b4f1f613bb
Update firewallcmd-allports.conf
2015-02-14 12:32:36 -05:00
0fac7e40b6
Update firewallcmd-multiport.conf
2015-02-14 12:31:33 -05:00
07b0ab07ad
Merge branch 'master' of https://github.com/rumple010/fail2ban
...
* 'master' of https://github.com/rumple010/fail2ban :
Changed default TTL value to 60 seconds.
Added a reminder to create an nsupdate.local file to set required options.
Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf.
add nsupdate action
Conflicts:
ChangeLog
2015-02-14 09:32:05 -05:00
d5e68abf95
ENH: check badips.com response on presence of "categories" in it
...
As https://travis-ci.org/fail2ban/fail2ban/jobs/50609529 query might fail in
that response would not contain "categories". With this change we will handle
it explicitly and will spit out ValueError, providing information about
the response so it could be troubleshooted
2015-02-13 08:55:35 -05:00
ae1451b29f
Update bsd-ipfw.conf
...
Deleting not existent is not error.
Adding already present is not error.
Otherwise all those entries becomes stale forever, not removed and its number increases over time.
2015-02-08 15:55:32 +03:00
3fb2becddb
Merge pull request #949 from leeclemens/enh/configSyslogSocket
...
Configure Syslog Socket Path (closes #814 )
2015-02-06 20:08:15 -05:00
6268eb32be
Use syslogsocket value "auto" to determine syslog socket's path
2015-02-06 19:14:09 -05:00
549ab24e70
Fixed grammatical error in emails sent
2015-02-06 11:47:03 -05:00
119a7bbb16
Merge pull request #939 from szepeviktor/geoip
...
Added sendmail-geoip-lines.conf
2015-02-06 11:32:41 -05:00
4c88a00c28
Line notes implemented
2015-02-06 17:22:30 +01:00
445fd7367f
Configure Syslog Socket Path
2015-02-05 23:44:57 -05:00
eb0d086ed0
Merge branch 'master' into nginx-botsearch
2015-02-04 02:13:33 +01:00
1c6d2074fb
Changed default settings for nginx-botseach filter
2015-02-04 01:48:59 +01:00
e7ff7e90b7
[postfix-sasl] update regexes
...
- Add : to match "SASL LOGIN authentication failed: Password:"
- Add ignoreregex to ignore system authentication issues:
"warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Connection lost to authentication server"
- Add test log messages for both
2015-02-03 11:30:16 -07:00
fb0f463eac
Include consistency
2015-02-03 15:54:05 +01:00
705718be52
Filter apache-botsearch.conf now loads variables from botsearch-common.conf
2015-02-03 04:44:33 +01:00
18778d9174
Created botsearch-common.conf
...
File contains variables used in -botsearch filters
2015-02-03 04:25:47 +01:00
73af02ffc6
Merge pull request #940 from leeclemens/ENH/ApacheFakeGoogleBot
...
New jail: apache-fakegooglebot
2015-02-02 21:44:04 -05:00
df581fe6e2
Merge pull request #929 from opoplawski/pam_auth
...
Add filter variable __pam_auth to allow customize for setups with multiple authorization schemes (Close #928 )
2015-02-02 21:42:10 -05:00
7ada96b4e9
Merge pull request #932 from opoplawski/dovecot
...
Dovecot - dovecot auth failure from EL7
2015-02-02 21:37:28 -05:00
f8fe165cd2
Switched from tabs to spaces for indents
2015-02-03 03:35:22 +01:00
8f6d9c6a5a
Merge branch 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban
...
* 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban :
fixed typos, thanks szepeviktor for review
ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)
Conflicts:
ChangeLog
2015-02-02 21:21:44 -05:00
841c476045
Merge branch 'enh/fakegooglebot' of https://github.com/yarikoptic/fail2ban into yarikoptic-enh/fakegooglebot
...
Conflicts:
config/filter.d/ignorecommands/apache-fakegooglebot
2015-02-02 13:01:23 -05:00
15b65c7ad2
NF: apache-fakegooglebot ignorecommand + DNSUtils.ipToName
2015-02-02 12:19:20 -05:00
7e94ba6f0c
Remove implementation specific suffix
2015-02-02 11:43:05 -05:00
854915920f
Remove implementation specific suffix
2015-02-02 11:38:23 -05:00
af078532ac
New jail: apache-fakegooglebot
...
Detects fake googlebot user agents in apache access log
2015-02-02 00:42:01 -05:00
1619ab3145
Added sendmail-geoip-lines.conf
2015-02-01 00:06:56 +01:00
ec6a30efcf
ENH: define ignoreregex for all filters explicitly, to avoid warnings ( Closes #934 )
2015-01-30 10:38:28 -05:00
c8e82f18b6
Add jail nginx-botsearch
...
Jail blocks requests for predefined non-existent folders. Based on
apache-botsearch jail.
2015-01-29 17:57:52 +01:00
b4776a1ba0
Match dovecot unknown user line
2015-01-29 09:37:37 -07:00
3bc92610f7
Add dovecot auth failure from EL7
2015-01-29 09:11:59 -07:00
6bdfe756cf
Changed default TTL value to 60 seconds.
2015-01-28 22:46:43 -05:00
79b5a2617f
Add filter variable __pam_auth to allow easier changing of pam auth backend
2015-01-27 14:34:27 -07:00
43732acae1
Added a reminder to create an nsupdate.local file to set required options.
2015-01-26 21:48:16 -05:00
085d0f72ed
ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)
2015-01-26 09:19:44 -05:00
65980a70fc
Merge branch 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban
...
* 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban :
use iptables-allports for recidive
Conflicts:
ChangeLog
2015-01-26 09:04:42 -05:00
eb76dcd5a0
add nsupdate action
...
Adds a new action file that uses nsupdate to dynamically update a BIND
zone file with a TXT resource record representing a banned IP address.
Resource record is deleted from the zone when the ban expires.
2015-01-25 23:15:07 -05:00
12e3cca3f2
port[s] typo fixed in jail.conf/nginx-http-auth, issue gh-913
2015-01-19 10:28:53 +01:00
083031524d
BF: adding missing Definition section header to firewallcmd-allports
2015-01-08 21:14:50 -05:00
d7b7f4bc91
Update firewallcmd-allports.conf
2015-01-08 21:06:43 -05:00
77677e43df
Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL
2015-01-07 20:39:04 -05:00
d5ebe542f9
Merge branch 'master' into 'sebres:ban-time-incr'
2015-01-05 19:14:51 +01:00
bda8dc1926
Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL
2015-01-03 15:29:42 -05:00
7eed55266b
Created firewallcmd-multiport
2015-01-01 12:46:48 -05:00
9f91cb2fd8
Created firewallcmd-allports
2015-01-01 12:44:34 -05:00
50e5fd9ed7
Create firewallcmd-multiport.conf
2015-01-01 05:32:41 -05:00
591e444753
Create firewallcmd-allports.conf
2015-01-01 05:32:06 -05:00
0f48cf4284
loosen up regex for spamhaus (spamcop says "Blocked" as part of url)
2014-12-30 19:14:39 -05:00
fe72a5585c
Create Jail for Postfix based on RBL
...
Use RBL blocks to ban addresses, unique Jail so maxretry can be set to 1 (vs postfix.conf)
2014-12-30 19:06:17 -05:00
2d7429c47c
Add 'Client host rejected error message' regex
...
