sebres
d22b2498d4
normalizing time config entries: use time abbreviation (str2seconds) for all time options such 'dbpurgeage', 'bantime', 'findtime', ex.: default '1d' instead '86400';
...
code review and test case extended;
9 years ago
Yaroslav Halchenko
26dd6d7425
Merge pull request #1258 from aleksandrs-ledovskis/feature/postfix-domain-not-found-failregex
...
Add 'Sender address rejected: Domain not found' Postfix failregex
9 years ago
Ross Brown
8d12dba245
Merge remote-tracking branch 'upstream/master'
9 years ago
Ross Brown
ead2d509dc
Updated 'murmur' filter to use new double-anchored regex based on @yarikoptic's suggestions.
9 years ago
Yaroslav Halchenko
5d6cead996
ENH: sshd filter -- match new "maximum auth attempts exceeded" ( Closes #1269 )
9 years ago
Ross Brown
106c3eab9a
Added filter and jail for murmur/mumble-server.
9 years ago
Aleksandrs Ļedovskis
fa59a6850f
Add 'Sender address rejected: Domain not found' Postfix failregex
...
Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>
9 years ago
Orion Poplawski
c656cb0d36
Merge branch 'master' into journaldefault
...
Conflicts:
ChangeLog
9 years ago
Orion Poplawski
ba76f4ca2f
Fix typo
9 years ago
Serg G. Brester
eef7771b4e
Merge pull request #1238 from sebres/fix/gh-1216
...
Fixed directly defined banaction for allports jails like pam-generic, recidive, etc
9 years ago
sebres
e825e977cc
Nginx log paths extended (prefixed with "*" wildcard)
...
closes gh-1237
9 years ago
sebres
f359ed8c36
Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added);
...
closes gh-1216
9 years ago
sebres
53b39162a1
Shortly, much faster and stable version of regexp (possible because expression is start-anchored and does not contains closely to catch-all sub expressions)
9 years ago
sebres
6884593ab8
New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module)
9 years ago
Orion Poplawski
0661aece46
Merge branch 'master' into journaldefault
...
Conflicts:
ChangeLog
9 years ago
1technophile
2861a957a9
filter for openhab domotic software authentication failure with the rest api and web interface + test cases;
...
closes gh-1223
9 years ago
Pablo Rodriguez Fernandez
2c576c64f8
Change domain filter regex
...
Change domain filter regex since there are other Google crawlers.
See "Google crawlers"
<https://support.google.com/webmasters/answer/1061943?hl=en >
9 years ago
Pablo Rodriguez Fernandez
74fcb219ab
Enhanced Google domain detection in apache-fakegooglebot
...
Previously, an attacker could fake a domain like
crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change
avoids to resolve fake Google domains.
9 years ago
Orion Poplawski
3a9cf2b3da
Add and use default_backend to set individual backend defaults to auto
9 years ago
Orion Poplawski
ced7be94b2
Fix postfix_log typo
9 years ago
Orion Poplawski
75d33c0f09
Add *_backend options for services to allow distros to set the default backend
...
per service.
Set default to systemd for Fedora as appropriate.
9 years ago
Pablo Rodriguez Fernandez
a28e6b442e
Add check in apache-fakegooglebot to protect against PTR fake record
...
An attacker may return a PTR record which fakes a Googlebot's domain
name. This modification resolves the PTR records to verify it.
See "Verifying Googlebot":
<https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919 >
9 years ago
agentmoller001
617302fcc2
Updated route.conf to clear warnings
...
Does not throw warnings when starting/restarting by adding three lines of code.
9 years ago
sebres
2696ede251
mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later
...
closes gh-1211
9 years ago
Kevin Locke
36919d9f97
ssh.conf: Fix disconnect "Auth fail" matching
...
The regex for matching against "Auth fail" disconnect log message does
not match against current versions of ssh. OpenSSH 5.9 introduced
privilege separation of the pre-auth process, which included
[logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114 )
which adds " [preauth]" to the end of each message and causes the log
level to be prepended to each message.
