05ec675305
`filter.d/sshd.conf`: `extra` or `aggressive` modes consider `Received disconnect ... 11: Bye Bye` with `[preauth]` as a failure and without `[preauth]` it'd be still used as nofail-helper e. g. to obtain IP by multi-line processing;
...
closes gh-2115
2024-12-29 20:34:26 +01:00
9dde3d019e
typo, shall be negative lookbehind ignoring escaped open parenthesis, like `\(?iu)`
2024-12-29 20:27:03 +01:00
a796cc9b91
`filter.d/dropbear.conf`: failregex extended to match different format of "Exit before auth" message;
...
closes gh-3791
2024-12-27 16:43:33 +01:00
4b6f69a14a
Merge pull request #3597 from MichaIng/patch-1
...
Fix Dropbear filter when logging to STDOUT
2024-12-27 16:16:34 +01:00
eb8b44370a
Make Dropbear regex more compatible and simpler
...
Dropbear uses `strftime` `"%b %d %H:%M:%S` to print its timestamps, hence we know the day and time format, but the month could be localized. We hence allow any 3 word characters for it, and additionally simplify the day and time pattern into a single group.
Signed-off-by: MichaIng <micha@dietpi.com>
2024-12-27 14:00:36 +07:00
b7b1fff53c
Update ChangeLog
2024-12-27 14:00:35 +07:00
62aeb55b63
dropbear test: added description
2024-12-27 13:59:36 +07:00
dd9f359f5c
Fix Dropbear filter when logging to STDOUT
...
Since Debian Bookworm, the distribution ships Dropbear with a native systemd service instead of the default upstream init.d service, and accordingly uses the `-F` and `-E` flags, to run it in foreground and have it logging to STDOUT instead of syslog.
As usual, timestamps and also the PID are now included by the log message emitted by Dropbear, in addition to the systemd journal log prefix.
The Dropbear filter hence does not match anymore. This commit adds the PID and timestamp as optional pattern between prefix and fail log text, to support Dropbear on Debian Bookworm and newer (and likely new versions of other distros) without breaking the old pattern when running Dropbear without `-E` flag.
Additionally, for performance reasons, this commit adds a `journalmatch` entry, matching Debian's and Fedora's `dropbear.service` with `dropbear` executable/identifier, the most likely match for a Dropbear systemd service.
Signed-off-by: MichaIng <micha@dietpi.com>
2024-12-27 13:59:35 +07:00
89b5f3bb1e
`filter.d/sshd.conf`: `ddos` and `aggressive` modes, regex extended for timeout before authentication (optional connection from part);
...
closes gh-3907
2024-12-26 14:24:15 +01:00
51358e1587
Merge pull request #3636 from szepeviktor/typos
...
Fix more typos
2024-12-21 19:31:54 +01:00
d89ded39b0
Trivial typo in "jail.conf.5"
2024-12-21 19:28:55 +01:00
b6aebc333c
Merge pull request #3903 from pano9000/docs_status-flavor
...
docs: explicitly list supported status flavors
2024-12-21 18:43:32 +01:00
d38f233e91
docs: explicitly list status flavors
2024-12-20 08:42:19 +01:00
a6ca6e2a26
Merge pull request #3897 from pano9000/master
...
docs: Remove outdated link to sourcecodebrowser
2024-12-16 13:09:23 +01:00
a57a768cb8
docs: Remove outdated link to sourcecodebrowser
2024-12-14 02:04:15 +01:00
4151eeccfe
fixes mistaken usage of ignoreregex from filter, if ignoreregex is supplied with command line;
...
also avoid after-effect with "IndexError: list index out of range" from onIgnoreRegex (the lists of REs are different in filter and fail2banregex);
closes gh-3895
2024-12-11 21:55:20 +01:00
91c27d0600
`filter.d/freeswitch.conf`: bypass some new info in prefix before [WARNING] (changed default `_pref_line`);
...
closes gh-3143
2024-12-04 16:56:23 +01:00
12ff98027f
GHA main.yml: update python versions ('3.13.0', '3.14.0-alpha.1')
2024-11-07 19:32:31 +01:00
eb4731d8b1
action.d/*-ipset.conf: workaround sporadic failures by stop if destroying ipset too fast (sleep a bit in error case and repeat);
...
closes gh-3624
2024-11-07 19:28:53 +01:00
0bf1106d72
manually added attempts inform the observer module (take the known ban-count of bad IPs into account);
...
closes gh-3845
2024-10-08 13:34:19 +02:00
89970d2e3e
Merge pull request #1351 from AntagonistHQ/csf
...
add support for the CSF firewall
2024-09-29 10:01:58 +02:00
363c0d5fd0
nftables.conf: fixed comment (since 7f1b578af4, gh-488 actioncheck would be never invoked in regular case)
2024-09-07 13:15:45 +02:00
1ea8a6de58
Merge pull request #3826 from thomas-333/patch-1
...
