # just some web services that don't exist caused bots are searching for -# exploitable content. This filter is designed to have a low false postitive +# exploitable content. This filter is designed to have a low false positive # rate due. # # An alternative to this is the apache-noscript filter which blocks all @@ -37,4 +37,4 @@ webroot = /var/www/ # DEV Notes: # -# Author: Daniel Black \ No newline at end of file +# Author: Daniel Black From a4f94d2619ebab97b2834f38c7594b44ea509f98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20W=C4=85sikowski?= Date: Sun, 15 Oct 2017 11:10:16 +0200 Subject: [PATCH 04/11] Update pf.conf Fix comment, because current one won't work: cat /etc/pf.conf anchor f2b { sshd } # service pf reload Reloading pf rules. /etc/pf.conf:2: syntax error New version: cat /etc/pf.conf anchor f2b { anchor sshd } # service pf reload Reloading pf rules. --- config/action.d/pf.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/action.d/pf.conf b/config/action.d/pf.conf index c70c8e43..a4bd83e0 100644 --- a/config/action.d/pf.conf +++ b/config/action.d/pf.conf @@ -18,8 +18,8 @@ # also, these rulesets are loaded into (nested) anchors # to enable them, add # anchor f2b { -# name1 -# name2 +# anchor name1 +# anchor name2 # ... # } # to your main pf ruleset, where "namei" are the names of the jails From 8726c9fb0ab3cfd2289718d2092d2c5da81ac726 Mon Sep 17 00:00:00 2001 From: sebres Date: Tue, 17 Oct 2017 13:46:29 +0200 Subject: [PATCH 05/11] pf.conf: enclose ports in braces, multiple ports expecting this syntax `... any port {http, https}`. Note this would be backwards-incompatible change (for the people already enclosing multiports in braces in jail.local). closes gh-1915 --- config/action.d/pf.conf | 2 +- fail2ban/tests/servertestcase.py | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/action.d/pf.conf b/config/action.d/pf.conf index a4bd83e0..ea3b9995 100644 --- a/config/action.d/pf.conf +++ b/config/action.d/pf.conf @@ -110,5 +110,5 @@ allports = any # Option: multiport # Notes.: addition to block access only to specific ports # Usage.: use in jail config: "banaction = pf[actiontype=]" -multiport = any port +multiport = any port {} diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py index 1d963d0c..270501e3 100644 --- a/fail2ban/tests/servertestcase.py +++ b/fail2ban/tests/servertestcase.py @@ -1503,7 +1503,7 @@ class ServerConfigReaderTests(LogCaptureTestCase): 'ip4': (), 'ip6': (), 'start': ( '`echo "table persist counters" | pfctl -a f2b/j-w-pf -f-`', - '`echo "block quick proto tcp from to any port " | pfctl -a f2b/j-w-pf -f-`', + '`echo "block quick proto tcp from to any port {}" | pfctl -a f2b/j-w-pf -f-`', ), 'stop': ( '`pfctl -a f2b/j-w-pf -sr 2>/dev/null | grep -v f2b-j-w-pf | pfctl -a f2b/j-w-pf -f-`', @@ -1517,12 +1517,12 @@ class ServerConfigReaderTests(LogCaptureTestCase): 'ip6-ban': ("`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T add 2001:db8::`",), 'ip6-unban': ("`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T delete 2001:db8::`",), }), - # pf multiport with custom port -- - ('j-w-pf-mp', 'pf[actiontype=][name=%(__name__)s, port=http]', { + # pf multiport with custom ports -- + ('j-w-pf-mp', 'pf[actiontype=][name=%(__name__)s, port="http,https"]', { 'ip4': (), 'ip6': (), 'start': ( '`echo "table persist counters" | pfctl -a f2b/j-w-pf-mp -f-`', - '`echo "block quick proto tcp from to any port http" | pfctl -a f2b/j-w-pf-mp -f-`', + '`echo "block