František Šumšal
1c6d2074fb
Changed default settings for nginx-botseach filter
2015-02-04 01:48:59 +01:00
Orion Poplawski
e7ff7e90b7
[postfix-sasl] update regexes
...
- Add : to match "SASL LOGIN authentication failed: Password:"
- Add ignoreregex to ignore system authentication issues:
"warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Connection lost to authentication server"
- Add test log messages for both
2015-02-03 11:30:16 -07:00
František Šumšal
fb0f463eac
Include consistency
2015-02-03 15:54:05 +01:00
František Šumšal
705718be52
Filter apache-botsearch.conf now loads variables from botsearch-common.conf
2015-02-03 04:44:33 +01:00
František Šumšal
18778d9174
Created botsearch-common.conf
...
File contains variables used in -botsearch filters
2015-02-03 04:25:47 +01:00
Yaroslav Halchenko
73af02ffc6
Merge pull request #940 from leeclemens/ENH/ApacheFakeGoogleBot
...
New jail: apache-fakegooglebot
2015-02-02 21:44:04 -05:00
Yaroslav Halchenko
df581fe6e2
Merge pull request #929 from opoplawski/pam_auth
...
Add filter variable __pam_auth to allow customize for setups with multiple authorization schemes (Close #928 )
2015-02-02 21:42:10 -05:00
Yaroslav Halchenko
7ada96b4e9
Merge pull request #932 from opoplawski/dovecot
...
Dovecot - dovecot auth failure from EL7
2015-02-02 21:37:28 -05:00
František Šumšal
f8fe165cd2
Switched from tabs to spaces for indents
2015-02-03 03:35:22 +01:00
Yaroslav Halchenko
8f6d9c6a5a
Merge branch 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban
...
* 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban :
fixed typos, thanks szepeviktor for review
ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)
Conflicts:
ChangeLog
2015-02-02 21:21:44 -05:00
Lee Clemens
841c476045
Merge branch 'enh/fakegooglebot' of https://github.com/yarikoptic/fail2ban into yarikoptic-enh/fakegooglebot
...
Conflicts:
config/filter.d/ignorecommands/apache-fakegooglebot
2015-02-02 13:01:23 -05:00
Yaroslav Halchenko
15b65c7ad2
NF: apache-fakegooglebot ignorecommand + DNSUtils.ipToName
2015-02-02 12:19:20 -05:00
Lee Clemens
7e94ba6f0c
Remove implementation specific suffix
2015-02-02 11:43:05 -05:00
Lee Clemens
854915920f
Remove implementation specific suffix
2015-02-02 11:38:23 -05:00
Lee Clemens
af078532ac
New jail: apache-fakegooglebot
...
Detects fake googlebot user agents in apache access log
2015-02-02 00:42:01 -05:00
Viktor Szépe
1619ab3145
Added sendmail-geoip-lines.conf
2015-02-01 00:06:56 +01:00
Yaroslav Halchenko
ec6a30efcf
ENH: define ignoreregex for all filters explicitly, to avoid warnings ( Closes #934 )
2015-01-30 10:38:28 -05:00
František Šumšal
c8e82f18b6
Add jail nginx-botsearch
...
Jail blocks requests for predefined non-existent folders. Based on
apache-botsearch jail.
2015-01-29 17:57:52 +01:00
Orion Poplawski
b4776a1ba0
Match dovecot unknown user line
2015-01-29 09:37:37 -07:00
Orion Poplawski
3bc92610f7
Add dovecot auth failure from EL7
2015-01-29 09:11:59 -07:00
Andrew St. Jean
6bdfe756cf
Changed default TTL value to 60 seconds.
2015-01-28 22:46:43 -05:00
Orion Poplawski
79b5a2617f
Add filter variable __pam_auth to allow easier changing of pam auth backend
2015-01-27 14:34:27 -07:00
Andrew St. Jean
43732acae1
Added a reminder to create an nsupdate.local file to set required options.
2015-01-26 21:48:16 -05:00
Yaroslav Halchenko
085d0f72ed
ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)
2015-01-26 09:19:44 -05:00
Yaroslav Halchenko
65980a70fc
Merge branch 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban
...