Not sure if it was reworded (using Postfix 2.6) or a slightly different error, but I only have "Client host rejected: cannot find your hostname"
2014-12-30 18:05:19 -05:00
81b3dbde1d
postfix-sasl failregex case insensitive
2014-12-11 00:10:37 +01:00
27bc2e012d
Merge remote-tracking branch 'master' into sebres:ban-time-incr
2014-12-05 17:41:45 +01:00
ccc986b7d8
exim filter: correct failregex for exim with extended log options
...
incoming_interface, incoming_port, outgoing_port
2014-12-04 13:34:44 +03:00
5dc1a583b4
Merge remote-tracking branch 'remotes/upstream/master' into sebres:ban-time-incr
...
Conflicts:
fail2ban/server/actions.py
fail2ban/server/database.py
fail2ban/tests/databasetestcase.py
fail2ban/tests/servertestcase.py
2014-12-01 13:57:51 +01:00
d8867807f5
Separate php-url-fopen logpath by newline
2014-11-28 22:04:09 -07:00
a6a2dc868b
Add ignoreregex to avoid warning on start
2014-11-12 11:05:56 +01:00
9269664350
Add ignoreregex to avoid warning on start
2014-11-12 10:30:28 +01:00
2a3790f8e8
use iptables-allports for recidive
2014-11-04 13:24:54 -05:00
967485c2d0
improving grepping
2014-10-29 23:14:47 -04:00
efbf5064a1
Merge pull request #807 from xslidian/patch-1
...
grep IP at the start of lines
2014-10-29 23:07:10 -04:00
01b2673e34
Use multiport for firewallcmd-new
2014-10-29 16:27:37 -06:00
36abb5ed96
BF: fix $ for % in jail.conf. Debian bug #767255
2014-10-29 13:08:51 -04:00
361c220846
Merge remote-tracking branch 'remotes/upstream/master' into sebres:ban-time-incr;
...
normalize code to python >= 2.6;
2014-10-25 19:05:53 +02:00
e3a037ee3f
merge master
2014-10-25 18:15:34 +02:00
293a5066d2
normalizing time config entries: use time abbreviation (str2seconds) for all time options such 'dbpurgeage', 'bantime', 'findtime', ex.: default '1d' instead '86400';
...
code review and test case extended;
2014-10-24 01:32:04 +02:00
20e6989c73
Merge 'upstream/master' into ban-time-incr:
...
Merge remote-tracking branch 'sebres:cache-config-read-820' into ban-time-incr:
config cache optimized - prevent to read the same config file inside different resources multiple times;
test case: read jail file only once;
+ optimized merge: use OrderedDict.update instead of merge in cycle;
2014-10-08 16:37:07 +02:00
ce4f2d1c88
added filter for PortSentry with jail and samples
2014-10-04 15:08:12 +02:00
fc5f729f01
adding jail conf for shellshock filter
2014-09-26 16:37:50 +01:00
4f636eb0e3
adding filter to detect Shellshock attack attempts against bash scripts through apache. See http://seclists.org/oss-sec/2014/q3/650
2014-09-26 16:25:07 +01:00
930678cc0e
Merge remote-tracking branch 'remotes/upstream/master' into ban-time-incr
2014-09-16 13:53:15 +02:00
2c158fe168
Add apache filter for AH01630 client denied by server configuration
2014-09-14 21:54:05 +01:00
0e1f8f7f39
RF: remove those two additional failregexes for the postfix
...
see comment
https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426
2014-09-13 10:25:27 -04:00
96c20c8379
Merge pull request #804 from pleasantone/master
...
Add support for postfix/submission/smtpd matching.
2014-09-13 10:24:06 -04:00
c58c4de9bc
ENH: add empty ignoreregex to avoid a warning ( Close #805 )
2014-09-13 10:18:37 -04:00
ba44ff312b
grep IP at the start of lines
...
I'm not sure if this regex works best, so I'm patching this single file as a sample.
Don't forget to update `mail-whois-lines.conf` after this patch got merged.
For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
2014-09-09 14:55:34 +08:00
249e169d8e
Update test cases and also suport smtps per request.
2014-09-08 11:53:51 -07:00
1864f75b3b
Credits and notes from #806
2014-09-08 19:02:37 +10:00
d2c086b187
fixed encoding
2014-09-08 10:26:08 +02:00
218ffe862e
fixed encoding
2014-09-08 10:23:07 +02:00
544cfaff2c
Add support for postfix/submission/smtpd matching.
2014-09-06 10:23:38 -07:00
0d9cfb84e3
Merge pull request #778 from yarikoptic/enh/symbiosis
...
ENH: symbiosis-blacklist-allports action
2014-08-20 23:00:11 -04:00
426ed7ff2f
Merge pull request #780 from opoplawski/logpath
...
Fxi jail.conf to use more syslog macros
2014-08-20 22:59:23 -04:00
62c755c1d5
Merge remote-tracking branch 'upstream/master' into ban-time-incr
...
Conflicts resolved:
fail2ban/server/database.py
fail2ban/tests/servertestcase.py
delBan modified (if manually unban):
delete from "bips" also (bad ips)
delete all tickets of this ip, also if currently not banned
2014-08-15 11:39:55 +02:00
93243e7d57
ENH: Ignore errors while unbaning in symbiosis firewall
...
Fail2Ban at times "interfers" with the firewall reflashing thus leading
to the sporadic errors. IMHO should be safe to ignore
2014-08-12 11:57:07 -04:00
763115b1eb
added systemd configuration for postfix-sasl.conf
2014-08-11 21:54:27 +02:00
aee560b1c6
Merge branch 'master' of git://github.com/fail2ban/fail2ban
...
* 'master' of git://github.com/fail2ban/fail2ban:
1.5 version of Fail2ban logwatch file
Fix typos.
2014-08-11 13:10:02 -04:00
6fc04c2256
Merge branch 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban (with some tune up to Changelog entry)
...
* 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban :
ENH: cyrus-imap -- catch also 'user not found' attempts
BF: cyrus-imaps -- catch also for secured daemons
Conflicts:
ChangeLog
2014-08-11 13:09:43 -04:00
f403bad0ab
Merge pull request #775 from alimony/patch-1
...
Fix typos.
2014-08-11 13:08:30 -04:00
b79a82ebdd
minor typo
2014-08-08 15:57:41 -04:00
6b554fbe98
Fxi jail.conf to use more syslog macros
2014-08-08 13:27:32 -06:00
818dd59d65
ENH: symbiosis-blacklist-allports action
2014-08-08 11:57:30 -04:00
7b76322898
Fix typos.
2014-08-02 12:21:59 +02:00
4a23a7dcf1
Merge pull request #766 from leftyfb/master
...
Added cloudflare action
2014-07-28 15:34:09 -04:00
6dbd449f77
Changed to Cloudflare JSON API
2014-07-28 11:10:50 -04:00
2e7b8adb3b
Fix sieve filter to use correct option
2014-07-28 23:42:02 +09:00
f19c5fc939
Merge pull request #770 from eltrai/master
...
