916 Commits (5debaa4cac2723fa863ede9ed32c19cc82c71786)

Author	SHA1	Message	Date
sebres	71ce548117	Merge branch '0.11'	2021-04-27 14:05:53 +02:00
sebres	f0214b3d36	filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments	2021-04-20 18:13:40 +02:00
Sergey G. Brester	dda70d60c0	Merge branch 'master' into master	2021-04-04 00:04:08 +02:00
Sergey G. Brester	4eba9f2a4b	Merge pull request #2950 from sunweaver/pr/scanlogd-filter ... Add support for filtering out detected port scans via scanlogd.	2021-04-03 23:36:14 +02:00
Sergey G. Brester	977dfe4bd7	small amend: sport after saddr is optional ... format of message: saddr[:sport] to daddr [and others,] ports port[, port...], ..., flags[, TOS TOS][, TTL TTL] @HH:MM:SS	2021-04-03 23:29:16 +02:00
Sergey G. Brester	14edeed310	fixed regex (don't need to match whole line, e. g. every port etc)	2021-04-03 23:24:55 +02:00
Sergey G. Brester	080dd12288	Merge pull request #2965 from oukb/patch-1 ... nsd.conf: fix for the current log format	2021-04-03 21:02:03 +02:00
Sergey G. Brester	a838deba7f	restore anchor (e. g. catch all in the middle), dot is optional now, RE rewritten a bit more precise	2021-04-03 21:00:14 +02:00
sebres	7f38b80d35	precise regex (left anchor and fewer catch-all's); fixed tests (added failJSON and more tests for some corner-cases around new RE)	2021-04-03 20:16:47 +02:00
Rüdiger Olschewsky	9eaa2322b0	Filter and Defaults for Microsoft SQL Server	2021-04-03 19:30:29 +02:00
Markus Felten	5aa20c30d8	fix: add journalmatch to nginx filters	2021-04-03 19:20:50 +02:00
oukb	529866b2bb	nsd.conf: fix for the current log format ... New nsd 4.3.5 log format: | [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches | [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches | [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches | [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches	2021-03-08 19:14:28 +03:00
Mike Gabriel	f15ed35619	config/: Add support for filtering out detected port scans via scanlogd.	2021-03-05 16:35:13 +01:00
sebres	fb08534ed7	Merge branch '0.11'	2021-03-03 18:17:35 +01:00
sebres	a45b1c974c	filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast); ... closes gh-2951	2021-03-02 19:35:27 +01:00
Sergey G. Brester	a2f0dbad87	Merge pull request #2742 from aresxc/patch-1 ... Update drupal-auth.conf	2021-02-11 19:10:55 +01:00
Sergey G. Brester	d678440658	more precise RE (avoids weakness with catch-all's and is injection safe)	2021-02-11 18:32:32 +01:00
Brian J. Murrell	dc4ee5aa47	Add transport to asterisk RE ... Call rejection messages from Asterisk can have the transport prefixed to the IP address. Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>	2021-01-31 15:22:16 +01:00
sebres	21dd317870	Merge branch '0.11'	2021-01-21 19:13:13 +01:00
sebres	9df332fdef	filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...); ... closes gh-2908	2021-01-11 15:10:53 +01:00
sebres	2c60d08b28	Merge '0.11' (fix gh-2899) into master	2020-12-29 21:27:02 +01:00
sebres	73b39e0894	filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp) ... closes gh-2899	2020-12-29 21:22:47 +01:00
defanor	ba7daef86c	Handle postscreen's PREGREET and HANGUP messages ... Provoking those seems to be a popular activity among spammers.	2020-12-24 17:29:09 +03:00