* 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban :
use iptables-allports for recidive
Conflicts:
ChangeLog
2015-01-26 09:04:42 -05:00
rumple010
eb76dcd5a0
add nsupdate action
...
Adds a new action file that uses nsupdate to dynamically update a BIND
zone file with a TXT resource record representing a banned IP address.
Resource record is deleted from the zone when the ban expires.
2015-01-25 23:15:07 -05:00
sebres
12e3cca3f2
port[s] typo fixed in jail.conf/nginx-http-auth, issue gh-913
2015-01-19 10:28:53 +01:00
Yaroslav Halchenko
083031524d
BF: adding missing Definition section header to firewallcmd-allports
2015-01-08 21:14:50 -05:00
TorontoMedia
d7b7f4bc91
Update firewallcmd-allports.conf
2015-01-08 21:06:43 -05:00
Lee Clemens
77677e43df
Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL
2015-01-07 20:39:04 -05:00
Lee Clemens
bda8dc1926
Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL
2015-01-03 15:29:42 -05:00
TorontoMedia
7eed55266b
Created firewallcmd-multiport
2015-01-01 12:46:48 -05:00
TorontoMedia
9f91cb2fd8
Created firewallcmd-allports
2015-01-01 12:44:34 -05:00
TorontoMedia
50e5fd9ed7
Create firewallcmd-multiport.conf
2015-01-01 05:32:41 -05:00
TorontoMedia
591e444753
Create firewallcmd-allports.conf
2015-01-01 05:32:06 -05:00
Lee Clemens
0f48cf4284
loosen up regex for spamhaus (spamcop says "Blocked" as part of url)
2014-12-30 19:14:39 -05:00
Lee Clemens
fe72a5585c
Create Jail for Postfix based on RBL
...
Use RBL blocks to ban addresses, unique Jail so maxretry can be set to 1 (vs postfix.conf)
2014-12-30 19:06:17 -05:00
Lee Clemens
2d7429c47c
Add 'Client host rejected error message' regex
...
Not sure if it was reworded (using Postfix 2.6) or a slightly different error, but I only have "Client host rejected: cannot find your hostname"
2014-12-30 18:05:19 -05:00
Viktor Szépe
81b3dbde1d
postfix-sasl failregex case insensitive
2014-12-11 00:10:37 +01:00
bes-internal
ccc986b7d8
exim filter: correct failregex for exim with extended log options
...
incoming_interface, incoming_port, outgoing_port
2014-12-04 13:34:44 +03:00
Orion Poplawski
d8867807f5
Separate php-url-fopen logpath by newline
2014-11-28 22:04:09 -07:00
Guillaume FRANCOIS
a6a2dc868b
Add ignoreregex to avoid warning on start
2014-11-12 11:05:56 +01:00
Guillaume FRANCOIS
9269664350
Add ignoreregex to avoid warning on start
2014-11-12 10:30:28 +01:00
Yaroslav Halchenko
2a3790f8e8
use iptables-allports for recidive
2014-11-04 13:24:54 -05:00
Yaroslav Halchenko
967485c2d0
improving grepping
2014-10-29 23:14:47 -04:00
Yaroslav Halchenko
efbf5064a1
Merge pull request #807 from xslidian/patch-1
...
grep IP at the start of lines
2014-10-29 23:07:10 -04:00
Orion Poplawski
01b2673e34
Use multiport for firewallcmd-new
2014-10-29 16:27:37 -06:00
Yaroslav Halchenko
36abb5ed96
BF: fix $ for % in jail.conf. Debian bug #767255
2014-10-29 13:08:51 -04:00
pacop
e3a037ee3f
merge master
2014-10-25 18:15:34 +02:00
pacop
ce4f2d1c88
added filter for PortSentry with jail and samples
2014-10-04 15:08:12 +02:00
SlowRiot
fc5f729f01
adding jail conf for shellshock filter
2014-09-26 16:37:50 +01:00
SlowRiot
4f636eb0e3
adding filter to detect Shellshock attack attempts against bash scripts through apache. See http://seclists.org/oss-sec/2014/q3/650
2014-09-26 16:25:07 +01:00
Nick Weeds
2c158fe168
Add apache filter for AH01630 client denied by server configuration
2014-09-14 21:54:05 +01:00
Yaroslav Halchenko
0e1f8f7f39
RF: remove those two additional failregexes for the postfix
...
see comment
https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426
2014-09-13 10:25:27 -04:00
Yaroslav Halchenko
96c20c8379
Merge pull request #804 from pleasantone/master
...
