github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,998 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

1956 Commits (12ff98027f82d4d6d02a9cc8fb0b23f1a817a34f)

Author SHA1 Message Date
sebres eb4731d8b1 action.d/*-ipset.conf: workaround sporadic failures by stop if destroying ipset too fast (sleep a bit in error case and repeat); 
closes gh-3624
 2024-11-07 19:28:53 +01:00
Sergey G. Brester 89970d2e3e
Merge pull request #1351 from AntagonistHQ/csf 
add support for the CSF firewall
 2024-09-29 10:01:58 +02:00
Sergey G. Brester 363c0d5fd0
nftables.conf: fixed comment (since 7f1b578af4, gh-488 actioncheck would be never invoked in regular case) 2024-09-07 13:15:45 +02:00
thomas-333 44bd87951e
Update apprise.conf 
Correct typo. "as" should read "has"
 2024-09-02 10:17:10 +01:00
sebres 54c0effceb filter.d/sshd.conf: amend to #3747/#3812 (new ssh version would log with `_COMM=sshd-session`) 2024-08-11 12:10:12 +02:00
sebres c769046a1f Revert "`filterd./sshd.conf`: fixed journalmatch (sshd.service seems to be renamed to ssh.service)" - it'd patched in debian branch. 
This reverts commit 6fce23e7ba.
 2024-08-11 11:55:39 +02:00
sebres 8e0a2366f0 Fixes unmatched tag (caused unmatched brace); review: combined to single regex, simple case without injection attempts faster, `<HOST>` replaced with `<ADDR>` (faster and fewer vulnerable on complex cases, since doesn't match text as hostname) etc. 2024-08-10 13:20:18 +02:00
Maksim Usmanov | Maks 35afe20ea0
Roundcube 1.4 change log format 
From roundcube 1.4 log change format -> e92d8e31a3/program/lib/Roundcube/rcube_imap.php (L194)
 2024-08-09 22:53:45 +02:00
sebres d4663e8941 `action.d/firewallcmd-rich-*.conf`: fixed incorrect quoting, disabling port variable expansion by substitution of rich rule; closes gh-3815 2024-08-07 22:43:42 +02:00
sebres 9a558589d7 review (anchoring RE, etc) 2024-07-30 19:16:40 +02:00
Jose db8c943a7b Add jail to jail.conf as requested by test-suite 'More filters exists than are referenced in stock jail.conf set(['proxmox']) 2024-07-30 19:11:02 +02:00
Jose 83f2d59eee match numbers 2024-07-30 19:05:56 +02:00
Jose 07a7da8d8e Remove greedy catch-all before HOST 2024-07-30 19:05:55 +02:00
Jose ca45671db2 Add support to Proxmox Web GUI 2024-07-30 19:04:00 +02:00
sebres 93810fff75 consider CONNECT and other rejected commands as a valid `_pref`; 
closes gh-3800
 2024-07-26 19:25:36 +02:00
Sergey G. Brester 50ff131a0f
filter.d/sshd.conf: ungroup (unneeded for _daemon) 2024-07-03 19:35:28 +02:00
Fabian Dellwing 2fed408c05 Adjust sshd filter for OpenSSH 9.8 new daemon name 2024-07-02 08:51:51 +02:00
sebres 59c5e78ce9 `filter.d/apache-overflows.conf` - consider AH10244: invalid URI path; 
closes gh-3778
 2024-06-28 12:50:14 +02:00
sebres a7f3a04b0e `filter.d/recidive.conf` - restore possibility to set jail name in the filter, _jailname is positive now (but by default it uses now negative lookahead to exclude recidive jail); 
closes gh-3769
 2024-06-21 13:24:46 +02:00
Sergey G. Brester 6fce23e7ba
`filterd./sshd.conf`: fixed journalmatch (sshd.service seems to be renamed to ssh.service) 
closes gh-3747
 2024-06-10 01:40:59 +02:00
sebres 2533526827 extend ipset actions with new parameter `ipsettype` for the type of set (gh-3760), affected actions: 
`action.d/firewallcmd-ipset.conf`, `action.d/iptables-ipset.conf`, `action.d/shorewall-ipset-proto6.conf`
 2024-06-09 23:38:58 +02:00
sebres 17daf0ec78 `action.d/firewallcmd-ipset.conf`: rename `ipsettype` to `ipsetbackend` (`ipsettype` will be used now to the real set type); 
amend to #2620
 2024-06-09 23:32:03 +02:00
by 21bf636056
Update abuseipdb.conf 
Corrected link for HP helper (see https://shaunc.com/blog/article/reporting-to-abuseipdb.com-with-fail2ban~kDoa-Hml95wW)
 2024-05-20 15:34:24 +02:00
sebres c04e12dd8d Merge remote-tracking branch 'remotes/gh-upstream/0.11' 2024-04-29 11:03:33 +02:00
Sergey G. Brester 1434e3089c
Merge pull request #2455 from Thermi/improved-action-blocklist-de 
Improved blocklist_de action to not resend bans that were already reported
