sebres
8f6ba15325
avoid unhandled exception during flush, better invariant check (and repair), avoid repair by unban/stop etc...
2019-12-27 21:30:41 +01:00
Mart124
e763c657c4
Let's get back to WRN
2019-11-27 00:32:10 +01:00
Mart124
d7b707b09d
Update bitwarden.conf
2019-11-27 00:09:22 +01:00
Mart124
869327e9b1
Update bitwarden.conf
2019-11-25 22:17:58 +01:00
Mart124
79caeaa520
Create bitwarden.conf
2019-11-25 22:05:29 +01:00
Mart124
30e742a849
Update jail.conf
2019-11-25 21:57:41 +01:00
Mart124
ef394b3cf0
Update jail.conf
2019-11-25 21:55:45 +01:00
Sergey G. Brester
e4c2f303bd
Merge pull request #2550 from CPbN/centreonjail
...
Add Centreon jail
2019-11-15 01:53:20 +01:00
sebres
0e8a8edb5e
filter.d/sendmail-*.conf: both filters have same `__prefix_line` now (and same RE for ID, 14-20 chars long, optional) + adjusted test cases (gh-2563)
2019-11-08 13:15:40 +01:00
Henry van Megen
548e2e0054
sendmail-auth.conf: filter updated for longer mail IDs (up to 20, see gh-2562)
2019-11-08 12:42:09 +01:00
sebres
5cf064a112
monit: accepting both logpath's: monit and monit.log, closes gh-2495
2019-11-04 12:18:12 +01:00
CPbN
9e699646f8
Add Centreon jail
2019-10-24 14:37:18 +02:00
CPbN
18ba714f97
Add Centreon jail
2019-10-23 09:14:26 +02:00
sebres
85ec605358
nftables: amend to gh-2254 - implemented shutdown of action (proper clean-up) - at stop it checks now the last set was deleted and removes table completely (if table does not contain any set);
...
this is avoided if some sets were added manually or can be avoided via overwriting of parameter `_nft_shutdown_table`, for example:
banaction = nftables[_nft_shutdown_table=''][...]
2019-10-18 19:01:16 +02:00
sebres
51af193402
nftables: add options allowing to specify own table (default `f2b-table`) and chain (default `f2b-chain`)
2019-10-18 18:54:02 +02:00
sebres
955d690e56
regrouping expressions with curly braces, added more escapes (better handling in posix shell)
2019-10-18 18:34:48 +02:00
Sergey G. Brester
54298fe761
Merge pull request #2254
...
Nftables: isolate fail2ban rules into a dedicated table and chain
2019-10-18 11:43:38 +02:00
sebres
d1a73d3004
filter.d/apache-auth.conf:
...
- ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548);
- extended with option `mode` - `normal` (default) and `aggressive`
close gh-2548
2019-10-18 11:26:19 +02:00
sebres
50595b70fd
filter.d/mysqld-auth.conf: ISO timestamp format (dual time) within log message
...
(https://serverfault.com/questions/982126/fail2ban-fails-to-recognize-ip )
2019-10-11 01:31:07 +02:00
sebres
9e28b6c65f
filter.d/asterisk.conf: relaxing protocol RE-part before IP in RemoteAddress (gh-2531)
2019-09-26 21:46:26 +02:00
sebres
8ea00c1d5d
fixed mistake in config (semicolon after space as comment in configs?) and coverage, suppress errors by unsupported flush, better space handling in helper _nft_get_handle_id, etc
2019-09-25 13:47:29 +02:00
sebres
492205d30e
action.d/nftables.conf: implemented `actionflush` (allows flushing nftables sets resp. fast unban of all jail tickets at all)
2019-09-24 20:00:29 +02:00
sebres
abc4d9fe37
allow to use multiple protocols in multiport (single set with multiple rules in chain):
...
`banaction = nftables[type=multiport]` with `protocol="tcp,udp,sctp"` in jail replace 3 separate actions.
more robust if deleting multiple references to set (rules in chain)
2019-09-24 19:44:59 +02:00
sebres
c753ffb11d
combine nftables actions to single action:
...
- nftables-common is removed
- nftables-allports is obsolete, replaced by nftables[type=allports]
- nftables-multiport is obsolete, replaced by nftables[type=multiport]
2019-09-24 18:53:38 +02:00
sebres
c59d49da22
nftables-allports: support multiple protocols in single rule;
...
tests/servertestcase.py: added coverage for nftables actions
2019-09-24 18:46:41 +02:00
Ririsoft
dde51b4682
fix actionban/unban ip definition syntax
2019-09-24 13:01:14 +02:00
Monson Shao
1cda50ce05
Rewrite nftables variables based on nftables' logic.
...
Add an example for redirecting.
