Commit Graph

1940 Commits (766d2b8d742cf207f3321b27bf74fce2760a8eb7)

Author SHA1 Message Date
sebres 970573d1cb Merge branch '0.11' 2022-01-18 16:17:49 +01:00
sebres 35d73d9758 Merge branch '0.10' into 0.11 2022-01-18 16:17:07 +01:00
sebres bf689c27b8 filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of f77398c49d);
closes gh-3086
2022-01-18 15:42:35 +01:00
sebres 8bf15db688 filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port;
closes gh-3169
2022-01-18 15:41:27 +01:00
sebres 80805cabfc Merge branch '0.11' 2021-11-03 16:01:00 +01:00
sebres 0b3ad780fe Merge branch '0.10' into 0.11 2021-11-03 15:48:21 +01:00
sebres 4b54a07d71 Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;"
This reverts the incompatibility #3047 introduced by commit a038fd5dfe (#2821).
2021-11-01 11:45:40 +01:00
Sylvestre Ledru 3245b8018b
Add the Debian path to roundcube error logs 2021-10-23 17:38:20 +02:00
Sergey G. Brester ba839af8ad
filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116) 2021-10-01 15:03:24 +02:00
sebres 10cd815525 merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:06:06 +02:00
sebres c03fe6682c merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:04:46 +02:00
sebres 410a6ce5c8 fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence 2021-06-21 17:12:53 +02:00
sebres 579c6a94af filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040) 2021-06-10 15:23:24 +02:00
sebres 43f2923fbd filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user";
both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters
2021-06-10 15:06:54 +02:00
Sergey G. Brester bbfff18280
action.d/ufw.conf: amend to #3018: parameter `kill-mode` extended with conntrack 2021-06-03 12:02:08 +02:00
sebres c7a86b4616 action.d/firewallcmd-ipset.conf: amend to #2620:
- combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`);
- IPv6-capability for firewalld ipset;
- no internal timeout handling by default;
- no permanent rules yet
2021-05-29 22:59:55 +02:00
Sergey G. Brester 2a508da5a0
Merge pull request #2620 from mspolitaev/master
Using native firewalld ipset implementation
2021-05-29 21:30:55 +02:00
sebres 38535b0cca Merge branch '0.11' into master 2021-05-29 21:25:24 +02:00
sebres d2f5c7de09 Merge branch '0.10' into 0.11 2021-05-29 21:24:11 +02:00
sebres 92f90038fa filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553 2021-05-29 21:12:34 +02:00
sebres 8b984a0135 filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553) 2021-05-29 20:47:56 +02:00
sebres 6be1a5a0b1 filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880) 2021-05-29 20:25:28 +02:00
sebres 8afea37494 filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757) 2021-05-29 20:09:57 +02:00
sebres c5f1598a21 filter.d/postfix.conf: extended to cover new vectors:
- reject: BDAT/DATA from (gh-2927)
- (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else)
- matches "Command rejected" and "Data command rejected" now
2021-05-29 19:48:24 +02:00
sebres ae3e9b9149 filter.d/postfix.conf: extended to cover 2 new vectors:
- RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995
- 550 5.7.25 Client host rejected, gh-2996
review combining several regex to single one
2021-05-29 19:21:27 +02:00
sebres 87f717e0e0 filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012) 2021-05-29 18:45:59 +02:00
Sergey G. Brester 3d52fe3e4e
Merge pull request #2679 from mikaku/updated-to-latest-jail.conf
Add new jail (and filter) Monitorix
2021-05-27 12:17:16 +02:00
sebres 0a05dbdbfc Merge branch '0.11' into master 2021-05-25 23:19:25 +02:00
sebres 3312b8cb95 Merge branch '0.10' into 0.11 2021-05-25 23:18:33 +02:00
sebres 1627d4f573 filter.d/sendmail-auth.conf: user not found, closes gh-3030 2021-05-25 23:16:29 +02:00
Sergey G. Brester f07e0f7ade
Merge pull request #2984 from j-marz/zoneminder_filter_update
Zoneminder filter update
2021-05-21 13:03:33 +02:00
Sergey G. Brester ec4e0dd65b
padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name) 2021-05-21 13:00:24 +02:00
j-marz 2367ad115c fixed typo in comment 2021-05-20 09:15:45 +10:00
Sergey G. Brester 3f9cf27853
filter.d/apache-fakegooglebot.conf: better, more precise regex and datepattern (closes possible weakness like #3013) 2021-05-11 13:47:48 +02:00
usernamepi 4f8427178a
Missing comment "#" (#3022)
Missed this ... but the logs showed it.
