fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	d32a3913cf	postfix postscreen (resp. other RBL's compatibility fix) / gh-1764	7 years ago
Serg G. Brester	57ea38c342	Update paths-debian.conf Fixed mail.log path since in the default rsyslog configuration of debians the `mail.warn` is commented now (see `/etc/rsyslog.d/50-default.conf`: `#mail.warn -/var/log/mail.warn`). Closes gh-1687	8 years ago
sebres	546cd55342	Merge branch 'master' into 0.10	8 years ago
sebres	a1d0633e69	filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302): - optional space between NOTICE and pid; - optional part "Host " before IP-address;	8 years ago
sebres	33fcf8d809	Merge branch 'master' into 0.10	8 years ago
Serg G. Brester	1307e0a5b9	Merge pull request #1760 from szepeviktor/patch-12 Courier may complain about the method only	8 years ago
Serg G. Brester	f27e053592	Update bsd-ipfw.conf increased starting rule number (lowest_rule_num = 111)	8 years ago
Serg G. Brester	001c0898d6	Merge branch 'master' into master	8 years ago
Serg G. Brester	6110ba9cc3	filter.d/proftpd.conf: added option `journalmatch` for systemd backend (closes gh-1613)	8 years ago
sebres	37ca4f17c2	filter.d/roundcube-auth.conf: added missing entry `journalmatch` from original gh-1783.	8 years ago
Serg G. Brester	986dd3107d	Merge branch '0.10' into patch-12	8 years ago
sebres	d3ae70beb6	filter.d/roundcube-auth.conf: Use the same filter-file and jail also when logging errors to journal instead to a local file. Additionally fixes more complex injections on username.	8 years ago
Johannes Weberhofer	691c080dc7	Added roundcube authentication filter, new jail and log-examples	8 years ago
Serg G. Brester	3294840c2a	Merge pull request #1801 from jeaye/postfix-updates filter.d/postfix.conf: update to the latest postfix logging format	8 years ago
Serg G. Brester	efeca8fdeb	postfix.conf: removes unneeded end-anchoring like `.*$`, etc. also removes several dynamic content at end, which are of no avail there. Additionally normalizes optional part (mail-ID) after reason number.	8 years ago
sebres	dcdf677438	Merge remote-tracking branch 'master' into 0.10	8 years ago
sebres	2b358bc1a4	filter.d/apache-overflows.conf: rewritten without end-anchor ($), because apache-log could contain very long URLs (and/or referrer), the parsing of it anchored way may be very vulnerable (at least as regards the system resources, see gh-1790).	8 years ago
jeaye	6f3d425c4d	Update postfix filters and tests	8 years ago
sebres	bbea73d79d	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	8 years ago
Serg G. Brester	d56554ecf3	Merge pull request #1688 from felixonmars/arch-config Add a path configuration for Arch Linux	8 years ago
Peter Nowee	b93e47b12f	dovecot: Match also when user field is empty Commit `5678d08` of 2016-11-26 changed: ( user=<\S>,)? to: ( user=<[^>]+>,)? The change from `` (zero or more times) to `+` (one or more times) may not have been intended. It will miss lines containing, for example: Aborted login (tried to use disallowed plaintext auth): user=<> This commit reverts the `+` back to `*`.	8 years ago
Marcel Bischoff	228d25c548	Update Kerio Connect filter (#1455 ) * Update Kerio Connect filter Fixed regex for some log entries that did not get recognized and some additional error formats are added. * Add missing colon, GitHub address * Add filter tests * Add missing test	8 years ago
Serg G. Brester	80cc47b75f	Update helpers-common.conf fixed grep pattern: escape dot-char in search-IP and more restrictive boundaries (IPv6-capable)	8 years ago
Viktor Szépe	5bb6be0163	IPv6 address may overlap	8 years ago
Filippo Tessarotto	ff1c6718da	Postfix RBL: 554 & SMTP Cherry-pick of `607568f5da` (see gh-1686)	8 years ago
sebres	b13d9d4e22	Merge branch 'master' into 0.10	8 years ago
sebres	0600d51511	filter.d/exim.conf: added new reason for "rejected RCPT" regex: Unrouteable address	8 years ago
sebres	49e237209e	Merge branch 'master' into 0.10	8 years ago