2019-09-24 13:01:13 +02:00
sebres
a36b70c7b5
filter.d/znc-adminlog.conf: support logging format of systemd-journal, bypass port after address (optional, removed end-anchor, see gh-2520)
2019-09-10 21:02:26 +02:00
sebres
91923b5c07
don't need to match identifier exactly (@ is precise enough as prefix), not capturing group;
...
`prefregex` extended, more selective now (denied/NOTAUTH suffix moved from `failregex`, so no catch-all there anymore);
update ChangeLog
2019-07-29 13:21:00 +02:00
Joe Horn
4395469226
Update named-refused.conf
...
Log format changed since ver. 9.11.0
Ref. ftp://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html
"The logging format used for querylog has been altered. It now includes an additional field indicating the address in memory of the client object processing the query."
2019-07-29 13:06:49 +02:00
Sergey G. Brester
a395361de8
Merge pull request #2467 from sebres/logtype-option-rfc5424
...
New option `logtype` value - `rfc5424`
2019-07-24 00:02:04 +02:00
Sergey G. Brester
0dfd4f1f41
Merge pull request #2404 from benrubson/badprotocol
...
filter.d/sshd.conf: matches "Bad protocol version identification" in ddos and aggressive modes.
2019-07-22 12:47:39 +02:00
Sergey G. Brester
119401fced
Merge pull request #2452 from benrubson/badips
...
Badips key is only used to retrieve list
2019-07-20 12:08:22 +02:00
sebres
5e980afbb8
filter.d/apache-noscript.conf: closes #2466 - matches "Primary script unknown" without "\n" (optional now)
2019-07-10 12:45:53 +02:00
sebres
62b1712d22
amend to #2387 :
...
- common.conf: rewritten using section-based handling round about option logtype;
- option `logtype` extended with `rfc5424` to cover RFC 5424 log-format (see #2309 );
2019-07-09 21:48:43 +02:00
benrubson
8b171f7d25
Badips key is only used to retrieve list
2019-06-26 18:34:20 +02:00
sebres
e751be2c13
normalize, simplify and fix several mail actions (mail and sendmail actions are more similar now, sendmail is configurable via parameter `mailcmd`, etc);
...
added test covering sendmail-whois-lines
2019-06-15 23:14:41 +02:00
girst
a7dc3614c4
znc-adminlog: use `<ADDR>` instead of `<HOST>`
2019-06-12 16:26:34 +02:00
girst
b288ccd6b6
new filter: znc-adminlog
2019-06-12 16:25:50 +02:00
sebres
22b9304562
action.d/badips.py: fix start of banaction on demand (which may be IP-family related), supplied action info with ticket instead of simulating it with dict;
...
(closes gh-2390)
2019-06-12 11:23:52 +02:00
sebres
e5ae113215
filter.d/postfix.conf: extended with new postfix filter mode `errors` to match "too many errors" (gh-2439),
...
also included within modes `normal`, `more` (`extra` and `aggressive`), since postfix
parameter `smtpd_hard_error_limit` is default 20 (additionally consider `maxretry`)
2019-06-07 16:14:02 +02:00
sebres
3b2f75414c
filter.d/postfix.conf: extended regexp's to accept variable suffix code in status of postfix for precise messages (gh-2442)
2019-06-07 15:40:55 +02:00
Sergey G. Brester
7dbd3a07eb
cut comment to limit documented on abuseipdb, additionally use curl in quiet mode
2019-06-07 14:39:55 +02:00
Carlos Ferreira
7b73cb7639
Switch to AbuseIPDB API v2
2019-06-07 14:39:52 +02:00
sebres
49bf6132cc
amend for 3036ed18893b6aae6619e53201aa53deb701b94f: eliminate "invalid sequence" warnings
2019-05-14 21:40:33 +02:00
sebres
0426a24719
filter.d/postfix.conf: (closes gh-2426) filter extended to catch "5.1.1" (Recipient address rejected: User unknown in local recipient table) with RCPT (and some session-id instead of "NOQUEUE")
2019-05-14 15:27:20 +02:00
sebres
d8d71c5a22
action.d/helpers-common.conf: grep arguments are rewritten - using options `-wF` to match only whole words and fixed string (not as pattern)
2019-05-10 16:17:13 +02:00
chtheis
fa727586ff
Fix grep pattern to deal with Apache's error log
...
Apache's error log appends the port to the IP address, other logs don't.
2019-05-10 16:04:27 +02:00
sebres
23d2281e57
action.d/nginx-block-map.conf: small fix with better RE-rule for removal of ID (token/session) via sed (anchored now)
2019-05-02 15:22:45 +02:00
benrubson
5b2b680bfe
SSHd add Bad protocol version message
2019-05-02 11:42:45 +02:00