github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,157 Commits
33 Branches
229 Tags
18 MiB
Commit Graph

1657 Commits (27fb4790fbc6c2d7abe4465794da72dabfa047db)

Author SHA1 Message Date
Sergey G. Brester dcede9b3f1
comment rewritten (belongs to the filter) 2019-02-21 22:26:28 +01:00
Sergey G. Brester d84fb8a4b1
regex rewritten (more secure now, resolves catch-all vulni) 2019-02-21 22:19:04 +01:00
sebres 9ed35c423a Merge branch '0.9' into 0.10 (gh-2317) 2019-02-21 20:13:54 +01:00
Yaroslav Halchenko 31e6ec3c5b
Merge pull request #2323 from todgru/fix-spelling-abuseipdb-conf 
fix: correct spelling category
 2019-02-15 17:08:45 -05:00
sebres 1647d0090e Merge branch '0.10' into 0.11 2019-02-11 19:19:44 +01:00
sebres e651bc7866 amend to #1622: jail-reader supports now multi-line option for multi-line action parameter: 
logpath = a.log
            b.log
            c.log
  action  = ban[...]
          = log[logpath="%(logpath)s"]
closes gh-2341, ultimate fix for gh-976
 2019-02-11 11:54:58 +01:00
todgru 39ed016a1e fix: correct spelling category 2019-01-14 22:08:38 -08:00
sebres d88ce7181c Merge branch '0.10' into 0.11 2019-01-07 01:51:59 +01:00
sebres a13fdcf4f7 closes gh-2314: extended regex for mysql 8.0.13 if used logging with details (e. g. log-error-verbosity = 3, so log output has few additional words enclosed in brackets after "[Note]"). 2019-01-07 01:34:12 +01:00
Yannik Sembritzki 6b4404b1bc
Fix asterisk filter not catching attackers when port is logged (Fixes #2316) 2019-01-03 23:55:42 +01:00
CrazyMax 7cdabdd7ae
Update traefik-auth failregex 2018-12-14 19:06:09 +01:00
CrazyMax a51f82770b
New filter `traefik-auth` 2018-11-24 22:44:44 +01:00
sebres b49c1ab4b3 Merge branch '0.10' into 0.11 2018-11-21 13:06:44 +01:00
sebres 555b29e8e6 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-11-21 13:05:42 +01:00
sebres 1c1d2cc435 introduces new failregex-flag tag `<F-MLFGAINED>` signaled that the access to service was gained (ATM used similar to <F-NOFAIL>, but does not added to matches); 
filter.d/sshd.conf: extended with new rules:
- Disconnecting ...: Change of username or service not allowed
- Disconnected from ... [preauth] (extra/aggressive mode only)
 2018-11-19 21:19:57 +01:00
dienteperro 0df221b54b
"be" instead of "me" in shorewall.conf 2018-11-15 14:34:51 -05:00
sebres f9f7e29295 Merge branch '0.10' into 0.11 (version bump after r.0.10.4) 2018-10-04 13:08:25 +02:00
Sergey G. Brester 1752c19b6f
Merge pull request #2205 from benrubson/patch-1 
Add loglevel option to badips.py
 2018-10-02 13:12:03 +02:00
Sergey G. Brester 65676baf8c fixed py3 incompatibility (for some reasons this file seems to be excluded from 2to3), anyway not needed, because int-type is already checked in str2LogLevel 2018-10-02 13:00:20 +02:00
Sergey G. Brester 4b751c84c3
badips.py: Rewrite new bool option "log" as "loglevel" and revert default to log-level (DEBUG). 2018-10-02 12:32:15 +02:00
sebres 6b52f90ad6 Merge branch '0.10' into 0.11 2018-09-21 15:54:16 +02:00
sebres 58b510a5be filter.d/domino-smtp.conf: 
- recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
  - failregex extended to catch connections rejected for policy reasons (gh-2228);
 2018-09-21 14:14:00 +02:00
sebres 8a0c06ba9e Merge branch '0.10' into 0.11 2018-09-14 11:01:40 +02:00
sebres d01fe9d22a action.d/*.conf: correct comments for actionstart/actionstop 2018-09-12 16:01:57 +02:00