Add support for postfix/submission/smtpd matching.
2014-09-13 10:24:06 -04:00
Yaroslav Halchenko
c58c4de9bc
ENH: add empty ignoreregex to avoid a warning ( Close #805 )
2014-09-13 10:18:37 -04:00
Dean Lee
ba44ff312b
grep IP at the start of lines
...
I'm not sure if this regex works best, so I'm patching this single file as a sample.
Don't forget to update `mail-whois-lines.conf` after this patch got merged.
For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
2014-09-09 14:55:34 +08:00
Paul Traina
249e169d8e
Update test cases and also suport smtps per request.
2014-09-08 11:53:51 -07:00
Daniel Black
1864f75b3b
Credits and notes from #806
2014-09-08 19:02:37 +10:00
weberho
d2c086b187
fixed encoding
2014-09-08 10:26:08 +02:00
weberho
218ffe862e
fixed encoding
2014-09-08 10:23:07 +02:00
Paul Traina
544cfaff2c
Add support for postfix/submission/smtpd matching.
2014-09-06 10:23:38 -07:00
Yaroslav Halchenko
0d9cfb84e3
Merge pull request #778 from yarikoptic/enh/symbiosis
...
ENH: symbiosis-blacklist-allports action
2014-08-20 23:00:11 -04:00
Yaroslav Halchenko
426ed7ff2f
Merge pull request #780 from opoplawski/logpath
...
Fxi jail.conf to use more syslog macros
2014-08-20 22:59:23 -04:00
Yaroslav Halchenko
93243e7d57
ENH: Ignore errors while unbaning in symbiosis firewall
...
Fail2Ban at times "interfers" with the firewall reflashing thus leading
to the sporadic errors. IMHO should be safe to ignore
2014-08-12 11:57:07 -04:00
Luc Maisonobe
763115b1eb
added systemd configuration for postfix-sasl.conf
2014-08-11 21:54:27 +02:00
Yaroslav Halchenko
aee560b1c6
Merge branch 'master' of git://github.com/fail2ban/fail2ban
...
* 'master' of git://github.com/fail2ban/fail2ban:
1.5 version of Fail2ban logwatch file
Fix typos.
2014-08-11 13:10:02 -04:00
Yaroslav Halchenko
6fc04c2256
Merge branch 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban (with some tune up to Changelog entry)
...
* 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban :
ENH: cyrus-imap -- catch also 'user not found' attempts
BF: cyrus-imaps -- catch also for secured daemons
Conflicts:
ChangeLog
2014-08-11 13:09:43 -04:00
Yaroslav Halchenko
f403bad0ab
Merge pull request #775 from alimony/patch-1
...
Fix typos.
2014-08-11 13:08:30 -04:00
Yaroslav Halchenko
b79a82ebdd
minor typo
2014-08-08 15:57:41 -04:00
Orion Poplawski
6b554fbe98
Fxi jail.conf to use more syslog macros
2014-08-08 13:27:32 -06:00
Yaroslav Halchenko
818dd59d65
ENH: symbiosis-blacklist-allports action
2014-08-08 11:57:30 -04:00
Markus Amalthea Magnuson
7b76322898
Fix typos.
2014-08-02 12:21:59 +02:00
Yaroslav Halchenko
4a23a7dcf1
Merge pull request #766 from leftyfb/master
...
Added cloudflare action
2014-07-28 15:34:09 -04:00
leftyfb
6dbd449f77
Changed to Cloudflare JSON API
2014-07-28 11:10:50 -04:00
Jisoo Park
2e7b8adb3b
Fix sieve filter to use correct option
2014-07-28 23:42:02 +09:00
Yaroslav Halchenko
f19c5fc939
Merge pull request #770 from eltrai/master
...
