fail2ban

Commit Graph

Author	SHA1	Message	Date
Serg G. Brester	4f5389fee5	Update jail.conf	8 years ago
Johannes Weberhofer	f46ada023e	Use Fedora's backend-settings for openSUSE Those settings are ok for newer openSUSE versions	8 years ago
sebres	b5433f48b7	amend after code review of merge gh-1581	8 years ago
sebres	bee6e7376b	Merge branch 'aclindsa:master'	8 years ago
sebres	ea4c1f6356	Merge branch 'master' into 0.10	8 years ago
sebres	dab5f56609	Merge branch 'fix-gh-1477'	8 years ago
Alex	8ac28e5dcb	Make changes and add test file	8 years ago
Alex	8c40766511	Add Mongodb-auth filter and jail	8 years ago
sebres	faee5f1fdc	better caching (thereby better performance), better recognition of similar regex	8 years ago
sebres	ae7297e16b	more precise date template handling (WARNING: this commit creates possible incompatibilities): - datedetector rewritten more strict as earlier; - default templates can be specified exacter using prefix/suffix syntax (via `datepattern`); - more as one date pattern can be specified using option `datepattern` now (new-line separated); - some default options like `datepattern` can be specified directly in section `[Definition]`, that avoids contrary usage of unnecessarily `[Init]` section, because of performance (each extra section costs time); - option `datepattern` can be specified in jail also (jails without filters); - if first group specified, only this will be cut out from search log-line (e. g.: `^date:[({DATE})]` will cut out only datetime match pattern, and leaves `date:[] failure ip...` for searching in filter); - faster match and fewer searching of appropriate templates (DateDetector.matchTime calls rarer DateTemplate.matchDate now); - standard filters extended with exact prefixed or anchored date templates; template cache introduced (in opposition to default template cache, holds custom templates cached by pattern for possible common usage of same template/regex);	8 years ago
sebres	ab0ac2111c	added possibility to specify more precise default date pattern: - `datepattern = {^LN-BEG}` - only line-begin anchored default patterns (matches date only at begin of line, or with max distance up to 2 non-alphanumeric characters from line-begin); - `datepattern = {*WD-BEG}` - only word-begin anchored default patterns; - `datepattern = ^prefix{DATE}suffix` - exact specified default patterns (using prefix and suffix); common filter configs gets a more precise, line-begin anchored (datepattern = {^LN-BEG}) resp. custom anchoring default date-patterns;	8 years ago
sebres	a7d9de8c52	[temp commit] 1st try to optimize datedetector/datetemplate functionality (fix ambiguous resp. misleading date detection if several formats used in log resp. by format switch after restart of some services): * Misleading date patterns defined more precisely (using extended syntax %E[mdHMS] for exact two-digit match) * `filter.d/freeswitch.conf` - Optional prefixes (server, daemon, dual time) if systemd daemon logs used (gh-1548) - User part rewritten to accept IPv6 resp. domain after "@" (gh-1548)	8 years ago
Aaron Lindsay	7805f9972d	filter.d/sshd.conf: Match 'Invalid user' with 'port \d*'	8 years ago
sebres	84c3eb3e0e	filter.d/sendmail-reject.conf: double space (should be by missing dns-host only) Closes #1578	8 years ago
sebres	c809c3e61e	Merge branch 'master' into 0.10	8 years ago
Nils	d08db22b92	Create npf.conf for the NPF packet filter This file adds support for the NPF packet filter, available on NetBSD since version 6.0	8 years ago
sebres	fa8184d4cc	fixes deprecated DNSUtils.IsValidIP in fakegooglebot ignore command + test covered now; Closes #1559	8 years ago
sebres	ee1727ecca	Merge pull request #1563 from niklasf/fix-lazy-ipv6-regex (and sebres/fix-lazy-ipv6-regex) into 0.10	8 years ago
sebres	9bf8985e2a	nginx-limit-req.conf: more precise failregex (word-boundary if `<HOST>` should be non-greedy for some reasons)	8 years ago
