github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
1,876 Commits
34 Branches
229 Tags
22 MiB
Commit Graph

416 Commits (08b4f3e5f262acb39bca783efdb67a50ae6c30f5)

Author SHA1 Message Date
Daniel Black 353b84a648 Merge branch 'patch-4' of https://github.com/truxoft/fail2ban into exim-auth 2014-01-13 19:25:46 +11:00
Ivo Truxa 9f107403e8 Update exim 
When using Dovecot authentication for Exim, which is relatively common, the current regex for catching authentication failures needs a small tweak. The current plain|login options are too limiting and will only work in the cases when only the Exim's rudimentary built-in authentication is used. There can be not only the dovecot_login shown in this log example, but also dovecot_plain, ntlm, cram, cyrus, md5, and plenty of others. In fact many admins may opt for their own authentication labels, when setting up Exim. For this reason the regex should catch any label. I suggest modifying the regex in the following way:

<pre>^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\]: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$</pre>
 2014-01-13 01:18:09 +01:00
Tomas Pihl b52a4441fd Support ACL-events without AccountID. Typically happens when a registration 
from an unknown domain is performed.

Add credits
 2014-01-12 01:28:55 +01:00
Daniel Black 928f566d19 Merge pull request #576 from kwirk/ejabberd-filter 
ENH: ejabberd filter
 2014-01-09 14:52:18 -08:00
Steven Hiscocks 128112d51c ENH: ejabberd filter 2014-01-09 22:47:17 +00:00
Daniel Black cd5aab5ff1 TST: for tag substition, multiple on same line 2014-01-10 09:20:56 +11:00
Daniel Black 755af0a51e Merge pull request #562 from grooverdan/jail.conf-complete_and_correct 
ENH: Jail.conf now has all filters and TST: a mechanism to test this is truee
 2014-01-06 12:08:45 -08:00
Daniel Black 50eab4df81 ENH: add filter groupoffice. Closes gh-566 2014-01-06 21:56:22 +11:00
Daniel Black a8e0498389 BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHANGE_FAILED. closes gh-289 2014-01-05 21:26:26 +11:00
Daniel Black c700910155 TST: ensure stock jail has all filters 2014-01-05 21:06:30 +11:00
Daniel Black 23f0b854da MRG: merge in freeswitch 2014-01-04 12:24:40 +11:00
Daniel Black 69b3a1cf64 BF: catchin DEBUG messages will result in duplicates 2014-01-04 12:10:51 +11:00
Daniel Black 36533de6bc ENH: more filter expressions for freeswitch. Anchored existing one at end too 2014-01-04 08:21:22 +11:00
Daniel Black 04d28fd2e1 ENH: add filter freeswitch - as raised on mailing list 2014-01-03 13:00:37 +11:00
Daniel Black 83f3aeb308 ENH: filter for horde 2014-01-02 23:12:36 +11:00
Daniel Black e2faa312c1 TST: test case for horde 2014-01-02 23:11:39 +11:00
Daniel Black 856407379b ENH: add filter openwebmail. Closes gh-543. 2013-12-31 08:09:00 +11:00
Daniel Black 3d79e1612b MRG: test cases on exim-spam 2013-12-29 21:38:00 +00:00
Ivo Truxa d2658e063c Update exim-spam 
An example with no valid FROM email address and host without reverse DNS record
 2013-12-29 22:33:08 +01:00
Ivo Truxa bb88cfaddb Update exim-spam 
attached sample Exim log line to demonstrate a silently tossed message as described at https://github.com/fail2ban/fail2ban/issues/533
 2013-12-29 18:53:04 +01:00
Daniel Black 6666f41ee6 ENH: apache modsecurity filter 2013-12-29 06:59:47 +00:00
Yaroslav Halchenko c6a7bc2221 BF(2.4): remove use of "with" for python 2.4 for now (since we list it as supported) 2013-12-27 01:54:54 -05:00
Yaroslav Halchenko 952de51cf1 ENH: per original discussion, and changes which followed, better not to ignore absent failregex -- all filters (but included common) should have it 2013-12-27 01:47:15 -05:00
Yaroslav Halchenko 4e165c9692 ENH: FilterReader - use the set methods (improve coverage), test getters, use os.path.join 2013-12-27 01:43:23 -05:00
Yaroslav Halchenko 0141a6dbe7 TST: add few more rudimentary tests for Regex to complete its coverage 2013-12-27 01:29:02 -05:00
bes.internal 55d76ac373 TST: add test for IgnoreCommand at server 2013-12-25 00:58:00 +03:00
bes.internal ebd89ec077 New ignorecommand that is added to the ignoreip list from output of an external program 
ignorecommand update man and fix protocol help

