fail2ban

Commit Graph

Author	SHA1	Message	Date
Daniel Black	286d78e13c	Merge pull request #430 from grooverdan/apache-overflows ENH: Apache overflows - httpd-2.4 message IDs + samples	11 years ago
Daniel Black	50ca16e50e	Merge pull request #431 from grooverdan/apache-noscript ENH: apache-2.4 message IDs for filter apache-noscript	11 years ago
Daniel Black	947c6ff9cc	Merge pull request #433 from grooverdan/asterisk BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from " regex thanks to Jonathan Lanning	11 years ago
Daniel Black	38503a5848	Merge pull request #434 from grooverdan/dos-resistant-dropbear ENH: DoS resistant dropbear filter	11 years ago
Daniel Black	62b1f98dff	Merge pull request #435 from grooverdan/dos-resistant-exim BF: exim filter to be DoS resistant	11 years ago
Daniel Black	be60518218	BF/ENH: DoS resistant roundcube-auth with test cases and more variation in IMAP error given	11 years ago
Daniel Black	52972164a2	BF: exim filter to be DoS resistant	11 years ago
Daniel Black	c272573fe3	ENH: DoS resistant dropbear filter	11 years ago
Daniel Black	eb9663eb4f	BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning	11 years ago
Daniel Black	648d48c355	ENH: apache-2.4 message IDs for filter apache-noscript	11 years ago
Daniel Black	a4718eb644	ENH: apache-overflow filter to have HTTP-2.4 message IDs and test samples	11 years ago
Daniel Black	87516eb92b	ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case	11 years ago
Daniel Black	c5021b55f6	Merge pull request #427 from yarikoptic/bf/nginx-regex-injection BF: anchor introduced nginx-http-auth at the end	11 years ago
Yaroslav Halchenko	ccd26578ec	Merge pull request #425 from grooverdan/asterisk-simplify ENH: condense asterisk regexs for speed	11 years ago
Yaroslav Halchenko	ac061155f0	BF: anchor introduced nginx-http-auth at the end needed since request probably could be not a correct HTTP statement but continue with all those to match till the end and then injected ", client: VICTIM, server..." thus allowing injection. We better anchor at the end then	11 years ago
Yaroslav Halchenko	ea8fce6308	Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection openssh 6.3 regex injection vectors: inject into ruser and/or exploiting pre-specified limits set for user provided data	11 years ago
Yaroslav Halchenko	bf245f9640	DOC: adding DEV Notes for for non-greedy matchin within sshd.conf	11 years ago
Daniel Black	d6bbe03861	Merge pull request #424 from grooverdan/nginx-auth ENH: add filter.d/nginx-http-auth. Partially forfils #405	11 years ago
Yaroslav Halchenko	750e0c1e3d	BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input since daemon might eventually change reported length and we would need to adjust anyways. So limiting in length does not provide additional security but allows for a possible injection vector	11 years ago
Yaroslav Halchenko	abb012ae5c	BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy	11 years ago
Daniel Black	d7560d4041	ENH: condense asterisk regexs for speed	11 years ago
Daniel Black	a148d35d70	ENH: add filter.d/nginx-http-auth. Partially forfills #405	11 years ago
Yaroslav Halchenko	4522308354	ENH: regenerated config/filter.d/apache-badbots.conf	11 years ago
Daniel Black	0730db9b2b	Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam BF: wuftpd pam filter fix (Debian bug 665925)	11 years ago
Daniel Black	e55b24c533	BF: fix dovecot filter for newer failure message. Closes Debian bug #709324	11 years ago
Daniel Black	8b54523316	BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925	11 years ago
Daniel Black	ee1edfbf0c	BF: remove duplication definition secion in webmin-auth	11 years ago
Daniel Black	b5c10488c1	Merge pull request #409 from grooverdan/filter-doco DOC: in filters, put user relevant doc at top, and developer info at bot...	11 years ago
Daniel Black	c3f9c9aa60	BF: filter.d/dropbear Add PAM failures which is in dropbear-2013.60 in srv-authpam.c Patch http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch obviously has exit with lower case e so adjust regex for both. svr-authpasswd.c in 2013.60 (at bottom) for second regex ends after the IP so the regex was altered. .\s can be compressed to .*	11 years ago
Daniel Black	89fd792dfb	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	11 years ago
Daniel Black	de9977441a	DOC: move named and mysql instructions into the filters from jail.conf	11 years ago
Daniel Black	95f3f38682	MRG: merge ChangeLog and jail.conf	11 years ago
Daniel Black	e3150044fd	BF: fix selinux TST: ignore *common.conf files in test cases as these are included BF: Remove USER_LOGIN from selinux-ssh as its a duplicate message ENH: add sample jail.conf	11 years ago
Daniel Black	0f85aef609	Merge pull request #407 from grooverdan/dovecot-jail ENH: Dovecot jail	11 years ago
Daniel Black	cde389cadc	ENH: additional tweek to dovecot regex based on http://chrisgilligan.com/portfolio/fail2ban-regex/	11 years ago
Daniel Black	d451c2a231	FIX: vsftp improvements from Rich Mellor on mailing list	11 years ago
Daniel Black	b61fe0f12d	Merge pull request #378 from grooverdan/sasl ENH: filter.d/postfix-sasl - anchor regex at start and rename from filter.d/sasl	11 years ago
Daniel Black	4ecc063bd0	ENH: rename filter.d/sasl -> filter.d/postfix-sasl	11 years ago
Daniel Black	e417a2112c	Merge pull request #386 from grooverdan/qmail ENH: filter.d/qmail - anchor at start. Add another regex	11 years ago
Daniel Black	e227568c3b	Merge pull request #384 from grooverdan/dovecot-325 ENH: added to dovecot filter. closes gh-325	11 years ago
Daniel Black	6b519d54db	ENH: filter.d/recidive - replace ignore regex with a negative lookahead assertion	11 years ago
Daniel Black	351eb5ec8f	ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd	11 years ago
Daniel Black	eb59a57b7f	ENH: tighten pam_unix expression for dovecot	11 years ago
Daniel Black	864d2f41b9	ENH: auth-worker as per of _daemon definition for dovecot	11 years ago
Daniel Black	2d1bd54439	Merge pull request #379 from grooverdan/webmin ENH: filter.d/webmin anchor at start and use syslog	11 years ago
Yaroslav Halchenko	500968874e	Merge pull request #381 from grooverdan/suhosin ENH: filter.d/suhosin - anchor regex at start	11 years ago
Yaroslav Halchenko	a7b1b802e0	Merge pull request #382 from grooverdan/vsftpd Vsftpd	11 years ago
Yaroslav Halchenko	f0b91fcede	Merge pull request #380 from grooverdan/sogo ENH: filter.d/sogo-auth - anchor regex at start	11 years ago
Daniel Black	df313649a4	ENH: escape . in recidive filter	11 years ago
Daniel Black	d60f470096	ENH: added to dovecot filter. closes gh-325	11 years ago

1 2 3 4 5 ...

316 Commits (2c63b1fe93aeb77724ffc0001110bad04a7065f7)