fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	f13fac5ae9	amend to 5561423be3b2d4636f5484183c3ad470fd326d06: fixed incorrect failure counting despite the `<F-NOFAIL>` marked regex; extra: introduced new tag `<F-MLFFORGET>` as mark to forget current multi-line MLFID (e. g. connection closed); Closes gh-1727	8 years ago
sebres	5561423be3	filter.d/sshd.conf: fixed failregex format - some parts are optional, new ddos more precise rule (Connection reset by with host entry); closes gh-1719	8 years ago
sebres	0c1707afda	filter.d/sshd.conf: - optional parameter `mode` rewritten: normal (default), ddos, extra or aggressive (combines all), see sshd for regex details); test cases reformatted (since "filterOptions", we don't need multiple test log-files anymore);	8 years ago
sebres	7e442c5b27	filter.d/sendmail-reject.conf: - rewritten using `prefregex` and used MLFID-related multi-line parsing (by using tag `<F-MLFID>` instead of buffering with `maxlines`); - optional parameter `mode` introduced: normal (default), extra or aggressive (see sendmail-reject for regex details); test cases extended	8 years ago
sebres	52ed6597b2	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	8 years ago
sebres	8768776d68	filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address	8 years ago
Serg G. Brester	d042981954	Merge pull request #1655 from ajcollett/0.10 Added config for AbuseIPDB	8 years ago
Serg G. Brester	b1f5ac9484	Update abuseipdb.conf	8 years ago
Serg G. Brester	62fa02241f	Update jail.conf	8 years ago
sebres	6a2c95da95	`action.d/sendmail-geoip-lines.conf` fixed using new tag `<ip-host>` (dns-cache and without external command execution); changelog updated;	8 years ago
sebres	d2a3d093c6	rewritten CallingMap: performance optimized, immutable, self-referencing, template possibility (used in new ActionInfo objects); new ActionInfo handling: saves content between actions, without interim copying (save original on demand, recoverable via reset); test cases extended	8 years ago
sebres	35efca5941	Better multi-line handling introduced: single-line parsing with caching of needed failure information to process in further lines. Many times faster and fewer CPU-hungry because of parsing with `maxlines=1`, so without line buffering (scrolling of the buffer-window). Combination of tags `<F-MLFID>` and `<F-NOFAIL>` can be used now to process multi-line logs using single-line expressions: - tag `<F-MLFID>`: used to identify resp. store failure info for groups of log-lines with the same identifier (e. g. combined failure-info for the same conn-id by `<F-MLFID>(?:conn-id)</F-MLFID>`, see sshd.conf for example) - tag `<F-NOFAIL>`: used as mark for no-failure (helper to accumulate common failure-info); filter.d/sshd.conf: [sshd], [sshd-ddos], [sshd-aggressive] optimized with pre-filtering using new option `prefregex` and new multi-line handling.	8 years ago
sebres	22afdbd536	Several filters optimized with pre-filtering using new option `prefregex`	8 years ago
sebres	4ff8d051f4	Introduced new filter option `prefregex` for pre-filtering using single regular expression; Some filters extended with user name; [filter.d/pam-generic.conf]: grave fix injection on user name to host fixed; test-cases in testSampleRegexsFactory can now check the captured groups (using additionally fields in failJSON structure)	8 years ago
sebres	4bf09bf297	provides new tag `<ip-rev>` for PTR reversed representation of IP address; [action.d/complain.conf] fixed using this new tag;	8 years ago
Serg G. Brester	7f63809afb	Merge branch '0.10' into patch-1	8 years ago
Jan Grewe	58c68b75f0	Remove double-quotes from email addresses	8 years ago
Jan Grewe	1bcf0de7c1	Update complain.conf	8 years ago
Filippo Tessarotto	607568f5da	Postfix RBL: 554 & SMTP	8 years ago
Jan Grewe	901eeff53d	Make Abusix lookup compatible with Dash	8 years ago
sebres	1823571e0f	Merge branch 'ssh-filter-new-regexp' into 0.10	8 years ago
sebres	9d06f0ee40	sshd-amend: optional space after port part	8 years ago
sebres	e8a1556562	Merge remote-tracking branch 'master' into 0.10 # Conflicts: # fail2ban/tests/samplestestcase.py	8 years ago
sebres	54a8c681ce	suhosin.conf: removed greedy match	8 years ago
