Commit Graph

939 Commits (79b61e009a97470ee849981f2b9d61baf4c77ca2)

Author SHA1 Message Date
Serg G. Brester e35ed1cdf7 Update ChangeLog
Changes of #1645
2017-04-21 11:24:32 +02:00
Serg G. Brester 17922b621c Update ChangeLog
replaced german in entry ;)
2017-04-20 15:23:59 +02:00
Georges Racinet 4fc6323ff0 haproxy-http-auth: avoid port number in IPv6 addresses
The solution taken is to consume the port number explicitely in
the regexp.
2017-04-07 13:59:22 +02:00
Serg G. Brester e7f1fc5cb3 Update ChangeLog
enhancements of #1743
2017-03-31 10:39:50 +02:00
Serg G. Brester 44a26c6159 Update ChangeLog
amend to gh-1742
2017-03-29 23:14:33 +02:00
sebres 873f97c6c5 Merge branch '0.9-log-level-msg' into 0.10 2017-03-27 11:36:36 +02:00
sebres 7982d1e627 Update ChangeLog 2017-03-27 11:31:41 +02:00
Serg G. Brester d26060ead0 Update ChangeLog
belongs to #1733
2017-03-27 09:38:53 +02:00
sebres 6c4b1c7204 Update ChangeLog 2017-03-23 15:54:53 +01:00
Serg G. Brester 7a03c964c2 Update ChangeLog 2017-03-21 14:04:18 +01:00
sebres 30b53bb2ce update ChangeLog and man/fail2ban-regex.1 2017-03-13 02:07:14 +01:00
sebres 8af7a73bfc update ChangeLog 2017-03-10 22:14:39 +01:00
sebres 52ed6597b2 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-03-09 16:27:14 +01:00
sebres 0f8cb1749f Update ChangeLog 2017-03-09 16:15:45 +01:00
Serg G. Brester d042981954 Merge pull request #1655 from ajcollett/0.10
Added config for AbuseIPDB
2017-03-09 15:15:26 +01:00
sebres 6a2c95da95 `action.d/sendmail-geoip-lines.conf` fixed using new tag `<ip-host>` (dns-cache and without external command execution);
changelog updated;
2017-03-08 16:51:08 +01:00
Serg G. Brester 32ac383d06 Update ChangeLog 2017-02-27 15:51:33 +01:00
Serg G. Brester 2fa18a74c4 Merge branch 'master' into master 2017-02-17 09:06:09 +01:00
Christoph Theis 861ce4177c #1689: Make lowest rule number in action.d/bsd-ipfw.conf configurable 2017-02-14 18:31:42 +01:00
sebres e8a1556562 Merge remote-tracking branch 'master' into 0.10
# Conflicts:
#	fail2ban/tests/samplestestcase.py
2017-01-21 16:59:41 +01:00
sebres 8aa9516d50 sshd.conf: fixed expression "received disconnect ... auth fail" - optional space after port part (gh-1652) 2017-01-21 16:18:03 +01:00
sebres c8f473110c change log update after rebase 2017-01-21 15:59:27 +01:00
sebres dd373dba9f test all config-regexp, that contains greedy catch-all before <HOST>, that is hard-anchored at end or precise sub expression after <HOST>;
new ssh rule(s) added:
- Connection reset by peer (multi-line rule during authorization process);
- No supported authentication methods available;
Single line and multi-line expression optimized, added optional prefixes and suffix (logged from several ssh versions);
closes gh-864
2017-01-21 15:53:48 +01:00
Serg G. Brester 5e08298b6b Update ChangeLog 2017-01-20 08:47:30 +01:00
Serg G. Brester 40f294e6bf Merge pull request #1663 from jjeziorny/netscaler-action
Introduced citrix netscaler action
2017-01-19 16:25:23 +01:00
Serg G. Brester 75b252e47f Update ChangeLog 2017-01-19 15:00:08 +01:00
Juliano Jeziorny 1fe554dd25 Introduced Citrix Netscaler action 2017-01-19 14:30:25 +01:00
Christoph Theis fe76cd9b7d #1667: changelog entry 2017-01-17 14:05:20 +01:00
sebres f35da076df ChangeLog entry 2017-01-16 09:55:01 +01:00
sebres de49f0c27f ChangeLog entry 2017-01-13 19:45:10 +01:00
sebres 7019640eb3 Merge branch 'fix-gh-1658' into 0.10 2017-01-10 12:59:51 +01:00
sebres a9523aefbb sshd.conf: fixed non-anchored part of regex (misleading match of colon inside IPv6 address instead of `: ` in the reason-part by missing space). 2017-01-10 12:58:44 +01:00
sebres c9f32f75e6 Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10) 2017-01-10 11:25:41 +01:00
sebres f8d35a7c9c changelog entry 2017-01-10 11:16:17 +01:00
Andrew James Collett 18d09b6d8e Updated changelog. 2017-01-08 09:50:58 +02:00
Yaroslav Halchenko 4a1fd888f0 Carry on development 2016-12-11 00:49:09 -05:00
Yaroslav Halchenko 482252dbd4 ENH: prep for 0.9.6 release (as of tomorrow) 2016-12-09 09:35:03 -05:00
Serg G. Brester 556a9373ce Update ChangeLog 2016-11-28 23:40:33 +01:00
sebres 45f1d811c9 Merge branch 'alex1702-1586' 2016-11-28 18:54:02 +01:00
sebres 67c14afd8e ChangeLog entry added + jail.conf review 2016-11-28 18:51:23 +01:00
sebres b8c41dcb49 ChangeLog update 2016-11-28 11:31:51 +01:00
sebres 40cbe96352 Merge remote-tracking branch 0.10 into _0.10/fix-datedetector-grave-fix-v2 2016-11-28 11:03:11 +01:00
sebres 5678d08a79 filter.d/dovecot.conf update:
- fixes failregex, that ignores failures through some irrelevant info (closes #1623);
- ignores whole additionally irrelevant info in anchored regex before fixed failure data `\((?:auth failed, \d+ attempts( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\)`
- review, IPv6 compatibility fix, non-capturing groups
