github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,240 Commits
33 Branches
229 Tags
19 MiB
Commit Graph

1019 Commits (2696ede2514261c67123b1e3ba74b6f73b628369)

Author SHA1 Message Date
sebres 2696ede251 mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later 
closes gh-1211
 2015-10-07 14:34:13 +02:00
Kevin Locke 36919d9f97 ssh.conf: Fix disconnect "Auth fail" matching 
The regex for matching against "Auth fail" disconnect log message does
not match against current versions of ssh.  OpenSSH 5.9 introduced
privilege separation of the pre-auth process, which included
[logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114)
which adds " [preauth]" to the end of each message and causes the log
level to be prepended to each message.

It also fails to match against clients which send a disconnect message
with a description that is either empty or includes a space, since this
is the content in the log message after the disconnect code, per
[packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215),
which was matched by \S+.  Although I have not observed this yet, I
couldn't find anything which would preclude it in [RFC
4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the
message is attacker-controlled it provides a way to avoid getting
banned.

This commit fixes both issues.

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-02 15:46:29 -07:00
Viktor Szépe 0d8968daa9 Added CloudFlare API error codes URL 2015-09-30 16:07:45 +02:00
Yaroslav Halchenko ff06176e9e Merge remote-tracking branch 'origin/master' into enh-split-comma 
* origin/master:
  DOC: changelog for the timeout change
  Set Timeout at urlopen to 3 seconds
  README :: init/service example mentions debian based systems as the example
  README :: fitted paragraph style
  BF: disable testing on python 3.2 until coverage gets a fix
  README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
  Set Timeout at urlopen to 3 seconds
 2015-09-27 00:52:14 -04:00
M. Maraun 2895d981fa Set Timeout at urlopen to 3 seconds 2015-09-26 21:26:55 +02:00
Yaroslav Halchenko 8cf614e221 ENH: allow to split ignoreip by space and/or comma (Closes #1197) 
Way too many people ran into this gotcha, so lets just do it
 2015-09-23 12:13:52 -04:00
Yaroslav Halchenko 55e542b273 Merge remote-tracking branch 'pr/1170/head' -- opensuse paths 
* pr/1170/head:
  Updated ChangeLog regarding openSUSE's path config
  Added configuration for opensuse path
 2015-09-17 21:59:45 -04:00
Edward Beckett 835b3ff483 Update apache-badbots.conf 
Useragent strings including `+http` need to be escaped to be valid.
 2015-09-05 00:12:28 -04:00
weberho f7af93a677 Added configuration for opensuse path 2015-08-26 15:25:59 +02:00
weberho d278fbca30 Fixed line suspected to be faulty 2015-08-26 14:48:55 +02:00
Yaroslav Halchenko c37009aec7 Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban 
* 'grep-m1k' of github.com:szepeviktor/fail2ban:
  Limit the number of log lines in *-lines.conf actions