ENH: run ignore command only after internal list has been examined. Change interface on ignorecommand to take IP as environment variable and return true if it is to be banned

ENH: ignore IP command to take tagged command

DOC: man pages for ingorecommand

TST: add test cases for ignorecommand
 2013-12-24 23:55:35 +03:00
Daniel Black 1b7df1181f BF: apache-2.4 log format fix. Closes gh-516 2013-12-23 08:28:40 +00:00
Yaroslav Halchenko 7af58b9984 Merge branch 'apache-noscripts' of https://github.com/grooverdan/fail2ban 
* 'apache-noscripts' of https://github.com/grooverdan/fail2ban:
  ENH: apache-noscript now matched php-cgi scripts. Closes gh-503

Conflicts:
	ChangeLog -- two new entries collided,  Reformatted the merged one a bit
 2013-12-22 22:28:57 -05:00
Daniel Black 7a9252bd0e TST BF: local defination 2013-12-22 12:08:10 +00:00
Daniel Black 2a67ef519c TST: missing logpath raises IOError 2013-12-22 08:43:57 +00:00
Daniel Black 2d688a5a03 TST: improve polling test case to ensure isModified only returns True once (file static) 2013-12-22 07:47:24 +00:00
Daniel Black a9b7d33c51 ENH: apache-noscript now matched php-cgi scripts. Closes gh-503 2013-12-19 10:01:24 +00:00
Steven Hiscocks d22716ab63 ENH: Add nsd filter and amend DateEpoch to match date format 2013-12-18 22:31:54 +00:00
Daniel Black dd79889904 Merge pull request #484 from grooverdan/more-more-tests 
BF/TST: fix internals of jailreader and add test cases
 2013-12-16 02:29:50 -08:00
Daniel Black 729929ada9 TST: jails can occur in any order once parsed. Sort results to facilitate comparison 2013-12-16 10:21:46 +00:00
Daniel Black 5c26bcbd2b TST: hopefully normalise config so that consistent test results occur on travis and locally 2013-12-16 10:07:41 +00:00
Daniel Black 603095bc16 BF: errors in a jail prevents further sections from being parsed. Closes #485 2013-12-14 07:00:41 +00:00
Daniel Black b39729a2ab BF: fix unintential typo 2013-12-14 06:51:36 +00:00
Daniel Black 2dac984b97 Merge pull request #482 from grooverdan/squid 
ENH: add squid filter
 2013-12-13 15:31:38 -08:00
Daniel Black 18f0e58caa TST: increase coverage in jailreader 2013-12-13 11:41:40 +00:00
Daniel Black f6fb737e6c TST: remove commented test print 2013-12-13 10:55:15 +00:00
Daniel Black e916fcdce4 TST: test case for actions and filters missing in a jail 2013-12-13 10:51:38 +00:00
Daniel Black 1407b955e6 TST: more client/jailreader tests 2013-12-13 10:03:51 +00:00
Daniel Black c6d14dcf0e TST: complete coverage of splitAction 2013-12-12 20:35:30 +00:00
Daniel Black 3036afca91 TST: check dangling link log message 2013-12-12 10:13:57 +00:00
Daniel Black cb4f1e5142 TST: remove temp files in glob test 2013-12-12 09:10:12 +00:00
Daniel Black f2c58e74c1 TST: check client.JailReader.setName 2013-12-12 08:24:29 +00:00
Daniel Black a03815facf TST: FileFilter tail tests 2013-12-11 13:07:08 +11:00
Daniel Black 5005719180 TST: permission denied on log file 2013-12-11 12:34:26 +11:00