2016-11-26 16:50:37 +01:00
sebres b856e1dadc Merge pull request #1618 from sebres/_0.10/systemd-service 2016-11-24 20:45:17 +01:00
sebres 308bba448c ChangeLog update 2016-11-24 20:43:55 +01:00
sebres d908688b56 ChangeLog update 2016-11-24 20:25:08 +01:00
sebres 701abfd250 ChangeLog entry added
+ indentation fix (space-tab replacement)
2016-11-21 17:13:43 +01:00
sebres b5433f48b7 amend after code review of merge gh-1581 2016-11-11 11:09:46 +01:00
sebres ea4c1f6356 Merge branch 'master' into 0.10 2016-11-11 10:29:45 +01:00
sebres dab5f56609 Merge branch 'fix-gh-1477' 2016-11-11 10:17:07 +01:00
sebres c8b036456d changelog entries 2016-10-17 12:47:42 +02:00
sebres 519e355bf2 ChangeLog entry added 2016-10-15 14:59:36 +02:00
sebres c809c3e61e Merge branch 'master' into 0.10 2016-10-13 19:01:13 +02:00
Nils f7df6026a3 Update Changelog to reflect the new np.conf action 2016-10-13 18:53:16 +02:00
sebres 310d4e224d Merge branch master (0.9) into 0.10 2016-09-29 19:46:11 +02:00
Serg G. Brester 8e3e333d54 Update ChangeLog 2016-09-27 14:17:45 +02:00
sebres 5151c4fa6d ChangeLog entries added 2016-09-26 15:12:50 +02:00
sebres 0f1d1a0d4d ChangeLog: FIPS compliant 2016-09-21 09:22:18 +02:00
sebres 9fb167b5e1 filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543 2016-09-09 09:20:15 +02:00
sebres 387aa6ba47 Merge master branch '_0.9/systemd-journal-path-gh-1408' into 0.10
# Conflicts:
#	fail2ban/tests/filtertestcase.py
#	fail2ban/tests/utils.py
2016-09-01 16:26:21 +02:00
sebres c0e0cfb39d Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2016-09-01 16:23:13 +02:00
sebres 7ed6cab120 jail configuration extended with new syntax to pass options to the backend (see gh-1408),
examples:
  - `backend = systemd[journalpath=/run/log/journal/machine-1]`
  - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]`
  - `backend = systemd[journalflags=2]`
2016-09-01 16:17:02 +02:00
sebres 4a1d720344 filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix 2016-08-22 14:10:50 +02:00
sebres 2c54f90469 sshd-filter: better universal regexp, that matches more complex different injects, using conditional expressions (on username and auth-info section), see new test cases also. 2016-08-19 10:19:12 +02:00
sebres a544c5abac sshd-filter: recognized "Failed publickey for" now (gh-1477) + improved regexp (not anchored now to recognize all "Failed anything for ... from <HOST>"
ChangeLog entry added
2016-08-18 21:38:55 +02:00
sebres 5509ba37a2 Merge pull request #1512 from 'remotes/gh-upstream/0.9' into 0.10 2016-08-15 20:08:42 +02:00
sebres 9935cf19c1 description provided, ChangeLog entries added 2016-08-15 19:54:11 +02:00
sebres d71a525a85 Merge branch 'master' into 0.10 (resolve conflicts and cleaning tree points after back-porting gh-1508 0.10 -> 0.9) 2016-08-12 18:51:56 +02:00
sebres cb340db220 ChangeLog entry for gh-1508 2016-08-12 18:37:46 +02:00
Yaroslav Halchenko 123f4ceaee Changelog for postfix-sasl fix 2016-08-08 17:11:07 -04:00
sebres 70658d7a19 Merge pull request #1494 from rhardy613/master (branch 'sebres:pr-1494') 2016-08-08 18:49:32 +02:00
rhardy613 89f8999fe5 Add changelog entry for ASSP filter changes
Add changelog entry for ASSP filter changes
2016-08-06 01:07:04 -04:00
sebres eb6e3c52ae ChangeLog entries for the last fix (cherry pick from 0.10) 2016-08-01 18:04:00 +02:00
sebres f5b7ffeb4b DOC: Reformatted ChangeLog into legit Markdown (after merge of master to 0.10) 2016-08-01 15:18:59 +02:00
sebres 0eea362aa0 Merge branch 'master' into 0.10 2016-08-01 15:10:52 +02:00
Yaroslav Halchenko 5714ac201b DOC: preparations for 0.9.5 release 2016-07-14 21:35:49 -04:00
Yaroslav Halchenko 21056c995d Merge remote-tracking branch 'origin/master' into doc-changelog
* origin/master:
  another variant of regex
  add trailing anchor to failregex
  add PR id to ChangeLog
  improved failregex according to @sebres recomendations
  * add `__prefix_line` to regex * fix time in log file
  add info to log file
  added sample log lines for slapd
  adding openldap slapd filter
2016-07-14 21:21:35 -04:00
Yaroslav Halchenko 28a0605f69 Merge pull request #1478 from gips0n/master
adding openldap slapd filter
2016-07-14 08:30:42 -04:00
sebres 683f8fc56c Merge branch 'master' into 0.10 2016-07-13 19:41:46 +02:00
Yaroslav Halchenko 33ed71b3de DOC: Reformatted ChangeLog into legit Markdown (Closes #962) 2016-07-10 19:53:54 -04:00
Yaroslav Halchenko ec9c4a27f3 DOC: tuned up ChangeLog entries for 0.9.5
unified capitalized beginning of each entry
no trailing spaces or dots etc
2016-07-10 18:40:20 -04:00
Andrii Melnyk 2c5a489bc7 add PR id to ChangeLog 2016-07-08 13:55:58 +03:00
sebres f5f204ca7c Improved changes of gh-1458:
`[^']*` after callid was wrong, changed to `[^\)]*`;
  regexp anchored at the end;
  almost the same regex grouped to one;

