fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	eb4731d8b1	action.d/*-ipset.conf: workaround sporadic failures by stop if destroying ipset too fast (sleep a bit in error case and repeat); closes gh-3624	2 weeks ago
Sergey G. Brester	363c0d5fd0	nftables.conf: fixed comment (since `7f1b578af4`, gh-488 actioncheck would be never invoked in regular case)	3 months ago
thomas-333	44bd87951e	Update apprise.conf Correct typo. "as" should read "has"	3 months ago
sebres	54c0effceb	filter.d/sshd.conf: amend to #3747/#3812 (new ssh version would log with `_COMM=sshd-session`)	3 months ago
sebres	c769046a1f	Revert "`filterd./sshd.conf`: fixed journalmatch (sshd.service seems to be renamed to ssh.service)" - it'd patched in debian branch. This reverts commit `6fce23e7ba`.	3 months ago
sebres	8e0a2366f0	Fixes unmatched tag (caused unmatched brace); review: combined to single regex, simple case without injection attempts faster, `<HOST>` replaced with `<ADDR>` (faster and fewer vulnerable on complex cases, since doesn't match text as hostname) etc.	3 months ago
Maksim Usmanov \| Maks	35afe20ea0	Roundcube 1.4 change log format From roundcube 1.4 log change format -> `e92d8e31a3/program/lib/Roundcube/rcube_imap.php (L194)`	3 months ago
sebres	d4663e8941	`action.d/firewallcmd-rich-*.conf`: fixed incorrect quoting, disabling port variable expansion by substitution of rich rule; closes gh-3815	4 months ago
sebres	9a558589d7	review (anchoring RE, etc)	4 months ago
Jose	db8c943a7b	Add jail to jail.conf as requested by test-suite 'More filters exists than are referenced in stock jail.conf set(['proxmox'])	4 months ago
Jose	83f2d59eee	match numbers	4 months ago
Jose	07a7da8d8e	Remove greedy catch-all before HOST	4 months ago
Jose	ca45671db2	Add support to Proxmox Web GUI	4 months ago
sebres	93810fff75	consider CONNECT and other rejected commands as a valid `_pref`; closes gh-3800	4 months ago
Sergey G. Brester	50ff131a0f	filter.d/sshd.conf: ungroup (unneeded for _daemon)	5 months ago
Fabian Dellwing	2fed408c05	Adjust sshd filter for OpenSSH 9.8 new daemon name	5 months ago
sebres	59c5e78ce9	`filter.d/apache-overflows.conf` - consider AH10244: invalid URI path; closes gh-3778	5 months ago
sebres	a7f3a04b0e	`filter.d/recidive.conf` - restore possibility to set jail name in the filter, _jailname is positive now (but by default it uses now negative lookahead to exclude recidive jail); closes gh-3769	5 months ago
Sergey G. Brester	6fce23e7ba	`filterd./sshd.conf`: fixed journalmatch (sshd.service seems to be renamed to ssh.service) closes gh-3747	6 months ago
sebres	2533526827	extend ipset actions with new parameter `ipsettype` for the type of set (gh-3760), affected actions: `action.d/firewallcmd-ipset.conf`, `action.d/iptables-ipset.conf`, `action.d/shorewall-ipset-proto6.conf`	6 months ago
sebres	17daf0ec78	`action.d/firewallcmd-ipset.conf`: rename `ipsettype` to `ipsetbackend` (`ipsettype` will be used now to the real set type); amend to #2620	6 months ago
by	21bf636056	Update abuseipdb.conf Corrected link for HP helper (see https://shaunc.com/blog/article/reporting-to-abuseipdb.com-with-fail2ban~kDoa-Hml95wW)	6 months ago
sebres	d0d0728523	cherry-pick from debian: debian default banactions are nftables, systemd backend for sshd closes gh-3292	7 months ago
sebres	2c13cba73d	loosening for denied suffix (would match no matter which reason in parenthesis); add coverage for denied with "(allow-query-cache did not match)"	8 months ago
Rudimar Remontti	fd7657f9a9	Update named-refused.conf	8 months ago
sebres	1ec9237e53	bypass additional pid in prefix (may be logged by syslog-ng, gh-3060); matches protocol error with authentication mechanism not supported	8 months ago
