github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
1,479 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

291 Commits (4649cf960860354246ca5c397651b2b7437545bf)

Author SHA1 Message Date
Yaroslav Halchenko e7d5e466b9 Merge branch 'enh/asterisk_and_dropbear_filters' 
* enh/asterisk_and_dropbear_filters:
  ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
  minor: consistent indentation in dropbear.conf
  https://github.com/fail2ban/fail2ban/issues/306
  fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
 2013-08-08 09:59:24 -04:00
Yaroslav Halchenko 547c123cfb BF: example.com is pointing to another IP now. Closes #313 
This is a permanent change according to private correspondence with
David Closson @ IANN, thus replaced 192.0.43.10 with updated IP
93.184.216.119, while leaving 192.0.43.10 as is in the sample log
files (it is still within IANN dedicated testing network).
 2013-08-07 22:56:57 -04:00
Daniel Black c0a2e50559 TST: apache auth - opaque value 2013-08-06 17:13:09 +10:00
Daniel Black 7b2773889d TST: apache-auth filter - nonce timetravel tests + other expression fixes 2013-07-29 02:29:04 +10:00
Daniel Black 52aaa1c9bb TST: bad include of vim swap files 2013-07-28 22:01:51 +10:00
Daniel Black 0fb04cb2f0 ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4) 2013-07-28 22:00:55 +10:00
Steven Hiscocks 1e270078b4 TST: Warn if date templates overlap in default detectors 2013-07-27 20:21:05 +01:00
Jamyn Shanley a355fab91b https://github.com/fail2ban/fail2ban/issues/306 
Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles.

Signed-off-by: Jamyn Shanley <jshanley@gmail.com>
 2013-07-27 03:43:32 +00:00
Jamyn Shanley 8936f2cd02 fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11 2013-07-27 00:06:06 +00:00
Steven Hiscocks bf021ebd97 TST: Mandate that all filters and each regex has sample log entry 2013-07-26 17:05:17 +01:00
Steven Hiscocks 1c7d28d1ea TST: Add qmail sample log 2013-07-26 17:03:14 +01:00
Steven Hiscocks 5437f5fe90 TST: Add gssftpd sample log 2013-07-26 17:02:53 +01:00
Steven Hiscocks f7d8e68738 TST: Add apache-badbots sample log 2013-07-26 12:32:29 +01:00
Yaroslav Halchenko 1721991755 Merge pull request #304 from yarikoptic/master 
RF(ENH): JailsReader.getOptions -- avoid code duplication when asking for 1 jail or all