Forwards bantime to action scripts
2014-07-28 10:17:08 -04:00
Yaroslav Halchenko
f9cfbd66e6
Merge pull request #771 from szepeviktor/patch-1
...
named users + smtp auth probes
2014-07-28 10:14:18 -04:00
Szépe Viktor
143a55bf26
Update courier-smtp.conf
2014-07-28 12:51:38 +02:00
Yaroslav Halchenko
2d7f2fa33f
Merge pull request #756 from marclaporte/patch-1
...
typo
2014-07-27 21:49:24 -04:00
Yaroslav Halchenko
45c1095606
Merge pull request #750 from niorg/master
...
Added Directadmin filter, jail and log test
2014-07-27 21:47:07 -04:00
Yaroslav Halchenko
3339dc8d84
ENH: cyrus-imap -- catch also 'user not found' attempts
2014-07-25 10:13:04 -04:00
Yaroslav Halchenko
3e5c598b79
BF: cyrus-imaps -- catch also for secured daemons
2014-07-25 10:02:40 -04:00
Szépe Viktor
d757ef584f
Update courier-smtp.conf
2014-07-20 21:09:10 +02:00
Szépe Viktor
a786e8a29b
named users + smtp atuh probes
2014-07-20 19:59:54 +02:00
Pierre-Alain Dupont
3d7504c19e
Forwards bantime to action scripts
...
That way, ipset and afctl will use a real timeout and not default to a fixed value for all jails
2014-07-20 16:25:59 +02:00
leftyfb
cba570cabd
Updated comments
2014-07-17 23:49:35 -04:00
leftyfb
5471e99ebe
Added cloudflare action
2014-07-17 22:54:30 -04:00
Yaroslav Halchenko
6cddc65cee
BF: path to exim's mainlog on Fedora (Thanks Frantisek Sumsal) + changelog entry
2014-07-14 12:16:12 -04:00
Yaroslav Halchenko
43950d8b7e
BF: fix path to the exim log on Debian systems (/var/log/exim4)
2014-07-08 11:09:25 -04:00
Marc Laporte
3777591ab0
typo
2014-07-05 11:55:57 -04:00
Cyril Roos
add8e61036
Added Directadmin filter, jail and log test
2014-07-02 13:52:06 +02:00
Yaroslav Halchenko
0adb10f653
Merge branch 'ainfo-copy' of https://github.com/kwirk/fail2ban
...
* 'ainfo-copy' of https://github.com/kwirk/fail2ban :
TST: actions modifying aInfo test more robust
TST: Test for actions modifying (un)ban aInfo
BF: aInfo could be modified by actions, causing unexpected behaviour
2014-06-22 10:53:30 -04:00
Steven Hiscocks
2d54161696
Merge branch 'kwirk/harmonize-log-msgs'
...
Conflicts:
ChangeLog - Keep all additions
2014-06-22 12:57:49 +01:00
Steven Hiscocks
76a5633ff9
Merge pull request #739 from ranvis/enh-iptables-ipsets
...
ENH: Add <chain> to iptables-ipsets.
2014-06-21 22:48:49 +01:00
SATO Kentaro
65ff3e9604
ENH: Introduce iptables-common.conf.
2014-06-18 19:04:57 +09:00
Steven Hiscocks
94232d7c31
Merge pull request #726 from pmarrapese/master
...
Minor improvement to sshd filter
2014-06-17 23:43:42 +01:00
Steven Hiscocks
8268c1641f
BF: aInfo could be modified by actions, causing unexpected behaviour
...
A separate copy of aInfo is passed to each action
2014-06-17 23:24:23 +01:00
Yaroslav Halchenko
93d5c363ca
Merge branch 'enh/oracle_msg_server'
...
* enh/oracle_msg_server:
ENH: make oracleims failregex better anchored (more explicit)
Update oracleims.conf to be 'less greedy'
Update THANKS
Update jail.conf for oracleims filter.
Create test for oracleims filter
Create oracleims.conf in filter.d for new filter
2014-06-16 09:22:42 -04:00
SATO Kentaro
1e1c4ac62a
ENH: Add <chain> to iptables-ipsets.
