Serg G. Brester
babb76cb3c
Merge pull request #1839 from sebres/asterisk-patch
...
Asterisk improvements
2017-07-19 08:50:05 +02:00
sebres
a5b62a7f36
failregex extended and simplified (partially ported from gh-1409).
2017-07-18 16:34:22 +02:00
sebres
098abae4e6
Remove greedy catch-all before `<HOST>`, make regex more universal, fewer prone to errors (should avoid future changes, if some optional parameters coming again before/after `RemoteAddress`) + non-captured groups now.
...
Test for possible injection (5.6.7.8 in session-id) already available, line 59 (thus already covered).
2017-07-18 16:09:53 +02:00
sebres
2ea22b9d30
test coverage for gh-1427
2017-07-18 15:46:53 +02:00
Kirill
4c0c7b97c0
Update asterisk.conf to new log message
...
I got an issue like this:
[2016-05-15 22:53:00] SECURITY[26428] res_security_log.c: SecurityEvent="FailedACL",EventTV="2016-05-15T22:53:00.203+0300",Severity="Error",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x7fb580001518",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/78.129.227.4/62389",SessionTV="1970-01-01T03:00:00.000+0300"
# [sebres] rebased to current master and resolving conflicts.
2017-07-18 15:40:32 +02:00
Serg G. Brester
34cb55fd91
Merge pull request #1695 from benrubson/issue1693
...
Apache, detect syslog prefix
2017-07-14 02:05:23 +02:00
sebres
a12ac4242b
ChangeLog updated
2017-07-12 11:59:42 +02:00
sebres
0e33125129
be more precise using common `__prefix_line` expression (set `_daemon` to recognize apache and httpd only)
2017-07-12 11:59:02 +02:00
sebres
b561af45ef
apache-common.conf: introduced parameter `logging` for possibility to match lines, if apache logs into syslog/systemd journal;
...
added test cases to cover `apache-auth[logging=syslog]`.
2017-07-12 11:45:44 +02:00
benrubson
10cc7e6e59
Apache, detect syslog prefix, add test
2017-07-12 11:39:20 +02:00
benrubson
b662cf03ac
Apache, detect syslog prefix, simple example
2017-07-12 11:36:34 +02:00
Serg G. Brester
6c030c5e10
Merge pull request #1717 from szepeviktor/patch-11
...
Updated xarf-specification repo URL in xarf action
2017-07-12 09:54:15 +02:00
Serg G. Brester
99b668a3cc
Merge pull request #1390 from khumarahn/xxx
...
ensure /var/run/fail2ban is created in systemd service file
2017-07-11 15:53:42 +02:00
Serg G. Brester
4126b16e7c
Merge pull request #1828 from sebres/filter-ejabberd-auth-gh-993
...
Accept new format for filter ejabberd-auth
2017-07-11 15:43:28 +02:00
Serg G. Brester
5dcbcb99b9
Merge pull request #1648 from hlein/master
...
gentoo-initd: wait up to 30 seconds on "stop" to avoid errors.
2017-07-11 15:41:48 +02:00
sebres
c9385a2e04
ChangeLog updated
2017-07-11 15:28:04 +02:00
sebres
7217ef5c9e
filter.d/ejabberd-auth.conf: fixed ejabberd filter - accept new log-format with `wait_for_sasl_response` instead of `wait_for_feature_request` + optional part "IP " (gh-993)
2017-07-11 15:25:51 +02:00
Serg G. Brester
ad9f364800
Merge pull request #1827 from sebres/filter-roundcube-fix-gh-1303
...
Filter roundcube: fixed gh-1303 - X-Real-IP or/and X-Forwarded-For after host
2017-07-11 15:21:04 +02:00
sebres
ea3a6aa971
ChangeLog updated
2017-07-11 15:02:59 +02:00
sebres
dae4988aea
filter.d/roundcube-auth.conf: fixes failregex not working with `X-Real-IP` or/and `X-Forwarded-For` (gh-1303)
2017-07-11 14:59:24 +02:00
sebres
00456b8270
review: documentation, small enhancement of `fail2ban-client` to test time abbreviation format:
...
fail2ban-client --str2sec 1d12h30m
2017-07-11 14:03:00 +02:00
sebres
89f2dbb97b
small bug fix (missing `-` by option `--timeout`, wrong module reference)
2017-07-11 14:01:42 +02:00
Serg G. Brester
d334a36a60
Merge pull request #1825 from sebres/_0.10/postfix-filter-opti
...
0.10 - postfix filter optimizations
2017-07-11 12:34:56 +02:00
sebres
cf3b8f63f6
coverage fix
2017-07-11 12:16:12 +02:00
sebres
e26cc5de45
restore backwards compatibility (jail postfix-sasl); changelog update
2017-07-11 11:57:48 +02:00
sebres
aa92b68d4a
filter.d/postfix.conf: normalized several postfix-filters using parameter `mode` (as discussed in gh-1813);
...
introduced parameter `mode`: more (default, combines normal and rbl), auth, normal, rbl, ddos, extra or aggressive (combines all)
replacement for gh-1239, gh-1697, gh-1764; closes gh-1245, gh-1297.
