Commit Graph

396 Commits (7a027df1f308f84d66f1d146c3c2f9402ce79cc9)

Author SHA1 Message Date
Tomas Pihl b52a4441fd Support ACL-events without AccountID. Typically happens when a registration
from an unknown domain is performed.

Add credits
2014-01-12 01:28:55 +01:00
Steven Hiscocks 128112d51c ENH: ejabberd filter 2014-01-09 22:47:17 +00:00
Daniel Black 8333abe420 Merge pull request #557 from grooverdan/apache-botsearch
ENH: Apache botsearch + BF: tag substition
2014-01-09 14:11:00 -08:00
Steven Hiscocks 7e8da15fc6 Merge pull request #572 from grooverdan/counterstrike
ENH: Counter Strike filter
2014-01-08 12:47:10 -08:00
Daniel Black b6676dbadc DOC: spelling of Counter Strike 2014-01-08 07:45:26 +11:00
Yaroslav Halchenko 6532a2e2f7 Merge pull request #548 from grooverdan/exim-honeypot
Exim honeypot
2014-01-07 06:14:42 -08:00
Daniel Black 0fb6bc7188 ENH: add filter for Counter Strike 1.6. Closes gh-347 2014-01-07 20:33:57 +11:00
Daniel Black 9e087b508d MRG: from 0.9 2014-01-07 16:11:40 +11:00
Daniel Black 58ebf659e4 MRG: from 0.9 to make history cleaner 2014-01-07 16:07:58 +11:00
Daniel Black 76468942f9 MRG: complete merge from master 2014-01-07 10:24:23 +11:00
Steven Hiscocks bb11c29667 Merge pull request #567 from grooverdan/groupoffice-filter
ENH: add filter groupoffice. Closes gh-566
2014-01-06 10:31:32 -08:00
Daniel Black b9cd492e9f Merge pull request #555 from grooverdan/nagios_fix
BF: nagios fix
2014-01-06 03:12:26 -08:00
Daniel Black 3ee6e993c6 MRG: merge ChangeLog for nagios fix 2014-01-06 22:09:10 +11:00
Daniel Black fecb07f36d MRG: filter substition 2014-01-06 22:07:49 +11:00
Daniel Black db7b7bfefa Credits for groupoffice 2014-01-06 22:00:12 +11:00
alasdairdc 67c44a5001 Update ChangeLog 2014-01-06 10:44:21 +00:00
Daniel Black a8e0498389 BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHANGE_FAILED. closes gh-289 2014-01-05 21:26:26 +11:00
Daniel Black 23f0b854da MRG: merge in freeswitch 2014-01-04 12:24:40 +11:00
Daniel Black 05b159c74b Merge pull request #464 from grooverdan/increase-jail-name-length
ENH: Actions to have f2b- as prefix instead of fail2ban- as per #462
2014-01-03 14:48:56 -08:00
Daniel Black 3d1a1afca4 MRG: to more recent 0.9 2014-01-04 09:31:05 +11:00
Daniel Black 7c09a61ca5 ENH: add apache-botsearch. Closes gh-544 2014-01-03 23:12:58 +11:00
Daniel Black b8536490ef ENH: filter for stunnel from fail2ban wiki 2014-01-03 19:32:29 +11:00
Daniel Black 04d28fd2e1 ENH: add filter freeswitch - as raised on mailing list 2014-01-03 13:00:37 +11:00
Daniel Black 117d3b0466 MRG: horde filter from master 2014-01-03 10:34:59 +11:00
Daniel Black 83f3aeb308 ENH: filter for horde 2014-01-02 23:12:36 +11:00
Daniel Black 9c7bb3b97e ENH: exim-spam to take honeypot email address as argument. Closes #541 2014-01-01 22:45:13 +11:00
Daniel Black 391b5fc883 MRG: from master again 2014-01-01 2014-01-01 19:28:38 +11:00
Daniel Black 1b037a6f29 DOC: document addition of filter options substitution into failregex/ignoreregex 2013-12-31 19:15:11 +11:00
Daniel Black 856407379b ENH: add filter openwebmail. Closes gh-543. 2013-12-31 08:09:00 +11:00
Daniel Black 332d37f363 DOC: python-2.6 minimium now. Closes gh-526
Clean up ChangeLog and README.md to reflect these changes.
Remove credit from developers for individual changes to be consistent
with the 0.8.12 ChangeLog. Update summary and priority of items listed
in ChangeLog.
2013-12-30 04:57:16 +00:00
Daniel Black e220210dc4 DOC: fix ChangeLog entry for exim-spam 2013-12-29 21:55:04 +00:00
Daniel Black dbca949e5e DOC: typo in ChangeLog 2013-12-29 21:26:30 +00:00
Daniel Black d727ba639a ENH: exim-spam to include spamassassin log entry. Closes gh-533 2013-12-29 20:16:37 +00:00
Daniel Black 4a0e428563 DOC: change log for asynchat.push change 2013-12-29 07:11:57 +00:00
Daniel Black c074773805 ENH: apache modsecurity from 0.9 branch 2013-12-29 07:06:13 +00:00
Daniel Black be382dae4d MRG: ufw changelog conflicts 2013-12-29 05:45:06 +00:00
Daniel Black 1f6ece2a40 Merge pull request #490 from grooverdan/firewallcmd-ipset
ENH: add firewallcmd-ipset
2013-12-28 21:43:49 -08:00
Daniel Black ea2a13946e TST: more test of filters 2013-12-29 05:29:59 +00:00
Daniel Black c9cfdca396 ENH: add filter for apache-modsecurity 2013-12-28 22:28:11 +00:00
Daniel Black d3c065bf76 ENH: add PyPy compatibility 2013-12-27 05:15:33 +00:00
Daniel Black 1b7df1181f BF: apache-2.4 log format fix. Closes gh-516 2013-12-23 08:28:40 +00:00
Yaroslav Halchenko 7af58b9984 Merge branch 'apache-noscripts' of https://github.com/grooverdan/fail2ban
* 'apache-noscripts' of https://github.com/grooverdan/fail2ban:
  ENH: apache-noscript now matched php-cgi scripts. Closes gh-503