2014-06-16 21:30:13 +09:00
Yaroslav Halchenko
994fe77e59
ENH: make oracleims failregex better anchored (more explicit)
2014-06-10 03:52:16 -04:00
JoelSnyder
5165d2f6ea
Update oracleims.conf to be 'less greedy'
...
This assumes that the protocol is always a string, which it always is, and that the other four fields in the "tr" are always numeric (which they always are). See port_access documentation at http://docs.oracle.com/cd/E19563-01/819-4428/bgaur/index.html
2014-06-09 18:44:27 -07:00
JoelSnyder
70ed93d8cc
Update jail.conf for oracleims filter.
...
This is the jail.conf update. Hopefully this will go into pull request #734 .
2014-06-09 18:37:31 -07:00
Steven Hiscocks
e8131475cd
ENH: Realign and harmonise log messages with getF2BLogger helper
2014-06-09 22:17:00 +01:00
Steven Hiscocks
db023be09b
BF: Fix bad syntax in badips.py action
...
Taken from https://bugzilla.redhat.com/attachment.cgi?id=895966&action=diff
2014-06-07 20:51:53 +01:00
JoelSnyder
9b7c35810a
Create oracleims.conf in filter.d for new filter
...
Created oracleims.conf to catch messages from Sun/Oracle Communications Messaging Server v6.3 and above (including v7)
2014-06-02 22:55:59 -07:00
pmarrapese
96918acee4
more explicit match for sshd filter & added test
2014-05-19 20:47:16 -07:00
pmarrapese
46d6e93800
adjusted sshd filter regex to catch more verbose lines
2014-05-18 22:12:54 -07:00
Steven Hiscocks
77ba065571
Merge pull request #697 from jhmartin/monit_admin_hack
...
Block brute-force attempts against the Monit gui
2014-05-07 22:23:01 +01:00
Steven Hiscocks
bc10b64c69
ENH: Match non "Bye Bye" for sshd locked accounts failregex
2014-04-27 13:35:55 +01:00
Yaroslav Halchenko
596b819bdc
DOC: minor -- tabify docstring in badips.py action
2014-04-23 10:04:17 -04:00
Jason Martin
9c3cb31862
Even stricter monit regex, now covers entire line
2014-04-22 21:29:52 -07:00
Jason Martin
72bfd14330
Tidy up filter.d/monit.conf, make regex more complete.
...
Add ChangeLog / THANKS entry.
Add test cases.
2014-04-19 13:04:03 -07:00
Steven Hiscocks
03d90c2f42
BF: recidive filter and samples at wrong log level: WARNING->NOTICE
2014-04-19 18:07:23 +01:00
Jason Martin
7d112430ca
Block brute-force attempts against the Monit gui
2014-04-16 21:21:41 -07:00
Steven Hiscocks
d4427e5a76
Merge pull request #683 from yarikoptic/fix/682
...
Fix typos referencing paths-common, provide empty defaults for syslog_ log files (Partial fix to #682 )
2014-04-15 17:14:28 +01:00
Steven Hiscocks
9fcb92524e
BF: badips.py action logging of exc_info on debug typo
2014-04-12 11:21:52 +01:00
Yaroslav Halchenko
8bcb25c3a2
defining empty defaults for syslog_ log targets for common (Thanks @chtheis, partial fix to #682 )
2014-04-10 23:17:39 -04:00
Yaroslav Halchenko
7dcea0d48d
typos of paths-common (Thanks @chtheis, partial fix to #682 )
2014-04-10 23:17:30 -04:00
Yaroslav Halchenko
5bccec61e4
ENH: adding pruned with previous merge trailing \s* in nginx filter
2014-04-03 21:31:46 -04:00
Yung-Chin Oei
941a38ea8e
nginx-http-auth: match when "referrer" is present
...
A sample log-line is provided. The updated regex successfully matches
this line.
Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>
2014-04-04 01:27:39 +01:00
shawn
d7e888238c
Correct grammar
2014-04-03 10:44:49 -04:00
yungchin
6e8c1b2871
nginx-http-auth filter: match server_name = ""
...
As documented at
http://nginx.org/en/docs/http/server_names.html#miscellaneous_names "If
no server_name is defined in a server block then nginx uses the empty
name as the server name." This regex change allows us to match error
output for such a configuration.
