fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	b78d1e439a	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	753fff9c15	amend to #2750 , add jail for new filter nginx-bad-request	4 years ago
Sergey G. Brester	071048b8f2	Merge pull request #2750 from janprzy/master Added filter nginx-bad-request	4 years ago
sebres	7965d652a1	filter.d/dovecot.conf: allow more verbose logging closes #2573	4 years ago
sebres	a6de9459fc	typo	4 years ago
RyuaNerin	bba8844af8	typo	4 years ago
mpoliwczak834	595ee7ed74	add submission	4 years ago
mpoliwczak834	0c12cb7970	add managesieve support dovecot filter	4 years ago
sebres	cc64ef25f6	filter.d/apache-noscript.conf: extended to match "script not found" with error AH02811 (and cgi-bin path segment in script) closes gh-2805	4 years ago
sebres	adbfdc222d	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	1c1a9b868c	no catch-alls, user name and error message stored in ticket	4 years ago
benrubson	840f0ff10a	Add Grafana jail	4 years ago
sebres	25e006e137	review and small tweaks (more precise and safe RE)	4 years ago
Mart124	df659a0cbc	Add Bitwarden syslog support	4 years ago
Sergey G. Brester	472bdc437b	Merge pull request #2723 from benrubson/softether Add SoftEtherVPN jail	4 years ago
Sergey G. Brester	010e76406f	small tweaks (both 2nd time and facility are optional, avoid catch-all, etc)	4 years ago
sebres	66ff90408f	Merge branch '0.10' into 0.11	4 years ago
sebres	d4adec7797	Merge branch '0.9' into 0.10	4 years ago
sebres	5430091acb	jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868)	4 years ago
benrubson	ec873e2dc3	Add SoftEtherVPN jail	4 years ago
sebres	6ef69b48ca	Merge branch '0.10' into 0.11	4 years ago
sebres	02525d7b6f	filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended with new rule closing flood attack vector, matching: error: kex_exchange_identification: Connection closed by remote host (gh-2850)	4 years ago
sebres	2817a8144c	`action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used)	4 years ago
sebres	1418bcdf5b	`action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836)	4 years ago
sebres	d253e60a8b	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	d977d81ef7	action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos	4 years ago
sebres	74b73bce8a	Merge branch '0.10' into 0.11	4 years ago
sebres	a038fd5dfe	`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`; small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules); closes gh-2821	4 years ago
Sergey G. Brester	70c601e9e5	involve config parameter (replaces hard-coded path); fixed typo in actionban (looks like copy&paste from trimmed tty)	4 years ago
sebres	4d2734dd86	Merge branch '0.10' into 0.11	4 years ago
sebres	ed20d457b2	jail.conf: removed action parameter `name` that set on jail-name (`name=%(__name__)s` is default in action reader)	4 years ago
sebres	db1f3477cc	amend to 3f04cba9f92a1827d0cb3dcb51e57d9f60900b4a: sendmail-auth has 2 failregex now, so rewritten with prefregex	4 years ago
sebres	3f04cba9f9	filter `sendmail-auth` extended to follow new authentication failure message introduced in sendmail 8.16.1, AUTH_FAIL_LOG_USER (gh-2757)	4 years ago
sebres	07fa9f2912	fixes gh-2787: allow to match `did not issue MAIL/EXPN/VRFY/ETRN during connection` non-anchored with extra mode (default names may deviate); additionally provides common addr-tag for IPv4/IPv6 (`(?:IPv6:<IP6>\|<IP4>)`) and test-coverage for IPv6	4 years ago
sebres	e9071b642a	Merge branch '0.10' into 0.11	4 years ago
benrubson	1707560df8	Enhance Guacamole jail	4 years ago
Chris Caron	2216fd8da4	Add Apprise Support (50+ Notifications)	4 years ago
sebres	067b76fc9e	Merge branch '0.10' into 0.11	4 years ago
sebres	9100d07c03	Merge branch '0.10-ipset-tout' into 0.10, amend to #2703 : resolves names conflict (command action timeout and ipset timeout); closes #2790	4 years ago
