Commit Graph

5410 Commits (1f48e55959bfa079c7aeaad469040018b92139c4)

Author SHA1 Message Date
sebres ceff489a46 amend to a4459765ef438db83a2898ba832ff7acba033e29: irrelevant condition removed 2017-10-04 14:24:21 +02:00
sebres a4459765ef pyinotify/polling: test filter reaction by delete of watching file, better detection of pending file (avoid errors in fail2ban.log during log-rotation).
Closes gh-1865 for filterpyinotify ("cannot remove WD=2").
2017-10-04 14:17:00 +02:00
sebres e71f16f6ba Merge branch 'master' into 0.10
# Conflicts resolved:
#	config/filter.d/dovecot.conf
2017-10-04 09:57:18 +02:00
sebres ea36e1b3fc filter.d/dovecot.conf: fixed failregex to recognize pam_authenticate failures with "Permission denied" (gh-1897) 2017-10-04 09:55:37 +02:00
Serg G. Brester 32deb828a1 Merge pull request #1904 from sebres/no-dup-ignoreip-fix-1900
Avoid exact duplicates by addIgnoreIP (closes gh-1900)
2017-10-04 08:41:40 +02:00
sebres d1fad22ac1 Avoid exact duplicates by addIgnoreIP (closes gh-1900) 2017-10-02 15:59:14 +02:00
sebres 8c804a2290 Merge branch 'master' into 0.10
# Conflicts resolved:
#	config/filter.d/postfix-rbl.conf
#	config/filter.d/postfix-sasl.conf
#	config/filter.d/postfix.conf
#	fail2ban/tests/files/logs/postfix-sasl
2017-10-02 15:41:30 +02:00
sebres a2120a9de5 filter.d/postfix-*.conf - added optional port regex (closes gh-1902) 2017-10-02 15:31:55 +02:00
Serg G. Brester 6140a0f2d4 Merge pull request #1894 from sbraz/nftables-ipv6
Fix nftables actions for IPv6 addresses, fixes #1893
2017-09-13 09:14:39 +02:00
Serg G. Brester 6149df5216 Update ChangeLog 2017-09-12 09:27:16 +02:00
Louis Sautier 152c9d27d5
Fix nftables actions for IPv6 addresses, fixes #1893
* add [Init?family=inet6] to nftables-common.conf and make nftable
  expressions more modular
* change "ip protocol" to "meta l4proto" in nftables-allports.conf
  since the former only works for IPv4
2017-09-11 23:32:53 +02:00
Serg G. Brester fbd46f29f2 Merge pull request #1891 from sbraz/openrc
Fix Gentoo init script's shebang
2017-09-11 12:24:10 +02:00
Serg G. Brester 72ad904f58 Update ChangeLog 2017-09-11 12:22:43 +02:00
Louis Sautier 2ce0ffb977
Fix Gentoo init script's shebang
Use openrc-run instead of runscript.
5d5856c193
2017-09-11 12:19:33 +02:00
Serg G. Brester 8be4569d51 Update ChangeLog
several fixes of 0.10th branch
2017-09-08 11:32:08 +02:00
sebres b185e7cb04 Merge remote-tracking branch 'upstream/master' into 0.10 2017-09-08 11:11:05 +02:00
Serg G. Brester 983b128c54 Update ChangeLog
several fixes of 0.9th branch
2017-09-08 11:07:48 +02:00
Serg G. Brester 5221693ce0 Merge pull request #1889 from sebres/0.10-small-optim-review
0.10 small optimization & review, config-reader, pretty-dump, etc.