sebres	c546f85207	filter.d/exim.conf: cherry-picked from 0.10, match complex time like `D=2m42s` (closes gh-1766)	8 years ago
Viktor Szépe	ac256a822b	Make courier-auth regexp a non-captured group	8 years ago
Viktor Szépe	4bb8a58dcf	Courier may complain about the method only > Mar 30 22:29:18 szerver imapd-ssl: LOGIN FAILED, method=PLAIN, ip=[::ffff:1.2.3.4]	8 years ago
Seth Reeser	c3426ba5f6	Update botsearch-common.conf (#1759 ) * Update botsearch-common.conf, apache-modsecurity.conf: typo and missing new-line	8 years ago
sebres	8839bcbb09	Merge remote-tracking branch master into 0.10	8 years ago
sebres	99344d28c8	Introduces new tags with hostname: - `<fq-hostname>` - fully-qualified name of host (the same as `$(hostname -f)`) - `<sh-hostname>` - short hostname (the same as `$(uname -n)`) Execution of `uname -n` replaced in all mail actions with most interesting fully-qualified `<fq-hostname>`.	8 years ago
sebres	3161bcf78b	filter.d/exim.conf: optional part `(...)` after host-name before `[IP]`, normalized over whole config file. # Conflicts: # config/filter.d/exim.conf	8 years ago
sebres	507034c5be	filter.d/apache-auth.conf: joined some similar expressions	8 years ago
Serg G. Brester	6dfd080e20	Update apache-auth.conf remove forgotten referer, that may prevent failure recognition (belongs to gh-1645)	8 years ago
Serg G. Brester	311f8fea83	Merge branch '0.10' into issue1644	8 years ago
Peter van der Does	bb79e7f413	Parameter not needed The parameter '-s' causes an error as the <mailcmd> already has the parameter.	8 years ago
Serg G. Brester	4f0f22702a	Update haproxy-http-auth.conf little bit more precise expression	8 years ago
Georges Racinet	4fc6323ff0	haproxy-http-auth: avoid port number in IPv6 addresses The solution taken is to consume the port number explicitely in the regexp.	8 years ago
sebres	97e8b42d34	dummy action extended with more examples and test-covered now	8 years ago
sebres	d03872fbbf	bulk unban: add new command `actionflush` default for several iptables/iptables-ipset actions (and common include): iptables-common iptables iptables-allports iptables-multiport-log iptables-multiport iptables-new iptables-ipset-proto4 iptables-ipset-proto6 iptables-ipset-proto6-allports executing `actionflush` command covered for this actions now	8 years ago
sebres	8bf79fa483	implemented execution of `actionstart` on demand, if action depends on `family` (closes gh-1741); new action parameter "actionstart_on_demand" (bool) can be set to prevent/allow starting action on demand (default retrieved automatically, if some conditional parameter `param?family=...` presents in action properties);	8 years ago
Seth Reeser	c82495353f	Update mysqld-auth.conf (#1725 )	8 years ago
Serg G. Brester	52c1950371	Update mysqld-auth.conf small typo, closes gh-1725 (Thx @seth-reeser)	8 years ago
sebres	5e93bf9bd3	Introduced new option "ignoreself", specifies whether the local resp. own IP addresses should be ignored (default is true). Fail2ban will not ban a host which matches such addresses. Option "ignoreip" affects additionally to "ignoreself" and don't need to include the DNS resp. IPs of the host self.	8 years ago
sebres	f13fac5ae9	amend to 5561423be3b2d4636f5484183c3ad470fd326d06: fixed incorrect failure counting despite the `<F-NOFAIL>` marked regex; extra: introduced new tag `<F-MLFFORGET>` as mark to forget current multi-line MLFID (e. g. connection closed); Closes gh-1727	8 years ago
sebres	5561423be3	filter.d/sshd.conf: fixed failregex format - some parts are optional, new ddos more precise rule (Connection reset by with host entry); closes gh-1719	8 years ago
sebres	0c1707afda	filter.d/sshd.conf: - optional parameter `mode` rewritten: normal (default), ddos, extra or aggressive (combines all), see sshd for regex details); test cases reformatted (since "filterOptions", we don't need multiple test log-files anymore);	8 years ago

1 2 3 4 5 ...

1293 Commits (36d42d7f0bb795a271990a7aceb5de783d136467)