fail2ban

Commit Graph

Author	SHA1	Message	Date
Ache	ae1451b29f	Update bsd-ipfw.conf Deleting not existent is not error. Adding already present is not error. Otherwise all those entries becomes stale forever, not removed and its number increases over time.	10 years ago
Luke Hollins	549ab24e70	Fixed grammatical error in emails sent	10 years ago
Yaroslav Halchenko	119a7bbb16	Merge pull request #939 from szepeviktor/geoip Added sendmail-geoip-lines.conf	10 years ago
Viktor Szépe	4c88a00c28	Line notes implemented	10 years ago
Viktor Szépe	1619ab3145	Added sendmail-geoip-lines.conf	10 years ago
Andrew St. Jean	6bdfe756cf	Changed default TTL value to 60 seconds.	10 years ago
Andrew St. Jean	43732acae1	Added a reminder to create an nsupdate.local file to set required options.	10 years ago
Yaroslav Halchenko	085d0f72ed	ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)	10 years ago
rumple010	eb76dcd5a0	add nsupdate action Adds a new action file that uses nsupdate to dynamically update a BIND zone file with a TXT resource record representing a banned IP address. Resource record is deleted from the zone when the ban expires.	10 years ago
Yaroslav Halchenko	083031524d	BF: adding missing Definition section header to firewallcmd-allports	10 years ago
TorontoMedia	d7b7f4bc91	Update firewallcmd-allports.conf	10 years ago
TorontoMedia	7eed55266b	Created firewallcmd-multiport	10 years ago
TorontoMedia	9f91cb2fd8	Created firewallcmd-allports	10 years ago
TorontoMedia	50e5fd9ed7	Create firewallcmd-multiport.conf	10 years ago
TorontoMedia	591e444753	Create firewallcmd-allports.conf	10 years ago
Yaroslav Halchenko	967485c2d0	improving grepping	10 years ago
Yaroslav Halchenko	efbf5064a1	Merge pull request #807 from xslidian/patch-1 grep IP at the start of lines	10 years ago
Orion Poplawski	01b2673e34	Use multiport for firewallcmd-new	10 years ago
Dean Lee	ba44ff312b	grep IP at the start of lines I'm not sure if this regex works best, so I'm patching this single file as a sample. Don't forget to update `mail-whois-lines.conf` after this patch got merged. For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '$[^0-9]\\|^$199.48.161.87[^0-9]'` works: <pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>	10 years ago
Yaroslav Halchenko	0d9cfb84e3	Merge pull request #778 from yarikoptic/enh/symbiosis ENH: symbiosis-blacklist-allports action	10 years ago
Yaroslav Halchenko	93243e7d57	ENH: Ignore errors while unbaning in symbiosis firewall Fail2Ban at times "interfers" with the firewall reflashing thus leading to the sporadic errors. IMHO should be safe to ignore	10 years ago
Yaroslav Halchenko	818dd59d65	ENH: symbiosis-blacklist-allports action	10 years ago
Markus Amalthea Magnuson	7b76322898	Fix typos.	10 years ago
leftyfb	6dbd449f77	Changed to Cloudflare JSON API	10 years ago
leftyfb	cba570cabd	Updated comments	11 years ago
leftyfb	5471e99ebe	Added cloudflare action	11 years ago
Yaroslav Halchenko	0adb10f653	Merge branch 'ainfo-copy' of https://github.com/kwirk/fail2ban * 'ainfo-copy' of https://github.com/kwirk/fail2ban: TST: actions modifying aInfo test more robust TST: Test for actions modifying (un)ban aInfo BF: aInfo could be modified by actions, causing unexpected behaviour	11 years ago
SATO Kentaro	65ff3e9604	ENH: Introduce iptables-common.conf.	11 years ago
Steven Hiscocks	8268c1641f	BF: aInfo could be modified by actions, causing unexpected behaviour A separate copy of aInfo is passed to each action	11 years ago
SATO Kentaro	1e1c4ac62a	ENH: Add <chain> to iptables-ipsets.	11 years ago
Steven Hiscocks	db023be09b	BF: Fix bad syntax in badips.py action Taken from https://bugzilla.redhat.com/attachment.cgi?id=895966&action=diff	11 years ago
Yaroslav Halchenko	596b819bdc	DOC: minor -- tabify docstring in badips.py action	11 years ago
Steven Hiscocks	9fcb92524e	BF: badips.py action logging of exc_info on debug typo	11 years ago
yungchin	3a155ed2e0	Update comments in shorewall.conf for new settings	11 years ago
Ruben Kerkhof	1c36da9df9	Fix 2 more typos that codespell didn't catch	11 years ago