sebres	62a6771b33	Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763 action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)	4 years ago
sebres	73a8175bb0	resolves names conflict (command action timeout and ipset timeout); closes gh-2790	4 years ago
Sergey G. Brester	08dbe4abd5	fixed comment for loglevel, default is INFO	4 years ago
sebres	309c8dddd7	action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)	4 years ago
Jan Przybylak	a5ab4406d8	Removed unnecessary escape sequence This commit also contains changes to match requests that are 100% empty (by using "*" instead of "+" in the regex)	5 years ago
Jan Przybylak	d7ef5d166d	Removed vulnerable catchall & anchor	5 years ago
sebres	1da9ab78be	Merge branch '0.10' into 0.11	5 years ago
sebres	5a0edf61c9	filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749)	5 years ago
Jan Przybylak	3c83c19070	Added filter nginx-bad-request	5 years ago
aresdr	412120ac3c	Update drupal-auth.conf Small fix for Drupal 8. D8 uses "Login attempt failed from" while D7 uses "Login attempt failed for". The referer part is a must currently, but some requests did not have one and are not failing.	5 years ago
sebres	1588200274	Merge branch '0.10' into 0.11	5 years ago
Sergey G. Brester	43f699b872	grammar / typos	5 years ago
Sergey G. Brester	368aa9e775	Merge pull request #2689 from benrubson/gitlab New Gitlab jail	5 years ago
Sergey G. Brester	01e92ce4a6	added fallback using tr and sed (jq is optional now)	5 years ago
Sergey G. Brester	1c1b671c74	Update cloudflare.conf	5 years ago
Sergey G. Brester	5b8fc3b51a	cloudflare: fixes ip to id conversion by unban using jq normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)	5 years ago
Viktor Szépe	852670bc99	CloudFlare started to indent their API responses We need to use https://github.com/stedolan/jq to parse it.	5 years ago
Ilya	8b3b9addd1	Change tool from 'cut' to 'sed' Sed regex was tested - it works.	5 years ago
Ilya	5da2422f61	Fix actionunban Add command to remove new line character. Needed for working removing rule from cloudflare firewall.	5 years ago
sebres	87a1a2f1a1	action.d/-ipset.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only)	5 years ago
sebres	6b90ca820f	filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently: - `normal`: matches 401 with supplied username only - `ddos`: matches 401 without supplied username only - `aggressive`: matches 401 and any variant (with and without username) closes gh-2693	5 years ago
sebres	affd9cef5f	filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697)	5 years ago
sebres	06b46e92eb	jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead); no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357; ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686); don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.	5 years ago
benrubson	2912bc640b	New Gitlab jail	5 years ago
sebres	136781d627	filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682)	5 years ago
Jordi Sanfeliu	ede2009708	added new jail (and filter) Monitorix	5 years ago
sebres	38b32a9a72	Merge branch '0.10' into 0.11	5 years ago
sebres	22a04dae05	Merge branch '0.9' into 0.10 (gh-2246)	5 years ago
Sergey G. Brester	b1e1cab4b7	Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2 Improve regex in proftpd.conf	5 years ago
sebres	606bf110c9	filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE (closes gh-2662)	5 years ago
sebres	32f02ef3b3	Merge branch '0.10' into 0.11	5 years ago
sebres	42714d0849	filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it); amend to `62b1712d22` (PR #2387, backend-related option `logtype`); testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)	5 years ago
sebres	e6ca04ca9d	Merge branch '0.10' into 0.11 + version bump (back to dev)	5 years ago
sebres	ab3a7fc6d2	filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect	5 years ago
