fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	e39126f630	badip timeout option introduced, set to 30 seconds in our test cases	9 years ago
Yaroslav Halchenko	636a93f58b	Merge pull request #1438 from yarikoptic/bf-exim exim filters -- make wider use of host_info helper str susbstitution + fix for #1430	9 years ago
Ludovic Gasc	f85fb45b29	Asterisk pjsip (#1456 ) * Improve PJSIP log support for Asterisk 13+ * Update changelog: filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+ * Change pjsip regexp with sebres observation, thanks to @nturcksin	9 years ago
sebres	39366e703a	Merge branch 'master' into 0.10 # Conflicts: # fail2ban/server/filter.py	9 years ago
Yaroslav Halchenko	6434661480	RF: for consistency use (?:XXX)? instead of (?:\|XXX)	9 years ago
Yaroslav Halchenko	48a8324662	ENH: use non-capturing regex groups in exim-common and exim filters	9 years ago
sebres	8ec4e1189e	use raw host (don't use textToIp) if usedns exactly `raw`, because `usedns = no` should ignore no ip failures	9 years ago
Serg G. Brester	b6700f3e52	Merge pull request #1433 from yarikoptic/bf-0.10-pf-prevbeh BF: maintain previous default beh for pf -- default ban type is multiport	9 years ago
Yaroslav Halchenko	9bb869b8d4	ENH: courier-smtp -- allow for trailing username (no spaces) in the logline Closes #1440	9 years ago
Yaroslav Halchenko	8b8cf2a660	ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible	9 years ago
Yaroslav Halchenko	743a531eb5	BF: make :port and I=[ip]:port optional for a "AUTH command used when not advertised" Closes #1430	9 years ago
sebres	f62266659f	Merge branch 'master' into '0.10'	9 years ago
sebres	52377984cd	back to mandatory space, ungrouping of sub parameters in `__prefix_line` + small code review;	9 years ago
sebres	0fdc56546f	Fixed misunderstanding of port in (ban)action: port will be always specified in jail config ([DEFAULT] or jail)	9 years ago
Yaroslav Halchenko	1ebc3facb1	BF: maintain previous default beh for pf -- ban a port (ssh) only	9 years ago
sebres	4cdca8c258	amend-merge for pull request #1429 from sebres/0.10-freebsd-fix-pf actiontype for PF action (all- and multi port)	9 years ago
sebres	4d51c591c1	pf.conf: warranted consistently echoing for the pf actiontype if actiontype or multiport tags will be customized;	9 years ago
Serg G. Brester	01d9a41ba1	Merge pull request #1429 from koeppea/0.10-freebsd-fix-pf actiontype for PF action (all- and multi port)	9 years ago
Alexander Koeppe	b5e031f3c3	some documentation for multiport use in pf.conf	9 years ago
sebres	1e7fd26f5f	rename `actionoptions` to `actiontype` in pf-action (multiport) + fixed test cases	9 years ago
sebres	25af11215b	test case for generic common moved to `./fail2ban/tests/config/filter.d/zzz-generic-example.conf` to prevent shipping it with fail2ban installations	9 years ago
Alexander Koeppe	e74047ae49	revert to common config for PF covering multi and allports	9 years ago
Alexander Koeppe	3e1328c83b	split PF config files between all- and multi port	9 years ago
sebres	cb4f9be8b2	the date brackets removed from filters using `__prefix_line`, because `__prefix_line` already contains the date ambit;	9 years ago
sebres	de813acf51	extends generic `__prefix_line` with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` + test case added;	9 years ago
Alexander Koeppe	975608dfb6	no hardcoded python interpreter path	9 years ago
sebres	0c44ecfc77	action.d/firewallcmd-ipset.conf: different name of the match set's for IPv4/IPv6, using conditional <ipmset>, analog to the iptables-ipset; test cases for 3 firewallcmd extended;	9 years ago
TorontoMedia	ffebde68e0	Update firewallcmd-multiport.conf	9 years ago
TorontoMedia	07de83e04a	Update firewallcmd-common.conf	9 years ago
TorontoMedia	810d5996b5	Update firewallcmd-rich-logging.conf	9 years ago
TorontoMedia	7e54cee8d6	updated firewallcmd actions	9 years ago
sebres	3e49522b7a	fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405, misleadingly committed in `d2a9537568`); all optional spaces normalized in generic include `common.conf` + test cases are extended (using new example pseudo-filter and test log `zzz-generic-example`);	9 years ago
sebres	bdc2d07946	fix suhosin_log in common paths - log files should be separated using "\n": prevents to throw an error "File option must be 'head' or 'tail'", if jail suhosin will be enabled.	9 years ago
