Daniel Black
5741348f45
ENH: more options and ruggedness to prevent unintensional consequences
11 years ago
Daniel Black
52bd0f86a8
Merge branch 'osx-ipfw' of https://github.com/afragen/fail2ban into osx
11 years ago
Daniel Black
7cc3e8a8c0
BF: Invert expression on actionstop in bsd-ipfw.conf to ensure exit status 0 on success. Closes gh-343
11 years ago
Daniel Black
15f2f38972
ENH: anchor regex at start
11 years ago
Daniel Black
d5684a0834
BF: filter.d/routecube-auth - time offset can be positive or negative
11 years ago
Daniel Black
a401d11644
ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied
11 years ago
Andy Fragen
ef504c869f
added osx specific ipfw action with random rulenum
11 years ago
Yaroslav Halchenko
265a85ec1f
RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis
11 years ago
Daniel Black
b8e7d0b867
ENH: further tighten lighttpd basic auth regex
11 years ago
Daniel Black
a7ebb84a7d
ENH: tighted up lighttpd regex
11 years ago
François Boulogne
e133b9f1d1
MAINT: add support for lightty1.4.31
11 years ago
Daniel Black
ca4729e943
ENH: filter.d/exim.conf - add authentication failures for "plain" authentication
11 years ago
Daniel Black
ef903db3c9
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
11 years ago
Daniel Black
cfb7dba268
DOC: merge ChangeLog
11 years ago
Daniel Black
b589533d69
Merge branch 'master' into kwirk-merge
...
Conflicts:
ChangeLog
testcases/files/logs/dropbear
11 years ago
Daniel Black
fd7cc5bda7
BF: duplicate regex match fixed
11 years ago
Daniel Black
6a56727669
BF: apache-common regex - datetime could be entirely consumed
11 years ago
Daniel Black
a9eb8a76c6
merge of change log and apache-auth differences
11 years ago
Steven Hiscocks
4e5feed7fc
Merge pull request #8 from grooverdan/gh-303-merge-2
...
training space on wuftp
11 years ago
Daniel Black
aad7d08451
BF: disable filter expressions without tests
11 years ago
Yaroslav Halchenko
42f3aa9f62
Merge pull request #329 from grooverdan/bind-unauth-zonetransfer
...
Bind unauth zonetransfer. Closes #323
11 years ago
Daniel Black
6a36ff1a4a
BF: order mailx arguments with dest email address last - redhat bugzilla 998020. Closes gh-328
11 years ago
Daniel Black
c44328b1a3
ENH: new "realm mismatch" message from https://issues.apache.org/bugzilla/show_bug.cgi?id=55284#c8
11 years ago
Daniel Black
ea7cba4205
ENH: trailing space as per discussion on gh-303
11 years ago
Daniel Black
61d43608ae
ENH: filter.d/postfix - add filter for VRFY. Closes gh-322
11 years ago
Daniel Black
5d451bc4d6
ENH: add refused zone tranfer to named-refused filter. closes #323
11 years ago
Steven Hiscocks
53e16e07ad
ENH: Minor tweak on previous commit proftpd regex changes
11 years ago
Steven Hiscocks
9002de069e
ENH: Improve proftpd regex.
...
Taken from @yarikoptic comment:
https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500
11 years ago
Orion Poplawski
31a78b2711
Use /var/run/fail2ban in config/action.d/dummy.conf
11 years ago
Yaroslav Halchenko
e7d5e466b9
Merge branch 'enh/asterisk_and_dropbear_filters'
...
* enh/asterisk_and_dropbear_filters:
ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
minor: consistent indentation in dropbear.conf
https://github.com/fail2ban/fail2ban/issues/306
fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
11 years ago
Yaroslav Halchenko
4e0ddc5f67
ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
11 years ago
Yaroslav Halchenko
9487ee5562
minor: consistent indentation in dropbear.conf
11 years ago
Daniel Black
d8883f4346
DOC: Notes about 401 responses and how apache logs this
11 years ago
Daniel Black
7b2773889d
TST: apache-auth filter - nonce timetravel tests + other expression fixes
12 years ago
Daniel Black
0fb04cb2f0
ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4)
12 years ago
Daniel Black
56faf7f5ad
DOC: fix ChangeLog merge
12 years ago
Jamyn Shanley
a355fab91b
https://github.com/fail2ban/fail2ban/issues/306
...
Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles.
Signed-off-by: Jamyn Shanley <jshanley@gmail.com>
12 years ago
Jamyn Shanley
8936f2cd02
fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
12 years ago
Steven Hiscocks
2f4aaa9fb9
ENH: Simplify sieve filter failregex
12 years ago
Steven Hiscocks
b5639a8672
ENH: Simplify cyrus-imap filter fail regex
12 years ago
Daniel Black
8f532f9148
NIT: space remove
12 years ago
Daniel Black
7d7ef08145
ENH: authentication_id can be an imap4 quoted string, whatever that is, so using .+ as its id
12 years ago
Daniel Black
abc4146079
ENH: perdition proxies other types hence daemon can include (perdidtion.(imap|pop)s?|managesieve). Also support local authentication resulting in the log message: local authentication failure
12 years ago
Steven Hiscocks
cf1e5bdbc2
ENH: Tweak proftpd regex and add sample logs
...
Needed to add optional ":" post __pid_re, and for consistency, decided
to make use of __prefix_line instead which includes this.
12 years ago
Steven Hiscocks
8b9bafda79
ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples
...
suhosin is hardened php implmentation, which will log the alerts (as
seen in samples) to stderr, which is picked up by fastcgi webserver
(e.g. lighttpd, apache, nginx)
12 years ago
Steven Hiscocks
4033857f63
ENH: Improve xinetd-fail regex and add sample logs
12 years ago
Steven Hiscocks
a11f91b835
ENH: Improve cyrus-imap regex and add extra sample line
12 years ago
Steven Hiscocks
534be189dc
ENH: Improve sieve regex and add sample line
12 years ago
Steven Hiscocks
ab671b0b1a
ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample
...
For wu-ftpd configured to use pam, the pam filter used be used, as regex
is more robust.
12 years ago
Steven Hiscocks
57a6c11260
ENH: Improve courierlogin regex and add sample logs
12 years ago
Steven Hiscocks
bd175f0267
ENH: Improve cyrus-imap regex and add sample log file
12 years ago
Steven Hiscocks
83a80a29ea
ENH: Improve couriersmtp and add sample logs
12 years ago
Steven Hiscocks
eb2f0c9272
ENH: Improve postfix regex and add more samples
12 years ago
Daniel Black
5cfe108186
ENH: filter enhancements (with test cases) for apache-auth (httpd-2.4.4)
12 years ago
Daniel Black
6fdfd8d356
BF: fix port
12 years ago
Daniel Black
eea5b071e6
ENH: jail for perdition
12 years ago
Daniel Black
fcf79b475f
ENH: new filter perdition.conf
12 years ago
Daniel Black
03ec7c211b
ENH: could not find a way to trigger filter ^%(_apache_error_client)s authorization failure \(no authenticated user\): \S*\s*$
12 years ago
Daniel Black
8ce9c78474
TST: apache-auth digest logs
12 years ago
Daniel Black
f8b5b3a1ef
ENH: apache-auth - quite a lot of authorization failure messages depending on module. Make a wildcard
12 years ago
Daniel Black
4eca2c0bd5
TST: apache-auth client denied by server configuration
12 years ago
Daniel Black
e0292913eb
ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner
12 years ago
Yaroslav Halchenko
f6a8a04cf3
ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback
...
I also used non-greedy .*? for the login portion since not sure if space could
be there and trying to minimize possibility of reacting on injected "from
<HOST>" somewhere within the trailing .*
12 years ago
Yaroslav Halchenko
8add63c733
ENH: anchor roundcube-auth at the beginning as well
12 years ago
Steven Hiscocks
728399c39e
Merge pull request #281 from kwirk/dovecot-filter
...