2021-05-07 18:23:40 +02:00
usernamepi 88f779ed24
ufw.conf, amend to #3018 - add missing option for comment (#3019) 2021-05-06 23:23:39 +02:00
Sergey G. Brester 8f6a8df3a4
added new options `kill-mode` and `kill`, which makes the drop of all connections optional 2021-05-06 21:47:06 +02:00
Sergey G. Brester 5debaa4cac
option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat) 2021-05-06 20:23:58 +02:00
usernamepi e4e7a83cff
Update ufw.conf
Prerequisites:
* The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY.
* Ufw version is => 0.36 (released in 2018)

* Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses.
* Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532
* Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open.
   Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option.
   My system apparently is compiled that way.
2021-05-06 13:44:36 +02:00
sebres 71ce548117 Merge branch '0.11' 2021-04-27 14:05:53 +02:00
sebres b5b615731e Merge branch '0.10' into 0.11 2021-04-27 14:03:49 +02:00
sebres f0214b3d36 filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments 2021-04-20 18:13:40 +02:00
Sergey G. Brester ab0847e2d5
more precise anchored RE (also combining all 3 REs in a single regex) 2021-04-14 13:06:58 +02:00
Jordi Sanfeliu 7d173b7ce0
Merge branch 'master' into updated-to-latest-jail.conf 2021-04-13 20:24:08 +02:00
sebres 6893d5a8b7 Merge remote-tracking branch 'remotes/gh-upstream/0.11' into master 2021-04-11 19:05:02 +02:00
Sergey G. Brester d74dd9321b
Merge pull request #2565 from caronc/0.11
Add Apprise Support (50+ Notifications)
2021-04-04 00:24:21 +02:00
Sergey G. Brester b2f6a3a658
remove unneeded substitution
it is enough to add `apprise` to action
2021-04-04 00:21:59 +02:00
Sergey G. Brester dda70d60c0
Merge branch 'master' into master 2021-04-04 00:04:08 +02:00
Michele Mondelli 7579072e3b docs: fix typos 2021-04-03 23:49:23 +02:00
Sergey G. Brester 4eba9f2a4b
Merge pull request #2950 from sunweaver/pr/scanlogd-filter
Add support for filtering out detected port scans via scanlogd.
2021-04-03 23:36:14 +02:00
Sergey G. Brester 2d51240b3e
correction for default log interpolation and added allports banaction 2021-04-03 23:33:49 +02:00
Sergey G. Brester 977dfe4bd7
small amend: sport after saddr is optional
format of message: saddr[:sport] to daddr [and others,] ports port[, port...], ..., flags[, TOS TOS][, TTL TTL] @HH:MM:SS
2021-04-03 23:29:16 +02:00
Sergey G. Brester 14edeed310
fixed regex (don't need to match whole line, e. g. every port etc) 2021-04-03 23:24:55 +02:00
Sergey G. Brester 080dd12288
Merge pull request #2965 from oukb/patch-1
nsd.conf: fix for the current log format
2021-04-03 21:02:03 +02:00
Sergey G. Brester a838deba7f
restore anchor (e. g. catch all in the middle), dot is optional now, RE rewritten a bit more precise 2021-04-03 21:00:14 +02:00
sebres 7f38b80d35 precise regex (left anchor and fewer catch-all's); fixed tests (added failJSON and more tests for some corner-cases around new RE) 2021-04-03 20:16:47 +02:00
Rüdiger Olschewsky 9eaa2322b0 Filter and Defaults for Microsoft SQL Server 2021-04-03 19:30:29 +02:00
