fail2ban

Commit Graph

Author	SHA1	Message	Date
Steven Hiscocks	69a850d226	DOC: Update docstrings for smtp.py action	11 years ago
Steven Hiscocks	6e63f0ea5a	RF: Change Jails and Actions to Mapping types	11 years ago
Daniel Black	d7666c8942	DOC: bit more on how to use freeswitch	11 years ago
Daniel Black	23f0b854da	MRG: merge in freeswitch	11 years ago
Daniel Black	69b3a1cf64	BF: catchin DEBUG messages will result in duplicates	11 years ago
Daniel Black	05b159c74b	Merge pull request #464 from grooverdan/increase-jail-name-length ENH: Actions to have f2b- as prefix instead of fail2ban- as per #462	11 years ago
Daniel Black	3d1a1afca4	MRG: to more recent 0.9	11 years ago
Daniel Black	5fe75436cc	DOC: DEV NOTES before author names	11 years ago
Daniel Black	477f30665a	DOC: ignoreip for internal ips on freeswitch	11 years ago
Daniel Black	36533de6bc	ENH: more filter expressions for freeswitch. Anchored existing one at end too	11 years ago
Daniel Black	d1faae3b3b	BF: port not used in jail definition for freeswitch	11 years ago
Daniel Black	938ef689de	DOC: dev notes on stunnel	11 years ago
Steven Hiscocks	80d6f74ee8	RF: Refactor actions further, include removing server proxy interface This allows direct setting of action properties and calling of methods from the fail2ban-client if so required.	11 years ago
Daniel Black	7c09a61ca5	ENH: add apache-botsearch. Closes gh-544	11 years ago
Daniel Black	b8536490ef	ENH: filter for stunnel from fail2ban wiki	11 years ago
Daniel Black	a0c2de3e4d	DOC: document incompatiblity between APF and iptables-* actions. Closes gh-510	11 years ago
Daniel Black	04d28fd2e1	ENH: add filter freeswitch - as raised on mailing list	11 years ago
Daniel Black	117d3b0466	MRG: horde filter from master	11 years ago
Daniel Black	83f3aeb308	ENH: filter for horde	11 years ago
Steven Hiscocks	98bf511443	BF: Incorrect number of arguments in smtp.py action connect log	11 years ago
Steven Hiscocks	5b2b59d752	ENH: python actions use initOpts as **kwargs Adds an easy way to handle case where mandatory arguments are missed, or not valid arguments are passed	11 years ago
Steven Hiscocks	6ef911185d	ENH: Add matches to smtp.py action	11 years ago
Daniel Black	55688395fb	DOC: doco for exim-spam	11 years ago
Daniel Black	9c7bb3b97e	ENH: exim-spam to take honeypot email address as argument. Closes #541	11 years ago
Daniel Black	391b5fc883	MRG: from master again 2014-01-01	11 years ago
Steven Hiscocks	f37c90cdba	ENH: Python based actions Python actions are imported from action.d config folder, which have .py file extension. This imports and creates an instance of the Action class (Action can be a variable that points to a class of another name). fail2ban.server.action.ActionBase is a base class which can be inherited from or as a minimum has a subclass hook which is used to ensure any imported actions implements the methods required. All calls to the execAction are also wrapped in a try except such that any errors won't cripple the jail. Action is renamed CommandAction, to clearly distinguish it from other actions. Include is an example smtp.py python action for sending emails via smtp. This is work in progress, as looking to add the <matches> and whois elements, and also SSL/TLS support.	11 years ago
Daniel Black	e8710b679d	ENH: stronger regex for failregex	11 years ago
Daniel Black	856407379b	ENH: add filter openwebmail. Closes gh-543.	11 years ago
Daniel Black	ccb64e68b4	DOC: for exim-spam to say how to enable the log lines for the latest regex	11 years ago
Daniel Black	b5f5ddf123	ENH: end anchor for exim-spam	11 years ago
Daniel Black	d727ba639a	ENH: exim-spam to include spamassassin log entry. Closes gh-533	11 years ago
Daniel Black	c074773805	ENH: apache modsecurity from 0.9 branch	11 years ago
Daniel Black	be382dae4d	MRG: ufw changelog conflicts	11 years ago
Daniel Black	1f6ece2a40	Merge pull request #490 from grooverdan/firewallcmd-ipset ENH: add firewallcmd-ipset	11 years ago
Daniel Black	ea2a13946e	TST: more test of filters	11 years ago
Daniel Black	c9cfdca396	ENH: add filter for apache-modsecurity	11 years ago
Daniel Black	ddac79c15c	TST: include blank ignorecommand in jail.conf to indicate default value and to raise test coverage	11 years ago
bes.internal	ebd89ec077	New ignorecommand that is added to the ignoreip list from output of an external program ignorecommand update man and fix protocol help ENH: run ignore command only after internal list has been examined. Change interface on ignorecommand to take IP as environment variable and return true if it is to be banned ENH: ignore IP command to take tagged command DOC: man pages for ingorecommand TST: add test cases for ignorecommand	11 years ago
Daniel Black	382d68f0fe	DOC: perfork model for apache log format	11 years ago
Daniel Black	1b7df1181f	BF: apache-2.4 log format fix. Closes gh-516	11 years ago