Forwards bantime to action scripts
2014-07-28 10:17:08 -04:00
f9cfbd66e6
Merge pull request #771 from szepeviktor/patch-1
...
named users + smtp auth probes
2014-07-28 10:14:18 -04:00
143a55bf26
Update courier-smtp.conf
2014-07-28 12:51:38 +02:00
2d7f2fa33f
Merge pull request #756 from marclaporte/patch-1
...
typo
2014-07-27 21:49:24 -04:00
45c1095606
Merge pull request #750 from niorg/master
...
Added Directadmin filter, jail and log test
2014-07-27 21:47:07 -04:00
3339dc8d84
ENH: cyrus-imap -- catch also 'user not found' attempts
2014-07-25 10:13:04 -04:00
3e5c598b79
BF: cyrus-imaps -- catch also for secured daemons
2014-07-25 10:02:40 -04:00
d757ef584f
Update courier-smtp.conf
2014-07-20 21:09:10 +02:00
a786e8a29b
named users + smtp atuh probes
2014-07-20 19:59:54 +02:00
3d7504c19e
Forwards bantime to action scripts
...
That way, ipset and afctl will use a real timeout and not default to a fixed value for all jails
2014-07-20 16:25:59 +02:00
cba570cabd
Updated comments
2014-07-17 23:49:35 -04:00
5471e99ebe
Added cloudflare action
2014-07-17 22:54:30 -04:00
6cddc65cee
BF: path to exim's mainlog on Fedora (Thanks Frantisek Sumsal) + changelog entry
2014-07-14 12:16:12 -04:00
43950d8b7e
BF: fix path to the exim log on Debian systems (/var/log/exim4)
2014-07-08 11:09:25 -04:00
3777591ab0
typo
2014-07-05 11:55:57 -04:00
add8e61036
Added Directadmin filter, jail and log test
2014-07-02 13:52:06 +02:00
00b7205a3c
Merge remote-tracking branch 'remotes/upstream/master', fix test cases (see bellow)
...
Conflicts resolved:
ChangeLog
fail2ban/server/filter.py
fail2ban/server/jail.py
fail2ban/tests/actionstestcase.py
Test cases fixed:
testBanActionsAInfo - fail ticket with current time (otherwise ticket will be ignored - ban time too old)
testFail2BanExceptHook - use local sys.__excepthook__ to check was really executed and prevent write error in stderr.
2014-06-24 14:02:24 +02:00
0adb10f653
Merge branch 'ainfo-copy' of https://github.com/kwirk/fail2ban
...
* 'ainfo-copy' of https://github.com/kwirk/fail2ban :
TST: actions modifying aInfo test more robust
TST: Test for actions modifying (un)ban aInfo
BF: aInfo could be modified by actions, causing unexpected behaviour
2014-06-22 10:53:30 -04:00
2d54161696
Merge branch 'kwirk/harmonize-log-msgs'
...
Conflicts:
ChangeLog - Keep all additions
2014-06-22 12:57:49 +01:00
76a5633ff9
Merge pull request #739 from ranvis/enh-iptables-ipsets
...
ENH: Add <chain> to iptables-ipsets.
2014-06-21 22:48:49 +01:00
ccf2521a6d
Merge branch 'master' of https://github.com/fail2ban/fail2ban into ban-time-incr;
...
Conflicts in ChangeLog resolved;
obsolete imports removed;
2014-06-19 17:40:00 +02:00
65ff3e9604
ENH: Introduce iptables-common.conf.
2014-06-18 19:04:57 +09:00
94232d7c31
Merge pull request #726 from pmarrapese/master
...
Minor improvement to sshd filter
2014-06-17 23:43:42 +01:00
8268c1641f
BF: aInfo could be modified by actions, causing unexpected behaviour
...
A separate copy of aInfo is passed to each action
2014-06-17 23:24:23 +01:00
93d5c363ca
Merge branch 'enh/oracle_msg_server'
...
* enh/oracle_msg_server:
ENH: make oracleims failregex better anchored (more explicit)
Update oracleims.conf to be 'less greedy'
Update THANKS
Update jail.conf for oracleims filter.
Create test for oracleims filter
Create oracleims.conf in filter.d for new filter
2014-06-16 09:22:42 -04:00
1e1c4ac62a
ENH: Add <chain> to iptables-ipsets.
2014-06-16 21:30:13 +09:00
994fe77e59
ENH: make oracleims failregex better anchored (more explicit)
2014-06-10 03:52:16 -04:00
5165d2f6ea
Update oracleims.conf to be 'less greedy'
...
This assumes that the protocol is always a string, which it always is, and that the other four fields in the "tr" are always numeric (which they always are). See port_access documentation at http://docs.oracle.com/cd/E19563-01/819-4428/bgaur/index.html
2014-06-09 18:44:27 -07:00
70ed93d8cc
Update jail.conf for oracleims filter.
...
This is the jail.conf update. Hopefully this will go into pull request #734 .
2014-06-09 18:37:31 -07:00
e8131475cd
ENH: Realign and harmonise log messages with getF2BLogger helper
2014-06-09 22:17:00 +01:00
db023be09b
BF: Fix bad syntax in badips.py action
...
Taken from https://bugzilla.redhat.com/attachment.cgi?id=895966&action=diff
2014-06-07 20:51:53 +01:00
681bc2ef07
observer functionality introduced (asynchronous events in separate service thread);
...
ban time increment feature nearly completely moved into observer;
purge database will be called hourly in observer;
bug fixing and code review;
2014-06-06 18:44:59 +02:00
9b7c35810a
Create oracleims.conf in filter.d for new filter
...
Created oracleims.conf to catch messages from Sun/Oracle Communications Messaging Server v6.3 and above (including v7)
2014-06-02 22:55:59 -07:00
96918acee4
more explicit match for sshd filter & added test
2014-05-19 20:47:16 -07:00
46d6e93800
adjusted sshd filter regex to catch more verbose lines
2014-05-18 22:12:54 -07:00
8fd083a1ea
Merge remote-tracking branch 'remotes/kwirk/sebres-strptime-bug' into ban-time-incr
2014-05-15 17:12:11 +02:00
77ba065571
Merge pull request #697 from jhmartin/monit_admin_hack
...
Block brute-force attempts against the Monit gui
2014-05-07 22:23:01 +01:00
0121e09907
default formula faster and more readable, comparable with "multipliers", like 2**N, default factor for both solutions is 1 now
2014-05-07 13:28:04 +02:00
c48e404e63
option "multipliers" added, how proposed from @yarikoptic;
...
the calculate formula is rewritten to lambda / compiled solution (up to 10 million times per seconds);
code review;
2014-05-06 16:07:16 +02:00
ccf07c4b21
- some bug fixed to pass all test cases;
...
- database_v1.db/bans/jail-name bug fixed - cause of different jail name in jails and bans, in test case (by updateDb): FOREIGN KEY constraint failed:
$ sqlite3 fail2ban/tests/files/database_v1.db
sqlite> select distinct jail from bans;
DummyJail #16244880 with 0 tickets
sqlite> select distinct name from jails;
DummyJail #29162448 with 0 tickets
sqlite> update bans set jail = (select distinct name from jails);
2014-05-05 14:47:50 +02:00
6f7c9b7d0f
introduced new feature "ban time exponential increasing":
...