Markus Felten 5aa20c30d8 fix: add journalmatch to nginx filters 2021-04-03 19:20:50 +02:00
j-marz 5d8f500471 updated formatting to pass tests 2021-03-29 08:36:53 +11:00
j-marz 2686811593 Updated zoneminder filter
Support new log format, ERR instead of WAR. Add detection of non-existent user login attempts
2021-03-28 21:19:10 +11:00
oukb 529866b2bb
nsd.conf: fix for the current log format
New nsd 4.3.5 log format:

|  [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
|  [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches
|  [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches
|  [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
2021-03-08 19:14:28 +03:00
Mike Gabriel f15ed35619 config/: Add support for filtering out detected port scans via scanlogd. 2021-03-05 16:35:13 +01:00
sebres fb08534ed7 Merge branch '0.11' 2021-03-03 18:17:35 +01:00
sebres 3eaefe8da0 Merge branch '0.10' into 0.11 2021-03-03 18:16:47 +01:00
sebres a45b1c974c filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast);
closes gh-2951
2021-03-02 19:35:27 +01:00
sebres 63acc862b1 `action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action 2021-02-24 18:21:42 +01:00
sebres fb6315ea5e Merge branch '0.10' into 0.11 2021-02-24 13:16:36 +01:00
sebres 6f4b6ec8cc action.d/badips.* removed (badips.com is no longer active, gh-2889) 2021-02-24 13:05:04 +01:00
Sergey G. Brester a2f0dbad87
Merge pull request #2742 from aresxc/patch-1
Update  drupal-auth.conf
2021-02-11 19:10:55 +01:00
Sergey G. Brester d678440658
more precise RE (avoids weakness with catch-all's and is injection safe) 2021-02-11 18:32:32 +01:00
sebres ea26509594 Merge branch '0.11' 2021-02-03 14:59:00 +01:00
sebres 6198b4566c Merge branch '0.10' into 0.11 2021-02-03 14:47:56 +01:00
Brian J. Murrell dc4ee5aa47 Add transport to asterisk RE
Call rejection messages from Asterisk can have the transport prefixed to the IP address.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
2021-01-31 15:22:16 +01:00
sebres c75748c5d3 fail2ban.conf: added new fail2ban configuration option "allowipv6" (default auto), can be used to allow or disallow IPv6 interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces).
closes gh-2804
2021-01-27 17:06:14 +01:00
sebres 21dd317870 Merge branch '0.11' 2021-01-21 19:13:13 +01:00
sebres dbc77c47c3 Merge branch '0.10' into 0.11 2021-01-21 19:11:01 +01:00
Sergey G. Brester 5f3f4d1e2f
action.d/cloudflare.conf: better IPv6 capability
closes gh-2891
2021-01-11 15:23:40 +01:00
sebres 9df332fdef filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...);
closes gh-2908
2021-01-11 15:10:53 +01:00
sebres 2c60d08b28 Merge '0.11' (fix gh-2899) into master 2020-12-29 21:27:02 +01:00
sebres fe334590cd Merge branch '0.10' into 0.11 2020-12-29 21:25:09 +01:00
sebres 73b39e0894 filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp)
closes gh-2899
2020-12-29 21:22:47 +01:00
defanor ba7daef86c Handle postscreen's PREGREET and HANGUP messages
Provoking those seems to be a popular activity among spammers.