Yaroslav Halchenko	7af58b9984	Merge branch 'apache-noscripts' of https://github.com/grooverdan/fail2ban * 'apache-noscripts' of https://github.com/grooverdan/fail2ban: ENH: apache-noscript now matched php-cgi scripts. Closes gh-503 Conflicts: ChangeLog -- two new entries collided, Reformatted the merged one a bit	11 years ago
Daniel Black	a9b7d33c51	ENH: apache-noscript now matched php-cgi scripts. Closes gh-503	11 years ago
Daniel Black	a1a219189f	Merge pull request #493 from grooverdan/xarf-ipmatch ENH: use ipmatches for action xarf-login-attack	11 years ago
Daniel Black	ed2f46759c	MRG: restore accidently deleted pam comment in jail.conf	11 years ago
Daniel Black	44a0981495	MRG: fix recidive filter	11 years ago
Steven Hiscocks	d22716ab63	ENH: Add nsd filter and amend DateEpoch to match date format	11 years ago
Daniel Black	7c0efc8ec8	MRG: merge so far - flushLogs not working yet	11 years ago
Daniel Black	4eedf9d4e1	ENH: use ipmatches for action xarf-login-attack	11 years ago
Daniel Black	a398c51d6c	ENH: simplify actioncheck on firewallcmd-new a little more	11 years ago
Daniel Black	772def1095	Merge pull request #491 from kwirk/ipmatches ENH: Add <ipmatches> and <ipjailmatches> tags + sendmail implementations	11 years ago
Steven Hiscocks	40007abc1d	ENH: Refactor and add database matches and failures for sendmail actions	11 years ago
Steven Hiscocks	2deb76e3f9	Merge pull request #492 from grooverdan/abusix-disclaimer ENH: full abusix disclaimer in action xarf-login-attack	11 years ago
Daniel Black	1c6c011154	EHH missed trailing .	11 years ago
Daniel Black	868a4ea470	ENH: full abusix disclaimer in action xarf-login-attack	11 years ago
Daniel Black	9fe0a69852	ENH: add firewallcmd-ipset	11 years ago
Daniel Black	4ffc57e14f	ENH: simplify firewallcmd-new actioncheck and provide output samples	11 years ago
Daniel Black	ed816afbcd	ENH: add badips action	11 years ago
Daniel Black	1ff52dfe4d	DOC: document ufw a bit more. Change insertpos default to 1 to allow it to work if the user run ufw enable	11 years ago
Daniel Black	f35345ecaa	ENH: add ufw action based off Guilhem Lettron's work in lp-#701522. Closes gh-455	11 years ago
Daniel Black	13ccebe78f	BF: fix actioncheck in firewallcmd	11 years ago
Steven Hiscocks	0bcff771b8	ENH: Add <ipmatches> and <ipjailmatches> tags Example use filter also added for sendmail-whois with ipmatches rather than grepped lines	11 years ago
Steven Hiscocks	2c3dbc8046	BF: In 0.9 recidive bans come from fail2ban.server.actions Also changed journalmatch to limit to WARNING priority to avoid the recidive + DEBUG combo issue	11 years ago
Steven Hiscocks	b7d1579c9d	MRG: branch 'kwirk/database' into 0.9 - gh-480 Conflicts: fail2ban/tests/utils.py - Another test suite added in separate commit `e09b700`	11 years ago
Steven Hiscocks	e18af48e34	ENH: Database now optional, by setting dbfile to "None"	11 years ago
Daniel Black	9d532828fc	BF: multiple _ separated values according to http://wiki.squid-cache.org/SquidFaq/SquidLogs#Squid_result_codes . Thanks Steven	11 years ago
Daniel Black	66374913ec	ENH: add squid filter	11 years ago
Daniel Black	db4c21acde	BF/DOC: fix filename in documentation for filter.d/proftpd	11 years ago
Daniel Black	e8eab11615	DOC: proftp - turn off ReverseDNS	11 years ago
Daniel Black	f385439a41	MRG: ChangeLog merge	11 years ago
Daniel Black	36917d7517	BF: action.d/complain - match IP at beginning and end of lines	11 years ago
Steven Hiscocks	d8c7bca9b0	BF: Fix dbpurgeage default value, and change default dbfile extension	11 years ago
Steven Hiscocks	bbadef847b	ENH: Add fail2ban persistent data storage	11 years ago
Daniel Black	135c759dbb	Merge pull request #477 from kwirk/blocklist.de ENH: Added blocklist.de reporting API action	11 years ago
Steven Hiscocks	630dd91dcd	BF: Add [Init] section to blocklist.de action	11 years ago
Steven Hiscocks	b3c173795e	ENH: blocklist.de action error on HTTP response code 4xx	11 years ago
Daniel Black	51f2619878	Merge pull request #473 from grooverdan/whois-missing ENH: Whois missing in actions? Include output to say so	11 years ago
Daniel Black	e07ba41870	Merge pull request #463 from grooverdan/firewall-cmd-direct-new-length-too-long BF: firewall-cmd-direct-new was too long. Thanks Joel.	11 years ago
Steven Hiscocks	a19b33cc72	ENH: blocklist.de action added fail2ban version as user agent	11 years ago
Steven Hiscocks	f742ed0e4b	DOC: when to use blocklist.de reporting Taken from commit `1846056606`	11 years ago
Steven Hiscocks	e810ec009d	ENH: Added blocklist.de reporting API action	11 years ago
Daniel Black	4dc51e5def	BF: put notice in email if whois program could not provide more information. Closes gh-471	11 years ago
Daniel Black	97d7f46bb7	DOC: correct grammar - s/Here are more information/Here is more information/	11 years ago
Daniel Black	8aead9ab79	BF: escape quotes when splitting addresses for xarf	11 years ago
Daniel Black	1846056606	DOC: when to use xarf messages to network owner	11 years ago
Daniel Black	8c37d2e4de	ENH: remove dependency on querycontacts	11 years ago
Daniel Black	bfd435091d	ENH: jail examples for xarf-login-attack	11 years ago