Closes #1458
2016-07-08 11:45:25 +02:00
Andrii Melnyk b2e3affaa0 adding openldap slapd filter 2016-07-08 04:50:57 +03:00
Yaroslav Halchenko 593b1210c0 Merge master (commit '0.9.4-79-gaf8b650') into 0.10
* commit '0.9.4-79-gaf8b650':
  badip timeout option introduced, set to 30 seconds in our test cases (#1463)
  DOC: changelog for recent exim filters tune up
  Asterisk pjsip (#1456)
  BF: finalize that sample log line for exim4
  RF: for consistency use (?:XXX)? instead of (?:|XXX)
  ENH: use non-capturing regex groups in exim-common and exim filters
  ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible
  BF: make :port and I=[ip]:port optional for a "AUTH command used when not advertised"
2016-06-19 20:06:16 -04:00
Yaroslav Halchenko 11f7cf5ad8 DOC: changelog for recent exim filters tune up 2016-06-07 21:38:39 -04:00
Ludovic Gasc f85fb45b29 Asterisk pjsip (#1456)
* Improve PJSIP log support for Asterisk 13+

* Update changelog: filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+

* Change pjsip regexp with sebres observation, thanks to @nturcksin
2016-06-07 11:40:35 +02:00
sebres f62266659f Merge branch 'master' into '0.10' 2016-05-21 13:48:00 +02:00
sebres baafac36a4 ChangeLog entry 2016-05-20 14:51:13 +02:00
sebres 34ae0b916e Merge pull request #1421 from sebres/fix-1405
filter.d/common.conf: fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405)
2016-05-20 11:20:34 +02:00
sebres 932708de9e fixed --pidfile bug, introduced in gh-1322:
gentoo-initd fixed --pidfile bug: `--pidfile` is option of start-stop-daemon, not argument of fail2ban (see gh-1434)
closes gh-1434
2016-05-20 11:01:00 +02:00
sebres de813acf51 extends generic `__prefix_line` with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` + test case added; 2016-05-17 11:54:43 +02:00
sebres 3e49522b7a fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405, misleadingly committed in d2a9537568);
all optional spaces normalized in generic include `common.conf` + test cases are extended (using new example pseudo-filter and test log `zzz-generic-example`);
2016-05-13 20:26:37 +02:00
sebres cce63926ce ChangeLog entry added 2016-05-13 16:11:38 +02:00
sebres 3df97beaa6 changelog entries from sebres:f2b-perfom-prepare-716 (gh-1346) 2016-05-11 18:03:22 +02:00
sebres c22ba5413d changes from ipv6-support-0.10 after merge 2016-05-11 16:58:13 +02:00
sebres f9ea845595 Merge branch 'ipv6-support-0.10' into 0.10 2016-05-11 16:57:16 +02:00
Yaroslav Halchenko 5040c95bdb DOC: stub for 0.10.0 release changelog 2016-05-10 21:17:09 -04:00
Alexander Koeppe ce196744d1 Update ChangeLog / THANKS entries 2016-05-09 15:34:15 +02:00
sebres e595fefc9b change log and thanks entries 2016-04-14 14:50:17 +02:00
Serg G. Brester b9b7ecbf6b Merge pull request #1357 from sebres/monit-new-fltr
monit filter fixup for the new version (gh-1355)
2016-03-26 11:39:26 +01:00
TorontoMedia 3d239215cd Two new firewalld actions with rich rules for firewalld-0.3.1+ (gh-1367)
closes #1367
2016-03-25 17:28:30 +01:00
sebres ac27c9cb96 Merge branch 'patch-2' (gh-1371) 2016-03-25 17:05:23 +01:00
theDogOfPavlov 28e246b5d7 added note to cover additional exim filters 2016-03-23 11:52:09 +00:00
theDogOfPavlov 42f43d0f8a added note to cover dovecot ldap regex 2016-03-23 11:51:12 +00:00
Yaroslav Halchenko bfac42eb2e changelog for journalmatch pure-ftpd 2016-03-14 11:10:28 -04:00
sebres 9d13bb0c3a ChangeLog and THANKS entries 2016-03-09 20:11:14 +01:00
Yaroslav Halchenko 634e68036e Get ready for further developments 2016-03-08 08:36:29 -05:00
Yaroslav Halchenko 5ffc15ac68 Changes for the 0.9.4 release 2016-03-07 21:45:44 -05:00
Yaroslav Halchenko 19850d71e9 changelog about gentoo initd 2016-03-07 10:52:47 -05:00
Yaroslav Halchenko 2adf5855ac Changelog for the recent PR and added Tom to THANKS 2016-02-28 12:03:13 -05:00
sebres 667785b608 mysqld: failregex fixed (accepts different log level, more secure expression now);
closes #1332
2016-02-24 17:17:51 +01:00
Yaroslav Halchenko 905c87ca4a Merge pull request #1310 from yarikoptic/pr-1288
NF: HAProxy HTTP Auth filter
2016-02-11 08:35:48 -05:00
Yaroslav Halchenko 3dc57af19c Merge branch 'logrotate' of https://github.com/sbraz/fail2ban
* 'logrotate' of https://github.com/sbraz/fail2ban:
  Remove compression and count from logrotate
2016-02-10 18:41:01 -05:00
3eBoP 257b7049d8 Update asterisk filter: changed regex for "Call from ...". Sometimes extension can have a plus symbol (+) because they can be phone number.
Closes #1309
2016-02-08 11:51:37 +01:00
Pierre GINDRAUD b5a07741c8 Add new regex into postfix filter. The new regexp is able to detect bad formatted SMTP EHLO command 2016-02-08 11:11:59 +01:00
Louis Sautier 869d99dd37
Remove compression and count from logrotate
Initially reported at https://bugs.gentoo.org/show_bug.cgi?id=549856
2016-01-29 00:15:48 +01:00
Yaroslav Halchenko 3f437b32db Merge remote-tracking branch 'pr/1288/head'
* pr/1288/head:
  Update haproxy-http-auth.conf
  Added HAProxy HTTP Auth filter