sebres	ceeba99f25	replace internals of several iptables-ipset actions using internals of iptables include: - better check mechanism (using `-C`, option `--check` is available long time); - additionally iptables-ipset is a common action for iptables-ipset-proto6-* now (which become obsolete now); - many features of different iptables actions are combinable as single chain/rule (can be supplied to action as parameters); - tests adjusted.	5 years ago
sebres	d26209e2c6	first attempt to make certain standard actions breakdown safe starting with iptables: - better check mechanism (using `-C`, option `--check` is available long time); - additionally iptables is a replacement for iptables-common now, several actions using this as include now become obsolete; - many features of different iptables actions are combinable as single chain/rule (can be supplied to action as parameters);	5 years ago
sebres	7282cf91b0	Merge branch '0.10' into 0.11	5 years ago
sebres	9137c7bb23	filter processing: - avoid duplicates in "matches" (previously always added matches of pending failures to every next real failure, or nofail-helper recognized IP, now first failure only); - several optimizations of merge mechanism (multi-line parsing); fail2ban-regex: better output handling, extended with tag substitution (ex.: `-o 'fail <ip>, user <F-USER>: <msg>'`); consider a string containing new-line as multi-line log-excerpt (not as a single log-line) filter.d/sshd.conf: introduced parameter `publickey` (allowing change behavior of "Failed publickey" failures): - `nofail` (default) - consider failed publickey (legitimate users) as no failure (helper to get IP and user-name only) - `invalid` - consider failed publickey for invalid users only; - `any` - consider failed publickey for valid users too; - `ignore` - ignore "Failed publickey ..." failures (don't consider failed publickey at all) tests/samplestestcase.py: SampleRegexsFactory gets new failJSON option `constraint` to allow ignore of some tests depending on filter name, options and test parameters	5 years ago
sebres	1492ab2247	improve processing of pending failures (lines without ID/IP) - fail2ban-regex would show those in matched lines now (as well as increase count of matched RE); avoid overwrite of data with empty tags by ticket constructed from multi-line failures; amend to d1b7e2b5fb2b389d04845369d7d29db65425dcf2: better output (as well as ignoring of pending lines) using `--out msg`; filter.d/sshd.conf: don't forget mlf-cache on "disconnecting: too many authentication failures" - message does not have IP (must be followed by "closed [preauth]" to obtain host-IP).	5 years ago
Sergey G. Brester	774dda6105	filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth	5 years ago
Sergey G. Brester	34d63fccfe	close gh-2629 - jail.conf (action_blocklist_de interpolation): replace service parameter (use jail name instead of filter, which can be empty)	5 years ago
Mihail Politaev	303861d7c7	Using native firewalld ipset implementation By creating additional action file firewallcmd-ipset-native.conf	5 years ago
sebres	a7c68ea19f	Merge branch '0.10' into 0.11	5 years ago
sebres	569dea2b19	filter.d/mysqld-auth.conf: capture user name in filter (can be more strict if user switched, used in action or fail2ban-regex output); also add coverage for mariadb 10.4 log format (gh-2611)	5 years ago
sebres	70e47c9621	Merge branch '0.10' into 0.11	5 years ago
sebres	ec37b1942c	action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596)	5 years ago
sebres	4860d69909	Merge branch '0.10' into 0.11	5 years ago
sebres	f77398c49d	filter.d/sshd.conf: captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra` (with supplied user only) and `ddos`/`aggressive` mode (`normal` mode is not affected, used there just as a helper with `<F-NOFAIL>` to capture IP for multiline failures without IP); closes gh-2115, gh-2362.	5 years ago
sebres	587e4ff573	Merge branch '0.10' into 0.11 (conflicts resolved)	5 years ago
