Sylvestre Ledru
d422bceb0e
New upstream version 0.11.2
2020-11-26 13:47:25 +01:00
Jesse Norell
5d0d5a68c5
Don't ban roundcube users when an external mail server is down.
2020-04-06 21:57:27 +00:00
Sylvestre Ledru
ad3e0d97c4
New upstream version 0.11.1
2020-01-12 23:22:54 +01:00
Sylvestre Ledru
93d4c018f4
Merge remote-tracking branch 'origin/debian'
2020-01-12 23:12:02 +01:00
Sergey G. Brester
7a7a905ab2
0.9 - Merge pull request #2339 from cFire/master
...
Add override for dovecot failed logins on debian
2019-03-14 11:45:46 +01:00
sebres
1a9527e6a4
fixed catch-all on user (and simplifying)
2019-03-12 16:53:36 +01:00
jim
a7f3ba87f6
filter.d/sogo-auth.conf: fixes gh-2289 - matching auth-failures when behind a proxy;
...
(broken by commit 72b06479a5
), replacement for gh-2290.
2019-03-12 16:50:04 +01:00
Cool Fire
27526e431b
Changes static logfile string to variable
...
Since we don't want to re-declare a log file name we already
have a varialbe for, use the existing variable to set dovecot_log.
2019-02-13 10:10:24 +01:00
Cool Fire
b31a018e7c
Add override for dovecot failed logins on debian
2019-02-13 10:01:14 +01:00
sebres
e651bc7866
amend to #1622 : jail-reader supports now multi-line option for multi-line action parameter:
...
logpath = a.log
b.log
c.log
action = ban[...]
= log[logpath="%(logpath)s"]
closes gh-2341, ultimate fix for gh-976
2019-02-11 11:54:58 +01:00
sebres
a13fdcf4f7
closes gh-2314: extended regex for mysql 8.0.13 if used logging with details (e. g. log-error-verbosity = 3, so log output has few additional words enclosed in brackets after "[Note]").
2019-01-07 01:34:12 +01:00
Yannik Sembritzki
6b4404b1bc
Fix asterisk filter not catching attackers when port is logged ( Fixes #2316 )
2019-01-03 23:55:42 +01:00
sebres
555b29e8e6
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2018-11-21 13:05:42 +01:00
sebres
1c1d2cc435
introduces new failregex-flag tag `<F-MLFGAINED>` signaled that the access to service was gained (ATM used similar to <F-NOFAIL>, but does not added to matches);
...
filter.d/sshd.conf: extended with new rules:
- Disconnecting ...: Change of username or service not allowed
- Disconnected from ... [preauth] (extra/aggressive mode only)
2018-11-19 21:19:57 +01:00
dienteperro
0df221b54b
"be" instead of "me" in shorewall.conf
2018-11-15 14:34:51 -05:00
Sergey G. Brester
1752c19b6f
Merge pull request #2205 from benrubson/patch-1
...
Add loglevel option to badips.py
2018-10-02 13:12:03 +02:00
Sergey G. Brester
65676baf8c
fixed py3 incompatibility (for some reasons this file seems to be excluded from 2to3), anyway not needed, because int-type is already checked in str2LogLevel
2018-10-02 13:00:20 +02:00
Sergey G. Brester
4b751c84c3
badips.py: Rewrite new bool option "log" as "loglevel" and revert default to log-level (DEBUG).
2018-10-02 12:32:15 +02:00
sebres
58b510a5be
filter.d/domino-smtp.conf:
...
- recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
- failregex extended to catch connections rejected for policy reasons (gh-2228);
2018-09-21 14:14:00 +02:00
sebres
d01fe9d22a
action.d/*.conf: correct comments for actionstart/actionstop
2018-09-12 16:01:57 +02:00
Ben RUBSON
9d7c0e00c1
Also log number of IPs removed/added
2018-09-08 09:28:42 +02:00
Ben RUBSON
70e53b55c5
Typo
2018-08-19 22:39:18 +02:00
Ben RUBSON
ec4c4b12c1
Add yes/no log option to badips.py
2018-08-19 22:35:09 +02:00
Sergey G. Brester
ee207d8c31
Merge pull request #2151 from benrubson/merge
...
Apache SNI error / misredirect attempts rules are combined in one regex
2018-08-14 14:56:49 +02:00
Ben RUBSON
77b35b8db7
Improvement
2018-08-14 14:07:32 +02:00
sebres
e2a255d104
fixed typo in comments by "ignoreself" parameter
2018-08-14 11:11:19 +02:00
sebres
e995d5a0b6
filter.d/freeswitch.conf: provide mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)` (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter how to set it to mode `normal`.
