fail2ban

Commit Graph

Author	SHA1	Message	Date
Daniel Black	273b2f45a3	MRG: remove the "no auth attempts" as per aseques gh-600	11 years ago
Daniel Black	9b614ce486	ENH: dovecot filter enhancements	11 years ago
Joan	9c6aab37d6	As suggested by @grooverdan, grouping the tests and making them false to avoid accidentally reenabling them in the future	11 years ago
Joan	aaa86cd10f	As suggested by @grooverdan, grouping the tests and making them false to avoid accidentally reenabling them in the future	11 years ago
Joan	84617fa6da	Fixed a failing case	11 years ago
Joan	08171ba52f	Removed the -no auth attempts- from the triggers because of lots of FP	11 years ago
Steven Hiscocks	0f318c225e	Merge pull request #599 from grooverdan/datecompression ENH: more datetemplate compression	11 years ago
Daniel Black	a7456377b5	ENH: more datetemplate compression	11 years ago
Daniel Black	cc1a9cc45d	BF: match up fail2ban-regex for datedetector/datetemplate changes	11 years ago
Daniel Black	a749a2780e	Merge pull request #593 from grooverdan/tine ENH: Tine20 filter	11 years ago
Daniel Black	7476ebabbd	Merge pull request #596 from grooverdan/pureftpd BF: Pureftpd	11 years ago
Daniel Black	ae98a1f70c	Merge pull request #598 from kwirk/date-detector-template-rf RF: Refactor date detector and date template elements	11 years ago
Steven Hiscocks	e7d4cf6296	TST: Fix dates in ISO8601 being converted back to local time.	11 years ago
Daniel Black	8b51d0c394	ENH: compress DateDetector templates more	11 years ago
Steven Hiscocks	f2ddb3e3d0	RF: Refactor date detector and date template elements Changes include to use Python class properties, merge some date patterns, and change ISO8601 date template to DatePatternRegex class.	11 years ago
Daniel Black	1a1e3bec86	ENH: framework for distro paths	11 years ago
Daniel Black	3c48e3f035	DOC: changelog for pure-ftpd filter fixes	11 years ago
Daniel Black	256c732bcd	BF/ENH: filter pure-ftpd - re-add _daemon. Add translations _daemon was accidently removed in `89fd792dfb` Added translations from source code	11 years ago
Daniel Black	1e1261ccb4	MRG: from master 2014-01-23	11 years ago
Daniel Black	ca57427080	BF: firewallcmd-ipset had non-working actioncheck	11 years ago
Daniel Black	c8ae064b79	ENH: tighten regex and change failJSON to support timezone. Closes gh-583	11 years ago
Daniel Black	36d38043ba	DOC: thanks Lars for the filter base and log samples	11 years ago
Daniel Black	2063d96e59	MRG: import Lars' PR for tine20	11 years ago
Daniel Black	499b33f8a6	DOC: post release versioning	11 years ago
Daniel Black	819df889d8	Merge pull request #592 from kwirk/python-action-tests TST+BF: Add tests for python actions, including test for smtp.py	11 years ago
Steven Hiscocks	0fb7921fb1	BF: Tweak python action tests and fix Deprecation Warning	11 years ago
Steven Hiscocks	8221c7ca71	TST+BF: Add tests for python actions, including test for smtp.py Also fix bug when specifying multiple recipients for smtp.py action	11 years ago
Steven Hiscocks	a0f39255bc	BF: Kerio log datepattern fix for recent datepattern full regex merge	11 years ago
Steven Hiscocks	4aa50684ab	Merge pull request #581 from kwirk/datetemplate-regroupdict ENH: Full regex for datepattern, utilising modified Python `_strptime`	11 years ago
Steven Hiscocks	e614a2f4a4	BF: Resolve Deprecation Warnings for python3 Mainly python imp -> importlib for python3.3+, and other minor tweaks	11 years ago
Daniel Black	33dd1733fb	DOC: version and release date to 0.8.12 on 2014-01-22	11 years ago
Daniel Black	79da66df5d	Merge pull request #591 from grooverdan/master_to_0.9 MRG: Master to 0.9 2014-01-19	11 years ago
Daniel Black	a650178bd1	MRG: merge from master 2014-01-19	11 years ago
Steven Hiscocks	77aab8d97a	Merge pull request #590 from grooverdan/kerio Kerio filter for #120 also fix fail2ban-regex for datepattern	11 years ago
Daniel Black	97c7d391a4	BF: remove duplicate implemenation of reading datepatterns in fail2ban-regex	11 years ago
Daniel Black	10edd994d1	DOC: ChangeLog for kerio filters	11 years ago
Daniel Black	263ac32730	ENH: test log samples for kerio thanks to Tony Lawrence	11 years ago
Steven Hiscocks	0b4dd6272c	Merge pull request #589 from grooverdan/one-bad-regex-gh-585 fault tolerance when pushing multiple configurations	11 years ago
Daniel Black	59b1e225e9	DOC/ENH: update man pages for release	11 years ago
Daniel Black	5ade6a13af	DOC: ChangeLog dateing and normalisation	11 years ago
Daniel Black	058621f9bd	ENH: continue with rest of fail2ban config even if errors. Closes gh-585	11 years ago
Daniel Black	2647461a3c	DOC: ChangeLog. Note incompatible changes and group new filters and actions under New Features	11 years ago
Daniel Black	c6c75dd19e	BF: complete MANIFEST	11 years ago
Daniel Black	224e795f4c	DOC: note in man page about "last message repeated" syslog compression. Closes Debian bug #620364	11 years ago
Daniel Black	1452be4a3a	Merge pull request #588 from grooverdan/badips ENH: Badips action (reporting)	11 years ago
Daniel Black	f5d6f384f7	Merge pull request #587 from grooverdan/dovecot-586 BF: Dovecot filter fix	11 years ago
Daniel Black	93613e82f0	DOC: credits for action.d/badips	11 years ago
Daniel Black	f566cab766	Merge branch 'master' into badips	11 years ago
Daniel Black	657da2041c	BF: dovecot filters, session characters and order of session/tls in log messages	11 years ago
Ivo Truxa	4765bc757c	BF Dovecot auth failures I am sorry, I installed the Win GIT, but still did not learn how to work with it, so am posting here again. This time, I'll avoid posting two pull requests, so please fix the dovecot.filter for me, if you don't mind. This current filter does not match authentication errors in my Dovecot logs (two different lines attached). First of all the session string is at the end (after the optional TLS string), and not before it as it is now in the filter. I don't see it anywhere in the other logs here in the opposite order, hence I assume it is the rule for all installations. And then, the session ID can include also other characters than those matched by \w+ (i.e. the slash and the plus signs in my case), hence it needs to be \S+ instead. Personally, I'd do the regex much less restrictive than it is, but if I follow the current logics, the following form works: <pre>^%(__prefix_line)s(pop3\|imap)-login: (Info: )?(Aborted login\|Disconnected)(: Inactivity)? $((no auth attempts\|auth failed, \d+ attempts)( in \d+ secs)?\|tried to use disabled \S+ auth)$:( user=<\S>,)?( method=\S+,)? rip=<HO ST>, lip=(\d{1,3}\.){3}\d{1,3}(, TLS( handshaking)?(: Disconnected)?)?(, session=<\S+>)?\s$</pre>	11 years ago

... 3 4 5 6 7 ...

2594 Commits (16077a2771f8cdef4dbc98abf6c1f438488b7e7f) All Branches Search

2594 Commits (16077a2771f8cdef4dbc98abf6c1f438488b7e7f)

All Branches