"bantimeextra.enabled" in jail.conf allows to use database for searching of previously banned ip's to increase a default ban time using special formula,
by default, each next ban it will be original banTime * 1, 2, 4, 8, 16, 32...
see "jail.conf" for some other options of "bantimeextra";
additional we can configure a little randomization of ban time, to prevent "clever" botnets calculate exact time IP can be unbanned.
WARNING: by first start the server upgrades sqlite database (table "bans" will recreated with another schema);
2014-05-05 12:38:54 +02:00
bc10b64c69
ENH: Match non "Bye Bye" for sshd locked accounts failregex
2014-04-27 13:35:55 +01:00
596b819bdc
DOC: minor -- tabify docstring in badips.py action
2014-04-23 10:04:17 -04:00
9c3cb31862
Even stricter monit regex, now covers entire line
2014-04-22 21:29:52 -07:00
72bfd14330
Tidy up filter.d/monit.conf, make regex more complete.
...
Add ChangeLog / THANKS entry.
Add test cases.
2014-04-19 13:04:03 -07:00
03d90c2f42
BF: recidive filter and samples at wrong log level: WARNING->NOTICE
2014-04-19 18:07:23 +01:00
7d112430ca
Block brute-force attempts against the Monit gui
2014-04-16 21:21:41 -07:00
d4427e5a76
Merge pull request #683 from yarikoptic/fix/682
...
Fix typos referencing paths-common, provide empty defaults for syslog_ log files (Partial fix to #682 )
2014-04-15 17:14:28 +01:00
9fcb92524e
BF: badips.py action logging of exc_info on debug typo
2014-04-12 11:21:52 +01:00
8bcb25c3a2
defining empty defaults for syslog_ log targets for common (Thanks @chtheis, partial fix to #682 )
2014-04-10 23:17:39 -04:00
7dcea0d48d
typos of paths-common (Thanks @chtheis, partial fix to #682 )
2014-04-10 23:17:30 -04:00
5bccec61e4
ENH: adding pruned with previous merge trailing \s* in nginx filter
2014-04-03 21:31:46 -04:00
941a38ea8e
nginx-http-auth: match when "referrer" is present
...
A sample log-line is provided. The updated regex successfully matches
this line.
Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>
2014-04-04 01:27:39 +01:00
d7e888238c
Correct grammar
2014-04-03 10:44:49 -04:00
6e8c1b2871
nginx-http-auth filter: match server_name = ""
...
As documented at
http://nginx.org/en/docs/http/server_names.html#miscellaneous_names "If
no server_name is defined in a server block then nginx uses the empty
name as the server name." This regex change allows us to match error
output for such a configuration.
The log line added to the tests was lifted from our logs verbatim; it
did not match without the patched regex.
Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>
2014-04-03 11:04:21 +01:00
3a155ed2e0
Update comments in shorewall.conf for new settings
2014-04-01 16:52:21 +01:00
1c36da9df9
Fix 2 more typos that codespell didn't catch
2014-03-25 10:57:20 +00:00
1695d5c076
Fix a few typos
...
Found with https://github.com/lucasdemarchi/codespell
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
2014-03-24 13:16:52 +00:00
5a1ad75114
Fix typo in comment
2014-03-18 03:07:19 +01:00
41cbbbc248
BF: Remove unused imports and variables.
...
All highlighted by using pyflakes.
2014-03-16 14:31:34 +00:00
16125ec81a
BF: badips.py action methods not static due to use of self._logSys
2014-03-16 14:18:19 +00:00
6c5a978d6f
BF: journalmatch for recidive should be NOTICE level not WARNING
2014-03-15 13:29:44 +00:00
7611096162
Merge branch '0.9' of https://github.com/fail2ban/fail2ban into 0.9
2014-03-14 22:31:16 +11:00
aa7e8fb9ce
DOC: Credits. close gh-644
2014-03-14 22:30:44 +11:00
9e374b159e
ENH: Allow setting of badips.py key for reporting and blacklisting
2014-03-13 22:45:10 +00:00
de43d1d6d5
ENH: Change badips.py default score to "3"
...
As per recommendation from Amy from badips.com
2014-03-13 22:05:50 +00:00
476d79d3cc
ENH: asterisk filter to support syslog format
2014-03-14 09:03:27 +11:00
415f187644
ENH: sendmail-reject for all smtp ports.
2014-03-14 07:12:12 +11:00
a78a9d282c
DOC: Document that badips.py action should be last action for jail
2014-03-13 20:04:30 +00:00
0222ff4677
Merge branch 'badips-blacklist' into 0.9
...
Conflicts:
ChangeLog
- entires added in both branches.
Change:
config/action.d/badips.py
- jail.getName() changed to jail.name
2014-03-13 20:01:15 +00:00
0c63d0061a
DOC: Add documentation for badips.py action
2014-03-13 19:58:32 +00:00
dfb46cfda6
BF: Require Python 2.7+ for badips.py action
2014-03-12 21:54:15 +00:00
df882feb16
ENH: expand sendmail-reject jail to 465,submission
2014-03-13 07:44:02 +11:00
ef29d7bd29
ENH: paths-{common,distro} normalisation
2014-03-12 20:32:41 +11:00
50d938e0bf
MRG: merge filter sendmail-spam into sendmail-reject
2014-03-02 16:28:23 +11:00
666fd5eceb
ENH: purge excessive jail variations
2014-03-02 16:11:53 +11:00
69f5baae36
ENH: jail.conf to use syslog_mail
2014-03-02 15:18:41 +11:00
2d45becb0e
Merge branch '0.9' into distro-paths-gh-315
2014-03-02 15:17:21 +11:00
2d8c497ce5
ENH: highlight missing osx paths
2014-03-02 15:16:53 +11:00
cc8ec826c5
MRG: from master 2014-03-02
2014-03-02 14:33:45 +11:00
853bed8e4f
ENH: more sendmail-reject filter items thanks to fab23
2014-03-02 14:04:27 +11:00
d0ec09a3b5
BF: move to right location
2014-03-01 15:50:30 +11:00
c10cc20928
ENH: rename sendmail-spam to sendmail-reject
2014-02-28 08:41:04 +11:00
d34569fb8d
BF: email address as arg1 in sendmail filters
2014-02-27 11:38:23 +11:00
72c84fe9b0
ENH: wider regex for RBL and sendmail-spam
2014-02-27 10:02:34 +11:00
fe1725c603
BF: add jail.conf definitions for sendmail* filters
2014-02-26 19:31:09 +11:00
3d776afbb0
ENH: add filter for sendmail-{auth,spam}. Closes gh-20
2014-02-26 19:16:49 +11:00
a9b9c6ea03
Merge branch 'logging' into 0.9
...
Conflicts:
fail2ban/server/actions.py
jail getName()->name
fail2ban/server/filter.py
jail getName()->name
2014-02-23 23:03:56 +00:00
df8d700d17
RF: Refactor Jail and JailThread
...
Includes:
- documentation to new format and use of properties
- change isActive->is_active as former no longer documented for
python3, and later introduction and documented in python2.6
- status formatter in beautifier somewhat more automatically
formatted; no changes are required for additional status elements
- JailThread now set to active within `start` method, complimenting
`stop` method
2014-02-23 17:41:14 +00:00
a4731ef988
DOC: Correct log levels
2014-02-20 23:09:45 +00:00
5630c56c75
ENH: Change logging levels and make info more verbose
2014-02-20 23:01:40 +00:00
9be22a96a6
Merge pull request #614 from kwirk/complain-abusix
...
