github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,494 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

4494 Commits (218905c924b4cde3408ebd7b399712f08ec33b19)

Author SHA1 Message Date
sebres 9a42ce12f4 amend to gh-1792: introduced new fail2ban-regex option "--timezone" ("--TZ"), to set time-zone used by convert of time format. 2017-08-08 12:55:13 +02:00
sebres 2fe1479484 Merge branch '_0.9/gh-1849' into 0.10 2017-08-07 18:07:36 +02:00
sebres 5c538fb658 Recognize "unknown user" for additional auth-methods (pam, passwd-file, ldap, sql, etc); simplifying regular expressions (put "unknown user" and "invalid credentials" together as one regex). 2017-08-07 18:04:09 +02:00
sebres cb0f7ba4b9 Merge amend to PR #1850: removed greedy catch-all 2017-08-07 15:25:37 +02:00
sebres 0ef5b7c4d4 small amend to gh-1850: removed greedy catch-all at end. 2017-08-07 15:24:16 +02:00
Serg G. Brester 047d516661 Merge pull request #1850 from MarcelWaldvogel/ejabberd-17-06 
Support ejabberd 17.06 log format
 2017-08-07 15:16:34 +02:00
Marcel Waldvogel ebd1e2c969 Add testcase 2017-07-29 20:05:25 +02:00
Marcel Waldvogel daf57547c6 Parse ejabberd 17.06 output 
E.g.:
2017-07-29 08:24:04.773 [info] <0.6668.0>@ejabberd_c2s:handle_auth_failure:433 (http_bind|ejabberd_bosh) Failed c2s PLAIN authentication for test@example.ch from ::FFFF:192.0.2.3: Invalid username or password
 2017-07-29 19:58:06 +02:00
Bigard Florian f4551d02c9 Fix empty logfile.log in xarf login attack action 
Fix empty 3rd MIME part which contains the attack evidence (logfile.log).
 2017-07-25 13:44:29 +02:00
sebres 1a562bed0f Merge remote-tracking branch 'master' into 0.10 
# Conflicts:
#	config/filter.d/asterisk.conf
 2017-07-19 08:57:23 +02:00
Serg G. Brester babb76cb3c Merge pull request #1839 from sebres/asterisk-patch 
Asterisk improvements
 2017-07-19 08:50:05 +02:00
sebres a5b62a7f36 failregex extended and simplified (partially ported from gh-1409). 2017-07-18 16:34:22 +02:00
sebres 098abae4e6 Remove greedy catch-all before `<HOST>`, make regex more universal, fewer prone to errors (should avoid future changes, if some optional parameters coming again before/after `RemoteAddress`) + non-captured groups now. 
Test for possible injection (5.6.7.8 in session-id) already available, line 59 (thus already covered).
 2017-07-18 16:09:53 +02:00
sebres 2ea22b9d30 test coverage for gh-1427 2017-07-18 15:46:53 +02:00
Kirill 4c0c7b97c0 Update asterisk.conf to new log message 
I got an issue like this:
[2016-05-15 22:53:00] SECURITY[26428] res_security_log.c: SecurityEvent="FailedACL",EventTV="2016-05-15T22:53:00.203+0300",Severity="Error",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x7fb580001518",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/78.129.227.4/62389",SessionTV="1970-01-01T03:00:00.000+0300"