ENH: dovecot filter additions for session, time value and blank user
12 years ago
Daniel Black
ab10664b57
ENH: action.d/hostsdeny to take daemon_list arguement as suggested in README.Solaris
12 years ago
Steven Hiscocks
606e97683b
BF: jail.conf multiport actions previously using single port iptables
12 years ago
Daniel Black
975999591f
ENH/DOC: more realm mismatch errors. Documented filter design criteria
12 years ago
Daniel Black
10e3be857a
ENH: apache-auth filter added mod_auth_digest message
12 years ago
Daniel Black
384b72a535
ENH: apache-auth filter - client wrong auth
12 years ago
Daniel Black
fce431add8
ENH: add mod_authz_core failures to apache-auth
12 years ago
Daniel Black
6ce41a611d
BF: fix filter on apache-auth. Closes #286
12 years ago
Daniel Black
1d6d5a7aae
DOC: ChangeLog merge confict
12 years ago
Daniel Black
5412d7336f
DOC: ChangeLog confict
12 years ago
Daniel Black
619603fe05
BF: match asterisk InvalidPassword correctly
12 years ago
Steven Hiscocks
bfa2b9dec3
ENH: dovecot filter additions for session, time value and blank user
12 years ago
Yaroslav Halchenko
04b8069cee
ENH: adjust sendmail-whois 'active' example to have also sendername in it
12 years ago
Alexander Dietrich
2155f6bfa5
Update ChangeLog and jail.conf example
12 years ago
Daniel Black
d6dece4900
ENH: Split log and provide jail examples
12 years ago
Alexander Dietrich
da594075f3
Move sendmail settings to common file, make sender name configurable
12 years ago
Yaroslav Halchenko
e6ebcf6687
Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
...
* 'dovecot' of https://github.com/grooverdan/fail2ban :
ENH: remove non-capturing groups for readibility
BF: fix dovecot filter for when no TLS is enabled on pop/imap
Conflicts:
ChangeLog -- changelog entries. Also untabified few other spots
12 years ago
Yaroslav Halchenko
f0f237fa05
Merge pull request #269 from grooverdan/asterisk
...
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
12 years ago
Daniel Black
e6823149a1
ENH: remove non-capturing groups for readibility
12 years ago
Daniel Black
aebd24ec54
BF: replace with ed so its cross platform, fixes permission problem gh-266, and Yaroslav doesn't revert to perl
12 years ago
Daniel Black
4777cfd4e7
ENH: split out exim-spam into speparate filter
12 years ago
Daniel Black
ca996ace5e
ENH: remove temporary failures from local_scan in line with comments in gh-258
12 years ago
Daniel Black
9757e1df2b
ENH: make groupings non-capturing
12 years ago
Daniel Black
72f9e6a51e
ENH/TST: more samples and rejection types for sender verify fail and rejected RCPT
12 years ago
Daniel Black
3b76fc79f9
BF: fix dovecot filter for when no TLS is enabled on pop/imap
12 years ago
Daniel Black
0086a7edab
ENH: missed a $
12 years ago
Yaroslav Halchenko
1b170b2aef
BF: support apache 2.4 more detailed error log format. Close #268
12 years ago
Yaroslav Halchenko
6d331bcbea
BF: make colon after [daemon] optional. Close #267
12 years ago
Daniel Black
fa7a105483
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
12 years ago
Daniel Black
25c3bbfc2f
DOC: credits/blame to me for changes to exim
12 years ago
Daniel Black
b8cfda68b8
ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries
12 years ago
Daniel Black
d441d61a1e
TST/ENH: Improve regex around exim
...
rejected by local_scan now has test cases.
Unrouteable address error messages now normalised after looking into
exim code.
12 years ago
Yaroslav Halchenko
9d4b613ee4
Merge branch '3proxy' of https://github.com/grooverdan/fail2ban
...
* '3proxy' of https://github.com/grooverdan/fail2ban :
BF: fix to proxy port in 3proxy example
ENH: sample log + more specific regex
BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
BF: need to anchor the start to avoid another repeat of DoS injection like Apache
ENH: stricter regex thanks to Steven Hiscocks (kwirk)
DOC: credits
Conflicts:
ChangeLog
12 years ago
Yaroslav Halchenko
173fe48e77
Merge branch 'exim' of https://github.com/grooverdan/fail2ban
...
* 'exim' of https://github.com/grooverdan/fail2ban :
BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
ENH: readibility thanks to Yaroslav
ENH/BF: exim improvements with sample
Conflicts:
ChangeLog
12 years ago
Yaroslav Halchenko
ec629ab4e8
Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban
...