 Conflicts:
	config/jail.conf - resolved + removed unnecessary filter/enabled (defaults should be as good)
2016-01-28 08:51:45 -05:00
Yaroslav Halchenko 377ea32441 Merge pull request #1295 from obounaim/master
The sender option is ignored by some actions
2016-01-28 08:48:22 -05:00
Serg G. Brester fe14c8fa05 Merge pull request #1292 from albel727/master
Add nftables actions
2016-01-24 23:55:50 +01:00
local 58a8736e0f Updating changelog. 2016-01-10 00:10:05 +01:00
Alexander Belykh cb2d70d7a8 Add ChangeLog entry for new nftables actions 2016-01-05 19:04:44 +06:00
sebres 25a09352e4 + ChangeLog entry 2016-01-04 14:46:43 +01:00
Jordan Moeser e133762a28 Added HAProxy HTTP Auth filter 2015-12-31 11:16:23 +10:00
Yaroslav Halchenko 69aa1feac0 Merge "Mac OS Screen Sharing filter" PR 1232
* pr/1232/head:
  removed system.log
  Removed old svn revision comment
  removed false matches
  Removed includes comment for screensharing jail
  Now using a literal logpath for screensharing jail
  Fixed blatant typo in regex
  clarified comments on sample log format
  Fixed name (again?)
  Made screensharing jail off by default
  Changed regex prequel
  added entry for new screensharingd filter
  name change & new sample data
  Added json metadata
  Sample log for test case
  Replaced .* with literal
  Update jail.conf
  Added new path variable for system.log
  Added in settings for screensharingd filter
  Created file

