github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
1,149 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

1149 Commits (4cf402d60e42003d7bb1c10e22eb99ebb57d0f71)

Author SHA1 Message Date
Yaroslav Halchenko 5f2d3832f7 NF: roundcube-auth filter (to close Debian #699442, needing debian/jail.conf section) 2013-01-31 14:41:34 -05:00
Steven Hiscocks 9c2e0cbbc8 Fix up for warning/error for inaccessible config files 2013-01-31 18:36:23 +00:00
Steven Hiscocks bf5f46c3d5 Warn if config file present but unreadable 2013-01-30 19:57:03 +00:00
Yaroslav Halchenko d561a4c2bb BF: do not rely on scripts being under /usr -- might differ eg on Fedora -- rely on import of common.version (Closes gh-112) 
This is also not ideal, since if there happens to be some systemwide common.version -- we are doomed

but otherwise, we cannot keep extending comparison check to /bin, /sbin whatelse
 2013-01-28 09:54:12 -05:00
Yaroslav Halchenko acab23bdfe RF: move exceptions used by both client and server into common/exceptions.py 
this prevents importing of server while operating with client only
 2013-01-28 09:46:50 -05:00
Yaroslav Halchenko f8c8a5583e Merge remote-tracking branch 'gh-yarikoptic/master' 
* gh-yarikoptic/master:
  BF: pyinotify - use bitwise op on masks and do not try tracking newly created directories
 2013-01-26 12:36:49 -05:00
Yaroslav Halchenko c900c08eed Merge pull request #111 from opoplawski/nonettest 
Initial support for --no-network option for fail2ban-testcases (Closes gh-110)
 2013-01-25 16:45:01 -08:00
Orion Poplawski 431489c9b9 Remove unneeded setting of opts.no_network 2013-01-25 14:19:10 -07:00
Yaroslav Halchenko 6b2e76ba7f BF: pyinotify - use bitwise op on masks and do not try tracking newly created directories 2013-01-25 16:06:41 -05:00
Orion Poplawski fdd9dfb4b5 Initial support for --no-network option for fail2ban-testcases 2013-01-25 12:56:00 -07:00
Yaroslav Halchenko b8a861d012 Merge remote-tracking branch 'gh-yarikoptic/master' 
* gh-yarikoptic/master:
  ENH: Added login authenticator failed regexp for exim filter
  DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333)
 2013-01-25 13:27:30 -05:00
Yaroslav Halchenko 4a48844027 Merge pull request #107 from opoplawski/master 
sshd filter - avoid banning on pam failures since might be too early. Close gh-106

If desired to ban on pam -- enable pam-generic filter, possibly even tuning in pam-generic.local the value for caught ttys in case of more detailed control needed

Provided example was:

 Jan 18 12:47:34 host sshd[23755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.123.123.123  user=myuser
 Jan 18 12:47:34 host sshd[23755]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.123.123.123 user=myuser
 Jan 18 12:47:34 host sshd[23755]: Accepted password for myuser from 123.123.123.123 port 50615 ssh2
 2013-01-25 08:24:44 -08:00
Yaroslav Halchenko 7d630cb0de Merge pull request #109 from blotus/master 
Escape ' and " in matches
 2013-01-25 08:11:04 -08:00
blotus 96eb8986cc Escape ' and " in matches tag 2013-01-25 13:37:22 +01:00
Orion Poplawski bb7628591c Update config/filter.d/sshd.conf 
Do not trigger sshd bans on pam_unix authentication failures, this will trigger on successful logins on systems that use non-pam_unix authentication (sssd, ldap, etc.).
 2013-01-18 14:44:49 -07:00
Yaroslav Halchenko 9a39292813 ENH: Added login authenticator failed regexp for exim filter 2013-01-04 15:23:05 -05:00
Yaroslav Halchenko b3d8ba146b DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333) 2013-01-04 15:23:05 -05:00
Yaroslav Halchenko 3ce53e8798 ENH: Added login authenticator failed regexp for exim filter 2013-01-04 15:22:18 -05:00
Yaroslav Halchenko 8f0c533d64 DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333) 2013-01-04 10:55:14 -05:00
Michael Gebetsroither 03433f79cd add example jail.conf for blocking through blackhole routes for ssh 2013-01-04 16:09:04 +01:00
Michael Gebetsroither f9b78ba927 add support for blocking through blackhole routes 2013-01-03 18:46:31 +01:00
Yaroslav Halchenko be06b1b914 Merge pull request #102 from grooverdan/ipset 
Ipset
 2012-12-30 19:51:15 -08:00
Daniel Black da0ba8ab4c ENH: add example jail for ipset 2012-12-31 14:38:51 +11:00
Daniel Black 9221886df6 more documentation and optimisations/fixes based on testing 2012-12-31 14:31:37 +11:00
Daniel Black abd5984234 base ipset support 2012-12-31 14:31:37 +11:00
Yaroslav Halchenko 05af52e833 ENH: fail2ban-regex -- __str__ for RegexStat + modeline 2012-12-24 11:05:44 -05:00
Yaroslav Halchenko 21e966e4bb example logs should carry the same name as the filter they are devised for 2012-12-13 08:24:02 -05:00
Yaroslav Halchenko f96ea013bb Merge pull request #99 from pigsyn/patch-2 
Update config/filter.d/webmin-auth.conf for trailing spaces
 2012-12-13 05:22:43 -08:00
pigsyn 123d457924 Update testcases/files/logs/Webmin 2012-12-13 08:33:07 +01:00
pigsyn 38dd1506cc Sample Webmin logs 2012-12-12 23:25:31 -08:00
pigsyn f336d9f876 Update config/filter.d/webmin-auth.conf 
Added '\s*$' to the regular expression to match the space written by webmin logs at line-endings
 2012-12-13 08:14:49 +01:00
pigsyn dc67b24270 Update config/filter.d/webmin-auth.conf 
Added a trailing '.*$' to each regex so they can find expressions in targeted log files.
 2012-12-12 23:07:39 +01:00
Yaroslav Halchenko 3969e3f77b ENH: dovecot.conf - require space(s) before rip/rhost log entry 2012-12-12 09:16:52 -05:00
Yaroslav Halchenko 68c1defb76 ENH: added dovecot example from Daniel Black + example with DoS attempt via injected rhost 2012-12-12 09:16:27 -05:00
Yaroslav Halchenko 6d804df504 Merge branch 'patch-2' of https://github.com/hamilton5/fail2ban (dovecot log examples) 
* 'patch-2' of https://github.com/hamilton5/fail2ban:
  Update testcases/files/logs/dovecot
  Update testcases/files/logs/dovecot
 2012-12-12 09:11:34 -05:00
Yaroslav Halchenko d7b7d7d491 Merge branch 'patch-1' of https://github.com/hamilton5/fail2ban 
* 'patch-1' of https://github.com/hamilton5/fail2ban:
  Update config/filter.d/dovecot.conf
  Update config/filter.d/dovecot.conf
  Update config/filter.d/dovecot.conf
 2012-12-12 09:10:44 -05:00
Yaroslav Halchenko 46e2de98ff Merge pull request #97 from grooverdan/simplefix 
name -> IP is a normal DNS lookup not a reverse
 2012-12-12 06:08:14 -08:00
Yaroslav Halchenko 620d6015ac Merge pull request #98 from grooverdan/gitignore 
ignore build directory and compiled python bits
 2012-12-12 06:07:09 -08:00
Daniel Black fd7929863b name -> IP is a normal DNS lookup not a reverse 2012-12-12 21:59:01 +11:00
Daniel Black b95dc592b9 ignore build directory and compiled python bits 2012-12-12 21:43:27 +11:00
hamilton5 266cdc29a6 Update config/filter.d/dovecot.conf 
even tho not on the fail2ban site..
suggested to not be greedy by yarikoptic
 2012-12-11 12:09:28 -05:00
hamilton5 ccc62ddbf3 Update testcases/files/logs/dovecot 2012-12-11 12:05:01 -05:00
Yaroslav Halchenko 67145d8b78 ENH: assure that all date templates have unique names 2012-12-11 11:18:52 -05:00
Yaroslav Halchenko d1625253eb ENH: debug msgs on which template was taken (+ use "is" for None comparisons) 2012-12-11 11:18:52 -05:00
Yaroslav Halchenko 2b6366656f BF: make sorting of date templates stable 
Before, it would first do stable sort followed with explicit reverse.
Now reverse is given as an argument to sort, and it results in actually
preserving the order in case of e.g. no sorting needed
 2012-12-11 11:18:52 -05:00
Yaroslav Halchenko 7bd977e2df ENH: fail2ban-testscases -- allow to specify regexps for tests to be ran 
Eventually we will switch to use nose or py.test -- for now this
homebrew solution could be used to run selected suites only
 2012-12-11 11:18:52 -05:00
hamilton5 c534c1d03d Update testcases/files/logs/dovecot 2012-12-11 11:05:22 -05:00
hamilton5 e040c6d8a3 Update config/filter.d/dovecot.conf 
site actually needs updated because of <HOST> alias 
per Notes above.
 2012-12-11 03:26:14 -05:00
hamilton5 7ede1e8518 Update config/filter.d/dovecot.conf 
added failregex line for debian and centos per 
http://www.fail2ban.org/wiki/index.php/Talk:Dovecot
 2012-12-10 19:17:04 -05:00
Yaroslav Halchenko fc27e00290 ENH: tune up sshd-ddos to use common.conf and allow training spaces 2012-12-07 15:24:34 -05:00