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
2014-02-20 09:17:23 +11:00
cc463aa60d
Merge pull request #620 from kwirk/xarf-tweaks
...
BF: Fix misplaced ";", and duplicate {ip,}matches
2014-02-20 09:16:11 +11:00
b6f9b9161d
BF: remove self reference
2014-02-20 09:01:05 +11:00
a044517cb7
MRG: from master to 0.9 2014-02-20
2014-02-20 08:35:24 +11:00
79e6543eca
Merge branch '0.9' into distro-paths-gh-315
2014-02-20 08:20:47 +11:00
83266eb668
ENH: framework for distro paths
2014-02-20 08:20:02 +11:00
8c5525163b
BF: Fix misplaced ";", and duplicate {ip,}matches
2014-02-18 15:13:02 +00:00
997729e274
BF: Fix complain action for multiple recipients and misplaced ";"
2014-02-18 15:05:06 +00:00
7c76f7f204
BF: $EUID not avilable in all shells, replaced with `id -u` in xt_recent
2014-02-16 17:56:06 +00:00
2a37ee2fb7
ENH: Add root user check in xt_recent, and add missing actionstop
...
Thanks to Helmut Grohne on IRC for suggestion
2014-02-16 16:52:30 +00:00
5c7630c4be
ENH: Allow separate blacklist category for badips.py action
2014-02-14 17:45:08 +00:00
cf81ddd8e2
BF: Add error handling in badips.py action
2014-02-14 17:10:34 +00:00
31f4ea59cb
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
...
Taken from xarf-login-attack action from 0.9 branch by Daniel Black
2014-02-13 22:00:33 +00:00
f68d85a6ac
Merge branch 'master' into 0.9
...
Conflicts:
ChangeLog
Spelling correction of 0.8.13 fixed in master
config/jail.conf
Added nagios and duplicate php-url removal in master
Just nagios added, duplicate not issue in 0.9
2014-02-13 20:14:40 +00:00
c701ac9276
DOC: document LogLevel requirement for "Connection from" regex"
2014-02-13 16:20:36 +11:00
5f4d0ed576
ENH: ssh filter - "Disconnecting: Too many authentication failures.." matching Connection log message
2014-02-13 09:13:46 +11:00
993b7d3dfb
Duplicate jail "php-url-fopen"
2014-02-10 21:41:50 +01:00
dff8909473
ENH: Add badips.com reporting and blacklisting action (python based)
2014-02-09 12:23:14 +00:00
c207ad6058
removing ignoreip at [nagios]
...
I removed the ignoreip setting from the nagios section. As pointed out, it is redundant here. Nagios server, under normal circumstances should not trigger any access errors, and would be included in the global ignoreips anyway.
2014-02-06 00:27:38 +01:00
f5f434f846
removing the second failregex
...
The second failregex was supposed to catch an error concerning an ACL denial over IPv6, but this message is no more generated by the nrpe version (v2.15) that introduced the IPv6 support, so the first failregex seems to be sufficient.
2014-02-06 00:22:05 +01:00
a71bb89ccd
removing a dot (typo)
...
The dot at the ignoregex did not belong there. Somehow it was added during the copying and pasting. Thanks for reporting it, I did not see it. Otherwise, empty ignoregexes are in all filters, and if they are missing, fail2ban client shows warnings when starting the filter, which I prefer avoiding.
2014-02-03 23:12:56 +01:00
dac4dd465e
ENH: Nagios filter
...
added typical configuration settings for the nagios filter
2014-02-03 21:51:49 +01:00
c91fda8619
ENH: Nagios filter
...
Sample log for the first failregex is available in the testcases. No example available for the IPv6 denial yet.
2014-02-03 21:46:07 +01:00
ef82eac790
DOC: openssh real protection is pubkey
2014-02-02 15:16:40 +11:00
59b9045e88
MRG: from master 2014-02-02
2014-02-02 13:21:16 +11:00
273b2f45a3
MRG: remove the "no auth attempts" as per aseques gh-600
2014-01-29 20:43:51 +11:00
9b614ce486
ENH: dovecot filter enhancements
2014-01-29 20:27:45 +11:00
84617fa6da
Fixed a failing case
2014-01-28 16:19:35 +01:00
08171ba52f
Removed the -no auth attempts- from the triggers because of lots of FP
2014-01-28 12:44:46 +01:00
a749a2780e
Merge pull request #593 from grooverdan/tine
...
ENH: Tine20 filter
2014-01-26 18:50:42 -08:00
1a1e3bec86
ENH: framework for distro paths
2014-01-25 23:25:54 +11:00
256c732bcd
BF/ENH: filter pure-ftpd - re-add _daemon. Add translations
...
_daemon was accidently removed in
89fd792dfb
2014-01-25 12:19:46 +11:00
1e1261ccb4
MRG: from master 2014-01-23
2014-01-23 17:45:18 +11:00
ca57427080
BF: firewallcmd-ipset had non-working actioncheck
2014-01-23 17:41:13 +11:00
c8ae064b79
ENH: tighten regex and change failJSON to support timezone. Closes gh-583
2014-01-22 22:16:03 +11:00
2063d96e59
MRG: import Lars' PR for tine20
2014-01-22 18:12:19 +11:00
8221c7ca71
TST+BF: Add tests for python actions, including test for smtp.py
...
Also fix bug when specifying multiple recipients for smtp.py action
2014-01-20 23:10:43 +00:00
a0f39255bc
BF: Kerio log datepattern fix for recent datepattern full regex merge
2014-01-20 23:00:38 +00:00
a650178bd1
MRG: merge from master 2014-01-19
2014-01-19 14:48:29 +11:00
263ac32730
ENH: test log samples for kerio thanks to
...
Tony Lawrence
2014-01-18 23:18:33 +11:00
1452be4a3a
Merge pull request #588 from grooverdan/badips
...
ENH: Badips action (reporting)
2014-01-17 23:10:29 -08:00
f566cab766
Merge branch 'master' into badips
2014-01-15 09:37:11 +11:00
657da2041c
BF: dovecot filters, session characters and order of session/tls in log messages
2014-01-15 08:02:47 +11:00
2333b2d5d9
MRG: from 0.9
2014-01-13 22:17:14 +11:00
c7f887642d
Merge branch '0.9' into master_to_0.9
2014-01-13 21:23:42 +11:00
3de80545e0
MRG: from master 2014/01/13
2014-01-13 21:23:39 +11:00
01e5ae1234
Merge pull request #584 from grooverdan/exim-auth
...
ENH: Exim auth
2014-01-13 02:20:47 -08:00
08b4f3e5f2
Merge branch 'patch-5' of https://github.com/truxoft/fail2ban into exim-auth
2014-01-13 19:26:12 +11:00
47dd8fb897
ENH: filter for Tine 2.0
2014-01-13 06:04:59 +01:00
2d8c0b26e4
Matching any Exim authentication name
...