quick proto tcp from to any port {http,https}" | pfctl -a f2b/j-w-pf-mp -f-`', ), 'stop': ( '`pfctl -a f2b/j-w-pf-mp -sr 2>/dev/null | grep -v f2b-j-w-pf-mp | pfctl -a f2b/j-w-pf-mp -f-`', From 3c4910a3e219a7d77d8bb99b1987bc78e12898e3 Mon Sep 17 00:00:00 2001 From: sebres Date: Tue, 17 Oct 2017 16:06:39 +0200 Subject: [PATCH 06/11] ChangeLog entry + note for possible incompatibility. --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 7c9319a0..4e3560b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,7 +34,14 @@ Incompatibility list (compared to v.0.9): ver. 0.10.2-dev-1 (2017/??/??) - development edition ----------- +### Incompatibility list: +* The configuration for multiport jails using banaction `pf` can be incompatible after upgrade, if + ports are enclosed in curly braces `{ }` in the `jail.local` etc. This may cause a double-brackets now. + ### Fixes +* action.d/pf.conf: + - fixed syntax error in achnor definition (documentation, see gh-1919); + - enclose ports in braces for multiport jails (see gh-1925); ### New Features From d5d1fe679faee95005a649eadd895b683a622b7b Mon Sep 17 00:00:00 2001 From: Michael Newton Date: Tue, 17 Oct 2017 14:44:23 -0700 Subject: [PATCH 07/11] Remove invalid regex Resolves #1927 --- config/filter.d/asterisk.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/config/filter.d/asterisk.conf b/config/filter.d/asterisk.conf index cd3ea150..e94754c0 100644 --- a/config/filter.d/asterisk.conf +++ b/config/filter.d/asterisk.conf @@ -22,7 +22,6 @@ failregex = ^%(__prefix_line)s%(log_prefix)s Registration from '[^']*' failed fo ^%(__prefix_line)s%(log_prefix)s Call from '[^']*' \(:\d+\) to extension '[^']*' rejected because extension not found in context ^%(__prefix_line)s%(log_prefix)s (?:Host )? (?:failed (?:to authenticate\b|MD5 authentication\b)|tried to authenticate with nonexistent user\b) ^%(__prefix_line)s%(log_prefix)s No registration for peer '[^']*' \(from \)$ - ^%(__prefix_line)s%(log_prefix)s Failed to authenticate (?:user|device) [^@]+@\S*$ ^%(__prefix_line)s%(log_prefix)s hacking attempt detected ''$ ^%(__prefix_line)s%(log_prefix)s SecurityEvent="(?:FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)"(?:(?:,(?!RemoteAddress=)\w+="[^"]*")*|.*?),RemoteAddress="IPV[46]/(UDP|TCP|WS)//\d+"(?:,(?!RemoteAddress=)\w+="[^"]*")*$ ^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP connection from "$ From 3f715e8577000d3cb98998ce9d774083a8647ffa Mon Sep 17 00:00:00 2001 From: Michael Newton Date: Tue, 17 Oct 2017 14:46:11 -0700 Subject: [PATCH 08/11] Remove tests --- fail2ban/tests/files/logs/asterisk | 4 ---- 1 file changed, 4 deletions(-) diff --git a/fail2ban/tests/files/logs/asterisk b/fail2ban/tests/files/logs/asterisk index 5e846111..837011e0 100644 --- a/fail2ban/tests/files/logs/asterisk +++ b/fail2ban/tests/files/logs/asterisk @@ -1,6 +1,4 @@ # Sample log files for asterisk -# failJSON: { "time": "2013-07-25T07:26:43", "match": true , "host": "1.2.3.4" } -[2013-07-25 07:26:43] NOTICE[26015][C-000006b2] chan_sip.c: Failed to authenticate device 101;tag=deadbeef # failJSON: { "time": "2012-02-13T17:21:54", "match": true , "host": "1.2.3.4" } [2012-02-13 17:21:54] NOTICE[1638] chan_sip.c: Registration from '' failed for '1.2.3.4' - Wrong password # failJSON: { "time": "2012-02-13T17:18:22", "match": true , "host": "1.2.3.4" } @@ -19,8 +17,6 @@ [2012-02-13 17:39:20] NOTICE[1638] chan_iax2.c: No registration for peer 'Fail2ban' (from 1.2.3.4) # failJSON: { "time": "2012-02-13T17:44:26", "match": true , "host": "1.2.3.4" } [2012-02-13 17:44:26] NOTICE[1638] chan_iax2.c: Host 1.2.3.4 failed MD5 authentication for 'Fail2ban' (e7df7cd2ca07f4f1ab415d457a6e1c13 != 53ac4bc41ee4ec77888ed4aa50677247) -# failJSON: { "time": "2012-02-13T17:37:07", "match": true , "host": "1.2.3.4" } -[2012-02-13 17:37:07] NOTICE[1638] chan_sip.c: Failed to authenticate user "Fail2ban" ;tag=1r698745234 # failJSON: { "time": "2013-02-05T23:44:42", "match": true , "host": "1.2.3.4" } [2013-02-05 23:44:42] NOTICE[436][C-00000fa9] chan_sip.c: Call from '' (1.2.3.4:10836) to extension '0972598285108' rejected because extension not found in context 'default'. # failJSON: { "time": "2013-03-26T15:47:54", "match": true , "host": "1.2.3.4" } From 894a05b84307704052e79ac142c5f642f76f1302 Mon Sep 17 00:00:00 2001 From: Michael Newton Date: Wed, 18 Oct 2017 09:26:51 -0700 Subject: [PATCH 09/11] Update ChangeLog --- ChangeLog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index fce432ed..bc4656b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,7 +26,9 @@ releases. - Fixes resources greedy expression (see gh-1790); - Rewritten without end-anchor ($), because of potential vulnerability on very long URLs. * filter.d/apache-badbots.conf - extended to recognize Jorgee Vulnerability Scanner (gh-1882) -* filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302) +* filter.d/asterisk.conf + - fixed failregex AMI Asterisk authentification failed (see gh-1302) + - fixed invalid regex blocking localhost (see gh-1927) * filter.d/dovecot.conf: - fixed failregex, see gh-1879 (partially cherry-picked from gh-1880) - extended to match pam_authenticate failures with "Permission denied" (gh-1897) From b6ab0aa83fbfe344ec9cb87806d39d76b6a7a907 Mon Sep 17 00:00:00 2001 From: "Serg G. Brester" Date: Wed, 18 Oct 2017 18:52:12 +0200 Subject: [PATCH 10/11] Update ChangeLog more detailed entry --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index bc4656b4..70f3d61e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,7 +28,8 @@ releases. * filter.d/apache-badbots.conf - extended to recognize Jorgee Vulnerability Scanner (gh-1882) * filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302) - - fixed invalid regex blocking localhost (see gh-1927) + - removed invalid (vulnerable) regex blocking IPs using forign data (aus header "from") + thus not the IP-address that really originates the request (see gh-1927) * filter.d/dovecot.conf: - fixed failregex, see gh-1879 (partially cherry-picked from gh-1880) - extended to match pam_authenticate failures with "Permission denied" (gh-1897) From d81405adbc93a6c6e0dc645814aa83d279855571 Mon Sep 17 00:00:00 2001 From: "Serg G. Brester" Date: Wed, 18 Oct 2017 18:52:55 +0200 Subject: [PATCH 11/11] Update ChangeLog typo --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 70f3d61e..f3868e4b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,7 +28,7 @@ releases. * filter.d/apache-badbots.conf - extended to recognize Jorgee Vulnerability Scanner (gh-1882) * filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302) - - removed invalid (vulnerable) regex blocking IPs using forign data (aus header "from") + - removed invalid (vulnerable) regex blocking IPs using forign data (from header "from") thus not the IP-address that really originates the request (see gh-1927) * filter.d/dovecot.conf: - fixed failregex, see gh-1879 (partially cherry-picked from gh-1880)