fail2ban

Commit Graph

Author	SHA1	Message	Date
usernamepi	e4e7a83cff	Update ufw.conf Prerequisites: * The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY. * Ufw version is => 0.36 (released in 2018) * Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses. * Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532 * Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open. Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option. My system apparently is compiled that way.	4 years ago
sebres	71ce548117	Merge branch '0.11'	4 years ago
sebres	b5b615731e	Merge branch '0.10' into 0.11	4 years ago
sebres	f0214b3d36	filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments	4 years ago
Sergey G. Brester	ab0847e2d5	more precise anchored RE (also combining all 3 REs in a single regex)	4 years ago
Jordi Sanfeliu	7d173b7ce0	Merge branch 'master' into updated-to-latest-jail.conf	4 years ago
sebres	6893d5a8b7	Merge remote-tracking branch 'remotes/gh-upstream/0.11' into master	4 years ago
Sergey G. Brester	d74dd9321b	Merge pull request #2565 from caronc/0.11 Add Apprise Support (50+ Notifications)	4 years ago
Sergey G. Brester	b2f6a3a658	remove unneeded substitution it is enough to add `apprise` to action	4 years ago
Sergey G. Brester	dda70d60c0	Merge branch 'master' into master	4 years ago
Michele Mondelli	7579072e3b	docs: fix typos	4 years ago
Sergey G. Brester	4eba9f2a4b	Merge pull request #2950 from sunweaver/pr/scanlogd-filter Add support for filtering out detected port scans via scanlogd.	4 years ago
Sergey G. Brester	2d51240b3e	correction for default log interpolation and added allports banaction	4 years ago
Sergey G. Brester	977dfe4bd7	small amend: sport after saddr is optional format of message: saddr[:sport] to daddr [and others,] ports port[, port...], ..., flags[, TOS TOS][, TTL TTL] @HH:MM:SS	4 years ago
Sergey G. Brester	14edeed310	fixed regex (don't need to match whole line, e. g. every port etc)	4 years ago
Sergey G. Brester	080dd12288	Merge pull request #2965 from oukb/patch-1 nsd.conf: fix for the current log format	4 years ago
Sergey G. Brester	a838deba7f	restore anchor (e. g. catch all in the middle), dot is optional now, RE rewritten a bit more precise	4 years ago
sebres	7f38b80d35	precise regex (left anchor and fewer catch-all's); fixed tests (added failJSON and more tests for some corner-cases around new RE)	4 years ago
Rüdiger Olschewsky	9eaa2322b0	Filter and Defaults for Microsoft SQL Server	4 years ago
Markus Felten	5aa20c30d8	fix: add journalmatch to nginx filters	4 years ago
j-marz	5d8f500471	updated formatting to pass tests	4 years ago
j-marz	2686811593	Updated zoneminder filter Support new log format, ERR instead of WAR. Add detection of non-existent user login attempts	4 years ago
oukb	529866b2bb	nsd.conf: fix for the current log format New nsd 4.3.5 log format: \| [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches \| [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches \| [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches \| [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches	4 years ago
Mike Gabriel	f15ed35619	config/: Add support for filtering out detected port scans via scanlogd.	4 years ago
sebres	fb08534ed7	Merge branch '0.11'	4 years ago
sebres	3eaefe8da0	Merge branch '0.10' into 0.11	4 years ago
sebres	a45b1c974c	filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast); closes gh-2951	4 years ago
sebres	63acc862b1	`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action	4 years ago
sebres	fb6315ea5e	Merge branch '0.10' into 0.11	4 years ago
sebres	6f4b6ec8cc	action.d/badips.* removed (badips.com is no longer active, gh-2889)	4 years ago
Sergey G. Brester	a2f0dbad87	Merge pull request #2742 from aresxc/patch-1 Update drupal-auth.conf	4 years ago
Sergey G. Brester	d678440658	more precise RE (avoids weakness with catch-all's and is injection safe)	4 years ago
sebres	ea26509594	Merge branch '0.11'	4 years ago
sebres	6198b4566c	Merge branch '0.10' into 0.11	4 years ago
Brian J. Murrell	dc4ee5aa47	Add transport to asterisk RE Call rejection messages from Asterisk can have the transport prefixed to the IP address. Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>	4 years ago
sebres	c75748c5d3	fail2ban.conf: added new fail2ban configuration option "allowipv6" (default auto), can be used to allow or disallow IPv6 interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces). closes gh-2804	4 years ago
sebres	21dd317870	Merge branch '0.11'	4 years ago
sebres	dbc77c47c3	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	5f3f4d1e2f	action.d/cloudflare.conf: better IPv6 capability closes gh-2891	4 years ago
sebres	9df332fdef	filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...); closes gh-2908	4 years ago
sebres	2c60d08b28	Merge '0.11' (fix gh-2899) into master	4 years ago
sebres	fe334590cd	Merge branch '0.10' into 0.11	4 years ago
sebres	73b39e0894	filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp) closes gh-2899	4 years ago
defanor	ba7daef86c	Handle postscreen's PREGREET and HANGUP messages Provoking those seems to be a popular activity among spammers.	4 years ago
stepodev	cecc3d62ff	add mode explanation to nginx-http-auth in jail.conf	4 years ago
stepodev	d0ba27cf46	move nginx-tls-fallback rules to nginx-http-auth	4 years ago
Sergey G. Brester	d959f6d199	Update nginx-tls-fallback.conf more precise and conclusive regex without catch-all's	4 years ago
