fail2ban

Commit Graph

Author	SHA1	Message	Date
Sergey G. Brester	ee207d8c31	Merge pull request #2151 from benrubson/merge Apache SNI error / misredirect attempts rules are combined in one regex	6 years ago
Ben RUBSON	77b35b8db7	Improvement	6 years ago
sebres	e2a255d104	fixed typo in comments by "ignoreself" parameter	6 years ago
sebres	e995d5a0b6	filter.d/freeswitch.conf: provide mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)` (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter how to set it to mode `normal`.	6 years ago
sebres	bc2dbacc9a	filter.d/freeswitch.conf: provide compatibility for log-format from gh-2193: - extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover `YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional); - more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);	6 years ago
sebres	22d37cdce2	sshd: fixed failregex for ddos (resp. aggressive) mode, to cover "authenticating user" case in log-message: Connection closed by authenticating user root 192.0.2.10 ... [preauth] tests extended (also with few injection tries). closes gh-2185.	6 years ago
sebres	8fe07e29ad	filter.d/dovecot.conf: failregex enhancement to catch disconnected with "proxy dest auth failed"; closes gh-2184	6 years ago
Sergey G. Brester	75330568d9	Merge pull request #2168 from dpavlin/dovecot-add-F-USER dovecot: collect F-USER and variants	6 years ago
sebres	6ce67a6d21	coverage	6 years ago
Dobrica Pavlinusic	6f1e789f31	dovecot: collect F-USER and variants We are prefering ruser= if availble because this are credentials presented to dovecot from remote client.	7 years ago
sebres	8cbe1e6b13	Merge pull request #2155	7 years ago
cheese1	43db4411de	small typo	7 years ago
Boris Gulay	a923cd209b	`filter.d/dovecot.conf`: failregex enhancement to catch sql password mismatch errors;	7 years ago
benrubson	f54f6caece	Merge Apache SNI error / misredirect attempts rules	7 years ago
sebres	bba7a6c5cf	amend to (gh-2067) / b34ae5999e0d8ee1af8939527305c13152844b3d: fix parameter in config (dynamic parameters stating with '_' are protected and don't allowed in command-actions); the interpolation of hostsdeny is test-covered now; closes gh-2114.	7 years ago
sebres	8069eef50c	badips: try to fix sporadic test errors if badips-server timed out resp. not available (502 bad gateway or similar).	7 years ago
Michael Grant	57bc502d5c	Update sendmail-reject.conf	7 years ago
Michael Grant	2ab6a5ae62	Update sendmail-auth.conf	7 years ago
Michael Grant	87520e8008	Sendmail logs IPv6 addresses with the prefix 'IPv6:'. Added (IPv6:)? before all <HOST> regexes to match the IPv6 address (but not the prefix).	7 years ago
Luis Aranguren	fc76ccf192	Fixes abuseipdb curl cypher error and comment $f2bV_matches Fixed https://github.com/fail2ban/fail2ban/issues/2044 #2044 and used https://github.com/fail2ban/fail2ban/issues/2039 to fix comment in abuseipdb.com only showing $f2bV_matches	7 years ago
Sergey G. Brester	7bbc26d67e	Merge pull request #2097 from benrubson/sni Detect Apache SNI error / misredirect attempts	7 years ago
benrubson	bd74f7ba8b	Detect Apache SNI error / misredirect attempts, typos	7 years ago
sebres	8423f017e7	Merge branch 'sshd-ddos-mode-closed-preauth' into 0.10	7 years ago
sebres	4ee07adde6	Merge branch '0.10' into fix-sshd-filter-suff # Conflicts resolved: # fail2ban/server/filter.py	7 years ago
benrubson	30dc22fb2e	Detect Apache SNI error / misredirect attempts	7 years ago
sebres	4f6532f810	filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode it causes failure now on closed within preauth stage; at least using both modes can ban port-scanners and prevent for other annoying "intruders", closing connection within preauth-stage (see gh-2085 for example).	7 years ago