* 'proftpd' of https://github.com/grooverdan/fail2ban :
ENH: proftpd chan accept usernames with spaces
ENH: injection of fail data into USER field
ENH: proftp regex hardening and log messages
Conflicts:
ChangeLog
12 years ago
Yaroslav Halchenko
ab2c738b43
Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
...
* 'dovecot' of https://github.com/grooverdan/fail2ban :
TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
ENH: dovecot regexs rewritten and extra failures
Conflicts:
ChangeLog -- merged entries
12 years ago
Daniel Black
8cc13b5b40
BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
12 years ago
Daniel Black
a433a8ea5f
ENH: readibility thanks to Yaroslav
12 years ago
Yaroslav Halchenko
948be73115
Merge branch 'assp' of https://github.com/grooverdan/fail2ban
...
* 'assp' of https://github.com/grooverdan/fail2ban :
BF: missed a space
BF: [SSL-out] is optional in assp
ENH: regex hardening on assp
Conflicts:
ChangeLog -- merged the two entries into 1
12 years ago
Yaroslav Halchenko
09302c5c25
ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
...
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
12 years ago
Daniel Black
7018d81244
BF: missed a space
12 years ago
Daniel Black
a447aa615d
BF: [SSL-out] is optional in assp
12 years ago
Daniel Black
d4940563d3
ENH: regex hardening on assp
12 years ago
Daniel Black
6a09ecff5c
ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
12 years ago
Daniel Black
9940cd1b6b
ENH: proftpd chan accept usernames with spaces
12 years ago
Daniel Black
dbe7ffe050
ENH: dovecot regexs rewritten and extra failures
12 years ago
Daniel Black
4c67a269bf
ENH: proftp regex hardening and log messages
12 years ago
Daniel Black
3e3802512a
ENH/BF: exim improvements with sample
12 years ago
Daniel Black
88b4598ed8
BF: fix to proxy port in 3proxy example
12 years ago
Daniel Black
9dbaec0894
ENH: sample log + more specific regex
12 years ago
Daniel Black
8faf84b7f7
BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
12 years ago
Yaroslav Halchenko
6ccd57813c
BF: anchor apache- filters. Close #248
...
See https://vndh.net/note:fail2ban-089-denial-service for more information
12 years ago
Daniel Black
fd9f9f16e0
BF: need to anchor the start to avoid another repeat of DoS injection like Apache
12 years ago
Daniel Black
f2fa4d53a8
ENH: stricter regex thanks to Steven Hiscocks (kwirk)
12 years ago
Daniel Black
16d63434ef
DOC: credits
12 years ago
Carlos Alberto Lopez Perez
47b063b022
Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
...
* I have been seeing bruteforcing attempts where asterisk fails with
AUTH_UNKNOWN_DOMAIN (Not a local domain)
12 years ago
Daniel Black
05c88bd85d
ENH: purge a few more .*
12 years ago
Daniel Black
4cf402d60e
ENH/BF: constrain regex. Fix ACL error regex
12 years ago
Daniel Black
0f7b609336
ENH: port optional
12 years ago
Daniel Black
278fd43429
Merge branch 'patch-1' of https://github.com/silviogarbes/fail2ban into asterisk-227
12 years ago
Terence Namusonge
244a96f9b3
fixed failregex line for roundcube 0.9+
...
# Only works only if log driver: is set to 'syslog'. this is becoz fail2ban fails to 'read' the line due to the
brackets around the date timestamp on logline when log driver is set to file
12 years ago
Yaroslav Halchenko
d2b1c73b92
CFG: assure actions for all the jails
12 years ago
Yaroslav Halchenko
89e06bba15
BF: blocktype must be defined within [Init] -- adding [Init] section. Close #232
12 years ago
silviogarbes
5c8fb68a2c
Update asterisk.conf
...
Para ficar compatível com asterisk 11
12 years ago
Yaroslav Halchenko
90b8433ac5
DOC: inline commends with ';' are in effect only if ';' follows as space
12 years ago
Yaroslav Halchenko
2b1e19933f
Merge branch 'master' of git://github.com/fail2ban/fail2ban
...