Ruben Kerkhof	1695d5c076	Fix a few typos Found with https://github.com/lucasdemarchi/codespell Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>	11 years ago
Steven Hiscocks	41cbbbc248	BF: Remove unused imports and variables. All highlighted by using pyflakes.	11 years ago
Steven Hiscocks	16125ec81a	BF: badips.py action methods not static due to use of self._logSys	11 years ago
Steven Hiscocks	9e374b159e	ENH: Allow setting of badips.py key for reporting and blacklisting	11 years ago
Steven Hiscocks	de43d1d6d5	ENH: Change badips.py default score to "3" As per recommendation from Amy from badips.com	11 years ago
Steven Hiscocks	0222ff4677	Merge branch 'badips-blacklist' into 0.9 Conflicts: ChangeLog - entires added in both branches. Change: config/action.d/badips.py - jail.getName() changed to jail.name	11 years ago
Steven Hiscocks	0c63d0061a	DOC: Add documentation for badips.py action	11 years ago
Steven Hiscocks	dfb46cfda6	BF: Require Python 2.7+ for badips.py action	11 years ago
Daniel Black	cc8ec826c5	MRG: from master 2014-03-02	11 years ago
Steven Hiscocks	df8d700d17	RF: Refactor Jail and JailThread Includes: - documentation to new format and use of properties - change isActive->is_active as former no longer documented for python3, and later introduction and documented in python2.6 - status formatter in beautifier somewhat more automatically formatted; no changes are required for additional status elements - JailThread now set to active within `start` method, complimenting `stop` method	11 years ago
Daniel Black	9be22a96a6	Merge pull request #614 from kwirk/complain-abusix BF: Use abusix Abuse Contact DB to get more accurate abuse addresses	11 years ago
Daniel Black	cc463aa60d	Merge pull request #620 from kwirk/xarf-tweaks BF: Fix misplaced ";", and duplicate {ip,}matches	11 years ago
Daniel Black	a044517cb7	MRG: from master to 0.9 2014-02-20	11 years ago
Steven Hiscocks	8c5525163b	BF: Fix misplaced ";", and duplicate {ip,}matches	11 years ago
Steven Hiscocks	997729e274	BF: Fix complain action for multiple recipients and misplaced ";"	11 years ago
Steven Hiscocks	7c76f7f204	BF: $EUID not avilable in all shells, replaced with `id -u` in xt_recent	11 years ago
Steven Hiscocks	2a37ee2fb7	ENH: Add root user check in xt_recent, and add missing actionstop Thanks to Helmut Grohne on IRC for suggestion	11 years ago
Steven Hiscocks	5c7630c4be	ENH: Allow separate blacklist category for badips.py action	11 years ago
Steven Hiscocks	cf81ddd8e2	BF: Add error handling in badips.py action	11 years ago
Steven Hiscocks	31f4ea59cb	BF: Use abusix Abuse Contact DB to get more accurate abuse addresses Taken from xarf-login-attack action from 0.9 branch by Daniel Black	11 years ago
Steven Hiscocks	dff8909473	ENH: Add badips.com reporting and blacklisting action (python based)	11 years ago
Daniel Black	1e1261ccb4	MRG: from master 2014-01-23	11 years ago
Daniel Black	ca57427080	BF: firewallcmd-ipset had non-working actioncheck	11 years ago
Steven Hiscocks	8221c7ca71	TST+BF: Add tests for python actions, including test for smtp.py Also fix bug when specifying multiple recipients for smtp.py action	11 years ago
Daniel Black	a650178bd1	MRG: merge from master 2014-01-19	11 years ago
Daniel Black	f566cab766	Merge branch 'master' into badips	11 years ago
Daniel Black	cd3e94140c	MRG: complete merge	11 years ago
Yaroslav Halchenko	9a8b449086	DOC: some typos, fixes from Vincent Lefevre	11 years ago
Daniel Black	76468942f9	MRG: complete merge from master	11 years ago
Daniel Black	ab3ded2205	Merge pull request #549 from kwirk/python-actions ENH: Python actions	11 years ago
Steven Hiscocks	69a850d226	DOC: Update docstrings for smtp.py action	11 years ago
Steven Hiscocks	6e63f0ea5a	RF: Change Jails and Actions to Mapping types	11 years ago
Daniel Black	3d1a1afca4	MRG: to more recent 0.9	11 years ago
Daniel Black	5fe75436cc	DOC: DEV NOTES before author names	11 years ago
