fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	7e442c5b27	filter.d/sendmail-reject.conf: - rewritten using `prefregex` and used MLFID-related multi-line parsing (by using tag `<F-MLFID>` instead of buffering with `maxlines`); - optional parameter `mode` introduced: normal (default), extra or aggressive (see sendmail-reject for regex details); test cases extended	8 years ago
sebres	52ed6597b2	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	8 years ago
sebres	8768776d68	filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address	8 years ago
Serg G. Brester	d042981954	Merge pull request #1655 from ajcollett/0.10 Added config for AbuseIPDB	8 years ago
Serg G. Brester	b1f5ac9484	Update abuseipdb.conf	8 years ago
Serg G. Brester	62fa02241f	Update jail.conf	8 years ago
sebres	6a2c95da95	`action.d/sendmail-geoip-lines.conf` fixed using new tag `<ip-host>` (dns-cache and without external command execution); changelog updated;	8 years ago
sebres	d2a3d093c6	rewritten CallingMap: performance optimized, immutable, self-referencing, template possibility (used in new ActionInfo objects); new ActionInfo handling: saves content between actions, without interim copying (save original on demand, recoverable via reset); test cases extended	8 years ago
sebres	35efca5941	Better multi-line handling introduced: single-line parsing with caching of needed failure information to process in further lines. Many times faster and fewer CPU-hungry because of parsing with `maxlines=1`, so without line buffering (scrolling of the buffer-window). Combination of tags `<F-MLFID>` and `<F-NOFAIL>` can be used now to process multi-line logs using single-line expressions: - tag `<F-MLFID>`: used to identify resp. store failure info for groups of log-lines with the same identifier (e. g. combined failure-info for the same conn-id by `<F-MLFID>(?:conn-id)</F-MLFID>`, see sshd.conf for example) - tag `<F-NOFAIL>`: used as mark for no-failure (helper to accumulate common failure-info); filter.d/sshd.conf: [sshd], [sshd-ddos], [sshd-aggressive] optimized with pre-filtering using new option `prefregex` and new multi-line handling.	8 years ago
sebres	22afdbd536	Several filters optimized with pre-filtering using new option `prefregex`	8 years ago
sebres	4ff8d051f4	Introduced new filter option `prefregex` for pre-filtering using single regular expression; Some filters extended with user name; [filter.d/pam-generic.conf]: grave fix injection on user name to host fixed; test-cases in testSampleRegexsFactory can now check the captured groups (using additionally fields in failJSON structure)	8 years ago
Serg G. Brester	2fa18a74c4	Merge branch 'master' into master	8 years ago
sebres	4bf09bf297	provides new tag `<ip-rev>` for PTR reversed representation of IP address; [action.d/complain.conf] fixed using this new tag;	8 years ago
Serg G. Brester	7f63809afb	Merge branch '0.10' into patch-1	8 years ago
Christoph Theis	861ce4177c	#1689 : Make lowest rule number in action.d/bsd-ipfw.conf configurable	8 years ago
Felix Yan	68d829c1dd	Add a path configuration for Arch Linux	8 years ago
Jan Grewe	58c68b75f0	Remove double-quotes from email addresses	8 years ago
Jan Grewe	1bcf0de7c1	Update complain.conf	8 years ago
Filippo Tessarotto	607568f5da	Postfix RBL: 554 & SMTP	8 years ago
Jan Grewe	901eeff53d	Make Abusix lookup compatible with Dash	8 years ago
sebres	1823571e0f	Merge branch 'ssh-filter-new-regexp' into 0.10	8 years ago
sebres	9d06f0ee40	sshd-amend: optional space after port part	8 years ago
sebres	e8a1556562	Merge remote-tracking branch 'master' into 0.10 # Conflicts: # fail2ban/tests/samplestestcase.py	8 years ago
sebres	54a8c681ce	suhosin.conf: removed greedy match	8 years ago
sebres	8aa9516d50	sshd.conf: fixed expression "received disconnect ... auth fail" - optional space after port part (gh-1652)	8 years ago
sebres	3276bd6d54	sshd: additionally aggressive filter rules - no matching cipher resp. no matching key exchange method (gh-1545, gh-1117)	8 years ago
sebres	628789f9a9	sshd: conditional parameter "mode" for sshd jail (normal, ddos, aggressive) filter sshd-ddos and new filter sshd-aggressive are both derivation of sshd-filter	8 years ago