The log line added to the tests was lifted from our logs verbatim; it
did not match without the patched regex.
Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>
2014-04-03 11:04:21 +01:00
yungchin
3a155ed2e0
Update comments in shorewall.conf for new settings
2014-04-01 16:52:21 +01:00
Ruben Kerkhof
1c36da9df9
Fix 2 more typos that codespell didn't catch
2014-03-25 10:57:20 +00:00
Ruben Kerkhof
1695d5c076
Fix a few typos
...
Found with https://github.com/lucasdemarchi/codespell
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
2014-03-24 13:16:52 +00:00
Manuel Rüger
5a1ad75114
Fix typo in comment
2014-03-18 03:07:19 +01:00
Steven Hiscocks
41cbbbc248
BF: Remove unused imports and variables.
...
All highlighted by using pyflakes.
2014-03-16 14:31:34 +00:00
Steven Hiscocks
16125ec81a
BF: badips.py action methods not static due to use of self._logSys
2014-03-16 14:18:19 +00:00
Steven Hiscocks
6c5a978d6f
BF: journalmatch for recidive should be NOTICE level not WARNING
2014-03-15 13:29:44 +00:00
Daniel Black
7611096162
Merge branch '0.9' of https://github.com/fail2ban/fail2ban into 0.9
2014-03-14 22:31:16 +11:00
Daniel Black
aa7e8fb9ce
DOC: Credits. close gh-644
2014-03-14 22:30:44 +11:00
Steven Hiscocks
9e374b159e
ENH: Allow setting of badips.py key for reporting and blacklisting
2014-03-13 22:45:10 +00:00
Steven Hiscocks
de43d1d6d5
ENH: Change badips.py default score to "3"
...
As per recommendation from Amy from badips.com
2014-03-13 22:05:50 +00:00
Daniel Black
476d79d3cc
ENH: asterisk filter to support syslog format
2014-03-14 09:03:27 +11:00
Daniel Black
415f187644
ENH: sendmail-reject for all smtp ports.
2014-03-14 07:12:12 +11:00
Steven Hiscocks
a78a9d282c
DOC: Document that badips.py action should be last action for jail
2014-03-13 20:04:30 +00:00
Steven Hiscocks
0222ff4677
Merge branch 'badips-blacklist' into 0.9
...
Conflicts:
ChangeLog
- entires added in both branches.
Change:
config/action.d/badips.py
- jail.getName() changed to jail.name
2014-03-13 20:01:15 +00:00
Steven Hiscocks
0c63d0061a
DOC: Add documentation for badips.py action
2014-03-13 19:58:32 +00:00
Steven Hiscocks
dfb46cfda6
BF: Require Python 2.7+ for badips.py action
2014-03-12 21:54:15 +00:00
Daniel Black
df882feb16
ENH: expand sendmail-reject jail to 465,submission
2014-03-13 07:44:02 +11:00
Daniel Black
ef29d7bd29
ENH: paths-{common,distro} normalisation
2014-03-12 20:32:41 +11:00
Daniel Black
50d938e0bf
MRG: merge filter sendmail-spam into sendmail-reject
2014-03-02 16:28:23 +11:00
Daniel Black
666fd5eceb
ENH: purge excessive jail variations
2014-03-02 16:11:53 +11:00
Daniel Black
69f5baae36
ENH: jail.conf to use syslog_mail
2014-03-02 15:18:41 +11:00
Daniel Black
2d45becb0e
Merge branch '0.9' into distro-paths-gh-315
2014-03-02 15:17:21 +11:00
Daniel Black
2d8c497ce5
ENH: highlight missing osx paths
2014-03-02 15:16:53 +11:00
Daniel Black
cc8ec826c5
MRG: from master 2014-03-02
2014-03-02 14:33:45 +11:00
Daniel Black
853bed8e4f
ENH: more sendmail-reject filter items thanks to fab23
2014-03-02 14:04:27 +11:00
Daniel Black
d0ec09a3b5
BF: move to right location
2014-03-01 15:50:30 +11:00
Daniel Black
c10cc20928
ENH: rename sendmail-spam to sendmail-reject
2014-02-28 08:41:04 +11:00
Daniel Black
d34569fb8d
BF: email address as arg1 in sendmail filters
2014-02-27 11:38:23 +11:00
Daniel Black
72c84fe9b0
ENH: wider regex for RBL and sendmail-spam
2014-02-27 10:02:34 +11:00
Daniel Black
fe1725c603
BF: add jail.conf definitions for sendmail* filters
2014-02-26 19:31:09 +11:00
Daniel Black
3d776afbb0
ENH: add filter for sendmail-{auth,spam}. Closes gh-20
2014-02-26 19:16:49 +11:00
Steven Hiscocks
a9b9c6ea03
Merge branch 'logging' into 0.9
...