Ben RUBSON 9d7c0e00c1
Also log number of IPs removed/added 2018-09-08 09:28:42 +02:00
Ben RUBSON 70e53b55c5
Typo 2018-08-19 22:39:18 +02:00
Ben RUBSON ec4c4b12c1
Add yes/no log option to badips.py 2018-08-19 22:35:09 +02:00
sebres 714fd8c915 Merge branch '0.10' into 0.11 2018-08-14 16:01:00 +02:00
Sergey G. Brester ee207d8c31
Merge pull request #2151 from benrubson/merge 
Apache SNI error / misredirect attempts rules are combined in one regex
 2018-08-14 14:56:49 +02:00
Ben RUBSON 77b35b8db7
Improvement 2018-08-14 14:07:32 +02:00
sebres addd26ae55 Merge branch '0.10' into 0.11 2018-08-14 11:13:15 +02:00
sebres e2a255d104 fixed typo in comments by "ignoreself" parameter 2018-08-14 11:11:19 +02:00
sebres 606761b3c7 Merge branch '0.10' into 0.11 2018-08-03 12:06:13 +02:00
sebres e995d5a0b6 filter.d/freeswitch.conf: provide mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)` (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter how to set it to mode `normal`. 2018-08-03 11:42:15 +02:00
sebres bc2dbacc9a filter.d/freeswitch.conf: provide compatibility for log-format from gh-2193: 
- extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover
    `YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional);
  - more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);
 2018-08-03 11:22:30 +02:00
sebres eb1156b099 Merge branch '0.10' into 0.11 2018-07-18 15:57:39 +02:00
sebres 22d37cdce2 sshd: fixed failregex for ddos (resp. aggressive) mode, to cover "authenticating user" case in log-message: 
Connection closed by authenticating user root 192.0.2.10 ... [preauth]
tests extended (also with few injection tries).
closes gh-2185.
 2018-07-18 15:31:04 +02:00
sebres 6a81cc9d8c Merge branch '0.10' into 0.11 2018-07-17 15:18:44 +02:00
sebres 8fe07e29ad filter.d/dovecot.conf: failregex enhancement to catch disconnected with "proxy dest auth failed"; 
closes gh-2184
 2018-07-17 15:06:42 +02:00
sebres 57f2d9e31c Merge branch '0.10' into 0.11 2018-07-06 18:06:54 +02:00
Sergey G. Brester 75330568d9
Merge pull request #2168 from dpavlin/dovecot-add-F-USER 
dovecot: collect F-USER and variants
 2018-07-06 17:16:43 +02:00
sebres 9de1657aab Merge branch '0.10' into 0.11 2018-07-06 11:43:56 +02:00
sebres 6ce67a6d21 coverage 2018-07-05 16:27:36 +02:00
Dobrica Pavlinusic 6f1e789f31 dovecot: collect F-USER and variants 
We are prefering ruser= if availble because this are credentials
presented to dovecot from remote client.
 2018-06-30 16:16:03 +02:00
sebres 0eaa0ecd86 Merge branch '0.10' into 0.11 2018-06-14 12:36:22 +02:00
sebres 8cbe1e6b13 Merge pull request #2155 2018-06-14 12:35:57 +02:00
cheese1 43db4411de small typo 2018-06-14 12:35:04 +02:00
sebres 9fdc6e0e82 Merge branch '0.10' into 0.11 2018-06-11 14:36:35 +02:00
Boris Gulay a923cd209b `filter.d/dovecot.conf`: failregex enhancement to catch sql password mismatch errors; 2018-06-11 14:30:10 +02:00
benrubson f54f6caece Merge Apache SNI error / misredirect attempts rules 2018-06-09 10:19:27 +02:00
sebres 0d40dd42b1 Merge branch '0.10' into 0.11 2018-04-26 13:43:15 +02:00
sebres bba7a6c5cf amend to (gh-2067) / b34ae5999e0d8ee1af8939527305c13152844b3d: fix parameter in config (dynamic parameters stating with '_' are protected and don't allowed in command-actions); 
the interpolation of hostsdeny is test-covered now;
closes gh-2114.