sebres	67fd75c88e	pass2allow-ftp: inverted handling - action should prohibit access per default for any IP, so reset start on demand parameter for this action (will be started immediately).	5 years ago
sebres	8f6ba15325	avoid unhandled exception during flush, better invariant check (and repair), avoid repair by unban/stop etc...	5 years ago
Mart124	e763c657c4	Let's get back to WRN	5 years ago
Mart124	d7b707b09d	Update bitwarden.conf	5 years ago
Mart124	869327e9b1	Update bitwarden.conf	5 years ago
Mart124	79caeaa520	Create bitwarden.conf	5 years ago
Mart124	30e742a849	Update jail.conf	5 years ago
Mart124	ef394b3cf0	Update jail.conf	5 years ago
sebres	24d1ea9aa2	Merge branch '0.10' into 0.11	5 years ago
Sergey G. Brester	e4c2f303bd	Merge pull request #2550 from CPbN/centreonjail Add Centreon jail	5 years ago
sebres	0e8a8edb5e	filter.d/sendmail-*.conf: both filters have same `__prefix_line` now (and same RE for ID, 14-20 chars long, optional) + adjusted test cases (gh-2563)	5 years ago
Henry van Megen	548e2e0054	sendmail-auth.conf: filter updated for longer mail IDs (up to 20, see gh-2562)	5 years ago
sebres	5cf064a112	monit: accepting both logpath's: monit and monit.log, closes gh-2495	5 years ago
CPbN	9e699646f8	Add Centreon jail	5 years ago
CPbN	18ba714f97	Add Centreon jail	5 years ago
sebres	3515d06979	Merge branch '0.10' into 0.11	5 years ago
sebres	85ec605358	nftables: amend to gh-2254 - implemented shutdown of action (proper clean-up) - at stop it checks now the last set was deleted and removes table completely (if table does not contain any set); this is avoided if some sets were added manually or can be avoided via overwriting of parameter `_nft_shutdown_table`, for example: banaction = nftables[_nft_shutdown_table=''][...]	5 years ago
sebres	51af193402	nftables: add options allowing to specify own table (default `f2b-table`) and chain (default `f2b-chain`)	5 years ago
sebres	955d690e56	regrouping expressions with curly braces, added more escapes (better handling in posix shell)	5 years ago
sebres	0824ad0d73	Merge branch '0.10' into 0.11	5 years ago
Sergey G. Brester	54298fe761	Merge pull request #2254 Nftables: isolate fail2ban rules into a dedicated table and chain	5 years ago
sebres	d1a73d3004	filter.d/apache-auth.conf: - ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548); - extended with option `mode` - `normal` (default) and `aggressive` close gh-2548	5 years ago
sebres	8c6a547215	Merge branch '0.10' into 0.11	5 years ago
sebres	50595b70fd	filter.d/mysqld-auth.conf: ISO timestamp format (dual time) within log message (https://serverfault.com/questions/982126/fail2ban-fails-to-recognize-ip)	5 years ago
sebres	9e28b6c65f	filter.d/asterisk.conf: relaxing protocol RE-part before IP in RemoteAddress (gh-2531)	5 years ago
sebres	8ea00c1d5d	fixed mistake in config (semicolon after space as comment in configs?) and coverage, suppress errors by unsupported flush, better space handling in helper _nft_get_handle_id, etc	5 years ago
sebres	492205d30e	action.d/nftables.conf: implemented `actionflush` (allows flushing nftables sets resp. fast unban of all jail tickets at all)	5 years ago
sebres	abc4d9fe37	allow to use multiple protocols in multiport (single set with multiple rules in chain): `banaction = nftables[type=multiport]` with `protocol="tcp,udp,sctp"` in jail replace 3 separate actions. more robust if deleting multiple references to set (rules in chain)	5 years ago
sebres	c753ffb11d	combine nftables actions to single action: - nftables-common is removed - nftables-allports is obsolete, replaced by nftables[type=allports] - nftables-multiport is obsolete, replaced by nftables[type=multiport]	5 years ago
sebres	c59d49da22	nftables-allports: support multiple protocols in single rule; tests/servertestcase.py: added coverage for nftables actions	5 years ago
Ririsoft	dde51b4682	fix actionban/unban ip definition syntax	5 years ago