sebres	8aa9516d50	sshd.conf: fixed expression "received disconnect ... auth fail" - optional space after port part (gh-1652)	8 years ago
sebres	3276bd6d54	sshd: additionally aggressive filter rules - no matching cipher resp. no matching key exchange method (gh-1545, gh-1117)	8 years ago
sebres	628789f9a9	sshd: conditional parameter "mode" for sshd jail (normal, ddos, aggressive) filter sshd-ddos and new filter sshd-aggressive are both derivation of sshd-filter	8 years ago
sebres	dd373dba9f	test all config-regexp, that contains greedy catch-all before <HOST>, that is hard-anchored at end or precise sub expression after <HOST>; new ssh rule(s) added: - Connection reset by peer (multi-line rule during authorization process); - No supported authentication methods available; Single line and multi-line expression optimized, added optional prefixes and suffix (logged from several ssh versions); closes gh-864	8 years ago
Christian Brandlehner	a4d8426401	Support for IBM Domino SMTP task (#1603 ) filter.d/domino-smtp.conf	8 years ago
Serg G. Brester	40f294e6bf	Merge pull request #1663 from jjeziorny/netscaler-action Introduced citrix netscaler action	8 years ago
Juliano Jeziorny	1fe554dd25	Introduced Citrix Netscaler action	8 years ago
Christoph Theis	6187431629	#1667 : Wrong paths for apache and nginx under FreeBSD	8 years ago
sebres	74a6afadd5	Mail-actions switched to use new option "norestored" instead of checking of variable `restored` during shell execution (prevents executing of such actions at all).	8 years ago
sebres	ee3c787cc6	Recognize restored (from database) tickets after restart (tell action restored state of the ticket); Prevent executing of several actions (e.g. mail, send-mail etc) on restart (bans were already notified). Test cases extended (smtp and by restart in ServerReloadTest). Closes gh-1141 Closes gh-921	8 years ago
sebres	7019640eb3	Merge branch 'fix-gh-1658' into 0.10	8 years ago
sebres	a9523aefbb	sshd.conf: fixed non-anchored part of regex (misleading match of colon inside IPv6 address instead of `: ` in the reason-part by missing space).	8 years ago
sebres	c9f32f75e6	Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10)	8 years ago
Andrew James Collett	3991f51f30	Update jail.conf Sigh, added a space back that I somehow missed in Vim, despite it being a rebase...	8 years ago
Andrew James Collett	10d61e0779	Fixed the spaces again	8 years ago
Andrew James Collett	b35391e768	Update jail.conf Fixing spacing	8 years ago
Andrew James Collett	1c41390f7c	Restructured the way the catagories work. Jail.conf is cleaner and abuseipdb.conf is more flexible.	8 years ago
Andrew James Collett	55e107310f	Added config for AbuseIPDB, ony tested on Ubuntu 16.04	8 years ago
Yaroslav Halchenko	31a1560eaa	minor typos (thanks Vincent Lefevre, Debian #847785 )	8 years ago
sebres	45f1d811c9	Merge branch 'alex1702-1586'	8 years ago
sebres	67c14afd8e	ChangeLog entry added + jail.conf review	8 years ago
sebres	425170cef3	code review, makes the test cases workable, added dev-notes	8 years ago
sebres	931eab84b5	`filter.d/apache-modsecurity.conf` - fixed for newer version (one space, closes gh-1626) reviewed and optimized: - non-greedy catch-all replaced for safer match - unneeded catch-all anchoring removed - non-capturing groups	8 years ago
sebres	40cbe96352	Merge remote-tracking branch 0.10 into _0.10/fix-datedetector-grave-fix-v2	8 years ago
sebres	5678d08a79	filter.d/dovecot.conf update: - fixes failregex, that ignores failures through some irrelevant info (closes #1623); - ignores whole additionally irrelevant info in anchored regex before fixed failure data `$(?:auth failed, \d+ attempts( in \d+ secs)?\|tried to use (disabled\|disallowed) \S+ auth)$` - review, IPv6 compatibility fix, non-capturing groups	8 years ago
sebres	a2af19c9f0	fixed several actions, that could not work with jails using multiple logpath; additionally repaired execution in default shell (bad substitution by `${x//...}` executing in `/bin/sh`); added helper "action.d/helpers-common.conf", and `_grep_logs` part-command for actions needed grep logs from multiple log-files test cases: executing of some complex actions covered	8 years ago

1 2 3 4 5 ...

1242 Commits (1e6787877a98ab21d9a09287b132a5256b9373f6)