github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,905 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

1916 Commits (77b052fdea51fe20cc6d56f3a11d59ce32e753ed)

Author SHA1 Message Date
Sergey G. Brester f63868b3e8
filter.d/apache-common.conf: remote besides client, gh-3622 2024-03-15 22:36:40 +01:00
Sergey G. Brester 529eb79ddb
Merge pull request #3692 from pingou2712/postfixSystemd 
Change journalmatch postfix
 2024-03-13 02:34:03 +01:00
Vincent Laffargue d260ed31d2 Maintain backward compatibility Postfix SYSTEMD_UNIT 2024-03-12 04:42:36 +01:00
Sergey G. Brester dd3c78ecab
filter.d/recidive.conf: conditional RE depending on logtype (for file or journal) 2024-03-11 17:49:06 +01:00
Vincent Laffargue 0b63fc312d Change Regex Recidive and journalmatch For Systemd Match 2024-03-10 10:56:35 +01:00
Vincent Laffargue 93082ead79 Change journalmatch postfix 2024-03-10 10:10:03 +01:00
Sergey G. Brester 45d7f3cb97
no space in any case 2024-03-08 11:43:46 +01:00
László Károlyi ff701e94c3
Add to postfix syslog daemon format 2024-03-07 20:23:50 +01:00
sebres 4f679a56e0 filter.d/sshd.conf: ddos/aggressive mode extended to match new messages caused by port scanner, wrong payload on ssh port: 
- message authentication code incorrect [preauth]
  - connection corrupted [preauth]
  - timeout before authentication
closes gh-3486
 2024-02-13 16:53:21 +01:00
Logic-32 b161e55ca7 Adding STARTTLS test with the help of aiosmtp. Make sure SMTP specifies host/port in addition to connect() due to bug with starttls. 2023-12-30 16:42:31 +01:00
Sergey G. Brester 6fb3198a41 attempt to fix action for 2.x 
self.host cannot be supplied to SMTP because it can contain port (but `connect` takes place few lines below)
 2023-12-30 16:42:27 +01:00
Logic-32 6a1da5e164 Removing logging in favor of just throwing. Removing user from message as it doesn't add any value. 2023-12-30 16:42:23 +01:00
Logic-32 419e380870 Add support for TLS SMTP connections. 2023-12-30 16:42:18 +01:00
sebres 3190febb27 IPv6 fix (second IP logged in form for IPv6); pam authentication failure (part of gh-3410) 2023-12-30 15:10:37 +01:00
sebres 093cd763ce filter.d/postfix.conf: "rejected" extended to match "Access denied" too; 
closes gh-3474
 2023-12-15 01:03:30 +01:00
sebres ff4a2a12fc filter.d/postfix.conf: avoid double counting ('lost connection after AUTH' together with message 'disconnect ...'); 
closes gh-3505
 2023-12-15 00:32:48 +01:00
Sergey G. Brester 5277e91013
Merge pull request #3503 from repcsi/pf_allproto 
BSD Pf allproto actiontype to block all communication from source on IP level
 2023-12-10 16:11:05 +01:00
sebres 0abba5dc6e more filters for nginx error-log supporting journal format now, added generalized include and __prefix_line 2023-12-10 15:21:20 +01:00
sebres b245225b13 filter.d/nginx-http-auth.conf: added optional prefix to support systemd-journal format and additional timestamp (optionally) in prefix 2023-12-10 14:39:21 +01:00
repcsi 199759f0ba added pf[protocol=all] options as recommended by sebres 2023-12-10 11:20:39 +01:00
Yaroslav Halchenko 8ef0d3c7a9 [DATALAD RUNCMD] run codespell throughout fixing typo automagically 
=== Do not change lines below ===
{
 "chain": [],
 "cmd": "codespell -w",
 "exit": 0,
 "extra_inputs": [],
 "inputs": [],
 "outputs": [],
 "pwd": "."
}
^^^ Do not change lines above ^^^
 2023-11-18 10:04:04 -05:00
Yaroslav Halchenko 81b2eb32d6 Add pragma to ignore a codespell-detected typoin postfix.conf 2023-11-18 10:03:50 -05:00
Sergey G. Brester eed319e896