Monson Shao	1cda50ce05	Rewrite nftables variables based on nftables' logic. Add an example for redirecting.	5 years ago
sebres	990c410877	Merge branch '0.10' into 0.11 # Conflicts (resolved): # fail2ban/client/jailreader.py	5 years ago
sebres	a36b70c7b5	filter.d/znc-adminlog.conf: support logging format of systemd-journal, bypass port after address (optional, removed end-anchor, see gh-2520)	5 years ago
sebres	1cdd618232	Merge branch '0.10' into 0.11	5 years ago
sebres	5d5253dd70	Merge branch '0.10' into 0.11	5 years ago
sebres	91923b5c07	don't need to match identifier exactly (@ is precise enough as prefix), not capturing group; `prefregex` extended, more selective now (denied/NOTAUTH suffix moved from `failregex`, so no catch-all there anymore); update ChangeLog	5 years ago
Joe Horn	4395469226	Update named-refused.conf Log format changed since ver. 9.11.0 Ref. ftp://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html "The logging format used for querylog has been altered. It now includes an additional field indicating the address in memory of the client object processing the query."	5 years ago
Sergey G. Brester	a395361de8	Merge pull request #2467 from sebres/logtype-option-rfc5424 New option `logtype` value - `rfc5424`	5 years ago
sebres	581f13c2db	Merge branch '0.10' into 0.11	5 years ago
Sergey G. Brester	0dfd4f1f41	Merge pull request #2404 from benrubson/badprotocol filter.d/sshd.conf: matches "Bad protocol version identification" in ddos and aggressive modes.	5 years ago
Sergey G. Brester	119401fced	Merge pull request #2452 from benrubson/badips Badips key is only used to retrieve list	5 years ago
sebres	af611db859	Merge branch '0.10' into 0.11	5 years ago
sebres	5e980afbb8	filter.d/apache-noscript.conf: closes #2466 - matches "Primary script unknown" without "\n" (optional now)	5 years ago
sebres	62b1712d22	amend to #2387 : - common.conf: rewritten using section-based handling round about option logtype; - option `logtype` extended with `rfc5424` to cover RFC 5424 log-format (see #2309);	5 years ago
benrubson	8b171f7d25	Badips key is only used to retrieve list	6 years ago
sebres	80f97eaf02	Merge branch '0.10' into 0.11	6 years ago
sebres	e751be2c13	normalize, simplify and fix several mail actions (mail and sendmail actions are more similar now, sendmail is configurable via parameter `mailcmd`, etc); added test covering sendmail-whois-lines	6 years ago
sebres	5045c4bb00	Merge branch '0.10' into 0.11	6 years ago
girst	a7dc3614c4	znc-adminlog: use `<ADDR>` instead of `<HOST>`	6 years ago
girst	b288ccd6b6	new filter: znc-adminlog	6 years ago
sebres	2e7a600851	Merge branch '0.10' into 0.11	6 years ago
sebres	22b9304562	action.d/badips.py: fix start of banaction on demand (which may be IP-family related), supplied action info with ticket instead of simulating it with dict; (closes gh-2390)	6 years ago
sebres	0ed3a63151	Merge branch '0.10' into 0.11	6 years ago
sebres	e5ae113215	filter.d/postfix.conf: extended with new postfix filter mode `errors` to match "too many errors" (gh-2439), also included within modes `normal`, `more` (`extra` and `aggressive`), since postfix parameter `smtpd_hard_error_limit` is default 20 (additionally consider `maxretry`)	6 years ago
sebres	3b2f75414c	filter.d/postfix.conf: extended regexp's to accept variable suffix code in status of postfix for precise messages (gh-2442)	6 years ago
sebres	3d4044084a	Merge branch '0.10' into 0.11	6 years ago
Sergey G. Brester	7dbd3a07eb	cut comment to limit documented on abuseipdb, additionally use curl in quiet mode	6 years ago
Carlos Ferreira	7b73cb7639	Switch to AbuseIPDB API v2	6 years ago
sebres	5137cd2ec8	Merge branch '0.10' into 0.11	6 years ago
sebres	49bf6132cc	amend for 3036ed18893b6aae6619e53201aa53deb701b94f: eliminate "invalid sequence" warnings	6 years ago
sebres	f69a8693fc	Merge branch '0.10' into 0.11	6 years ago

1 2 3 4 5 ...

1846 Commits (246d0e1100943e35c9e799463f152621bd35a2b2)