Daniel Black
ef62d0d4c1
Merge pull request #391 from grooverdan/jail-mysql-doc
...
ENH: mysql syslog jail.conf base
11 years ago
Daniel Black
e417a2112c
Merge pull request #386 from grooverdan/qmail
...
ENH: filter.d/qmail - anchor at start. Add another regex
11 years ago
Daniel Black
e227568c3b
Merge pull request #384 from grooverdan/dovecot-325
...
ENH: added to dovecot filter. closes gh-325
11 years ago
Daniel Black
0022cca786
Merge pull request #385 from grooverdan/ipset
...
ENH/BF: Ipset - add iptables-ipset-proto6-allports / use blocktype on iptables-ipset-proto6*
11 years ago
Daniel Black
8fe542ca9f
DOC: reintroduce comment on comments
11 years ago
Daniel Black
6b6169178f
ENH: mysql syslog jail.conf base
11 years ago
Daniel Black
ee58696531
DOC: try to encourage jail.local jail.d/*.local a lot more
11 years ago
Daniel Black
6ef33981e3
ENH: new asterisk jail to replace asterisk-(tcp|udp) (now that gh-37 is fixed)
11 years ago
Daniel Black
6b519d54db
ENH: filter.d/recidive - replace ignore regex with a negative lookahead assertion
11 years ago
Daniel Black
351eb5ec8f
ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd
11 years ago
Daniel Black
eb59a57b7f
ENH: tighten pam_unix expression for dovecot
11 years ago
Daniel Black
864d2f41b9
ENH: auth-worker as per of _daemon definition for dovecot
11 years ago
Daniel Black
2d1bd54439
Merge pull request #379 from grooverdan/webmin
...
ENH: filter.d/webmin anchor at start and use syslog
11 years ago
Yaroslav Halchenko
500968874e
Merge pull request #381 from grooverdan/suhosin
...
ENH: filter.d/suhosin - anchor regex at start
11 years ago
Yaroslav Halchenko
a7b1b802e0
Merge pull request #382 from grooverdan/vsftpd
...
Vsftpd
11 years ago
Yaroslav Halchenko
f0b91fcede
Merge pull request #380 from grooverdan/sogo
...
ENH: filter.d/sogo-auth - anchor regex at start
11 years ago
Daniel Black
df313649a4
ENH: escape . in recidive filter
11 years ago
Daniel Black
1a5e17f2a3
BF: use blocktype for iptables-ipset-proto6*
11 years ago
Daniel Black
dcb845f17c
ENH: add iptables-ipset-proto6-allports for blocking all ports
11 years ago
Daniel Black
2a1d629d88
BF: webmin -> webmin-auth
11 years ago
Daniel Black
ab457acc4d
BF: fix name in action for uwimap-auth
11 years ago
Daniel Black
0beea03914
ENH: jail.conf example for webmin
11 years ago
Daniel Black
d60f470096
ENH: added to dovecot filter. closes gh-325
11 years ago
Daniel Black
46386412a4
ENH: filter.d/vsftpd - pam regex as syslog and anchored at start
11 years ago
Daniel Black
1519712972
ENH: filter.d/vsftpd anchor internal regex at start
11 years ago
Daniel Black
9637c27873
ENH: filter.d/suhosin - anchor regex at start
11 years ago
Daniel Black
13bcc9aa84
ENH: filter.d/sogo-auth - anchor regex at start
11 years ago
Daniel Black
b64bf3fa7b
ENH: filter.d/webmin anchor at start and use syslog
11 years ago
Daniel Black
f4c7c8f4b3
ENH: sasl - anchor regex at start
11 years ago
Daniel Black
23dd734aa9
Merge pull request #366 from grooverdan/dovecot
...
ENH: dovecot regex to match failure reported by Bob Cohen on mailing lis...
11 years ago
Daniel Black
f998e01590
Merge pull request #359 from grooverdan/pureftpd
...
ENH: Pureftpd syslog prefixing and filter achoring
11 years ago
Daniel Black
ba8183b116
Merge pull request #372 from grooverdan/uw-imap
...