sebres	504e5ba6f2	actions support IPv6 now: - introduced "conditional" sections, see for example `[Init?family=inet6]`; - iptables-common and other iptables config(s) made IPv6 capable; - several small code optimizations; * all test cases passed (py3.x compatible);	9 years ago
sebres	75028585c0	test cases extended for verifying ipv4/ipv6, normalized pf-action with test case	9 years ago
Alexander Koeppe	ed2f3ef77d	improve PF action and make IPv6 aware	9 years ago
sebres	25d6cf8dd2	fix suhosin_log in common paths - log files should be separated using "\n": prevents to throw an error "File option must be 'head' or 'tail'", if jail suhosin will be enabled.	9 years ago
sebres	8cb4a3f59e	move DNTUtils, IPAddr related code to dedicated source file ipdns.py (also resolves some cyclic import references)	9 years ago
Alexander Koeppe	db9f3f738f	add ip6-loopback to default ignoreip statement	9 years ago
sebres	05f38285f1	Merge remote-tracking branch 'remotes/gh-upstream/master' into f2b-perfom-prepare-716	9 years ago
jungle-boogie	d889918f19	update doc url direct to confluence page. no code changes.	9 years ago
Yaroslav Halchenko	aa303acfd6	Merge pull request #1381 from theDogOfPavlov/patch-3 Tightened up exim regexes to catch rDNS entries	9 years ago
Alexandre Perrin	7712310d2d	Be more backward compatible on matching postfix/smtps/smtpd Support trailing smtps also and not only smtpd. suggested by @sebres	9 years ago
Alexandre Perrin	1a299409e5	Fix postfix/smtps/smtpd matching.	9 years ago
theDogOfPavlov	1eb51b1bc2	Tightened up regexes to catch rDNS entries	9 years ago
Yaroslav Halchenko	db2dd070ad	Merge pull request #1356 from opoplawski/bug-1354 Fedora use mariadb by default, fix log path	9 years ago
Serg G. Brester	b9b7ecbf6b	Merge pull request #1357 from sebres/monit-new-fltr monit filter fixup for the new version (gh-1355)	9 years ago
TorontoMedia	3d239215cd	Two new firewalld actions with rich rules for firewalld-0.3.1+ (gh-1367) closes #1367	9 years ago
sebres	ac27c9cb96	Merge branch 'patch-2' (gh-1371)	9 years ago
Serg G. Brester	0effe76971	Merge pull request #1370 from theDogOfPavlov/patch-1 Added regex for LDAP authentication failures	9 years ago
jblachly	e9202fa0b2	Placed failure (illumos) at end of regex	9 years ago
theDogOfPavlov	fe1475be95	Additional exim regexes to cover common attacks...	9 years ago
theDogOfPavlov	cf2aa9c1c0	Added regex for LDAP authentication failures	9 years ago
jblachly	25c2334bc8	SmartOS PAM Authentication failed (not failURE) SmartOS (and likely other Illumos platforms) enter log entries for failed sshd logins of the form: `Authentication failed for USER from HOST` The current sshd.conf regex matches `failure` -- add to this a match for `failed` to support Illumos	9 years ago
Johannes Weberhofer	bd25a43417	define journalmatch setting for pure-ftps	9 years ago
Orion Poplawski	f3f813a925	- mysqld does not log login attempts to the journal. - Add /var/log/mysqld.log to mysql_log	9 years ago
sebres	37c9075fad	fixed monit filter: failregex find now both previous and new versions: - failregex of previous monit version merged as single expression; - extended failregex with new monit "access denied" version;	9 years ago
Orion Poplawski	dfc65018da	Fedora use mariadb by default, fix log path	9 years ago
sebres	d7e7b52013	Merge remote-tracking branch 'remotes/gh-upstream/master' into f2b-perfom-prepare-716	9 years ago
Yaroslav Halchenko	385b50e4a9	Merge pull request #1343 from denics/master adding wp-admin to bot search	9 years ago
Denix	ed0e572bfc	added wp-admin bot are very annoying and I am getting a lot of checks on wp-admin. This should calm them.	9 years ago
Yaroslav Halchenko	6ffbc1ffad	ENH: revert back to having detailed suffix anchored at the end for mysqld-auto.conf As discussed in https://github.com/fail2ban/fail2ban/pull/1333#discussion_r54100127	9 years ago
Yaroslav Halchenko	3e31145c33	Merge pull request #1331 from whyscream/postfix-multi-instance-support Add support for matching postfix multi-instance daemon names by default	9 years ago
sebres	667785b608	mysqld: failregex fixed (accepts different log level, more secure expression now); closes #1332	9 years ago
Tom Hendrikx	6c606cf98f	Add support for matching postfix multi-instance daemon names by default	9 years ago