 2018-04-17 18:59:24 +02:00
sebres 0707695146 Merge branch '0.10' into 0.11, version bump 
# Conflicts resolved:
#	fail2ban/server/database.py
 2018-04-05 12:58:11 +02:00
sebres 8069eef50c badips: try to fix sporadic test errors if badips-server timed out resp. not available (502 bad gateway or similar). 2018-04-05 12:31:29 +02:00
sebres 70d099bbd6 Merge branch '0.10' into 0.11 2018-04-04 18:59:44 +02:00
Michael Grant 57bc502d5c Update sendmail-reject.conf 2018-04-04 18:52:36 +02:00
Michael Grant 2ab6a5ae62 Update sendmail-auth.conf 2018-04-04 18:52:35 +02:00
Michael Grant 87520e8008 Sendmail logs IPv6 addresses with the prefix 'IPv6:'. Added (IPv6:)? before all <HOST> regexes to match the IPv6 address (but not the prefix). 2018-04-04 18:52:33 +02:00
sebres 1fdad90b4d Merge branch '0.10' into 0.11 2018-04-04 16:49:57 +02:00
Luis Aranguren fc76ccf192 Fixes abuseipdb curl cypher error and comment $f2bV_matches 
Fixed https://github.com/fail2ban/fail2ban/issues/2044 #2044
and used https://github.com/fail2ban/fail2ban/issues/2039 to fix comment in abuseipdb.com only showing $f2bV_matches
 2018-04-04 16:39:16 +02:00
Sergey G. Brester 7bbc26d67e
Merge pull request #2097 from benrubson/sni 
Detect Apache SNI error / misredirect attempts
 2018-04-04 16:31:38 +02:00
benrubson bd74f7ba8b Detect Apache SNI error / misredirect attempts, typos 2018-04-04 00:20:58 +02:00
sebres 7dfd61f462 Merge branch '0.10' into 0.11-2 2018-04-03 14:14:44 +02:00
sebres 8423f017e7 Merge branch 'sshd-ddos-mode-closed-preauth' into 0.10 2018-04-03 14:12:35 +02:00
sebres 4ee07adde6 Merge branch '0.10' into fix-sshd-filter-suff 
# Conflicts resolved:
#	fail2ban/server/filter.py
 2018-04-03 13:30:57 +02:00
benrubson 30dc22fb2e Detect Apache SNI error / misredirect attempts 2018-03-29 11:36:49 +02:00
sebres 4f6532f810 filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode it causes failure now on closed within preauth stage; 
at least using both modes can ban port-scanners and prevent for other annoying "intruders", closing connection within preauth-stage (see gh-2085 for example).
 2018-03-20 18:54:22 +01:00
sebres cd7f1354c6 remove end-anchors for expressions that are precise enough (with clear flow, simple branches, without catch-all's, etc.) 2018-03-20 18:47:42 +01:00
sebres c31eb1c562 quick optimization: normalizes pam-generic prefregex (more similar to the same regex within sshd-filter) + datepattern anchored now; 2018-03-20 16:00:21 +01:00
sebres 25cc42129a hold all user names affected by interim attempts in order to avoid forget a failures after success login: 
intruder (as legitimate user) firstly tries to login with another user-name (brute-force), so hopes to reset failure counter by succeeded login;
this is fixed and covered in tests now;
sshd-filter extended to cover multiple-login attempts (also fully implements gh-2070);
 2018-03-20 13:09:05 +01:00
sebres a9c94686b6 fixed multiple regexs matched 2018-03-20 09:09:42 +01:00
sebres 8028d3940d amend with better match of optional suffix-groups; 
remove end-anchors for expressions are precise enough (with clear flow, simple branches, without catch-all's, etc.);
 2018-03-19 17:29:26 +01:00
sebres 66d2436f21 filter.d/sshd.conf: extend suffix with optional port, move it to `prefregex` at end outside of the content 2018-03-19 16:50:49 +01:00
sebres 7b3442c4e2 amend to 185cb998e7c7f2509830bed4a9f2fe6179f77e7b: capture error prefix outside of the failure content; 2018-03-19 14:53:56 +01:00
sebres 185cb998e7 make `prefregex` more precise in order to avoid catch the content for non failure lines 2018-03-19 14:38:47 +01:00
sebres e8ffab28fb filter.d/apache-noscript.conf: extended to match "Primary script unknown", got from php-fpm module. 2018-03-19 14:23:24 +01:00
sebres a6fb33bdec filter.d/recidive.conf: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069 2018-03-09 13:56:38 +01:00
Sergey G. Brester b34ae5999e
action.d/hostdeny.conf: fixes IPv6 syntax 
differentiate the IPv4 and IPv6 syntax (where it is enclosed in square brackets)
 2018-03-05 19:35:10 +01:00
sebres 2b282ead09 Merge branch '0.10' into 0.11 2018-03-02 19:48:15 +01:00
sebres caa2bdfee6 amendment for gh-2061: it looks like the port was added here also 2018-03-02 19:24:47 +01:00
sebres a3bcbe2d1b backwards-compatibility, test-cases and ChangeLog update 2018-03-02 19:15:10 +01:00
MatthieuBarbu 6b5516b851 fix sshd rule #2 
in line 58, rule don't match with "%(__suff)s" but work fine if I replace with "%(__on_port_opt)s"
Debian 9 stretch : fail2ban 0.10.3
 2018-03-02 18:40:36 +01:00
sebres 1d7aa2ff21 filter.d/sshd.conf: rewrite fix (for new ssh log-format) backwards compatible + test-cases extended to cover both cases 2018-03-02 18:17:17 +01:00
MatthieuBarbu 9f5c873526 fix sshd rule 
just remove the space before ":11" line 52 because don't match on my Debian 9 stretch...
