fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	84c3eb3e0e	filter.d/sendmail-reject.conf: double space (should be by missing dns-host only) Closes #1578	8 years ago
sebres	9fb167b5e1	filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543	8 years ago
sebres	4a1d720344	filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix	8 years ago
sebres	38d53a72fd	introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located); fixed pythonic filters and test scripts (running via "fail2ban-python" now); fixed test case "testSetupInstallRoot" not for default python (also using direct call, out of virtualenv); # Conflicts: # config/filter.d/ignorecommands/apache-fakegooglebot # fail2ban/tests/files/config/apache-auth/digest.py # fail2ban/tests/files/ignorecommand.py # fail2ban/tests/misctestcase.py	8 years ago
maksyms	9ddbd642f7	Accept no space after "failed:" (#1501 ) yoh: Squashed to ease cherry-picking into 0.9 * accept no space after "failed:" fix issue #1497 * accept no space after "failed:" * Update postfix-sasl * Update postfix-sasl * Update postfix-sasl	8 years ago
sebres	c52aaa8b78	ASSP failregex minor fixes	8 years ago
rhardy613	8265e3f0f9	Fix comments For some reasons the comment changes weren't pickup in the last commit. This fixes it.	8 years ago
rhardy613	66fe5a77ce	Fix ASSP filter to work with both ASSP V1 and V2 ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP. This fix adds V2 support.	8 years ago
rhardy613	890a3dcbb9	Fix ASSP filter to work with current release of ASSP ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. For some reason fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP. Now updated with anchored patterns tested against 6 months of log data.	8 years ago
rhardy613	f73746d846	Fix ASSP filter to work with current release of ASSP ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. For some reason fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP.	8 years ago
Yaroslav Halchenko	28a0605f69	Merge pull request #1478 from gips0n/master adding openldap slapd filter	8 years ago
Andrii Melnyk	7433b353ee	another variant of regex	8 years ago
Andrii Melnyk	7c5828dd2a	add trailing anchor to failregex	8 years ago
Andrii Melnyk	48c094f612	improved failregex according to @sebres recomendations	9 years ago
sebres	f5f204ca7c	Improved changes of gh-1458: `[^']` after callid was wrong, changed to `[^\)]`; regexp anchored at the end; almost the same regex grouped to one; Closes #1458	9 years ago
nturcksin	72a157b8f2	Improve PJSIP log support for asterisk 13+ with different callID (Squash gh-1458) Change the asterisk pjsip filter to don't take the callId part Add optional part between "Request" and "from" Listed all log message from asterisk	9 years ago
Andrii Melnyk	dcb69b0242	* add `__prefix_line` to regex * fix time in log file	9 years ago
Andrii Melnyk	b2e3affaa0	adding openldap slapd filter	9 years ago
Yaroslav Halchenko	636a93f58b	Merge pull request #1438 from yarikoptic/bf-exim exim filters -- make wider use of host_info helper str susbstitution + fix for #1430	9 years ago
Ludovic Gasc	f85fb45b29	Asterisk pjsip (#1456 ) * Improve PJSIP log support for Asterisk 13+ * Update changelog: filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+ * Change pjsip regexp with sebres observation, thanks to @nturcksin	9 years ago
Yaroslav Halchenko	6434661480	RF: for consistency use (?:XXX)? instead of (?:\|XXX)	9 years ago
Yaroslav Halchenko	48a8324662	ENH: use non-capturing regex groups in exim-common and exim filters	9 years ago
Yaroslav Halchenko	9bb869b8d4	ENH: courier-smtp -- allow for trailing username (no spaces) in the logline Closes #1440	9 years ago
Yaroslav Halchenko	8b8cf2a660	ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible	9 years ago
Yaroslav Halchenko	743a531eb5	BF: make :port and I=[ip]:port optional for a "AUTH command used when not advertised" Closes #1430	9 years ago
sebres	52377984cd	back to mandatory space, ungrouping of sub parameters in `__prefix_line` + small code review;	9 years ago
sebres	25af11215b	test case for generic common moved to `./fail2ban/tests/config/filter.d/zzz-generic-example.conf` to prevent shipping it with fail2ban installations	9 years ago
sebres	cb4f9be8b2	the date brackets removed from filters using `__prefix_line`, because `__prefix_line` already contains the date ambit;	9 years ago
sebres	de813acf51	extends generic `__prefix_line` with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` + test case added;	9 years ago
sebres	3e49522b7a	fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405, misleadingly committed in `d2a9537568`); all optional spaces normalized in generic include `common.conf` + test cases are extended (using new example pseudo-filter and test log `zzz-generic-example`);	9 years ago
jungle-boogie	d889918f19	update doc url direct to confluence page. no code changes.	9 years ago
Yaroslav Halchenko	aa303acfd6	Merge pull request #1381 from theDogOfPavlov/patch-3 Tightened up exim regexes to catch rDNS entries	9 years ago
Alexandre Perrin	7712310d2d	Be more backward compatible on matching postfix/smtps/smtpd Support trailing smtps also and not only smtpd. suggested by @sebres	9 years ago
Alexandre Perrin	1a299409e5	Fix postfix/smtps/smtpd matching.	9 years ago
theDogOfPavlov	1eb51b1bc2	Tightened up regexes to catch rDNS entries	9 years ago
Serg G. Brester	b9b7ecbf6b	Merge pull request #1357 from sebres/monit-new-fltr monit filter fixup for the new version (gh-1355)	9 years ago
sebres	ac27c9cb96	Merge branch 'patch-2' (gh-1371)	9 years ago
Serg G. Brester	0effe76971	Merge pull request #1370 from theDogOfPavlov/patch-1 Added regex for LDAP authentication failures	9 years ago
jblachly	e9202fa0b2	Placed failure (illumos) at end of regex	9 years ago
theDogOfPavlov	fe1475be95	Additional exim regexes to cover common attacks...	9 years ago
theDogOfPavlov	cf2aa9c1c0	Added regex for LDAP authentication failures	9 years ago
jblachly	25c2334bc8	SmartOS PAM Authentication failed (not failURE) SmartOS (and likely other Illumos platforms) enter log entries for failed sshd logins of the form: `Authentication failed for USER from HOST` The current sshd.conf regex matches `failure` -- add to this a match for `failed` to support Illumos	9 years ago
Johannes Weberhofer	bd25a43417	define journalmatch setting for pure-ftps	9 years ago
sebres	37c9075fad	fixed monit filter: failregex find now both previous and new versions: - failregex of previous monit version merged as single expression; - extended failregex with new monit "access denied" version;	9 years ago
Yaroslav Halchenko	385b50e4a9	Merge pull request #1343 from denics/master adding wp-admin to bot search	9 years ago
Denix	ed0e572bfc	added wp-admin bot are very annoying and I am getting a lot of checks on wp-admin. This should calm them.	9 years ago
Yaroslav Halchenko	6ffbc1ffad	ENH: revert back to having detailed suffix anchored at the end for mysqld-auto.conf As discussed in https://github.com/fail2ban/fail2ban/pull/1333#discussion_r54100127	9 years ago
Yaroslav Halchenko	3e31145c33	Merge pull request #1331 from whyscream/postfix-multi-instance-support Add support for matching postfix multi-instance daemon names by default	9 years ago
sebres	667785b608	mysqld: failregex fixed (accepts different log level, more secure expression now); closes #1332	9 years ago
Tom Hendrikx	6c606cf98f	Add support for matching postfix multi-instance daemon names by default	9 years ago

1 2 3 4 5 ...

617 Commits (5502e474864fc0561ff1574f9a95c4bb4ead9806)