1872 Commits (0e3e9b1d7f67443c7dc046997718cc6924c83ef4)

Author	SHA1	Message	Date
sebres	43f2923fbd	filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user"; ... both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters	2021-06-10 15:06:54 +02:00
Sergey G. Brester	bbfff18280	action.d/ufw.conf: amend to #3018: parameter `kill-mode` extended with conntrack	2021-06-03 12:02:08 +02:00
sebres	c7a86b4616	action.d/firewallcmd-ipset.conf: amend to #2620: ... - combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`); - IPv6-capability for firewalld ipset; - no internal timeout handling by default; - no permanent rules yet	2021-05-29 22:59:55 +02:00
Sergey G. Brester	2a508da5a0	Merge pull request #2620 from mspolitaev/master ... Using native firewalld ipset implementation	2021-05-29 21:30:55 +02:00
sebres	38535b0cca	Merge branch '0.11' into master	2021-05-29 21:25:24 +02:00
sebres	d2f5c7de09	Merge branch '0.10' into 0.11	2021-05-29 21:24:11 +02:00
sebres	92f90038fa	filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553	2021-05-29 21:12:34 +02:00
sebres	8b984a0135	filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553)	2021-05-29 20:47:56 +02:00
sebres	6be1a5a0b1	filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)	2021-05-29 20:25:28 +02:00
sebres	8afea37494	filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757)	2021-05-29 20:09:57 +02:00
sebres	c5f1598a21	filter.d/postfix.conf: extended to cover new vectors: ... - reject: BDAT/DATA from (gh-2927) - (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else) - matches "Command rejected" and "Data command rejected" now	2021-05-29 19:48:24 +02:00
sebres	ae3e9b9149	filter.d/postfix.conf: extended to cover 2 new vectors: ... - RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995 - 550 5.7.25 Client host rejected, gh-2996 review combining several regex to single one	2021-05-29 19:21:27 +02:00
sebres	87f717e0e0	filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012)	2021-05-29 18:45:59 +02:00
Sergey G. Brester	3d52fe3e4e	Merge pull request #2679 from mikaku/updated-to-latest-jail.conf ... Add new jail (and filter) Monitorix	2021-05-27 12:17:16 +02:00
sebres	0a05dbdbfc	Merge branch '0.11' into master	2021-05-25 23:19:25 +02:00
sebres	3312b8cb95	Merge branch '0.10' into 0.11	2021-05-25 23:18:33 +02:00
sebres	1627d4f573	filter.d/sendmail-auth.conf: user not found, closes gh-3030	2021-05-25 23:16:29 +02:00
Sergey G. Brester	f07e0f7ade	Merge pull request #2984 from j-marz/zoneminder_filter_update ... Zoneminder filter update	2021-05-21 13:03:33 +02:00
Sergey G. Brester	ec4e0dd65b	padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name)	2021-05-21 13:00:24 +02:00
j-marz	2367ad115c	fixed typo in comment	2021-05-20 09:15:45 +10:00
Sergey G. Brester	3f9cf27853	filter.d/apache-fakegooglebot.conf: better, more precise regex and datepattern (closes possible weakness like #3013)	2021-05-11 13:47:48 +02:00
usernamepi	4f8427178a	Missing comment "#" (#3022) ... Missed this ... but the logs showed it.	2021-05-07 18:23:40 +02:00
usernamepi	88f779ed24	ufw.conf, amend to #3018 - add missing option for comment (#3019)	2021-05-06 23:23:39 +02:00
Sergey G. Brester	8f6a8df3a4	added new options `kill-mode` and `kill`, which makes the drop of all connections optional	2021-05-06 21:47:06 +02:00
Sergey G. Brester	5debaa4cac	option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat)	2021-05-06 20:23:58 +02:00
usernamepi	e4e7a83cff	Update ufw.conf ... Prerequisites: * The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY. * Ufw version is => 0.36 (released in 2018) * Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses. * Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532 * Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open. Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option. My system apparently is compiled that way.	2021-05-06 13:44:36 +02:00
sebres	71ce548117	Merge branch '0.11'	2021-04-27 14:05:53 +02:00
sebres	b5b615731e	Merge branch '0.10' into 0.11	2021-04-27 14:03:49 +02:00
sebres	f0214b3d36	filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments	2021-04-20 18:13:40 +02:00