Daniel Black	dd356c3cef	BF: fixed for sendmail and tested the MTA aspects of this action	11 years ago
Daniel Black	9df5f4eec8	BF: remove debugging tee command on xarf-login-attack	11 years ago
Daniel Black	d015f7f4fc	BF/ENH: fixed so xarf-login-attack works	11 years ago
Daniel Black	0495aa098e	BF: grep matches on <ip> shouldn't include other IPs	11 years ago
Daniel Black	95845b7b65	BF: complain action could match too many IP addresses	11 years ago
Daniel Black	5cc7173fd4	ENH: add xarf email sender for login-attack type	11 years ago
Yaroslav Halchenko	3a5983ab0b	Merge branch 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban * 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban: Changelog entries for the last changes ENH: added optional [PID] matching in recidive.conf ENH: reintroducing levelnameinto syslog msgs, time stamp and indentation in non-syslog msgs BF/ENH: include [PID] into logging msgs, remove indentation from syslog messages Conflicts: ChangeLog	11 years ago
Daniel Black	f7504d5b64	MRG: conflict in THANKS	11 years ago
Daniel Black	56b6bf7d25	ENH: reduce firewalld-cmd-new -> firewallcmd-new	11 years ago
Daniel Black	04438cd1a1	BF/ENH: mysql jail - rename to mysql-syslog to be consistent with 0.8.13. Add port to syslog defination. Document mysql configuration required for mysql jails	11 years ago
Daniel Black	3f4d179612	BF: smtps not an IANA port - from #447	11 years ago
Daniel Black	fe9e077acf	BF: correct spelling of port for solid-pop3 jail in jail.conf	11 years ago
Daniel Black	86a0a5962a	BF: revert to fail2ban- prefix as f2b- was intended for 0.9	11 years ago
Yaroslav Halchenko	25e967f23b	Merge branch 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban * 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban: BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447) Conflicts: ChangeLog	11 years ago
Daniel Black	b9b2ddf996	BF: smtps not IANA standard. Closes #447	11 years ago
Daniel Black	cade746307	BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447 )	11 years ago
Daniel Black	9e53892708	BF: did remove instead of move	11 years ago
Daniel Black	af4feb0c92	Actions to have f2b- as prefix instead of fail2ban- as per #462	11 years ago
Daniel Black	fb666b69ff	BF: firewall-cmd-direct-new was too long. Thanks Joel.	11 years ago
Daniel Black	227f27ce6b	ENH: added multiline filter for sshd filter	11 years ago
Daniel Black	f80fa7d7a0	Merge pull request #456 from grooverdan/apffix BF: add init section with name for action.d/apf. Closes #398	11 years ago
Daniel Black	13223c33f5	MRG: recidive-protocol-all	11 years ago
Daniel Black	dc154c792e	BF: add init section with name for action.d/apf. Closes #398	11 years ago
Yaroslav Halchenko	a26d4f42b7	ENH: added optional [PID] matching in recidive.conf	11 years ago
Daniel Black	9a82bc3c61	BF: kernel messages can have space. Thanks ag4ve(shawn). Closes #448	11 years ago
Daniel Black	98eacdf333	MRG/BF: merge from master. Fix bugs in iso8601	11 years ago
Yaroslav Halchenko	629e9ae445	Merge pull request #443 from grooverdan/apache-authfix BF: apache filters using error log weren't matched when referer existed ...	11 years ago
Daniel Black	284f811c91	BF: apache filters using error log weren't matched when referer existed in HTTP header	11 years ago
Daniel Black	1ea68b2d0c	DOC: filter.d/solid-pop3d - document lack of PAM support. Thanks to Jacques for the log messages	11 years ago
Daniel Black	0eea0a35db	ENH: filter.d/solid-pop3d - added log messages and regexes	11 years ago
Daniel Black	dab2ddb9da	ENH: recidive jail to block all protocols. Closes #440	11 years ago
Daniel Black	b3b9ea4559	ENH: jail for solid-pop3d	11 years ago
Daniel Black	88eff70774	ENH: filter.d/solid-pop3d added	11 years ago
Daniel Black	1ac7b53cad	MRG: merge from master	11 years ago
Daniel Black	286d78e13c	Merge pull request #430 from grooverdan/apache-overflows ENH: Apache overflows - httpd-2.4 message IDs + samples	11 years ago
Daniel Black	50ca16e50e	Merge pull request #431 from grooverdan/apache-noscript ENH: apache-2.4 message IDs for filter apache-noscript	11 years ago
Daniel Black	947c6ff9cc	Merge pull request #433 from grooverdan/asterisk BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from " regex thanks to Jonathan Lanning	11 years ago
Daniel Black	38503a5848	Merge pull request #434 from grooverdan/dos-resistant-dropbear ENH: DoS resistant dropbear filter	11 years ago
Daniel Black	62b1f98dff	Merge pull request #435 from grooverdan/dos-resistant-exim BF: exim filter to be DoS resistant	11 years ago
Daniel Black	be60518218	BF/ENH: DoS resistant roundcube-auth with test cases and more variation in IMAP error given	11 years ago
Daniel Black	52972164a2	BF: exim filter to be DoS resistant	11 years ago
Daniel Black	c272573fe3	ENH: DoS resistant dropbear filter	11 years ago
Daniel Black	eb9663eb4f	BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning	11 years ago
Daniel Black	648d48c355	ENH: apache-2.4 message IDs for filter apache-noscript	11 years ago
