github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,502 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

3502 Commits (2b6f8737a72703426149dfd42bac4f74b1e8a6ce)

Author SHA1 Message Date
Yaroslav Halchenko 6b2e76ba7f BF: pyinotify - use bitwise op on masks and do not try tracking newly created directories 2013-01-25 16:06:41 -05:00
Orion Poplawski fdd9dfb4b5 Initial support for --no-network option for fail2ban-testcases 2013-01-25 12:56:00 -07:00
Steven Hiscocks d05f420758 Added FilterReader test 2013-01-25 18:28:48 +00:00
Yaroslav Halchenko b8a861d012 Merge remote-tracking branch 'gh-yarikoptic/master' 
* gh-yarikoptic/master:
  ENH: Added login authenticator failed regexp for exim filter
  DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333)
 2013-01-25 13:27:30 -05:00
Steven Hiscocks 7234c2a3aa Added multiregex test for multi-line filter 2013-01-25 18:16:55 +00:00
Steven Hiscocks ea466d59f4 ignoreregex now functions correctly with multiline 
Ignore regexs are now only compared to lines that match the failregex.
Supporting test also added for multiline regex and overlapping
multiline regex matches.
 2013-01-25 18:11:40 +00:00
Yaroslav Halchenko 4a48844027 Merge pull request #107 from opoplawski/master 
sshd filter - avoid banning on pam failures since might be too early. Close gh-106

If desired to ban on pam -- enable pam-generic filter, possibly even tuning in pam-generic.local the value for caught ttys in case of more detailed control needed

Provided example was:

 Jan 18 12:47:34 host sshd[23755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.123.123.123  user=myuser
 Jan 18 12:47:34 host sshd[23755]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.123.123.123 user=myuser
 Jan 18 12:47:34 host sshd[23755]: Accepted password for myuser from 123.123.123.123 port 50615 ssh2
 2013-01-25 08:24:44 -08:00
Yaroslav Halchenko 7d630cb0de Merge pull request #109 from blotus/master 
Escape ' and " in matches
 2013-01-25 08:11:04 -08:00
blotus 96eb8986cc Escape ' and " in matches tag 2013-01-25 13:37:22 +01:00
Steven Hiscocks 28f68a693f Minor typo in server/failregex.py 2013-01-24 21:12:45 +00:00
Steven Hiscocks 9b4806bfd3 Added <SKIPLINES> regex applicable for multi-line 
This allows lines captured by <SKIPLINES> regex to remain in the line
buffer in Filter
 2013-01-24 18:20:43 +00:00
Steven Hiscocks 5952819a58 Sanitise testcase log 04 2013-01-23 19:32:55 +00:00
Steven Hiscocks 00ab425492 Changed multi-line test to provided example 2013-01-23 19:10:27 +00:00
Steven Hiscocks 055aeeb227 Filter for multi-line now stores last time match 
This is useful for log files which dont contain a date/time on every
line
 2013-01-23 18:42:25 +00:00
Steven Hiscocks 5c7e3841e0 Simplify and change some filter line buffer 
Include change variable names to `fail2ban` style
 2013-01-23 18:26:49 +00:00
Steven Hiscocks aec709f4c1 Initial changes and test for multi-line filtering 2013-01-22 20:54:14 +00:00
Orion Poplawski bb7628591c Update config/filter.d/sshd.conf 
Do not trigger sshd bans on pam_unix authentication failures, this will trigger on successful logins on systems that use non-pam_unix authentication (sssd, ldap, etc.).
 2013-01-18 14:44:49 -07:00
Yaroslav Halchenko 9a39292813 ENH: Added login authenticator failed regexp for exim filter 2013-01-04 15:23:05 -05:00
Yaroslav Halchenko b3d8ba146b DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333) 2013-01-04 15:23:05 -05:00
Yaroslav Halchenko 3ce53e8798 ENH: Added login authenticator failed regexp for exim filter 2013-01-04 15:22:18 -05:00
Yaroslav Halchenko 8f0c533d64 DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333) 2013-01-04 10:55:14 -05:00
Michael Gebetsroither 03433f79cd add example jail.conf for blocking through blackhole routes for ssh 2013-01-04 16:09:04 +01:00
Michael Gebetsroither f9b78ba927 add support for blocking through blackhole routes 2013-01-03 18:46:31 +01:00
Yaroslav Halchenko be06b1b914 Merge pull request #102 from grooverdan/ipset 
Ipset
 2012-12-30 19:51:15 -08:00
Daniel Black da0ba8ab4c ENH: add example jail for ipset 2012-12-31 14:38:51 +11:00
Daniel Black 9221886df6 more documentation and optimisations/fixes based on testing 2012-12-31 14:31:37 +11:00
Daniel Black abd5984234 base ipset support 2012-12-31 14:31:37 +11:00
Yaroslav Halchenko 05af52e833 ENH: fail2ban-regex -- __str__ for RegexStat + modeline 2012-12-24 11:05:44 -05:00
Yaroslav Halchenko 21e966e4bb example logs should carry the same name as the filter they are devised for 2012-12-13 08:24:02 -05:00
Yaroslav Halchenko f96ea013bb Merge pull request #99 from pigsyn/patch-2 
Update config/filter.d/webmin-auth.conf for trailing spaces
 2012-12-13 05:22:43 -08:00
pigsyn 123d457924 Update testcases/files/logs/Webmin 2012-12-13 08:33:07 +01:00
pigsyn 38dd1506cc Sample Webmin logs 2012-12-12 23:25:31 -08:00
pigsyn f336d9f876 Update config/filter.d/webmin-auth.conf 
Added '\s*$' to the regular expression to match the space written by webmin logs at line-endings
 2012-12-13 08:14:49 +01:00
pigsyn dc67b24270 Update config/filter.d/webmin-auth.conf 
Added a trailing '.*$' to each regex so they can find expressions in targeted log files.
 2012-12-12 23:07:39 +01:00
Yaroslav Halchenko 3969e3f77b ENH: dovecot.conf - require space(s) before rip/rhost log entry 2012-12-12 09:16:52 -05:00
Yaroslav Halchenko 68c1defb76 ENH: added dovecot example from Daniel Black + example with DoS attempt via injected rhost 2012-12-12 09:16:27 -05:00
Yaroslav Halchenko 6d804df504 Merge branch 'patch-2' of https://github.com/hamilton5/fail2ban (dovecot log examples) 
* 'patch-2' of https://github.com/hamilton5/fail2ban:
  Update testcases/files/logs/dovecot
  Update testcases/files/logs/dovecot
 2012-12-12 09:11:34 -05:00
Yaroslav Halchenko d7b7d7d491 Merge branch 'patch-1' of https://github.com/hamilton5/fail2ban 
* 'patch-1' of https://github.com/hamilton5/fail2ban:
  Update config/filter.d/dovecot.conf
  Update config/filter.d/dovecot.conf
  Update config/filter.d/dovecot.conf
 2012-12-12 09:10:44 -05:00
Yaroslav Halchenko 46e2de98ff Merge pull request #97 from grooverdan/simplefix 
name -> IP is a normal DNS lookup not a reverse
 2012-12-12 06:08:14 -08:00
Yaroslav Halchenko 620d6015ac Merge pull request #98 from grooverdan/gitignore 
ignore build directory and compiled python bits
 2012-12-12 06:07:09 -08:00
Daniel Black fd7929863b name -> IP is a normal DNS lookup not a reverse 2012-12-12 21:59:01 +11:00
Daniel Black b95dc592b9 ignore build directory and compiled python bits 2012-12-12 21:43:27 +11:00
hamilton5 266cdc29a6 Update config/filter.d/dovecot.conf 
even tho not on the fail2ban site..
suggested to not be greedy by yarikoptic
 2012-12-11 12:09:28 -05:00
hamilton5 ccc62ddbf3 Update testcases/files/logs/dovecot 2012-12-11 12:05:01 -05:00
Yaroslav Halchenko 67145d8b78 ENH: assure that all date templates have unique names 2012-12-11 11:18:52 -05:00
Yaroslav Halchenko d1625253eb ENH: debug msgs on which template was taken (+ use "is" for None comparisons) 2012-12-11 11:18:52 -05:00
Yaroslav Halchenko 2b6366656f BF: make sorting of date templates stable 
Before, it would first do stable sort followed with explicit reverse.
Now reverse is given as an argument to sort, and it results in actually
preserving the order in case of e.g. no sorting needed
 2012-12-11 11:18:52 -05:00
Yaroslav Halchenko 7bd977e2df ENH: fail2ban-testscases -- allow to specify regexps for tests to be ran 
Eventually we will switch to use nose or py.test -- for now this
homebrew solution could be used to run selected suites only
 2012-12-11 11:18:52 -05:00
hamilton5 c534c1d03d Update testcases/files/logs/dovecot 2012-12-11 11:05:22 -05:00
hamilton5 e040c6d8a3 Update config/filter.d/dovecot.conf 
site actually needs updated because of <HOST> alias 
per Notes above.
 2012-12-11 03:26:14 -05:00