stepodev	c0256724a7	fix monitoring wrong error log. was access log, should be error.log	4 years ago
stepodev	27c40a77a3	add nginx-tls-downgrade	4 years ago
sebres	a03109d096	Merge branch '0.11' into master (0.11.2 released)	4 years ago
sebres	b78d1e439a	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	753fff9c15	amend to #2750 , add jail for new filter nginx-bad-request	4 years ago
Sergey G. Brester	071048b8f2	Merge pull request #2750 from janprzy/master Added filter nginx-bad-request	4 years ago
sebres	7965d652a1	filter.d/dovecot.conf: allow more verbose logging closes #2573	4 years ago
sebres	a6de9459fc	typo	4 years ago
RyuaNerin	bba8844af8	typo	4 years ago
mpoliwczak834	595ee7ed74	add submission	4 years ago
mpoliwczak834	0c12cb7970	add managesieve support dovecot filter	4 years ago
sebres	cc64ef25f6	filter.d/apache-noscript.conf: extended to match "script not found" with error AH02811 (and cgi-bin path segment in script) closes gh-2805	4 years ago
sebres	adbfdc222d	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	1c1a9b868c	no catch-alls, user name and error message stored in ticket	4 years ago
benrubson	840f0ff10a	Add Grafana jail	4 years ago
sebres	25e006e137	review and small tweaks (more precise and safe RE)	4 years ago
Mart124	df659a0cbc	Add Bitwarden syslog support	4 years ago
Sergey G. Brester	472bdc437b	Merge pull request #2723 from benrubson/softether Add SoftEtherVPN jail	4 years ago
Sergey G. Brester	010e76406f	small tweaks (both 2nd time and facility are optional, avoid catch-all, etc)	4 years ago
sebres	66ff90408f	Merge branch '0.10' into 0.11	4 years ago
sebres	d4adec7797	Merge branch '0.9' into 0.10	4 years ago
sebres	5430091acb	jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868)	4 years ago
benrubson	ec873e2dc3	Add SoftEtherVPN jail	4 years ago
sebres	6ef69b48ca	Merge branch '0.10' into 0.11	4 years ago
sebres	02525d7b6f	filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended with new rule closing flood attack vector, matching: error: kex_exchange_identification: Connection closed by remote host (gh-2850)	4 years ago
sebres	2817a8144c	`action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used)	4 years ago
sebres	1418bcdf5b	`action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836)	4 years ago
sebres	d253e60a8b	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	d977d81ef7	action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos	4 years ago
sebres	74b73bce8a	Merge branch '0.10' into 0.11	4 years ago
sebres	a038fd5dfe	`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`; small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules); closes gh-2821	4 years ago
Sergey G. Brester	70c601e9e5	involve config parameter (replaces hard-coded path); fixed typo in actionban (looks like copy&paste from trimmed tty)	4 years ago
sebres	4d2734dd86	Merge branch '0.10' into 0.11	4 years ago
sebres	ed20d457b2	jail.conf: removed action parameter `name` that set on jail-name (`name=%(__name__)s` is default in action reader)	4 years ago
sebres	db1f3477cc	amend to 3f04cba9f92a1827d0cb3dcb51e57d9f60900b4a: sendmail-auth has 2 failregex now, so rewritten with prefregex	4 years ago
sebres	3f04cba9f9	filter `sendmail-auth` extended to follow new authentication failure message introduced in sendmail 8.16.1, AUTH_FAIL_LOG_USER (gh-2757)	4 years ago
sebres	07fa9f2912	fixes gh-2787: allow to match `did not issue MAIL/EXPN/VRFY/ETRN during connection` non-anchored with extra mode (default names may deviate); additionally provides common addr-tag for IPv4/IPv6 (`(?:IPv6:<IP6>\|<IP4>)`) and test-coverage for IPv6	4 years ago
sebres	e9071b642a	Merge branch '0.10' into 0.11	4 years ago
benrubson	1707560df8	Enhance Guacamole jail	4 years ago
Chris Caron	2216fd8da4	Add Apprise Support (50+ Notifications)	4 years ago
sebres	067b76fc9e	Merge branch '0.10' into 0.11	4 years ago
sebres	9100d07c03	Merge branch '0.10-ipset-tout' into 0.10, amend to #2703 : resolves names conflict (command action timeout and ipset timeout); closes #2790	4 years ago
sebres	62a6771b33	Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763 action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)	4 years ago
sebres	73a8175bb0	resolves names conflict (command action timeout and ipset timeout); closes gh-2790	4 years ago
Sergey G. Brester	08dbe4abd5	fixed comment for loglevel, default is INFO	4 years ago
sebres	309c8dddd7	action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)	4 years ago
Jan Przybylak	a5ab4406d8	Removed unnecessary escape sequence This commit also contains changes to match requests that are 100% empty (by using "*" instead of "+" in the regex)	5 years ago
Jan Przybylak	d7ef5d166d	Removed vulnerable catchall & anchor	5 years ago
sebres	1da9ab78be	Merge branch '0.10' into 0.11	5 years ago
sebres	5a0edf61c9	filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749)	5 years ago
Jan Przybylak	3c83c19070	Added filter nginx-bad-request	5 years ago
aresdr	412120ac3c	Update drupal-auth.conf Small fix for Drupal 8. D8 uses "Login attempt failed from" while D7 uses "Login attempt failed for". The referer part is a must currently, but some requests did not have one and are not failing.	5 years ago
sebres	1588200274	Merge branch '0.10' into 0.11	5 years ago

1 2 3 4 5 ...

1846 Commits (246d0e1100943e35c9e799463f152621bd35a2b2)