Conflicts:
	ChangeLog - moved to New Features
	config/jail.conf  - kept at the end
2015-12-29 19:36:59 -05:00
Yaroslav Halchenko 16710237e3 Merge remote-tracking branch 'origin/master'
* origin/master:
  Add 'Sender address rejected: Domain not found' Postfix failregex
2015-12-29 19:31:04 -05:00
Yaroslav Halchenko 26dd6d7425 Merge pull request #1258 from aleksandrs-ledovskis/feature/postfix-domain-not-found-failregex
Add 'Sender address rejected: Domain not found' Postfix failregex
2015-12-18 09:23:54 -05:00
Yaroslav Halchenko dfaf82d68a Changelog entry for PartOf in .service fix 2015-12-18 09:23:12 -05:00
Ross Brown 8d12dba245 Merge remote-tracking branch 'upstream/master' 2015-12-17 18:01:17 +00:00
Ross Brown 16aa2fa13e Updated ChangeLog to include new murmur jail. 2015-12-17 17:57:45 +00:00
Ross Brown ba535826a8 Updated ChangeLog to include new murmur filter. 2015-12-15 21:46:35 +00:00
Yaroslav Halchenko 5d6cead996 ENH: sshd filter -- match new "maximum auth attempts exceeded" (Closes #1269) 2015-12-13 23:21:04 -05:00
sebres 6d984717b5 ordered dict replaced with dict + change log entry fix
# Conflicts:
#	fail2ban/server/filter.py
2015-12-12 15:48:49 +01:00
sebres 3a179ec5d7 small code review: (much pretty) handling of filename as key - FileFilter contains (ordered) dict of files (not list), as discussed in gh-1265 2015-12-02 20:45:01 +01:00
Aleksandrs Ļedovskis fa59a6850f Add 'Sender address rejected: Domain not found' Postfix failregex
Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>
2015-11-22 12:01:15 +02:00
Orion Poplawski c656cb0d36 Merge branch 'master' into journaldefault
Conflicts:
	ChangeLog
2015-11-13 15:22:59 -07:00
Yaroslav Halchenko 6af6e40b62 Merge pull request #1241 from sebres/known/param-tag
New interpolation feature for definition config readers - `<known/parameter>`
2015-11-10 08:35:57 -05:00
sebres 46b116e86a filter test cases improved + log captured inside such tests + python 3.x compatibility;
changelog entry;
2015-11-09 22:02:05 +01:00
sebres 94cffece12 New interpolation feature for definition config readers - `<known/parameter>`, as extension to interpolation `%(known/parameter)s`, that does not works for filter and action init parameters; 2015-11-02 21:45:03 +01:00
Serg G. Brester eef7771b4e Merge pull request #1238 from sebres/fix/gh-1216
Fixed directly defined banaction for allports jails like pam-generic, recidive, etc
2015-10-31 13:17:04 +01:00
sebres e825e977cc Nginx log paths extended (prefixed with "*" wildcard)
closes gh-1237
2015-10-30 17:51:30 +01:00
sebres f359ed8c36 Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added);
closes gh-1216
2015-10-30 15:36:18 +01:00
sebres 6884593ab8 New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) 2015-10-29 23:15:20 +01:00
Orion Poplawski 0661aece46 Merge branch 'master' into journaldefault
Conflicts:
	ChangeLog
2015-10-29 15:22:37 -06:00
Simon Brown 3dd1c305ce added entry for new screensharingd filter 2015-10-27 21:20:12 -07:00
sebres eb87638ead ChangeLog entry for OpenHAB home automation filter (gh-1223) 2015-10-26 15:56:01 +01:00
Pablo Rodriguez Fernandez 2c576c64f8 Change domain filter regex
Change domain filter regex since there are other Google crawlers.
See "Google crawlers"
<https://support.google.com/webmasters/answer/1061943?hl=en>
2015-10-20 10:46:00 +02:00
Orion Poplawski 81a26266a9 Add changlog entry for postfix-rbl logpath change 2015-10-19 19:46:43 -06:00
Orion Poplawski 75d33c0f09 Add *_backend options for services to allow distros to set the default backend
per service.
Set default to systemd for Fedora as appropriate.
2015-10-18 20:18:50 -06:00
Pablo Rodriguez Fernandez a28e6b442e Add check in apache-fakegooglebot to protect against PTR fake record
An attacker may return a PTR record which fakes a Googlebot's domain
name. This modification resolves the PTR records to verify it.

See "Verifying Googlebot":
<https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>
2015-10-13 17:11:49 +02:00
sebres 2696ede251 mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later
closes gh-1211
2015-10-07 14:34:13 +02:00
Kevin Locke 2a5c93cfb5 Update ChangeLog and THANKS for "Auth fail" changes
Document the changes from 36919d9f in the ChangeLog and add myself to
the THANKS file (at @sebres suggestion).

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
2015-10-05 00:31:13 -07:00
Yaroslav Halchenko ff06176e9e Merge remote-tracking branch 'origin/master' into enh-split-comma
* origin/master:
  DOC: changelog for the timeout change
  Set Timeout at urlopen to 3 seconds
  README :: init/service example mentions debian based systems as the example
  README :: fitted paragraph style
  BF: disable testing on python 3.2 until coverage gets a fix
  README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
  Set Timeout at urlopen to 3 seconds
2015-09-27 00:52:14 -04:00
Yaroslav Halchenko 6c0f898ec7 DOC: changelog for the timeout change 2015-09-27 00:49:57 -04:00
Yaroslav Halchenko 8cf614e221 ENH: allow to split ignoreip by space and/or comma (Closes #1197)
Way too many people ran into this gotcha, so lets just do it
2015-09-23 12:13:52 -04:00
Yaroslav Halchenko 55e542b273 Merge remote-tracking branch 'pr/1170/head' -- opensuse paths
* pr/1170/head:
  Updated ChangeLog regarding openSUSE's path config
  Added configuration for opensuse path
2015-09-17 21:59:45 -04:00
Yaroslav Halchenko db1a3f17e1 ENH: new date pattern with year after day (not after entire entry) 2015-09-16 08:56:46 -04:00
Yaroslav Halchenko fbdd0b74a1 DOC: Changelog entry for this fix 2015-09-13 10:45:39 -04:00
Ville Skyttä 67a94733a9 logrotate: Do not rotate empty logs
As a useful side effect, prevents "Unable to contact server. Is it
running?" mails from cron when fail2ban hasn't been (intentionally)
running nor thus logging anything either.
2015-09-13 11:05:33 +03:00
Edward Beckett f5b88bd377 Updated Changelog 2015-09-11 10:12:57 -04:00
sebres 4cf3b576b9 Bugfix for dnsToIp resolver for fqdn with large list of IPs;
closes #1164
2015-09-08 18:20:48 +02:00
Edward Beckett 4bd7991573 Added apache-badbots.conf 2015-09-06 01:12:19 -04:00
weberho 2d69fd20ae Updated ChangeLog regarding openSUSE's path config 2015-08-26 15:37:14 +02:00
Yaroslav Halchenko 60fbf7d750 changelog for freshly merged PR (roundcube-auth definition of logpath) 2015-08-26 09:03:23 -04:00
Yaroslav Halchenko 9ebf01293b Post release tune ups 2015-08-01 09:17:31 -04:00
Yaroslav Halchenko 70ba5cb005 Release changes (too much of manual "labor"! ;)) 2015-07-31 21:32:13 -04:00
Yaroslav Halchenko 776322cea3 BF: realpath for /var/run/fail2ban Closes #1142 2015-07-31 10:12:14 -04:00
Yaroslav Halchenko c37009aec7 Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban
* 'grep-m1k' of github.com:szepeviktor/fail2ban:
  Limit the number of log lines in *-lines.conf actions

