fail2ban

Commit Graph

Author	SHA1	Message	Date
Sergey G. Brester	183f805ae3	amend	2023-10-16 11:41:05 +02:00
Sergey G. Brester	7931b67325	mysqld-auth.conf: better RE, optional suffix, non-capturing groups	2023-10-16 11:35:53 +02:00
Aliaksandr Yurchyk	c55e9949dc	Fix issue with Mariadb 10.3 failed message	2023-10-16 01:35:15 +03:00
Sergey G. Brester	f8f8c046a2	Merge pull request #3469 from vitkabele/routeros-auth New filter: routeros-auth.conf	2023-09-02 18:56:04 +02:00
sebres	eebef0089c	avoid double counting for "maximum authentication attempts exceeded" ("Disconnecting ..." is no failure anymore, now it's helper only); closes gh-3485	2023-06-13 18:49:26 +02:00
Sergey G. Brester	809b904106	filter.d/exim.conf: fixes "dropped: too many ..." regex and also matches unrecognized commands new vector	2023-04-24 15:40:53 +02:00
Sergey G. Brester	9cbf59c827	anchored datepattern and added journalmatch (if monitoring systemd journal)	2023-03-23 12:16:13 +01:00
Sergey G. Brester	2c0360d178	Merge branch 'master' into nginx-forbidden	2023-03-23 12:01:50 +01:00
Vít Kabele	a2c77429b9	New filter: routeros-auth.conf (Closes #3469 ) Add filter to detect failed login attempts in the log produced by MikroTik RouterOS. - Add the filter to jail.conf - Add testcase for the filter Signed-off-by: Vít Kabele <vit@kabele.me>	2023-03-02 09:25:24 +01:00
Sergey G. Brester	efbbcb41ea	non capturing group	2022-11-18 12:32:15 +01:00
Sergey G. Brester	996553f330	review, simplify regex and capture user name	2022-11-18 12:31:11 +01:00
Andrey Alekseenko	df91b047d2	Dante SOCKS server: handle "1 byte/second" case Thanks to @Loriowar and @sebres for pointing it out	2022-11-17 23:22:56 +01:00
Andrey Alekseenko	05c162ef10	Create filter for Dante SOCKS server	2022-11-17 23:22:55 +01:00
Sergey G. Brester	ae5fe2e003	amend to #3405 , eliminate catch-all	2022-11-15 14:29:59 +01:00
sebres	cbb097a2b3	small amend (non capturing group)	2022-11-14 18:56:01 +01:00
sebres	82506f0586	filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new format with GS and additional parameters, e. g. grantors)	2022-11-14 18:51:06 +01:00
sebres	d8e2b03a24	`filter.d/named-refused.conf` extended (closes gh-3388): - support BIND named log categories - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)	2022-11-03 11:41:21 +01:00
sebres	ca2b94c522	fixes gh-3370: resolve extremely long search by repeated apply of non-greedy RE `(?:: (?:[^\(]+\|\w+\([^\)]*\))+)?` with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests amend to gh-3210: fixes regression and matches new format in aggressive mode too	2022-10-04 14:10:45 +02:00
sebres	a08b925468	Merge branch '0.11'	2022-08-17 16:59:02 +02:00
Sergey G. Brester	514cca9ade	filter.d/sendmail-auth.conf: detect failures without user part	2022-08-01 09:20:28 +02:00
Sergey G. Brester	a2264dcef0	Merge pull request #2636 from brianjmurrell/patch-2 FreeIPA renames named to named-pkcs11	2022-06-21 14:19:16 +02:00
Sergey G. Brester	3e9321e71b	non-capturing group and any variant of suffix	2022-06-21 14:15:38 +02:00
sebres	9272cce13d	Merge branch '0.11'	2022-06-02 21:06:12 +02:00
Sergey G. Brester	fbfc85d8c0	common.conf: fixed typo in comment (rfc5424 for logtype) no functional changes; closes #3274	2022-05-12 18:09:09 +02:00
sebres	13520a0494	Merge branch '0.11'	2022-02-09 15:45:17 +01:00
László Károlyi	f380d6202d	cherry pick #3210 from master	2022-02-09 15:43:21 +01:00
sebres	498e473a10	filter.d/courier-auth.conf: consider optional port after IP, regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now; closes #3211	2022-02-09 12:18:23 +01:00
sebres	810386a265	filter.d/dovecot.conf: parse everything in parenthesis by auth-worker info, e. g. can match (pid=...,uid=...) too (amend to `92f90038fa`)	2022-02-08 19:21:37 +01:00
Sergey G. Brester	dfc866ea41	improve RE to solve conflict with expected another open parenthesis	2022-01-27 17:50:28 +01:00
László Károlyi	0f1706d4a1	Adjusting for updated dovecot log format This should now match: `Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=<sales@karolyi.hu>, rip=183.111.188.94, lip=127.0.0.19, session=<Lsz0Oo7WXti3b7xe>` the issue is the `read(size=1003)` that probably has been added lately and which causes the rule not to discover the log message.	2022-01-27 11:28:20 +00:00
sebres	970573d1cb	Merge branch '0.11'	2022-01-18 16:17:49 +01:00
sebres	bf689c27b8	filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of `f77398c49d`); closes gh-3086	2022-01-18 15:42:35 +01:00
sebres	8bf15db688	filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port; closes gh-3169	2022-01-18 15:41:27 +01:00
sebres	80805cabfc	Merge branch '0.11'	2021-11-03 16:01:00 +01:00
Sergey G. Brester	ba839af8ad	filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116)	2021-10-01 15:03:24 +02:00
sebres	579c6a94af	filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040)	2021-06-10 15:23:24 +02:00
sebres	43f2923fbd	filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user"; both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters	2021-06-10 15:06:54 +02:00
sebres	38535b0cca	Merge branch '0.11' into master	2021-05-29 21:25:24 +02:00
sebres	92f90038fa	filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553	2021-05-29 21:12:34 +02:00
sebres	8b984a0135	filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553)	2021-05-29 20:47:56 +02:00
sebres	6be1a5a0b1	filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)	2021-05-29 20:25:28 +02:00
sebres	8afea37494	filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757)	2021-05-29 20:09:57 +02:00
sebres	c5f1598a21	filter.d/postfix.conf: extended to cover new vectors: - reject: BDAT/DATA from (gh-2927) - (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else) - matches "Command rejected" and "Data command rejected" now	2021-05-29 19:48:24 +02:00
sebres	ae3e9b9149	filter.d/postfix.conf: extended to cover 2 new vectors: - RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995 - 550 5.7.25 Client host rejected, gh-2996 review combining several regex to single one	2021-05-29 19:21:27 +02:00
sebres	87f717e0e0	filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012)	2021-05-29 18:45:59 +02:00
Sergey G. Brester	3d52fe3e4e	Merge pull request #2679 from mikaku/updated-to-latest-jail.conf Add new jail (and filter) Monitorix	2021-05-27 12:17:16 +02:00
sebres	0a05dbdbfc	Merge branch '0.11' into master	2021-05-25 23:19:25 +02:00
sebres	1627d4f573	filter.d/sendmail-auth.conf: user not found, closes gh-3030	2021-05-25 23:16:29 +02:00
Sergey G. Brester	f07e0f7ade	Merge pull request #2984 from j-marz/zoneminder_filter_update Zoneminder filter update	2021-05-21 13:03:33 +02:00
Sergey G. Brester	ec4e0dd65b	padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name)	2021-05-21 13:00:24 +02:00

1 2 3 4 5 ...

975 Commits (132c719386730c132f8a77820eab0b3dc58e967b)