Conflicts:
fail2ban/server/actions.py
jail getName()->name
fail2ban/server/filter.py
jail getName()->name
2014-02-23 23:03:56 +00:00
Steven Hiscocks
df8d700d17
RF: Refactor Jail and JailThread
...
Includes:
- documentation to new format and use of properties
- change isActive->is_active as former no longer documented for
python3, and later introduction and documented in python2.6
- status formatter in beautifier somewhat more automatically
formatted; no changes are required for additional status elements
- JailThread now set to active within `start` method, complimenting
`stop` method
2014-02-23 17:41:14 +00:00
Steven Hiscocks
a4731ef988
DOC: Correct log levels
2014-02-20 23:09:45 +00:00
Steven Hiscocks
5630c56c75
ENH: Change logging levels and make info more verbose
2014-02-20 23:01:40 +00:00
Daniel Black
9be22a96a6
Merge pull request #614 from kwirk/complain-abusix
...
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
2014-02-20 09:17:23 +11:00
Daniel Black
cc463aa60d
Merge pull request #620 from kwirk/xarf-tweaks
...
BF: Fix misplaced ";", and duplicate {ip,}matches
2014-02-20 09:16:11 +11:00
Daniel Black
b6f9b9161d
BF: remove self reference
2014-02-20 09:01:05 +11:00
Daniel Black
a044517cb7
MRG: from master to 0.9 2014-02-20
2014-02-20 08:35:24 +11:00
Daniel Black
79e6543eca
Merge branch '0.9' into distro-paths-gh-315
2014-02-20 08:20:47 +11:00
Daniel Black
83266eb668
ENH: framework for distro paths
2014-02-20 08:20:02 +11:00
Steven Hiscocks
8c5525163b
BF: Fix misplaced ";", and duplicate {ip,}matches
2014-02-18 15:13:02 +00:00
Steven Hiscocks
997729e274
BF: Fix complain action for multiple recipients and misplaced ";"
2014-02-18 15:05:06 +00:00
Steven Hiscocks
7c76f7f204
BF: $EUID not avilable in all shells, replaced with `id -u` in xt_recent
2014-02-16 17:56:06 +00:00
Steven Hiscocks
2a37ee2fb7
ENH: Add root user check in xt_recent, and add missing actionstop
...
Thanks to Helmut Grohne on IRC for suggestion
2014-02-16 16:52:30 +00:00
Steven Hiscocks
5c7630c4be
ENH: Allow separate blacklist category for badips.py action
2014-02-14 17:45:08 +00:00
Steven Hiscocks
cf81ddd8e2
BF: Add error handling in badips.py action
2014-02-14 17:10:34 +00:00
Steven Hiscocks
31f4ea59cb
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
...
Taken from xarf-login-attack action from 0.9 branch by Daniel Black
2014-02-13 22:00:33 +00:00
Steven Hiscocks
f68d85a6ac
Merge branch 'master' into 0.9
...
Conflicts:
ChangeLog
Spelling correction of 0.8.13 fixed in master
config/jail.conf
Added nagios and duplicate php-url removal in master
Just nagios added, duplicate not issue in 0.9
2014-02-13 20:14:40 +00:00
Daniel Black
c701ac9276
DOC: document LogLevel requirement for "Connection from" regex"
2014-02-13 16:20:36 +11:00
Daniel Black
5f4d0ed576
ENH: ssh filter - "Disconnecting: Too many authentication failures.." matching Connection log message
2014-02-13 09:13:46 +11:00
Aarón Nieves Fernández
993b7d3dfb
Duplicate jail "php-url-fopen"
2014-02-10 21:41:50 +01:00
Steven Hiscocks
dff8909473
ENH: Add badips.com reporting and blacklisting action (python based)
2014-02-09 12:23:14 +00:00
Ivo Truxa
c207ad6058
removing ignoreip at [nagios]
...
