Commit Graph

492 Commits (750e0c1e3dbce856437c115142d57f18b6c1fac7)

Author SHA1 Message Date
Beau Raines 060bd45295 ENH - Added server name to subject line in email notifications
11 years ago
Daniel Black ad291d7e38 Merge pull request #346 from grooverdan/bsd-ipfw-default-unreach-port
11 years ago
Daniel Black e5f1a7f050 Merge pull request #344 from grooverdan/osx
11 years ago
Daniel Black 4face1f3e7 MRG: resolve conficts in action.d/osx-ipfw design
11 years ago
Andy Fragen d258a51a23 after some research it looks like setting to unreachable better than deny
11 years ago
Andy Fragen fe557e5900 more specific actionunban
11 years ago
Andy Fragen a4884f82cd add mods from grooverdan and fix actionunban
11 years ago
Daniel Black 6b0e2289d4 Merge pull request #335 from grooverdan/gh-333-bind
11 years ago
Daniel Black f2bcf84893 BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp rejecting blocked packets
11 years ago
Daniel Black 749f215089 ENH: port optional
11 years ago
Daniel Black 8b22fa15b5 BF: reverted to simplier random rulenum. If your machine is handling 1000s of block the addition complexity isnt what you want
11 years ago
Daniel Black b31799a322 ENH: add action.d/osx-afctl anonymously contributed on f2b wiki
11 years ago
Daniel Black 808aa1a792 ENH: added jail.conf example. closes gh-340
11 years ago
Daniel Black 5741348f45 ENH: more options and ruggedness to prevent unintensional consequences
11 years ago
Daniel Black 52bd0f86a8 Merge branch 'osx-ipfw' of https://github.com/afragen/fail2ban into osx
11 years ago
Daniel Black 7cc3e8a8c0 BF: Invert expression on actionstop in bsd-ipfw.conf to ensure exit status 0 on success. Closes gh-343
11 years ago
Daniel Black 15f2f38972 ENH: anchor regex at start
11 years ago
Daniel Black d5684a0834 BF: filter.d/routecube-auth - time offset can be positive or negative
11 years ago
Daniel Black a401d11644 ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied
11 years ago
Andy Fragen ef504c869f added osx specific ipfw action with random rulenum
11 years ago
Yaroslav Halchenko 265a85ec1f RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis
11 years ago
Daniel Black b8e7d0b867 ENH: further tighten lighttpd basic auth regex
11 years ago
Daniel Black a7ebb84a7d ENH: tighted up lighttpd regex
11 years ago
François Boulogne e133b9f1d1 MAINT: add support for lightty1.4.31
11 years ago
Daniel Black ca4729e943 ENH: filter.d/exim.conf - add authentication failures for "plain" authentication
11 years ago
Daniel Black ef903db3c9 ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
11 years ago
Daniel Black cfb7dba268 DOC: merge ChangeLog
11 years ago
Daniel Black b589533d69 Merge branch 'master' into kwirk-merge
11 years ago
Daniel Black fd7cc5bda7 BF: duplicate regex match fixed
11 years ago
Daniel Black 6a56727669 BF: apache-common regex - datetime could be entirely consumed
11 years ago
Daniel Black a9eb8a76c6 merge of change log and apache-auth differences
11 years ago
Steven Hiscocks 4e5feed7fc Merge pull request #8 from grooverdan/gh-303-merge-2
11 years ago
Daniel Black aad7d08451 BF: disable filter expressions without tests
11 years ago
Yaroslav Halchenko 42f3aa9f62 Merge pull request #329 from grooverdan/bind-unauth-zonetransfer
11 years ago
Daniel Black 6a36ff1a4a BF: order mailx arguments with dest email address last - redhat bugzilla 998020. Closes gh-328
11 years ago
Daniel Black c44328b1a3 ENH: new "realm mismatch" message from https://issues.apache.org/bugzilla/show_bug.cgi?id=55284#c8
11 years ago
Daniel Black ea7cba4205 ENH: trailing space as per discussion on gh-303
11 years ago
Daniel Black 61d43608ae ENH: filter.d/postfix - add filter for VRFY. Closes gh-322
11 years ago
Daniel Black 5d451bc4d6 ENH: add refused zone tranfer to named-refused filter. closes #323
11 years ago
Steven Hiscocks 53e16e07ad ENH: Minor tweak on previous commit proftpd regex changes
11 years ago
Steven Hiscocks 9002de069e ENH: Improve proftpd regex.