Conflicts:
	ChangeLog -- two new entries collided,  Reformatted the merged one a bit
2013-12-22 22:28:57 -05:00
Daniel Black a9b7d33c51 ENH: apache-noscript now matched php-cgi scripts. Closes gh-503 2013-12-19 10:01:24 +00:00
Steven Hiscocks d22716ab63 ENH: Add nsd filter and amend DateEpoch to match date format 2013-12-18 22:31:54 +00:00
alasdairdc 04c267c307 Updated Changelog 2013-12-18 08:36:30 +00:00
Daniel Black 7c0efc8ec8 MRG: merge so far - flushLogs not working yet 2013-12-16 15:08:34 +00:00
Steven Hiscocks 66e9f06feb DOC: ChangeLog moved python3 support to refactoring 2013-12-14 17:46:13 +00:00
Steven Hiscocks 401d8aba1f DOC: Update ChangeLog with systemd backend and persistent database 2013-12-14 17:20:21 +00:00
Daniel Black f1e593da67 DOC: Changelog for adding firewallcmd-ipset 2013-12-14 10:27:11 +00:00
Daniel Black f35345ecaa ENH: add ufw action based off Guilhem Lettron's work in lp-#701522. Closes gh-455 2013-12-14 00:34:12 +00:00
Daniel Black 13ccebe78f BF: fix actioncheck in firewallcmd 2013-12-13 23:40:51 +00:00
Daniel Black 66374913ec ENH: add squid filter 2013-12-10 21:24:37 +11:00
Daniel Black f385439a41 MRG: ChangeLog merge 2013-12-09 09:28:42 +11:00
Daniel Black 80df01bf15 Merge pull request #468 from grooverdan/xarf
ENH: action.d/Xarf reporting of messages
2013-12-08 14:26:37 -08:00
Steven Hiscocks 7115f64f83 Merge pull request #470 from grooverdan/flush-logs
BF: create flushlogs command to prevent logrotation clobbering logtarget...
2013-12-06 16:30:16 -08:00
Daniel Black e07ba41870 Merge pull request #463 from grooverdan/firewall-cmd-direct-new-length-too-long
BF: firewall-cmd-direct-new was too long. Thanks Joel.
2013-12-05 12:42:55 -08:00
Daniel Black b5d6310d28 BF: create flushlogs command to prevent logrotation clobbering logtarget. Closes gh-458 2013-12-04 20:51:30 +11:00
Daniel Black 9c1a679b7f DOC: changelog for xarf-login-attack action 2013-12-01 17:51:31 +11:00
Yaroslav Halchenko 2c1199cce0 Let's progress and mark a2 release toward 0.9.0 2013-11-30 12:25:17 -05:00
Daniel Black 95845b7b65 BF: complain action could match too many IP addresses 2013-11-30 17:47:10 +11:00
Yaroslav Halchenko 3a5983ab0b Merge branch 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban
* 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban:
  Changelog entries for the last changes
  ENH: added optional [PID] matching in recidive.conf
  ENH: reintroducing levelnameinto syslog msgs, time stamp and indentation in non-syslog msgs
  BF/ENH: include [PID] into logging msgs, remove indentation from syslog messages

Conflicts:
	ChangeLog
2013-11-29 19:58:56 -05:00
Daniel Black f7504d5b64 MRG: conflict in THANKS 2013-11-30 10:39:19 +11:00
Yaroslav Halchenko 982d5abbef Merge branch 'namelength20' of https://github.com/grooverdan/fail2ban
* 'namelength20' of https://github.com/grooverdan/fail2ban:
  DOC: document rational behind 20 character jail name limit

Conflicts:
	ChangeLog
2013-11-29 10:09:16 -05:00
Yaroslav Halchenko 25e967f23b Merge branch 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban
* 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban:
  BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447)