sebres	dd373dba9f	test all config-regexp, that contains greedy catch-all before <HOST>, that is hard-anchored at end or precise sub expression after <HOST>; new ssh rule(s) added: - Connection reset by peer (multi-line rule during authorization process); - No supported authentication methods available; Single line and multi-line expression optimized, added optional prefixes and suffix (logged from several ssh versions); closes gh-864	8 years ago
Christian Brandlehner	a4d8426401	Support for IBM Domino SMTP task (#1603 ) filter.d/domino-smtp.conf	8 years ago
Serg G. Brester	40f294e6bf	Merge pull request #1663 from jjeziorny/netscaler-action Introduced citrix netscaler action	8 years ago
Juliano Jeziorny	1fe554dd25	Introduced Citrix Netscaler action	8 years ago
Christoph Theis	6187431629	#1667 : Wrong paths for apache and nginx under FreeBSD	8 years ago
sebres	74a6afadd5	Mail-actions switched to use new option "norestored" instead of checking of variable `restored` during shell execution (prevents executing of such actions at all).	8 years ago
sebres	ee3c787cc6	Recognize restored (from database) tickets after restart (tell action restored state of the ticket); Prevent executing of several actions (e.g. mail, send-mail etc) on restart (bans were already notified). Test cases extended (smtp and by restart in ServerReloadTest). Closes gh-1141 Closes gh-921	8 years ago
sebres	7019640eb3	Merge branch 'fix-gh-1658' into 0.10	8 years ago
sebres	a9523aefbb	sshd.conf: fixed non-anchored part of regex (misleading match of colon inside IPv6 address instead of `: ` in the reason-part by missing space).	8 years ago
sebres	c9f32f75e6	Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10)	8 years ago
Andrew James Collett	3991f51f30	Update jail.conf Sigh, added a space back that I somehow missed in Vim, despite it being a rebase...	8 years ago
Andrew James Collett	10d61e0779	Fixed the spaces again	8 years ago
Andrew James Collett	b35391e768	Update jail.conf Fixing spacing	8 years ago
Andrew James Collett	1c41390f7c	Restructured the way the catagories work. Jail.conf is cleaner and abuseipdb.conf is more flexible.	8 years ago
Andrew James Collett	55e107310f	Added config for AbuseIPDB, ony tested on Ubuntu 16.04	8 years ago
benrubson	cc311b56f3	Apache URIs can contain spaces	8 years ago
Yaroslav Halchenko	31a1560eaa	minor typos (thanks Vincent Lefevre, Debian #847785 )	8 years ago
sebres	45f1d811c9	Merge branch 'alex1702-1586'	8 years ago
sebres	67c14afd8e	ChangeLog entry added + jail.conf review	8 years ago
sebres	425170cef3	code review, makes the test cases workable, added dev-notes	8 years ago
sebres	931eab84b5	`filter.d/apache-modsecurity.conf` - fixed for newer version (one space, closes gh-1626) reviewed and optimized: - non-greedy catch-all replaced for safer match - unneeded catch-all anchoring removed - non-capturing groups	8 years ago
sebres	40cbe96352	Merge remote-tracking branch 0.10 into _0.10/fix-datedetector-grave-fix-v2	8 years ago
sebres	5678d08a79	filter.d/dovecot.conf update: - fixes failregex, that ignores failures through some irrelevant info (closes #1623); - ignores whole additionally irrelevant info in anchored regex before fixed failure data `$(?:auth failed, \d+ attempts( in \d+ secs)?\|tried to use (disabled\|disallowed) \S+ auth)$` - review, IPv6 compatibility fix, non-capturing groups	8 years ago
sebres	a2af19c9f0	fixed several actions, that could not work with jails using multiple logpath; additionally repaired execution in default shell (bad substitution by `${x//...}` executing in `/bin/sh`); added helper "action.d/helpers-common.conf", and `_grep_logs` part-command for actions needed grep logs from multiple log-files test cases: executing of some complex actions covered	8 years ago
Serg G. Brester	4f5389fee5	Update jail.conf	8 years ago
Johannes Weberhofer	f46ada023e	Use Fedora's backend-settings for openSUSE Those settings are ok for newer openSUSE versions	8 years ago
sebres	b5433f48b7	amend after code review of merge gh-1581	8 years ago