2018-08-03 11:42:15 +02:00
sebres
bc2dbacc9a
filter.d/freeswitch.conf: provide compatibility for log-format from gh-2193:
...
- extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover
`YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional);
- more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);
2018-08-03 11:22:30 +02:00
sebres
22d37cdce2
sshd: fixed failregex for ddos (resp. aggressive) mode, to cover "authenticating user" case in log-message:
...
Connection closed by authenticating user root 192.0.2.10 ... [preauth]
tests extended (also with few injection tries).
closes gh-2185.
2018-07-18 15:31:04 +02:00
sebres
8fe07e29ad
filter.d/dovecot.conf: failregex enhancement to catch disconnected with "proxy dest auth failed";
...
closes gh-2184
2018-07-17 15:06:42 +02:00
Sergey G. Brester
75330568d9
Merge pull request #2168 from dpavlin/dovecot-add-F-USER
...
dovecot: collect F-USER and variants
2018-07-06 17:16:43 +02:00
sebres
6ce67a6d21
coverage
2018-07-05 16:27:36 +02:00
Dobrica Pavlinusic
6f1e789f31
dovecot: collect F-USER and variants
...
We are prefering ruser= if availble because this are credentials
presented to dovecot from remote client.
2018-06-30 16:16:03 +02:00
sebres
8cbe1e6b13
Merge pull request #2155
2018-06-14 12:35:57 +02:00
cheese1
43db4411de
small typo
2018-06-14 12:35:04 +02:00
Boris Gulay
a923cd209b
`filter.d/dovecot.conf`: failregex enhancement to catch sql password mismatch errors;
2018-06-11 14:30:10 +02:00
benrubson
f54f6caece
Merge Apache SNI error / misredirect attempts rules
2018-06-09 10:19:27 +02:00
sebres
bba7a6c5cf
amend to (gh-2067) / b34ae5999e0d8ee1af8939527305c13152844b3d: fix parameter in config (dynamic parameters stating with '_' are protected and don't allowed in command-actions);
...
the interpolation of hostsdeny is test-covered now;
closes gh-2114.
2018-04-17 18:59:24 +02:00
sebres
8069eef50c
badips: try to fix sporadic test errors if badips-server timed out resp. not available (502 bad gateway or similar).
2018-04-05 12:31:29 +02:00
Michael Grant
57bc502d5c
Update sendmail-reject.conf
2018-04-04 18:52:36 +02:00
Michael Grant
2ab6a5ae62
Update sendmail-auth.conf
2018-04-04 18:52:35 +02:00
Michael Grant
87520e8008
Sendmail logs IPv6 addresses with the prefix 'IPv6:'. Added (IPv6:)? before all <HOST> regexes to match the IPv6 address (but not the prefix).
2018-04-04 18:52:33 +02:00
Luis Aranguren
fc76ccf192
Fixes abuseipdb curl cypher error and comment $f2bV_matches
...
Fixed https://github.com/fail2ban/fail2ban/issues/2044 #2044
and used https://github.com/fail2ban/fail2ban/issues/2039 to fix comment in abuseipdb.com only showing $f2bV_matches
2018-04-04 16:39:16 +02:00
Sergey G. Brester
7bbc26d67e
Merge pull request #2097 from benrubson/sni
...
Detect Apache SNI error / misredirect attempts
2018-04-04 16:31:38 +02:00
benrubson
bd74f7ba8b
Detect Apache SNI error / misredirect attempts, typos
2018-04-04 00:20:58 +02:00
sebres
8423f017e7
Merge branch 'sshd-ddos-mode-closed-preauth' into 0.10
2018-04-03 14:12:35 +02:00
sebres
4ee07adde6
Merge branch '0.10' into fix-sshd-filter-suff
...
# Conflicts resolved:
# fail2ban/server/filter.py
2018-04-03 13:30:57 +02:00
benrubson
30dc22fb2e
Detect Apache SNI error / misredirect attempts
2018-03-29 11:36:49 +02:00
sebres
4f6532f810
filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode it causes failure now on closed within preauth stage;
...
at least using both modes can ban port-scanners and prevent for other annoying "intruders", closing connection within preauth-stage (see gh-2085 for example).
2018-03-20 18:54:22 +01:00
sebres
cd7f1354c6
remove end-anchors for expressions that are precise enough (with clear flow, simple branches, without catch-all's, etc.)
2018-03-20 18:47:42 +01:00