Yaroslav Halchenko	905c87ca4a	Merge pull request #1310 from yarikoptic/pr-1288 NF: HAProxy HTTP Auth filter	9 years ago
sebres	d8e81eb417	regexp rewritten (few vulnerable as previous) + test case added	9 years ago
3eBoP	257b7049d8	Update asterisk filter: changed regex for "Call from ...". Sometimes extension can have a plus symbol (+) because they can be phone number. Closes #1309	9 years ago
Pierre GINDRAUD	b5a07741c8	Add new regex into postfix filter. The new regexp is able to detect bad formatted SMTP EHLO command	9 years ago
Yaroslav Halchenko	3f437b32db	Merge remote-tracking branch 'pr/1288/head' * pr/1288/head: Update haproxy-http-auth.conf Added HAProxy HTTP Auth filter Conflicts: config/jail.conf - resolved + removed unnecessary filter/enabled (defaults should be as good)	9 years ago
Yaroslav Halchenko	377ea32441	Merge pull request #1295 from obounaim/master The sender option is ignored by some actions	9 years ago
Serg G. Brester	fe14c8fa05	Merge pull request #1292 from albel727/master Add nftables actions	9 years ago
Jordan Moeser	d7b46509d8	Update haproxy-http-auth.conf Updated failregex to be more strict	9 years ago
local	40c0bed82c	action_mw, action_mwl, action_cf_mwl ignore the "sender" option when sending a notification email. This commit adds "sender="%(sender)s"" to the three actions to correct this issue.	9 years ago
Yaroslav Halchenko	5d0d96a5cb	Merge pull request #1286 from yarikoptic/enh-jail ENH: harmonize jail.conf + 1 more test that passed bantime is non-degenerate and int	9 years ago
Alexander Belykh	985e8938a4	Refactor nftables actionstop into smaller parts	9 years ago
Alexander Belykh	9779eeb986	Add nftables_type/family/table parameters	9 years ago
Alexander Belykh	260c30535d	Escape curly braces in nftables actions	9 years ago
Alexander Belykh	1983e15580	Add empty line between parameters in nftables-common.conf	9 years ago
Alexander Belykh	f7f91a8bd4	Refactor common code out of nftables-multiport/allports.conf	9 years ago
sebres	69f5623f83	code simplifying (remove duplication): agent will be always supplied as parameter from jail.conf	9 years ago
Alexander Belykh	618e97bce8	Add nftables actions	9 years ago
sebres	ac31121432	amend to fix fail2ban-version: correct user-agent for badips.py "Fail2Ban/ver", changeable within jail/config now;	9 years ago
Jordan Moeser	e133762a28	Added HAProxy HTTP Auth filter	9 years ago
sebres	cf334421bd	Provides fail2ban version to jail (as interpolation variable during parse of jail.conf); BF: use `fail2ban_agent` as user-agent in actions badips, blocklist_de, etc. (closes #1271, closes #1272)	9 years ago
Yaroslav Halchenko	28c9832293	RF: harmonize jail.conf (no explicit enabled=false in jails, match filter name for screesharingd, etc)	9 years ago
Yaroslav Halchenko	69aa1feac0	Merge "Mac OS Screen Sharing filter" PR 1232 * pr/1232/head: removed system.log Removed old svn revision comment removed false matches Removed includes comment for screensharing jail Now using a literal logpath for screensharing jail Fixed blatant typo in regex clarified comments on sample log format Fixed name (again?) Made screensharing jail off by default Changed regex prequel added entry for new screensharingd filter name change & new sample data Added json metadata Sample log for test case Replaced .* with literal Update jail.conf Added new path variable for system.log Added in settings for screensharingd filter Created file Conflicts: ChangeLog - moved to New Features config/jail.conf - kept at the end	9 years ago
sebres	d22b2498d4	normalizing time config entries: use time abbreviation (str2seconds) for all time options such 'dbpurgeage', 'bantime', 'findtime', ex.: default '1d' instead '86400'; code review and test case extended;	9 years ago
Yaroslav Halchenko	26dd6d7425	Merge pull request #1258 from aleksandrs-ledovskis/feature/postfix-domain-not-found-failregex Add 'Sender address rejected: Domain not found' Postfix failregex	9 years ago
Ross Brown	8d12dba245	Merge remote-tracking branch 'upstream/master'	9 years ago
Ross Brown	ead2d509dc	Updated 'murmur' filter to use new double-anchored regex based on @yarikoptic's suggestions.	9 years ago
Yaroslav Halchenko	5d6cead996	ENH: sshd filter -- match new "maximum auth attempts exceeded" (Closes #1269 )	9 years ago
Ross Brown	106c3eab9a	Added filter and jail for murmur/mumble-server.	9 years ago