Conflicts:
	ChangeLog
2013-11-29 10:02:31 -05:00
Daniel Black b9b2ddf996 BF: smtps not IANA standard. Closes #447 2013-11-29 21:47:53 +11:00
Daniel Black cade746307 BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447) 2013-11-29 21:45:11 +11:00
Daniel Black af4feb0c92 Actions to have f2b- as prefix instead of fail2ban- as per #462 2013-11-29 19:08:38 +11:00
Daniel Black fb666b69ff BF: firewall-cmd-direct-new was too long. Thanks Joel. 2013-11-28 23:35:05 +11:00
Daniel Black 99838440c8 DOC: document rational behind 20 character jail name limit 2013-11-28 23:18:34 +11:00
Daniel Black 227f27ce6b ENH: added multiline filter for sshd filter 2013-11-25 14:55:41 +11:00
Daniel Black 13223c33f5 MRG: recidive-protocol-all 2013-11-25 08:22:09 +11:00
Yaroslav Halchenko 085ebbe1de Changelog entries for the last changes 2013-11-24 11:55:58 -05:00
Daniel Black 9a82bc3c61 BF: kernel messages can have space. Thanks ag4ve(shawn). Closes #448 2013-11-24 18:21:02 +11:00
Daniel Black 98eacdf333 MRG/BF: merge from master. Fix bugs in iso8601 2013-11-24 16:36:06 +11:00
Yaroslav Halchenko 629e9ae445 Merge pull request #443 from grooverdan/apache-authfix
BF: apache filters using error log weren't matched when referer existed ...
2013-11-18 15:53:39 -08:00
Daniel Black 284f811c91 BF: apache filters using error log weren't matched when referer existed in HTTP header 2013-11-19 10:27:55 +11:00
Yaroslav Halchenko 491165c929 Merge pull request #438 from grooverdan/solid-pop3d
ENH: filter for Solid-pop3d
2013-11-17 17:34:46 -08:00
Daniel Black 8aa20a7b0e ENH: credits for #440 recidive jail protocol=all 2013-11-18 07:59:56 +11:00
Daniel Black dab2ddb9da ENH: recidive jail to block all protocols. Closes #440 2013-11-18 07:57:16 +11:00
Yaroslav Halchenko 82174ea4c4 Changelog for preceding proftpd date format change 2013-11-16 22:18:51 -05:00
Daniel Black 88eff70774 ENH: filter.d/solid-pop3d added 2013-11-16 09:43:15 +11:00
Daniel Black ed212fcdcc DOC: new ChangeLog header 2013-11-16 09:40:05 +11:00
Daniel Black 1ac7b53cad MRG: merge from master 2013-11-13 09:16:45 +11:00
Daniel Black d0498bec69 DOC: finalise 0.8.11 release 2013-11-13 08:05:08 +11:00
Daniel Black eb9663eb4f BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning 2013-11-12 09:22:41 +11:00
Yaroslav Halchenko 49024fe6ea DOC: minor typos in ChangeLog 2013-11-08 14:36:56 -08:00
Yaroslav Halchenko ea8fce6308 Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection
openssh 6.3 regex injection vectors:  inject into ruser and/or exploiting pre-specified limits set for user provided data
2013-11-08 14:35:18 -08:00
Daniel Black d6bbe03861 Merge pull request #424 from grooverdan/nginx-auth
ENH: add filter.d/nginx-http-auth. Partially forfils #405
2013-11-08 14:24:02 -08:00
Yaroslav Halchenko 750e0c1e3d BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input
since daemon might eventually change reported length and we would need to adjust anyways.  So limiting
in length does not provide additional security but allows for a possible injection vector
2013-11-08 10:10:33 -08:00
Yaroslav Halchenko eace931c19 Changelog for prior changes (gen_buildbots) 2013-11-07 15:47:25 -08:00
Daniel Black a148d35d70 ENH: add filter.d/nginx-http-auth. Partially forfills #405 2013-11-08 10:06:40 +11:00
Daniel Black cb982ef921 ENH: multiline filter for sendmail-spam. Closes gh-418 2013-11-08 08:55:45 +11:00
Yaroslav Halchenko 28ee7ba123 DOC: keeping Changelog release-phrases uniform, simplified intro, unified 2013-11-06 14:04:30 -05:00
Yaroslav Halchenko f26fba9c19 DOC: Untabifying and reindenting a bit ChangeLog 2013-11-06 13:47:45 -05:00
Daniel Black 0730db9b2b Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam
BF:  wuftpd pam filter fix (Debian bug 665925)
2013-11-05 18:39:01 -08:00
Daniel Black e55b24c533 BF: fix dovecot filter for newer failure message. Closes Debian bug #709324 2013-11-06 12:51:21 +11:00
Daniel Black 8b54523316 BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925 2013-11-06 12:13:37 +11:00
Daniel Black ac1f45d18c Merge pull request #412 from grooverdan/firewalld
ENH: enhance firewall-cmd to use firewall-0.8.3's --remove-rules
2013-11-05 16:46:18 -08:00
Daniel Black 87f68d7564 firewalld-0.3.8 release that support --remove-rules out so documenting this. 2013-11-06 11:37:56 +11:00
Daniel Black 47d35c9d80 MRG: 0.8.11 to 0.9
Epnoc of selinux is now true UTC

Merge multiline support and date detection in filter
2013-11-02 15:59:05 +11:00