fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	0abba5dc6e	more filters for nginx error-log supporting journal format now, added generalized include and __prefix_line	12 months ago
sebres	b245225b13	filter.d/nginx-http-auth.conf: added optional prefix to support systemd-journal format and additional timestamp (optionally) in prefix	12 months ago
Yaroslav Halchenko	8ef0d3c7a9	[DATALAD RUNCMD] run codespell throughout fixing typo automagically === Do not change lines below === { "chain": [], "cmd": "codespell -w", "exit": 0, "extra_inputs": [], "inputs": [], "outputs": [], "pwd": "." } ^^^ Do not change lines above ^^^	1 year ago
Yaroslav Halchenko	81b2eb32d6	Add pragma to ignore a codespell-detected typoin postfix.conf	1 year ago
Sergey G. Brester	eed319e896	gh-3604: filter.d/slapd.conf - switched to single-line processing closes gh-3604	1 year ago
Sergey G. Brester	183f805ae3	amend	1 year ago
Sergey G. Brester	7931b67325	mysqld-auth.conf: better RE, optional suffix, non-capturing groups	1 year ago
Aliaksandr Yurchyk	c55e9949dc	Fix issue with Mariadb 10.3 failed message	1 year ago
Sergey G. Brester	f8f8c046a2	Merge pull request #3469 from vitkabele/routeros-auth New filter: routeros-auth.conf	1 year ago
sebres	eebef0089c	avoid double counting for "maximum authentication attempts exceeded" ("Disconnecting ..." is no failure anymore, now it's helper only); closes gh-3485	1 year ago
Sergey G. Brester	809b904106	filter.d/exim.conf: fixes "dropped: too many ..." regex and also matches unrecognized commands new vector	2 years ago
Sergey G. Brester	9cbf59c827	anchored datepattern and added journalmatch (if monitoring systemd journal)	2 years ago
Sergey G. Brester	2c0360d178	Merge branch 'master' into nginx-forbidden	2 years ago
Vít Kabele	a2c77429b9	New filter: routeros-auth.conf (Closes #3469 ) Add filter to detect failed login attempts in the log produced by MikroTik RouterOS. - Add the filter to jail.conf - Add testcase for the filter Signed-off-by: Vít Kabele <vit@kabele.me>	2 years ago
Sergey G. Brester	efbbcb41ea	non capturing group	2 years ago
Sergey G. Brester	996553f330	review, simplify regex and capture user name	2 years ago
Andrey Alekseenko	df91b047d2	Dante SOCKS server: handle "1 byte/second" case Thanks to @Loriowar and @sebres for pointing it out	2 years ago
Andrey Alekseenko	05c162ef10	Create filter for Dante SOCKS server	2 years ago
Sergey G. Brester	ae5fe2e003	amend to #3405 , eliminate catch-all	2 years ago
sebres	cbb097a2b3	small amend (non capturing group)	2 years ago
sebres	82506f0586	filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new format with GS and additional parameters, e. g. grantors)	2 years ago
sebres	d8e2b03a24	`filter.d/named-refused.conf` extended (closes gh-3388): - support BIND named log categories - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)	2 years ago
sebres	ca2b94c522	fixes gh-3370: resolve extremely long search by repeated apply of non-greedy RE `(?:: (?:[^\(]+\|\w+\([^\)]*\))+)?` with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests amend to gh-3210: fixes regression and matches new format in aggressive mode too	2 years ago
sebres	a08b925468	Merge branch '0.11'	2 years ago
Sergey G. Brester	514cca9ade	filter.d/sendmail-auth.conf: detect failures without user part	2 years ago
Sergey G. Brester	a2264dcef0	Merge pull request #2636 from brianjmurrell/patch-2 FreeIPA renames named to named-pkcs11	2 years ago
Sergey G. Brester	3e9321e71b	non-capturing group and any variant of suffix	2 years ago
sebres	9272cce13d	Merge branch '0.11'	3 years ago
Sergey G. Brester	fbfc85d8c0	common.conf: fixed typo in comment (rfc5424 for logtype) no functional changes; closes #3274	3 years ago
sebres	13520a0494	Merge branch '0.11'	3 years ago
László Károlyi	f380d6202d	cherry pick #3210 from master	3 years ago
sebres	498e473a10	filter.d/courier-auth.conf: consider optional port after IP, regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now; closes #3211	3 years ago
sebres	810386a265	filter.d/dovecot.conf: parse everything in parenthesis by auth-worker info, e. g. can match (pid=...,uid=...) too (amend to `92f90038fa`)	3 years ago
Sergey G. Brester	dfc866ea41	improve RE to solve conflict with expected another open parenthesis	3 years ago
László Károlyi	0f1706d4a1	Adjusting for updated dovecot log format This should now match: `Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=<sales@karolyi.hu>, rip=183.111.188.94, lip=127.0.0.19, session=<Lsz0Oo7WXti3b7xe>` the issue is the `read(size=1003)` that probably has been added lately and which causes the rule not to discover the log message.	3 years ago
sebres	970573d1cb	Merge branch '0.11'	3 years ago
sebres	bf689c27b8	filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of `f77398c49d`); closes gh-3086	3 years ago
sebres	8bf15db688	filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port; closes gh-3169	3 years ago
sebres	80805cabfc	Merge branch '0.11'	3 years ago
Sergey G. Brester	ba839af8ad	filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116)	3 years ago
sebres	579c6a94af	filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040)	4 years ago
sebres	43f2923fbd	filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user"; both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters	4 years ago
sebres	38535b0cca	Merge branch '0.11' into master	4 years ago
sebres	92f90038fa	filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553	4 years ago
sebres	8b984a0135	filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553)	4 years ago
sebres	6be1a5a0b1	filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)	4 years ago
sebres	8afea37494	filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757)	4 years ago
sebres	c5f1598a21	filter.d/postfix.conf: extended to cover new vectors: - reject: BDAT/DATA from (gh-2927) - (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else) - matches "Command rejected" and "Data command rejected" now	4 years ago
sebres	ae3e9b9149	filter.d/postfix.conf: extended to cover 2 new vectors: - RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995 - 550 5.7.25 Client host rejected, gh-2996 review combining several regex to single one	4 years ago
sebres	87f717e0e0	filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012)	4 years ago

1 2 3 4 5 ...

980 Commits (1371c915127fca13686e32d12851ab086d8ecfb8)