Aleksandrs Ļedovskis	fa59a6850f	Add 'Sender address rejected: Domain not found' Postfix failregex Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>	9 years ago
Orion Poplawski	c656cb0d36	Merge branch 'master' into journaldefault Conflicts: ChangeLog	9 years ago
Orion Poplawski	ba76f4ca2f	Fix typo	9 years ago
Simon Brown	69bb532db0	removed system.log	9 years ago
Simon Brown	3e16f33dbe	Removed old svn revision comment	9 years ago
Serg G. Brester	eef7771b4e	Merge pull request #1238 from sebres/fix/gh-1216 Fixed directly defined banaction for allports jails like pam-generic, recidive, etc	9 years ago
sebres	e825e977cc	Nginx log paths extended (prefixed with "*" wildcard) closes gh-1237	9 years ago
sebres	f359ed8c36	Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added); closes gh-1216	9 years ago
Simon Brown	5839a3bd80	Removed includes comment for screensharing jail	9 years ago
sebres	53b39162a1	Shortly, much faster and stable version of regexp (possible because expression is start-anchored and does not contains closely to catch-all sub expressions)	9 years ago
sebres	6884593ab8	New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module)	9 years ago
Orion Poplawski	0661aece46	Merge branch 'master' into journaldefault Conflicts: ChangeLog	9 years ago
Simon Brown	65bc5cf6ba	Now using a literal logpath for screensharing jail	9 years ago
Simon Brown	cabd46f069	Fixed blatant typo in regex However, still failing test, even though ```PYTHONPATH=. fail2ban-regex -v fail2ban/tests/files/logs/screensharingd /etc/fail2ban/filter.d/screensharingd.conf``` gives desired result	9 years ago
Simon Brown	acee68a9ee	Made screensharing jail off by default Also added note about requiring paths-osx.conf.	9 years ago
Simon Brown	4b4d5a95b7	Changed regex prequel Use standard prefix macro instead of literal daemon name.	9 years ago
Simon Brown	4c3f778b82	Replaced .* with literal Per Serg's suggestions. Possible I'm missing some auth attempt types, but I couldn't find anything where literal wasn't sufficient.	9 years ago
Simon Brown	d17d837b8c	Update jail.conf Added logencoding to screensharing jail to avoid encoding error messages in fail2ban log	9 years ago
Simon Brown	de14946542	Added new path variable for system.log Logging location for the majority of Mac OS daemons.	9 years ago
Simon Brown	80546c6164	Added in settings for screensharingd filter	9 years ago
Simon Brown	3ec725a2ba	Created file From https://github.com/beezwax/filemaker-fail2ban/blob/master/fail2ban/filter.d/screensharingd.conf	9 years ago
1technophile	2861a957a9	filter for openhab domotic software authentication failure with the rest api and web interface + test cases; closes gh-1223	9 years ago
Pablo Rodriguez Fernandez	2c576c64f8	Change domain filter regex Change domain filter regex since there are other Google crawlers. See "Google crawlers" <https://support.google.com/webmasters/answer/1061943?hl=en>	9 years ago
Pablo Rodriguez Fernandez	74fcb219ab	Enhanced Google domain detection in apache-fakegooglebot Previously, an attacker could fake a domain like crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change avoids to resolve fake Google domains.	9 years ago
Orion Poplawski	3a9cf2b3da	Add and use default_backend to set individual backend defaults to auto	9 years ago
Orion Poplawski	ced7be94b2	Fix postfix_log typo	9 years ago
Orion Poplawski	75d33c0f09	Add *_backend options for services to allow distros to set the default backend per service. Set default to systemd for Fedora as appropriate.	9 years ago
Pablo Rodriguez Fernandez	a28e6b442e	Add check in apache-fakegooglebot to protect against PTR fake record An attacker may return a PTR record which fakes a Googlebot's domain name. This modification resolves the PTR records to verify it. See "Verifying Googlebot": <https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>	9 years ago
agentmoller001	617302fcc2	Updated route.conf to clear warnings Does not throw warnings when starting/restarting by adding three lines of code.	9 years ago
sebres	2696ede251	mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later closes gh-1211	9 years ago