2020-12-24 17:29:09 +03:00
stepodev cecc3d62ff add mode explanation to nginx-http-auth in jail.conf 2020-11-30 12:26:32 +01:00
stepodev d0ba27cf46 move nginx-tls-fallback rules to nginx-http-auth 2020-11-30 12:14:49 +01:00
Sergey G. Brester d959f6d199
Update nginx-tls-fallback.conf
more precise and conclusive regex without catch-all's
2020-11-26 12:25:32 +01:00
stepodev c0256724a7 fix monitoring wrong error log. was access log, should be error.log 2020-11-25 21:30:21 +01:00
stepodev 27c40a77a3 add nginx-tls-downgrade 2020-11-25 20:59:43 +01:00
sebres a03109d096 Merge branch '0.11' into master (0.11.2 released) 2020-11-24 12:41:10 +01:00
sebres b78d1e439a Merge branch '0.10' into 0.11 2020-11-23 21:35:32 +01:00
Sergey G. Brester 753fff9c15
amend to #2750, add jail for new filter nginx-bad-request 2020-11-23 18:38:41 +01:00
Sergey G. Brester 071048b8f2
Merge pull request #2750 from janprzy/master
Added filter nginx-bad-request
2020-11-23 18:28:07 +01:00
sebres 7965d652a1 filter.d/dovecot.conf: allow more verbose logging
closes #2573
2020-11-23 18:17:29 +01:00
sebres a6de9459fc typo 2020-11-23 18:08:38 +01:00
RyuaNerin bba8844af8 typo 2020-11-23 18:07:49 +01:00
mpoliwczak834 595ee7ed74 add submission 2020-11-23 17:42:12 +01:00
mpoliwczak834 0c12cb7970 add managesieve support dovecot filter 2020-11-23 17:42:11 +01:00
sebres cc64ef25f6 filter.d/apache-noscript.conf: extended to match "script not found" with error AH02811 (and cgi-bin path segment in script)
closes gh-2805
2020-11-23 17:25:41 +01:00
sebres adbfdc222d Merge branch '0.10' into 0.11 2020-11-11 11:17:15 +01:00
Sergey G. Brester 1c1a9b868c
no catch-alls, user name and error message stored in ticket 2020-11-09 15:36:30 +01:00
benrubson 840f0ff10a Add Grafana jail 2020-11-09 15:31:06 +01:00
sebres 25e006e137 review and small tweaks (more precise and safe RE) 2020-11-09 13:43:59 +01:00
Mart124 df659a0cbc Add Bitwarden syslog support 2020-11-09 13:34:39 +01:00
Sergey G. Brester 472bdc437b
Merge pull request #2723 from benrubson/softether
Add SoftEtherVPN jail
2020-11-09 13:23:25 +01:00
Sergey G. Brester 010e76406f
small tweaks (both 2nd time and facility are optional, avoid catch-all, etc) 2020-11-09 13:19:25 +01:00
sebres 66ff90408f Merge branch '0.10' into 0.11 2020-11-09 12:45:29 +01:00
sebres d4adec7797 Merge branch '0.9' into 0.10 2020-11-09 12:44:07 +01:00
sebres 5430091acb jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868) 2020-11-09 12:43:34 +01:00
benrubson ec873e2dc3 Add SoftEtherVPN jail 2020-11-05 23:56:30 +01:00
sebres 6ef69b48ca Merge branch '0.10' into 0.11 2020-11-05 16:12:31 +01:00
sebres 02525d7b6f filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended with new rule closing flood attack vector, matching:
error: kex_exchange_identification: Connection closed by remote host
(gh-2850)
2020-10-08 21:07:51 +02:00
sebres 2817a8144c `action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used) 2020-09-29 13:33:40 +02:00
sebres 1418bcdf5b `action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836) 2020-09-29 12:35:49 +02:00
sebres d253e60a8b Merge branch '0.10' into 0.11 2020-09-23 19:39:50 +02:00
Sergey G. Brester d977d81ef7
action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos 2020-09-17 12:39:08 +02:00
sebres 74b73bce8a Merge branch '0.10' into 0.11 2020-09-04 13:09:47 +02:00
sebres a038fd5dfe `action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;
small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules);
closes gh-2821
2020-09-03 16:41:23 +02:00
Sergey G. Brester 70c601e9e5
involve config parameter (replaces hard-coded path); fixed typo in actionban (looks like copy&paste from trimmed tty) 2020-09-02 20:47:05 +02:00
sebres 4d2734dd86 Merge branch '0.10' into 0.11 2020-09-02 20:23:07 +02:00
sebres ed20d457b2 jail.conf: removed action parameter `name` that set on jail-name (`name=%(__name__)s` is default in action reader) 2020-09-02 20:14:31 +02:00
sebres db1f3477cc amend to 3f04cba9f92a1827d0cb3dcb51e57d9f60900b4a: sendmail-auth has 2 failregex now, so rewritten with prefregex 2020-08-27 18:07:42 +02:00