Update apprise.conf: typo
2024-09-02 11:32:05 +02:00
44bd87951e
Update apprise.conf
...
Correct typo. "as" should read "has"
2024-09-02 10:17:10 +01:00
3361fb0805
Merge pull request #3823 from orlitzky/after-nftables
...
files/fail2ban-openrc.init.in: start after nftables
2024-08-25 00:28:25 +02:00
9e31cfc1f1
files/fail2ban-openrc.init.in: start after nftables
...
The "after iptables" clause in the OpenRC service script's depend()
function causes fail2ban to start after iptables, if iptables is
scheduled to start. Here we add "after nftables" as well: nftables is
the successor to iptables, and fail2ban supports it out-of-the-box.
If nftables is scheduled to start, we want to wait until it's done
before starting fail2ban.
2024-08-24 11:59:59 -04:00
be734991eb
main.yml: update python versions ('3.13.0-rc.1', '3.14.0-alpha.0')
2024-08-23 20:20:55 +02:00
fda37fac81
main.yml: update actions/setup-python to v5
2024-08-23 20:15:55 +02:00
47e995cb57
Merge branch 'gh-2756': new jail option `skip_if_nologs` to ignore jail if no `logpath` matches found, fail2ban continue to start with warnings/errors, thus other jails become running
2024-08-23 20:05:46 +02:00
2950e41186
man/jail.conf.5: docu for skip_if_nologs
2024-08-23 15:22:00 +02:00
78af48862f
new jail option `skip_if_nologs` to ignore jail if no `logpath` matches found, fail2ban continue to start with warnings/errors, thus other jails become running;
...
closes gh-2756
2024-08-23 12:16:08 +02:00
54c0effceb
filter.d/sshd.conf: amend to #3747/#3812 (new ssh version would log with `_COMM=sshd-session`)
2024-08-11 12:10:12 +02:00
c769046a1f
Revert "`filterd./sshd.conf`: fixed journalmatch (sshd.service seems to be renamed to ssh.service)" - it'd patched in debian branch.
...
This reverts commit 6fce23e7ba
2024-08-11 11:55:39 +02:00
a43f7ad63f
Merge pull request #3816 from Skamasle/patch-1
...
Fix roundcube login failregex for roundcube 1.4+
2024-08-10 13:26:54 +02:00
2749109f10
ChangeLog
2024-08-10 13:23:28 +02:00
8e0a2366f0
Fixes unmatched tag (caused unmatched brace); review: combined to single regex, simple case without injection attempts faster, `<HOST>` replaced with `<ADDR>` (faster and fewer vulnerable on complex cases, since doesn't match text as hostname) etc.
2024-08-10 13:20:18 +02:00
af119e0ae1
roundcube 1.4+ logs
2024-08-09 23:22:43 +02:00
35afe20ea0
Roundcube 1.4 change log format
...
From roundcube 1.4 log change format -> e92d8e31a3/program/lib/Roundcube/rcube_imap.php (L194)
2024-08-09 22:53:45 +02:00
d4663e8941
`action.d/firewallcmd-rich-*.conf`: fixed incorrect quoting, disabling port variable expansion by substitution of rich rule; closes gh-3815
2024-08-07 22:43:42 +02:00
216f0abb5e
Merge pull request #2966 from Derecho-com/master
...
Add support to Proxmox Web GUI
2024-07-30 19:25:33 +02:00
4a87802c59
ChangeLog
2024-07-30 19:19:24 +02:00
9a558589d7
review (anchoring RE, etc)
2024-07-30 19:16:40 +02:00
db8c943a7b
Add jail to jail.conf as requested by test-suite 'More filters exists than are referenced in stock jail.conf set(['proxmox'])
2024-07-30 19:11:02 +02:00
83f2d59eee
match numbers
2024-07-30 19:05:56 +02:00
07a7da8d8e
Remove greedy catch-all before HOST
2024-07-30 19:05:55 +02:00
4fb04842a2
add log file for tests
2024-07-30 19:05:54 +02:00
ca45671db2
Add support to Proxmox Web GUI
2024-07-30 19:04:00 +02:00
7fd097d73f
Merge pull request #3805 from nabbi/postfix-3.9
...
tests for Postfix 3.9 SASL reason unavailable
2024-07-28 20:39:29 +02:00
93810fff75
consider CONNECT and other rejected commands as a valid `_pref`;
...
closes gh-3800
2024-07-26 19:25:36 +02:00
a4f1b0ce9f
tests for Postfix 3.9 SASL reason unavailable
...
SASL auth failure message changed with Postfix 3.9
Include addtional test log
17dbfb9b8b
2024-07-25 13:57:46 -05:00
sebres