github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,307 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

1701 Commits (57caf8ec90d2858649012e0a049b6605de3c383c)

Author SHA1 Message Date
sebres 067b76fc9e Merge branch '0.10' into 0.11 2020-08-04 15:40:59 +02:00
sebres 9100d07c03 Merge branch '0.10-ipset-tout' into 0.10, amend to #2703: resolves names conflict (command action timeout and ipset timeout); closes #2790 2020-08-04 13:53:21 +02:00
sebres 62a6771b33 Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763 
action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)
 2020-08-04 13:51:20 +02:00
sebres 73a8175bb0 resolves names conflict (command action timeout and ipset timeout); closes gh-2790 2020-08-04 13:22:02 +02:00
Sergey G. Brester 08dbe4abd5
fixed comment for loglevel, default is INFO 2020-07-03 13:45:29 +02:00
sebres 309c8dddd7 action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`) 2020-06-24 19:20:36 +02:00
sebres 1da9ab78be Merge branch '0.10' into 0.11 2020-06-11 12:52:13 +02:00
sebres 5a0edf61c9 filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749) 2020-06-08 14:38:26 +02:00
sebres 1588200274 Merge branch '0.10' into 0.11 2020-05-25 18:58:05 +02:00
Sergey G. Brester 43f699b872
grammar / typos 2020-05-06 17:32:13 +02:00
Sergey G. Brester 368aa9e775
Merge pull request #2689 from benrubson/gitlab 
New Gitlab jail
 2020-05-04 19:19:13 +02:00
Sergey G. Brester 01e92ce4a6 added fallback using tr and sed (jq is optional now) 2020-04-27 19:26:46 +02:00
Sergey G. Brester 1c1b671c74 Update cloudflare.conf 2020-04-27 19:26:44 +02:00
Sergey G. Brester 5b8fc3b51a cloudflare: fixes ip to id conversion by unban using jq 
normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)
 2020-04-27 19:26:43 +02:00
Viktor Szépe 852670bc99 CloudFlare started to indent their API responses 
We need to use https://github.com/stedolan/jq to parse it.
 2020-04-27 19:26:39 +02:00
Ilya 8b3b9addd1 Change tool from 'cut' to 'sed' 
Sed regex was tested - it works.
 2020-04-27 19:12:36 +02:00
Ilya 5da2422f61 Fix actionunban 
Add command to remove new line character. Needed for working removing rule from cloudflare firewall.
 2020-04-27 19:12:35 +02:00
sebres 87a1a2f1a1 action.d/*-ipset*.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only) 2020-04-25 14:52:38 +02:00
sebres 6b90ca820f filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently: 
- `normal`: matches 401 with supplied username only
  - `ddos`: matches 401 without supplied username only
  - `aggressive`: matches 401 and any variant (with and without username)
closes gh-2693
 2020-04-23 13:08:24 +02:00
sebres affd9cef5f filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697) 2020-04-21 13:32:17 +02:00
sebres 06b46e92eb jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead); 
no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357;
ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686);
don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.