Serg G. Brester	ba9a88977f	Merge pull request #1562 from sebres/_0.10/fix-stability-and-speed 0.10/fix stability and speed optimization	8 years ago
sebres	8b0f6c5413	badips test cases check availability of badips service (and skip this tests if it not available)	8 years ago
sebres	310d4e224d	Merge branch master (0.9) into 0.10	8 years ago
sebres	9fb167b5e1	filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543	8 years ago
sebres	c0e0cfb39d	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	8 years ago
sebres	4a1d720344	filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix	8 years ago
sebres	2c54f90469	sshd-filter: better universal regexp, that matches more complex different injects, using conditional expressions (on username and auth-info section), see new test cases also.	8 years ago
sebres	a544c5abac	sshd-filter: recognized "Failed publickey for" now (gh-1477) + improved regexp (not anchored now to recognize all "Failed anything for ... from <HOST>" ChangeLog entry added	8 years ago
sebres	d71a525a85	Merge branch 'master' into 0.10 (resolve conflicts and cleaning tree points after back-porting gh-1508 0.10 -> 0.9)	8 years ago
sebres	38d53a72fd	introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located); fixed pythonic filters and test scripts (running via "fail2ban-python" now); fixed test case "testSetupInstallRoot" not for default python (also using direct call, out of virtualenv); # Conflicts: # config/filter.d/ignorecommands/apache-fakegooglebot # fail2ban/tests/files/config/apache-auth/digest.py # fail2ban/tests/files/ignorecommand.py # fail2ban/tests/misctestcase.py	8 years ago
sebres	77f451c4a3	introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located); fixed pythonic filters and test scripts (running via "fail2ban-python" now); fixed test case "testSetupInstallRoot" not for default python (also using direct call, out of virtualenv);	8 years ago
maksyms	9ddbd642f7	Accept no space after "failed:" (#1501 ) yoh: Squashed to ease cherry-picking into 0.9 * accept no space after "failed:" fix issue #1497 * accept no space after "failed:" * Update postfix-sasl * Update postfix-sasl * Update postfix-sasl	8 years ago
maksyms	04427adb95	Accept no space after "failed:" (#1501 ) yoh: Squashed to ease cherry-picking into 0.9 * accept no space after "failed:" fix issue #1497 * accept no space after "failed:" * Update postfix-sasl * Update postfix-sasl * Update postfix-sasl	8 years ago
sebres	c52aaa8b78	ASSP failregex minor fixes	8 years ago
sebres	70658d7a19	Merge pull request #1494 from rhardy613/master (branch 'sebres:pr-1494')	8 years ago
rhardy613	8265e3f0f9	Fix comments For some reasons the comment changes weren't pickup in the last commit. This fixes it.	8 years ago
rhardy613	66fe5a77ce	Fix ASSP filter to work with both ASSP V1 and V2 ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP. This fix adds V2 support.	8 years ago
rhardy613	890a3dcbb9	Fix ASSP filter to work with current release of ASSP ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. For some reason fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP. Now updated with anchored patterns tested against 6 months of log data.	8 years ago
Yaroslav Halchenko	c0994b0c6c	DOC: minor typo (thanks John Bernard) Closes #1496	8 years ago
sebres	0eea362aa0	Merge branch 'master' into 0.10	8 years ago
rhardy613	f73746d846	Fix ASSP filter to work with current release of ASSP ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. For some reason fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP.	8 years ago
Yaroslav Halchenko	28a0605f69	Merge pull request #1478 from gips0n/master adding openldap slapd filter	8 years ago
Andrii Melnyk	7433b353ee	another variant of regex	8 years ago
Andrii Melnyk	7c5828dd2a	add trailing anchor to failregex	8 years ago
sebres	683f8fc56c	Merge branch 'master' into 0.10	8 years ago
Andrii Melnyk	48c094f612	improved failregex according to @sebres recomendations	9 years ago