Sergey G. Brester	ab0847e2d5	more precise anchored RE (also combining all 3 REs in a single regex)	2021-04-14 13:06:58 +02:00
Jordi Sanfeliu	7d173b7ce0	Merge branch 'master' into updated-to-latest-jail.conf	2021-04-13 20:24:08 +02:00
sebres	6893d5a8b7	Merge remote-tracking branch 'remotes/gh-upstream/0.11' into master	2021-04-11 19:05:02 +02:00
Sergey G. Brester	d74dd9321b	Merge pull request #2565 from caronc/0.11 ... Add Apprise Support (50+ Notifications)	2021-04-04 00:24:21 +02:00
Sergey G. Brester	b2f6a3a658	remove unneeded substitution ... it is enough to add `apprise` to action	2021-04-04 00:21:59 +02:00
Sergey G. Brester	dda70d60c0	Merge branch 'master' into master	2021-04-04 00:04:08 +02:00
Michele Mondelli	7579072e3b	docs: fix typos	2021-04-03 23:49:23 +02:00
Sergey G. Brester	4eba9f2a4b	Merge pull request #2950 from sunweaver/pr/scanlogd-filter ... Add support for filtering out detected port scans via scanlogd.	2021-04-03 23:36:14 +02:00
Sergey G. Brester	2d51240b3e	correction for default log interpolation and added allports banaction	2021-04-03 23:33:49 +02:00
Sergey G. Brester	977dfe4bd7	small amend: sport after saddr is optional ... format of message: saddr[:sport] to daddr [and others,] ports port[, port...], ..., flags[, TOS TOS][, TTL TTL] @HH:MM:SS	2021-04-03 23:29:16 +02:00
Sergey G. Brester	14edeed310	fixed regex (don't need to match whole line, e. g. every port etc)	2021-04-03 23:24:55 +02:00
Sergey G. Brester	080dd12288	Merge pull request #2965 from oukb/patch-1 ... nsd.conf: fix for the current log format	2021-04-03 21:02:03 +02:00
Sergey G. Brester	a838deba7f	restore anchor (e. g. catch all in the middle), dot is optional now, RE rewritten a bit more precise	2021-04-03 21:00:14 +02:00
sebres	7f38b80d35	precise regex (left anchor and fewer catch-all's); fixed tests (added failJSON and more tests for some corner-cases around new RE)	2021-04-03 20:16:47 +02:00
Rüdiger Olschewsky	9eaa2322b0	Filter and Defaults for Microsoft SQL Server	2021-04-03 19:30:29 +02:00
Markus Felten	5aa20c30d8	fix: add journalmatch to nginx filters	2021-04-03 19:20:50 +02:00
j-marz	5d8f500471	updated formatting to pass tests	2021-03-29 08:36:53 +11:00
j-marz	2686811593	Updated zoneminder filter ... Support new log format, ERR instead of WAR. Add detection of non-existent user login attempts	2021-03-28 21:19:10 +11:00
oukb	529866b2bb	nsd.conf: fix for the current log format ... New nsd 4.3.5 log format: | [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches | [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches | [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches | [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches	2021-03-08 19:14:28 +03:00
Mike Gabriel	f15ed35619	config/: Add support for filtering out detected port scans via scanlogd.	2021-03-05 16:35:13 +01:00
sebres	fb08534ed7	Merge branch '0.11'	2021-03-03 18:17:35 +01:00
sebres	3eaefe8da0	Merge branch '0.10' into 0.11	2021-03-03 18:16:47 +01:00
sebres	a45b1c974c	filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast); ... closes gh-2951	2021-03-02 19:35:27 +01:00
sebres	63acc862b1	`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action	2021-02-24 18:21:42 +01:00
sebres	fb6315ea5e	Merge branch '0.10' into 0.11	2021-02-24 13:16:36 +01:00
sebres	6f4b6ec8cc	action.d/badips.* removed (badips.com is no longer active, gh-2889)	2021-02-24 13:05:04 +01:00
Sergey G. Brester	a2f0dbad87	Merge pull request #2742 from aresxc/patch-1 ... Update drupal-auth.conf	2021-02-11 19:10:55 +01:00
Sergey G. Brester	d678440658	more precise RE (avoids weakness with catch-all's and is injection safe)	2021-02-11 18:32:32 +01:00
sebres	ea26509594	Merge branch '0.11'	2021-02-03 14:59:00 +01:00
sebres	6198b4566c	Merge branch '0.10' into 0.11	2021-02-03 14:47:56 +01:00
Brian J. Murrell	dc4ee5aa47	Add transport to asterisk RE ... Call rejection messages from Asterisk can have the transport prefixed to the IP address. Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>	2021-01-31 15:22:16 +01:00
