fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	b245225b13	filter.d/nginx-http-auth.conf: added optional prefix to support systemd-journal format and additional timestamp (optionally) in prefix	12 months ago
repcsi	199759f0ba	added pf[protocol=all] options as recommended by sebres	12 months ago
Yaroslav Halchenko	8ef0d3c7a9	[DATALAD RUNCMD] run codespell throughout fixing typo automagically === Do not change lines below === { "chain": [], "cmd": "codespell -w", "exit": 0, "extra_inputs": [], "inputs": [], "outputs": [], "pwd": "." } ^^^ Do not change lines above ^^^	1 year ago
Yaroslav Halchenko	81b2eb32d6	Add pragma to ignore a codespell-detected typoin postfix.conf	1 year ago
Sergey G. Brester	eed319e896	gh-3604: filter.d/slapd.conf - switched to single-line processing closes gh-3604	1 year ago
Sergey G. Brester	183f805ae3	amend	1 year ago
Sergey G. Brester	7931b67325	mysqld-auth.conf: better RE, optional suffix, non-capturing groups	1 year ago
Aliaksandr Yurchyk	c55e9949dc	Fix issue with Mariadb 10.3 failed message	1 year ago
Sergey G. Brester	f8f8c046a2	Merge pull request #3469 from vitkabele/routeros-auth New filter: routeros-auth.conf	1 year ago
nodiscc	77f80e8c3f	action.d/ipset: make maxelem ipset option configurable through banaction arguments - previously there was no way to override this value and ipsets would stop being updated when full (Hash is full, cannot add more elements) - preserve ipset's default value of 65536 - update tests - Closes #3549	1 year ago
sebres	99ff701678	remove support of python 2.x	1 year ago
sebres	eebef0089c	avoid double counting for "maximum authentication attempts exceeded" ("Disconnecting ..." is no failure anymore, now it's helper only); closes gh-3485	1 year ago
Sergey G. Brester	66e195b0f3	jail.conf: comment only (time abbr format), no function changes closes gh-3522	1 year ago
Sergey G. Brester	809b904106	filter.d/exim.conf: fixes "dropped: too many ..." regex and also matches unrecognized commands new vector	2 years ago
Sergey G. Brester	e73748c442	Merge branch 'master' into mikrotik	2 years ago
Sergey G. Brester	9cbf59c827	anchored datepattern and added journalmatch (if monitoring systemd journal)	2 years ago
Sergey G. Brester	2c0360d178	Merge branch 'master' into nginx-forbidden	2 years ago
Sergey G. Brester	c7f8b75e7e	action.d/cloudflare-token.conf: fixes #3479 , url-encode args by unban	2 years ago
Duncan Bellamy	7dc32971f8	changed missed names	2 years ago
Duncan Bellamy	9b1417a169	apply suggestions	2 years ago
Sergey G. Brester	d46ec3a555	add jail boundary to flush command for more precise targeting of jail (if some name may be equal to prefix of other name)	2 years ago
Duncan Bellamy	5781675a7d	change startcomment and comment so correct rules are flushed	2 years ago
Duncan Bellamy	ac2076ef4f	change unban back to find comment so correct entry always deleted	2 years ago
Duncan Bellamy	0e3e9b1d7f	Add flushaction Change unban to find by ip address not comment	2 years ago
Duncan Bellamy	9997807fb3	Add action for mikrotik routerOS	2 years ago
Vít Kabele	a2c77429b9	New filter: routeros-auth.conf (Closes #3469 ) Add filter to detect failed login attempts in the log produced by MikroTik RouterOS. - Add the filter to jail.conf - Add testcase for the filter Signed-off-by: Vít Kabele <vit@kabele.me>	2 years ago
Sergey G. Brester	efbbcb41ea	non capturing group	2 years ago
Sergey G. Brester	996553f330	review, simplify regex and capture user name	2 years ago
Andrey Alekseenko	df91b047d2	Dante SOCKS server: handle "1 byte/second" case Thanks to @Loriowar and @sebres for pointing it out	2 years ago
Andrey Alekseenko	05c162ef10	Create filter for Dante SOCKS server	2 years ago
Sergey G. Brester	ae5fe2e003	amend to #3405 , eliminate catch-all	2 years ago
sebres	cbb097a2b3	small amend (non capturing group)	2 years ago
sebres	82506f0586	filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new format with GS and additional parameters, e. g. grantors)	2 years ago
sebres	d8e2b03a24	`filter.d/named-refused.conf` extended (closes gh-3388): - support BIND named log categories - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)	2 years ago
