github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: regex hardening on assp

pull/255/head
Daniel Black 2013-06-14 08:55:25 +10:00
parent 460e09af66
commit d4940563d3
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -15,6 +15,8 @@ ver. 0.8.11 (2013/XX/XXX) - wanna-be-released
- New Features:
- Enhancements:
Daniel Black
* filter.d/assp -- regex hardening
ver. 0.8.10 (2013/06/12) - wanna-be-secure

6
config/filter.d/assp.conf
View File

@ -20,9 +20,9 @@
# Dec-30-12 04:01:47 [SSL-out] 81.82.232.66 max sender authentication errors (5) exceeded
__assp_actions = (dropping|refusing)
failregex = <HOST> max sender authentication errors \(\d{,3}\) exceeded -- %(__assp_actions)s connection - after reply: \d{3} \d{1}\.\d{1}.\d{1} Error: authentication failed: [a-zA-Z0-9]+;$
<HOST> SSL negotiation with client failed: SSL accept attempt failed with unknown error.*:unknown protocol;$
Blocking <HOST> - too much AUTH errors \(\d{,3}\);$
failregex = ^ \[SSL-out\] <HOST> max sender authentication errors \(\d{,3}\) exceeded -- %(__assp_actions)s connection - after reply: \d{3} \d{1}\.\d{1}.\d{1} Error: authentication failed: \w+;$
^ \[SSL-out\] <HOST> SSL negotiation with client failed: SSL accept attempt failed with unknown error.*:unknown protocol;$
^ Blocking <HOST> - too much AUTH errors \(\d{,3}\);$
# Option: ignoreregex