sebres 3f04cba9f9 filter `sendmail-auth` extended to follow new authentication failure message introduced in sendmail 8.16.1, AUTH_FAIL_LOG_USER (gh-2757) 2020-08-27 17:44:25 +02:00
sebres 07fa9f2912 fixes gh-2787: allow to match `did not issue MAIL/EXPN/VRFY/ETRN during connection` non-anchored with extra mode (default names may deviate);
additionally provides common addr-tag for IPv4/IPv6 (`(?:IPv6:<IP6>|<IP4>)`) and test-coverage for IPv6
2020-08-27 17:04:19 +02:00
sebres e9071b642a Merge branch '0.10' into 0.11 2020-08-25 18:28:18 +02:00
benrubson 1707560df8 Enhance Guacamole jail 2020-08-25 13:01:50 +02:00
Chris Caron 2216fd8da4 Add Apprise Support (50+ Notifications) 2020-08-04 19:04:05 -04:00
sebres 067b76fc9e Merge branch '0.10' into 0.11 2020-08-04 15:40:59 +02:00
sebres 9100d07c03 Merge branch '0.10-ipset-tout' into 0.10, amend to #2703: resolves names conflict (command action timeout and ipset timeout); closes #2790 2020-08-04 13:53:21 +02:00
sebres 62a6771b33 Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763
action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)
2020-08-04 13:51:20 +02:00
sebres 73a8175bb0 resolves names conflict (command action timeout and ipset timeout); closes gh-2790 2020-08-04 13:22:02 +02:00
Sergey G. Brester 08dbe4abd5
fixed comment for loglevel, default is INFO 2020-07-03 13:45:29 +02:00
sebres 309c8dddd7 action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`) 2020-06-24 19:20:36 +02:00
Jan Przybylak a5ab4406d8 Removed unnecessary escape sequence
This commit also contains changes to match requests that are 100% empty (by using "*" instead of "+" in the regex)
2020-06-21 18:24:09 +02:00
Jan Przybylak d7ef5d166d Removed vulnerable catchall & anchor 2020-06-11 16:44:48 +02:00
sebres 1da9ab78be Merge branch '0.10' into 0.11 2020-06-11 12:52:13 +02:00
sebres 5a0edf61c9 filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749) 2020-06-08 14:38:26 +02:00
Jan Przybylak 3c83c19070 Added filter nginx-bad-request 2020-06-06 19:51:46 +02:00
aresdr 412120ac3c
Update drupal-auth.conf
Small fix for Drupal 8. D8 uses "Login attempt failed from" while D7 uses "Login attempt failed for".
The referer part is a must currently, but some requests did not have one and are not failing.
2020-05-30 15:25:31 -07:00
sebres 1588200274 Merge branch '0.10' into 0.11 2020-05-25 18:58:05 +02:00
Sergey G. Brester 43f699b872
grammar / typos 2020-05-06 17:32:13 +02:00
Sergey G. Brester 368aa9e775
Merge pull request #2689 from benrubson/gitlab
New Gitlab jail
2020-05-04 19:19:13 +02:00
Sergey G. Brester 01e92ce4a6 added fallback using tr and sed (jq is optional now) 2020-04-27 19:26:46 +02:00
Sergey G. Brester 1c1b671c74 Update cloudflare.conf 2020-04-27 19:26:44 +02:00
Sergey G. Brester 5b8fc3b51a cloudflare: fixes ip to id conversion by unban using jq
normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)
2020-04-27 19:26:43 +02:00
Viktor Szépe 852670bc99 CloudFlare started to indent their API responses
We need to use https://github.com/stedolan/jq to parse it.
2020-04-27 19:26:39 +02:00
Ilya 8b3b9addd1 Change tool from 'cut' to 'sed'
Sed regex was tested - it works.
2020-04-27 19:12:36 +02:00
Ilya 5da2422f61 Fix actionunban
Add command to remove new line character. Needed for working removing rule from cloudflare firewall.
2020-04-27 19:12:35 +02:00
sebres 87a1a2f1a1 action.d/*-ipset*.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only) 2020-04-25 14:52:38 +02:00
sebres 6b90ca820f filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently:
- `normal`: matches 401 with supplied username only
  - `ddos`: matches 401 without supplied username only
  - `aggressive`: matches 401 and any variant (with and without username)
closes gh-2693
2020-04-23 13:08:24 +02:00
sebres affd9cef5f filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697) 2020-04-21 13:32:17 +02:00
sebres 06b46e92eb jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead);
no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357;
ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686);
don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.
2020-04-15 19:00:49 +02:00