github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,331 Commits
33 Branches
229 Tags
20 MiB
Commit Graph

1057 Commits (1983e155808f30eb0eb775061252e3dad1bd2b19)

Author SHA1 Message Date
Alexander Belykh 1983e15580 Add empty line between parameters in nftables-common.conf 2016-01-06 16:55:29 +06:00
Alexander Belykh f7f91a8bd4 Refactor common code out of nftables-multiport/allports.conf 2016-01-05 19:03:47 +06:00
Alexander Belykh 618e97bce8 Add nftables actions 2016-01-04 01:36:28 +06:00
Yaroslav Halchenko 69aa1feac0 Merge "Mac OS Screen Sharing filter" PR 1232 
* pr/1232/head:
  removed system.log
  Removed old svn revision comment
  removed false matches
  Removed includes comment for screensharing jail
  Now using a literal logpath for screensharing jail
  Fixed blatant typo in regex
  clarified comments on sample log format
  Fixed name (again?)
  Made screensharing jail off by default
  Changed regex prequel
  added entry for new screensharingd filter
  name change & new sample data
  Added json metadata
  Sample log for test case
  Replaced .* with literal
  Update jail.conf
  Added new path variable for system.log
  Added in settings for screensharingd filter
  Created file

Conflicts:
	ChangeLog - moved to New Features
	config/jail.conf  - kept at the end
 2015-12-29 19:36:59 -05:00
Yaroslav Halchenko 26dd6d7425 Merge pull request #1258 from aleksandrs-ledovskis/feature/postfix-domain-not-found-failregex 
Add 'Sender address rejected: Domain not found' Postfix failregex
 2015-12-18 09:23:54 -05:00
Ross Brown 8d12dba245 Merge remote-tracking branch 'upstream/master' 2015-12-17 18:01:17 +00:00
Ross Brown ead2d509dc Updated 'murmur' filter to use new double-anchored regex based on @yarikoptic's suggestions. 2015-12-17 17:45:24 +00:00
Yaroslav Halchenko 5d6cead996 ENH: sshd filter -- match new "maximum auth attempts exceeded" (Closes #1269) 2015-12-13 23:21:04 -05:00
Ross Brown 106c3eab9a Added filter and jail for murmur/mumble-server. 2015-11-29 15:56:56 +00:00
Aleksandrs Ļedovskis fa59a6850f Add 'Sender address rejected: Domain not found' Postfix failregex 
Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>
 2015-11-22 12:01:15 +02:00
Orion Poplawski c656cb0d36 Merge branch 'master' into journaldefault 
Conflicts:
	ChangeLog
 2015-11-13 15:22:59 -07:00
Orion Poplawski ba76f4ca2f Fix typo 2015-11-02 15:21:14 -07:00
Simon Brown 69bb532db0 removed system.log 2015-11-02 09:26:45 -08:00
Simon Brown 3e16f33dbe Removed old svn revision comment 2015-11-02 09:08:47 -08:00
Serg G. Brester eef7771b4e Merge pull request #1238 from sebres/fix/gh-1216 
Fixed directly defined banaction for allports jails like pam-generic, recidive, etc
 2015-10-31 13:17:04 +01:00
sebres e825e977cc Nginx log paths extended (prefixed with "*" wildcard) 
closes gh-1237
 2015-10-30 17:51:30 +01:00
sebres f359ed8c36 Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added); 
closes gh-1216
 2015-10-30 15:36:18 +01:00
Simon Brown 5839a3bd80 Removed includes comment for screensharing jail 2015-10-29 16:07:54 -07:00
sebres 53b39162a1 Shortly, much faster and stable version of regexp (possible because expression is start-anchored and does not contains closely to catch-all sub expressions) 2015-10-29 23:55:23 +01:00
sebres 6884593ab8 New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) 2015-10-29 23:15:20 +01:00
Orion Poplawski 0661aece46 Merge branch 'master' into journaldefault 
Conflicts:
	ChangeLog
 2015-10-29 15:22:37 -06:00
Simon Brown 65bc5cf6ba Now using a literal logpath for screensharing jail 2015-10-29 09:03:01 -07:00
Simon Brown cabd46f069 Fixed blatant typo in regex 
However, still failing test, even though ```PYTHONPATH=. fail2ban-regex -v fail2ban/tests/files/logs/screensharingd  /etc/fail2ban/filter.d/screensharingd.conf``` gives desired result
 2015-10-28 20:58:25 -07:00
Simon Brown acee68a9ee Made screensharing jail off by default 
Also added note about requiring paths-osx.conf.
 2015-10-28 15:11:11 -07:00
Simon Brown 4b4d5a95b7 Changed regex prequel 
Use standard prefix macro instead of literal daemon name.
 2015-10-27 21:30:20 -07:00
Simon Brown 4c3f778b82 Replaced .* with literal 
Per Serg's suggestions. Possible I'm missing some auth attempt types, but I couldn't find anything where literal wasn't sufficient.
 2015-10-27 10:33:30 -07:00
Simon Brown d17d837b8c Update jail.conf 
Added logencoding to screensharing jail to avoid encoding error messages in fail2ban log
 2015-10-27 10:28:07 -07:00
Simon Brown de14946542 Added new path variable for system.log 
Logging location for the majority of Mac OS daemons.
 2015-10-26 18:02:07 -07:00
Simon Brown 80546c6164 Added in settings for screensharingd filter 2015-10-26 17:50:49 -07:00
Simon Brown 3ec725a2ba Created file 
From https://github.com/beezwax/filemaker-fail2ban/blob/master/fail2ban/filter.d/screensharingd.conf
 2015-10-26 17:35:38 -07:00
1technophile 2861a957a9 filter for openhab domotic software authentication failure with the rest api and web interface + test cases; 
closes gh-1223
 2015-10-26 15:48:23 +01:00
Pablo Rodriguez Fernandez 2c576c64f8 Change domain filter regex 
Change domain filter regex since there are other Google crawlers.
See "Google crawlers"
<https://support.google.com/webmasters/answer/1061943?hl=en>
 2015-10-20 10:46:00 +02:00
Pablo Rodriguez Fernandez 74fcb219ab Enhanced Google domain detection in apache-fakegooglebot 
Previously, an attacker could fake a domain like
crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change
avoids to resolve fake Google domains.
 2015-10-20 10:45:53 +02:00
Orion Poplawski 3a9cf2b3da Add and use default_backend to set individual backend defaults to auto 2015-10-19 19:50:03 -06:00
Orion Poplawski ced7be94b2 Fix postfix_log typo 2015-10-19 19:43:10 -06:00
Orion Poplawski 75d33c0f09 Add *_backend options for services to allow distros to set the default backend 
per service.
Set default to systemd for Fedora as appropriate.
 2015-10-18 20:18:50 -06:00
Pablo Rodriguez Fernandez a28e6b442e Add check in apache-fakegooglebot to protect against PTR fake record 
An attacker may return a PTR record which fakes a Googlebot's domain
name. This modification resolves the PTR records to verify it.

