github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,494 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

4494 Commits (218905c924b4cde3408ebd7b399712f08ec33b19)

Author SHA1 Message Date
sebres ffd6b9f6de jail.conf: extended with new parameter `mode` for the filters supporting it; 2017-12-05 16:09:18 +01:00
sebres 2b68882502 filter.d/exim.conf: provides mode "aggressive" to ban flood resp. DDOS-similar failures; 
Closes #1983
 2017-12-05 16:07:53 +01:00
sebres 7f89fbc33f Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-12-01 15:53:11 +01:00
Serg G. Brester f834e7826d
Merge pull request #1979 from peternowee/fix-exim-lowercase-auth 
Exim failregex: Include lower/mixed case AUTH
 2017-12-01 15:22:09 +01:00
Peter Nowee e4bbaf3d58
Update ChangeLog 2017-12-01 15:01:48 +01:00
Serg G. Brester f1c89f6631
Merge pull request #1981 from sebres/datedetector-dual-space 
datedetector: extended default date-patterns (allows extra space between the date and time stamps)
 2017-12-01 10:48:00 +01:00
sebres 5547697401 ChangeLog and typo 2017-12-01 10:16:14 +01:00
sebres 2e437937c3 datedetector: extended default date-patterns (allows extra space between the date and time stamps); 
* introduces 2 new format directives (with corresponding `%Ex` prefix for more precise parsing):
  - %k - one- or two-digit number giving the hour of the day (0-23) on a 24-hour clock,
   (corresponds %H, but allows space if not zero-padded).
  - %l - one- or two-digit number giving the hour of the day (12-11) on a 12-hour clock,
   (corresponds %I, but allows space if not zero-padded).
* mysqld-auth test extended to cover new date-format in log.
Closes gh-1639
 2017-11-30 17:06:37 +01:00
Serg G. Brester cbd63d9cd5
added test to cover quoted injecting on AUTH command 2017-11-30 12:45:11 +01:00
Serg G. Brester 4f63180611
Avoid injection using quotes after `auth` command; 
Added non-greedy fallback for quoted something (with lookahead simulated possessive greedy catch of non-quoted parts `[^"]*(?=")`).
Note that because host-info's are hereafter (with foreign input in-between), we would not use greedy or non-greedy catch-alls (`.*` or `.*?`) here (preventing performance losses).
 2017-11-30 12:32:24 +01:00
Serg G. Brester f59df2e156
Avoid any injecting on protocol (e. g. tries using camel-case) 
The phrase "AUTH command used when not advertised" is precise enough as anchor here, so prevent by any foreign-input (any auth protocol error).
 2017-11-29 20:55:48 +01:00
Peter Nowee aa158ac05f
Exim failregex: Include lower/mixed case AUTH 
When reporting the error `AUTH command used when not advertised`, Exim
starts with `SMTP protocol error in "........."`. Here, Exim logs the
SMTP command as it was provided by the connecting client.
https://github.com/Exim/exim/blob/exim-4_89+fixes/src/src/smtp_in.c#L2850

According to RFC 5321 (SMTP) "[..] a command verb [..] MAY be encoded
in upper case, lower case, or any mixture of upper and lower case with
no impact on its meaning."
https://tools.ietf.org/html/rfc5321#section-2.4

Lower case `auth login` brute-force attempts were seen in the wild and
were not caught by the current failregex.

This commit makes the failregex case-insensitive for the `AUTH`
command, so that lower case (`auth`) or mixed case (`aUtH`) now also
match. The failregex was already case-insensitive for the command
arguments (e.g. `AUTH login` already matched).
 2017-11-29 15:14:43 +01:00
SlowRiot 660d57e6ba updating my email address 2017-11-29 10:43:15 +01:00
sebres fbf89e8cdd typo in indent (spaces to tabs) 2017-11-28 16:32:16 +01:00
Serg G. Brester f917b4346b
Merge pull request #1974 from sebres/nginx-block-map 
session-related blacklisting via nginx
 2017-11-28 16:27:21 +01:00
sebres 55c2a9968a remove lacking [Init] section check ([Init] section not necessary anymore for actions also); 
fix sporadic error by shutdown server in with_foreground_server_thread decorator (if shutdown too fast, but end-phase still does not reached the tester-thread);
 2017-11-28 16:14:17 +01:00
sebres b62ab2d51e ChangeLog updated 2017-11-28 13:46:57 +01:00
sebres 76f2865883 implemented new action "action.d/nginx-block-map.conf", used in order to ban not IP-related tickets via nginx (session blacklisting in nginx-location with map-file); 2017-11-28 13:42:41 +01:00
Serg G. Brester 4fa0f48fa1
Merge pull request #1970 from sebres/fix-gh-1876 
Fix logging to systemd-journal (gh-1876)
 2017-11-27 10:04:38 +01:00
sebres 6db9ae8574 ChangeLog updated 2017-11-26 23:35:11 +01:00
sebres af0f7e93ce better handling by start/stop of server in foreground mode; 
don't call logging.shutdown because part of exit in fail2bancmdline.
 2017-11-26 23:06:35 +01:00
sebres f31195a4fc added new logtarget "SYSOUT" to log from fail2ban working in foreground as systemd-service (in opposite to "STDOUT" don't log time-stamps). 2017-11-26 23:03:29 +01:00
sebres 100b531aff travis: add build for python 3.7-dev and switch to newest pypy3.3 in travis 2017-11-24 13:33:20 +01:00
sebres 7bf5980def no root option if testing within virtualenv (fixed now). 2017-11-24 13:20:19 +01:00
sebres fa007bfa7c remove build folder, if created through setup-process in test 2017-11-24 12:57:55 +01:00
sebres eac80966c5 Fix scripts-root within `fail2ban.service` (relative install root-base directory). 
This is amend for e3b061e94b.
Closes gh-1964
 2017-11-24 12:54:45 +01:00
sebres 6db8db04f8 Merge branch 'master' into 0.10: fixed test-cases covering dns2ip (IP of www.epfl.ch changed) 2017-11-23 22:46:17 +01:00
sebres 5708b8b90e fixed test-cases covering dns2ip (IP of www.epfl.ch changed) 2017-11-23 22:42:51 +01:00
sebres 159957ab88 filter.d/sshd.conf: extended failregex for modes "extra"/"aggressive": now finds all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors; 
obsolete (multi-line buffered) variant extended also.