sebres	ca2b94c522	fixes gh-3370: resolve extremely long search by repeated apply of non-greedy RE `(?:: (?:[^\(]+\|\w+\([^\)]*\))+)?` with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests amend to gh-3210: fixes regression and matches new format in aggressive mode too	2 years ago
Jeff Johnson	f9f78ed9d2	IPThreat integration (#3349 ) new IPThreat action	2 years ago
sebres	d6896eb26d	New logtarget: systemd-journal; rebased #1403 from da2x:feature-systemd-journal	2 years ago
sebres	a08b925468	Merge branch '0.11'	2 years ago
sebres	467024797f	Merge branch '0.10' into 0.11	2 years ago
Sergey G. Brester	e289a1155e	Merge pull request #3269 from Logic-32/feature/cloudflare-token Adding support for Cloudflare Token API.	2 years ago
Sergey G. Brester	514cca9ade	filter.d/sendmail-auth.conf: detect failures without user part	2 years ago
Sergey G. Brester	a2264dcef0	Merge pull request #2636 from brianjmurrell/patch-2 FreeIPA renames named to named-pkcs11	2 years ago
Sergey G. Brester	3e9321e71b	non-capturing group and any variant of suffix	2 years ago
sebres	9272cce13d	Merge branch '0.11'	3 years ago
sebres	a69d42cea5	Merge branch '0.10' into 0.11	3 years ago
Sergey G. Brester	fbfc85d8c0	common.conf: fixed typo in comment (rfc5424 for logtype) no functional changes; closes #3274	3 years ago
Logic-32	d11ad3b90f	Adding jail name to notes to disambiguate between jails.	3 years ago
Logic-32	e89b2c0ff7	Moving inet6 family block to the end so other config doesn't get added to it.	3 years ago
Logic-32	7e7b9f4a35	Adding support for Cloudflare Token API. Closes #3080	3 years ago
sebres	a2431158f6	implements new interpolation variable `%(fail2ban_confpath)s` (automatically substituted from config-reader path, default `/etc/fail2ban` or `/usr/local/etc/fail2ban` depending on distribution); `ignorecommands_dir` is unneeded anymore, thus removed from `paths-common.conf`; fixes gh-3005	3 years ago
sebres	13520a0494	Merge branch '0.11'	3 years ago
sebres	8ac49b5858	Merge branch '0.10' into 0.11	3 years ago
László Károlyi	f380d6202d	cherry pick #3210 from master	3 years ago
sebres	498e473a10	filter.d/courier-auth.conf: consider optional port after IP, regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now; closes #3211	3 years ago
sebres	810386a265	filter.d/dovecot.conf: parse everything in parenthesis by auth-worker info, e. g. can match (pid=...,uid=...) too (amend to `92f90038fa`)	3 years ago
Sergey G. Brester	dfc866ea41	improve RE to solve conflict with expected another open parenthesis	3 years ago
László Károlyi	0f1706d4a1	Adjusting for updated dovecot log format This should now match: `Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=<sales@karolyi.hu>, rip=183.111.188.94, lip=127.0.0.19, session=<Lsz0Oo7WXti3b7xe>` the issue is the `read(size=1003)` that probably has been added lately and which causes the rule not to discover the log message.	3 years ago
sebres	06d2623c5e	iptables and iptables-ipset actions extended to support multiple protocols with single action for multiport or oneport type (back-ported from nftables action); amend to gh-980 fixing several actions (correctly supporting new enhancements now)	3 years ago
sebres	b639c8869c	make several iptables actions more breakdown-safe: start wouldn't fail if chain or rule already exists (e. g. created by previous instance and doesn't get purged properly); ultimately closes gh-980	3 years ago
sebres	3d7e3bc2fb	make ipset actions more breakdown-safe: start wouldn't fail if set with this name already exists (e. g. created by previous instance and don't deleted properly)	3 years ago
sebres	7db1c97a3e	Merge remote-tracking branch 'remotes/sebres/1.0-breakdown-safe-actions' with master; conflicts resolved	3 years ago
sebres	970573d1cb	Merge branch '0.11'	3 years ago
sebres	35d73d9758	Merge branch '0.10' into 0.11	3 years ago
sebres	bf689c27b8	filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of `f77398c49d`); closes gh-3086	3 years ago
sebres	8bf15db688	filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port; closes gh-3169	3 years ago
sebres	80805cabfc	Merge branch '0.11'	3 years ago
sebres	0b3ad780fe	Merge branch '0.10' into 0.11	3 years ago
