github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,702 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

716 Commits (597a27576eae6294187c241854f7e813ef18ab38)

Author SHA1 Message Date
sebres 7ed6cab120 jail configuration extended with new syntax to pass options to the backend (see gh-1408), 
examples:
  - `backend = systemd[journalpath=/run/log/journal/machine-1]`
  - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]`
  - `backend = systemd[journalflags=2]`
 2016-09-01 16:17:02 +02:00
sebres 4a1d720344 filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix 2016-08-22 14:10:50 +02:00
sebres 2c54f90469 sshd-filter: better universal regexp, that matches more complex different injects, using conditional expressions (on username and auth-info section), see new test cases also. 2016-08-19 10:19:12 +02:00
sebres a544c5abac sshd-filter: recognized "Failed publickey for" now (gh-1477) + improved regexp (not anchored now to recognize all "Failed anything for ... from <HOST>" 
ChangeLog entry added
 2016-08-18 21:38:55 +02:00
sebres 9935cf19c1 description provided, ChangeLog entries added 2016-08-15 19:54:11 +02:00
sebres cb340db220 ChangeLog entry for gh-1508 2016-08-12 18:37:46 +02:00
Yaroslav Halchenko 123f4ceaee Changelog for postfix-sasl fix 2016-08-08 17:11:07 -04:00
sebres 70658d7a19 Merge pull request #1494 from rhardy613/master (branch 'sebres:pr-1494') 2016-08-08 18:49:32 +02:00
rhardy613 89f8999fe5 Add changelog entry for ASSP filter changes 
Add changelog entry for ASSP filter changes
 2016-08-06 01:07:04 -04:00
sebres eb6e3c52ae ChangeLog entries for the last fix (cherry pick from 0.10) 2016-08-01 18:04:00 +02:00
Yaroslav Halchenko 5714ac201b DOC: preparations for 0.9.5 release 2016-07-14 21:35:49 -04:00
Yaroslav Halchenko 21056c995d Merge remote-tracking branch 'origin/master' into doc-changelog 
* origin/master:
  another variant of regex
  add trailing anchor to failregex
  add PR id to ChangeLog
  improved failregex according to @sebres recomendations
  * add `__prefix_line` to regex * fix time in log file
  add info to log file
  added sample log lines for slapd
  adding openldap slapd filter
 2016-07-14 21:21:35 -04:00
Yaroslav Halchenko 28a0605f69 Merge pull request #1478 from gips0n/master 
adding openldap slapd filter
 2016-07-14 08:30:42 -04:00
Yaroslav Halchenko 33ed71b3de DOC: Reformatted ChangeLog into legit Markdown (Closes #962) 2016-07-10 19:53:54 -04:00
Yaroslav Halchenko ec9c4a27f3 DOC: tuned up ChangeLog entries for 0.9.5 
unified capitalized beginning of each entry
no trailing spaces or dots etc
 2016-07-10 18:40:20 -04:00
Andrii Melnyk 2c5a489bc7 add PR id to ChangeLog 2016-07-08 13:55:58 +03:00
sebres f5f204ca7c Improved changes of gh-1458: 
`[^']*` after callid was wrong, changed to `[^\)]*`;
  regexp anchored at the end;
  almost the same regex grouped to one;

Closes #1458
 2016-07-08 11:45:25 +02:00
Andrii Melnyk b2e3affaa0 adding openldap slapd filter 2016-07-08 04:50:57 +03:00
Yaroslav Halchenko 11f7cf5ad8 DOC: changelog for recent exim filters tune up 2016-06-07 21:38:39 -04:00
Ludovic Gasc f85fb45b29 Asterisk pjsip (#1456) 
* Improve PJSIP log support for Asterisk 13+

