github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
1,192 Commits
33 Branches
229 Tags
19 MiB
Commit Graph

1192 Commits (1ab0f0f9e3d689de33a40156141861902c9c5e9d)

Author SHA1 Message Date
Yaroslav Halchenko 1ab0f0f9e3 Merge branch 'master' of https://github.com/yarikoptic/fail2ban 
* 'master' of https://github.com/yarikoptic/fail2ban:
  DOC: Changelog for fail2ban-regex RF
  ENH: fail2ban-regex -- add specification of loglevels to enable
  RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs
  ENH: 'heavydebug' level == 5 for even more debugging in tricky cases

Conflicts:
	ChangeLog
 2013-06-15 10:52:05 -04:00
Yaroslav Halchenko 9d4b613ee4 Merge branch '3proxy' of https://github.com/grooverdan/fail2ban 
* '3proxy' of https://github.com/grooverdan/fail2ban:
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
  BF: need to anchor the start to avoid another repeat of DoS injection like Apache
  ENH: stricter regex thanks to Steven Hiscocks (kwirk)
  DOC: credits

Conflicts:
	ChangeLog
 2013-06-14 12:32:51 -04:00
Yaroslav Halchenko 173fe48e77 Merge branch 'exim' of https://github.com/grooverdan/fail2ban 
* 'exim' of https://github.com/grooverdan/fail2ban:
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  ENH/BF: exim improvements with sample

Conflicts:
	ChangeLog
 2013-06-14 12:28:07 -04:00
Yaroslav Halchenko ec629ab4e8 Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban 
* 'proftpd' of https://github.com/grooverdan/fail2ban:
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: proftp regex hardening and log messages

Conflicts:
	ChangeLog
 2013-06-14 12:16:59 -04:00
Yaroslav Halchenko ab2c738b43 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban 
* 'dovecot' of https://github.com/grooverdan/fail2ban:
  TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
  ENH: dovecot regexs rewritten and extra failures

Conflicts:
	ChangeLog -- merged entries
 2013-06-14 12:14:40 -04:00
Daniel Black 8cc13b5b40 BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address 2013-06-14 18:12:53 +10:00
Daniel Black a433a8ea5f ENH: readibility thanks to Yaroslav 2013-06-14 15:21:50 +10:00
Yaroslav Halchenko 948be73115 Merge branch 'assp' of https://github.com/grooverdan/fail2ban 
* 'assp' of https://github.com/grooverdan/fail2ban:
  BF: missed a space
  BF: [SSL-out] is optional in assp
  ENH: regex hardening on assp

Conflicts:
	ChangeLog -- merged the two entries into 1
 2013-06-13 23:32:45 -04:00
Yaroslav Halchenko 77044fce35 DOC: Changelog for fail2ban-regex RF 2013-06-13 23:21:48 -04:00
Yaroslav Halchenko 9b351350dd DOC: Changelog for asterisk hardening 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko e91419d361 ENH: fail2ban-regex -- add specification of loglevels to enable 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko ffe381d91c RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko 97f9cfc0b0 ENH: 'heavydebug' level == 5 for even more debugging in tricky cases 
I mocked logging library directly -- seems to be Ok.
 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko 09302c5c25 ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[ 
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
 2013-06-13 23:15:48 -04:00
Daniel Black 7018d81244 BF: missed a space 2013-06-14 12:35:44 +10:00
Daniel Black a447aa615d BF: [SSL-out] is optional in assp 2013-06-14 12:27:35 +10:00
Daniel Black d4940563d3 ENH: regex hardening on assp 2013-06-14 08:55:25 +10:00
Daniel Black 6a09ecff5c ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal . 2013-06-14 08:41:50 +10:00
Daniel Black e8b6acfa65 TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15 2013-06-14 00:53:03 +10:00
Daniel Black 9940cd1b6b ENH: proftpd chan accept usernames with spaces 2013-06-14 00:29:43 +10:00
Daniel Black 2e2ec5d1f5 ENH: injection of fail data into USER field 2013-06-14 00:17:41 +10:00
Daniel Black dbe7ffe050 ENH: dovecot regexs rewritten and extra failures 2013-06-13 23:52:15 +10:00
Daniel Black 4c67a269bf ENH: proftp regex hardening and log messages 2013-06-13 22:11:05 +10:00
Daniel Black 3e3802512a ENH/BF: exim improvements with sample 2013-06-13 17:44:18 +10:00
Daniel Black 88b4598ed8 BF: fix to proxy port in 3proxy example 2013-06-13 14:43:15 +10:00
Yaroslav Halchenko 460e09af66 it was not the end of the world and we should continue 2013-06-12 21:22:26 -04:00
Daniel Black 9dbaec0894 ENH: sample log + more specific regex 2013-06-13 10:23:14 +10:00
Daniel Black 8faf84b7f7 BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon 2013-06-13 08:34:10 +10:00
Yaroslav Halchenko 921d9a8e4b DOC: add information on where to report vulnerabilities + pointer to HOWTO_Seek_Help 
originally following command was used to add header to all config files:

  sed -ie '/# Author/ i\# Please report vulnerabilities to fail2ban-vulnerabilities at lists dot sourceforge dot net\n# and see http://www.fail2ban.org/wiki/index.php/HOWTO_Seek_Help for generic bug-reports.\n#' action.d/* filter.d/*

but it would be overkill ATM causing havoc in user-tuned configs -- postponed for now

Also adjusted the release date for today (by mistake in 1 commit ... sorry)
 2013-06-12 13:21:12 -04:00
Yaroslav Halchenko 728b5e8bf4 Changes for 0.8.10 release (changelog, version, etc) 2013-06-11 19:20:50 -04:00
Yaroslav Halchenko 6ccd57813c BF: anchor apache- filters. Close #248 
See https://vndh.net/note:fail2ban-089-denial-service for more information
 2013-06-11 19:19:25 -04:00
Daniel Black fd9f9f16e0 BF: need to anchor the start to avoid another repeat of DoS injection like Apache 2013-06-12 08:48:30 +10:00
Daniel Black f2fa4d53a8 ENH: stricter regex thanks to Steven Hiscocks (kwirk) 2013-06-12 08:30:59 +10:00
Daniel Black 16d63434ef DOC: credits 2013-06-11 23:56:09 +10:00
Daniel Black 4787777cee DOC: credits for gh-244 2013-06-11 10:30:56 +10:00
Daniel Black 66d8210f80 Merge pull request #244 from clopez/filter-asterisk 
Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
 2013-06-10 17:28:35 -07:00
Carlos Alberto Lopez Perez 7248ef4564 Filter Asterisk: Add sample log entry to testcase. 
* Sample log entry for AUTH_UNKNOWN_DOMAIN (Not a local domain)
 2013-06-11 02:13:37 +02:00
Carlos Alberto Lopez Perez 47b063b022 Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list 
* I have been seeing bruteforcing attempts where asterisk fails with
   AUTH_UNKNOWN_DOMAIN (Not a local domain)
 2013-06-10 19:50:35 +02:00
Yaroslav Halchenko b53612cb10 Merge pull request #237 from grooverdan/asterisk-227 
Asterisk enhancements
 2013-05-29 18:38:15 -07:00
Daniel Black 05c88bd85d ENH: purge a few more .* 2013-05-30 11:34:04 +10:00
Daniel Black 28fc14d010 DOC: credits 2013-05-30 10:27:30 +10:00
Daniel Black e54498f6fe DOC: how to do filter enhancements 2013-05-30 10:25:03 +10:00
Daniel Black 916b5a7c23 TST: normalize logs to use example.com and 1.2.3.4 as IP 2013-05-30 10:24:48 +10:00
Daniel Black 4cf402d60e ENH/BF: constrain regex. Fix ACL error regex 2013-05-30 10:15:58 +10:00
Daniel Black 0f7b609336 ENH: port optional 2013-05-30 09:43:39 +10:00
Daniel Black 278fd43429 Merge branch 'patch-1' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:39:12 +10:00
Daniel Black eceede175a Merge branch 'patch-4' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:37:00 +10:00
Yaroslav Halchenko 39d32e0352 Changelog for previous PR 2013-05-29 09:56:15 -04:00
Yaroslav Halchenko 374e7c6fc9 Merge pull request #208 from grooverdan/opensuse_init 
Opensuse init -- from stock suse distribution
 2013-05-29 06:54:25 -07:00
Yaroslav Halchenko 567cd353a1 DOC: Changelog entry fro preceeding merge from Terence 2013-05-29 09:41:20 -04:00