3534 Commits (5502e474864fc0561ff1574f9a95c4bb4ead9806)

 

All Branches   

Search

Author	SHA1	Message	Date
Simon Brown	3e16f33dbe	Removed old svn revision comment	9 years ago
Simon Brown	d16ad80597	removed false matches ... For non-screensharingd related messages	9 years ago
Yaroslav Halchenko	b40c6cbd9a	ENH: .mailmap file to bring some names together for git shortlog -sn	9 years ago
sebres	5767191988	fixed misleading documentation of `banaction`	9 years ago
sebres	fcf03790f4	fixed misleading documentation of `banaction`	9 years ago
Serg G. Brester	eef7771b4e	Merge pull request #1238 from sebres/fix/gh-1216 ... Fixed directly defined banaction for allports jails like pam-generic, recidive, etc	9 years ago
sebres	e825e977cc	Nginx log paths extended (prefixed with "*" wildcard) ... closes gh-1237	9 years ago
sebres	f359ed8c36	Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added); ... closes gh-1216	9 years ago
Simon Brown	5839a3bd80	Removed includes comment for screensharing jail	9 years ago
sebres	53b39162a1	Shortly, much faster and stable version of regexp (possible because expression is start-anchored and does not contains closely to catch-all sub expressions)	9 years ago
sebres	6884593ab8	New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module)	9 years ago
Orion Poplawski	0661aece46	Merge branch 'master' into journaldefault ... Conflicts: ChangeLog	9 years ago
Simon Brown	65bc5cf6ba	Now using a literal logpath for screensharing jail	9 years ago
Simon Brown	cabd46f069	Fixed blatant typo in regex ... However, still failing test, even though ```PYTHONPATH=. fail2ban-regex -v fail2ban/tests/files/logs/screensharingd /etc/fail2ban/filter.d/screensharingd.conf``` gives desired result	9 years ago
Simon Brown	bed28eaa62	clarified comments on sample log format	9 years ago
Simon Brown	c936d19805	Fixed name (again?)	9 years ago
Simon Brown	acee68a9ee	Made screensharing jail off by default ... Also added note about requiring paths-osx.conf.	9 years ago
Simon Brown	4b4d5a95b7	Changed regex prequel ... Use standard prefix macro instead of literal daemon name.	9 years ago
Simon Brown	3dd1c305ce	added entry for new screensharingd filter	9 years ago
Simon Brown	6a5f10ee72	name change & new sample data ... changed name to match daemon, log samples with year	9 years ago
Simon Brown	3e4a77a568	Added json metadata	9 years ago
Simon Brown	b3a18631e2	Sample log for test case	9 years ago
Simon Brown	4c3f778b82	Replaced .* with literal ... Per Serg's suggestions. Possible I'm missing some auth attempt types, but I couldn't find anything where literal wasn't sufficient.	9 years ago
Simon Brown	d17d837b8c	Update jail.conf ... Added logencoding to screensharing jail to avoid encoding error messages in fail2ban log	9 years ago
Simon Brown	de14946542	Added new path variable for system.log ... Logging location for the majority of Mac OS daemons.	9 years ago
Simon Brown	80546c6164	Added in settings for screensharingd filter	9 years ago
Simon Brown	3ec725a2ba	Created file ... From https://github.com/beezwax/filemaker-fail2ban/blob/master/fail2ban/filter.d/screensharingd.conf	9 years ago
sebres	eb87638ead	ChangeLog entry for OpenHAB home automation filter (gh-1223)	9 years ago
1technophile	2861a957a9	filter for openhab domotic software authentication failure with the rest api and web interface + test cases; ... closes gh-1223	9 years ago
Serg G. Brester	26517b0464	Merge pull request #1226 from pablorf-dev/master ... Minor fix and enhancement (fake google domains)	9 years ago
Pablo Rodriguez Fernandez	2c576c64f8	Change domain filter regex ... Change domain filter regex since there are other Google crawlers. See "Google crawlers" <https://support.google.com/webmasters/answer/1061943?hl=en>	9 years ago
Pablo Rodriguez Fernandez	74fcb219ab	Enhanced Google domain detection in apache-fakegooglebot ... Previously, an attacker could fake a domain like crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change avoids to resolve fake Google domains.	9 years ago