11 years ago
Orion Poplawski 31a78b2711 Use /var/run/fail2ban in config/action.d/dummy.conf
11 years ago
Yaroslav Halchenko e7d5e466b9 Merge branch 'enh/asterisk_and_dropbear_filters'
11 years ago
Yaroslav Halchenko 4e0ddc5f67 ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
11 years ago
Yaroslav Halchenko 9487ee5562 minor: consistent indentation in dropbear.conf
11 years ago
Daniel Black d8883f4346 DOC: Notes about 401 responses and how apache logs this
11 years ago
Daniel Black 7b2773889d TST: apache-auth filter - nonce timetravel tests + other expression fixes
12 years ago
Daniel Black 0fb04cb2f0 ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4)
12 years ago
Daniel Black 56faf7f5ad DOC: fix ChangeLog merge
12 years ago
Jamyn Shanley a355fab91b https://github.com/fail2ban/fail2ban/issues/306
12 years ago
Jamyn Shanley 8936f2cd02 fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
12 years ago
Steven Hiscocks 2f4aaa9fb9 ENH: Simplify sieve filter failregex
12 years ago
Steven Hiscocks b5639a8672 ENH: Simplify cyrus-imap filter fail regex
12 years ago
Daniel Black 8f532f9148 NIT: space remove
12 years ago
Daniel Black 7d7ef08145 ENH: authentication_id can be an imap4 quoted string, whatever that is, so using .+ as its id
12 years ago
Daniel Black abc4146079 ENH: perdition proxies other types hence daemon can include (perdidtion.(imap|pop)s?|managesieve). Also support local authentication resulting in the log message: local authentication failure
12 years ago
Steven Hiscocks cf1e5bdbc2 ENH: Tweak proftpd regex and add sample logs
12 years ago
Steven Hiscocks 8b9bafda79 ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples
12 years ago
Steven Hiscocks 4033857f63 ENH: Improve xinetd-fail regex and add sample logs
12 years ago
Steven Hiscocks a11f91b835 ENH: Improve cyrus-imap regex and add extra sample line
12 years ago
Steven Hiscocks 534be189dc ENH: Improve sieve regex and add sample line
12 years ago
Steven Hiscocks ab671b0b1a ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample
12 years ago
Steven Hiscocks 57a6c11260 ENH: Improve courierlogin regex and add sample logs
12 years ago
Steven Hiscocks bd175f0267 ENH: Improve cyrus-imap regex and add sample log file
12 years ago
Steven Hiscocks 83a80a29ea ENH: Improve couriersmtp and add sample logs
12 years ago
Steven Hiscocks eb2f0c9272 ENH: Improve postfix regex and add more samples
12 years ago
Daniel Black 5cfe108186 ENH: filter enhancements (with test cases) for apache-auth (httpd-2.4.4)
12 years ago
Daniel Black 6fdfd8d356 BF: fix port
12 years ago
Daniel Black eea5b071e6 ENH: jail for perdition
12 years ago
Daniel Black fcf79b475f ENH: new filter perdition.conf
12 years ago
Daniel Black 03ec7c211b ENH: could not find a way to trigger filter ^%(_apache_error_client)s authorization failure \(no authenticated user\): \S*\s*$
12 years ago
Daniel Black 8ce9c78474 TST: apache-auth digest logs
12 years ago
Daniel Black f8b5b3a1ef ENH: apache-auth - quite a lot of authorization failure messages depending on module. Make a wildcard
12 years ago
Daniel Black 4eca2c0bd5 TST: apache-auth client denied by server configuration
12 years ago
Daniel Black e0292913eb ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner
12 years ago
Yaroslav Halchenko f6a8a04cf3 ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback
12 years ago
