fail2ban

Commit Graph

Author	SHA1	Message	Date
Serg G. Brester	e07a8cda07	Update jail.conf Documentation of parameters for action blocklist_de, closes gh-1940	7 years ago
Michael Newton	d5d1fe679f	Remove invalid regex Resolves #1927	7 years ago
Harry Wood	ea1b663f85	typo spell "positive" (...but also somebody should finish this sentence)	7 years ago
sebres	ea36e1b3fc	filter.d/dovecot.conf: fixed failregex to recognize pam_authenticate failures with "Permission denied" (gh-1897)	7 years ago
sebres	a2120a9de5	filter.d/postfix-*.conf - added optional port regex (closes gh-1902)	7 years ago
Serg G. Brester	bb97e66627	Merge pull request #1882 from coderua/patch-1 Add Jorgee Vulnerability Scanner protect	7 years ago
Serg G. Brester	2cd02b731b	filter.d/exim.conf: fixed failregex for case of `D=0s` Closes gh-1886	7 years ago
sebres	4bc226a692	optimized regex	7 years ago
Vladimir Chumak	fafefc0293	Add Jorgee Vulnerability Scanner protect Details for Jorgee Vulnerability Scanner: https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30164	7 years ago
sebres	4163f32968	small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include	7 years ago
john	ac95449bbb	changed zoneminder regex as per Sebres and yarikoptic recommendations	7 years ago
john	7013729a1f	removed redundant options for zoneminder from jail.conf	7 years ago
john	5c3a666380	fixed incomplete regex after adding anchors	7 years ago
john	3d45fd2713	implemented yarikoptic's suggestions in fail2ban pull request #1376	7 years ago
john	08878d22dd	added zoneminder.conf filter	7 years ago
john	a90f6c4ae8	added zoneminder jail and filter # Conflicts: # config/jail.conf	7 years ago
sebres	c312962029	filter.d/dovecot.conf: partially cherry-pick to 0.9 PR #1880 from sebres/0.10-fix-dovecot-regex (`d926e11a5c`) fixed failregex (without new mode aggressive)	7 years ago
Serg G. Brester	a287d0a05c	Merge pull request #1872 from kmzby/master Added filter for phpMyAdmin+syslog	7 years ago
Pavel Mihadyuk	4c1abe1cbf	phpmyadmin-syslog: removed excess file, fixed test, updated failregex	7 years ago
Pavel Mihadyuk	d09304b897	phpmyadmin-syslog: added default jail config	7 years ago
Pavel Mihadyuk	5b4bc2aafd	Added filter for phpMyAdmin+syslog (>=4.7.0). Closes #1713	7 years ago
Serg G. Brester	b0e5efb631	bsd-ipfw.conf: sh-compliant redirect of stderr together with stdout	7 years ago
sebres	3be32adefb	Replace not posix-compliant grep option: fgrep with `-q` option can cause 141 exit code in some cases (see gh-1389).	7 years ago
Serg G. Brester	c0eb7752a8	Merge pull request #1651 from szepeviktor/patch-9 Introduce Cloudflare API v4	7 years ago
Serg G. Brester	2ed8a38eca	Update cloudflare.conf Switch to API v1 to API v4 per default	7 years ago
Serg G. Brester	da7072d40e	Merge pull request #1846 from Chocobozzz/patch-3 Fix empty logfile.log in xarf login attack action	7 years ago
Serg G. Brester	af25a9d203	Merge pull request #1566 from opoplawski/journalmatch Add sendmail journalmatch options	7 years ago
Orion Poplawski	84f552881c	Add sendmail journalmatch options	7 years ago
sebres	5c538fb658	Recognize "unknown user" for additional auth-methods (pam, passwd-file, ldap, sql, etc); simplifying regular expressions (put "unknown user" and "invalid credentials" together as one regex).	7 years ago
Bigard Florian	f4551d02c9	Fix empty logfile.log in xarf login attack action Fix empty 3rd MIME part which contains the attack evidence (logfile.log).	7 years ago
sebres	a5b62a7f36	failregex extended and simplified (partially ported from gh-1409).	7 years ago
sebres	098abae4e6	Remove greedy catch-all before `<HOST>`, make regex more universal, fewer prone to errors (should avoid future changes, if some optional parameters coming again before/after `RemoteAddress`) + non-captured groups now. Test for possible injection (5.6.7.8 in session-id) already available, line 59 (thus already covered).	7 years ago
Kirill	4c0c7b97c0	Update asterisk.conf to new log message I got an issue like this: [2016-05-15 22:53:00] SECURITY[26428] res_security_log.c: SecurityEvent="FailedACL",EventTV="2016-05-15T22:53:00.203+0300",Severity="Error",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x7fb580001518",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/78.129.227.4/62389",SessionTV="1970-01-01T03:00:00.000+0300" # [sebres] rebased to current master and resolving conflicts.	7 years ago
sebres	a1d0633e69	filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302): - optional space between NOTICE and pid; - optional part "Host " before IP-address;	8 years ago
Serg G. Brester	f27e053592	Update bsd-ipfw.conf increased starting rule number (lowest_rule_num = 111)	8 years ago
Serg G. Brester	001c0898d6	Merge branch 'master' into master	8 years ago
Serg G. Brester	6110ba9cc3	filter.d/proftpd.conf: added option `journalmatch` for systemd backend (closes gh-1613)	8 years ago
sebres	2b358bc1a4	filter.d/apache-overflows.conf: rewritten without end-anchor ($), because apache-log could contain very long URLs (and/or referrer), the parsing of it anchored way may be very vulnerable (at least as regards the system resources, see gh-1790).	8 years ago
Peter Nowee	b93e47b12f	dovecot: Match also when user field is empty Commit `5678d08` of 2016-11-26 changed: ( user=<\S>,)? to: ( user=<[^>]+>,)? The change from `` (zero or more times) to `+` (one or more times) may not have been intended. It will miss lines containing, for example: Aborted login (tried to use disallowed plaintext auth): user=<> This commit reverts the `+` back to `*`.	8 years ago
Marcel Bischoff	228d25c548	Update Kerio Connect filter (#1455 ) * Update Kerio Connect filter Fixed regex for some log entries that did not get recognized and some additional error formats are added. * Add missing colon, GitHub address * Add filter tests * Add missing test	8 years ago
Filippo Tessarotto	ff1c6718da	Postfix RBL: 554 & SMTP Cherry-pick of `607568f5da` (see gh-1686)	8 years ago
sebres	0600d51511	filter.d/exim.conf: added new reason for "rejected RCPT" regex: Unrouteable address	8 years ago
sebres	c546f85207	filter.d/exim.conf: cherry-picked from 0.10, match complex time like `D=2m42s` (closes gh-1766)	8 years ago
sebres	3161bcf78b	filter.d/exim.conf: optional part `(...)` after host-name before `[IP]`, normalized over whole config file. # Conflicts: # config/filter.d/exim.conf	8 years ago
Serg G. Brester	52c1950371	Update mysqld-auth.conf small typo, closes gh-1725 (Thx @seth-reeser)	8 years ago
sebres	8768776d68	filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address	8 years ago
Serg G. Brester	2fa18a74c4	Merge branch 'master' into master	8 years ago
Christoph Theis	861ce4177c	#1689 : Make lowest rule number in action.d/bsd-ipfw.conf configurable	8 years ago
sebres	9d06f0ee40	sshd-amend: optional space after port part	8 years ago
sebres	54a8c681ce	suhosin.conf: removed greedy match	8 years ago

1 2 3 4 5 ...

1211 Commits (5708b8b90eaec82a40a94a3a844674103b2345b1)