github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Use anchored failregex for filters to avoid possible DoS -- lighttpd-fastcgi

pull/757/head debian/0.8.6-3wheezy3
Yaroslav Halchenko 2014-06-22 13:03:17 -04:00
parent 5c7fc69f5c
commit cf6b30a668
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
config/filter.d/lighttpd-fastcgi.conf
View File

@ -3,13 +3,24 @@
# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> # Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
# #
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition] [Definition]
# Option: failregex # Option: failregex
# Notes.: regex to match ALERTS as notified by lighttpd's FastCGI Module # Notes.: regex to match ALERTS as notified by lighttpd's FastCGI Module
# Values: TEXT # Values: TEXT
# #
failregex = .*ALERT\ -\ .*attacker\ \'<HOST>\' _daemon = (?:lighttpd|suhosin)
_lighttpd_prefix = (?:\(mod_fastcgi\.c\.\d+\) FastCGI-stderr:\s)
failregex = ^%(__prefix_line)s%(_lighttpd_prefix)s?ALERT - .* \(attacker '<HOST>', file '.*'(?:, line \d+)?\)$
# Option: ignoreregex # Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored. # Notes.: regex to ignore. If this regex matches, the line is ignored.

1
debian/changelog vendored
View File

@ -10,6 +10,7 @@ fail2ban (0.8.6-3wheezy3) wheezy-security; urgency=high
- couriersmtp.conf - anchored on both sides - couriersmtp.conf - anchored on both sides
- exim.conf - front-anchored versions picked up from exim.conf - exim.conf - front-anchored versions picked up from exim.conf
and exim-spam.conf and exim-spam.conf
- lighttpd-fastcgi.conf - front-anchored picked up from suhosin.conf
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 22 Jun 2014 11:56:54 -0400 -- Yaroslav Halchenko <debian@onerussian.com> Sun, 22 Jun 2014 11:56:54 -0400