github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,636 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

1836 Commits (3d7e3bc2fb08a62a5e5f1b9826452d1748b47dba)

Author SHA1 Message Date
sebres 3d7e3bc2fb make ipset actions more breakdown-safe: start wouldn't fail if set with this name already exists (e. g. created by previous instance and don't deleted properly) 2022-01-24 22:56:16 +01:00
sebres 7db1c97a3e Merge remote-tracking branch 'remotes/sebres/1.0-breakdown-safe-actions' with master; 
conflicts resolved
 2022-01-24 22:31:51 +01:00
sebres 970573d1cb Merge branch '0.11' 2022-01-18 16:17:49 +01:00
sebres 35d73d9758 Merge branch '0.10' into 0.11 2022-01-18 16:17:07 +01:00
sebres bf689c27b8 filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of f77398c49d); 
closes gh-3086
 2022-01-18 15:42:35 +01:00
sebres 8bf15db688 filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port; 
closes gh-3169
 2022-01-18 15:41:27 +01:00
sebres 80805cabfc Merge branch '0.11' 2021-11-03 16:01:00 +01:00
sebres 0b3ad780fe Merge branch '0.10' into 0.11 2021-11-03 15:48:21 +01:00
sebres 4b54a07d71 Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;" 
This reverts the incompatibility #3047 introduced by commit a038fd5dfe (#2821).
 2021-11-01 11:45:40 +01:00
Sylvestre Ledru 3245b8018b
Add the Debian path to roundcube error logs 2021-10-23 17:38:20 +02:00
Sergey G. Brester ba839af8ad
filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116) 2021-10-01 15:03:24 +02:00
sebres 10cd815525 merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:06:06 +02:00
sebres c03fe6682c merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:04:46 +02:00
sebres 410a6ce5c8 fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence 2021-06-21 17:12:53 +02:00
sebres 579c6a94af filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040) 2021-06-10 15:23:24 +02:00
sebres 43f2923fbd filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user"; 
both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters
 2021-06-10 15:06:54 +02:00
Sergey G. Brester bbfff18280
action.d/ufw.conf: amend to #3018: parameter `kill-mode` extended with conntrack 2021-06-03 12:02:08 +02:00
sebres c7a86b4616 action.d/firewallcmd-ipset.conf: amend to #2620: 
- combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`);
- IPv6-capability for firewalld ipset;
- no internal timeout handling by default;
- no permanent rules yet
 2021-05-29 22:59:55 +02:00
Sergey G. Brester 2a508da5a0
Merge pull request #2620 from mspolitaev/master 
Using native firewalld ipset implementation
 2021-05-29 21:30:55 +02:00
sebres 38535b0cca Merge branch '0.11' into master 2021-05-29 21:25:24 +02:00
sebres d2f5c7de09 Merge branch '0.10' into 0.11 2021-05-29 21:24:11 +02:00
sebres 92f90038fa filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553 2021-05-29 21:12:34 +02:00
sebres 8b984a0135 filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553) 2021-05-29 20:47:56 +02:00
sebres 6be1a5a0b1 filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880) 2021-05-29 20:25:28 +02:00
sebres 8afea37494 filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757) 2021-05-29 20:09:57 +02:00
sebres c5f1598a21 filter.d/postfix.conf: extended to cover new vectors: 
- reject: BDAT/DATA from (gh-2927)
- (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else)
- matches "Command rejected" and "Data command rejected" now
 2021-05-29 19:48:24 +02:00
sebres ae3e9b9149 filter.d/postfix.conf: extended to cover 2 new vectors: 
- RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995
- 550 5.7.25 Client host rejected, gh-2996
review combining several regex to single one
 2021-05-29 19:21:27 +02:00
sebres 87f717e0e0 filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012) 2021-05-29 18:45:59 +02:00
Sergey G. Brester 3d52fe3e4e
Merge pull request #2679 from mikaku/updated-to-latest-jail.conf 
Add new jail (and filter) Monitorix
 2021-05-27 12:17:16 +02:00
sebres 0a05dbdbfc Merge branch '0.11' into master 2021-05-25 23:19:25 +02:00
sebres 3312b8cb95 Merge branch '0.10' into 0.11 2021-05-25 23:18:33 +02:00
sebres 1627d4f573 filter.d/sendmail-auth.conf: user not found, closes gh-3030 2021-05-25 23:16:29 +02:00
Sergey G. Brester f07e0f7ade
Merge pull request #2984 from j-marz/zoneminder_filter_update 
Zoneminder filter update
 2021-05-21 13:03:33 +02:00
Sergey G. Brester ec4e0dd65b
padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name) 2021-05-21 13:00:24 +02:00
j-marz 2367ad115c fixed typo in comment 2021-05-20 09:15:45 +10:00
Sergey G. Brester 3f9cf27853
filter.d/apache-fakegooglebot.conf: better, more precise regex and datepattern (closes possible weakness like #3013) 2021-05-11 13:47:48 +02:00
usernamepi 4f8427178a
Missing comment "#" (#3022) 
Missed this ... but the logs showed it.
 2021-05-07 18:23:40 +02:00
usernamepi 88f779ed24
ufw.conf, amend to #3018 - add missing option for comment (#3019) 2021-05-06 23:23:39 +02:00
Sergey G. Brester 8f6a8df3a4
added new options `kill-mode` and `kill`, which makes the drop of all connections optional 2021-05-06 21:47:06 +02:00
Sergey G. Brester 5debaa4cac
option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat) 2021-05-06 20:23:58 +02:00
usernamepi e4e7a83cff
Update ufw.conf 
Prerequisites:
* The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY.
* Ufw version is => 0.36 (released in 2018)

* Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses.
* Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532
* Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open.
   Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option.
   My system apparently is compiled that way.
 2021-05-06 13:44:36 +02:00
sebres 71ce548117 Merge branch '0.11' 2021-04-27 14:05:53 +02:00
sebres b5b615731e Merge branch '0.10' into 0.11 2021-04-27 14:03:49 +02:00
sebres f0214b3d36 filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments 2021-04-20 18:13:40 +02:00
Sergey G. Brester ab0847e2d5
more precise anchored RE (also combining all 3 REs in a single regex) 2021-04-14 13:06:58 +02:00
Jordi Sanfeliu 7d173b7ce0
Merge branch 'master' into updated-to-latest-jail.conf 2021-04-13 20:24:08 +02:00
sebres 6893d5a8b7 Merge remote-tracking branch 'remotes/gh-upstream/0.11' into master 2021-04-11 19:05:02 +02:00
Sergey G. Brester d74dd9321b
Merge pull request #2565 from caronc/0.11 
Add Apprise Support (50+ Notifications)
 2021-04-04 00:24:21 +02:00
Sergey G. Brester b2f6a3a658
remove unneeded substitution 
it is enough to add `apprise` to action
 2021-04-04 00:21:59 +02:00
Sergey G. Brester dda70d60c0
Merge branch 'master' into master 2021-04-04 00:04:08 +02:00