It also fails to match against clients which send a disconnect message
with a description that is either empty or includes a space, since this
is the content in the log message after the disconnect code, per
[packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215 ),
which was matched by \S+. Although I have not observed this yet, I
couldn't find anything which would preclude it in [RFC
4253](https://tools.ietf.org/html/rfc4253#section-11.1 ) and since the
message is attacker-controlled it provides a way to avoid getting
banned.
This commit fixes both issues.
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
9 years ago
Viktor Szépe
0d8968daa9
Added CloudFlare API error codes URL
9 years ago
Yaroslav Halchenko
ff06176e9e
Merge remote-tracking branch 'origin/master' into enh-split-comma
...
* origin/master:
DOC: changelog for the timeout change
Set Timeout at urlopen to 3 seconds
README :: init/service example mentions debian based systems as the example
README :: fitted paragraph style
BF: disable testing on python 3.2 until coverage gets a fix
README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
Set Timeout at urlopen to 3 seconds
9 years ago
M. Maraun
2895d981fa
Set Timeout at urlopen to 3 seconds
9 years ago
Yaroslav Halchenko
8cf614e221
ENH: allow to split ignoreip by space and/or comma ( Closes #1197 )
...
Way too many people ran into this gotcha, so lets just do it
9 years ago
Yaroslav Halchenko
55e542b273
Merge remote-tracking branch 'pr/1170/head' -- opensuse paths
...
* pr/1170/head:
Updated ChangeLog regarding openSUSE's path config
Added configuration for opensuse path
9 years ago
Edward Beckett
835b3ff483
Update apache-badbots.conf
...
Useragent strings including `+http` need to be escaped to be valid.
9 years ago
weberho
f7af93a677
Added configuration for opensuse path
9 years ago
weberho
d278fbca30
Fixed line suspected to be faulty
9 years ago
Yaroslav Halchenko
c37009aec7
Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban
...
* 'grep-m1k' of github.com:szepeviktor/fail2ban:
Limit the number of log lines in *-lines.conf actions
Conflicts:
ChangeLog -- took both versions and adjusted the new one
for -n 1000 change
9 years ago
Yaroslav Halchenko
38c320798d
Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122
...
WIP ENH Add <lockingopt> (Close : #1122 ) and <iptables> to define the iptables call
9 years ago
Yaroslav Halchenko
0041bc3770
DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description
9 years ago
Yaroslav Halchenko
de2f9504c0
Merge pull request #978 from ediazrod/patch-2
...
shorewall-ipset-proto6.conf for shorewall
9 years ago
Yaroslav Halchenko
65cd218e10
Merge remote-tracking branch 'origin/master'
...
* origin/master:
ipjailmatches is on one line with its description in man jail.conf
Added a space between IP address and the following colon
9 years ago
Viktor Szépe
c8b3ee10a0
Limit the number of log lines in *-lines.conf actions
9 years ago
Thomas Mayer
a19cb1b2b9
Merge 923d807ef8
into cf2feea987
9 years ago
Yaroslav Halchenko
3c0d7f5a4c
BF: do not wrap iptables into itself. Thanks Lee
9 years ago
Viktor Szépe
ebdfbae559
Added a space between IP address and the following colon
9 years ago
Yaroslav Halchenko
749d3c160c
BF: symbiosis-blacklist-allports now also requires iptables-common.conf
9 years ago
Yaroslav Halchenko
916937bb6a
RF: use <iptables> to take effect of it being a parameter
9 years ago
Yaroslav Halchenko
31dc4e2263
ENH: added lockingopt option for iptables actions, made iptables cmd itself a parameter
9 years ago
Yaroslav Halchenko
7a011fca1b
DOC: adjusted comment in pass2allow-ftp to my suggested wording
10 years ago
Viktor Szépe
948b12e5df
Fixed definition of knocking_url for pass2allow
10 years ago
Viktor Szépe
b638e807ad
Explicitly stating that knocking_url needs to be customized
10 years ago
Viktor Szépe
586703dcc2
Test, changelog and fixes to pass2allow
10 years ago
Viktor Szépe
5b7e1de2f4
Instead of allow-iptables-multiport actions swap blocktype and (new) returntype
10 years ago