github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
2,812 Commits
33 Branches
229 Tags
19 MiB
Commit Graph

889 Commits (6dfddbcdf62553d56483d4990e84261845f46508)

Author SHA1 Message Date
Yaroslav Halchenko 967485c2d0 improving grepping 2014-10-29 23:14:47 -04:00
Yaroslav Halchenko efbf5064a1 Merge pull request #807 from xslidian/patch-1 
grep IP at the start of lines
 2014-10-29 23:07:10 -04:00
Orion Poplawski 01b2673e34 Use multiport for firewallcmd-new 2014-10-29 16:27:37 -06:00
Yaroslav Halchenko 36abb5ed96 BF: fix $ for % in jail.conf. Debian bug #767255 2014-10-29 13:08:51 -04:00
pacop e3a037ee3f merge master 2014-10-25 18:15:34 +02:00
pacop ce4f2d1c88 added filter for PortSentry with jail and samples 2014-10-04 15:08:12 +02:00
SlowRiot fc5f729f01 adding jail conf for shellshock filter 2014-09-26 16:37:50 +01:00
SlowRiot 4f636eb0e3 adding filter to detect Shellshock attack attempts against bash scripts through apache. See http://seclists.org/oss-sec/2014/q3/650 2014-09-26 16:25:07 +01:00
Nick Weeds 2c158fe168 Add apache filter for AH01630 client denied by server configuration 2014-09-14 21:54:05 +01:00
Yaroslav Halchenko 0e1f8f7f39 RF: remove those two additional failregexes for the postfix 
see comment
https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426
 2014-09-13 10:25:27 -04:00
Yaroslav Halchenko 96c20c8379 Merge pull request #804 from pleasantone/master 
Add support for postfix/submission/smtpd matching.
 2014-09-13 10:24:06 -04:00
Yaroslav Halchenko c58c4de9bc ENH: add empty ignoreregex to avoid a warning (Close #805) 2014-09-13 10:18:37 -04:00
Dean Lee ba44ff312b grep IP at the start of lines 
I'm not sure if this regex works best, so I'm patching this single file as a sample.

Don't forget to update `mail-whois-lines.conf` after this patch got merged.

For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
 2014-09-09 14:55:34 +08:00
Paul Traina 249e169d8e Update test cases and also suport smtps per request. 2014-09-08 11:53:51 -07:00
Daniel Black 1864f75b3b Credits and notes from #806 2014-09-08 19:02:37 +10:00
weberho d2c086b187 fixed encoding 2014-09-08 10:26:08 +02:00
weberho 218ffe862e fixed encoding 2014-09-08 10:23:07 +02:00
Paul Traina 544cfaff2c Add support for postfix/submission/smtpd matching. 2014-09-06 10:23:38 -07:00
Yaroslav Halchenko 0d9cfb84e3 Merge pull request #778 from yarikoptic/enh/symbiosis 
ENH: symbiosis-blacklist-allports action
 2014-08-20 23:00:11 -04:00
Yaroslav Halchenko 426ed7ff2f Merge pull request #780 from opoplawski/logpath 
Fxi jail.conf to use more syslog macros
 2014-08-20 22:59:23 -04:00
Yaroslav Halchenko 93243e7d57 ENH: Ignore errors while unbaning in symbiosis firewall 
Fail2Ban at times "interfers" with the firewall reflashing thus leading
to the sporadic errors.  IMHO should be safe to ignore
 2014-08-12 11:57:07 -04:00
Luc Maisonobe 763115b1eb added systemd configuration for postfix-sasl.conf 2014-08-11 21:54:27 +02:00
Yaroslav Halchenko aee560b1c6 Merge branch 'master' of git://github.com/fail2ban/fail2ban 
* 'master' of git://github.com/fail2ban/fail2ban:
  1.5 version of Fail2ban logwatch file
  Fix typos.
 2014-08-11 13:10:02 -04:00
Yaroslav Halchenko 6fc04c2256 Merge branch 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban (with some tune up to Changelog entry) 
* 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban:
  ENH: cyrus-imap -- catch also 'user not found' attempts
  BF: cyrus-imaps -- catch also for secured daemons