Daniel Black	a4718eb644	ENH: apache-overflow filter to have HTTP-2.4 message IDs and test samples	11 years ago
Daniel Black	87516eb92b	ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case	11 years ago
Daniel Black	c5021b55f6	Merge pull request #427 from yarikoptic/bf/nginx-regex-injection BF: anchor introduced nginx-http-auth at the end	11 years ago
Yaroslav Halchenko	ccd26578ec	Merge pull request #425 from grooverdan/asterisk-simplify ENH: condense asterisk regexs for speed	11 years ago
Yaroslav Halchenko	ac061155f0	BF: anchor introduced nginx-http-auth at the end needed since request probably could be not a correct HTTP statement but continue with all those to match till the end and then injected ", client: VICTIM, server..." thus allowing injection. We better anchor at the end then	11 years ago
Yaroslav Halchenko	ea8fce6308	Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection openssh 6.3 regex injection vectors: inject into ruser and/or exploiting pre-specified limits set for user provided data	11 years ago
Yaroslav Halchenko	bf245f9640	DOC: adding DEV Notes for for non-greedy matchin within sshd.conf	11 years ago
Daniel Black	d6bbe03861	Merge pull request #424 from grooverdan/nginx-auth ENH: add filter.d/nginx-http-auth. Partially forfils #405	11 years ago
Yaroslav Halchenko	750e0c1e3d	BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input since daemon might eventually change reported length and we would need to adjust anyways. So limiting in length does not provide additional security but allows for a possible injection vector	11 years ago
Yaroslav Halchenko	abb012ae5c	BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy	11 years ago
Daniel Black	a8a1310098	ENH: sendmail-spam - loose regex on email and domain bits so more likely to match. Added dev notes and author attribution/blame	11 years ago
Daniel Black	d7560d4041	ENH: condense asterisk regexs for speed	11 years ago
Daniel Black	ab9d921162	BF: missed action in nginx-http-auth	11 years ago
Daniel Black	a148d35d70	ENH: add filter.d/nginx-http-auth. Partially forfills #405	11 years ago
Yaroslav Halchenko	4522308354	ENH: regenerated config/filter.d/apache-badbots.conf	11 years ago
Daniel Black	cb982ef921	ENH: multiline filter for sendmail-spam. Closes gh-418	11 years ago
Daniel Black	0730db9b2b	Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam BF: wuftpd pam filter fix (Debian bug 665925)	11 years ago
Daniel Black	e55b24c533	BF: fix dovecot filter for newer failure message. Closes Debian bug #709324	11 years ago
Daniel Black	8b54523316	BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925	11 years ago
Daniel Black	ac1f45d18c	Merge pull request #412 from grooverdan/firewalld ENH: enhance firewall-cmd to use firewall-0.8.3's --remove-rules	11 years ago
Daniel Black	87f68d7564	firewalld-0.3.8 release that support --remove-rules out so documenting this.	11 years ago
Daniel Black	ee1edfbf0c	BF: remove duplication definition secion in webmin-auth	11 years ago
Daniel Black	60006bd70f	BF: remove duplication definition secion in webmin-auth	11 years ago
Daniel Black	47d35c9d80	MRG: 0.8.11 to 0.9 Epnoc of selinux is now true UTC Merge multiline support and date detection in filter	11 years ago
Daniel Black	b5c10488c1	Merge pull request #409 from grooverdan/filter-doco DOC: in filters, put user relevant doc at top, and developer info at bot...	11 years ago
Daniel Black	5eddd5d12d	DOC: document required firewalld version as > 0.3.7.1	11 years ago
Daniel Black	27d257d5a6	Merge pull request #408 from grooverdan/dropbear BF: filter.d/dropbear	11 years ago
Daniel Black	8ac6081555	ENH: fix to use upstream --remove-rules https://fedorahosted.org/firewalld/ticket/10	11 years ago
Daniel Black	93de46ac72	BF: maxretry=5 for ssh as per DEVELOP. align = in jail.conf	11 years ago
Daniel Black	c3f9c9aa60	BF: filter.d/dropbear Add PAM failures which is in dropbear-2013.60 in srv-authpam.c Patch http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch obviously has exit with lower case e so adjust regex for both. svr-authpasswd.c in 2013.60 (at bottom) for second regex ends after the IP so the regex was altered. .\s can be compressed to .*	11 years ago
Daniel Black	89fd792dfb	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	11 years ago
Daniel Black	de9977441a	DOC: move named and mysql instructions into the filters from jail.conf	11 years ago
Daniel Black	7ab909d056	DOC: space out jail.conf consistantly	11 years ago
Daniel Black	95f3f38682	MRG: merge ChangeLog and jail.conf	11 years ago
Daniel Black	e3150044fd	BF: fix selinux TST: ignore *common.conf files in test cases as these are included BF: Remove USER_LOGIN from selinux-ssh as its a duplicate message ENH: add sample jail.conf	11 years ago
Daniel Black	0f85aef609	Merge pull request #407 from grooverdan/dovecot-jail ENH: Dovecot jail	11 years ago
Daniel Black	a991adb83f	ENH: add submission, smtps and sieve to blocked ports since this also typically rely on dovecot auth	11 years ago