upon @kwirk blessing ;)
 2013-07-25 18:45:10 -07:00
Yaroslav Halchenko 3b52eca608 ENH+TST: Ticket -- drop unused/bogus get|setFile + enh __str__ + basic testing 2013-07-22 12:09:33 -04:00
Yaroslav Halchenko 149a83545f TST: basic test for reading of a bogus jail 2013-07-22 11:52:51 -04:00
Steven Hiscocks 37f240bef0 TST: Add sample log for php-url-fopen filter 2013-07-21 22:13:37 +01:00
Steven Hiscocks cf1e5bdbc2 ENH: Tweak proftpd regex and add sample logs 
Needed to add optional ":" post __pid_re, and for consistency, decided
to make use of __prefix_line instead which includes this.
 2013-07-21 22:03:49 +01:00
Steven Hiscocks e59a4960a3 TST: Add additional sample log line for apache-noscript 2013-07-21 16:48:12 +01:00
Steven Hiscocks 8b9bafda79 ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples 
suhosin is hardened php implmentation, which will log the alerts (as
seen in samples) to stderr, which is picked up by fastcgi webserver
(e.g. lighttpd, apache, nginx)
 2013-07-21 16:35:37 +01:00
Steven Hiscocks 4033857f63 ENH: Improve xinetd-fail regex and add sample logs 2013-07-21 15:44:09 +01:00
Steven Hiscocks b5ffbced37 TST: Sample test cases now handle ignoreregex and add recidive samples 2013-07-21 15:31:32 +01:00
Steven Hiscocks e7b7815de3 TST: Add additional sshd sample logs 2013-07-21 15:22:44 +01:00
Steven Hiscocks a11f91b835 ENH: Improve cyrus-imap regex and add extra sample line 2013-07-20 17:28:28 +01:00
Steven Hiscocks 534be189dc ENH: Improve sieve regex and add sample line 2013-07-20 17:26:09 +01:00
Steven Hiscocks d791ba12ba TST: Add sample log for dropbear filter 2013-07-20 16:54:28 +01:00
Steven Hiscocks ab671b0b1a ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample 
For wu-ftpd configured to use pam, the pam filter used be used, as regex
is more robust.
 2013-07-20 16:34:24 +01:00
Steven Hiscocks 57a6c11260 ENH: Improve courierlogin regex and add sample logs 2013-07-20 15:53:18 +01:00
Steven Hiscocks bd175f0267 ENH: Improve cyrus-imap regex and add sample log file 2013-07-20 15:38:29 +01:00
Steven Hiscocks 83a80a29ea ENH: Improve couriersmtp and add sample logs 2013-07-20 15:34:00 +01:00
Steven Hiscocks eb2f0c9272 ENH: Improve postfix regex and add more samples 2013-07-20 15:31:21 +01:00
Daniel Black 5cfe108186 ENH: filter enhancements (with test cases) for apache-auth (httpd-2.4.4) 2013-07-20 22:21:08 +10:00
Daniel Black bdcde678d1 TST: fix year 2013-07-20 15:15:02 +10:00
Daniel Black fcf79b475f ENH: new filter perdition.conf 2013-07-19 20:14:53 +10:00
Steven Hiscocks a012b54117 TST: Add additional postfix filter sample 2013-07-18 22:17:31 +01:00
Steven Hiscocks 2a3a627322 TST: Add sample for sieve regex 2013-07-18 22:17:14 +01:00
Daniel Black fa85be2eea DOC/TST: fix configuration path for apache-auth test cases 2013-07-18 08:37:05 +10:00
Daniel Black 8ce9c78474 TST: apache-auth digest logs 2013-07-18 00:36:17 +10:00
Daniel Black 4eca2c0bd5 TST: apache-auth client denied by server configuration 2013-07-17 23:24:19 +10:00
Daniel Black e0292913eb ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner 2013-07-17 23:05:04 +10:00
Daniel Black 40cc336cd5 TST: testcases and logs for apache-auth basic 2013-07-17 22:46:04 +10:00
Steven Hiscocks bf05f2ac95 Merge branch 'filter-failregex-return' 
Conflicts:
	server/filter.py
 2013-07-16 21:17:18 +01:00
Yaroslav Halchenko f6a8a04cf3 ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback 
I also used non-greedy .*? for the login portion since not sure if space could
be there and trying to minimize possibility of reacting on injected "from
<HOST>" somewhere within the trailing .*
 2013-07-16 15:07:32 -04:00
Yaroslav Halchenko 0a02cfe9e8 ENH: <HOST> must end with alphanumeric \w (not a dot or a dash etc) 
Otherwise <HOST> regexp might swallow period in the sentence right after the address.
I have decided to enforce alphanumeric instead of switching to non-greedy +? ... because
I think it is closer to what we actually want here
 2013-07-16 15:03:06 -04:00
Steven Hiscocks 1a2b6442a0 ENH+BF+TST: Filter now returns reference to failregex and ignoreregex 
This avoids duplication of code across fail2ban-regex and samples test
cases. This also now more neatly resolves the issue of double counting
date templates matches in fail2ban-regex.
In addition, the samples test cases now also print a warning message
that not all regexs have samples for them, with future plan to change
this to an assertion.
 2013-07-15 22:22:13 +01:00
Steven Hiscocks 4855cae487 Merge branch 'sample-log-meta-data' 
Conflicts:
    testcases/files/logs/dovecot
 2013-07-14 18:29:36 +01:00
Steven Hiscocks 1116f23151 TST: Sample log regex test now warns if no log for a filter 
Also checks that at least some tests are present
 2013-07-14 18:19:16 +01:00
Steven Hiscocks 728399c39e Merge pull request #281 from kwirk/dovecot-filter 
ENH: dovecot filter additions for session, time value and blank user
 2013-07-14 05:18:04 -07:00
Steven Hiscocks 94376bfbe1 TST: Handle lack of `json` library in python2.5 for samples test case 2013-07-14 11:15:45 +01:00
Steven Hiscocks 40f67c64b8 TST: Test sample logs' entries are matched by filter regexs 2013-07-13 23:03:01 +01:00
Daniel Black 1bb427cc14 TST: remove dup test log entry 2013-07-12 09:09:24 +10:00
Daniel Black 6ce41a611d BF: fix filter on apache-auth. Closes #286 2013-07-11 22:13:51 +10:00
Daniel Black 5412d7336f DOC: ChangeLog confict 2013-07-09 08:23:44 +10:00
Yaroslav Halchenko 5f04b4954f Merge pull request #280 from yarikoptic/master 
BF+ENHs: polling backend tracks ino and size now in addition to mtime, filters do not read file unless it has content + few other minor issues
 2013-07-07 08:33:55 -07:00
Daniel Black 619603fe05 BF: match asterisk InvalidPassword correctly 2013-07-07 17:48:20 +10:00
Steven Hiscocks bfa2b9dec3 ENH: dovecot filter additions for session, time value and blank user 2013-07-05 18:36:02 +01:00
Yaroslav Halchenko 47ac39fb34 TST: minor enhancement to test failure msg 2013-07-02 23:37:41 -04:00
Yaroslav Halchenko 052e7ff9da ENH: deprecate sophisticated MTimeSleep in favor of no sleeping at all 
all invocations of mtimesleep() are left in the tests for now
 2013-07-02 20:44:28 -04:00
Yaroslav Halchenko 8c125b6053 ENH: do not sleep 1 sec only on older Pythons while testing filters 2013-07-02 19:50:22 -04:00
Daniel Black d6dece4900 ENH: Split log and provide jail examples 2013-07-03 07:42:47 +10:00
Yaroslav Halchenko e9c8a51ce4 ENH: further tighten up detection of mtimesleep duration + log what was assigned 2013-07-02 17:26:41 -04:00
Yaroslav Halchenko 8f3671bc94 BF: figure out minimal sleep time needed for mtime changes to get detected. Close #223, and probably #103 2013-07-02 17:10:00 -04:00
Yaroslav Halchenko e6ebcf6687 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban 
* 'dovecot' of https://github.com/grooverdan/fail2ban:
  ENH: remove non-capturing groups for readibility
  BF: fix dovecot filter for when no TLS is enabled on pop/imap

