github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,510 Commits
33 Branches
229 Tags
20 MiB
Commit Graph

1790 Commits (5a8f1bceb853751bbeb39bd7a39b04665633c55f)

Author SHA1 Message Date
Sergey G. Brester 8f6a8df3a4
added new options `kill-mode` and `kill`, which makes the drop of all connections optional 2021-05-06 21:47:06 +02:00
Sergey G. Brester 5debaa4cac
option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat) 2021-05-06 20:23:58 +02:00
usernamepi e4e7a83cff
Update ufw.conf 
Prerequisites:
* The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY.
* Ufw version is => 0.36 (released in 2018)

* Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses.
* Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532
* Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open.
   Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option.
   My system apparently is compiled that way.
 2021-05-06 13:44:36 +02:00
sebres 71ce548117 Merge branch '0.11' 2021-04-27 14:05:53 +02:00
sebres b5b615731e Merge branch '0.10' into 0.11 2021-04-27 14:03:49 +02:00
sebres f0214b3d36 filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments 2021-04-20 18:13:40 +02:00
sebres 6893d5a8b7 Merge remote-tracking branch 'remotes/gh-upstream/0.11' into master 2021-04-11 19:05:02 +02:00
Sergey G. Brester d74dd9321b
Merge pull request #2565 from caronc/0.11 
Add Apprise Support (50+ Notifications)
 2021-04-04 00:24:21 +02:00
Sergey G. Brester b2f6a3a658
remove unneeded substitution 
it is enough to add `apprise` to action
 2021-04-04 00:21:59 +02:00
Sergey G. Brester dda70d60c0
Merge branch 'master' into master 2021-04-04 00:04:08 +02:00
Michele Mondelli 7579072e3b docs: fix typos 2021-04-03 23:49:23 +02:00
Sergey G. Brester 4eba9f2a4b
Merge pull request #2950 from sunweaver/pr/scanlogd-filter 
Add support for filtering out detected port scans via scanlogd.
 2021-04-03 23:36:14 +02:00
Sergey G. Brester 2d51240b3e
correction for default log interpolation and added allports banaction 2021-04-03 23:33:49 +02:00
Sergey G. Brester 977dfe4bd7
small amend: sport after saddr is optional 
format of message: saddr[:sport] to daddr [and others,] ports port[, port...], ..., flags[, TOS TOS][, TTL TTL] @HH:MM:SS
 2021-04-03 23:29:16 +02:00
Sergey G. Brester 14edeed310
fixed regex (don't need to match whole line, e. g. every port etc) 2021-04-03 23:24:55 +02:00
Sergey G. Brester 080dd12288
Merge pull request #2965 from oukb/patch-1 
nsd.conf: fix for the current log format
 2021-04-03 21:02:03 +02:00
Sergey G. Brester a838deba7f
restore anchor (e. g. catch all in the middle), dot is optional now, RE rewritten a bit more precise 2021-04-03 21:00:14 +02:00
sebres 7f38b80d35 precise regex (left anchor and fewer catch-all's); fixed tests (added failJSON and more tests for some corner-cases around new RE) 2021-04-03 20:16:47 +02:00
Rüdiger Olschewsky 9eaa2322b0 Filter and Defaults for Microsoft SQL Server 2021-04-03 19:30:29 +02:00
Markus Felten 5aa20c30d8 fix: add journalmatch to nginx filters 2021-04-03 19:20:50 +02:00
oukb 529866b2bb
nsd.conf: fix for the current log format 
New nsd 4.3.5 log format:

|  [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
|  [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches
|  [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches
|  [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
 2021-03-08 19:14:28 +03:00
Mike Gabriel f15ed35619 config/: Add support for filtering out detected port scans via scanlogd. 2021-03-05 16:35:13 +01:00
sebres fb08534ed7 Merge branch '0.11' 2021-03-03 18:17:35 +01:00
sebres 3eaefe8da0 Merge branch '0.10' into 0.11 2021-03-03 18:16:47 +01:00
sebres a45b1c974c filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast); 
closes gh-2951
 2021-03-02 19:35:27 +01:00
sebres 63acc862b1 `action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action 2021-02-24 18:21:42 +01:00
sebres fb6315ea5e Merge branch '0.10' into 0.11 2021-02-24 13:16:36 +01:00
sebres 6f4b6ec8cc action.d/badips.* removed (badips.com is no longer active, gh-2889) 2021-02-24 13:05:04 +01:00
Sergey G. Brester a2f0dbad87
Merge pull request #2742 from aresxc/patch-1 
Update  drupal-auth.conf
 2021-02-11 19:10:55 +01:00
Sergey G. Brester d678440658
more precise RE (avoids weakness with catch-all's and is injection safe) 2021-02-11 18:32:32 +01:00
sebres ea26509594 Merge branch '0.11' 2021-02-03 14:59:00 +01:00
sebres 6198b4566c Merge branch '0.10' into 0.11 2021-02-03 14:47:56 +01:00
Brian J. Murrell dc4ee5aa47 Add transport to asterisk RE 
Call rejection messages from Asterisk can have the transport prefixed to the IP address.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
 2021-01-31 15:22:16 +01:00
sebres c75748c5d3 fail2ban.conf: added new fail2ban configuration option "allowipv6" (default auto), can be used to allow or disallow IPv6 interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces). 
closes gh-2804
 2021-01-27 17:06:14 +01:00
sebres 21dd317870 Merge branch '0.11' 2021-01-21 19:13:13 +01:00
sebres dbc77c47c3 Merge branch '0.10' into 0.11 2021-01-21 19:11:01 +01:00
Sergey G. Brester 5f3f4d1e2f
action.d/cloudflare.conf: better IPv6 capability 
closes gh-2891
 2021-01-11 15:23:40 +01:00
sebres 9df332fdef filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...); 
closes gh-2908
 2021-01-11 15:10:53 +01:00
sebres 2c60d08b28 Merge '0.11' (fix gh-2899) into master 2020-12-29 21:27:02 +01:00
sebres fe334590cd Merge branch '0.10' into 0.11 2020-12-29 21:25:09 +01:00
sebres 73b39e0894 filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp) 
closes gh-2899
 2020-12-29 21:22:47 +01:00
defanor ba7daef86c Handle postscreen's PREGREET and HANGUP messages 
Provoking those seems to be a popular activity among spammers.
 2020-12-24 17:29:09 +03:00
stepodev cecc3d62ff add mode explanation to nginx-http-auth in jail.conf 2020-11-30 12:26:32 +01:00
stepodev d0ba27cf46 move nginx-tls-fallback rules to nginx-http-auth 2020-11-30 12:14:49 +01:00
Sergey G. Brester d959f6d199
Update nginx-tls-fallback.conf 
more precise and conclusive regex without catch-all's
 2020-11-26 12:25:32 +01:00
stepodev c0256724a7 fix monitoring wrong error log. was access log, should be error.log 2020-11-25 21:30:21 +01:00
stepodev 27c40a77a3 add nginx-tls-downgrade 2020-11-25 20:59:43 +01:00
sebres a03109d096 Merge branch '0.11' into master (0.11.2 released) 2020-11-24 12:41:10 +01:00
sebres b78d1e439a Merge branch '0.10' into 0.11 2020-11-23 21:35:32 +01:00
Sergey G. Brester 753fff9c15
amend to #2750, add jail for new filter nginx-bad-request 2020-11-23 18:38:41 +01:00