Yaroslav Halchenko 8add63c733 ENH: anchor roundcube-auth at the beginning as well
12 years ago
Steven Hiscocks 728399c39e Merge pull request #281 from kwirk/dovecot-filter
12 years ago
Daniel Black ab10664b57 ENH: action.d/hostsdeny to take daemon_list arguement as suggested in README.Solaris
12 years ago
Steven Hiscocks 606e97683b BF: jail.conf multiport actions previously using single port iptables
12 years ago
Daniel Black 975999591f ENH/DOC: more realm mismatch errors. Documented filter design criteria
12 years ago
Daniel Black 10e3be857a ENH: apache-auth filter added mod_auth_digest message
12 years ago
Daniel Black 384b72a535 ENH: apache-auth filter - client wrong auth
12 years ago
Daniel Black fce431add8 ENH: add mod_authz_core failures to apache-auth
12 years ago
Daniel Black 6ce41a611d BF: fix filter on apache-auth. Closes #286
12 years ago
Daniel Black 1d6d5a7aae DOC: ChangeLog merge confict
12 years ago
Daniel Black 5412d7336f DOC: ChangeLog confict
12 years ago
Daniel Black 619603fe05 BF: match asterisk InvalidPassword correctly
12 years ago
Steven Hiscocks bfa2b9dec3 ENH: dovecot filter additions for session, time value and blank user
12 years ago
Yaroslav Halchenko 04b8069cee ENH: adjust sendmail-whois 'active' example to have also sendername in it
12 years ago
Alexander Dietrich 2155f6bfa5 Update ChangeLog and jail.conf example
12 years ago
Daniel Black d6dece4900 ENH: Split log and provide jail examples
12 years ago
Alexander Dietrich da594075f3 Move sendmail settings to common file, make sender name configurable
12 years ago
Yaroslav Halchenko e6ebcf6687 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
12 years ago
Yaroslav Halchenko f0f237fa05 Merge pull request #269 from grooverdan/asterisk
12 years ago
Daniel Black e6823149a1 ENH: remove non-capturing groups for readibility
12 years ago
Daniel Black aebd24ec54 BF: replace with ed so its cross platform, fixes permission problem gh-266, and Yaroslav doesn't revert to perl
12 years ago
Daniel Black 4777cfd4e7 ENH: split out exim-spam into speparate filter
12 years ago
Daniel Black ca996ace5e ENH: remove temporary failures from local_scan in line with comments in gh-258
12 years ago
Daniel Black 9757e1df2b ENH: make groupings non-capturing
12 years ago
Daniel Black 72f9e6a51e ENH/TST: more samples and rejection types for sender verify fail and rejected RCPT
12 years ago
Daniel Black 3b76fc79f9 BF: fix dovecot filter for when no TLS is enabled on pop/imap
12 years ago
Daniel Black 0086a7edab ENH: missed a $
12 years ago
Yaroslav Halchenko 1b170b2aef BF: support apache 2.4 more detailed error log format. Close #268
12 years ago
Yaroslav Halchenko 6d331bcbea BF: make colon after [daemon] optional. Close #267
12 years ago
Daniel Black fa7a105483 ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
12 years ago
Daniel Black 25c3bbfc2f DOC: credits/blame to me for changes to exim
12 years ago
Daniel Black b8cfda68b8 ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries
12 years ago
Daniel Black d441d61a1e TST/ENH: Improve regex around exim
12 years ago
Yaroslav Halchenko 9d4b613ee4 Merge branch '3proxy' of https://github.com/grooverdan/fail2ban
12 years ago
Yaroslav Halchenko 173fe48e77 Merge branch 'exim' of https://github.com/grooverdan/fail2ban
12 years ago
Yaroslav Halchenko ec629ab4e8 Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban
12 years ago
Yaroslav Halchenko ab2c738b43 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
12 years ago
Daniel Black 8cc13b5b40 BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
12 years ago
Daniel Black a433a8ea5f ENH: readibility thanks to Yaroslav
12 years ago
Yaroslav Halchenko 948be73115 Merge branch 'assp' of https://github.com/grooverdan/fail2ban
12 years ago
Yaroslav Halchenko 09302c5c25 ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
12 years ago
Daniel Black 7018d81244 BF: missed a space
12 years ago
Daniel Black a447aa615d BF: [SSL-out] is optional in assp
12 years ago
Daniel Black d4940563d3 ENH: regex hardening on assp
12 years ago
Daniel Black 6a09ecff5c ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
12 years ago
Daniel Black 9940cd1b6b ENH: proftpd chan accept usernames with spaces
12 years ago
Daniel Black dbe7ffe050 ENH: dovecot regexs rewritten and extra failures
12 years ago
Daniel Black 4c67a269bf ENH: proftp regex hardening and log messages
12 years ago
Daniel Black 3e3802512a ENH/BF: exim improvements with sample
12 years ago
Daniel Black 88b4598ed8 BF: fix to proxy port in 3proxy example
12 years ago
Daniel Black 9dbaec0894 ENH: sample log + more specific regex
12 years ago
Daniel Black 8faf84b7f7 BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
12 years ago
Yaroslav Halchenko 6ccd57813c BF: anchor apache- filters. Close #248
12 years ago
Daniel Black fd9f9f16e0 BF: need to anchor the start to avoid another repeat of DoS injection like Apache
12 years ago
Daniel Black f2fa4d53a8 ENH: stricter regex thanks to Steven Hiscocks (kwirk)
12 years ago
Daniel Black 16d63434ef DOC: credits
12 years ago
Carlos Alberto Lopez Perez 47b063b022 Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
12 years ago
Daniel Black 05c88bd85d ENH: purge a few more .*
12 years ago
Daniel Black 4cf402d60e ENH/BF: constrain regex. Fix ACL error regex
12 years ago
Daniel Black 0f7b609336 ENH: port optional
12 years ago
Daniel Black 278fd43429 Merge branch 'patch-1' of https://github.com/silviogarbes/fail2ban into asterisk-227
12 years ago
Terence Namusonge 244a96f9b3 fixed failregex line for roundcube 0.9+
12 years ago
Yaroslav Halchenko d2b1c73b92 CFG: assure actions for all the jails
12 years ago
Yaroslav Halchenko 89e06bba15 BF: blocktype must be defined within [Init] -- adding [Init] section. Close #232
12 years ago
silviogarbes 5c8fb68a2c Update asterisk.conf
12 years ago
Yaroslav Halchenko 90b8433ac5 DOC: inline commends with ';' are in effect only if ';' follows as space
12 years ago
Yaroslav Halchenko 2b1e19933f Merge branch 'master' of git://github.com/fail2ban/fail2ban
12 years ago
Yaroslav Halchenko 976a65bb89 Merge branch 'bsd_logs' of https://github.com/grooverdan/fail2ban
12 years ago
Yaroslav Halchenko 5accc10a47 Merge pull request #206 from grooverdan/bsd_ipfw
12 years ago
Yaroslav Halchenko 0ae49ab11e Merge branch 'bsd_pf' of https://github.com/grooverdan/fail2ban
12 years ago
Yaroslav Halchenko e85914cef8 Merge pull request #215 from grooverdan/reject_no_drop_by_default
12 years ago
Daniel Black 9c03ee6d9e ENH: consolidate where blocktype is defined for iptables rules
12 years ago
Daniel Black c7fd777966 BF: default type to unreachable
12 years ago
Daniel Black de56347619 ENH: separate out regex and escape a .
12 years ago