Kevin Locke	36919d9f97	ssh.conf: Fix disconnect "Auth fail" matching The regex for matching against "Auth fail" disconnect log message does not match against current versions of ssh. OpenSSH 5.9 introduced privilege separation of the pre-auth process, which included [logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114) which adds " [preauth]" to the end of each message and causes the log level to be prepended to each message. It also fails to match against clients which send a disconnect message with a description that is either empty or includes a space, since this is the content in the log message after the disconnect code, per [packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215), which was matched by \S+. Although I have not observed this yet, I couldn't find anything which would preclude it in [RFC 4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the message is attacker-controlled it provides a way to avoid getting banned. This commit fixes both issues. Signed-off-by: Kevin Locke <kevin@kevinlocke.name>	9 years ago
Viktor Szépe	0d8968daa9	Added CloudFlare API error codes URL	9 years ago
Yaroslav Halchenko	ff06176e9e	Merge remote-tracking branch 'origin/master' into enh-split-comma * origin/master: DOC: changelog for the timeout change Set Timeout at urlopen to 3 seconds README :: init/service example mentions debian based systems as the example README :: fitted paragraph style BF: disable testing on python 3.2 until coverage gets a fix README :: Some style/grammar tweaks, and init/service script mention. Re: #1193 Set Timeout at urlopen to 3 seconds	9 years ago
M. Maraun	2895d981fa	Set Timeout at urlopen to 3 seconds	9 years ago
Yaroslav Halchenko	8cf614e221	ENH: allow to split ignoreip by space and/or comma (Closes #1197 ) Way too many people ran into this gotcha, so lets just do it	9 years ago
Yaroslav Halchenko	55e542b273	Merge remote-tracking branch 'pr/1170/head' -- opensuse paths * pr/1170/head: Updated ChangeLog regarding openSUSE's path config Added configuration for opensuse path	9 years ago
Edward Beckett	835b3ff483	Update apache-badbots.conf Useragent strings including `+http` need to be escaped to be valid.	9 years ago
weberho	f7af93a677	Added configuration for opensuse path	9 years ago
weberho	d278fbca30	Fixed line suspected to be faulty	9 years ago
Yaroslav Halchenko	c37009aec7	Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban * 'grep-m1k' of github.com:szepeviktor/fail2ban: Limit the number of log lines in *-lines.conf actions Conflicts: ChangeLog -- took both versions and adjusted the new one for -n 1000 change	9 years ago
Yaroslav Halchenko	38c320798d	Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122 WIP ENH Add <lockingopt> (Close: #1122) and <iptables> to define the iptables call	9 years ago
Yaroslav Halchenko	0041bc3770	DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description	9 years ago
Yaroslav Halchenko	de2f9504c0	Merge pull request #978 from ediazrod/patch-2 shorewall-ipset-proto6.conf for shorewall	9 years ago
Yaroslav Halchenko	65cd218e10	Merge remote-tracking branch 'origin/master' * origin/master: ipjailmatches is on one line with its description in man jail.conf Added a space between IP address and the following colon	9 years ago
Viktor Szépe	c8b3ee10a0	Limit the number of log lines in *-lines.conf actions	9 years ago
Thomas Mayer	a19cb1b2b9	Merge `923d807ef8` into `cf2feea987`	9 years ago
Yaroslav Halchenko	3c0d7f5a4c	BF: do not wrap iptables into itself. Thanks Lee	9 years ago
Viktor Szépe	ebdfbae559	Added a space between IP address and the following colon	9 years ago
Yaroslav Halchenko	749d3c160c	BF: symbiosis-blacklist-allports now also requires iptables-common.conf	9 years ago
Yaroslav Halchenko	916937bb6a	RF: use <iptables> to take effect of it being a parameter	9 years ago
Yaroslav Halchenko	31dc4e2263	ENH: added lockingopt option for iptables actions, made iptables cmd itself a parameter	9 years ago
Yaroslav Halchenko	7a011fca1b	DOC: adjusted comment in pass2allow-ftp to my suggested wording	10 years ago
Viktor Szépe	948b12e5df	Fixed definition of knocking_url for pass2allow	10 years ago
Viktor Szépe	b638e807ad	Explicitly stating that knocking_url needs to be customized	10 years ago
Viktor Szépe	586703dcc2	Test, changelog and fixes to pass2allow	10 years ago
Viktor Szépe	5b7e1de2f4	Instead of allow-iptables-multiport actions swap blocktype and (new) returntype	10 years ago
Viktor Szépe	5d60700c0c	Added pass2allow (knocking with fail2ban)	10 years ago

1 2 3 4 5 ...

1241 Commits (5561423be3b2d4636f5484183c3ad470fd326d06)