github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,814 Commits
33 Branches
229 Tags
18 MiB
Commit Graph

1528 Commits (54298fe7614b2b05f2d966a2fcd2733f623fbd2c)

Author SHA1 Message Date
Sergey G. Brester 54298fe761
Merge pull request #2254 
Nftables: isolate fail2ban rules into a dedicated table and chain
 2019-10-18 11:43:38 +02:00
sebres d1a73d3004 filter.d/apache-auth.conf: 
- ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548);
  - extended with option `mode` - `normal` (default) and `aggressive`
close gh-2548
 2019-10-18 11:26:19 +02:00
sebres 50595b70fd filter.d/mysqld-auth.conf: ISO timestamp format (dual time) within log message 
(https://serverfault.com/questions/982126/fail2ban-fails-to-recognize-ip)
 2019-10-11 01:31:07 +02:00
sebres 9e28b6c65f filter.d/asterisk.conf: relaxing protocol RE-part before IP in RemoteAddress (gh-2531) 2019-09-26 21:46:26 +02:00
sebres 8ea00c1d5d fixed mistake in config (semicolon after space as comment in configs?) and coverage, suppress errors by unsupported flush, better space handling in helper _nft_get_handle_id, etc 2019-09-25 13:47:29 +02:00
sebres 492205d30e action.d/nftables.conf: implemented `actionflush` (allows flushing nftables sets resp. fast unban of all jail tickets at all) 2019-09-24 20:00:29 +02:00
sebres abc4d9fe37 allow to use multiple protocols in multiport (single set with multiple rules in chain): 
`banaction = nftables[type=multiport]` with `protocol="tcp,udp,sctp"` in jail replace 3 separate actions.
more robust if deleting multiple references to set (rules in chain)
 2019-09-24 19:44:59 +02:00
sebres c753ffb11d combine nftables actions to single action: 
- nftables-common is removed
- nftables-allports  is obsolete, replaced by nftables[type=allports]
- nftables-multiport is obsolete, replaced by nftables[type=multiport]
 2019-09-24 18:53:38 +02:00
sebres c59d49da22 nftables-allports: support multiple protocols in single rule; 
tests/servertestcase.py: added coverage for nftables actions
 2019-09-24 18:46:41 +02:00
Ririsoft dde51b4682 fix actionban/unban ip definition syntax 2019-09-24 13:01:14 +02:00
Monson Shao 1cda50ce05 Rewrite nftables variables based on nftables' logic. 
Add an example for redirecting.
 2019-09-24 13:01:13 +02:00
sebres a36b70c7b5 filter.d/znc-adminlog.conf: support logging format of systemd-journal, bypass port after address (optional, removed end-anchor, see gh-2520) 2019-09-10 21:02:26 +02:00
sebres 91923b5c07 don't need to match identifier exactly (@ is precise enough as prefix), not capturing group; 
`prefregex` extended, more selective now (denied/NOTAUTH suffix moved from `failregex`, so no catch-all there anymore);
update ChangeLog
 2019-07-29 13:21:00 +02:00
Joe Horn 4395469226 Update named-refused.conf 
Log format changed since ver. 9.11.0
Ref. ftp://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html
"The logging format used for querylog has been altered. It now includes an additional field indicating the address in memory of the client object processing the query."
 2019-07-29 13:06:49 +02:00
Sergey G. Brester a395361de8
Merge pull request #2467 from sebres/logtype-option-rfc5424 
New option `logtype` value - `rfc5424`
 2019-07-24 00:02:04 +02:00
Sergey G. Brester 0dfd4f1f41
Merge pull request #2404 from benrubson/badprotocol 
filter.d/sshd.conf: matches "Bad protocol version identification" in ddos and aggressive modes.
 2019-07-22 12:47:39 +02:00
Sergey G. Brester 119401fced
Merge pull request #2452 from benrubson/badips 
Badips key is only used to retrieve list
 2019-07-20 12:08:22 +02:00
sebres 5e980afbb8 filter.d/apache-noscript.conf: closes #2466 - matches "Primary script unknown" without "\n" (optional now) 2019-07-10 12:45:53 +02:00
sebres 62b1712d22 amend to #2387: 
- common.conf: rewritten using section-based handling round about option logtype;
- option `logtype` extended with `rfc5424` to cover RFC 5424 log-format (see #2309);
 2019-07-09 21:48:43 +02:00
benrubson 8b171f7d25 Badips key is only used to retrieve list 2019-06-26 18:34:20 +02:00
sebres e751be2c13 normalize, simplify and fix several mail actions (mail and sendmail actions are more similar now, sendmail is configurable via parameter `mailcmd`, etc); 
added test covering sendmail-whois-lines
 2019-06-15 23:14:41 +02:00
girst a7dc3614c4 znc-adminlog: use `<ADDR>` instead of `<HOST>` 2019-06-12 16:26:34 +02:00
girst b288ccd6b6 new filter: znc-adminlog 2019-06-12 16:25:50 +02:00
sebres 22b9304562 action.d/badips.py: fix start of banaction on demand (which may be IP-family related), supplied action info with ticket instead of simulating it with dict; 
(closes gh-2390)
 2019-06-12 11:23:52 +02:00
sebres e5ae113215 filter.d/postfix.conf: extended with new postfix filter mode `errors` to match "too many errors" (gh-2439), 
also included within modes `normal`, `more` (`extra` and `aggressive`), since postfix
  parameter `smtpd_hard_error_limit` is default 20 (additionally consider `maxretry`)
 2019-06-07 16:14:02 +02:00
sebres 3b2f75414c filter.d/postfix.conf: extended regexp's to accept variable suffix code in status of postfix for precise messages (gh-2442) 2019-06-07 15:40:55 +02:00
Sergey G. Brester 7dbd3a07eb cut comment to limit documented on abuseipdb, additionally use curl in quiet mode 2019-06-07 14:39:55 +02:00
Carlos Ferreira 7b73cb7639 Switch to AbuseIPDB API v2 2019-06-07 14:39:52 +02:00
sebres 49bf6132cc amend for 3036ed18893b6aae6619e53201aa53deb701b94f: eliminate "invalid sequence" warnings 2019-05-14 21:40:33 +02:00
sebres 0426a24719 filter.d/postfix.conf: (closes gh-2426) filter extended to catch "5.1.1" (Recipient address rejected: User unknown in local recipient table) with RCPT (and some session-id instead of "NOQUEUE") 2019-05-14 15:27:20 +02:00
sebres d8d71c5a22 action.d/helpers-common.conf: grep arguments are rewritten - using options `-wF` to match only whole words and fixed string (not as pattern) 2019-05-10 16:17:13 +02:00
chtheis fa727586ff Fix grep pattern to deal with Apache's error log 
Apache's error log appends the port to the IP address, other logs don't.