sebres	4b54a07d71	Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;" This reverts the incompatibility #3047 introduced by commit `a038fd5dfe` (#2821).	3 years ago
Sylvestre Ledru	3245b8018b	Add the Debian path to roundcube error logs	3 years ago
Sergey G. Brester	ba839af8ad	filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116)	3 years ago
sebres	10cd815525	merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm)	3 years ago
sebres	c03fe6682c	merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm)	3 years ago
sebres	410a6ce5c8	fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence	3 years ago
sebres	579c6a94af	filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040)	4 years ago
sebres	43f2923fbd	filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user"; both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters	4 years ago
Sergey G. Brester	bbfff18280	action.d/ufw.conf: amend to #3018 : parameter `kill-mode` extended with conntrack	4 years ago
sebres	c7a86b4616	action.d/firewallcmd-ipset.conf: amend to #2620 : - combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`); - IPv6-capability for firewalld ipset; - no internal timeout handling by default; - no permanent rules yet	4 years ago
Sergey G. Brester	2a508da5a0	Merge pull request #2620 from mspolitaev/master Using native firewalld ipset implementation	4 years ago
sebres	38535b0cca	Merge branch '0.11' into master	4 years ago
sebres	d2f5c7de09	Merge branch '0.10' into 0.11	4 years ago
sebres	92f90038fa	filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553	4 years ago
sebres	8b984a0135	filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553)	4 years ago
sebres	6be1a5a0b1	filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)	4 years ago
sebres	8afea37494	filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757)	4 years ago
sebres	c5f1598a21	filter.d/postfix.conf: extended to cover new vectors: - reject: BDAT/DATA from (gh-2927) - (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else) - matches "Command rejected" and "Data command rejected" now	4 years ago
sebres	ae3e9b9149	filter.d/postfix.conf: extended to cover 2 new vectors: - RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995 - 550 5.7.25 Client host rejected, gh-2996 review combining several regex to single one	4 years ago
sebres	87f717e0e0	filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012)	4 years ago
Sergey G. Brester	3d52fe3e4e	Merge pull request #2679 from mikaku/updated-to-latest-jail.conf Add new jail (and filter) Monitorix	4 years ago
sebres	0a05dbdbfc	Merge branch '0.11' into master	4 years ago
sebres	3312b8cb95	Merge branch '0.10' into 0.11	4 years ago
sebres	1627d4f573	filter.d/sendmail-auth.conf: user not found, closes gh-3030	4 years ago
Sergey G. Brester	f07e0f7ade	Merge pull request #2984 from j-marz/zoneminder_filter_update Zoneminder filter update	4 years ago
Sergey G. Brester	ec4e0dd65b	padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name)	4 years ago
j-marz	2367ad115c	fixed typo in comment	4 years ago
Sergey G. Brester	3f9cf27853	filter.d/apache-fakegooglebot.conf: better, more precise regex and datepattern (closes possible weakness like #3013 )	4 years ago
usernamepi	4f8427178a	Missing comment "#" (#3022 ) Missed this ... but the logs showed it.	4 years ago
usernamepi	88f779ed24	ufw.conf, amend to #3018 - add missing option for comment (#3019 )	4 years ago
Sergey G. Brester	8f6a8df3a4	added new options `kill-mode` and `kill`, which makes the drop of all connections optional	4 years ago
Sergey G. Brester	5debaa4cac	option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat)	4 years ago
usernamepi	e4e7a83cff	Update ufw.conf Prerequisites: * The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY. * Ufw version is => 0.36 (released in 2018) * Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses. * Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532 * Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open. Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option. My system apparently is compiled that way.	4 years ago

1 2 3 4 5 ...

1951 Commits (54c0effceb998b73545073ac59c479d9d9bf19a4)