Conflicts:
	ChangeLog -- changelog entries.  Also untabified few other spots
 2013-07-02 10:12:51 -04:00
Yaroslav Halchenko f0f237fa05 Merge pull request #269 from grooverdan/asterisk 
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
 2013-07-02 07:04:10 -07:00
Daniel Black 4777cfd4e7 ENH: split out exim-spam into speparate filter 2013-07-02 20:03:16 +10:00
Yaroslav Halchenko 54cce29b3e Merge pull request #271 from yarikoptic/master 
BF: support apache 2.4 more detailed error log format. Close #268

Thanks @grooverdan for the review
 2013-07-01 20:52:36 -07:00
Daniel Black c7d64c3c7f TST: url reference fix 2013-07-01 21:58:03 +10:00
Daniel Black ca996ace5e ENH: remove temporary failures from local_scan in line with comments in gh-258 2013-07-01 21:56:02 +10:00
Daniel Black 72f9e6a51e ENH/TST: more samples and rejection types for sender verify fail and rejected RCPT 2013-07-01 21:50:35 +10:00
Daniel Black 3b76fc79f9 BF: fix dovecot filter for when no TLS is enabled on pop/imap 2013-07-01 21:12:51 +10:00
Steven Hiscocks b670b5c792 TST: Change depreciated assertEquals to assertEqual in some tests 2013-06-29 20:17:42 +01:00
Yaroslav Halchenko 1b170b2aef BF: support apache 2.4 more detailed error log format. Close #268 2013-06-28 09:49:36 -04:00
Yaroslav Halchenko 6d331bcbea BF: make colon after [daemon] optional. Close #267 2013-06-27 11:44:47 -04:00
Daniel Black fa7a105483 ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages 2013-06-27 09:16:14 +10:00
Yaroslav Halchenko b9e971c25d Merge branch 'exim' of https://github.com/grooverdan/fail2ban 
* 'exim' of https://github.com/grooverdan/fail2ban:
  DOC: credits/blame to me for changes to exim
  ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries
  TST/ENH: Improve regex around exim
 2013-06-23 00:21:28 -04:00
Yaroslav Halchenko 057f0ad135 ENH: allow_no_files option for jail's convert to allow testing of stock jail.conf 2013-06-21 12:44:37 -04:00
Daniel Black b8cfda68b8 ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries 2013-06-16 00:19:37 +10:00
Daniel Black d441d61a1e TST/ENH: Improve regex around exim 
rejected by local_scan now has test cases.

