Commit Graph

1688 Commits (3a5983ab0bef064bc408b6071dfe152f06282c52)

Author SHA1 Message Date
Daniel Black a4718eb644 ENH: apache-overflow filter to have HTTP-2.4 message IDs and test samples 2013-11-11 10:38:02 +11:00
Daniel Black 87516eb92b ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case 2013-11-11 09:46:40 +11:00
Daniel Black e8aa676cf5 Merge pull request #429 from grooverdan/filter-develop-doco
DOC: Filter development doco
2013-11-10 14:10:10 -08:00
Daniel Black 191c4fda1b Merge pull request #428 from grooverdan/ssh-dos
TST: test case that shows injection into username
2013-11-10 13:39:03 -08:00
Daniel Black d90130234d TST: end of json in sshd sample log 2013-11-11 08:29:54 +11:00
Daniel Black 061a26c408 TST: fix space in sshd sample log 2013-11-11 08:28:09 +11:00
Daniel Black d955714d26 TST: test case that shows injection 2013-11-11 08:11:32 +11:00
Daniel Black b8f40fef1b DOC: more on filter regexes - DEVELOP 2013-11-11 08:08:10 +11:00
Daniel Black c5021b55f6 Merge pull request #427 from yarikoptic/bf/nginx-regex-injection
BF: anchor introduced nginx-http-auth at the end
2013-11-08 17:23:03 -08:00
Daniel Black 724c6bfd92 DOC: filter regex debugging 2013-11-09 10:35:13 +11:00
Yaroslav Halchenko ccd26578ec Merge pull request #425 from grooverdan/asterisk-simplify
ENH: condense asterisk regexs for speed
2013-11-08 14:42:35 -08:00
Yaroslav Halchenko ac061155f0 BF: anchor introduced nginx-http-auth at the end
needed since request probably could be not a correct HTTP statement but continue with
all those to match till the end and then injected ", client: VICTIM, server..." thus allowing
injection.  We better anchor at the end then
2013-11-08 14:40:52 -08:00
Yaroslav Halchenko 49024fe6ea DOC: minor typos in ChangeLog 2013-11-08 14:36:56 -08:00
Yaroslav Halchenko ea8fce6308 Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection
openssh 6.3 regex injection vectors:  inject into ruser and/or exploiting pre-specified limits set for user provided data
2013-11-08 14:35:18 -08:00
Yaroslav Halchenko bf245f9640 DOC: adding DEV Notes for for non-greedy matchin within sshd.conf 2013-11-08 14:34:31 -08:00
Daniel Black d6bbe03861 Merge pull request #424 from grooverdan/nginx-auth
ENH: add filter.d/nginx-http-auth. Partially forfils #405
2013-11-08 14:24:02 -08:00
Yaroslav Halchenko a169badb95 Merge pull request #423 from yarikoptic/enh/gen_badbots
badbots filter: adding the script which was used + updated filter
2013-11-08 10:10:46 -08:00
Yaroslav Halchenko 750e0c1e3d BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input
since daemon might eventually change reported length and we would need to adjust anyways.  So limiting
in length does not provide additional security but allows for a possible injection vector
2013-11-08 10:10:33 -08:00
Yaroslav Halchenko abb012ae5c BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy 2013-11-08 10:00:37 -08:00
Yaroslav Halchenko eace931c19 Changelog for prior changes (gen_buildbots) 2013-11-07 15:47:25 -08:00
Daniel Black d7560d4041 ENH: condense asterisk regexs for speed 2013-11-08 10:24:50 +11:00
Daniel Black ab9d921162 BF: missed action in nginx-http-auth 2013-11-08 10:09:19 +11:00
Daniel Black a148d35d70 ENH: add filter.d/nginx-http-auth. Partially forfills #405 2013-11-08 10:06:40 +11:00