As explained in https://github.com/grooverdan/fail2ban/pull/4 , in Exim there can be used plenty of other standard authentication names, and in fact the names can be custom. The failregex in Exim filter should catch authentication errors regardless of the name of the authentication. Hence replacing the plain|login with the general \w+
2014-01-13 01:38:49 +01:00
6b0e6b9bca
ENH: add improper command pipelining postfix filter
2014-01-13 06:59:59 +11:00
a443b8b4d3
BF: remove second jail definition
2014-01-12 21:45:39 +11:00
cd3e94140c
MRG: complete merge
2014-01-12 21:16:55 +11:00
f2e55e8499
ENH: add filter for squirrelmail. Closes gh-261
2014-01-12 20:27:36 +11:00
1e8ed55a36
MRG: from 0.9
2014-01-12 20:15:34 +11:00
b52a4441fd
Support ACL-events without AccountID. Typically happens when a registration
...
from an unknown domain is performed.
Add credits
2014-01-12 01:28:55 +01:00
0dd6533680
BF: Add ejabberd-auth to jail.conf
2014-01-09 23:22:12 +00:00
128112d51c
ENH: ejabberd filter
2014-01-09 22:47:17 +00:00
8333abe420
Merge pull request #557 from grooverdan/apache-botsearch
...
ENH: Apache botsearch + BF: tag substition
2014-01-09 14:11:00 -08:00
b0baab3a0e
ENH: more test cases and wider regex
2014-01-10 08:40:24 +11:00
4b33f96db4
DOC: fix comment regarding apache version in apache-noscript
2014-01-10 08:35:37 +11:00
8e5366a7e9
DOC: for apache-botsearch and apache-botsearch
2014-01-10 07:34:01 +11:00
7e8da15fc6
Merge pull request #572 from grooverdan/counterstrike
...
ENH: Counter Strike filter
2014-01-08 12:47:10 -08:00
6532a2e2f7
Merge pull request #548 from grooverdan/exim-honeypot
...
Exim honeypot
2014-01-07 06:14:42 -08:00
d94efe719d
ENH: jail.conf for counter-strike
2014-01-07 20:50:50 +11:00
0fb6bc7188
ENH: add filter for Counter Strike 1.6. Closes gh-347
2014-01-07 20:33:57 +11:00
aabdc51e87
BF: revert separate jail for exim-honeypot as only exim-spam exists.
2014-01-07 16:26:29 +11:00
9e087b508d
MRG: from 0.9
2014-01-07 16:11:40 +11:00
58ebf659e4
MRG: from 0.9 to make history cleaner
2014-01-07 16:07:58 +11:00
9a8b449086
DOC: some typos, fixes from Vincent Lefevre
2014-01-06 23:38:52 -05:00
9e390d6549
ENH: jail.conf for exim-honeypot
2014-01-07 11:53:20 +11:00
809581ae99
ENH: jail.conf for apache-botsearch
2014-01-07 11:52:21 +11:00
ed9ed6d0cb
TST/ENH: fix test case for ReadStockJailFilterComplete and add missing jails
2014-01-07 11:27:54 +11:00
10fa5e3439
BF: fix jails for gssftpd and qmail
2014-01-07 10:49:11 +11:00
549f64e86c
BF: remove imap2 - not an IANA and probably not used
2014-01-07 10:25:29 +11:00
320861b7dc
Merge branch 'more-jails-0.9' into master_to_0.9
2014-01-07 10:24:27 +11:00
76468942f9
MRG: complete merge from master
2014-01-07 10:24:23 +11:00
fa6a183e94
BF: typos in jail.conf corrected
2014-01-07 09:49:27 +11:00
a31c76f126
ENH: jail cleanup and fill in missing for 0.9
2014-01-07 09:34:39 +11:00
755af0a51e
Merge pull request #562 from grooverdan/jail.conf-complete_and_correct
...
ENH: Jail.conf now has all filters and TST: a mechanism to test this is truee
2014-01-06 12:08:45 -08:00
90fdf5fc21
ENH: jail.conf entry for groupoffice
2014-01-07 06:55:38 +11:00
ab3ded2205
Merge pull request #549 from kwirk/python-actions
...
ENH: Python actions
2014-01-06 02:58:45 -08:00
50eab4df81
ENH: add filter groupoffice. Closes gh-566
2014-01-06 21:56:22 +11:00
f137c7b107
BF: stunnel doesnt need datepattern as its inbuilt
2014-01-06 09:53:54 +11:00
1687505995
BF: Fix datepattern
2014-01-06 09:06:05 +11:00
6c301ae210
Merge pull request #563 from grooverdan/gh-289-ssh
...
BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHAN...
2014-01-05 09:55:05 -08:00
03aba92238
ENH: add kerio filter
2014-01-05 23:41:49 +11:00
1c5787174f
BF: escape . in stunnel filter
2014-01-05 23:25:49 +11:00
a8e0498389
BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHANGE_FAILED. closes gh-289
2014-01-05 21:26:26 +11:00
a9f804e443
ENH: complete stock jail.conf to contain all filters
2014-01-05 21:03:16 +11:00
6ce2ba2895
ENH: additional phpmyadmin tips from Tom on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal . Block is now a prefix of a path
2014-01-05 11:48:35 +11:00
c37ee4cc52
DOC: filter.d/vsftpd doco from wiki
2014-01-05 11:30:56 +11:00
6602937ee1
DOC: filter.d./pure-ftpd doco from wiki
2014-01-05 11:24:20 +11:00
69a850d226
DOC: Update docstrings for smtp.py action
2014-01-04 22:46:57 +00:00
6e63f0ea5a
RF: Change Jails and Actions to Mapping types
2014-01-04 16:57:08 +00:00
d7666c8942
DOC: bit more on how to use freeswitch
2014-01-04 12:39:48 +11:00
23f0b854da
MRG: merge in freeswitch
2014-01-04 12:24:40 +11:00
69b3a1cf64
BF: catchin DEBUG messages will result in duplicates
2014-01-04 12:10:51 +11:00
05b159c74b
Merge pull request #464 from grooverdan/increase-jail-name-length
...
ENH: Actions to have f2b- as prefix instead of fail2ban- as per #462
2014-01-03 14:48:56 -08:00
3d1a1afca4
MRG: to more recent 0.9
2014-01-04 09:31:05 +11:00
5fe75436cc
DOC: DEV NOTES before author names
2014-01-04 08:53:45 +11:00
477f30665a
DOC: ignoreip for internal ips on freeswitch
2014-01-04 08:31:42 +11:00
36533de6bc
ENH: more filter expressions for freeswitch. Anchored existing one at end too
2014-01-04 08:21:22 +11:00
d1faae3b3b
BF: port not used in jail definition for freeswitch
2014-01-04 08:01:42 +11:00
938ef689de
DOC: dev notes on stunnel
2014-01-04 07:55:26 +11:00
80d6f74ee8
RF: Refactor actions further, include removing server proxy interface
...
This allows direct setting of action properties and calling of methods
from the fail2ban-client if so required.
2014-01-03 17:04:49 +00:00
7c09a61ca5
ENH: add apache-botsearch. Closes gh-544
2014-01-03 23:12:58 +11:00
b8536490ef
ENH: filter for stunnel from fail2ban wiki
2014-01-03 19:32:29 +11:00
a0c2de3e4d
DOC: document incompatiblity between APF and iptables-* actions. Closes gh-510
2014-01-03 16:51:38 +11:00
04d28fd2e1
ENH: add filter freeswitch - as raised on mailing list
2014-01-03 13:00:37 +11:00
117d3b0466
MRG: horde filter from master
2014-01-03 10:34:59 +11:00
83f3aeb308
ENH: filter for horde
2014-01-02 23:12:36 +11:00
98bf511443
BF: Incorrect number of arguments in smtp.py action connect log
2014-01-01 23:50:44 +00:00
5b2b59d752
ENH: python actions use initOpts as **kwargs
...