I don't know if this is wrong on all OS
 2018-03-02 17:53:35 +01:00
sebres 5ea76789c6 Merge branch '0.10' into 0.11 2018-03-02 17:18:37 +01:00
sebres 8c291cad38 filter.d/asterisk.conf: fixed failregex prefix by log over remote syslog server (gh-2060) 2018-03-02 09:17:04 +01:00
Ben RUBSON b112250ef0 (Free)BSD IPFW does not allow 2 identical rules (#2054) 
ipfw actionban fixed to allow same rule added several times (and actionunban to ignore error by deletion of missing rule)
 2018-02-27 10:18:59 +01:00
Ben RUBSON 857767f04b Add 'any' badips.py bancategory (#2056) 
action.d/badips.py: allow `any` as bancategory to retrieve IPs from all categories
 2018-02-27 10:12:22 +01:00
sebres 47a7f83a0b Merge branch '0.10' into 0.11 2018-02-26 19:30:54 +01:00
sebres 07fcb24ff6 Merge pull request #2057 from benrubson/https 
Use httpS with badips
 2018-02-26 18:50:35 +01:00
sebres f52c67238a action.d/badips.py: code review, ban command covered, debug log-messages, etc; 2018-02-26 18:16:20 +01:00
benrubson fce2a50165 badips.py, solve a str() issue under FreeBSD 2018-02-26 15:55:21 +01:00
benrubson e2665d39fd Use httpS with badips 2018-02-26 09:58:37 +01:00
sebres a5155f55e7 Merge branch '0.10' into 0.11 2018-02-21 09:31:35 +01:00
sebres e636567d23 filter.d/exim.conf: failregex extended with SMTP call dropped: too many syntax or protocol errors. 2018-02-19 09:50:46 +01:00
sebres 19a5a2f8c0 filter.d/murmur.conf: fixed detection of failures reading from journal (systemd-backend only): 
- extended with optional prefix for the systemd-journal (with second date-pattern as optional match);
- added `journalmatch` filtering;
closes gh-2043
 2018-02-09 11:43:55 +01:00
sebres 201ae0dac2 Merge branch '0.10' into 0.11 2018-01-31 12:20:34 +01:00
sebres 0be0e43d47 amend to 03b577d7b92a120e325abe20a99b6956a7e0657c: add new-line after matches via tag `<br>` without usage of interim variable 2018-01-30 12:52:26 +01:00
sebres 03b577d7b9 action.d/blocklist_de.conf: fixed tag substitution (in 0.10 it can be variables supplied via shell-arguments), expand `<matches>` with trailing newline; 
tests extended;
closes gh-2028
 2018-01-30 12:27:03 +01:00
sebres faab77cc79 Merge branch '0.10' into 0.11, with resolved conflicts. 2018-01-24 17:56:58 +01:00
Yaroslav Halchenko 527bb9a7c3 dos2unix for helpers-common.conf 
Original report: http://bugs.debian.org/888110
 2018-01-23 08:48:36 -05:00
sebres 1ca3df877b Merge branch '0.10' into 0.11 2018-01-18 14:32:00 +01:00
sebres f69e28adfc action.d/pf.conf: compatibility fix - recognizes that parameter `port` specified as empty, with or without braces (should be more backwards compatible to 0.9 now). 2018-01-18 14:05:22 +01:00
sebres 38b3290516 Merge branch '0.10' into 0.11 2018-01-17 16:43:45 +01:00
sebres ed22ddbbbb Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-01-17 16:42:56 +01:00
sebres 63e906b2c1 regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name 2018-01-17 16:35:32 +01:00
Benedikt Seidl fed6c49c2d nginx-http-auth: match usernames with spaces 
# Conflicts:
#	ChangeLog
 2018-01-17 16:35:31 +01:00
Sergey G. Brester b6c6565a7e
regex updated using non-capturing groups 2018-01-16 14:23:47 +01:00
riceru 6a1bbbf101
Update lighttpd-auth.conf 
I have lighttpd 1.4.45 (Debian 9) and auth error log is different.