Orion Poplawski	3a9cf2b3da	Add and use default_backend to set individual backend defaults to auto	9 years ago
Orion Poplawski	81a26266a9	Add changlog entry for postfix-rbl logpath change	9 years ago
Orion Poplawski	ced7be94b2	Fix postfix_log typo	9 years ago
Orion Poplawski	75d33c0f09	Add *_backend options for services to allow distros to set the default backend ... per service. Set default to systemd for Fedora as appropriate.	9 years ago
Pablo	7e6964dd9d	Fix section jail.conf.5 manpage ... The section of jail.conf manpage is wrong, should be 5, not 10	9 years ago
Serg G. Brester	3a5d4fdd26	Merge pull request #1221 from pablorf-dev/master ... Add check in apache-fakegooglebot to protect against PTR fake record (gh-1221)	9 years ago
Pablo Rodriguez Fernandez	a28e6b442e	Add check in apache-fakegooglebot to protect against PTR fake record ... An attacker may return a PTR record which fakes a Googlebot's domain name. This modification resolves the PTR records to verify it. See "Verifying Googlebot": <https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>	9 years ago
Yaroslav Halchenko	16443f7b05	Merge pull request #1219 from agentmoller001/patch-1 ... Updated route.conf to clear warnings (Closes #1026)	9 years ago
agentmoller001	617302fcc2	Updated route.conf to clear warnings ... Does not throw warnings when starting/restarting by adding three lines of code.	9 years ago
Yaroslav Halchenko	6fb5e3a494	removed outdated and "problematic" .pydevproject	9 years ago
Serg G. Brester	42598fbf26	Merge pull request #1215 from paulmenzel/strip-trailing-whitespace-from-files-under-files ... files: Strip trailing whitespace from files	9 years ago
Paul Menzel	078e2048f2	files: Strip trailing whitespace from files ... Run the command `StripWhitespace` from the [Vim Better Whitespace Plugin](https://github.com/ntpeters/vim-better-whitespace).	9 years ago
sebres	2696ede251	mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later ... closes gh-1211	9 years ago
sebres	61ac481703	IpToName test case fixed ('66.249.66.1' resp. 'crawl-66-249-66-1.googlebot.com' seems to be unresolvable)	9 years ago
Serg G. Brester	68db52474d	Merge pull request #1206 from kevinoid/ssh-match-auth-fail ... ssh.conf: Fix disconnect "Auth fail" matching	9 years ago
Kevin Locke	2a5c93cfb5	Update ChangeLog and THANKS for "Auth fail" changes ... Document the changes from 36919d9f in the ChangeLog and add myself to the THANKS file (at @sebres suggestion). Signed-off-by: Kevin Locke <kevin@kevinlocke.name>	9 years ago
Kevin Locke	42b0e9258d	Test cases for ssh.conf disconnect "Auth fail" ... Add test coverage for the new disconnect "Auth fail" matching added in 36919d9f. Signed-off-by: Kevin Locke <kevin@kevinlocke.name>	9 years ago
Kevin Locke	36919d9f97	ssh.conf: Fix disconnect "Auth fail" matching ... The regex for matching against "Auth fail" disconnect log message does not match against current versions of ssh. OpenSSH 5.9 introduced privilege separation of the pre-auth process, which included [logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114) which adds " [preauth]" to the end of each message and causes the log level to be prepended to each message. It also fails to match against clients which send a disconnect message with a description that is either empty or includes a space, since this is the content in the log message after the disconnect code, per [packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215), which was matched by \S+. Although I have not observed this yet, I couldn't find anything which would preclude it in [RFC 4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the message is attacker-controlled it provides a way to avoid getting banned. This commit fixes both issues. Signed-off-by: Kevin Locke <kevin@kevinlocke.name>	9 years ago