sebres	c75748c5d3	fail2ban.conf: added new fail2ban configuration option "allowipv6" (default auto), can be used to allow or disallow IPv6 interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces). ... closes gh-2804	2021-01-27 17:06:14 +01:00
sebres	21dd317870	Merge branch '0.11'	2021-01-21 19:13:13 +01:00
sebres	dbc77c47c3	Merge branch '0.10' into 0.11	2021-01-21 19:11:01 +01:00
Sergey G. Brester	5f3f4d1e2f	action.d/cloudflare.conf: better IPv6 capability ... closes gh-2891	2021-01-11 15:23:40 +01:00
sebres	9df332fdef	filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...); ... closes gh-2908	2021-01-11 15:10:53 +01:00
sebres	2c60d08b28	Merge '0.11' (fix gh-2899) into master	2020-12-29 21:27:02 +01:00
sebres	fe334590cd	Merge branch '0.10' into 0.11	2020-12-29 21:25:09 +01:00
sebres	73b39e0894	filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp) ... closes gh-2899	2020-12-29 21:22:47 +01:00
defanor	ba7daef86c	Handle postscreen's PREGREET and HANGUP messages ... Provoking those seems to be a popular activity among spammers.	2020-12-24 17:29:09 +03:00
stepodev	cecc3d62ff	add mode explanation to nginx-http-auth in jail.conf	2020-11-30 12:26:32 +01:00
stepodev	d0ba27cf46	move nginx-tls-fallback rules to nginx-http-auth	2020-11-30 12:14:49 +01:00
Sergey G. Brester	d959f6d199	Update nginx-tls-fallback.conf ... more precise and conclusive regex without catch-all's	2020-11-26 12:25:32 +01:00
stepodev	c0256724a7	fix monitoring wrong error log. was access log, should be error.log	2020-11-25 21:30:21 +01:00
stepodev	27c40a77a3	add nginx-tls-downgrade	2020-11-25 20:59:43 +01:00
sebres	a03109d096	Merge branch '0.11' into master (0.11.2 released)	2020-11-24 12:41:10 +01:00
sebres	b78d1e439a	Merge branch '0.10' into 0.11	2020-11-23 21:35:32 +01:00
Sergey G. Brester	753fff9c15	amend to #2750, add jail for new filter nginx-bad-request	2020-11-23 18:38:41 +01:00
Sergey G. Brester	071048b8f2	Merge pull request #2750 from janprzy/master ... Added filter nginx-bad-request	2020-11-23 18:28:07 +01:00
sebres	7965d652a1	filter.d/dovecot.conf: allow more verbose logging ... closes #2573	2020-11-23 18:17:29 +01:00
sebres	a6de9459fc	typo	2020-11-23 18:08:38 +01:00
RyuaNerin	bba8844af8	typo	2020-11-23 18:07:49 +01:00
mpoliwczak834	595ee7ed74	add submission	2020-11-23 17:42:12 +01:00
mpoliwczak834	0c12cb7970	add managesieve support dovecot filter	2020-11-23 17:42:11 +01:00
sebres	cc64ef25f6	filter.d/apache-noscript.conf: extended to match "script not found" with error AH02811 (and cgi-bin path segment in script) ... closes gh-2805	2020-11-23 17:25:41 +01:00
sebres	adbfdc222d	Merge branch '0.10' into 0.11	2020-11-11 11:17:15 +01:00
Sergey G. Brester	1c1a9b868c	no catch-alls, user name and error message stored in ticket	2020-11-09 15:36:30 +01:00
benrubson	840f0ff10a	Add Grafana jail	2020-11-09 15:31:06 +01:00
sebres	25e006e137	review and small tweaks (more precise and safe RE)	2020-11-09 13:43:59 +01:00
Mart124	df659a0cbc	Add Bitwarden syslog support	2020-11-09 13:34:39 +01:00
Sergey G. Brester	472bdc437b	Merge pull request #2723 from benrubson/softether ... Add SoftEtherVPN jail	2020-11-09 13:23:25 +01:00
Sergey G. Brester	010e76406f	small tweaks (both 2nd time and facility are optional, avoid catch-all, etc)	2020-11-09 13:19:25 +01:00
sebres	66ff90408f	Merge branch '0.10' into 0.11	2020-11-09 12:45:29 +01:00
sebres	d4adec7797	Merge branch '0.9' into 0.10	2020-11-09 12:44:07 +01:00
sebres	5430091acb	jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868)	2020-11-09 12:43:34 +01:00
benrubson	ec873e2dc3	Add SoftEtherVPN jail	2020-11-05 23:56:30 +01:00
sebres	6ef69b48ca	Merge branch '0.10' into 0.11	2020-11-05 16:12:31 +01:00
sebres	02525d7b6f	filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended with new rule closing flood attack vector, matching: ... error: kex_exchange_identification: Connection closed by remote host (gh-2850)	2020-10-08 21:07:51 +02:00
sebres	2817a8144c	`action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used)	2020-09-29 13:33:40 +02:00
sebres	1418bcdf5b	`action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836)	2020-09-29 12:35:49 +02:00
sebres	d253e60a8b	Merge branch '0.10' into 0.11	2020-09-23 19:39:50 +02:00