Adds an easy way to handle case where mandatory arguments are missed, or
not valid arguments are passed
2014-01-01 23:18:11 +00:00
6ef911185d
ENH: Add matches to smtp.py action
2014-01-01 12:27:49 +00:00
55688395fb
DOC: doco for exim-spam
2014-01-01 22:56:08 +11:00
9c7bb3b97e
ENH: exim-spam to take honeypot email address as argument. Closes #541
2014-01-01 22:45:13 +11:00
391b5fc883
MRG: from master again 2014-01-01
2014-01-01 19:28:38 +11:00
f37c90cdba
ENH: Python based actions
...
Python actions are imported from action.d config folder, which have .py
file extension. This imports and creates an instance of the Action class
(Action can be a variable that points to a class of another name).
fail2ban.server.action.ActionBase is a base class which can be inherited
from or as a minimum has a subclass hook which is used to ensure any
imported actions implements the methods required.
All calls to the execAction are also wrapped in a try except such that
any errors won't cripple the jail.
Action is renamed CommandAction, to clearly distinguish it from other
actions.
Include is an example smtp.py python action for sending emails via smtp.
This is work in progress, as looking to add the <matches> and whois
elements, and also SSL/TLS support.
2013-12-31 18:54:34 +00:00
e8710b679d
ENH: stronger regex for failregex
2013-12-31 08:22:52 +11:00
856407379b
ENH: add filter openwebmail. Closes gh-543.
2013-12-31 08:09:00 +11:00
ccb64e68b4
DOC: for exim-spam to say how to enable the log lines for the latest regex
2013-12-29 21:53:26 +00:00
b5f5ddf123
ENH: end anchor for exim-spam
2013-12-29 20:56:25 +00:00
d727ba639a
ENH: exim-spam to include spamassassin log entry. Closes gh-533
2013-12-29 20:16:37 +00:00
c074773805
ENH: apache modsecurity from 0.9 branch
2013-12-29 07:06:13 +00:00
be382dae4d
MRG: ufw changelog conflicts
2013-12-29 05:45:06 +00:00
1f6ece2a40
Merge pull request #490 from grooverdan/firewallcmd-ipset
...
ENH: add firewallcmd-ipset
2013-12-28 21:43:49 -08:00
ea2a13946e
TST: more test of filters
2013-12-29 05:29:59 +00:00
c9cfdca396
ENH: add filter for apache-modsecurity
2013-12-28 22:28:11 +00:00
ddac79c15c
TST: include blank ignorecommand in jail.conf to indicate default value and to raise test coverage
2013-12-25 11:01:31 +00:00
ebd89ec077
New ignorecommand that is added to the ignoreip list from output of an external program
...
ignorecommand update man and fix protocol help
ENH: run ignore command only after internal list has been examined. Change interface on ignorecommand to take IP as environment variable and return true if it is to be banned
ENH: ignore IP command to take tagged command
DOC: man pages for ingorecommand
TST: add test cases for ignorecommand
2013-12-24 23:55:35 +03:00
382d68f0fe
DOC: perfork model for apache log format
2013-12-23 09:09:48 +00:00
1b7df1181f
BF: apache-2.4 log format fix. Closes gh-516
2013-12-23 08:28:40 +00:00
7af58b9984
Merge branch 'apache-noscripts' of https://github.com/grooverdan/fail2ban
...
* 'apache-noscripts' of https://github.com/grooverdan/fail2ban :
ENH: apache-noscript now matched php-cgi scripts. Closes gh-503
Conflicts:
ChangeLog -- two new entries collided, Reformatted the merged one a bit
2013-12-22 22:28:57 -05:00
a9b7d33c51
ENH: apache-noscript now matched php-cgi scripts. Closes gh-503
2013-12-19 10:01:24 +00:00
a1a219189f
Merge pull request #493 from grooverdan/xarf-ipmatch
...
ENH: use ipmatches for action xarf-login-attack
2013-12-19 01:28:49 -08:00
ed2f46759c
MRG: restore accidently deleted pam comment in jail.conf
2013-12-19 09:21:12 +00:00
44a0981495
MRG: fix recidive filter
2013-12-19 09:18:18 +00:00
d22716ab63
ENH: Add nsd filter and amend DateEpoch to match date format
2013-12-18 22:31:54 +00:00
7c0efc8ec8
MRG: merge so far - flushLogs not working yet
2013-12-16 15:08:34 +00:00
4eedf9d4e1
ENH: use ipmatches for action xarf-login-attack
2013-12-15 23:49:38 +00:00
a398c51d6c
ENH: simplify actioncheck on firewallcmd-new a little more
2013-12-15 22:36:47 +00:00
772def1095
Merge pull request #491 from kwirk/ipmatches
...
ENH: Add <ipmatches> and <ipjailmatches> tags + sendmail implementations
2013-12-15 14:29:02 -08:00
40007abc1d
ENH: Refactor and add database matches and failures for sendmail actions
2013-12-15 21:41:43 +00:00
2deb76e3f9
Merge pull request #492 from grooverdan/abusix-disclaimer
...
ENH: full abusix disclaimer in action xarf-login-attack
2013-12-14 13:35:43 -08:00
1c6c011154
EHH missed trailing .
2013-12-14 21:22:46 +00:00
868a4ea470
ENH: full abusix disclaimer in action xarf-login-attack
2013-12-14 21:18:20 +00:00
9fe0a69852
ENH: add firewallcmd-ipset
2013-12-14 09:06:01 +00:00
4ffc57e14f
ENH: simplify firewallcmd-new actioncheck and provide output samples
2013-12-14 07:11:29 +00:00
ed816afbcd
ENH: add badips action
2013-12-14 01:41:28 +00:00
1ff52dfe4d
DOC: document ufw a bit more. Change insertpos default to 1 to allow it to work if the user run ufw enable
2013-12-14 00:40:47 +00:00
f35345ecaa
ENH: add ufw action based off Guilhem Lettron's work in lp-#701522. Closes gh-455
2013-12-14 00:34:12 +00:00
13ccebe78f
BF: fix actioncheck in firewallcmd
2013-12-13 23:40:51 +00:00
0bcff771b8
ENH: Add <ipmatches> and <ipjailmatches> tags
...
Example use filter also added for sendmail-whois with ipmatches rather
than grepped lines
2013-12-13 22:40:11 +00:00
2c3dbc8046
BF: In 0.9 recidive bans come from fail2ban.server.actions
...
Also changed journalmatch to limit to WARNING priority to avoid the
recidive + DEBUG combo issue
2013-12-13 21:55:43 +00:00
b7d1579c9d
MRG: branch 'kwirk/database' into 0.9 - gh-480
...