I removed the ignoreip setting from the nagios section. As pointed out, it is redundant here. Nagios server, under normal circumstances should not trigger any access errors, and would be included in the global ignoreips anyway.
2014-02-06 00:27:38 +01:00
Ivo Truxa
f5f434f846
removing the second failregex
...
The second failregex was supposed to catch an error concerning an ACL denial over IPv6, but this message is no more generated by the nrpe version (v2.15) that introduced the IPv6 support, so the first failregex seems to be sufficient.
2014-02-06 00:22:05 +01:00
Ivo Truxa
a71bb89ccd
removing a dot (typo)
...
The dot at the ignoregex did not belong there. Somehow it was added during the copying and pasting. Thanks for reporting it, I did not see it. Otherwise, empty ignoregexes are in all filters, and if they are missing, fail2ban client shows warnings when starting the filter, which I prefer avoiding.
2014-02-03 23:12:56 +01:00
Ivo Truxa
dac4dd465e
ENH: Nagios filter
...
added typical configuration settings for the nagios filter
2014-02-03 21:51:49 +01:00
Ivo Truxa
c91fda8619
ENH: Nagios filter
...
Sample log for the first failregex is available in the testcases. No example available for the IPv6 denial yet.
2014-02-03 21:46:07 +01:00
Daniel Black
ef82eac790
DOC: openssh real protection is pubkey
2014-02-02 15:16:40 +11:00
Daniel Black
59b9045e88
MRG: from master 2014-02-02
2014-02-02 13:21:16 +11:00
Daniel Black
273b2f45a3
MRG: remove the "no auth attempts" as per aseques gh-600
2014-01-29 20:43:51 +11:00
Daniel Black
9b614ce486
ENH: dovecot filter enhancements
2014-01-29 20:27:45 +11:00
Joan
84617fa6da
Fixed a failing case
2014-01-28 16:19:35 +01:00
Joan
08171ba52f
Removed the -no auth attempts- from the triggers because of lots of FP
2014-01-28 12:44:46 +01:00
Daniel Black
a749a2780e
Merge pull request #593 from grooverdan/tine
...
ENH: Tine20 filter
2014-01-26 18:50:42 -08:00
Daniel Black
1a1e3bec86
ENH: framework for distro paths
2014-01-25 23:25:54 +11:00
Daniel Black
256c732bcd
BF/ENH: filter pure-ftpd - re-add _daemon. Add translations
...
_daemon was accidently removed in
89fd792dfb
Added translations from source code
2014-01-25 12:19:46 +11:00
Daniel Black
1e1261ccb4
MRG: from master 2014-01-23
2014-01-23 17:45:18 +11:00
Daniel Black
ca57427080
BF: firewallcmd-ipset had non-working actioncheck
2014-01-23 17:41:13 +11:00
Daniel Black
c8ae064b79
ENH: tighten regex and change failJSON to support timezone. Closes gh-583
2014-01-22 22:16:03 +11:00
Daniel Black
2063d96e59
MRG: import Lars' PR for tine20
2014-01-22 18:12:19 +11:00
Steven Hiscocks
8221c7ca71
TST+BF: Add tests for python actions, including test for smtp.py
...
Also fix bug when specifying multiple recipients for smtp.py action
2014-01-20 23:10:43 +00:00
Steven Hiscocks
a0f39255bc
BF: Kerio log datepattern fix for recent datepattern full regex merge
2014-01-20 23:00:38 +00:00
Daniel Black
a650178bd1
MRG: merge from master 2014-01-19
2014-01-19 14:48:29 +11:00
Daniel Black
263ac32730
ENH: test log samples for kerio thanks to
...
Tony Lawrence
2014-01-18 23:18:33 +11:00
Daniel Black
1452be4a3a
Merge pull request #588 from grooverdan/badips
...
ENH: Badips action (reporting)
2014-01-17 23:10:29 -08:00