Unrouteable address error messages now normalised after looking into
exim code.
 2013-06-15 12:34:16 +10:00
Yaroslav Halchenko 9d4b613ee4 Merge branch '3proxy' of https://github.com/grooverdan/fail2ban 
* '3proxy' of https://github.com/grooverdan/fail2ban:
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
  BF: need to anchor the start to avoid another repeat of DoS injection like Apache
  ENH: stricter regex thanks to Steven Hiscocks (kwirk)
  DOC: credits

Conflicts:
	ChangeLog
 2013-06-14 12:32:51 -04:00
Yaroslav Halchenko 173fe48e77 Merge branch 'exim' of https://github.com/grooverdan/fail2ban 
* 'exim' of https://github.com/grooverdan/fail2ban:
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  ENH/BF: exim improvements with sample

Conflicts:
	ChangeLog
 2013-06-14 12:28:07 -04:00
Yaroslav Halchenko ec629ab4e8 Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban 
* 'proftpd' of https://github.com/grooverdan/fail2ban:
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: proftp regex hardening and log messages

Conflicts:
	ChangeLog
 2013-06-14 12:16:59 -04:00
Daniel Black 8cc13b5b40 BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address 2013-06-14 18:12:53 +10:00
Daniel Black e8b6acfa65 TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15 2013-06-14 00:53:03 +10:00
Daniel Black 2e2ec5d1f5 ENH: injection of fail data into USER field 2013-06-14 00:17:41 +10:00
Daniel Black dbe7ffe050 ENH: dovecot regexs rewritten and extra failures 2013-06-13 23:52:15 +10:00
Daniel Black 4c67a269bf ENH: proftp regex hardening and log messages 2013-06-13 22:11:05 +10:00
Daniel Black 3e3802512a ENH/BF: exim improvements with sample 2013-06-13 17:44:18 +10:00
Daniel Black 9dbaec0894 ENH: sample log + more specific regex 2013-06-13 10:23:14 +10:00
Yaroslav Halchenko 6ccd57813c BF: anchor apache- filters. Close #248 
See https://vndh.net/note:fail2ban-089-denial-service for more information
 2013-06-11 19:19:25 -04:00
Daniel Black 16d63434ef DOC: credits 2013-06-11 23:56:09 +10:00
Carlos Alberto Lopez Perez 7248ef4564 Filter Asterisk: Add sample log entry to testcase. 
* Sample log entry for AUTH_UNKNOWN_DOMAIN (Not a local domain)
 2013-06-11 02:13:37 +02:00
Daniel Black 916b5a7c23 TST: normalize logs to use example.com and 1.2.3.4 as IP 2013-05-30 10:24:48 +10:00
Daniel Black eceede175a Merge branch 'patch-4' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:37:00 +10:00
Yaroslav Halchenko fae2d5c0ce Merge branch 'patch-3' extending roundcube failregex to support v0.9+ (from https://github.com/teroz/fail2ban) 
* 'patch-3' of https://github.com/teroz/fail2ban:
  failregex when roundcube log driver is set to 'syslog'
  fixed failregex line for roundcube 0.9+
 2013-05-29 09:38:35 -04:00
Steven Hiscocks 7a4db4b4b9 TST: Fix fail2ban.conf reader test for unreliable dictionary order 2013-05-26 14:36:51 +01:00
Terence Namusonge 098c88a67b failregex when roundcube log driver is set to 'syslog' 2013-05-26 07:46:29 +02:00
Yaroslav Halchenko 8a57ffd2fb TST: test all stock jails to have actions and correctly specifying blocktype 2013-05-24 14:33:48 -04:00
silviogarbes 52fa5f19b0 Update asterisk 2013-05-14 12:58:43 -03:00
Yaroslav Halchenko 04bf9eceb6 BF: (travis) relax the test for needed to be presented installed directories -- allow new 
on travis scripts install into user's home by default
 2013-05-12 23:42:57 -04:00
Yaroslav Halchenko 6aed705f3d BF: (travis) if tests ran under coverage -- there is a traceback parts to report (thus > would be present) 2013-05-12 23:42:01 -04:00