gh-3604: filter.d/slapd.conf - switched to single-line processing 
closes gh-3604
 2023-10-18 16:06:56 +02:00
Sergey G. Brester 183f805ae3
amend 2023-10-16 11:41:05 +02:00
Sergey G. Brester 7931b67325
mysqld-auth.conf: better RE, optional suffix, non-capturing groups 2023-10-16 11:35:53 +02:00
Aliaksandr Yurchyk c55e9949dc
Fix issue with Mariadb 10.3 failed message 2023-10-16 01:35:15 +03:00
Sergey G. Brester f8f8c046a2
Merge pull request #3469 from vitkabele/routeros-auth 
New filter: routeros-auth.conf
 2023-09-02 18:56:04 +02:00
nodiscc 77f80e8c3f
action.d/*ipset*: make maxelem ipset option configurable through banaction arguments 
- previously there was no way to override this value and ipsets would stop being updated when full (Hash is full, cannot add more elements)
- preserve ipset's default value of 65536
- update tests
- Closes #3549
 2023-08-23 12:19:07 +02:00
sebres 99ff701678 remove support of python 2.x 2023-06-16 16:29:08 +02:00
sebres eebef0089c avoid double counting for "maximum authentication attempts exceeded" ("Disconnecting ..." is no failure anymore, now it's helper only); 
closes gh-3485
 2023-06-13 18:49:26 +02:00
Sergey G. Brester 66e195b0f3
jail.conf: comment only (time abbr format), no function changes 
closes gh-3522
 2023-06-10 14:15:52 +02:00
Sergey G. Brester 809b904106
filter.d/exim.conf: fixes "dropped: too many ..." regex and also matches unrecognized commands new vector 2023-04-24 15:40:53 +02:00
Sergey G. Brester e73748c442
Merge branch 'master' into mikrotik 2023-04-13 19:09:00 +02:00
Sergey G. Brester 9cbf59c827
anchored datepattern and added journalmatch (if monitoring systemd journal) 2023-03-23 12:16:13 +01:00
Sergey G. Brester 2c0360d178
Merge branch 'master' into nginx-forbidden 2023-03-23 12:01:50 +01:00
Sergey G. Brester c7f8b75e7e
action.d/cloudflare-token.conf: fixes #3479, url-encode args by unban 2023-03-15 15:03:48 +01:00
Duncan Bellamy 7dc32971f8 changed missed names 2023-03-08 12:16:35 +00:00
Duncan Bellamy 9b1417a169 apply suggestions 2023-03-08 09:29:03 +00:00
Sergey G. Brester d46ec3a555 add jail boundary to flush command for more precise targeting of jail (if some name may be equal to prefix of other name) 2023-03-08 09:17:13 +00:00
Duncan Bellamy 5781675a7d change startcomment and comment so correct rules are flushed 2023-03-08 09:17:13 +00:00
Duncan Bellamy ac2076ef4f change unban back to find comment so correct entry always deleted 2023-03-08 09:17:13 +00:00
Duncan Bellamy 0e3e9b1d7f Add flushaction 
Change unban to find by ip address not comment
 2023-03-08 09:17:13 +00:00
Duncan Bellamy 9997807fb3 Add action for mikrotik routerOS 2023-03-08 09:17:13 +00:00
Vít Kabele a2c77429b9 New filter: routeros-auth.conf (Closes #3469) 
Add filter to detect failed login attempts in the log produced by
MikroTik RouterOS.

- Add the filter to jail.conf
- Add testcase for the filter

Signed-off-by: Vít Kabele <vit@kabele.me>
 2023-03-02 09:25:24 +01:00
Sergey G. Brester efbbcb41ea
non capturing group 2022-11-18 12:32:15 +01:00
Sergey G. Brester 996553f330
review, simplify regex and capture user name 2022-11-18 12:31:11 +01:00
Andrey Alekseenko df91b047d2 Dante SOCKS server: handle "1 byte/second" case 
Thanks to @Loriowar and @sebres for pointing it out
 2022-11-17 23:22:56 +01:00
Andrey Alekseenko 05c162ef10 Create filter for Dante SOCKS server 2022-11-17 23:22:55 +01:00
Sergey G. Brester ae5fe2e003
amend to #3405, eliminate catch-all 2022-11-15 14:29:59 +01:00
sebres cbb097a2b3 small amend (non capturing group) 2022-11-14 18:56:01 +01:00