fail2ban

Commit Graph

Author	SHA1	Message	Date
Daniel Black	a8e0498389	BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHANGE_FAILED. closes gh-289	11 years ago
Yaroslav Halchenko	bf245f9640	DOC: adding DEV Notes for for non-greedy matchin within sshd.conf	11 years ago
Yaroslav Halchenko	750e0c1e3d	BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input since daemon might eventually change reported length and we would need to adjust anyways. So limiting in length does not provide additional security but allows for a possible injection vector	11 years ago
Yaroslav Halchenko	abb012ae5c	BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy	11 years ago
Daniel Black	89fd792dfb	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	11 years ago
Daniel Black	778f09debe	DOC/ENH: __md5hex regex defination to common.conf. Document debian bug #	11 years ago
Daniel Black	f2ae20a3b8	BF: filter.d/sshd group on md5hex and () for serial needed to be escaped	11 years ago
Daniel Black	1eeb6e94bd	BF: fix regex for openssh-6.3	11 years ago
Yaroslav Halchenko	e7cb0f8b8c	ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs	12 years ago
Yaroslav Halchenko	2143cdff39	Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups Origin: from https://github.com/jamesstout/fail2ban * 'OpenSolaris' of https://github.com/jamesstout/fail2ban: ENH: Removed unused log line BF: fail2ban.local needs section headers ENH: Use .local config files for logtarget and jail ENH+TST: ssh failure messages for OpenSolaris and OS X ENH: fail message matching for OpenSolaris and OS X ENH: extra daemon info regex ENH: actionunban back to a sed command Readme for config on Solaris create socket/pid dir if needed Extra patterns for Solaris change sed to perl for Solaris Conflicts: config/filter.d/sshd.conf	12 years ago
Yaroslav Halchenko	822a01018f	Merge pull request #205 from grooverdan/bsd_ssh BSD ssh improvements (casing, msg)	12 years ago
Daniel Black	40c56b10a0	EHN: enhance sshd filter for bsd.	12 years ago
Daniel Black	495f2dd877	DOC: purge of svn tags	12 years ago
jamesstout	3367dbd987	ENH: fail message matching for OpenSolaris and OS X - OpenSolaris keyboard message matched by new regex 3 - Removed Bye Bye regex per https://github.com/fail2ban/fail2ban/issues/175#issuecomment-16538036 - PAM auth failure or error and first char case-insensitive, can also have chars after the hostname. e.g. Apr 29 16:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication error for james from 205.186.180.101 via 192.168.1.201	12 years ago
jamesstout	10fcfb925d	Extra patterns for Solaris	12 years ago
Daniel Black	41b9f7b6ac	BF: filter.d/sshd "Did not receive identification string" relates to an exploit so document this in sshd-ddos.conf but leave it out of authentication based blocks in sshd.conf	12 years ago
Daniel Black	32d10e904a	ENH: more openssh fail messages from openssh source code (CVS 20121205)	12 years ago
Orion Poplawski	bb7628591c	Update config/filter.d/sshd.conf Do not trigger sshd bans on pam_unix authentication failures, this will trigger on successful logins on systems that use non-pam_unix authentication (sssd, ldap, etc.).	12 years ago
Yaroslav Halchenko	6ecf4fd80a	Merge pull request #64 from sourcejedi/remove_sshd_rdns Misconfigured DNS should not ban successful ssh logins Per our discussion indeed better (and still as "safe") to not punish users behind bad DNS	12 years ago
Yaroslav Halchenko	2082fee7b1	ENH: match possibly present "pam_unix(sshd:auth):" portion for sshd (Closes: #648020 )	13 years ago
Alan Jenkins	8c38907016	Misconfigured DNS should not ban successful ssh logins Noticed while looking at the source (to see the point of ssh-ddos). POSSIBLE BREAK-IN ATTEMPT - sounds scary? But keep reading the message. It's not a login failure. It's a warning about reverse-DNS. The login can still succeed, and if it _does_ fail, that will be logged as normal. <exhibit n="1"> Jul 9 05:43:00 brick sshd[18971]: Address 200.41.233.234 maps to host234.advance.com. ar, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Jul 9 05:43:00 brick sshd[18971]: Invalid user html from 200.41.233.234 </exhibit> The problem (in my mind) is that some users are stuck with bad dns. The warning won't stop them from logging in. I'm pretty sure they can't even see it. But when they exceed a threshold number of logins - which could be all successful logins - fail2ban will trigger. fail2ban shouldn't adding additional checks to successful logins - it goes against the name fail2ban :) - the first X "POSSIBLE BREAK-IN ATTEMPT"s would be permitted anyway - if you want to ban bad DNS, the right way is PARANOID in /etc/hosts.deny I've checked the source of OpenSSH, and this will only affect the reverse-DNS error. (I won't be offended if you want to check for yourself though ;) <exhibit n="2"> $ grep -r -h -C1 'ATTEMPT' openssh-5.5p1/ logit("reverse mapping checking getaddrinfo for %.700s " "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop); return xstrdup(ntop); -- logit("Address %.100s maps to %.600s, but this does not " "map back to the address - POSSIBLE BREAK-IN ATTEMPT!", ntop, name); $ </exhibit>	13 years ago