stepodev	d0ba27cf46	move nginx-tls-fallback rules to nginx-http-auth	2020-11-30 12:14:49 +01:00
Sergey G. Brester	d959f6d199	Update nginx-tls-fallback.conf ... more precise and conclusive regex without catch-all's	2020-11-26 12:25:32 +01:00
stepodev	27c40a77a3	add nginx-tls-downgrade	2020-11-25 20:59:43 +01:00
sebres	a03109d096	Merge branch '0.11' into master (0.11.2 released)	2020-11-24 12:41:10 +01:00
Sergey G. Brester	071048b8f2	Merge pull request #2750 from janprzy/master ... Added filter nginx-bad-request	2020-11-23 18:28:07 +01:00
sebres	7965d652a1	filter.d/dovecot.conf: allow more verbose logging ... closes #2573	2020-11-23 18:17:29 +01:00
sebres	a6de9459fc	typo	2020-11-23 18:08:38 +01:00
RyuaNerin	bba8844af8	typo	2020-11-23 18:07:49 +01:00
mpoliwczak834	595ee7ed74	add submission	2020-11-23 17:42:12 +01:00
mpoliwczak834	0c12cb7970	add managesieve support dovecot filter	2020-11-23 17:42:11 +01:00
sebres	cc64ef25f6	filter.d/apache-noscript.conf: extended to match "script not found" with error AH02811 (and cgi-bin path segment in script) ... closes gh-2805	2020-11-23 17:25:41 +01:00
Sergey G. Brester	1c1a9b868c	no catch-alls, user name and error message stored in ticket	2020-11-09 15:36:30 +01:00
benrubson	840f0ff10a	Add Grafana jail	2020-11-09 15:31:06 +01:00
sebres	25e006e137	review and small tweaks (more precise and safe RE)	2020-11-09 13:43:59 +01:00
Mart124	df659a0cbc	Add Bitwarden syslog support	2020-11-09 13:34:39 +01:00
Sergey G. Brester	010e76406f	small tweaks (both 2nd time and facility are optional, avoid catch-all, etc)	2020-11-09 13:19:25 +01:00
benrubson	ec873e2dc3	Add SoftEtherVPN jail	2020-11-05 23:56:30 +01:00
sebres	02525d7b6f	filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended with new rule closing flood attack vector, matching: ... error: kex_exchange_identification: Connection closed by remote host (gh-2850)	2020-10-08 21:07:51 +02:00
sebres	db1f3477cc	amend to 3f04cba9f92a1827d0cb3dcb51e57d9f60900b4a: sendmail-auth has 2 failregex now, so rewritten with prefregex	2020-08-27 18:07:42 +02:00
sebres	3f04cba9f9	filter `sendmail-auth` extended to follow new authentication failure message introduced in sendmail 8.16.1, AUTH_FAIL_LOG_USER (gh-2757)	2020-08-27 17:44:25 +02:00
sebres	07fa9f2912	fixes gh-2787: allow to match `did not issue MAIL/EXPN/VRFY/ETRN during connection` non-anchored with extra mode (default names may deviate); ... additionally provides common addr-tag for IPv4/IPv6 (`(?:IPv6:<IP6>|<IP4>)`) and test-coverage for IPv6	2020-08-27 17:04:19 +02:00
benrubson	1707560df8	Enhance Guacamole jail	2020-08-25 13:01:50 +02:00
Jan Przybylak	a5ab4406d8	Removed unnecessary escape sequence ... This commit also contains changes to match requests that are 100% empty (by using "*" instead of "+" in the regex)	2020-06-21 18:24:09 +02:00
Jan Przybylak	d7ef5d166d	Removed vulnerable catchall & anchor	2020-06-11 16:44:48 +02:00
sebres	5a0edf61c9	filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749)	2020-06-08 14:38:26 +02:00
Jan Przybylak	3c83c19070	Added filter nginx-bad-request	2020-06-06 19:51:46 +02:00
aresdr	412120ac3c	Update drupal-auth.conf ... Small fix for Drupal 8. D8 uses "Login attempt failed from" while D7 uses "Login attempt failed for". The referer part is a must currently, but some requests did not have one and are not failing.	2020-05-30 15:25:31 -07:00