2017-09-08 10:57:27 +02:00
sebres 462b534469 restrict saving of previous known values to section-related (don't overwrite with the values of other sections, especially like "INCLUDES", etc.) 2017-09-07 20:00:45 +02:00
sebres e20f6204d3 don't put parameters starting with `known/` to the ready stream (intermediate options only), makes streams and dumps of configuration shorter and better readable 2017-09-07 19:32:14 +02:00
sebres b698a74902 introduces new command-line options `--dp`, `--dump-pretty` to dump the configuration using more human readable representation;
allow dump of configuration, also if log-file is not available (warning only)
2017-09-07 19:31:38 +02:00
Serg G. Brester fd83260bd8 jail "pass2allow-ftp" should supply blocktype to action
closes gh-1884
2017-09-07 18:51:08 +02:00
Serg G. Brester bb97e66627 Merge pull request #1882 from coderua/patch-1
Add Jorgee Vulnerability Scanner protect
2017-09-07 15:52:31 +02:00
Serg G. Brester 99a9a9136e Merge pull request #1887 from fail2ban/exim-gh-1886
filter.d/exim.conf: fixed failregex for case of flood attempts with `D=0s`
2017-09-07 15:47:20 +02:00
Serg G. Brester db121a6f85 Update exim
Test case covers flood attempts with `D=0s`
2017-09-07 15:32:35 +02:00
Serg G. Brester 2cd02b731b filter.d/exim.conf: fixed failregex for case of `D=0s`
Closes gh-1886
2017-09-07 15:28:46 +02:00
sebres 4bc226a692 optimized regex 2017-09-05 10:59:16 +02:00
Vladimir Chumak fafefc0293 Add Jorgee Vulnerability Scanner protect
Details for Jorgee Vulnerability Scanner: https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30164
2017-09-05 10:56:43 +02:00
sebres acd9e8155b Merge pull request #1376 from j-marz/master:
Added ZoneMinder filter
2017-09-04 11:52:10 +02:00
sebres 4163f32968 small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include 2017-09-04 11:48:01 +02:00
john ac95449bbb changed zoneminder regex as per Sebres and yarikoptic recommendations 2017-09-04 11:37:09 +02:00
john 7013729a1f removed redundant options for zoneminder from jail.conf 2017-09-04 11:37:05 +02:00
john 5c3a666380 fixed incomplete regex after adding anchors 2017-09-04 11:37:03 +02:00
john 3d45fd2713 implemented yarikoptic's suggestions in fail2ban pull request #1376 2017-09-04 11:37:00 +02:00
john 776d463e92 added missing colon to failJSON 2017-09-04 11:36:58 +02:00
john 4d8ba7b668 fixed test log file 2017-09-04 11:36:55 +02:00
john 44c4496e49 added sample log files 2017-09-04 11:36:53 +02:00
john 08878d22dd added zoneminder.conf filter 2017-09-04 11:36:50 +02:00
john a90f6c4ae8 added zoneminder jail and filter
# Conflicts:
#	config/jail.conf
2017-09-04 11:36:47 +02:00
sebres c312962029 filter.d/dovecot.conf: partially cherry-pick to 0.9 PR #1880 from sebres/0.10-fix-dovecot-regex (d926e11a5c)
fixed failregex (without new mode aggressive)
2017-09-01 10:57:41 +02:00
Serg G. Brester d926e11a5c Merge pull request #1880 from sebres/0.10-fix-dovecot-regex
filter.d/dovecot.conf: fixed failregex + new mode aggressive
2017-09-01 10:36:22 +02:00
sebres 2cfc53c08e remove capturing groups 2017-09-01 10:25:09 +02:00
sebres 9b8563f35e - fixes regex for message `imap-login: Disconnected (auth failed, X attempts) ...` has to many variations on additional info after `<HOST>`,
leave it end-anchored because variable part `user=<[^>]*>` (before `<HOST>`) to avoid injecting, but can be safe rewritten using `[^>]*` in opposite to "greedy" `user=<[^>]*>`.
- introduces mode `aggressive` and extends regex for this mode to match:
  * no auth attempts (previously removed in gh-601, because of lots of false positives on misconfigured MTAs)
  * disconnected before auth was ready
  * client didn't finish SASL auth
2017-09-01 09:56:21 +02:00
Serg G. Brester a287d0a05c Merge pull request #1872 from kmzby/master
Added filter for phpMyAdmin+syslog
2017-08-25 12:22:58 +02:00
Serg G. Brester 569283063b Merge pull request #1874 from sebres/fix-f2b-setup
setup.py: fix several setup facilities
2017-08-25 12:22:31 +02:00
Pavel Mihadyuk 4c1abe1cbf phpmyadmin-syslog: removed excess file, fixed test, updated failregex 2017-08-23 16:56:18 +03:00
sebres f451cf34b3 don't check return code by dry-run: returns 256 on some python/setuptool versions. 2017-08-23 13:20:51 +02:00
sebres e3b061e94b - `files/fail2ban.service` renamed as template to `files/fail2ban.service.in`;
- setup process generates `build/fail2ban.service` from `files/fail2ban.service.in` using distribution related bin-path;
- bug-fixing by running setup with option `--dry-run` (note: specify option `--dry-run` before `install`, like `python setup.py --dry-run install`);
- test cases extended to cover dry-run.
2017-08-23 13:01:29 +02:00
Pavel Mihadyuk d09304b897 phpmyadmin-syslog: added default jail config 2017-08-22 19:00:48 +03:00
Pavel Mihadyuk 41994fcb56 Added filter for phpMyAdmin+syslog (>=4.7.0) 2017-08-22 18:46:40 +03:00