sebres	bee6e7376b	Merge branch 'aclindsa:master'	8 years ago
sebres	ea4c1f6356	Merge branch 'master' into 0.10	8 years ago
sebres	dab5f56609	Merge branch 'fix-gh-1477'	8 years ago
Alex	8ac28e5dcb	Make changes and add test file	8 years ago
Alex	8c40766511	Add Mongodb-auth filter and jail	8 years ago
sebres	faee5f1fdc	better caching (thereby better performance), better recognition of similar regex	8 years ago
sebres	ae7297e16b	more precise date template handling (WARNING: this commit creates possible incompatibilities): - datedetector rewritten more strict as earlier; - default templates can be specified exacter using prefix/suffix syntax (via `datepattern`); - more as one date pattern can be specified using option `datepattern` now (new-line separated); - some default options like `datepattern` can be specified directly in section `[Definition]`, that avoids contrary usage of unnecessarily `[Init]` section, because of performance (each extra section costs time); - option `datepattern` can be specified in jail also (jails without filters); - if first group specified, only this will be cut out from search log-line (e. g.: `^date:[({DATE})]` will cut out only datetime match pattern, and leaves `date:[] failure ip...` for searching in filter); - faster match and fewer searching of appropriate templates (DateDetector.matchTime calls rarer DateTemplate.matchDate now); - standard filters extended with exact prefixed or anchored date templates; template cache introduced (in opposition to default template cache, holds custom templates cached by pattern for possible common usage of same template/regex);	8 years ago
sebres	ab0ac2111c	added possibility to specify more precise default date pattern: - `datepattern = {^LN-BEG}` - only line-begin anchored default patterns (matches date only at begin of line, or with max distance up to 2 non-alphanumeric characters from line-begin); - `datepattern = {*WD-BEG}` - only word-begin anchored default patterns; - `datepattern = ^prefix{DATE}suffix` - exact specified default patterns (using prefix and suffix); common filter configs gets a more precise, line-begin anchored (datepattern = {^LN-BEG}) resp. custom anchoring default date-patterns;	8 years ago
sebres	a7d9de8c52	[temp commit] 1st try to optimize datedetector/datetemplate functionality (fix ambiguous resp. misleading date detection if several formats used in log resp. by format switch after restart of some services): * Misleading date patterns defined more precisely (using extended syntax %E[mdHMS] for exact two-digit match) * `filter.d/freeswitch.conf` - Optional prefixes (server, daemon, dual time) if systemd daemon logs used (gh-1548) - User part rewritten to accept IPv6 resp. domain after "@" (gh-1548)	8 years ago
Aaron Lindsay	7805f9972d	filter.d/sshd.conf: Match 'Invalid user' with 'port \d*'	8 years ago
sebres	84c3eb3e0e	filter.d/sendmail-reject.conf: double space (should be by missing dns-host only) Closes #1578	8 years ago
sebres	c809c3e61e	Merge branch 'master' into 0.10	8 years ago
Nils	d08db22b92	Create npf.conf for the NPF packet filter This file adds support for the NPF packet filter, available on NetBSD since version 6.0	8 years ago
sebres	fa8184d4cc	fixes deprecated DNSUtils.IsValidIP in fakegooglebot ignore command + test covered now; Closes #1559	8 years ago
sebres	ee1727ecca	Merge pull request #1563 from niklasf/fix-lazy-ipv6-regex (and sebres/fix-lazy-ipv6-regex) into 0.10	8 years ago
sebres	9bf8985e2a	nginx-limit-req.conf: more precise failregex (word-boundary if `<HOST>` should be non-greedy for some reasons)	8 years ago
Serg G. Brester	ba9a88977f	Merge pull request #1562 from sebres/_0.10/fix-stability-and-speed 0.10/fix stability and speed optimization	8 years ago
sebres	8b0f6c5413	badips test cases check availability of badips service (and skip this tests if it not available)	8 years ago
sebres	310d4e224d	Merge branch master (0.9) into 0.10	8 years ago
sebres	9fb167b5e1	filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543	8 years ago
sebres	c0e0cfb39d	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	8 years ago