Daniel Black	8412303131	ENH: dovecot jail examples	11 years ago
Daniel Black	cde389cadc	ENH: additional tweek to dovecot regex based on http://chrisgilligan.com/portfolio/fail2ban-regex/	11 years ago
Daniel Black	0c14707201	ENH: add dovecot jail	11 years ago
Daniel Black	d451c2a231	FIX: vsftp improvements from Rich Mellor on mailing list	11 years ago
Daniel Black	b61fe0f12d	Merge pull request #378 from grooverdan/sasl ENH: filter.d/postfix-sasl - anchor regex at start and rename from filter.d/sasl	11 years ago
Daniel Black	4ecc063bd0	ENH: rename filter.d/sasl -> filter.d/postfix-sasl	11 years ago
Daniel Black	c2b76d1fd0	Merge pull request #397 from yarikoptic/_enh/unify_default_strings DOC: enh/unify "Default:" strings	11 years ago
Daniel Black	b4cbf82912	DOC: remove Default: on action firewall-cmd-direct-new	11 years ago
Yaroslav Halchenko	4149c7495d	Options in actions to be specified in jails have no "Default"s besides those specified in the files -- thus removing from comments	11 years ago
Yaroslav Halchenko	d12eb2526a	Fixing up default values in fail2ban.conf + unifying formatting	11 years ago
Daniel Black	f1bb08aa6a	ENH: base blocktype off iptables-blocktype.conf for firewall-cmd-direct-new.conf like other iptables based actions	11 years ago
Daniel Black	12f7ea7ec4	DOC: remove excessive comments from firewall-cmd-direct-new	11 years ago
Daniel Black	0d8d1ae26c	ENH: new action.d/firewall-cmd-direct-new.conf from Redhat Bugzilla #979622	11 years ago
Daniel Black	123ad1cc9c	MRG: Merge branch 'asterisk-common-jail'	11 years ago
Daniel Black	8421007f32	MRG: merge man/jail.conf.5 entries	11 years ago
Daniel Black	ef62d0d4c1	Merge pull request #391 from grooverdan/jail-mysql-doc ENH: mysql syslog jail.conf base	11 years ago
Daniel Black	e417a2112c	Merge pull request #386 from grooverdan/qmail ENH: filter.d/qmail - anchor at start. Add another regex	11 years ago
Daniel Black	e227568c3b	Merge pull request #384 from grooverdan/dovecot-325 ENH: added to dovecot filter. closes gh-325	11 years ago
Daniel Black	0022cca786	Merge pull request #385 from grooverdan/ipset ENH/BF: Ipset - add iptables-ipset-proto6-allports / use blocktype on iptables-ipset-proto6*	11 years ago
Daniel Black	8fe542ca9f	DOC: reintroduce comment on comments	11 years ago
Daniel Black	6b6169178f	ENH: mysql syslog jail.conf base	11 years ago
Daniel Black	ee58696531	DOC: try to encourage jail.local jail.d/*.local a lot more	11 years ago
Daniel Black	6ef33981e3	ENH: new asterisk jail to replace asterisk-(tcp\|udp) (now that gh-37 is fixed)	11 years ago
Daniel Black	6b519d54db	ENH: filter.d/recidive - replace ignore regex with a negative lookahead assertion	11 years ago
Daniel Black	351eb5ec8f	ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd	11 years ago
Daniel Black	eb59a57b7f	ENH: tighten pam_unix expression for dovecot	11 years ago
Daniel Black	864d2f41b9	ENH: auth-worker as per of _daemon definition for dovecot	11 years ago
Daniel Black	2d1bd54439	Merge pull request #379 from grooverdan/webmin ENH: filter.d/webmin anchor at start and use syslog	11 years ago
Yaroslav Halchenko	500968874e	Merge pull request #381 from grooverdan/suhosin ENH: filter.d/suhosin - anchor regex at start	11 years ago
Yaroslav Halchenko	a7b1b802e0	Merge pull request #382 from grooverdan/vsftpd Vsftpd	11 years ago
Yaroslav Halchenko	f0b91fcede	Merge pull request #380 from grooverdan/sogo ENH: filter.d/sogo-auth - anchor regex at start	11 years ago
Daniel Black	df313649a4	ENH: escape . in recidive filter	11 years ago
Daniel Black	1a5e17f2a3	BF: use blocktype for iptables-ipset-proto6*	11 years ago
Daniel Black	dcb845f17c	ENH: add iptables-ipset-proto6-allports for blocking all ports	11 years ago
Daniel Black	2a1d629d88	BF: webmin -> webmin-auth	11 years ago
Daniel Black	ab457acc4d	BF: fix name in action for uwimap-auth	11 years ago
Daniel Black	0beea03914	ENH: jail.conf example for webmin	11 years ago
Daniel Black	d60f470096	ENH: added to dovecot filter. closes gh-325	11 years ago
Daniel Black	5a2623f0df	ENH: reorder osx-ipfw jail defination to near the other ssh examples	11 years ago
Daniel Black	359210f224	ENH: filter.d/squirrelmail added	11 years ago
Daniel Black	46386412a4	ENH: filter.d/vsftpd - pam regex as syslog and anchored at start	11 years ago
Daniel Black	1519712972	ENH: filter.d/vsftpd anchor internal regex at start	11 years ago
Daniel Black	9637c27873	ENH: filter.d/suhosin - anchor regex at start	11 years ago
Daniel Black	13bcc9aa84	ENH: filter.d/sogo-auth - anchor regex at start	11 years ago
Daniel Black	b64bf3fa7b	ENH: filter.d/webmin anchor at start and use syslog	11 years ago
Daniel Black	f4c7c8f4b3	ENH: sasl - anchor regex at start	11 years ago
Daniel Black	23dd734aa9	Merge pull request #366 from grooverdan/dovecot ENH: dovecot regex to match failure reported by Bob Cohen on mailing lis...	11 years ago
Daniel Black	f998e01590	Merge pull request #359 from grooverdan/pureftpd ENH: Pureftpd syslog prefixing and filter achoring	11 years ago