2017-07-10 20:49:28 +02:00
sebres
36d42d7f0b
SampleRegexsFactory: introduce opportunity to supply multiple options combinations (check lines using filters with several options), see for example filter sshd.conf
2017-07-10 19:57:02 +02:00
sebres
d32a3913cf
postfix postscreen (resp. other RBL's compatibility fix) / gh-1764
2017-07-10 15:38:24 +02:00
Serg G. Brester
57ea38c342
Update paths-debian.conf
...
Fixed mail.log path since in the default rsyslog configuration of debians the `mail.warn` is commented now (see `/etc/rsyslog.d/50-default.conf`: `#mail.warn -/var/log/mail.warn`).
Closes gh-1687
2017-07-05 19:57:30 +02:00
sebres
546cd55342
Merge branch 'master' into 0.10
2017-07-03 13:02:25 +02:00
Serg G. Brester
d05d9f4c28
Merge pull request #1816 from sebres/fix-gh-1302
...
filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed
2017-07-03 12:59:46 +02:00
sebres
a1d0633e69
filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302):
...
- optional space between NOTICE and pid;
- optional part "Host " before IP-address;
2017-07-03 12:57:28 +02:00
sebres
33fcf8d809
Merge branch 'master' into 0.10
2017-07-03 12:43:48 +02:00
sebres
9f55ed86df
fixed testCymruInfoNxdomain (since cymru does not provide ASN mapping info for "10.0.0.0" anymore)
2017-07-03 12:41:54 +02:00
Serg G. Brester
1307e0a5b9
Merge pull request #1760 from szepeviktor/patch-12
...
Courier may complain about the method only
2017-07-03 12:00:36 +02:00
Serg G. Brester
205edff65d
Merge pull request #1690 from chtheis/master
...
#1689 : Make lowest rule number in action.d/bsd-ipfw.conf configurable
2017-07-01 17:16:50 +02:00
Serg G. Brester
f27e053592
Update bsd-ipfw.conf
...
increased starting rule number (lowest_rule_num = 111)
2017-07-01 17:10:53 +02:00
Serg G. Brester
001c0898d6
Merge branch 'master' into master
2017-06-30 18:07:38 +02:00
Serg G. Brester
6110ba9cc3
filter.d/proftpd.conf: added option `journalmatch` for systemd backend (closes gh-1613)
2017-06-30 18:00:01 +02:00
sebres
5974b0fb35
amend to merge PR gh-1783: restores lost entry `journalmatch` for `filter.d/roundcube-auth.conf`
2017-06-26 11:32:34 +02:00
sebres
37ca4f17c2
filter.d/roundcube-auth.conf: added missing entry `journalmatch` from original gh-1783.
2017-06-26 11:24:10 +02:00
Serg G. Brester
986dd3107d
Merge branch '0.10' into patch-12
2017-06-19 18:37:28 +02:00
Serg G. Brester
f3ba66d1c6
Merge pull request #1783 from weberhofer/0.10
...
filter.d/roundcube-auth.conf: Fixed failregex when logging errors to journal instead to a local file.
Additionally fixes more complex injections on username.
2017-06-19 18:34:08 +02:00
sebres
9b0f39a17d
ChangeLog updated
2017-06-19 18:12:37 +02:00
sebres
d3ae70beb6
filter.d/roundcube-auth.conf: Use the same filter-file and jail also when logging errors to journal instead to a local file.
...
Additionally fixes more complex injections on username.
2017-06-19 18:12:13 +02:00
Johannes Weberhofer
691c080dc7
Added roundcube authentication filter, new jail and log-examples
2017-06-19 16:52:42 +02:00
Serg G. Brester
3294840c2a
Merge pull request #1801 from jeaye/postfix-updates
...
filter.d/postfix.conf: update to the latest postfix logging format
2017-06-19 16:44:37 +02:00
Serg G. Brester
efeca8fdeb
postfix.conf: removes unneeded end-anchoring like `.*$`, etc.
...
also removes several dynamic content at end, which are of no avail there.
Additionally normalizes optional part (mail-ID) after reason number.
2017-06-19 16:25:46 +02:00
Serg G. Brester
bb283776d7
Merge pull request #1807 from sebres/fix-gh-1806
...
bug-fix: restoring of tickets from database for jails with persistent ban
2017-06-15 18:42:39 +02:00
sebres
fd32e908e3
fixes restoring of tickets from database for jails with persistent ban (if `bantime = -1`)
2017-06-15 18:28:37 +02:00