See "Verifying Googlebot":
<https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>
 2015-10-13 17:11:49 +02:00
agentmoller001 617302fcc2 Updated route.conf to clear warnings 
Does not throw warnings when starting/restarting by adding three lines of code.
 2015-10-09 18:16:36 -07:00
sebres 2696ede251 mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later 
closes gh-1211
 2015-10-07 14:34:13 +02:00
Kevin Locke 36919d9f97 ssh.conf: Fix disconnect "Auth fail" matching 
The regex for matching against "Auth fail" disconnect log message does
not match against current versions of ssh.  OpenSSH 5.9 introduced
privilege separation of the pre-auth process, which included
[logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114)
which adds " [preauth]" to the end of each message and causes the log
level to be prepended to each message.

It also fails to match against clients which send a disconnect message
with a description that is either empty or includes a space, since this
is the content in the log message after the disconnect code, per
[packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215),
which was matched by \S+.  Although I have not observed this yet, I
couldn't find anything which would preclude it in [RFC
4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the
message is attacker-controlled it provides a way to avoid getting
banned.

This commit fixes both issues.

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-02 15:46:29 -07:00
Viktor Szépe 0d8968daa9 Added CloudFlare API error codes URL 2015-09-30 16:07:45 +02:00
Yaroslav Halchenko ff06176e9e Merge remote-tracking branch 'origin/master' into enh-split-comma 
* origin/master:
  DOC: changelog for the timeout change
  Set Timeout at urlopen to 3 seconds
  README :: init/service example mentions debian based systems as the example
  README :: fitted paragraph style
  BF: disable testing on python 3.2 until coverage gets a fix
  README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
  Set Timeout at urlopen to 3 seconds
 2015-09-27 00:52:14 -04:00
M. Maraun 2895d981fa Set Timeout at urlopen to 3 seconds 2015-09-26 21:26:55 +02:00
Yaroslav Halchenko 8cf614e221 ENH: allow to split ignoreip by space and/or comma (Closes #1197) 
Way too many people ran into this gotcha, so lets just do it
 2015-09-23 12:13:52 -04:00
Yaroslav Halchenko 55e542b273 Merge remote-tracking branch 'pr/1170/head' -- opensuse paths 
* pr/1170/head:
  Updated ChangeLog regarding openSUSE's path config
  Added configuration for opensuse path
 2015-09-17 21:59:45 -04:00
Edward Beckett 835b3ff483 Update apache-badbots.conf 
Useragent strings including `+http` need to be escaped to be valid.
 2015-09-05 00:12:28 -04:00
weberho f7af93a677 Added configuration for opensuse path 2015-08-26 15:25:59 +02:00
weberho d278fbca30 Fixed line suspected to be faulty 2015-08-26 14:48:55 +02:00
Yaroslav Halchenko c37009aec7 Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban 
* 'grep-m1k' of github.com:szepeviktor/fail2ban:
  Limit the number of log lines in *-lines.conf actions

Conflicts:
  ChangeLog -- took both versions and adjusted the new one
  for -n 1000 change
 2015-07-27 22:37:46 -04:00
Yaroslav Halchenko 38c320798d Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122 
WIP ENH Add <lockingopt> (Close: #1122) and <iptables> to define the iptables call
 2015-07-27 22:30:54 -04:00