Conflicts:
  ChangeLog -- took both versions and adjusted the new one
  for -n 1000 change
2015-07-27 22:37:46 -04:00
Yaroslav Halchenko a80820e356 Changelog entry for killpg fix 2015-07-27 22:34:40 -04:00
Yaroslav Halchenko 38c320798d Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122
WIP ENH Add <lockingopt> (Close: #1122) and <iptables> to define the iptables call
2015-07-27 22:30:54 -04:00
Yaroslav Halchenko de69855157 Changelog entries for Serge's fixes 2015-07-27 10:35:14 -04:00
Yaroslav Halchenko 0041bc3770 DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description 2015-07-26 23:10:08 -04:00
Yaroslav Halchenko 65cd218e10 Merge remote-tracking branch 'origin/master'
* origin/master:
  ipjailmatches is on one line with its description in man jail.conf
  Added a space between IP address and the following colon
2015-07-26 22:47:43 -04:00
Yaroslav Halchenko 333dd842f9 DOC: moved and adjusted changelog entry from 0.9.2 within 0.9.3 to come 2015-07-26 22:44:52 -04:00
Viktor Szépe c8b3ee10a0 Limit the number of log lines in *-lines.conf actions 2015-07-27 02:35:21 +02:00
Yaroslav Halchenko 33b204a2ee DOC: Changelog for iptables -w change 2015-07-26 18:25:42 -04:00
Thomas Mayer a19cb1b2b9 Merge 923d807ef8 into cf2feea987 2015-07-25 01:23:39 +00:00
Viktor Szépe ebdfbae559 Added a space between IP address and the following colon 2015-07-24 09:33:47 +02:00
Viktor Szépe 586703dcc2 Test, changelog and fixes to pass2allow 2015-07-13 16:46:04 +02:00
Viktor Szépe 5d60700c0c Added pass2allow (knocking with fail2ban) 2015-07-10 16:22:43 +02:00
sebres 95c2a2976f unbanip always deletes ip from database (independent of bantime, also if currently not banned or persistent);
merged from #716 where it works;
closes gh-972, closes gh-768
2015-07-10 13:56:26 +02:00
Lee Clemens fc2b7f8012 Multiple Travis and coverage related changes
Reorganize .travis.yml
Separate coverage tests for Python 2 and Python 3
Execute setup.py install using the environment's Python exe
Sanitize Travis execution order
2015-07-09 10:12:40 -04:00
Yaroslav Halchenko c213d97d25 Moved recently added Changelog (on HEAD addition) to Enhancements 2015-07-07 14:01:24 -04:00
Viktor Szépe a3b8257b73 Add HEAD method verb to apache-badbots, nginx-badbots 2015-07-07 17:45:40 +02:00
Yaroslav Halchenko 052418a110 Merge pull request #1098 from yarikoptic/enh/man-testcases
DOC: rudimentary manpage for fail2ban-testcases (+updated other mans for consistency)
2015-07-06 23:43:30 -04:00
sebres 4a4fe7d76a extending test cases (increase coverage) + changelog entry for #1099 2015-07-06 22:09:13 +02:00
Yaroslav Halchenko 46510948a7 DOC: rudimentary manpage for fail2ban-testcases (+updated other mans for consistency) 2015-07-05 21:48:14 -04:00
Yaroslav Halchenko 38f8e1a82a DOC: added changelog for LC_ALL fix, tuned up other ChangeLog entries 2015-07-05 21:39:17 -04:00
Yaroslav Halchenko e38b4b8cb3 Merge pull request #1051 from leeclemens/bf/roundcube
Update regex to work with roundcube 1.0.5 and 1.1.1
2015-07-05 21:35:49 -04:00
Lee Clemens 423d5b761e Add changelog reference for socket error logging message 2015-07-04 12:37:52 -04:00
Lee Clemens f7444f16b8 Add optional session id prefix for roundcube 1.1.1 2015-07-04 11:06:51 -04:00
Lee Clemens 2796534a5d Update regex to work with roundcube 1.0.5 on CentOS 6 2015-07-04 11:02:04 -04:00
Yaroslav Halchenko e9e00d7599 DOC: ChangeLog -- a better description for cloudflare changes 2015-07-04 10:04:45 -04:00
Viktor Szépe a00ee15c06 Added Changelog entry 2015-07-04 14:12:38 +02:00
sebres f2d0230a67 reload in interactive mode appends all the jails twice (#825) 2015-06-22 17:57:01 +02:00
sebres 2f283079f8 reload server/jail failed if database used (but was not changed) and some jail active (#1072) 2015-06-22 17:56:39 +02:00
Yaroslav Halchenko 345820d2aa Merge pull request #1056 from ipoddubny/asterisk_security_log
Fix support for Asterisk security log
2015-05-25 12:50:13 -04:00
Yaroslav Halchenko eb091d9b8c Merge remote-tracking branch 'origin/master' into pr-1039
* origin/master:
  minor: no tripple empty lines
  add froxlor-auth filter and jail
  add froxlor-auth filter and jail 0
  add froxlor-auth filter and jail
  BF: Fix fail2ban-regex not parsing journalmatch correctly
2015-05-25 10:50:34 -04:00
Joern Muehlencord 4296d1a9a9 add froxlor-auth filter and jail 2015-05-25 13:51:06 +02:00
Ivan Poddubny 38d9f3e609 Asterisk security log: add tests and update ChangeLog 2015-05-25 08:32:49 +03:00
Steven Hiscocks 0c869910ea BF: Fix fail2ban-regex not parsing journalmatch correctly 2015-05-09 10:26:14 +01:00
Anton Shestakov 56e5821c06 Match unknown user in dovecot's passwd-file auth database 2015-04-30 16:53:10 +08:00
Yaroslav Halchenko fb336276d4 post-release tune ups
Conflicts:
	ChangeLog
	README.md
2015-04-29 09:02:48 -04:00
Yaroslav Halchenko acc4c2d104 Hope for release tomorrow 2015-04-28 23:52:48 -04:00
Yaroslav Halchenko 840fea9f71 Merge commit '0f75ed5e2ab1159e45a7771a7a4e90c877ec848e'
* commit '0f75ed5e2ab1159e45a7771a7a4e90c877ec848e':
  Just use a system wide python in the tests digest.py
  DOC: Slight tune up to RELEASE doc -- no need for PYTHONPATH to run tests
  MANIFEST: updated for some new files, sorted all entries, removed some duplicates
  Initial changes for the release -- simplified ChangeLog header etc
2015-04-28 23:51:32 -04:00
Aaron Brice 7ae0ef2408 Fix actions in ufw.conf
On Ubuntu 15.04 the ufw action was not working.
- With empty <application>, receiving errors:

2015-04-24 16:28:35,204 fail2ban.filter         [8527]: INFO    [sshd] Found 43.255.190.157
2015-04-24 16:28:35,695 fail2ban.actions        [8527]: NOTICE  [sshd] Ban 43.255.190.157
2015-04-24 16:28:35,802 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stdout: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stderr: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- returned 1

- With action = ufw[application=OpenSSH], it was silently not doing
  anything (no errors after "Ban x.x.x.x", but no IP addresses in ufw
  status).

Re-arranged the bash commands on two lines, and it works with or without
<application>.
2015-04-28 11:39:00 -07:00
Lee Clemens 8f792f52fb Add drupal-auth filter and jail 2015-04-27 13:10:27 -04:00
Yaroslav Halchenko ca849b93dc Initial changes for the release -- simplified ChangeLog header etc 2015-04-26 21:39:54 -04:00
Lee Clemens b530d88eca Merge remote-tracking branch 'upstream/master' into bf/1000-asteriskBlocksSelf
Conflicts:
	ChangeLog
2015-04-26 15:13:59 -04:00
Markus Oesterle b9a09af914 Added changes to ChangeLog & updated sample test cases 2015-04-16 21:33:57 +02:00
Thomas Mayer c0cf3daac8 Add myself to the changelog 2015-03-27 18:20:25 +01:00
Thomas Mayer c9b24839e4 Character detection heuristics for whois output via optional setting in mail-whois*.conf (Closes #1003)
when set by user,
 - detects character set of whois output (which is undefined by RFC 3912) via heuristics of the file command
 - converts whois data to UTF-8 character set with iconv
 - sends the whois output in UTF-8 character set to mail program
 - avoids that heirloom mailx creates binary attachment for input with unknown character set
2015-03-27 14:27:41 +01:00
Lee Clemens 72f4bcfbff Match hacking attempt IP instead of asterisk server IP (closes #1000) 2015-03-24 19:03:26 -04:00
Yaroslav Halchenko 320a28a4a4 DOC: make a warning for recidive jail to increase dbpurgeage (Closes #964) 2015-03-21 20:50:03 -04:00
Yaroslav Halchenko 31d107d181 BF: asyncore.loop poll=True for recent (>=3.4) pythons too
should avoid
  File /usr/lib/python3.4/asyncore.py, line 208, in loop
    poll_fun(timeout, map)
  File /usr/lib/python3.4/asyncore.py, line 145, in poll
    r, w, e = select.select(r, w, e, timeout)
OSError: [Errno 9] Bad file descriptor
2015-03-05 22:52:40 -05:00
Yaroslav Halchenko daa2a9e5d8 Merge pull request #975 from sebres/gh-973-fix
BF: binding parameter error (unsupported type) (closes gh-973) ...
2015-03-05 22:47:45 -05:00
Teubel György 0254cbf7fb Flush logs at USR1 signal 2015-02-26 23:23:10 +01:00
sebres 2bfe22aa66 makes test case more precise; 2015-02-25 15:05:32 +01:00
sebres 6c788a32ee BF: binding parameter error (unsupported type) by writing json with invalid encoded lines into sqlite database (gh-973);
especially python < 3.0; try to prevent occurring such errors in the future;
2015-02-25 11:56:11 +01:00
Yaroslav Halchenko 83805ee5dc Changelog for preceding merge 2015-02-14 16:07:28 -05:00
Yaroslav Halchenko 54e182e017 Merge pull request #955 from sebres/fail2ban-regex-gh-954
BF: fail2ban-regex does not read '.local' file of given filter (Close #954)
2015-02-14 09:44:54 -05:00
Yaroslav Halchenko ae2af0d51b Minor tune up to changelog (we should eventually just make it into .md format) 2015-02-14 09:37:13 -05:00
Yaroslav Halchenko 07b0ab07ad Merge branch 'master' of https://github.com/rumple010/fail2ban
* 'master' of https://github.com/rumple010/fail2ban:
  Changed default TTL value to 60 seconds.
  Added a reminder to create an nsupdate.local file to set required options.
  Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf.
  add nsupdate action

