github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,386 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

1083 Commits (25c2334bc89a28812b1a3dc9ce4f3a8b502aeb0f)

Author SHA1 Message Date
jblachly 25c2334bc8 SmartOS PAM Authentication failed (not failURE) 
SmartOS (and likely other Illumos platforms) enter log entries for failed sshd logins of the form:
`Authentication failed for USER from HOST`
The current sshd.conf regex matches `failure` -- add to this a match for `failed` to support Illumos
 2016-03-16 13:52:01 -04:00
Johannes Weberhofer bd25a43417 define journalmatch setting for pure-ftps 2016-03-11 18:19:53 +01:00
Yaroslav Halchenko 385b50e4a9 Merge pull request #1343 from denics/master 
adding wp-admin to bot search
 2016-03-07 10:23:37 -05:00
Denix ed0e572bfc added wp-admin 
bot are very annoying and I am getting a lot of checks on wp-admin. This should calm them.
 2016-03-02 16:52:03 +01:00
Yaroslav Halchenko 6ffbc1ffad ENH: revert back to having detailed suffix anchored at the end for mysqld-auto.conf 
As discussed in https://github.com/fail2ban/fail2ban/pull/1333#discussion_r54100127
 2016-02-28 12:07:46 -05:00
Yaroslav Halchenko 3e31145c33 Merge pull request #1331 from whyscream/postfix-multi-instance-support 
Add support for matching postfix multi-instance daemon names by default
 2016-02-28 12:00:24 -05:00
sebres 667785b608 mysqld: failregex fixed (accepts different log level, more secure expression now); 
closes #1332
 2016-02-24 17:17:51 +01:00
Tom Hendrikx 6c606cf98f Add support for matching postfix multi-instance daemon names by default 2016-02-23 20:23:04 +01:00
Yaroslav Halchenko 905c87ca4a Merge pull request #1310 from yarikoptic/pr-1288 
NF: HAProxy HTTP Auth filter
 2016-02-11 08:35:48 -05:00
sebres d8e81eb417 regexp rewritten (few vulnerable as previous) + test case added 2016-02-08 12:01:25 +01:00
3eBoP 257b7049d8 Update asterisk filter: changed regex for "Call from ...". Sometimes extension can have a plus symbol (+) because they can be phone number. 
Closes #1309
 2016-02-08 11:51:37 +01:00
Pierre GINDRAUD b5a07741c8 Add new regex into postfix filter. The new regexp is able to detect bad formatted SMTP EHLO command 2016-02-08 11:11:59 +01:00
Yaroslav Halchenko 3f437b32db Merge remote-tracking branch 'pr/1288/head' 
* pr/1288/head:
  Update haproxy-http-auth.conf
  Added HAProxy HTTP Auth filter

 Conflicts:
	config/jail.conf - resolved + removed unnecessary filter/enabled (defaults should be as good)
 2016-01-28 08:51:45 -05:00
Yaroslav Halchenko 377ea32441 Merge pull request #1295 from obounaim/master 
The sender option is ignored by some actions
 2016-01-28 08:48:22 -05:00
Serg G. Brester fe14c8fa05 Merge pull request #1292 from albel727/master 
Add nftables actions
 2016-01-24 23:55:50 +01:00
Jordan Moeser d7b46509d8 Update haproxy-http-auth.conf 
Updated failregex to be more strict
 2016-01-12 08:37:33 +10:00
local 40c0bed82c action_mw, action_mwl, action_cf_mwl ignore the "sender" option when sending a notification email. 
This commit adds "sender="%(sender)s"" to the three actions to correct this issue.
 2016-01-10 00:05:03 +01:00
Yaroslav Halchenko 5d0d96a5cb Merge pull request #1286 from yarikoptic/enh-jail 
ENH: harmonize jail.conf + 1 more test that passed bantime is non-degenerate and int
 2016-01-08 08:51:08 -05:00
Alexander Belykh 985e8938a4 Refactor nftables actionstop into smaller parts 2016-01-06 17:39:54 +06:00
Alexander Belykh 9779eeb986 Add nftables_type/family/table parameters 2016-01-06 17:33:14 +06:00
Alexander Belykh 260c30535d Escape curly braces in nftables actions 2016-01-06 17:13:30 +06:00
Alexander Belykh 1983e15580 Add empty line between parameters in nftables-common.conf 2016-01-06 16:55:29 +06:00
Alexander Belykh f7f91a8bd4 Refactor common code out of nftables-multiport/allports.conf 2016-01-05 19:03:47 +06:00
sebres 69f5623f83 code simplifying (remove duplication): agent will be always supplied as parameter from jail.conf 2016-01-04 09:30:32 +01:00
Alexander Belykh 618e97bce8 Add nftables actions 2016-01-04 01:36:28 +06:00
sebres ac31121432 amend to fix fail2ban-version: correct user-agent for badips.py "Fail2Ban/ver", changeable within jail/config now; 2015-12-31 02:32:17 +01:00
Jordan Moeser e133762a28 Added HAProxy HTTP Auth filter 2015-12-31 11:16:23 +10:00
sebres cf334421bd Provides fail2ban version to jail (as interpolation variable during parse of jail.conf); 
BF: use `fail2ban_agent` as user-agent in actions badips, blocklist_de, etc. (closes #1271, closes #1272)
 2015-12-31 01:38:25 +01:00
Yaroslav Halchenko 28c9832293 RF: harmonize jail.conf (no explicit enabled=false in jails, match filter name for screesharingd, etc) 2015-12-29 19:43:52 -05:00
Yaroslav Halchenko 69aa1feac0 Merge "Mac OS Screen Sharing filter" PR 1232 
* pr/1232/head:
  removed system.log
  Removed old svn revision comment
  removed false matches
  Removed includes comment for screensharing jail
  Now using a literal logpath for screensharing jail
  Fixed blatant typo in regex
  clarified comments on sample log format
  Fixed name (again?)
  Made screensharing jail off by default
  Changed regex prequel
  added entry for new screensharingd filter
  name change & new sample data
  Added json metadata
  Sample log for test case
  Replaced .* with literal
  Update jail.conf
  Added new path variable for system.log
  Added in settings for screensharingd filter
  Created file