sebres	4a1d720344	filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix	8 years ago
sebres	2c54f90469	sshd-filter: better universal regexp, that matches more complex different injects, using conditional expressions (on username and auth-info section), see new test cases also.	8 years ago
sebres	a544c5abac	sshd-filter: recognized "Failed publickey for" now (gh-1477) + improved regexp (not anchored now to recognize all "Failed anything for ... from <HOST>" ChangeLog entry added	8 years ago
sebres	d71a525a85	Merge branch 'master' into 0.10 (resolve conflicts and cleaning tree points after back-porting gh-1508 0.10 -> 0.9)	8 years ago
sebres	38d53a72fd	introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located); fixed pythonic filters and test scripts (running via "fail2ban-python" now); fixed test case "testSetupInstallRoot" not for default python (also using direct call, out of virtualenv); # Conflicts: # config/filter.d/ignorecommands/apache-fakegooglebot # fail2ban/tests/files/config/apache-auth/digest.py # fail2ban/tests/files/ignorecommand.py # fail2ban/tests/misctestcase.py	8 years ago
sebres	77f451c4a3	introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located); fixed pythonic filters and test scripts (running via "fail2ban-python" now); fixed test case "testSetupInstallRoot" not for default python (also using direct call, out of virtualenv);	8 years ago
maksyms	9ddbd642f7	Accept no space after "failed:" (#1501 ) yoh: Squashed to ease cherry-picking into 0.9 * accept no space after "failed:" fix issue #1497 * accept no space after "failed:" * Update postfix-sasl * Update postfix-sasl * Update postfix-sasl	8 years ago
maksyms	04427adb95	Accept no space after "failed:" (#1501 ) yoh: Squashed to ease cherry-picking into 0.9 * accept no space after "failed:" fix issue #1497 * accept no space after "failed:" * Update postfix-sasl * Update postfix-sasl * Update postfix-sasl	8 years ago
sebres	c52aaa8b78	ASSP failregex minor fixes	8 years ago
sebres	70658d7a19	Merge pull request #1494 from rhardy613/master (branch 'sebres:pr-1494')	8 years ago
rhardy613	8265e3f0f9	Fix comments For some reasons the comment changes weren't pickup in the last commit. This fixes it.	8 years ago
rhardy613	66fe5a77ce	Fix ASSP filter to work with both ASSP V1 and V2 ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP. This fix adds V2 support.	8 years ago
rhardy613	890a3dcbb9	Fix ASSP filter to work with current release of ASSP ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. For some reason fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP. Now updated with anchored patterns tested against 6 months of log data.	8 years ago
Yaroslav Halchenko	c0994b0c6c	DOC: minor typo (thanks John Bernard) Closes #1496	8 years ago
sebres	0eea362aa0	Merge branch 'master' into 0.10	8 years ago
rhardy613	f73746d846	Fix ASSP filter to work with current release of ASSP ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. For some reason fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP.	8 years ago
Yaroslav Halchenko	28a0605f69	Merge pull request #1478 from gips0n/master adding openldap slapd filter	8 years ago
Andrii Melnyk	7433b353ee	another variant of regex	8 years ago
Andrii Melnyk	7c5828dd2a	add trailing anchor to failregex	8 years ago
sebres	683f8fc56c	Merge branch 'master' into 0.10	8 years ago
Andrii Melnyk	48c094f612	improved failregex according to @sebres recomendations	9 years ago
sebres	f5f204ca7c	Improved changes of gh-1458: `[^']` after callid was wrong, changed to `[^\)]`; regexp anchored at the end; almost the same regex grouped to one; Closes #1458	9 years ago
nturcksin	72a157b8f2	Improve PJSIP log support for asterisk 13+ with different callID (Squash gh-1458) Change the asterisk pjsip filter to don't take the callId part Add optional part between "Request" and "from" Listed all log message from asterisk	9 years ago
Andrii Melnyk	dcb69b0242	* add `__prefix_line` to regex * fix time in log file	9 years ago
Andrii Melnyk	b2e3affaa0	adding openldap slapd filter	9 years ago

1 2 3 4 5 ...

1293 Commits (36d42d7f0bb795a271990a7aceb5de783d136467)