* Update changelog: filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+

* Change pjsip regexp with sebres observation, thanks to @nturcksin
 2016-06-07 11:40:35 +02:00
sebres baafac36a4 ChangeLog entry 2016-05-20 14:51:13 +02:00
sebres 34ae0b916e Merge pull request #1421 from sebres/fix-1405 
filter.d/common.conf: fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405)
 2016-05-20 11:20:34 +02:00
sebres 932708de9e fixed --pidfile bug, introduced in gh-1322: 
gentoo-initd fixed --pidfile bug: `--pidfile` is option of start-stop-daemon, not argument of fail2ban (see gh-1434)
closes gh-1434
 2016-05-20 11:01:00 +02:00
sebres de813acf51 extends generic `__prefix_line` with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` + test case added; 2016-05-17 11:54:43 +02:00
sebres 3e49522b7a fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405, misleadingly committed in d2a9537568); 
all optional spaces normalized in generic include `common.conf` + test cases are extended (using new example pseudo-filter and test log `zzz-generic-example`);
 2016-05-13 20:26:37 +02:00
sebres cce63926ce ChangeLog entry added 2016-05-13 16:11:38 +02:00
sebres e595fefc9b change log and thanks entries 2016-04-14 14:50:17 +02:00
Serg G. Brester b9b7ecbf6b Merge pull request #1357 from sebres/monit-new-fltr 
monit filter fixup for the new version (gh-1355)
 2016-03-26 11:39:26 +01:00
TorontoMedia 3d239215cd Two new firewalld actions with rich rules for firewalld-0.3.1+ (gh-1367) 
closes #1367
 2016-03-25 17:28:30 +01:00
sebres ac27c9cb96 Merge branch 'patch-2' (gh-1371) 2016-03-25 17:05:23 +01:00
theDogOfPavlov 28e246b5d7 added note to cover additional exim filters 2016-03-23 11:52:09 +00:00
theDogOfPavlov 42f43d0f8a added note to cover dovecot ldap regex 2016-03-23 11:51:12 +00:00
Yaroslav Halchenko bfac42eb2e changelog for journalmatch pure-ftpd 2016-03-14 11:10:28 -04:00
sebres 9d13bb0c3a ChangeLog and THANKS entries 2016-03-09 20:11:14 +01:00
Yaroslav Halchenko 634e68036e Get ready for further developments 2016-03-08 08:36:29 -05:00
Yaroslav Halchenko 5ffc15ac68 Changes for the 0.9.4 release 2016-03-07 21:45:44 -05:00
Yaroslav Halchenko 19850d71e9 changelog about gentoo initd 2016-03-07 10:52:47 -05:00
Yaroslav Halchenko 2adf5855ac Changelog for the recent PR and added Tom to THANKS 2016-02-28 12:03:13 -05:00
sebres 667785b608 mysqld: failregex fixed (accepts different log level, more secure expression now); 
closes #1332
 2016-02-24 17:17:51 +01:00
Yaroslav Halchenko 905c87ca4a Merge pull request #1310 from yarikoptic/pr-1288 
NF: HAProxy HTTP Auth filter
 2016-02-11 08:35:48 -05:00
Yaroslav Halchenko 3dc57af19c Merge branch 'logrotate' of https://github.com/sbraz/fail2ban 
* 'logrotate' of https://github.com/sbraz/fail2ban:
  Remove compression and count from logrotate
 2016-02-10 18:41:01 -05:00
3eBoP 257b7049d8 Update asterisk filter: changed regex for "Call from ...". Sometimes extension can have a plus symbol (+) because they can be phone number. 
Closes #1309
 2016-02-08 11:51:37 +01:00
Pierre GINDRAUD b5a07741c8 Add new regex into postfix filter. The new regexp is able to detect bad formatted SMTP EHLO command 2016-02-08 11:11:59 +01:00
Louis Sautier 869d99dd37
Remove compression and count from logrotate 
Initially reported at https://bugs.gentoo.org/show_bug.cgi?id=549856
 2016-01-29 00:15:48 +01:00
Yaroslav Halchenko 3f437b32db Merge remote-tracking branch 'pr/1288/head' 
* pr/1288/head:
  Update haproxy-http-auth.conf
  Added HAProxy HTTP Auth filter

 Conflicts:
	config/jail.conf - resolved + removed unnecessary filter/enabled (defaults should be as good)
 2016-01-28 08:51:45 -05:00
Yaroslav Halchenko 377ea32441 Merge pull request #1295 from obounaim/master 
The sender option is ignored by some actions
 2016-01-28 08:48:22 -05:00
Serg G. Brester fe14c8fa05 Merge pull request #1292 from albel727/master 
Add nftables actions
 2016-01-24 23:55:50 +01:00
local 58a8736e0f Updating changelog. 2016-01-10 00:10:05 +01:00
Alexander Belykh cb2d70d7a8 Add ChangeLog entry for new nftables actions 2016-01-05 19:04:44 +06:00
sebres 25a09352e4 + ChangeLog entry 2016-01-04 14:46:43 +01:00
Jordan Moeser e133762a28 Added HAProxy HTTP Auth filter 2015-12-31 11:16:23 +10:00
Yaroslav Halchenko 69aa1feac0 Merge "Mac OS Screen Sharing filter" PR 1232 
* pr/1232/head:
  removed system.log
  Removed old svn revision comment
  removed false matches
  Removed includes comment for screensharing jail
  Now using a literal logpath for screensharing jail
  Fixed blatant typo in regex
  clarified comments on sample log format
  Fixed name (again?)
  Made screensharing jail off by default
  Changed regex prequel
  added entry for new screensharingd filter
  name change & new sample data
  Added json metadata
  Sample log for test case
  Replaced .* with literal
  Update jail.conf
  Added new path variable for system.log
  Added in settings for screensharingd filter
  Created file