Now printing mod_auth and not http_auth.
I think that the change was in Lighttp 1.4.42
 2018-01-16 12:39:55 +00:00
sebres 576eeb70dd Merge branch '0.10' into 0.11 2018-01-15 18:17:18 +01:00
sebres 2b7b0da943 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-01-15 18:16:43 +01:00
Serg G. Brester 7e05976ead
action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now. 
Closes  #2000
 2018-01-11 12:38:34 +01:00
sebres 039ac7c7c4 Merge branch '0.10' into 0.11 2018-01-11 10:29:46 +01:00
sebres 2112145eb4 stop ban of legitimate users with multiple public keys (e. g. git, etc), thereby 
differentiate between "invalid user" (going banned earlier) and valid users with public keys, for which the rejects of not valid public keys (failures) will be retarded up to "Too many authentication failures" resp. disconnect without success (accepted public key).
 2018-01-10 19:07:20 +01:00
sebres 314e402fe0 filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632) 2018-01-10 14:49:06 +01:00
sebres 0e68c9a720 Merge branch '0.10' into 0.11 2018-01-10 12:22:31 +01:00
sebres c30144b37a Merge branch '0.9' into 0.10 
# Conflicts:
#	config/action.d/firewallcmd-ipset.conf
#	config/filter.d/asterisk.conf
# Merge-point after cherry-pick, no changes:
#	fail2ban/client/jailreader.py
#	fail2ban/helpers.py
 2018-01-10 12:05:26 +01:00
sebres 131b94e11e firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage: 
banaction = firewallcmd-ipset[actiontype="<allports>"]
 2018-01-10 10:58:03 +01:00
Danila Vershinin c190631f88 New ban action firewallcmd-ipset-allports. Closes #1167 2018-01-10 10:58:01 +01:00
Yannik Sembritzki 94f0b15c32
Allow faster parsing of hosts without ' characters in them 2018-01-08 14:54:32 +01:00
Yannik Sembritzki b28dfb965a
Fix filter not catching asterisk requests with quote character in username (fixes #2010) 2018-01-03 18:39:30 +01:00
sebres 5028f17f64 Merge branch '0.10' into 0.11, rewrite updateDb because it can be executed after repair, and some tables can be missing. 
# Conflicts:
#	fail2ban/server/database.py
#	fail2ban/tests/fail2banclienttestcase.py
#	fail2ban/tests/sockettestcase.py
 2017-12-22 17:05:45 +01:00
root 79f414c6a2 fix <family> typo 2017-12-09 15:55:45 +01:00
root 7c63eb2378 In the CentOS7 and epel environment, result of "firewall-cmd -direct -get -chains ipv4 filter" is displayed one line 
Changed to be multiple lines with reference to firewallcmd-multiport.conf
 2017-12-09 15:55:45 +01:00
sebres 309a1cb337 restore timeout for ipset-based actions: on some systems ipset created without default timeout may cause "Kernel error received: Unknown error -1" (gh-1994); 
thus new option `default-timeout` introduced (because of dynamical bantime in 0.10, it cannot be used here).
 2017-12-06 02:38:10 +01:00
sebres 6ccaa03e00 action.d/firewallcmd-ipset.conf: extended with actionflush to bulk unban resp. flush ipset 2017-12-06 01:10:56 +01:00
sebres 7e5d8f37fd Merge branch '0.10' into 0.11 
# Conflicts:
#	config/action.d/firewallcmd-ipset.conf
#	fail2ban/server/jail.py
#	fail2ban/tests/servertestcase.py
 2017-12-06 00:14:23 +01:00
sebres 2712f72650 Merge remote-tracking branch 'master' into 0.10 2017-12-06 00:09:52 +01:00
sebres e384acca5f action.d/firewallcmd-ipset.conf: fixed create of set for ipv6 (missing `family inet6`) 2017-12-05 23:34:03 +01:00
Kevin Maradona 6c705d572b filter.d/nginx-limit-req.conf: nginx limit-req log-level can be set to warn or error therefore having this regex will include both of them. 2017-12-05 22:31:54 +01:00
sebres ffd6b9f6de jail.conf: extended with new parameter `mode` for the filters supporting it; 2017-12-05 16:09:18 +01:00
sebres 2b68882502 filter.d/exim.conf: provides mode "aggressive" to ban flood resp. DDOS-similar failures; 
Closes #1983
 2017-12-05 16:07:53 +01:00
sebres cc153888d5 Merge branch '0.10' into 0.11 2017-12-01 15:55:10 +01:00
sebres 7f89fbc33f Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-12-01 15:53:11 +01:00
Serg G. Brester 4f63180611
Avoid injection using quotes after `auth` command; 
Added non-greedy fallback for quoted something (with lookahead simulated possessive greedy catch of non-quoted parts `[^"]*(?=")`).