# [sebres] rebased to current master and resolving conflicts.
 2017-07-18 15:40:32 +02:00
Serg G. Brester 34cb55fd91 Merge pull request #1695 from benrubson/issue1693 
Apache, detect syslog prefix
 2017-07-14 02:05:23 +02:00
sebres a12ac4242b ChangeLog updated 2017-07-12 11:59:42 +02:00
sebres 0e33125129 be more precise using common `__prefix_line` expression (set `_daemon` to recognize apache and httpd only) 2017-07-12 11:59:02 +02:00
sebres b561af45ef apache-common.conf: introduced parameter `logging` for possibility to match lines, if apache logs into syslog/systemd journal; 
added test cases to cover `apache-auth[logging=syslog]`.
 2017-07-12 11:45:44 +02:00
benrubson 10cc7e6e59 Apache, detect syslog prefix, add test 2017-07-12 11:39:20 +02:00
benrubson b662cf03ac Apache, detect syslog prefix, simple example 2017-07-12 11:36:34 +02:00
Serg G. Brester 6c030c5e10 Merge pull request #1717 from szepeviktor/patch-11 
Updated xarf-specification repo URL in xarf action
 2017-07-12 09:54:15 +02:00
Serg G. Brester 99b668a3cc Merge pull request #1390 from khumarahn/xxx 
ensure /var/run/fail2ban is created in systemd service file
 2017-07-11 15:53:42 +02:00
Serg G. Brester 4126b16e7c Merge pull request #1828 from sebres/filter-ejabberd-auth-gh-993 
Accept new format for filter ejabberd-auth
 2017-07-11 15:43:28 +02:00
Serg G. Brester 5dcbcb99b9 Merge pull request #1648 from hlein/master 
gentoo-initd: wait up to 30 seconds on "stop" to avoid errors.
 2017-07-11 15:41:48 +02:00
sebres c9385a2e04 ChangeLog updated 2017-07-11 15:28:04 +02:00
sebres 7217ef5c9e filter.d/ejabberd-auth.conf: fixed ejabberd filter - accept new log-format with `wait_for_sasl_response` instead of `wait_for_feature_request` + optional part "IP " (gh-993) 2017-07-11 15:25:51 +02:00
Serg G. Brester ad9f364800 Merge pull request #1827 from sebres/filter-roundcube-fix-gh-1303 
Filter roundcube: fixed gh-1303 - X-Real-IP or/and X-Forwarded-For after host
 2017-07-11 15:21:04 +02:00
sebres ea3a6aa971 ChangeLog updated 2017-07-11 15:02:59 +02:00
sebres dae4988aea filter.d/roundcube-auth.conf: fixes failregex not working with `X-Real-IP` or/and `X-Forwarded-For` (gh-1303) 2017-07-11 14:59:24 +02:00
sebres 00456b8270 review: documentation, small enhancement of `fail2ban-client` to test time abbreviation format: 
fail2ban-client --str2sec 1d12h30m
 2017-07-11 14:03:00 +02:00
sebres 89f2dbb97b small bug fix (missing `-` by option `--timeout`, wrong module reference) 2017-07-11 14:01:42 +02:00
Serg G. Brester d334a36a60 Merge pull request #1825 from sebres/_0.10/postfix-filter-opti 
0.10 - postfix filter optimizations
 2017-07-11 12:34:56 +02:00
sebres cf3b8f63f6 coverage fix 2017-07-11 12:16:12 +02:00
sebres e26cc5de45 restore backwards compatibility (jail postfix-sasl); changelog update 2017-07-11 11:57:48 +02:00
sebres aa92b68d4a filter.d/postfix.conf: normalized several postfix-filters using parameter `mode` (as discussed in gh-1813); 
introduced parameter `mode`: more (default, combines normal and rbl), auth, normal, rbl, ddos, extra or aggressive (combines all)
replacement for gh-1239, gh-1697, gh-1764; closes gh-1245, gh-1297.
 2017-07-10 20:49:28 +02:00
sebres 36d42d7f0b SampleRegexsFactory: introduce opportunity to supply multiple options combinations (check lines using filters with several options), see for example filter sshd.conf 2017-07-10 19:57:02 +02:00
sebres d32a3913cf postfix postscreen (resp. other RBL's compatibility fix) / gh-1764 2017-07-10 15:38:24 +02:00
Serg G. Brester 57ea38c342 Update paths-debian.conf 
Fixed mail.log path since in the default rsyslog configuration of debians the `mail.warn` is commented now (see `/etc/rsyslog.d/50-default.conf`: `#mail.warn -/var/log/mail.warn`).
Closes gh-1687
 2017-07-05 19:57:30 +02:00
sebres 546cd55342 Merge branch 'master' into 0.10 2017-07-03 13:02:25 +02:00
Serg G. Brester d05d9f4c28 Merge pull request #1816 from sebres/fix-gh-1302 
filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed
 2017-07-03 12:59:46 +02:00
sebres a1d0633e69 filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302): 
- optional space between NOTICE and pid;
- optional part "Host " before IP-address;
 2017-07-03 12:57:28 +02:00
sebres 33fcf8d809 Merge branch 'master' into 0.10 2017-07-03 12:43:48 +02:00
sebres 9f55ed86df fixed testCymruInfoNxdomain (since cymru does not provide ASN mapping info for "10.0.0.0" anymore) 2017-07-03 12:41:54 +02:00
Serg G. Brester 1307e0a5b9 Merge pull request #1760 from szepeviktor/patch-12 
Courier may complain about the method only
 2017-07-03 12:00:36 +02:00
Serg G. Brester 205edff65d Merge pull request #1690 from chtheis/master 
#1689: Make lowest rule number in action.d/bsd-ipfw.conf configurable
 2017-07-01 17:16:50 +02:00
Serg G. Brester f27e053592 Update bsd-ipfw.conf 
increased starting rule number (lowest_rule_num = 111)
 2017-07-01 17:10:53 +02:00
Serg G. Brester 001c0898d6 Merge branch 'master' into master 2017-06-30 18:07:38 +02:00
Serg G. Brester 6110ba9cc3 filter.d/proftpd.conf: added option `journalmatch` for systemd backend (closes gh-1613) 2017-06-30 18:00:01 +02:00
sebres 5974b0fb35 amend to merge PR gh-1783: restores lost entry `journalmatch` for `filter.d/roundcube-auth.conf` 2017-06-26 11:32:34 +02:00