ENH: filter.d/uwimap-auth added. Closes #18
11 years ago
Daniel Black
262616f7a7
ENH: filter.d/uwimap-auth - failure of an admin override to regex
11 years ago
Daniel Black
9211179d30
ENH: filter.d/uwimap-auth - add "disabled" to regex
11 years ago
Daniel Black
4649cf9608
ENH: separate selinux and selinux-ssh
11 years ago
Daniel Black
791183b639
ENH: filter.d/uwimap-auth - add SYSTEM BREAK-IN ATTEMPT
11 years ago
Daniel Black
a1eaa5f755
ENH: filter.d/selinxu added. Closes #296
11 years ago
Daniel Black
778f09debe
DOC/ENH: __md5hex regex defination to common.conf. Document debian bug #
11 years ago
Daniel Black
b3b62d65bf
ENH: filter.d/uwimap-auth added. Closes #18
11 years ago
Daniel Black
f2ae20a3b8
BF: filter.d/sshd group on md5hex and () for serial needed to be escaped
11 years ago
Daniel Black
1eeb6e94bd
BF: fix regex for openssh-6.3
11 years ago
Daniel Black
e12d389c65
MRG/DOC: jail.conf resolution, ChangeLog fixes
11 years ago
Mark McKinstry
b6bf26c9f2
dont' need to set a default name
11 years ago
Mark McKinstry
4187e87b69
don't enabel ssh-apf jail by default
11 years ago
Mark McKinstry
f9f4d2728f
add an example jail for apf action and ssh filter
11 years ago
Mark McKinstry
2668adc896
Merge branch 'master' of github.com:fail2ban/fail2ban
11 years ago
Mark McKinstry
1af4543aca
ability to name the jail that banned the IP with apf
11 years ago
Mark McKinstry
dd9ee4c39a
quotes around the comment put in apf's deny_hosts.rules file
11 years ago
Mark McKinstry
e64493c328
use human readable/longer options when banning and un-banning IPs with apf
11 years ago
Mark McKinstry
c692912a82
don't hardcode absolute path for apf firewall
11 years ago
Mark McKinstry
66aff43d68
remove un-needed '$' line
11 years ago
Daniel Black
8c2a5612ed
DOC: resolve ChangeLog conflicts
11 years ago
Daniel Black
2a805452c6
DOC: resolve ChangeLog conflicts
11 years ago
Daniel Black
8e9fab9b3c
Merge branch 'master' of https://github.com/fail2ban/fail2ban
11 years ago
Daniel Black
3be7dcd701
DOC: resolve ChangeLog conflicts
11 years ago
Daniel Black
89e0520675
ENH: dovecot regex to match failure reported by Bob Cohen on mailing list
11 years ago
Daniel Black
c3ee03b9ba
BF: fix daemon name typo for filter proftpd
11 years ago
Daniel Black
39ca8837eb
TST: pureftpd - syslog therefore use syslog prefixes in filter
11 years ago
Daniel Black
30bb1a77a3
ENH: added syslog prefix to pam-generic filter. Disable regex match for pre 2006 (< 0.99.2.0) versions on linux-pam
11 years ago
Daniel Black
ee497ff1cb
ENH: filter mysqld-auth can be a is a syslog based service so anchor it using syslog prefix
11 years ago
Daniel Black
13ec9d58c0
ENH: filter gssftpd is a syslog based service so anchor it using syslog prefix
11 years ago
Daniel Black
673cc4d77f
ENH: anchor at end of recidive filter
11 years ago
Daniel Black
504111b0b1
ENH: filter.d/recidive - anchor regex at start and support f2b SYSLOG target
11 years ago
Beau Raines
060bd45295
ENH - Added server name to subject line in email notifications
...
This is useful when fail2ban is running on multiple servers and
keeping the notifictions separate and knowing which machine is "under
attack".
11 years ago
Daniel Black
ad291d7e38
Merge pull request #346 from grooverdan/bsd-ipfw-default-unreach-port
...
BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp ...
11 years ago
Daniel Black
e5f1a7f050
Merge pull request #344 from grooverdan/osx
...
ENH: OSX ipfw based on Andy Fragen's work
11 years ago
Daniel Black
4face1f3e7
MRG: resolve conficts in action.d/osx-ipfw design
11 years ago
Andy Fragen
d258a51a23
after some research it looks like setting to unreachable better than deny
11 years ago
Andy Fragen
fe557e5900
more specific actionunban
11 years ago
Andy Fragen
a4884f82cd
add mods from grooverdan and fix actionunban
...
actionunban still not working in grooverdan's mod. I made this one grep both <ip> and <port>. It should be more specific if the same <ip> is banned on multiple ports.
11 years ago
Daniel Black
6b0e2289d4
Merge pull request #335 from grooverdan/gh-333-bind
...