Conflicts:
  ChangeLog -- took both versions and adjusted the new one
  for -n 1000 change
 2015-07-27 22:37:46 -04:00
Yaroslav Halchenko 38c320798d Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122 
WIP ENH Add <lockingopt> (Close: #1122) and <iptables> to define the iptables call
 2015-07-27 22:30:54 -04:00
Yaroslav Halchenko 0041bc3770 DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description 2015-07-26 23:10:08 -04:00
Yaroslav Halchenko de2f9504c0 Merge pull request #978 from ediazrod/patch-2 
shorewall-ipset-proto6.conf for shorewall
 2015-07-26 23:00:58 -04:00
Yaroslav Halchenko 65cd218e10 Merge remote-tracking branch 'origin/master' 
* origin/master:
  ipjailmatches is on one line with its description in man jail.conf
  Added a space between IP address and the following colon
 2015-07-26 22:47:43 -04:00
Viktor Szépe c8b3ee10a0 Limit the number of log lines in *-lines.conf actions 2015-07-27 02:35:21 +02:00
Thomas Mayer a19cb1b2b9 Merge 923d807ef8 into cf2feea987 2015-07-25 01:23:39 +00:00
Yaroslav Halchenko 3c0d7f5a4c BF: do not wrap iptables into itself. Thanks Lee 2015-07-24 11:59:53 -04:00
Viktor Szépe ebdfbae559 Added a space between IP address and the following colon 2015-07-24 09:33:47 +02:00
Yaroslav Halchenko 749d3c160c BF: symbiosis-blacklist-allports now also requires iptables-common.conf 2015-07-23 21:53:37 -04:00
Yaroslav Halchenko 916937bb6a RF: use <iptables> to take effect of it being a parameter 2015-07-23 21:38:10 -04:00
Yaroslav Halchenko 31dc4e2263 ENH: added lockingopt option for iptables actions, made iptables cmd itself a parameter 2015-07-23 21:34:20 -04:00
Yaroslav Halchenko 7a011fca1b DOC: adjusted comment in pass2allow-ftp to my suggested wording 2015-07-16 21:55:20 -04:00
Viktor Szépe 948b12e5df Fixed definition of knocking_url for pass2allow 2015-07-14 18:35:51 +02:00
Viktor Szépe b638e807ad Explicitly stating that knocking_url needs to be customized 2015-07-13 18:12:04 +02:00
Viktor Szépe 586703dcc2 Test, changelog and fixes to pass2allow 2015-07-13 16:46:04 +02:00
Viktor Szépe 5b7e1de2f4 Instead of allow-iptables-multiport actions swap blocktype and (new) returntype 2015-07-11 18:20:09 +02:00
Viktor Szépe 5d60700c0c Added pass2allow (knocking with fail2ban) 2015-07-10 16:22:43 +02:00
Viktor Szépe a3b8257b73 Add HEAD method verb to apache-badbots, nginx-badbots 2015-07-07 17:45:40 +02:00
Yaroslav Halchenko 8c4c17a880 Merge pull request #1004 from tsabi/fix-lc_time 
Fix of LC_TIME usage, it should be LC_ALL
 2015-07-05 21:36:37 -04:00
Yaroslav Halchenko e38b4b8cb3 Merge pull request #1051 from leeclemens/bf/roundcube 
Update regex to work with roundcube 1.0.5 and 1.1.1
 2015-07-05 21:35:49 -04:00
Lee Clemens 3e902d7b3a Define roundcube_errors_log in paths-common.conf 
Remove from paths-debian
 2015-07-04 14:46:31 -04:00
Lee Clemens fdc3172aec Fix PEP8 E302 expected 2 blank lines, found X 2015-07-04 13:47:40 -04:00
Lee Clemens f7444f16b8 Add optional session id prefix for roundcube 1.1.1 2015-07-04 11:06:51 -04:00
Lee Clemens 2796534a5d Update regex to work with roundcube 1.0.5 on CentOS 6 2015-07-04 11:02:04 -04:00
Viktor Szépe b65a8b065d Other actions do not dive into this gory descriptions, but we do. 2015-07-03 19:17:50 +02:00
Viktor Szépe 2063ce4b23 All the arguments must be listed in [Init] 2015-07-01 14:48:44 +02:00
Viktor Szépe 79457112e9 Updated CF action 2015-07-01 09:38:36 +02:00
Yaroslav Halchenko 345820d2aa Merge pull request #1056 from ipoddubny/asterisk_security_log 
Fix support for Asterisk security log
 2015-05-25 12:50:13 -04:00
Yaroslav Halchenko f41872f034 Merge pull request #1013 from szepeviktor/patch-4 
Non-US locale warning for proftpd
 2015-05-25 10:51:51 -04:00
Yaroslav Halchenko eb091d9b8c Merge remote-tracking branch 'origin/master' into pr-1039 
* origin/master:
  minor: no tripple empty lines
  add froxlor-auth filter and jail
  add froxlor-auth filter and jail 0
  add froxlor-auth filter and jail
  BF: Fix fail2ban-regex not parsing journalmatch correctly
 2015-05-25 10:50:34 -04:00
Yaroslav Halchenko 8c4d4aa7fb minor: no tripple empty lines 2015-05-25 10:42:19 -04:00
Joern Muehlencord 4296d1a9a9 add froxlor-auth filter and jail 2015-05-25 13:51:06 +02:00
Joern Muehlencord 964cdb5d9b add froxlor-auth filter and jail 2015-05-25 13:44:50 +02:00
Ivan Poddubny 7a4e6fa6e5 Asterisk security log: add support for websocket protocol events 
Thanks to @kcormier.
 2015-05-25 08:13:30 +03:00
Ivan Poddubny 988d9a08da Asterisk security log: accept events containing Response/ExpectedResponse 
Event containing Challenge may come without ReceivedChallenge, but with
Response and ExpectedResponse.
Also Challenge now accepts '/' character, since it is used at least by PJSIP.
 2015-05-25 08:12:51 +03:00
Ivan Poddubny 189265a323 Asterisk security log: accept SessionID of PJSIP events 
Unlike chan_sip and manager, PJSIP populates SessionID using
Call-Id header of a related SIP message.
As Call-Id of a SIP message can contain almost anything,
the regular expression for SessionID has been loosened.
 2015-05-25 08:11:34 +03:00
Ivan Poddubny ab2ac1a367 Asterisk security log: accept <unknown> in AccountID 2015-05-24 12:47:55 +03:00
Ivan Poddubny 977f9955e7 Asterisk security log: accept EventTV in ISO8601 
Asterisk uses ISO8601 dates in security log since version 12.

Closes #988
 2015-05-24 12:46:54 +03:00
Anton Shestakov 56e5821c06 Match unknown user in dovecot's passwd-file auth database 2015-04-30 16:53:10 +08:00