Closes gh-1943, gh-1944
 2017-11-23 22:21:42 +01:00
sebres 7e756da2b9 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-11-06 18:56:31 +01:00
Serg G. Brester 4cd3b2d4c9
Merge pull request #1955 from sebres/fix-initial-config 
config/paths-*.conf: initial values and normalization
 2017-11-06 18:30:13 +01:00
Serg G. Brester ee80c52430 Update ChangeLog 2017-11-03 14:15:54 +01:00
sebres eba68a8f37 config/paths-common.conf: Added initial values for `syslog_authpriv`, `syslog_mail` in order to avoid errors while parsing/interpolating configuration; 
Note the systemd-backend does not need the logpath at all;
Some defaults normalized (minimized configs, don't need to overwrite values in distribution-related path if equal).
 2017-11-03 14:15:07 +01:00
Serg G. Brester c06f3c3fb8
Merge pull request #1812 from jpotter/patch-1 
Replace port imap3 with imap
 2017-11-03 14:05:57 +01:00
Serg G. Brester 4d10c615c4
Update ChangeLog 
typo
 2017-11-03 14:05:17 +01:00
Serg G. Brester 8b26fd2778 Update ChangeLog 2017-11-03 14:03:47 +01:00
Serg G. Brester 9876dd44f9 replace port imap3 with imap everywhere, since imap3 is not a standard port and old rarely (if ever) used and missing on some systems 
(see gh-1942)
 2017-11-03 14:03:06 +01:00
Jeff Potter 4a2fc8b7e8 Include imap (port 143) in courier-auth ports 
imap was missing from the list of ports, preventing fail2ban from blocking connections on standard IMAP port 143.
 2017-11-03 14:01:19 +01:00
Serg G. Brester a87af7bf41
Merge pull request #1948 from itoffshore/alpine 
gentoo-initd: add descriptions
 2017-11-03 13:30:18 +01:00
Stuart Cardall 18d2761dc0 gentoo-initd: add descriptions 
add descriptions to stop syslog errors for extra_started_commands when running:

rc-service ipset describe

Oct 28 15:13:30 xxxx daemon.warn /etc/init.d/fail2ban[26446]: ^[[1m^[[36mreload^[[m: no description
Oct 28 15:13:30 xxxx daemon.warn /etc/init.d/fail2ban[26447]: ^[[1m^[[36mshowlog^[[m: no description
 2017-11-01 22:19:14 +01:00
sebres b615a98540 jail.conf: avoid overwriting of default value of the parameter `chain` of several actions (where default chain != INPUT); 
test-cases extended to cover the same logic (use `<known/chain>` instead of fix value `INPUT`);
Closes gh-1949
 2017-10-30 13:32:52 +01:00
Serg G. Brester e07a8cda07 Update jail.conf 
Documentation of parameters for action blocklist_de, closes gh-1940
 2017-10-27 15:26:17 +02:00
Serg G. Brester 2409c4506a Merge pull request #1917 from martin61/patch-1 
add ip6tables.service ipset.service in systemd unit
 2017-10-20 12:39:46 +02:00
martin61 5db497017a add ip6tables.service ipset.service in systemd unit 2017-10-19 16:44:18 +02:00
Serg G. Brester 1a8fb6290d Merge pull request #1926 from sebres/0.10-pf-actionflush 
action.d/pf.conf: wildcard anchoring example + bulk-unban with command `actionflush`
 2017-10-19 16:35:46 +02:00
sebres 0e66e3cc57 Merge branch 'master' into 0.10 
# Conflicts:
#	config/filter.d/asterisk.conf
 2017-10-18 19:00:23 +02:00
Serg G. Brester 0aeb91d1e2 Merge pull request #1929 from miken32/patch-1 
Remove invalid (vulnerable) regex using IP from foreign input (not the originator).
 2017-10-18 18:54:43 +02:00
Serg G. Brester d81405adbc Update ChangeLog 
typo
 2017-10-18 18:52:55 +02:00
Serg G. Brester b6ab0aa83f Update ChangeLog 
more detailed entry
 2017-10-18 18:52:12 +02:00
Michael Newton 894a05b843 Update ChangeLog 2017-10-18 09:26:51 -07:00