Daniel Black	ba8183b116	Merge pull request #372 from grooverdan/uw-imap ENH: filter.d/uwimap-auth added. Closes #18	11 years ago
Daniel Black	262616f7a7	ENH: filter.d/uwimap-auth - failure of an admin override to regex	11 years ago
Daniel Black	9211179d30	ENH: filter.d/uwimap-auth - add "disabled" to regex	11 years ago
Daniel Black	4649cf9608	ENH: separate selinux and selinux-ssh	11 years ago
Daniel Black	791183b639	ENH: filter.d/uwimap-auth - add SYSTEM BREAK-IN ATTEMPT	11 years ago
Daniel Black	a1eaa5f755	ENH: filter.d/selinxu added. Closes #296	11 years ago
Daniel Black	778f09debe	DOC/ENH: __md5hex regex defination to common.conf. Document debian bug #	11 years ago
Daniel Black	b3b62d65bf	ENH: filter.d/uwimap-auth added. Closes #18	11 years ago
Daniel Black	f2ae20a3b8	BF: filter.d/sshd group on md5hex and () for serial needed to be escaped	11 years ago
Daniel Black	1eeb6e94bd	BF: fix regex for openssh-6.3	11 years ago
Daniel Black	e12d389c65	MRG/DOC: jail.conf resolution, ChangeLog fixes	11 years ago
Daniel Black	74434694dc	BF: more duplicate jail.conf entries - 3proxy exim{,-spam}, perdition	11 years ago
Daniel Black	5cf25a63df	BF: remove duplicate ssh-pf in jail.conf	11 years ago
Mark McKinstry	b6bf26c9f2	dont' need to set a default name	11 years ago
Mark McKinstry	4187e87b69	don't enabel ssh-apf jail by default	11 years ago
Mark McKinstry	f9f4d2728f	add an example jail for apf action and ssh filter	11 years ago
Mark McKinstry	2668adc896	Merge branch 'master' of github.com:fail2ban/fail2ban	11 years ago
Mark McKinstry	1af4543aca	ability to name the jail that banned the IP with apf	11 years ago
Mark McKinstry	dd9ee4c39a	quotes around the comment put in apf's deny_hosts.rules file	11 years ago
Mark McKinstry	e64493c328	use human readable/longer options when banning and un-banning IPs with apf	11 years ago
Mark McKinstry	c692912a82	don't hardcode absolute path for apf firewall	11 years ago
Mark McKinstry	66aff43d68	remove un-needed '$' line	11 years ago
Daniel Black	9805d39b60	MRG: merge date changes to support timezones	11 years ago
Daniel Black	8c2a5612ed	DOC: resolve ChangeLog conflicts	11 years ago
Daniel Black	2a805452c6	DOC: resolve ChangeLog conflicts	11 years ago
Daniel Black	8e9fab9b3c	Merge branch 'master' of https://github.com/fail2ban/fail2ban	11 years ago
Daniel Black	3be7dcd701	DOC: resolve ChangeLog conflicts	11 years ago
Daniel Black	89e0520675	ENH: dovecot regex to match failure reported by Bob Cohen on mailing list	11 years ago
Daniel Black	c3ee03b9ba	BF: fix daemon name typo for filter proftpd	11 years ago
Daniel Black	39ca8837eb	TST: pureftpd - syslog therefore use syslog prefixes in filter	11 years ago
Daniel Black	30bb1a77a3	ENH: added syslog prefix to pam-generic filter. Disable regex match for pre 2006 (< 0.99.2.0) versions on linux-pam	11 years ago
Daniel Black	ee497ff1cb	ENH: filter mysqld-auth can be a is a syslog based service so anchor it using syslog prefix	11 years ago
Daniel Black	13ec9d58c0	ENH: filter gssftpd is a syslog based service so anchor it using syslog prefix	11 years ago
Daniel Black	673cc4d77f	ENH: anchor at end of recidive filter	11 years ago
Daniel Black	504111b0b1	ENH: filter.d/recidive - anchor regex at start and support f2b SYSLOG target	11 years ago
Beau Raines	060bd45295	ENH - Added server name to subject line in email notifications This is useful when fail2ban is running on multiple servers and keeping the notifictions separate and knowing which machine is "under attack".	11 years ago
Daniel Black	8c1b828423	BF: capture of microseconds no longer needed. Closes gh-341	11 years ago
Daniel Black	d0098b0213	ENH: add timezone offest and subsecond support to Datedetector	11 years ago
Daniel Black	1f1a56174f	MRG: merge from master	11 years ago
Daniel Black	ad291d7e38	Merge pull request #346 from grooverdan/bsd-ipfw-default-unreach-port BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp ...	11 years ago
Daniel Black	e5f1a7f050	Merge pull request #344 from grooverdan/osx ENH: OSX ipfw based on Andy Fragen's work	11 years ago
Daniel Black	4face1f3e7	MRG: resolve conficts in action.d/osx-ipfw design	11 years ago
Andy Fragen	d258a51a23	after some research it looks like setting to unreachable better than deny	11 years ago
Andy Fragen	fe557e5900	more specific actionunban	11 years ago
Andy Fragen	a4884f82cd	add mods from grooverdan and fix actionunban actionunban still not working in grooverdan's mod. I made this one grep both <ip> and <port>. It should be more specific if the same <ip> is banned on multiple ports.	11 years ago
Daniel Black	6b0e2289d4	Merge pull request #335 from grooverdan/gh-333-bind ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333	11 years ago
Daniel Black	f2bcf84893	BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp rejecting blocked packets	11 years ago
Daniel Black	749f215089	ENH: port optional	11 years ago