sebres	c80908837f	`filter.d/exim.conf`: - messages are prefiltered by `prefregex` now - filter can bypass additional timestamp that may be logged via systemd-journal (gh-3060)	8 months ago
Vladimir Varlamov	8da0a99cde	pid part may contain full hostname	8 months ago
Vladimir Varlamov	806a27cb4f	final `<HOST>` to `<ADDR>` conversion	8 months ago
sebres	e605415f61	simplify fields-group a bit (everything up to 4 chars long but H), so it'll be faster (no multiple branches) as well as would theoretically accept future enhancements of logged fields.	8 months ago
sebres	c22a83933b	let's use `<ADDR>` instead `<HOST>` - only IPs expected, since host-name bypassed before it (directly after H=)	8 months ago
Vladimir Varlamov	df94ec4c52	filter.d/exim.conf: rewrite host line regex for all varied exim's log_selector states Depending on Exim's log_selector settings, log lines may contain additional information about the connection. And also the line itself with the address of the remote host can vary greatly. But fortunately, all states can be found in the Exim code itself and taken into account. Makes it easier to add new regexps. Closes #3263	8 months ago
Anton Samets	0c125ec9c9	filter.d/postfix.conf: add Sender address rejected: Malformed DNS server reply (#3590 ) * add Sender address rejected: Malformed DNS server reply	8 months ago
Sergey G. Brester	f63868b3e8	filter.d/apache-common.conf: remote besides client, gh-3622	8 months ago
Vincent Laffargue	d260ed31d2	Maintain backward compatibility Postfix SYSTEMD_UNIT	9 months ago
Sergey G. Brester	dd3c78ecab	filter.d/recidive.conf: conditional RE depending on logtype (for file or journal)	9 months ago
Vincent Laffargue	0b63fc312d	Change Regex Recidive and journalmatch For Systemd Match	9 months ago
Vincent Laffargue	93082ead79	Change journalmatch postfix	9 months ago
Sergey G. Brester	45d7f3cb97	no space in any case	9 months ago
László Károlyi	ff701e94c3	Add to postfix syslog daemon format	9 months ago
sebres	4f679a56e0	filter.d/sshd.conf: ddos/aggressive mode extended to match new messages caused by port scanner, wrong payload on ssh port: - message authentication code incorrect [preauth] - connection corrupted [preauth] - timeout before authentication closes gh-3486	9 months ago
Logic-32	b161e55ca7	Adding STARTTLS test with the help of aiosmtp. Make sure SMTP specifies host/port in addition to connect() due to bug with starttls.	11 months ago
Sergey G. Brester	6fb3198a41	attempt to fix action for 2.x self.host cannot be supplied to SMTP because it can contain port (but `connect` takes place few lines below)	11 months ago
Logic-32	6a1da5e164	Removing logging in favor of just throwing. Removing user from message as it doesn't add any value.	11 months ago
Logic-32	419e380870	Add support for TLS SMTP connections.	11 months ago
sebres	3190febb27	IPv6 fix (second IP logged in form for IPv6); pam authentication failure (part of gh-3410)	11 months ago
sebres	093cd763ce	filter.d/postfix.conf: "rejected" extended to match "Access denied" too; closes gh-3474	11 months ago
sebres	ff4a2a12fc	filter.d/postfix.conf: avoid double counting ('lost connection after AUTH' together with message 'disconnect ...'); closes gh-3505	11 months ago
sebres	0abba5dc6e	more filters for nginx error-log supporting journal format now, added generalized include and __prefix_line	12 months ago
sebres	b245225b13	filter.d/nginx-http-auth.conf: added optional prefix to support systemd-journal format and additional timestamp (optionally) in prefix	12 months ago

1 2 3 4 5 ...

1956 Commits (master)