* 'master' of git://github.com/fail2ban/fail2ban:
BF: missed MANIFEST include
DOC: credits for bsd-ipfw
ENH: add ipfw rule for bsd using the tables.
12 years ago
Yaroslav Halchenko
976a65bb89
Merge branch 'bsd_logs' of https://github.com/grooverdan/fail2ban
...
* 'bsd_logs' of https://github.com/grooverdan/fail2ban :
ENH: separate out regex and escape a .
BF: missed MANIFEST include
DOC: credits for bsd log
DOC: bsd syslog files thanks to Nick Hilliard
BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD
Conflicts:
config/filter.d/common.conf
12 years ago
Yaroslav Halchenko
5accc10a47
Merge pull request #206 from grooverdan/bsd_ipfw
...
NF: BSD ipfw
12 years ago
Yaroslav Halchenko
0ae49ab11e
Merge branch 'bsd_pf' of https://github.com/grooverdan/fail2ban
...
* 'bsd_pf' of https://github.com/grooverdan/fail2ban :
BF: missed MANIFEST include
DOC: add jail.conf entry for pf
DOC: credit for pf action. Origin: http://svnweb.freebsd.org/ports/head/security/py-fail2ban/files/patch-pf.conf?view=log
ENH: pf action thanks to Nick Hilliard <nick@foobar.org>.
Conflicts:
ChangeLog
12 years ago
Yaroslav Halchenko
e85914cef8
Merge pull request #215 from grooverdan/reject_no_drop_by_default
...
ENH: add blocktype to all relevant actions and change default action to reject
12 years ago
Daniel Black
9c03ee6d9e
ENH: consolidate where blocktype is defined for iptables rules
12 years ago
Daniel Black
c7fd777966
BF: default type to unreachable
12 years ago
Daniel Black
de56347619
ENH: separate out regex and escape a .
12 years ago
Yaroslav Halchenko
e7cb0f8b8c
ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
12 years ago
Yaroslav Halchenko
2143cdff39
Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups
...
Origin: from https://github.com/jamesstout/fail2ban
* 'OpenSolaris' of https://github.com/jamesstout/fail2ban :
ENH: Removed unused log line
BF: fail2ban.local needs section headers
ENH: Use .local config files for logtarget and jail
ENH+TST: ssh failure messages for OpenSolaris and OS X
ENH: fail message matching for OpenSolaris and OS X
ENH: extra daemon info regex
ENH: actionunban back to a sed command
Readme for config on Solaris
create socket/pid dir if needed
Extra patterns for Solaris
change sed to perl for Solaris
Conflicts:
config/filter.d/sshd.conf
12 years ago
Yaroslav Halchenko
822a01018f
Merge pull request #205 from grooverdan/bsd_ssh
...
BSD ssh improvements (casing, msg)
12 years ago
Daniel Black
3b4a7b7926
ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
12 years ago
Daniel Black
aa52743f52
DOC: add jail.conf entry for pf
12 years ago
Daniel Black
0c5a9c53e1
ENH: pf action thanks to Nick Hilliard <nick@foobar.org>.
12 years ago
Daniel Black
b6d0e8ad9c
ENH: add ipfw rule for bsd using the tables.
12 years ago
Daniel Black
40c56b10a0
EHN: enhance sshd filter for bsd.
12 years ago
Daniel Black
b3bd877d23
BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD
12 years ago
Daniel Black
495f2dd877
DOC: purge of svn tags
12 years ago
Yaroslav Halchenko
89adcd7ff7
Merge branch PR #193 ASSP SMTP Proxy support (with some manual squashing)
...
Origin: https://github.com/lenrico/fail2ban
Squashing was done via rebase -i 1524b076d6
to eliminate massive assp sample log file originally added
fixed test date thx to steven
tight control of the filter for ASSP
as yaroslav wishes
as daniel desires
changed from DateASSPlike class to DateStrptime
fixed little things
added new date format support for ASSP SMTP Proxy
12 years ago
Enrico Labedzki
36b0d78ff8
tight control of the filter for ASSP
12 years ago
Enrico Labedzki
07aee8cd33
as daniel desires
12 years ago