Note that because host-info's are hereafter (with foreign input in-between), we would not use greedy or non-greedy catch-alls (`.*` or `.*?`) here (preventing performance losses).
 2017-11-30 12:32:24 +01:00
Serg G. Brester f59df2e156
Avoid any injecting on protocol (e. g. tries using camel-case) 
The phrase "AUTH command used when not advertised" is precise enough as anchor here, so prevent by any foreign-input (any auth protocol error).
 2017-11-29 20:55:48 +01:00
Peter Nowee aa158ac05f
Exim failregex: Include lower/mixed case AUTH 
When reporting the error `AUTH command used when not advertised`, Exim
starts with `SMTP protocol error in "........."`. Here, Exim logs the
SMTP command as it was provided by the connecting client.
https://github.com/Exim/exim/blob/exim-4_89+fixes/src/src/smtp_in.c#L2850

According to RFC 5321 (SMTP) "[..] a command verb [..] MAY be encoded
in upper case, lower case, or any mixture of upper and lower case with
no impact on its meaning."
https://tools.ietf.org/html/rfc5321#section-2.4

Lower case `auth login` brute-force attempts were seen in the wild and
were not caught by the current failregex.

This commit makes the failregex case-insensitive for the `AUTH`
command, so that lower case (`auth`) or mixed case (`aUtH`) now also
match. The failregex was already case-insensitive for the command
arguments (e.g. `AUTH login` already matched).
 2017-11-29 15:14:43 +01:00
SlowRiot 660d57e6ba updating my email address 2017-11-29 10:43:15 +01:00
sebres 5cc0abbb02 Merge branch '0.10' into 0.11 
# Conflicts:
#	fail2ban/tests/fail2banclienttestcase.py
 2017-11-28 16:37:51 +01:00
sebres 76f2865883 implemented new action "action.d/nginx-block-map.conf", used in order to ban not IP-related tickets via nginx (session blacklisting in nginx-location with map-file); 2017-11-28 13:42:41 +01:00
sebres 12b55bb8cc Merge remote-tracking branch '0.10' into 0.11 2017-11-27 12:02:46 +01:00
sebres f31195a4fc added new logtarget "SYSOUT" to log from fail2ban working in foreground as systemd-service (in opposite to "STDOUT" don't log time-stamps). 2017-11-26 23:03:29 +01:00
sebres 8aeaaf06ee Merge branch '0.10' into 0.11 2017-11-23 22:57:21 +01:00
sebres 159957ab88 filter.d/sshd.conf: extended failregex for modes "extra"/"aggressive": now finds all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors; 
obsolete (multi-line buffered) variant extended also.

Closes gh-1943, gh-1944
 2017-11-23 22:21:42 +01:00
sebres 70b933f405 Merge branch '0.10' into 0.11 2017-11-06 18:57:53 +01:00
sebres 7e756da2b9 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-11-06 18:56:31 +01:00
sebres eba68a8f37 config/paths-common.conf: Added initial values for `syslog_authpriv`, `syslog_mail` in order to avoid errors while parsing/interpolating configuration; 
Note the systemd-backend does not need the logpath at all;
Some defaults normalized (minimized configs, don't need to overwrite values in distribution-related path if equal).
 2017-11-03 14:15:07 +01:00
Serg G. Brester 9876dd44f9 replace port imap3 with imap everywhere, since imap3 is not a standard port and old rarely (if ever) used and missing on some systems 
(see gh-1942)
 2017-11-03 14:03:06 +01:00
Jeff Potter 4a2fc8b7e8 Include imap (port 143) in courier-auth ports 
imap was missing from the list of ports, preventing fail2ban from blocking connections on standard IMAP port 143.
 2017-11-03 14:01:19 +01:00
sebres 12419b75f2 Merge branch '0.10' into 0.11 
# Conflicts:
#	fail2ban/tests/servertestcase.py
 2017-10-30 14:02:41 +01:00