 2019-05-10 16:04:27 +02:00
sebres 23d2281e57 action.d/nginx-block-map.conf: small fix with better RE-rule for removal of ID (token/session) via sed (anchored now) 2019-05-02 15:22:45 +02:00
benrubson 5b2b680bfe SSHd add Bad protocol version message 2019-05-02 11:42:45 +02:00
Sergey G. Brester b318eb7e33
closes gh-2408: prevent execution of action `abuseipdb` for restored tickets 2019-04-29 10:45:37 +02:00
Holston 422a2de7fe updated 2019-04-24 21:35:19 +02:00
Holston a581bf3f08 Fixed filter for Apache mod_security 2019-04-24 21:35:17 +02:00
Holston 5d6a84ba78 Updated to correct logging option 2019-04-24 21:35:15 +02:00
sebres 25f1aa334e fail2ban.conf: move default settings into DEFAULT section (to be more similar to jail.conf, Definition section overwrites the options, so it is backwards compatible) 2019-04-18 20:53:11 +02:00
sebres 0386df0042 introduced new options: `dbmaxmatches` (fail2ban.conf) and `maxmatches` (jail.conf); 
setting `maxmatches` and `dbmaxmatches` to 0 saves memory usage and database size (closes gh-2118).
 2019-04-18 20:31:39 +02:00
Sergey G. Brester 28c1da33dc
Merge pull request #2387 from sebres/logtype-option-journal 
New backend-related option `logtype` (`journal` or `file`)
 2019-04-18 13:27:42 +02:00
Sergey G. Brester 6c7093c66d
minor amend, refolding branches (SP|SA -> S[PA]) 2019-04-04 02:28:50 +02:00
Amir Caspi ffd5d0db78
Update sendmail-reject.conf 
On some distros (e.g., CentOS 7), sendmail default config labels port 465 as TLSMTA and port 587 as MSA. Update failregex to reflect. Relevant loglines included in 9e1fa4ff73
 2019-03-29 17:39:27 -06:00
sebres ced9828d04 filter.d/sendmail-reject.conf: fixed gh-2385 for some systems (e. g. CentOS): if only identifier set to `sm-mta` (no unit `sendmail`) for some messages. 2019-03-29 14:24:06 +01:00
sebres ec681a3363 backend `systemd` sets `logtype` to `journal` automatically; 
sshd-journal: new test covering sshd journal logging format (matches short prefix-line simulating output of formatJournalEntry);
samplestestcase-factory extended with new option `fileOptions` to set common filter/test options for whole test-file
 2019-03-29 14:24:00 +01:00
sebres e268bf97d4 introduces new configuration parameter "logtype" (default "file" for file-backends, and "journal" for journal-backends); 
common.conf: differentiate "__prefix_line" for file/journal logtype's (speedup and fix parsing of systemd-journal);
samplestestcase.py: extends testSampleRegexsFactory to allow coverage of journal logtype;
closes gh-2383: asterisk can log timestamp if logs into systemd-journal (regex extended with optional part matching this)
 2019-03-29 14:23:57 +01:00
sebres e8401a7e65 action.d/xarf-login-attack.conf: fixes gh-2372, correction for split of addresses, interpolation is shell-independent now, etc; 
extended with option `boundary`, additionally dynamic boundary part is used (is not so predictable as it was previously);
 2019-03-16 00:05:06 +01:00
sebres 741cf8fb0e Merge branch 'master-0.9' into 0.10 2019-03-12 16:58:08 +01:00
sebres 1a9527e6a4 fixed catch-all on user (and simplifying) 2019-03-12 16:53:36 +01:00
jim a7f3ba87f6 filter.d/sogo-auth.conf: fixes gh-2289 - matching auth-failures when behind a proxy; 
(broken by commit 72b06479a5), replacement for gh-2290.
 2019-03-12 16:50:04 +01:00