Conflicts:
	ChangeLog - moved to New Features
	config/jail.conf  - kept at the end
 2015-12-29 19:36:59 -05:00
Yaroslav Halchenko 16710237e3 Merge remote-tracking branch 'origin/master' 
* origin/master:
  Add 'Sender address rejected: Domain not found' Postfix failregex
 2015-12-29 19:31:04 -05:00
Yaroslav Halchenko 26dd6d7425 Merge pull request #1258 from aleksandrs-ledovskis/feature/postfix-domain-not-found-failregex 
Add 'Sender address rejected: Domain not found' Postfix failregex
 2015-12-18 09:23:54 -05:00
Yaroslav Halchenko dfaf82d68a Changelog entry for PartOf in .service fix 2015-12-18 09:23:12 -05:00
Ross Brown 8d12dba245 Merge remote-tracking branch 'upstream/master' 2015-12-17 18:01:17 +00:00
Ross Brown 16aa2fa13e Updated ChangeLog to include new murmur jail. 2015-12-17 17:57:45 +00:00
Ross Brown ba535826a8 Updated ChangeLog to include new murmur filter. 2015-12-15 21:46:35 +00:00
Yaroslav Halchenko 5d6cead996 ENH: sshd filter -- match new "maximum auth attempts exceeded" (Closes #1269) 2015-12-13 23:21:04 -05:00
sebres 6d984717b5 ordered dict replaced with dict + change log entry fix 
# Conflicts:
#	fail2ban/server/filter.py
 2015-12-12 15:48:49 +01:00
sebres 3a179ec5d7 small code review: (much pretty) handling of filename as key - FileFilter contains (ordered) dict of files (not list), as discussed in gh-1265 2015-12-02 20:45:01 +01:00
Aleksandrs Ļedovskis fa59a6850f Add 'Sender address rejected: Domain not found' Postfix failregex 
Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>
 2015-11-22 12:01:15 +02:00
Orion Poplawski c656cb0d36 Merge branch 'master' into journaldefault 
Conflicts:
	ChangeLog
 2015-11-13 15:22:59 -07:00
Yaroslav Halchenko 6af6e40b62 Merge pull request #1241 from sebres/known/param-tag 
New interpolation feature for definition config readers - `<known/parameter>`
 2015-11-10 08:35:57 -05:00
sebres 46b116e86a filter test cases improved + log captured inside such tests + python 3.x compatibility; 
changelog entry;
 2015-11-09 22:02:05 +01:00
sebres 94cffece12 New interpolation feature for definition config readers - `<known/parameter>`, as extension to interpolation `%(known/parameter)s`, that does not works for filter and action init parameters; 2015-11-02 21:45:03 +01:00
Serg G. Brester eef7771b4e Merge pull request #1238 from sebres/fix/gh-1216 
Fixed directly defined banaction for allports jails like pam-generic, recidive, etc
 2015-10-31 13:17:04 +01:00
sebres e825e977cc Nginx log paths extended (prefixed with "*" wildcard) 
closes gh-1237
 2015-10-30 17:51:30 +01:00
sebres f359ed8c36 Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added); 
closes gh-1216
 2015-10-30 15:36:18 +01:00
sebres 6884593ab8 New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) 2015-10-29 23:15:20 +01:00
Orion Poplawski 0661aece46 Merge branch 'master' into journaldefault 
Conflicts:
	ChangeLog
 2015-10-29 15:22:37 -06:00
Simon Brown 3dd1c305ce added entry for new screensharingd filter 2015-10-27 21:20:12 -07:00
sebres eb87638ead ChangeLog entry for OpenHAB home automation filter (gh-1223) 2015-10-26 15:56:01 +01:00
Pablo Rodriguez Fernandez 2c576c64f8 Change domain filter regex 
Change domain filter regex since there are other Google crawlers.
See "Google crawlers"
<https://support.google.com/webmasters/answer/1061943?hl=en>
 2015-10-20 10:46:00 +02:00
Orion Poplawski 81a26266a9 Add changlog entry for postfix-rbl logpath change 2015-10-19 19:46:43 -06:00
Orion Poplawski 75d33c0f09 Add *_backend options for services to allow distros to set the default backend 
per service.
Set default to systemd for Fedora as appropriate.
 2015-10-18 20:18:50 -06:00
Pablo Rodriguez Fernandez a28e6b442e Add check in apache-fakegooglebot to protect against PTR fake record 
An attacker may return a PTR record which fakes a Googlebot's domain
name. This modification resolves the PTR records to verify it.