Daniel Black	8b22fa15b5	BF: reverted to simplier random rulenum. If your machine is handling 1000s of block the addition complexity isnt what you want	11 years ago
Daniel Black	b31799a322	ENH: add action.d/osx-afctl anonymously contributed on f2b wiki	11 years ago
Daniel Black	808aa1a792	ENH: added jail.conf example. closes gh-340	11 years ago
Daniel Black	5741348f45	ENH: more options and ruggedness to prevent unintensional consequences	11 years ago
Daniel Black	52bd0f86a8	Merge branch 'osx-ipfw' of https://github.com/afragen/fail2ban into osx	11 years ago
Daniel Black	7cc3e8a8c0	BF: Invert expression on actionstop in bsd-ipfw.conf to ensure exit status 0 on success. Closes gh-343	11 years ago
Daniel Black	15f2f38972	ENH: anchor regex at start	11 years ago
Daniel Black	d5684a0834	BF: filter.d/routecube-auth - time offset can be positive or negative	11 years ago
Daniel Black	a401d11644	ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied	11 years ago
Andy Fragen	ef504c869f	added osx specific ipfw action with random rulenum	11 years ago
Yaroslav Halchenko	265a85ec1f	RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis	11 years ago
Daniel Black	b8e7d0b867	ENH: further tighten lighttpd basic auth regex	11 years ago
Daniel Black	a7ebb84a7d	ENH: tighted up lighttpd regex	11 years ago
François Boulogne	e133b9f1d1	MAINT: add support for lightty1.4.31	11 years ago
Daniel Black	ca4729e943	ENH: filter.d/exim.conf - add authentication failures for "plain" authentication	11 years ago
Daniel Black	ef903db3c9	ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333	11 years ago
Daniel Black	cfb7dba268	DOC: merge ChangeLog	11 years ago
Daniel Black	b589533d69	Merge branch 'master' into kwirk-merge Conflicts: ChangeLog testcases/files/logs/dropbear	11 years ago
Daniel Black	fd7cc5bda7	BF: duplicate regex match fixed	11 years ago
Daniel Black	6a56727669	BF: apache-common regex - datetime could be entirely consumed	11 years ago
Daniel Black	a9eb8a76c6	merge of change log and apache-auth differences	11 years ago
Steven Hiscocks	4e5feed7fc	Merge pull request #8 from grooverdan/gh-303-merge-2 training space on wuftp	11 years ago
Daniel Black	aad7d08451	BF: disable filter expressions without tests	11 years ago
Yaroslav Halchenko	42f3aa9f62	Merge pull request #329 from grooverdan/bind-unauth-zonetransfer Bind unauth zonetransfer. Closes #323	11 years ago
Daniel Black	6a36ff1a4a	BF: order mailx arguments with dest email address last - redhat bugzilla 998020. Closes gh-328	11 years ago
Daniel Black	c44328b1a3	ENH: new "realm mismatch" message from https://issues.apache.org/bugzilla/show_bug.cgi?id=55284#c8	11 years ago
Daniel Black	ea7cba4205	ENH: trailing space as per discussion on gh-303	11 years ago
Daniel Black	61d43608ae	ENH: filter.d/postfix - add filter for VRFY. Closes gh-322	11 years ago
Daniel Black	5d451bc4d6	ENH: add refused zone tranfer to named-refused filter. closes #323	11 years ago
Steven Hiscocks	53e16e07ad	ENH: Minor tweak on previous commit proftpd regex changes	11 years ago
Steven Hiscocks	9002de069e	ENH: Improve proftpd regex. Taken from @yarikoptic comment: https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500	11 years ago
Orion Poplawski	31a78b2711	Use /var/run/fail2ban in config/action.d/dummy.conf	11 years ago
Yaroslav Halchenko	e7d5e466b9	Merge branch 'enh/asterisk_and_dropbear_filters' * enh/asterisk_and_dropbear_filters: ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in '' minor: consistent indentation in dropbear.conf https://github.com/fail2ban/fail2ban/issues/306 fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11	11 years ago
Yaroslav Halchenko	4e0ddc5f67	ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''	11 years ago
Yaroslav Halchenko	9487ee5562	minor: consistent indentation in dropbear.conf	11 years ago
Daniel Black	d8883f4346	DOC: Notes about 401 responses and how apache logs this	12 years ago
Daniel Black	7b2773889d	TST: apache-auth filter - nonce timetravel tests + other expression fixes	12 years ago
Daniel Black	0fb04cb2f0	ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4)	12 years ago
Daniel Black	d5291517a7	MISC: merge from master	12 years ago
Daniel Black	56faf7f5ad	DOC: fix ChangeLog merge	12 years ago
Jamyn Shanley	a355fab91b	https://github.com/fail2ban/fail2ban/issues/306 Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles. Signed-off-by: Jamyn Shanley <jshanley@gmail.com>	12 years ago
Jamyn Shanley	8936f2cd02	fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11	12 years ago
Steven Hiscocks	2f4aaa9fb9	ENH: Simplify sieve filter failregex	12 years ago
Steven Hiscocks	b5639a8672	ENH: Simplify cyrus-imap filter fail regex	12 years ago
Steven Hiscocks	27feb57e80	Merge pull request #299 from kwirk/datepatterns-dateregex Custom date templates and date detector changes	12 years ago
Daniel Black	8f532f9148	NIT: space remove	12 years ago
Daniel Black	7d7ef08145	ENH: authentication_id can be an imap4 quoted string, whatever that is, so using .+ as its id	12 years ago
