Commit Graph

26 Commits (766d2b8d742cf207f3321b27bf74fce2760a8eb7)

Author SHA1 Message Date
sebres 2c13cba73d loosening for denied suffix (would match no matter which reason in parenthesis);
add coverage for denied with "(allow-query-cache did not match)"
2024-03-25 16:35:20 +01:00
Rudimar Remontti fd7657f9a9 Update named-refused.conf 2024-03-25 16:35:16 +01:00
sebres d8e2b03a24 `filter.d/named-refused.conf` extended (closes gh-3388):
- support BIND named log categories
  - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)
2022-11-03 11:41:21 +01:00
Sergey G. Brester a2264dcef0
Merge pull request #2636 from brianjmurrell/patch-2
FreeIPA renames named to named-pkcs11
2022-06-21 14:19:16 +02:00
Sergey G. Brester 3e9321e71b
non-capturing group and any variant of suffix 2022-06-21 14:15:38 +02:00
sebres 73b39e0894 filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp)
closes gh-2899
2020-12-29 21:22:47 +01:00
Brian J. Murrell 2fd6b478a9
FreeIPA renames named to named-pkcs11
FreeIPA renames the BIND9 named daemon to named-pkcs11, so extend the
REGEX match to look for either variant.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
2020-02-16 10:38:36 -05:00
sebres 91923b5c07 don't need to match identifier exactly (@ is precise enough as prefix), not capturing group;
`prefregex` extended, more selective now (denied/NOTAUTH suffix moved from `failregex`, so no catch-all there anymore);
update ChangeLog
2019-07-29 13:21:00 +02:00
Joe Horn 4395469226 Update named-refused.conf
Log format changed since ver. 9.11.0
Ref. ftp://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html
"The logging format used for querylog has been altered. It now includes an additional field indicating the address in memory of the client object processing the query."
2019-07-29 13:06:49 +02:00
sebres 22afdbd536 Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 15:54:59 +01:00
Guillaume FRANCOIS 9269664350 Add ignoreregex to avoid warning on start 2014-11-12 10:30:28 +01:00
Daniel Black 47d35c9d80 MRG: 0.8.11 to 0.9
Epnoc of selinux is now true UTC

Merge multiline support and date detection in filter
2013-11-02 15:59:05 +11:00
Daniel Black 89fd792dfb DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-31 00:02:59 +11:00
Daniel Black de9977441a DOC: move named and mysql instructions into the filters from jail.conf 2013-10-30 21:12:16 +11:00
Daniel Black 8c1b828423 BF: capture of microseconds no longer needed. Closes gh-341 2013-09-09 03:41:12 +10:00
Daniel Black d0098b0213 ENH: add timezone offest and subsecond support to Datedetector 2013-09-09 03:37:59 +10:00
Daniel Black 15f2f38972 ENH: anchor regex at start 2013-08-28 12:32:40 +10:00
Daniel Black a401d11644 ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied 2013-08-28 00:53:08 +10:00
Daniel Black ef903db3c9 ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333 2013-08-25 22:44:30 +10:00
Daniel Black 5d451bc4d6 ENH: add refused zone tranfer to named-refused filter. closes #323 2013-08-18 22:19:31 +10:00
Daniel Black 495f2dd877 DOC: purge of svn tags 2013-05-03 16:03:38 +10:00
Daniel Black 0ac8746d05 ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458 2013-04-28 11:03:44 +10:00
Cyril Jaquier 55fd21ec4b - Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@730 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-09 20:27:35 +00:00
Cyril Jaquier 11c8c71014 - Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@699 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-05-21 22:17:00 +00:00
Cyril Jaquier 938297138b - Fixed named filter. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@616 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-27 21:03:33 +00:00
Cyril Jaquier a3ace8040b - Added filter file for named (bind9). Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@608 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:21:15 +00:00