See "Verifying Googlebot":
<https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>
 2015-10-13 17:11:49 +02:00
sebres 2696ede251 mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later 
closes gh-1211
 2015-10-07 14:34:13 +02:00
Kevin Locke 2a5c93cfb5 Update ChangeLog and THANKS for "Auth fail" changes 
Document the changes from 36919d9f in the ChangeLog and add myself to
the THANKS file (at @sebres suggestion).

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-05 00:31:13 -07:00
Yaroslav Halchenko ff06176e9e Merge remote-tracking branch 'origin/master' into enh-split-comma 
* origin/master:
  DOC: changelog for the timeout change
  Set Timeout at urlopen to 3 seconds
  README :: init/service example mentions debian based systems as the example
  README :: fitted paragraph style
  BF: disable testing on python 3.2 until coverage gets a fix
  README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
  Set Timeout at urlopen to 3 seconds
 2015-09-27 00:52:14 -04:00
Yaroslav Halchenko 6c0f898ec7 DOC: changelog for the timeout change 2015-09-27 00:49:57 -04:00
Yaroslav Halchenko 8cf614e221 ENH: allow to split ignoreip by space and/or comma (Closes #1197) 
Way too many people ran into this gotcha, so lets just do it
 2015-09-23 12:13:52 -04:00
Yaroslav Halchenko 55e542b273 Merge remote-tracking branch 'pr/1170/head' -- opensuse paths 
* pr/1170/head:
  Updated ChangeLog regarding openSUSE's path config
  Added configuration for opensuse path
 2015-09-17 21:59:45 -04:00
Yaroslav Halchenko db1a3f17e1 ENH: new date pattern with year after day (not after entire entry) 2015-09-16 08:56:46 -04:00
Yaroslav Halchenko fbdd0b74a1 DOC: Changelog entry for this fix 2015-09-13 10:45:39 -04:00
Ville Skyttä 67a94733a9 logrotate: Do not rotate empty logs 
As a useful side effect, prevents "Unable to contact server. Is it
running?" mails from cron when fail2ban hasn't been (intentionally)
running nor thus logging anything either.
 2015-09-13 11:05:33 +03:00
Edward Beckett f5b88bd377 Updated Changelog 2015-09-11 10:12:57 -04:00
sebres 4cf3b576b9 Bugfix for dnsToIp resolver for fqdn with large list of IPs; 
closes #1164
 2015-09-08 18:20:48 +02:00
Edward Beckett 4bd7991573 Added apache-badbots.conf 2015-09-06 01:12:19 -04:00
weberho 2d69fd20ae Updated ChangeLog regarding openSUSE's path config 2015-08-26 15:37:14 +02:00
Yaroslav Halchenko 60fbf7d750 changelog for freshly merged PR (roundcube-auth definition of logpath) 2015-08-26 09:03:23 -04:00
Yaroslav Halchenko 9ebf01293b Post release tune ups 2015-08-01 09:17:31 -04:00
Yaroslav Halchenko 70ba5cb005 Release changes (too much of manual "labor"! ;)) 2015-07-31 21:32:13 -04:00
Yaroslav Halchenko 776322cea3 BF: realpath for /var/run/fail2ban Closes #1142 2015-07-31 10:12:14 -04:00
Yaroslav Halchenko c37009aec7 Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban 
* 'grep-m1k' of github.com:szepeviktor/fail2ban:
  Limit the number of log lines in *-lines.conf actions

Conflicts:
  ChangeLog -- took both versions and adjusted the new one
  for -n 1000 change
 2015-07-27 22:37:46 -04:00
Yaroslav Halchenko a80820e356 Changelog entry for killpg fix 2015-07-27 22:34:40 -04:00
Yaroslav Halchenko 38c320798d Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122 
WIP ENH Add <lockingopt> (Close: #1122) and <iptables> to define the iptables call
 2015-07-27 22:30:54 -04:00
Yaroslav Halchenko de69855157 Changelog entries for Serge's fixes 2015-07-27 10:35:14 -04:00
Yaroslav Halchenko 0041bc3770 DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description 2015-07-26 23:10:08 -04:00
Yaroslav Halchenko 65cd218e10 Merge remote-tracking branch 'origin/master' 
* origin/master:
  ipjailmatches is on one line with its description in man jail.conf
  Added a space between IP address and the following colon
 2015-07-26 22:47:43 -04:00