 2020-04-15 19:00:49 +02:00
benrubson 2912bc640b New Gitlab jail 2020-04-09 16:42:08 +02:00
sebres 136781d627 filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682) 2020-04-08 12:17:59 +02:00
sebres 38b32a9a72 Merge branch '0.10' into 0.11 2020-03-18 19:53:55 +01:00
sebres 22a04dae05 Merge branch '0.9' into 0.10 (gh-2246) 2020-03-18 16:11:53 +01:00
Sergey G. Brester b1e1cab4b7
Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2 
Improve regex in proftpd.conf
 2020-03-18 15:49:18 +01:00
sebres 606bf110c9 filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE 
(closes gh-2662)
 2020-03-16 17:31:39 +01:00
sebres 32f02ef3b3 Merge branch '0.10' into 0.11 2020-03-05 14:01:14 +01:00
sebres 42714d0849 filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it); 
amend to 62b1712d22 (PR #2387, backend-related option `logtype`);
testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)
 2020-03-05 13:47:11 +01:00
sebres e6ca04ca9d Merge branch '0.10' into 0.11 + version bump (back to dev) 2020-02-25 16:10:31 +01:00
sebres ab3a7fc6d2 filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect 2020-02-17 16:24:42 +01:00
sebres 7282cf91b0 Merge branch '0.10' into 0.11 2020-02-14 12:13:29 +01:00
sebres 9137c7bb23 filter processing: 
- avoid duplicates in "matches" (previously always added matches of pending failures to every next real failure, or nofail-helper recognized IP, now first failure only);
  - several optimizations of merge mechanism (multi-line parsing);
fail2ban-regex: better output handling, extended with tag substitution (ex.: `-o 'fail <ip>, user <F-USER>: <msg>'`); consider a string containing new-line as multi-line log-excerpt (not as a single log-line)
filter.d/sshd.conf: introduced parameter `publickey` (allowing change behavior of "Failed publickey" failures):
  - `nofail` (default) - consider failed publickey (legitimate users) as no failure (helper to get IP and user-name only)
  - `invalid` - consider failed publickey for invalid users only;
  - `any` - consider failed publickey for valid users too;
  - `ignore` - ignore "Failed publickey ..." failures (don't consider failed publickey at all)
tests/samplestestcase.py: SampleRegexsFactory gets new failJSON option `constraint` to allow ignore of some tests depending on filter name, options and test parameters
 2020-02-13 12:28:07 +01:00
sebres 1492ab2247 improve processing of pending failures (lines without ID/IP) - fail2ban-regex would show those in matched lines now (as well as increase count of matched RE); 
avoid overwrite of data with empty tags by ticket constructed from multi-line failures;
amend to d1b7e2b5fb2b389d04845369d7d29db65425dcf2: better output (as well as ignoring of pending lines) using `--out msg`;
filter.d/sshd.conf: don't forget mlf-cache on "disconnecting: too many authentication failures" - message does not have IP (must be followed by "closed [preauth]" to obtain host-IP).
 2020-02-11 18:44:36 +01:00
Sergey G. Brester 774dda6105
filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth 2020-02-10 13:29:16 +01:00
Sergey G. Brester 34d63fccfe
close gh-2629 - jail.conf (action_blocklist_de interpolation): replace service parameter (use jail name instead of filter, which can be empty) 2020-02-10 13:03:55 +01:00
sebres a7c68ea19f Merge branch '0.10' into 0.11 2020-01-28 21:47:55 +01:00
sebres 569dea2b19 filter.d/mysqld-auth.conf: capture user name in filter (can be more strict if user switched, used in action or fail2ban-regex output); 
also add coverage for mariadb 10.4 log format (gh-2611)
 2020-01-22 17:24:40 +01:00
sebres 70e47c9621 Merge branch '0.10' into 0.11 2020-01-14 11:44:35 +01:00
sebres ec37b1942c action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596) 2020-01-14 11:39:13 +01:00
sebres 4860d69909 Merge branch '0.10' into 0.11 2020-01-09 20:55:00 +01:00
sebres f77398c49d filter.d/sshd.conf: captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra` (with supplied user only) and `ddos`/`aggressive` mode (`normal` mode is not affected, used there just as a helper with `<F-NOFAIL>` to capture IP for multiline failures without IP); 
closes gh-2115, gh-2362.
 2020-01-09 20:53:53 +01:00
sebres 587e4ff573 Merge branch '0.10' into 0.11 
(conflicts resolved)
 2020-01-08 21:27:23 +01:00
sebres 67fd75c88e pass2allow-ftp: inverted handling - action should prohibit access per default for any IP, so reset start on demand parameter for this action (will be started immediately). 2020-01-06 21:13:40 +01:00
sebres 8f6ba15325 avoid unhandled exception during flush, better invariant check (and repair), avoid repair by unban/stop etc... 2019-12-27 21:30:41 +01:00
Mart124 e763c657c4
Let's get back to WRN 2019-11-27 00:32:10 +01:00
Mart124 d7b707b09d
Update bitwarden.conf 2019-11-27 00:09:22 +01:00
Mart124 869327e9b1
Update bitwarden.conf 2019-11-25 22:17:58 +01:00
Mart124 79caeaa520
Create bitwarden.conf 2019-11-25 22:05:29 +01:00
Mart124 30e742a849
Update jail.conf 2019-11-25 21:57:41 +01:00