Yaroslav Halchenko 4522308354 ENH: regenerated config/filter.d/apache-badbots.conf 2013-11-07 14:26:18 -08:00
Yaroslav Halchenko 6f321068f1 NF: gen_badbots script to (re)generate/update config/filter.d/apache-badbots.conf 2013-11-07 14:25:57 -08:00
Daniel Black e91d40ee34 Merge pull request #420 from yarikoptic/enh/release-0.8.11
DOC: release 0.8.11 - ChangeLog tidy
2013-11-06 12:48:09 -08:00
Yaroslav Halchenko 28ee7ba123 DOC: keeping Changelog release-phrases uniform, simplified intro, unified 2013-11-06 14:04:30 -05:00
Yaroslav Halchenko f26fba9c19 DOC: Untabifying and reindenting a bit ChangeLog 2013-11-06 13:47:45 -05:00
Daniel Black 0730db9b2b Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam
BF:  wuftpd pam filter fix (Debian bug 665925)
2013-11-05 18:39:01 -08:00
Daniel Black 20693ffb8e Merge pull request #417 from grooverdan/debian-bug-709324-dovecot
BF: dovecot allow for newer fail message - Debian bug 709324
2013-11-05 18:38:29 -08:00
Daniel Black 5ebc386833 DOC: few more links for DEVELOP 2013-11-06 13:35:04 +11:00
Daniel Black e55b24c533 BF: fix dovecot filter for newer failure message. Closes Debian bug #709324 2013-11-06 12:51:21 +11:00
Daniel Black 8b54523316 BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925 2013-11-06 12:13:37 +11:00
Daniel Black d22214da79 Add Fedora git repo of fail2ban package to DEVELOP 2013-11-06 12:03:19 +11:00
Daniel Black ac1f45d18c Merge pull request #412 from grooverdan/firewalld
ENH: enhance firewall-cmd to use firewall-0.8.3's --remove-rules
2013-11-05 16:46:18 -08:00
Daniel Black 87f68d7564 firewalld-0.3.8 release that support --remove-rules out so documenting this. 2013-11-06 11:37:56 +11:00
Daniel Black ee1edfbf0c BF: remove duplication definition secion in webmin-auth 2013-11-04 17:54:36 +11:00
Daniel Black a9fe3d5df9 DOC: alter release notes a bit more and versions in README.md 2013-10-31 14:44:14 +11:00
Daniel Black 5cefb8aff9 BF/DOC: fix hopefully final MANIFEST and release instructions 2013-10-31 11:30:07 +11:00
Daniel Black 6db9e64934 DOC: final updates to release doco 2013-10-31 10:56:45 +11:00
Daniel Black 4ec0e3f087 DOC: version 0.8.11.pre1 2013-10-31 10:51:37 +11:00
Daniel Black 3b2083b06d DOC: ChangeLog header and merge 2013-10-31 10:44:40 +11:00
Daniel Black f860307b57 DOC: update man pages. Add references to jail.conf from fail2ban-client man page 2013-10-31 10:27:30 +11:00
Daniel Black fff996c8df ENH: fix fail2ban-regex output to generate a man page with copyright notices 2013-10-31 10:26:49 +11:00
Daniel Black a38be3f9ab Merge branch 'master' of https://github.com/fail2ban/fail2ban 2013-10-31 09:13:57 +11:00
Daniel Black b5c10488c1 Merge pull request #409 from grooverdan/filter-doco
DOC: in filters, put user relevant doc at top, and developer info at bot...
2013-10-30 15:11:46 -07:00
Daniel Black 5eddd5d12d DOC: document required firewalld version as > 0.3.7.1 2013-10-31 09:10:59 +11:00
Daniel Black 2810f97fe5 DOC: merge ChangeLog 2013-10-31 09:07:06 +11:00
Daniel Black 27d257d5a6 Merge pull request #408 from grooverdan/dropbear
BF: filter.d/dropbear
2013-10-30 14:43:07 -07:00
Daniel Black 8ac6081555 ENH: fix to use upstream --remove-rules
https://fedorahosted.org/firewalld/ticket/10
2013-10-31 01:23:00 +11:00