 2024-04-28 21:12:49 +02:00
sebres d0d0728523 cherry-pick from debian: debian default banactions are nftables, systemd backend for sshd 
closes gh-3292
 2024-04-26 02:26:55 +02:00
sebres 2c13cba73d loosening for denied suffix (would match no matter which reason in parenthesis); 
add coverage for denied with "(allow-query-cache did not match)"
 2024-03-25 16:35:20 +01:00
Rudimar Remontti fd7657f9a9 Update named-refused.conf 2024-03-25 16:35:16 +01:00
sebres 1ec9237e53 bypass additional pid in prefix (may be logged by syslog-ng, gh-3060); matches protocol error with authentication mechanism not supported 2024-03-25 15:52:06 +01:00
sebres c80908837f `filter.d/exim.conf`: 
- messages are prefiltered by `prefregex` now
  - filter can bypass additional timestamp that may be logged via systemd-journal (gh-3060)
 2024-03-25 15:31:23 +01:00
Vladimir Varlamov 8da0a99cde pid part may contain full hostname 2024-03-22 22:38:33 +03:00
Vladimir Varlamov 806a27cb4f final `<HOST>` to `<ADDR>` conversion 2024-03-22 22:38:33 +03:00
sebres e605415f61 simplify fields-group a bit (everything up to 4 chars long but H), so it'll be faster (no multiple branches) as well as would theoretically accept future enhancements of logged fields. 2024-03-22 16:47:54 +01:00
sebres c22a83933b let's use `<ADDR>` instead `<HOST>` - only IPs expected, since host-name bypassed before it (directly after H=) 2024-03-22 16:35:46 +01:00
Vladimir Varlamov df94ec4c52 filter.d/exim.conf: rewrite host line regex for all varied exim's log_selector states 
Depending on Exim's log_selector settings, log lines may contain additional information about the connection. And also the line itself with the address of the remote host can vary greatly. But fortunately, all states can be found in the Exim code itself and taken into account. Makes it easier to add new regexps.
Closes #3263
 2024-03-22 00:16:41 +03:00
Anton Samets 0c125ec9c9
filter.d/postfix.conf: add Sender address rejected: Malformed DNS server reply (#3590) 
* add Sender address rejected: Malformed DNS server reply
 2024-03-19 20:30:45 +01:00
Sergey G. Brester f63868b3e8
filter.d/apache-common.conf: remote besides client, gh-3622 2024-03-15 22:36:40 +01:00
Sergey G. Brester 529eb79ddb
Merge pull request #3692 from pingou2712/postfixSystemd 
Change journalmatch postfix
 2024-03-13 02:34:03 +01:00
Vincent Laffargue d260ed31d2 Maintain backward compatibility Postfix SYSTEMD_UNIT 2024-03-12 04:42:36 +01:00
Sergey G. Brester dd3c78ecab
filter.d/recidive.conf: conditional RE depending on logtype (for file or journal) 2024-03-11 17:49:06 +01:00
Vincent Laffargue 0b63fc312d Change Regex Recidive and journalmatch For Systemd Match 2024-03-10 10:56:35 +01:00
Vincent Laffargue 93082ead79 Change journalmatch postfix 2024-03-10 10:10:03 +01:00
Sergey G. Brester 45d7f3cb97
no space in any case 2024-03-08 11:43:46 +01:00
László Károlyi ff701e94c3
Add to postfix syslog daemon format 2024-03-07 20:23:50 +01:00
sebres 4f679a56e0 filter.d/sshd.conf: ddos/aggressive mode extended to match new messages caused by port scanner, wrong payload on ssh port: 
- message authentication code incorrect [preauth]
  - connection corrupted [preauth]
  - timeout before authentication
closes gh-3486
 2024-02-13 16:53:21 +01:00
Logic-32 b161e55ca7 Adding STARTTLS test with the help of aiosmtp. Make sure SMTP specifies host/port in addition to connect() due to bug with starttls. 2023-12-30 16:42:31 +01:00
Sergey G. Brester 6fb3198a41 attempt to fix action for 2.x 
self.host cannot be supplied to SMTP because it can contain port (but `connect` takes place few lines below)
 2023-12-30 16:42:27 +01:00
Logic-32 6a1da5e164 Removing logging in favor of just throwing. Removing user from message as it doesn't add any value. 2023-12-30 16:42:23 +01:00
Logic-32 419e380870 Add support for TLS SMTP connections. 2023-12-30 16:42:18 +01:00
sebres 3190febb27 IPv6 fix (second IP logged in form for IPv6); pam authentication failure (part of gh-3410) 2023-12-30 15:10:37 +01:00