Conflicts:
	ChangeLog - moved to New Features
	config/jail.conf  - kept at the end
 2015-12-29 19:36:59 -05:00
Yaroslav Halchenko 26dd6d7425 Merge pull request #1258 from aleksandrs-ledovskis/feature/postfix-domain-not-found-failregex 
Add 'Sender address rejected: Domain not found' Postfix failregex
 2015-12-18 09:23:54 -05:00
Ross Brown 8d12dba245 Merge remote-tracking branch 'upstream/master' 2015-12-17 18:01:17 +00:00
Ross Brown ead2d509dc Updated 'murmur' filter to use new double-anchored regex based on @yarikoptic's suggestions. 2015-12-17 17:45:24 +00:00
Yaroslav Halchenko 5d6cead996 ENH: sshd filter -- match new "maximum auth attempts exceeded" (Closes #1269) 2015-12-13 23:21:04 -05:00
Ross Brown 106c3eab9a Added filter and jail for murmur/mumble-server. 2015-11-29 15:56:56 +00:00
Aleksandrs Ļedovskis fa59a6850f Add 'Sender address rejected: Domain not found' Postfix failregex 
Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>
 2015-11-22 12:01:15 +02:00
Orion Poplawski c656cb0d36 Merge branch 'master' into journaldefault 
Conflicts:
	ChangeLog
 2015-11-13 15:22:59 -07:00
Orion Poplawski ba76f4ca2f Fix typo 2015-11-02 15:21:14 -07:00
Simon Brown 69bb532db0 removed system.log 2015-11-02 09:26:45 -08:00
Simon Brown 3e16f33dbe Removed old svn revision comment 2015-11-02 09:08:47 -08:00
Serg G. Brester eef7771b4e Merge pull request #1238 from sebres/fix/gh-1216 
Fixed directly defined banaction for allports jails like pam-generic, recidive, etc
 2015-10-31 13:17:04 +01:00
sebres e825e977cc Nginx log paths extended (prefixed with "*" wildcard) 
closes gh-1237
 2015-10-30 17:51:30 +01:00
sebres f359ed8c36 Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added); 
closes gh-1216
 2015-10-30 15:36:18 +01:00
Simon Brown 5839a3bd80 Removed includes comment for screensharing jail 2015-10-29 16:07:54 -07:00
sebres 53b39162a1 Shortly, much faster and stable version of regexp (possible because expression is start-anchored and does not contains closely to catch-all sub expressions) 2015-10-29 23:55:23 +01:00
sebres 6884593ab8 New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) 2015-10-29 23:15:20 +01:00
Orion Poplawski 0661aece46 Merge branch 'master' into journaldefault 
Conflicts:
	ChangeLog
 2015-10-29 15:22:37 -06:00
Simon Brown 65bc5cf6ba Now using a literal logpath for screensharing jail 2015-10-29 09:03:01 -07:00
Simon Brown cabd46f069 Fixed blatant typo in regex 
However, still failing test, even though ```PYTHONPATH=. fail2ban-regex -v fail2ban/tests/files/logs/screensharingd  /etc/fail2ban/filter.d/screensharingd.conf``` gives desired result
 2015-10-28 20:58:25 -07:00
Simon Brown acee68a9ee Made screensharing jail off by default 
Also added note about requiring paths-osx.conf.
 2015-10-28 15:11:11 -07:00