github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,751 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

957 Commits (39147397d8d255d71f28e8b797a3442ab562a977)

Author SHA1 Message Date
Aaron Brice 7ae0ef2408 Fix actions in ufw.conf 
On Ubuntu 15.04 the ufw action was not working.
- With empty <application>, receiving errors:

2015-04-24 16:28:35,204 fail2ban.filter         [8527]: INFO    [sshd] Found 43.255.190.157
2015-04-24 16:28:35,695 fail2ban.actions        [8527]: NOTICE  [sshd] Ban 43.255.190.157
2015-04-24 16:28:35,802 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stdout: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stderr: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- returned 1

- With action = ufw[application=OpenSSH], it was silently not doing
  anything (no errors after "Ban x.x.x.x", but no IP addresses in ufw
  status).

Re-arranged the bash commands on two lines, and it works with or without
<application>.
 2015-04-28 11:39:00 -07:00
Lee Clemens 8f792f52fb Add drupal-auth filter and jail 2015-04-27 13:10:27 -04:00
Lee Clemens b530d88eca Merge remote-tracking branch 'upstream/master' into bf/1000-asteriskBlocksSelf 
Conflicts:
	ChangeLog
 2015-04-26 15:13:59 -04:00
Markus Oesterle f8c7247f42 added \s after host 2015-04-17 10:22:01 +02:00
Markus Oesterle 5f2807b41f replaced .* before rhost with regex matching all the previous fields 2015-04-17 10:04:35 +02:00
Markus Oesterle 8825a5f31b updated filter.d/sshd.conf 
Added line to match sshd auth errors on OpenSuSE systems
 2015-04-16 19:48:28 +02:00
Lee Clemens 72f4bcfbff Match hacking attempt IP instead of asterisk server IP (closes #1000) 2015-03-24 19:03:26 -04:00
Yaroslav Halchenko d28880fdca Merge pull request #997 from yarikoptic/bf/long-purge-for-recidive 
DOC: make a warning for recidive jail to increase dbpurgeage (Closes #964)
 2015-03-23 21:30:04 -04:00
Yaroslav Halchenko 56aacf872c Merge pull request #952 from ache/master 
Update bsd-ipfw.conf
 2015-03-21 21:46:54 -04:00
Yaroslav Halchenko 02836b599c Added a comment about systemd backend for jails with logs outside of journal (Closes #959) 2015-03-21 21:25:50 -04:00
Yaroslav Halchenko 320a28a4a4 DOC: make a warning for recidive jail to increase dbpurgeage (Closes #964) 2015-03-21 20:50:03 -04:00
Yaroslav Halchenko e788e3823e Merge pull request #965 from TorontoMedia/master 
Split output of firewallcmd list into separate lines for grepping (Close #908)
 2015-02-14 16:06:10 -05:00
TorontoMedia b4f1f613bb Update firewallcmd-allports.conf 2015-02-14 12:32:36 -05:00
TorontoMedia 0fac7e40b6 Update firewallcmd-multiport.conf 2015-02-14 12:31:33 -05:00
Yaroslav Halchenko 07b0ab07ad Merge branch 'master' of https://github.com/rumple010/fail2ban 
* 'master' of https://github.com/rumple010/fail2ban:
  Changed default TTL value to 60 seconds.
  Added a reminder to create an nsupdate.local file to set required options.
  Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf.
  add nsupdate action