Daniel Black	abc4146079	ENH: perdition proxies other types hence daemon can include (perdidtion.(imap\|pop)s?\|managesieve). Also support local authentication resulting in the log message: local authentication failure	12 years ago
Steven Hiscocks	cf1e5bdbc2	ENH: Tweak proftpd regex and add sample logs Needed to add optional ":" post __pid_re, and for consistency, decided to make use of __prefix_line instead which includes this.	12 years ago
Steven Hiscocks	8b9bafda79	ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples suhosin is hardened php implmentation, which will log the alerts (as seen in samples) to stderr, which is picked up by fastcgi webserver (e.g. lighttpd, apache, nginx)	12 years ago
Steven Hiscocks	4033857f63	ENH: Improve xinetd-fail regex and add sample logs	12 years ago
Steven Hiscocks	a11f91b835	ENH: Improve cyrus-imap regex and add extra sample line	12 years ago
Steven Hiscocks	534be189dc	ENH: Improve sieve regex and add sample line	12 years ago
Steven Hiscocks	ab671b0b1a	ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample For wu-ftpd configured to use pam, the pam filter used be used, as regex is more robust.	12 years ago
Steven Hiscocks	57a6c11260	ENH: Improve courierlogin regex and add sample logs	12 years ago
Steven Hiscocks	bd175f0267	ENH: Improve cyrus-imap regex and add sample log file	12 years ago
Steven Hiscocks	83a80a29ea	ENH: Improve couriersmtp and add sample logs	12 years ago
Steven Hiscocks	eb2f0c9272	ENH: Improve postfix regex and add more samples	12 years ago
Daniel Black	5cfe108186	ENH: filter enhancements (with test cases) for apache-auth (httpd-2.4.4)	12 years ago
Daniel Black	6fdfd8d356	BF: fix port	12 years ago
Daniel Black	eea5b071e6	ENH: jail for perdition	12 years ago
Daniel Black	fcf79b475f	ENH: new filter perdition.conf	12 years ago
Steven Hiscocks	26b472f70f	ENH: Add ejabberd-auth filter and sample log lines	12 years ago
Steven Hiscocks	d661b8c046	BF: Apache regex and sample fail data update due to date pattern changes	12 years ago
Daniel Black	03ec7c211b	ENH: could not find a way to trigger filter ^%(_apache_error_client)s authorization failure $no authenticated user$: \S\s$	12 years ago
Daniel Black	8ce9c78474	TST: apache-auth digest logs	12 years ago
Daniel Black	f8b5b3a1ef	ENH: apache-auth - quite a lot of authorization failure messages depending on module. Make a wildcard	12 years ago
Daniel Black	4eca2c0bd5	TST: apache-auth client denied by server configuration	12 years ago
Daniel Black	e0292913eb	ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner	12 years ago
Steven Hiscocks	1eea0dcec8	Merge branch 'master' into 0.9 Conflicts: ChangeLog bin/fail2ban-regex bin/fail2ban-testcases config/jail.conf fail2ban/server/failregex.py fail2ban/server/filter.py fail2ban/tests/files/logs/lighttpd fail2ban/tests/files/logs/mysqld.log fail2ban/tests/files/logs/wu-ftpd fail2ban/tests/filtertestcase.py fail2ban/tests/utils.py testcases/files/logs/lighttpd testcases/files/logs/lighttpd-auth testcases/files/logs/mysqld-auth testcases/files/logs/mysqld.log testcases/files/logs/wu-ftpd testcases/files/logs/wuftpd	12 years ago
Yaroslav Halchenko	f6a8a04cf3	ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback I also used non-greedy .? for the login portion since not sure if space could be there and trying to minimize possibility of reacting on injected "from <HOST>" somewhere within the trailing .	12 years ago
Yaroslav Halchenko	8add63c733	ENH: anchor roundcube-auth at the beginning as well	12 years ago
Steven Hiscocks	728399c39e	Merge pull request #281 from kwirk/dovecot-filter ENH: dovecot filter additions for session, time value and blank user	12 years ago
Daniel Black	ab10664b57	ENH: action.d/hostsdeny to take daemon_list arguement as suggested in README.Solaris	12 years ago
Steven Hiscocks	606e97683b	BF: jail.conf multiport actions previously using single port iptables	12 years ago
Daniel Black	975999591f	ENH/DOC: more realm mismatch errors. Documented filter design criteria	12 years ago
Daniel Black	10e3be857a	ENH: apache-auth filter added mod_auth_digest message	12 years ago
Daniel Black	384b72a535	ENH: apache-auth filter - client wrong auth	12 years ago
Daniel Black	fce431add8	ENH: add mod_authz_core failures to apache-auth	12 years ago
Daniel Black	6ce41a611d	BF: fix filter on apache-auth. Closes #286	12 years ago
Daniel Black	1d6d5a7aae	DOC: ChangeLog merge confict	12 years ago
Daniel Black	5412d7336f	DOC: ChangeLog confict	12 years ago
Daniel Black	619603fe05	BF: match asterisk InvalidPassword correctly	12 years ago
Steven Hiscocks	bfa2b9dec3	ENH: dovecot filter additions for session, time value and blank user	12 years ago
Yaroslav Halchenko	04b8069cee	ENH: adjust sendmail-whois 'active' example to have also sendername in it	12 years ago
Alexander Dietrich	2155f6bfa5	Update ChangeLog and jail.conf example	12 years ago
Daniel Black	d6dece4900	ENH: Split log and provide jail examples	12 years ago

... 5 6 7 8 9 ...

981 Commits (052418a1102c29162f77d747236e541401b11a6a)