fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	a2431158f6	implements new interpolation variable `%(fail2ban_confpath)s` (automatically substituted from config-reader path, default `/etc/fail2ban` or `/usr/local/etc/fail2ban` depending on distribution); `ignorecommands_dir` is unneeded anymore, thus removed from `paths-common.conf`; fixes gh-3005	3 years ago
sebres	13520a0494	Merge branch '0.11'	3 years ago
sebres	8ac49b5858	Merge branch '0.10' into 0.11	3 years ago
László Károlyi	f380d6202d	cherry pick #3210 from master	3 years ago
sebres	498e473a10	filter.d/courier-auth.conf: consider optional port after IP, regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now; closes #3211	3 years ago
sebres	810386a265	filter.d/dovecot.conf: parse everything in parenthesis by auth-worker info, e. g. can match (pid=...,uid=...) too (amend to `92f90038fa`)	3 years ago
Sergey G. Brester	dfc866ea41	improve RE to solve conflict with expected another open parenthesis	3 years ago
László Károlyi	0f1706d4a1	Adjusting for updated dovecot log format This should now match: `Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=<sales@karolyi.hu>, rip=183.111.188.94, lip=127.0.0.19, session=<Lsz0Oo7WXti3b7xe>` the issue is the `read(size=1003)` that probably has been added lately and which causes the rule not to discover the log message.	3 years ago
sebres	06d2623c5e	iptables and iptables-ipset actions extended to support multiple protocols with single action for multiport or oneport type (back-ported from nftables action); amend to gh-980 fixing several actions (correctly supporting new enhancements now)	3 years ago
sebres	b639c8869c	make several iptables actions more breakdown-safe: start wouldn't fail if chain or rule already exists (e. g. created by previous instance and doesn't get purged properly); ultimately closes gh-980	3 years ago
sebres	3d7e3bc2fb	make ipset actions more breakdown-safe: start wouldn't fail if set with this name already exists (e. g. created by previous instance and don't deleted properly)	3 years ago
sebres	7db1c97a3e	Merge remote-tracking branch 'remotes/sebres/1.0-breakdown-safe-actions' with master; conflicts resolved	3 years ago
sebres	970573d1cb	Merge branch '0.11'	3 years ago
sebres	35d73d9758	Merge branch '0.10' into 0.11	3 years ago
sebres	bf689c27b8	filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of `f77398c49d`); closes gh-3086	3 years ago
sebres	8bf15db688	filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port; closes gh-3169	3 years ago
sebres	80805cabfc	Merge branch '0.11'	3 years ago
sebres	0b3ad780fe	Merge branch '0.10' into 0.11	3 years ago
sebres	4b54a07d71	Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;" This reverts the incompatibility #3047 introduced by commit `a038fd5dfe` (#2821).	3 years ago
Sylvestre Ledru	3245b8018b	Add the Debian path to roundcube error logs	3 years ago
Sergey G. Brester	ba839af8ad	filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116)	3 years ago
sebres	10cd815525	merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm)	3 years ago
sebres	c03fe6682c	merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm)	3 years ago
sebres	410a6ce5c8	fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence	3 years ago
sebres	579c6a94af	filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040)	4 years ago
sebres	43f2923fbd	filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user"; both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters	4 years ago
Sergey G. Brester	bbfff18280	action.d/ufw.conf: amend to #3018 : parameter `kill-mode` extended with conntrack	4 years ago
sebres	c7a86b4616	action.d/firewallcmd-ipset.conf: amend to #2620 : - combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`); - IPv6-capability for firewalld ipset; - no internal timeout handling by default; - no permanent rules yet	4 years ago
Sergey G. Brester	2a508da5a0	Merge pull request #2620 from mspolitaev/master Using native firewalld ipset implementation	4 years ago
sebres	38535b0cca	Merge branch '0.11' into master	4 years ago
sebres	d2f5c7de09	Merge branch '0.10' into 0.11	4 years ago
sebres	92f90038fa	filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553	4 years ago
sebres	8b984a0135	filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553)	4 years ago
sebres	6be1a5a0b1	filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)	4 years ago
sebres	8afea37494	filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757)	4 years ago
sebres	c5f1598a21	filter.d/postfix.conf: extended to cover new vectors: - reject: BDAT/DATA from (gh-2927) - (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else) - matches "Command rejected" and "Data command rejected" now	4 years ago
sebres	ae3e9b9149	filter.d/postfix.conf: extended to cover 2 new vectors: - RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995 - 550 5.7.25 Client host rejected, gh-2996 review combining several regex to single one	4 years ago
sebres	87f717e0e0	filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012)	4 years ago
Sergey G. Brester	3d52fe3e4e	Merge pull request #2679 from mikaku/updated-to-latest-jail.conf Add new jail (and filter) Monitorix	4 years ago
sebres	0a05dbdbfc	Merge branch '0.11' into master	4 years ago
sebres	3312b8cb95	Merge branch '0.10' into 0.11	4 years ago
sebres	1627d4f573	filter.d/sendmail-auth.conf: user not found, closes gh-3030	4 years ago
Sergey G. Brester	f07e0f7ade	Merge pull request #2984 from j-marz/zoneminder_filter_update Zoneminder filter update	4 years ago
Sergey G. Brester	ec4e0dd65b	padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name)	4 years ago
j-marz	2367ad115c	fixed typo in comment	4 years ago
Sergey G. Brester	3f9cf27853	filter.d/apache-fakegooglebot.conf: better, more precise regex and datepattern (closes possible weakness like #3013 )	4 years ago
usernamepi	4f8427178a	Missing comment "#" (#3022 ) Missed this ... but the logs showed it.	4 years ago
usernamepi	88f779ed24	ufw.conf, amend to #3018 - add missing option for comment (#3019 )	4 years ago
Sergey G. Brester	8f6a8df3a4	added new options `kill-mode` and `kill`, which makes the drop of all connections optional	4 years ago
Sergey G. Brester	5debaa4cac	option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat)	4 years ago

1 2 3 4 5 ...

1846 Commits (3a9f5c0b5dc0a164e0ec245887b893c8150f713a)