sebres	f5f204ca7c	Improved changes of gh-1458: `[^']` after callid was wrong, changed to `[^\)]`; regexp anchored at the end; almost the same regex grouped to one; Closes #1458	9 years ago
nturcksin	72a157b8f2	Improve PJSIP log support for asterisk 13+ with different callID (Squash gh-1458) Change the asterisk pjsip filter to don't take the callId part Add optional part between "Request" and "from" Listed all log message from asterisk	9 years ago
Andrii Melnyk	dcb69b0242	* add `__prefix_line` to regex * fix time in log file	9 years ago
Andrii Melnyk	b2e3affaa0	adding openldap slapd filter	9 years ago
Yaroslav Halchenko	593b1210c0	Merge master (commit '0.9.4-79-gaf8b650') into 0.10 * commit '0.9.4-79-gaf8b650': badip timeout option introduced, set to 30 seconds in our test cases (#1463) DOC: changelog for recent exim filters tune up Asterisk pjsip (#1456) BF: finalize that sample log line for exim4 RF: for consistency use (?:XXX)? instead of (?:\|XXX) ENH: use non-capturing regex groups in exim-common and exim filters ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible BF: make :port and I=[ip]:port optional for a "AUTH command used when not advertised"	9 years ago
Serg G. Brester	af8b650a37	badip timeout option introduced, set to 30 seconds in our test cases (#1463 ) cherry-picked from 0.10 (little bit modified in test_badips.py, because no --fast option in test cases)	9 years ago
sebres	e39126f630	badip timeout option introduced, set to 30 seconds in our test cases	9 years ago
Yaroslav Halchenko	636a93f58b	Merge pull request #1438 from yarikoptic/bf-exim exim filters -- make wider use of host_info helper str susbstitution + fix for #1430	9 years ago
Ludovic Gasc	f85fb45b29	Asterisk pjsip (#1456 ) * Improve PJSIP log support for Asterisk 13+ * Update changelog: filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+ * Change pjsip regexp with sebres observation, thanks to @nturcksin	9 years ago
sebres	39366e703a	Merge branch 'master' into 0.10 # Conflicts: # fail2ban/server/filter.py	9 years ago
Yaroslav Halchenko	6434661480	RF: for consistency use (?:XXX)? instead of (?:\|XXX)	9 years ago
Yaroslav Halchenko	48a8324662	ENH: use non-capturing regex groups in exim-common and exim filters	9 years ago
sebres	8ec4e1189e	use raw host (don't use textToIp) if usedns exactly `raw`, because `usedns = no` should ignore no ip failures	9 years ago
Serg G. Brester	b6700f3e52	Merge pull request #1433 from yarikoptic/bf-0.10-pf-prevbeh BF: maintain previous default beh for pf -- default ban type is multiport	9 years ago
Yaroslav Halchenko	9bb869b8d4	ENH: courier-smtp -- allow for trailing username (no spaces) in the logline Closes #1440	9 years ago
Yaroslav Halchenko	8b8cf2a660	ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible	9 years ago
Yaroslav Halchenko	743a531eb5	BF: make :port and I=[ip]:port optional for a "AUTH command used when not advertised" Closes #1430	9 years ago
sebres	f62266659f	Merge branch 'master' into '0.10'	9 years ago
sebres	52377984cd	back to mandatory space, ungrouping of sub parameters in `__prefix_line` + small code review;	9 years ago
sebres	0fdc56546f	Fixed misunderstanding of port in (ban)action: port will be always specified in jail config ([DEFAULT] or jail)	9 years ago
Yaroslav Halchenko	1ebc3facb1	BF: maintain previous default beh for pf -- ban a port (ssh) only	9 years ago
sebres	4cdca8c258	amend-merge for pull request #1429 from sebres/0.10-freebsd-fix-pf actiontype for PF action (all- and multi port)	9 years ago
sebres	4d51c591c1	pf.conf: warranted consistently echoing for the pf actiontype if actiontype or multiport tags will be customized;	9 years ago
Serg G. Brester	01d9a41ba1	Merge pull request #1429 from koeppea/0.10-freebsd-fix-pf actiontype for PF action (all- and multi port)	9 years ago
Alexander Koeppe	b5e031f3c3	some documentation for multiport use in pf.conf	9 years ago