Conflicts:
	ChangeLog
 2015-02-14 09:32:05 -05:00
Yaroslav Halchenko d5e68abf95 ENH: check badips.com response on presence of "categories" in it 
As https://travis-ci.org/fail2ban/fail2ban/jobs/50609529 query might fail in
that response would not contain "categories".  With this change we will handle
it explicitly and will spit out ValueError, providing information about
the response so it could be troubleshooted
 2015-02-13 08:55:35 -05:00
Ache ae1451b29f Update bsd-ipfw.conf 
Deleting not existent is not error.
Adding already present is not error.
Otherwise all those entries becomes stale forever, not removed and its number increases over time.
 2015-02-08 15:55:32 +03:00
Yaroslav Halchenko 3fb2becddb Merge pull request #949 from leeclemens/enh/configSyslogSocket 
Configure Syslog Socket Path (closes #814)
 2015-02-06 20:08:15 -05:00
Lee Clemens 6268eb32be Use syslogsocket value "auto" to determine syslog socket's path 2015-02-06 19:14:09 -05:00
Luke Hollins 549ab24e70 Fixed grammatical error in emails sent 2015-02-06 11:47:03 -05:00
Yaroslav Halchenko 119a7bbb16 Merge pull request #939 from szepeviktor/geoip 
Added sendmail-geoip-lines.conf
 2015-02-06 11:32:41 -05:00
Viktor Szépe 4c88a00c28 Line notes implemented 2015-02-06 17:22:30 +01:00
Lee Clemens 445fd7367f Configure Syslog Socket Path 2015-02-05 23:44:57 -05:00
František Šumšal eb0d086ed0 Merge branch 'master' into nginx-botsearch 2015-02-04 02:13:33 +01:00
František Šumšal 1c6d2074fb Changed default settings for nginx-botseach filter 2015-02-04 01:48:59 +01:00
Orion Poplawski e7ff7e90b7 [postfix-sasl] update regexes 
- Add : to match "SASL LOGIN authentication failed: Password:"
- Add ignoreregex to ignore system authentication issues:
  "warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Connection lost to authentication server"
- Add test log messages for both
 2015-02-03 11:30:16 -07:00
František Šumšal fb0f463eac Include consistency 2015-02-03 15:54:05 +01:00
František Šumšal 705718be52 Filter apache-botsearch.conf now loads variables from botsearch-common.conf 2015-02-03 04:44:33 +01:00
František Šumšal 18778d9174 Created botsearch-common.conf 
File contains variables used in -botsearch filters
 2015-02-03 04:25:47 +01:00
Yaroslav Halchenko 73af02ffc6 Merge pull request #940 from leeclemens/ENH/ApacheFakeGoogleBot 
New jail: apache-fakegooglebot
 2015-02-02 21:44:04 -05:00
Yaroslav Halchenko df581fe6e2 Merge pull request #929 from opoplawski/pam_auth 
Add filter variable __pam_auth to allow customize for setups with multiple authorization schemes (Close #928)
 2015-02-02 21:42:10 -05:00
Yaroslav Halchenko 7ada96b4e9 Merge pull request #932 from opoplawski/dovecot 
Dovecot - dovecot auth failure from EL7
 2015-02-02 21:37:28 -05:00
František Šumšal f8fe165cd2 Switched from tabs to spaces for indents 2015-02-03 03:35:22 +01:00
Yaroslav Halchenko 8f6d9c6a5a Merge branch 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban 
* 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban:
  fixed typos, thanks szepeviktor for review
  ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)

Conflicts:
	ChangeLog
 2015-02-02 21:21:44 -05:00
Lee Clemens 841c476045 Merge branch 'enh/fakegooglebot' of https://github.com/yarikoptic/fail2ban into yarikoptic-enh/fakegooglebot 
Conflicts:
	config/filter.d/ignorecommands/apache-fakegooglebot
 2015-02-02 13:01:23 -05:00
Yaroslav Halchenko 15b65c7ad2 NF: apache-fakegooglebot ignorecommand + DNSUtils.ipToName 2015-02-02 12:19:20 -05:00
Lee Clemens 7e94ba6f0c Remove implementation specific suffix 2015-02-02 11:43:05 -05:00
Lee Clemens 854915920f Remove implementation specific suffix 2015-02-02 11:38:23 -05:00
Lee Clemens af078532ac New jail: apache-fakegooglebot 
Detects fake googlebot user agents in apache access log
 2015-02-02 00:42:01 -05:00
Viktor Szépe 1619ab3145 Added sendmail-geoip-lines.conf 2015-02-01 00:06:56 +01:00
Yaroslav Halchenko ec6a30efcf ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934) 2015-01-30 10:38:28 -05:00
František Šumšal c8e82f18b6 Add jail nginx-botsearch 
Jail blocks requests for predefined non-existent folders. Based on
apache-botsearch jail.
 2015-01-29 17:57:52 +01:00
Orion Poplawski b4776a1ba0 Match dovecot unknown user line 2015-01-29 09:37:37 -07:00
Orion Poplawski 3bc92610f7 Add dovecot auth failure from EL7 2015-01-29 09:11:59 -07:00
Andrew St. Jean 6bdfe756cf Changed default TTL value to 60 seconds. 2015-01-28 22:46:43 -05:00
Orion Poplawski 79b5a2617f Add filter variable __pam_auth to allow easier changing of pam auth backend 2015-01-27 14:34:27 -07:00
Andrew St. Jean 43732acae1 Added a reminder to create an nsupdate.local file to set required options. 2015-01-26 21:48:16 -05:00
Yaroslav Halchenko 085d0f72ed ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z) 2015-01-26 09:19:44 -05:00
Yaroslav Halchenko 65980a70fc Merge branch 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban 
* 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban:
  use iptables-allports for recidive

Conflicts:
	ChangeLog
 2015-01-26 09:04:42 -05:00
rumple010 eb76dcd5a0 add nsupdate action 
Adds a new action file that uses nsupdate to dynamically update a BIND
zone file with a TXT resource record representing a banned IP address.
Resource record is deleted from the zone when the ban expires.
 2015-01-25 23:15:07 -05:00