Petr Voralek	4007751191	ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 (Closes: #669063 )	13 years ago
Yaroslav Halchenko	25f1e8d98c	BF: allow trailing whitespace in few missing it regexes for sshd.conf	13 years ago
Yaroslav Halchenko	dad91f7969	ENH: sshd.conf -- allow user names to have spaces and trailing spaces in the line absorbed from patches carried by Debian distribution of f2b	13 years ago
Cyril Jaquier	abd061bad8	- Changed <HOST> template to be more restrictive. Debian bug #514163 . git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@728 a942ae1a-1317-0410-a47c-b1dcaea8d605	16 years ago
Cyril Jaquier	376f348823	- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log (closes: #512193 ). git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@726 a942ae1a-1317-0410-a47c-b1dcaea8d605	16 years ago
Cyril Jaquier	391a38a7a8	- Added new regex. Thanks to Tobias Offermann. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@713 a942ae1a-1317-0410-a47c-b1dcaea8d605	16 years ago
Cyril Jaquier	155c4652a4	- Merged patches from Debian package. Thanks to Yaroslav Halchenko. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@706 a942ae1a-1317-0410-a47c-b1dcaea8d605	17 years ago
Cyril Jaquier	6db1212152	- Added revision. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@663 a942ae1a-1317-0410-a47c-b1dcaea8d605	17 years ago
Cyril Jaquier	f0399ca5a4	- Absorbed some Debian patches. Thanks to Yaroslav Halchenko. - Renamed actionend to actionstop. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@658 a942ae1a-1317-0410-a47c-b1dcaea8d605	17 years ago
Cyril Jaquier	174ce7027a	- Fixed fail2ban-regex. It support "includes" in configuration files. - Modified "includes" to be more generic. We will probably support URL in the future. - Small refactoring. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@656 a942ae1a-1317-0410-a47c-b1dcaea8d605	17 years ago
Cyril Jaquier	66063d2731	- Added "full line failregex" patch. Thanks to Yaroslav Halchenko. It will be possible to create stronger failregex against log injection git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@621 a942ae1a-1317-0410-a47c-b1dcaea8d605	17 years ago
Cyril Jaquier	732c66215f	- Improved regular expressions git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@613 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	3ef8fbe2e3	- Modified failregex again. Thanks to Yaroslav Halchenko git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@609 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	f714c96d0e	- Updated regular expressions git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@598 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	1e2ddec485	- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@587 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	54e4d012d1	- Fixed bug #1664386 . Thanks to Harry Rarig git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@551 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	743ec88eef	- Updated failregex git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@532 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	6cf814245e	- Fixed missing regular expression git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@513 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	44d75eb54f	- Added missing svn:keywords - Split failregex in sshd.conf - Added sshd-ddos.conf. Thanks to Yaroslav Halchenko git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@510 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	840b9fff0f	- Fixed some comments git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@495 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	f5d4cb6be2	- Added alias "<HOST>" for failregex git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@471 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	0fd9865172	- Defined default values in .conf. Should fix Debian bug #398758 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@464 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	90359ba523	- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request #1283304 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@458 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	2bcc036cf2	- Improved configuration files git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@394 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	21b6e76cde	- Added date detector git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@325 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	f1f12518c8	- Moved "logpath" and "maxtime" to "jail.conf" git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@320 a942ae1a-1317-0410-a47c-b1dcaea8d605	18 years ago
Cyril Jaquier	857f6d619b	- Fixed bug in failregex git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@267 a942ae1a-1317-0410-a47c-b1dcaea8d605	19 years ago
Cyril Jaquier	3d73f45531	- Added 'host' group in failregex git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@262 a942ae1a-1317-0410-a47c-b1dcaea8d605	19 years ago
Cyril Jaquier	9aa6a505eb	- Added header git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@254 a942ae1a-1317-0410-a47c-b1dcaea8d605	19 years ago

1 2

52 Commits (5bd8ba0c6fa3352a4e58a1bece6130eb54712ad2)