sebres	cd7f1354c6	remove end-anchors for expressions that are precise enough (with clear flow, simple branches, without catch-all's, etc.)	7 years ago
sebres	c31eb1c562	quick optimization: normalizes pam-generic prefregex (more similar to the same regex within sshd-filter) + datepattern anchored now;	7 years ago
sebres	25cc42129a	hold all user names affected by interim attempts in order to avoid forget a failures after success login: intruder (as legitimate user) firstly tries to login with another user-name (brute-force), so hopes to reset failure counter by succeeded login; this is fixed and covered in tests now; sshd-filter extended to cover multiple-login attempts (also fully implements gh-2070);	7 years ago
sebres	a9c94686b6	fixed multiple regexs matched	7 years ago
sebres	8028d3940d	amend with better match of optional suffix-groups; remove end-anchors for expressions are precise enough (with clear flow, simple branches, without catch-all's, etc.);	7 years ago
sebres	66d2436f21	filter.d/sshd.conf: extend suffix with optional port, move it to `prefregex` at end outside of the content	7 years ago
sebres	7b3442c4e2	amend to 185cb998e7c7f2509830bed4a9f2fe6179f77e7b: capture error prefix outside of the failure content;	7 years ago
sebres	185cb998e7	make `prefregex` more precise in order to avoid catch the content for non failure lines	7 years ago
sebres	e8ffab28fb	filter.d/apache-noscript.conf: extended to match "Primary script unknown", got from php-fpm module.	7 years ago
sebres	a6fb33bdec	filter.d/recidive.conf: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069	7 years ago
Sergey G. Brester	b34ae5999e	action.d/hostdeny.conf: fixes IPv6 syntax differentiate the IPv4 and IPv6 syntax (where it is enclosed in square brackets)	7 years ago
sebres	caa2bdfee6	amendment for gh-2061: it looks like the port was added here also	7 years ago
sebres	a3bcbe2d1b	backwards-compatibility, test-cases and ChangeLog update	7 years ago
MatthieuBarbu	6b5516b851	fix sshd rule #2 in line 58, rule don't match with "%(__suff)s" but work fine if I replace with "%(__on_port_opt)s" Debian 9 stretch : fail2ban 0.10.3	7 years ago
sebres	1d7aa2ff21	filter.d/sshd.conf: rewrite fix (for new ssh log-format) backwards compatible + test-cases extended to cover both cases	7 years ago
MatthieuBarbu	9f5c873526	fix sshd rule just remove the space before ":11" line 52 because don't match on my Debian 9 stretch... I don't know if this is wrong on all OS	7 years ago
sebres	8c291cad38	filter.d/asterisk.conf: fixed failregex prefix by log over remote syslog server (gh-2060)	7 years ago
Ben RUBSON	b112250ef0	(Free)BSD IPFW does not allow 2 identical rules (#2054 ) ipfw actionban fixed to allow same rule added several times (and actionunban to ignore error by deletion of missing rule)	7 years ago
Ben RUBSON	857767f04b	Add 'any' badips.py bancategory (#2056 ) action.d/badips.py: allow `any` as bancategory to retrieve IPs from all categories	7 years ago
sebres	07fcb24ff6	Merge pull request #2057 from benrubson/https Use httpS with badips	7 years ago
sebres	f52c67238a	action.d/badips.py: code review, ban command covered, debug log-messages, etc;	7 years ago
benrubson	fce2a50165	badips.py, solve a str() issue under FreeBSD	7 years ago
benrubson	e2665d39fd	Use httpS with badips	7 years ago
sebres	e636567d23	filter.d/exim.conf: failregex extended with SMTP call dropped: too many syntax or protocol errors.	7 years ago

1 2 3 4 5 ...

1454 Commits (5b0c3e75d33c0ea9458ef5880048ecf5aa434457)