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
11 years ago
Daniel Black
f2bcf84893
BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp rejecting blocked packets
11 years ago
Daniel Black
749f215089
ENH: port optional
11 years ago
Daniel Black
8b22fa15b5
BF: reverted to simplier random rulenum. If your machine is handling 1000s of block the addition complexity isnt what you want
11 years ago
Daniel Black
b31799a322
ENH: add action.d/osx-afctl anonymously contributed on f2b wiki
11 years ago
Daniel Black
808aa1a792
ENH: added jail.conf example. closes gh-340
11 years ago
Daniel Black
5741348f45
ENH: more options and ruggedness to prevent unintensional consequences
11 years ago
Daniel Black
52bd0f86a8
Merge branch 'osx-ipfw' of https://github.com/afragen/fail2ban into osx
11 years ago
Daniel Black
7cc3e8a8c0
BF: Invert expression on actionstop in bsd-ipfw.conf to ensure exit status 0 on success. Closes gh-343
11 years ago
Daniel Black
15f2f38972
ENH: anchor regex at start
11 years ago
Daniel Black
d5684a0834
BF: filter.d/routecube-auth - time offset can be positive or negative
11 years ago
Daniel Black
a401d11644
ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied
11 years ago
Andy Fragen
ef504c869f
added osx specific ipfw action with random rulenum
11 years ago
Yaroslav Halchenko
265a85ec1f
RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis
11 years ago
Daniel Black
b8e7d0b867
ENH: further tighten lighttpd basic auth regex
11 years ago
Daniel Black
a7ebb84a7d
ENH: tighted up lighttpd regex
11 years ago
François Boulogne
e133b9f1d1
MAINT: add support for lightty1.4.31
11 years ago
Daniel Black
ca4729e943
ENH: filter.d/exim.conf - add authentication failures for "plain" authentication
11 years ago
Daniel Black
ef903db3c9
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
11 years ago
Daniel Black
cfb7dba268
DOC: merge ChangeLog
11 years ago
Daniel Black
b589533d69
Merge branch 'master' into kwirk-merge
...
Conflicts:
ChangeLog
testcases/files/logs/dropbear
11 years ago
Daniel Black
fd7cc5bda7
BF: duplicate regex match fixed
11 years ago
Daniel Black
6a56727669
BF: apache-common regex - datetime could be entirely consumed
11 years ago
Daniel Black
a9eb8a76c6
merge of change log and apache-auth differences
11 years ago
Steven Hiscocks
4e5feed7fc
Merge pull request #8 from grooverdan/gh-303-merge-2
...
training space on wuftp
11 years ago
Daniel Black
aad7d08451
BF: disable filter expressions without tests
11 years ago
Yaroslav Halchenko
42f3aa9f62
Merge pull request #329 from grooverdan/bind-unauth-zonetransfer
...
Bind unauth zonetransfer. Closes #323
11 years ago
Daniel Black
6a36ff1a4a
BF: order mailx arguments with dest email address last - redhat bugzilla 998020. Closes gh-328
11 years ago
Daniel Black
c44328b1a3
ENH: new "realm mismatch" message from https://issues.apache.org/bugzilla/show_bug.cgi?id=55284#c8
11 years ago
Daniel Black
ea7cba4205
ENH: trailing space as per discussion on gh-303
11 years ago
Daniel Black
61d43608ae
ENH: filter.d/postfix - add filter for VRFY. Closes gh-322
11 years ago
Daniel Black
5d451bc4d6
ENH: add refused zone tranfer to named-refused filter. closes #323
11 years ago
Steven Hiscocks
53e16e07ad
ENH: Minor tweak on previous commit proftpd regex changes
11 years ago
Steven Hiscocks
9002de069e
ENH: Improve proftpd regex.
...
Taken from @yarikoptic comment:
https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500
11 years ago
Orion Poplawski
31a78b2711
Use /var/run/fail2ban in config/action.d/dummy.conf
11 years ago
Yaroslav Halchenko
e7d5e466b9
Merge branch 'enh/asterisk_and_dropbear_filters'
...
* enh/asterisk_and_dropbear_filters:
ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
minor: consistent indentation in dropbear.conf
https://github.com/fail2ban/fail2ban/issues/306
fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
11 years ago
Yaroslav Halchenko
4e0ddc5f67
ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
11 years ago
Yaroslav Halchenko
9487ee5562
minor: consistent indentation in dropbear.conf
11 years ago
Daniel Black
d8883f4346
DOC: Notes about 401 responses and how apache logs this
11 years ago
Daniel Black
7b2773889d
TST: apache-auth filter - nonce timetravel tests + other expression fixes
11 years ago
Daniel Black
0fb04cb2f0
ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4)
12 years ago
Daniel Black
56faf7f5ad
DOC: fix ChangeLog merge
12 years ago
Jamyn Shanley
a355fab91b
https://github.com/fail2ban/fail2ban/issues/306
...
Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles.