sebres	1e7fd26f5f	rename `actionoptions` to `actiontype` in pf-action (multiport) + fixed test cases	9 years ago
sebres	25af11215b	test case for generic common moved to `./fail2ban/tests/config/filter.d/zzz-generic-example.conf` to prevent shipping it with fail2ban installations	9 years ago
Alexander Koeppe	e74047ae49	revert to common config for PF covering multi and allports	9 years ago
Alexander Koeppe	3e1328c83b	split PF config files between all- and multi port	9 years ago
sebres	cb4f9be8b2	the date brackets removed from filters using `__prefix_line`, because `__prefix_line` already contains the date ambit;	9 years ago
sebres	de813acf51	extends generic `__prefix_line` with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` + test case added;	9 years ago
Alexander Koeppe	975608dfb6	no hardcoded python interpreter path	9 years ago
sebres	0c44ecfc77	action.d/firewallcmd-ipset.conf: different name of the match set's for IPv4/IPv6, using conditional <ipmset>, analog to the iptables-ipset; test cases for 3 firewallcmd extended;	9 years ago
TorontoMedia	ffebde68e0	Update firewallcmd-multiport.conf	9 years ago
TorontoMedia	07de83e04a	Update firewallcmd-common.conf	9 years ago
TorontoMedia	810d5996b5	Update firewallcmd-rich-logging.conf	9 years ago
TorontoMedia	7e54cee8d6	updated firewallcmd actions	9 years ago
sebres	3e49522b7a	fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405, misleadingly committed in `d2a9537568`); all optional spaces normalized in generic include `common.conf` + test cases are extended (using new example pseudo-filter and test log `zzz-generic-example`);	9 years ago
sebres	bdc2d07946	fix suhosin_log in common paths - log files should be separated using "\n": prevents to throw an error "File option must be 'head' or 'tail'", if jail suhosin will be enabled.	9 years ago
sebres	504e5ba6f2	actions support IPv6 now: - introduced "conditional" sections, see for example `[Init?family=inet6]`; - iptables-common and other iptables config(s) made IPv6 capable; - several small code optimizations; * all test cases passed (py3.x compatible);	9 years ago
sebres	75028585c0	test cases extended for verifying ipv4/ipv6, normalized pf-action with test case	9 years ago
Alexander Koeppe	ed2f3ef77d	improve PF action and make IPv6 aware	9 years ago
sebres	25d6cf8dd2	fix suhosin_log in common paths - log files should be separated using "\n": prevents to throw an error "File option must be 'head' or 'tail'", if jail suhosin will be enabled.	9 years ago
sebres	8cb4a3f59e	move DNTUtils, IPAddr related code to dedicated source file ipdns.py (also resolves some cyclic import references)	9 years ago
Alexander Koeppe	db9f3f738f	add ip6-loopback to default ignoreip statement	9 years ago
sebres	05f38285f1	Merge remote-tracking branch 'remotes/gh-upstream/master' into f2b-perfom-prepare-716	9 years ago
jungle-boogie	d889918f19	update doc url direct to confluence page. no code changes.	9 years ago
Yaroslav Halchenko	aa303acfd6	Merge pull request #1381 from theDogOfPavlov/patch-3 Tightened up exim regexes to catch rDNS entries	9 years ago
Alexandre Perrin	7712310d2d	Be more backward compatible on matching postfix/smtps/smtpd Support trailing smtps also and not only smtpd. suggested by @sebres	9 years ago
Alexandre Perrin	1a299409e5	Fix postfix/smtps/smtpd matching.	9 years ago
theDogOfPavlov	1eb51b1bc2	Tightened up regexes to catch rDNS entries	9 years ago
Yaroslav Halchenko	db2dd070ad	Merge pull request #1356 from opoplawski/bug-1354 Fedora use mariadb by default, fix log path	9 years ago
Serg G. Brester	b9b7ecbf6b	Merge pull request #1357 from sebres/monit-new-fltr monit filter fixup for the new version (gh-1355)	9 years ago
TorontoMedia	3d239215cd	Two new firewalld actions with rich rules for firewalld-0.3.1+ (gh-1367) closes #1367	9 years ago
sebres	ac27c9cb96	Merge branch 'patch-2' (gh-1371)	9 years ago

1 2 3 4 5 ...

1242 Commits (1e6787877a98ab21d9a09287b132a5256b9373f6)