sebres
2c13cba73d
loosening for denied suffix (would match no matter which reason in parenthesis);
...
add coverage for denied with "(allow-query-cache did not match)"
2024-03-25 16:35:20 +01:00
Rudimar Remontti
fd7657f9a9
Update named-refused.conf
2024-03-25 16:35:16 +01:00
sebres
d8e2b03a24
`filter.d/named-refused.conf` extended (closes gh-3388):
...
- support BIND named log categories
- allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)
2022-11-03 11:41:21 +01:00
Sergey G. Brester
a2264dcef0
Merge pull request #2636 from brianjmurrell/patch-2
...
FreeIPA renames named to named-pkcs11
2022-06-21 14:19:16 +02:00
Sergey G. Brester
3e9321e71b
non-capturing group and any variant of suffix
2022-06-21 14:15:38 +02:00
sebres
73b39e0894
filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp)
...
closes gh-2899
2020-12-29 21:22:47 +01:00
Brian J. Murrell
2fd6b478a9
FreeIPA renames named to named-pkcs11
...
FreeIPA renames the BIND9 named daemon to named-pkcs11, so extend the
REGEX match to look for either variant.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
2020-02-16 10:38:36 -05:00
sebres
91923b5c07
don't need to match identifier exactly (@ is precise enough as prefix), not capturing group;
...
`prefregex` extended, more selective now (denied/NOTAUTH suffix moved from `failregex`, so no catch-all there anymore);
update ChangeLog
2019-07-29 13:21:00 +02:00
Joe Horn
4395469226
Update named-refused.conf
...
Log format changed since ver. 9.11.0
Ref. ftp://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html
"The logging format used for querylog has been altered. It now includes an additional field indicating the address in memory of the client object processing the query."
2019-07-29 13:06:49 +02:00
sebres
22afdbd536
Several filters optimized with pre-filtering using new option `prefregex`
2017-02-21 15:54:59 +01:00
Guillaume FRANCOIS
9269664350
Add ignoreregex to avoid warning on start
2014-11-12 10:30:28 +01:00
Daniel Black
47d35c9d80
MRG: 0.8.11 to 0.9
...
Epnoc of selinux is now true UTC
Merge multiline support and date detection in filter
2013-11-02 15:59:05 +11:00
Daniel Black
89fd792dfb
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page
2013-10-31 00:02:59 +11:00
Daniel Black
de9977441a
DOC: move named and mysql instructions into the filters from jail.conf
2013-10-30 21:12:16 +11:00
Daniel Black
8c1b828423
BF: capture of microseconds no longer needed. Closes gh-341
2013-09-09 03:41:12 +10:00
Daniel Black
d0098b0213
ENH: add timezone offest and subsecond support to Datedetector
2013-09-09 03:37:59 +10:00
Daniel Black
15f2f38972
ENH: anchor regex at start
2013-08-28 12:32:40 +10:00
Daniel Black
a401d11644
ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied
2013-08-28 00:53:08 +10:00
Daniel Black
ef903db3c9
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
2013-08-25 22:44:30 +10:00
Daniel Black
5d451bc4d6
ENH: add refused zone tranfer to named-refused filter. closes #323
2013-08-18 22:19:31 +10:00
Daniel Black
495f2dd877
DOC: purge of svn tags
2013-05-03 16:03:38 +10:00
Daniel Black
0ac8746d05
ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458
2013-04-28 11:03:44 +10:00
Cyril Jaquier
55fd21ec4b
- Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@730 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-09 20:27:35 +00:00
Cyril Jaquier
11c8c71014
- Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@699 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-05-21 22:17:00 +00:00
Cyril Jaquier
938297138b
- Fixed named filter. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@616 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-27 21:03:33 +00:00
Cyril Jaquier
a3ace8040b
- Added filter file for named (bind9). Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@608 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:21:15 +00:00