Signed-off-by: Jamyn Shanley <jshanley@gmail.com>
12 years ago
Jamyn Shanley
8936f2cd02
fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
12 years ago
Steven Hiscocks
2f4aaa9fb9
ENH: Simplify sieve filter failregex
12 years ago
Steven Hiscocks
b5639a8672
ENH: Simplify cyrus-imap filter fail regex
12 years ago
Daniel Black
8f532f9148
NIT: space remove
12 years ago
Daniel Black
7d7ef08145
ENH: authentication_id can be an imap4 quoted string, whatever that is, so using .+ as its id
12 years ago
Daniel Black
abc4146079
ENH: perdition proxies other types hence daemon can include (perdidtion.(imap|pop)s?|managesieve). Also support local authentication resulting in the log message: local authentication failure
12 years ago
Steven Hiscocks
cf1e5bdbc2
ENH: Tweak proftpd regex and add sample logs
...
Needed to add optional ":" post __pid_re, and for consistency, decided
to make use of __prefix_line instead which includes this.
12 years ago
Steven Hiscocks
8b9bafda79
ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples
...
suhosin is hardened php implmentation, which will log the alerts (as
seen in samples) to stderr, which is picked up by fastcgi webserver
(e.g. lighttpd, apache, nginx)
12 years ago
Steven Hiscocks
4033857f63
ENH: Improve xinetd-fail regex and add sample logs
12 years ago
Steven Hiscocks
a11f91b835
ENH: Improve cyrus-imap regex and add extra sample line
12 years ago
Steven Hiscocks
534be189dc
ENH: Improve sieve regex and add sample line
12 years ago
Steven Hiscocks
ab671b0b1a
ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample
...
For wu-ftpd configured to use pam, the pam filter used be used, as regex
is more robust.
12 years ago
Steven Hiscocks
57a6c11260
ENH: Improve courierlogin regex and add sample logs
12 years ago
Steven Hiscocks
bd175f0267
ENH: Improve cyrus-imap regex and add sample log file
12 years ago
Steven Hiscocks
83a80a29ea
ENH: Improve couriersmtp and add sample logs
12 years ago
Steven Hiscocks
eb2f0c9272
ENH: Improve postfix regex and add more samples
12 years ago
Daniel Black
5cfe108186
ENH: filter enhancements (with test cases) for apache-auth (httpd-2.4.4)
12 years ago
Daniel Black
6fdfd8d356
BF: fix port
12 years ago
Daniel Black
eea5b071e6
ENH: jail for perdition
12 years ago
Daniel Black
fcf79b475f
ENH: new filter perdition.conf
12 years ago
Daniel Black
03ec7c211b
ENH: could not find a way to trigger filter ^%(_apache_error_client)s authorization failure \(no authenticated user\): \S*\s*$
12 years ago
Daniel Black
8ce9c78474
TST: apache-auth digest logs
12 years ago
Daniel Black
f8b5b3a1ef
ENH: apache-auth - quite a lot of authorization failure messages depending on module. Make a wildcard
12 years ago
Daniel Black
4eca2c0bd5
TST: apache-auth client denied by server configuration
12 years ago
Daniel Black
e0292913eb
ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner
12 years ago
Yaroslav Halchenko
f6a8a04cf3
ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback
...
I also used non-greedy .*? for the login portion since not sure if space could
be there and trying to minimize possibility of reacting on injected "from
<HOST>" somewhere within the trailing .*
12 years ago
Yaroslav Halchenko
8add63c733
ENH: anchor roundcube-auth at the beginning as well
12 years ago
Steven Hiscocks
728399c39e
Merge pull request #281 from kwirk/dovecot-filter
...
ENH: dovecot filter additions for session, time value and blank user
12 years ago
Daniel Black
ab10664b57
ENH: action.d/hostsdeny to take daemon_list arguement as suggested in README.Solaris
12 years ago
Steven Hiscocks
606e97683b
BF: jail.conf multiport actions previously using single port iptables
12 years ago
Daniel Black
975999591f
ENH/DOC: more realm mismatch errors. Documented filter design criteria
12 years ago
Daniel Black
10e3be857a
ENH: apache-auth filter added mod_auth_digest message
12 years ago
Daniel Black
384b72a535
ENH: apache-auth filter - client wrong auth
12 years ago
Daniel Black
fce431add8
ENH: add mod_authz_core failures to apache-auth
12 years ago
Daniel Black
6ce41a611d
BF: fix filter on apache-auth. Closes #286
12 years ago
Daniel Black
1d6d5a7aae
DOC: ChangeLog merge confict
12 years ago
Daniel Black
5412d7336f
DOC: ChangeLog confict
12 years ago