Conflicts:
	ChangeLog
2015-02-14 09:32:05 -05:00
sebres 74c6f6ac4b BF: fail2ban-regex does not read '.local' file of given filter (gh-954) 2015-02-13 15:36:00 +01:00
Yaroslav Halchenko 3fb2becddb Merge pull request #949 from leeclemens/enh/configSyslogSocket
Configure Syslog Socket Path (closes #814)
2015-02-06 20:08:15 -05:00
Yaroslav Halchenko 119a7bbb16 Merge pull request #939 from szepeviktor/geoip
Added sendmail-geoip-lines.conf
2015-02-06 11:32:41 -05:00
Lee Clemens d676a9fd4f update ChangeLog with syslogsocket config enhancement 2015-02-05 23:48:18 -05:00
Yaroslav Halchenko 40068f5f31 Merge pull request #933 from mrc0mmand/nginx-botsearch
Add jail nginx-botsearch and refactor common with apache-botsearch regexes into botsearch-common
2015-02-04 09:27:43 -05:00
Yaroslav Halchenko eaca33e227 Merge branch 'enh/clarifyDnsUtilsMethods' of https://github.com/leeclemens/fail2ban
* 'enh/clarifyDnsUtilsMethods' of https://github.com/leeclemens/fail2ban:
  Update ChangeLog
  Clarify filter.DNSUtils functions' terminology and add unittests

Conflicts:
	ChangeLog -- rephrased a bit as well
2015-02-03 20:29:03 -05:00
Lee Clemens ed71a7cd22 Update ChangeLog 2015-02-03 20:23:25 -05:00
František Šumšal 9bd25f51c1 Added ChangeLog and THANKS entry 2015-02-04 02:19:15 +01:00
Lee Clemens 4091fdde27 Update ChangeLog from PR 930 2015-02-03 19:54:23 -05:00
Orion Poplawski e7ff7e90b7 [postfix-sasl] update regexes
- Add : to match "SASL LOGIN authentication failed: Password:"
- Add ignoreregex to ignore system authentication issues:
  "warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Connection lost to authentication server"
- Add test log messages for both
2015-02-03 11:30:16 -07:00
Yaroslav Halchenko 646c799231 Changelog for above merge 2015-02-02 21:46:38 -05:00
Yaroslav Halchenko 73af02ffc6 Merge pull request #940 from leeclemens/ENH/ApacheFakeGoogleBot
New jail: apache-fakegooglebot
2015-02-02 21:44:04 -05:00
Yaroslav Halchenko 7f2d1a7269 minor changelog entry reformatting 2015-02-02 21:37:24 -05:00
Yaroslav Halchenko 7ada96b4e9 Merge pull request #932 from opoplawski/dovecot
Dovecot - dovecot auth failure from EL7
2015-02-02 21:37:28 -05:00
Yaroslav Halchenko 8f6d9c6a5a Merge branch 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban
* 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban:
  fixed typos, thanks szepeviktor for review
  ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)

Conflicts:
	ChangeLog
2015-02-02 21:21:44 -05:00
Yaroslav Halchenko 96ae041132 fixed typos, thanks szepeviktor for review 2015-02-02 21:21:37 -05:00
Lee Clemens 00961d5281 Remove ignorecommand addition from ChangeLog 2015-02-02 11:36:21 -05:00
Lee Clemens af078532ac New jail: apache-fakegooglebot
Detects fake googlebot user agents in apache access log
2015-02-02 00:42:01 -05:00
Viktor Szépe 0430e0dacc Changelog entry for sendmail-geoip-lines 2015-02-01 00:24:40 +01:00
Yaroslav Halchenko ec6a30efcf ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934) 2015-01-30 10:38:28 -05:00
Orion Poplawski b4776a1ba0 Match dovecot unknown user line 2015-01-29 09:37:37 -07:00
Orion Poplawski ee5c5b34d6 Add ChangeLog and THANKS entry 2015-01-29 09:14:41 -07:00
Yaroslav Halchenko 64feb0fd16 Merge pull request #924 from leeclemens/ENH/StatusExtendedInfo
Add extended info to status output using Cymru
2015-01-26 22:55:12 -05:00
Lee Clemens 486214585e Update extended status to accept additional argument, flavor
Default to as-in behavior, or flavor=="basic"
2015-01-26 19:38:06 -05:00
Andrew St. Jean e0f11ae722 Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf. 2015-01-26 11:30:41 -05:00
Yaroslav Halchenko 085d0f72ed ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z) 2015-01-26 09:19:44 -05:00
Yaroslav Halchenko 65980a70fc Merge branch 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban
* 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban:
  use iptables-allports for recidive

Conflicts:
	ChangeLog
2015-01-26 09:04:42 -05:00