Conflicts:
	ChangeLog
 2014-08-11 13:09:43 -04:00
Yaroslav Halchenko f403bad0ab Merge pull request #775 from alimony/patch-1 
Fix typos.
 2014-08-11 13:08:30 -04:00
Yaroslav Halchenko b79a82ebdd minor typo 2014-08-08 15:57:41 -04:00
Orion Poplawski 6b554fbe98 Fxi jail.conf to use more syslog macros 2014-08-08 13:27:32 -06:00
Yaroslav Halchenko 818dd59d65 ENH: symbiosis-blacklist-allports action 2014-08-08 11:57:30 -04:00
Markus Amalthea Magnuson 7b76322898 Fix typos. 2014-08-02 12:21:59 +02:00
Yaroslav Halchenko 4a23a7dcf1 Merge pull request #766 from leftyfb/master 
Added cloudflare action
 2014-07-28 15:34:09 -04:00
leftyfb 6dbd449f77 Changed to Cloudflare JSON API 2014-07-28 11:10:50 -04:00
Jisoo Park 2e7b8adb3b Fix sieve filter to use correct option 2014-07-28 23:42:02 +09:00
Yaroslav Halchenko f19c5fc939 Merge pull request #770 from eltrai/master 
Forwards bantime to action scripts
 2014-07-28 10:17:08 -04:00
Yaroslav Halchenko f9cfbd66e6 Merge pull request #771 from szepeviktor/patch-1 
named users + smtp auth probes
 2014-07-28 10:14:18 -04:00
Szépe Viktor 143a55bf26 Update courier-smtp.conf 2014-07-28 12:51:38 +02:00
Yaroslav Halchenko 2d7f2fa33f Merge pull request #756 from marclaporte/patch-1 
typo
 2014-07-27 21:49:24 -04:00
Yaroslav Halchenko 45c1095606 Merge pull request #750 from niorg/master 
Added Directadmin filter, jail and log test
 2014-07-27 21:47:07 -04:00
Yaroslav Halchenko 3339dc8d84 ENH: cyrus-imap -- catch also 'user not found' attempts 2014-07-25 10:13:04 -04:00
Yaroslav Halchenko 3e5c598b79 BF: cyrus-imaps -- catch also for secured daemons 2014-07-25 10:02:40 -04:00
Szépe Viktor d757ef584f Update courier-smtp.conf 2014-07-20 21:09:10 +02:00
Szépe Viktor a786e8a29b named users + smtp atuh probes 2014-07-20 19:59:54 +02:00
Pierre-Alain Dupont 3d7504c19e Forwards bantime to action scripts 
That way, ipset and afctl will use a real timeout and not default to a fixed value for all jails
 2014-07-20 16:25:59 +02:00
leftyfb cba570cabd Updated comments 2014-07-17 23:49:35 -04:00
leftyfb 5471e99ebe Added cloudflare action 2014-07-17 22:54:30 -04:00
Yaroslav Halchenko 6cddc65cee BF: path to exim's mainlog on Fedora (Thanks Frantisek Sumsal) + changelog entry 2014-07-14 12:16:12 -04:00
Yaroslav Halchenko 43950d8b7e BF: fix path to the exim log on Debian systems (/var/log/exim4) 2014-07-08 11:09:25 -04:00
Marc Laporte 3777591ab0 typo 2014-07-05 11:55:57 -04:00
Cyril Roos add8e61036 Added Directadmin filter, jail and log test 2014-07-02 13:52:06 +02:00
Yaroslav Halchenko 0adb10f653 Merge branch 'ainfo-copy' of https://github.com/kwirk/fail2ban 
* 'ainfo-copy' of https://github.com/kwirk/fail2ban:
  TST: actions modifying aInfo test more robust
  TST: Test for actions modifying (un)ban aInfo
  BF: aInfo could be modified by actions, causing unexpected behaviour
 2014-06-22 10:53:30 -04:00
Steven Hiscocks 2d54161696 Merge branch 'kwirk/harmonize-log-msgs' 
Conflicts:
	ChangeLog - Keep all additions
 2014-06-22 12:57:49 +01:00