Steven Hiscocks	80d6f74ee8	RF: Refactor actions further, include removing server proxy interface This allows direct setting of action properties and calling of methods from the fail2ban-client if so required.	11 years ago
Daniel Black	a0c2de3e4d	DOC: document incompatiblity between APF and iptables-* actions. Closes gh-510	11 years ago
Steven Hiscocks	98bf511443	BF: Incorrect number of arguments in smtp.py action connect log	11 years ago
Steven Hiscocks	5b2b59d752	ENH: python actions use initOpts as **kwargs Adds an easy way to handle case where mandatory arguments are missed, or not valid arguments are passed	11 years ago
Steven Hiscocks	6ef911185d	ENH: Add matches to smtp.py action	11 years ago
Daniel Black	391b5fc883	MRG: from master again 2014-01-01	11 years ago
Steven Hiscocks	f37c90cdba	ENH: Python based actions Python actions are imported from action.d config folder, which have .py file extension. This imports and creates an instance of the Action class (Action can be a variable that points to a class of another name). fail2ban.server.action.ActionBase is a base class which can be inherited from or as a minimum has a subclass hook which is used to ensure any imported actions implements the methods required. All calls to the execAction are also wrapped in a try except such that any errors won't cripple the jail. Action is renamed CommandAction, to clearly distinguish it from other actions. Include is an example smtp.py python action for sending emails via smtp. This is work in progress, as looking to add the <matches> and whois elements, and also SSL/TLS support.	11 years ago
Daniel Black	be382dae4d	MRG: ufw changelog conflicts	11 years ago
Daniel Black	1f6ece2a40	Merge pull request #490 from grooverdan/firewallcmd-ipset ENH: add firewallcmd-ipset	11 years ago
Daniel Black	a1a219189f	Merge pull request #493 from grooverdan/xarf-ipmatch ENH: use ipmatches for action xarf-login-attack	11 years ago
Daniel Black	7c0efc8ec8	MRG: merge so far - flushLogs not working yet	11 years ago
Daniel Black	4eedf9d4e1	ENH: use ipmatches for action xarf-login-attack	11 years ago
Daniel Black	a398c51d6c	ENH: simplify actioncheck on firewallcmd-new a little more	11 years ago
Daniel Black	772def1095	Merge pull request #491 from kwirk/ipmatches ENH: Add <ipmatches> and <ipjailmatches> tags + sendmail implementations	11 years ago
Steven Hiscocks	40007abc1d	ENH: Refactor and add database matches and failures for sendmail actions	11 years ago
Daniel Black	1c6c011154	EHH missed trailing .	11 years ago
Daniel Black	868a4ea470	ENH: full abusix disclaimer in action xarf-login-attack	11 years ago
Daniel Black	9fe0a69852	ENH: add firewallcmd-ipset	11 years ago
Daniel Black	4ffc57e14f	ENH: simplify firewallcmd-new actioncheck and provide output samples	11 years ago
Daniel Black	ed816afbcd	ENH: add badips action	11 years ago
Daniel Black	1ff52dfe4d	DOC: document ufw a bit more. Change insertpos default to 1 to allow it to work if the user run ufw enable	11 years ago
Daniel Black	f35345ecaa	ENH: add ufw action based off Guilhem Lettron's work in lp-#701522. Closes gh-455	11 years ago
Daniel Black	13ccebe78f	BF: fix actioncheck in firewallcmd	11 years ago
Steven Hiscocks	0bcff771b8	ENH: Add <ipmatches> and <ipjailmatches> tags Example use filter also added for sendmail-whois with ipmatches rather than grepped lines	11 years ago
Daniel Black	f385439a41	MRG: ChangeLog merge	11 years ago
Daniel Black	36917d7517	BF: action.d/complain - match IP at beginning and end of lines	11 years ago
Daniel Black	135c759dbb	Merge pull request #477 from kwirk/blocklist.de ENH: Added blocklist.de reporting API action	11 years ago
Steven Hiscocks	630dd91dcd	BF: Add [Init] section to blocklist.de action	11 years ago
Steven Hiscocks	b3c173795e	ENH: blocklist.de action error on HTTP response code 4xx	11 years ago
Daniel Black	51f2619878	Merge pull request #473 from grooverdan/whois-missing ENH: Whois missing in actions? Include output to say so	11 years ago
Steven Hiscocks	a19b33cc72	ENH: blocklist.de action added fail2ban version as user agent	11 years ago

1 2 3 4 5 ...

279 Commits (1153c0a5c61d1245a4ec8242a07336fed3981c40)