Conflicts:
fail2ban/tests/utils.py
- Another test suite added in separate commit e09b700
2013-12-13 17:15:19 +00:00
e18af48e34
ENH: Database now optional, by setting dbfile to "None"
2013-12-10 21:16:36 +00:00
9d532828fc
BF: multiple _ separated values according to http://wiki.squid-cache.org/SquidFaq/SquidLogs#Squid_result_codes . Thanks Steven
2013-12-11 07:44:41 +11:00
66374913ec
ENH: add squid filter
2013-12-10 21:24:37 +11:00
db4c21acde
BF/DOC: fix filename in documentation for filter.d/proftpd
2013-12-09 14:46:01 +11:00
e8eab11615
DOC: proftp - turn off ReverseDNS
2013-12-09 14:45:09 +11:00
f385439a41
MRG: ChangeLog merge
2013-12-09 09:28:42 +11:00
36917d7517
BF: action.d/complain - match IP at beginning and end of lines
2013-12-09 09:21:55 +11:00
d8c7bca9b0
BF: Fix dbpurgeage default value, and change default dbfile extension
2013-12-08 11:35:12 +00:00
bbadef847b
ENH: Add fail2ban persistent data storage
2013-12-07 23:23:28 +00:00
135c759dbb
Merge pull request #477 from kwirk/blocklist.de
...
ENH: Added blocklist.de reporting API action
2013-12-06 16:16:39 -08:00
630dd91dcd
BF: Add [Init] section to blocklist.de action
2013-12-07 00:09:31 +00:00
b3c173795e
ENH: blocklist.de action error on HTTP response code 4xx
2013-12-06 08:22:21 +00:00
51f2619878
Merge pull request #473 from grooverdan/whois-missing
...
ENH: Whois missing in actions? Include output to say so
2013-12-05 12:44:35 -08:00
e07ba41870
Merge pull request #463 from grooverdan/firewall-cmd-direct-new-length-too-long
...
BF: firewall-cmd-direct-new was too long. Thanks Joel.
2013-12-05 12:42:55 -08:00
a19b33cc72
ENH: blocklist.de action added fail2ban version as user agent
2013-12-05 18:12:15 +00:00
f742ed0e4b
DOC: when to use blocklist.de reporting
...
Taken from commit 1846056606
2013-12-05 18:06:53 +00:00
e810ec009d
ENH: Added blocklist.de reporting API action
2013-12-05 08:22:20 +00:00
4dc51e5def
BF: put notice in email if whois program could not provide more information. Closes gh-471
2013-12-04 22:43:06 +11:00
97d7f46bb7
DOC: correct grammar - s/Here are more information/Here is more information/
2013-12-04 22:40:48 +11:00
8aead9ab79
BF: escape quotes when splitting addresses for xarf
2013-12-04 08:19:05 +11:00
1846056606
DOC: when to use xarf messages to network owner
2013-12-03 20:40:42 +11:00
8c37d2e4de
ENH: remove dependency on querycontacts
2013-12-03 20:34:21 +11:00
bfd435091d
ENH: jail examples for xarf-login-attack
2013-12-01 20:29:43 +11:00
dd356c3cef
BF: fixed for sendmail and tested the MTA aspects of this action
2013-12-01 19:08:28 +11:00
9df5f4eec8
BF: remove debugging tee command on xarf-login-attack
2013-12-01 17:53:34 +11:00
d015f7f4fc
BF/ENH: fixed so xarf-login-attack works
2013-12-01 17:49:35 +11:00
0495aa098e
BF: grep matches on <ip> shouldn't include other IPs
2013-11-30 18:01:45 +11:00
95845b7b65
BF: complain action could match too many IP addresses
2013-11-30 17:47:10 +11:00
5cc7173fd4
ENH: add xarf email sender for login-attack type
2013-11-30 14:16:26 +11:00
3a5983ab0b
Merge branch 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban
...
* 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban :
Changelog entries for the last changes
ENH: added optional [PID] matching in recidive.conf
ENH: reintroducing levelnameinto syslog msgs, time stamp and indentation in non-syslog msgs
BF/ENH: include [PID] into logging msgs, remove indentation from syslog messages
Conflicts:
ChangeLog
2013-11-29 19:58:56 -05:00
f7504d5b64
MRG: conflict in THANKS
2013-11-30 10:39:19 +11:00
56b6bf7d25
ENH: reduce firewalld-cmd-new -> firewallcmd-new
2013-11-30 10:30:29 +11:00
04438cd1a1
BF/ENH: mysql jail - rename to mysql-syslog to be consistent with 0.8.13. Add port to syslog defination. Document mysql configuration required for mysql jails
2013-11-30 10:00:59 +11:00
3f4d179612
BF: smtps not an IANA port - from #447
2013-11-30 09:52:32 +11:00
fe9e077acf
BF: correct spelling of port for solid-pop3 jail in jail.conf
2013-11-30 09:51:30 +11:00
86a0a5962a
BF: revert to fail2ban- prefix as f2b- was intended for 0.9
2013-11-30 08:05:20 +11:00
25e967f23b
Merge branch 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban
...
* 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban :
BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447 )
Conflicts:
ChangeLog
2013-11-29 10:02:31 -05:00
b9b2ddf996
BF: smtps not IANA standard. Closes #447
2013-11-29 21:47:53 +11:00
cade746307
BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan ( #447 )
2013-11-29 21:45:11 +11:00
9e53892708
BF: did remove instead of move
2013-11-29 19:26:24 +11:00
af4feb0c92
Actions to have f2b- as prefix instead of fail2ban- as per #462
2013-11-29 19:08:38 +11:00
fb666b69ff
BF: firewall-cmd-direct-new was too long. Thanks Joel.
2013-11-28 23:35:05 +11:00
227f27ce6b
ENH: added multiline filter for sshd filter
2013-11-25 14:55:41 +11:00
f80fa7d7a0
Merge pull request #456 from grooverdan/apffix
...
BF: add init section with name for action.d/apf. Closes #398
2013-11-24 13:48:46 -08:00
13223c33f5
MRG: recidive-protocol-all
2013-11-25 08:22:09 +11:00
dc154c792e
BF: add init section with name for action.d/apf. Closes #398
2013-11-25 08:08:20 +11:00
a26d4f42b7
ENH: added optional [PID] matching in recidive.conf
2013-11-24 10:21:02 -05:00
9a82bc3c61
BF: kernel messages can have space. Thanks ag4ve(shawn). Closes #448
2013-11-24 18:21:02 +11:00
98eacdf333
MRG/BF: merge from master. Fix bugs in iso8601
2013-11-24 16:36:06 +11:00
629e9ae445
Merge pull request #443 from grooverdan/apache-authfix
...
BF: apache filters using error log weren't matched when referer existed ...
2013-11-18 15:53:39 -08:00
284f811c91
BF: apache filters using error log weren't matched when referer existed in HTTP header
2013-11-19 10:27:55 +11:00
1ea68b2d0c
DOC: filter.d/solid-pop3d - document lack of PAM support. Thanks to Jacques for the log messages
2013-11-18 09:44:26 +11:00
0eea0a35db
ENH: filter.d/solid-pop3d - added log messages and regexes
2013-11-18 08:58:23 +11:00
dab2ddb9da
ENH: recidive jail to block all protocols. Closes #440
2013-11-18 07:57:16 +11:00
b3b9ea4559
ENH: jail for solid-pop3d
2013-11-18 07:42:45 +11:00
88eff70774
ENH: filter.d/solid-pop3d added
2013-11-16 09:43:15 +11:00
1ac7b53cad
MRG: merge from master
2013-11-13 09:16:45 +11:00
286d78e13c
Merge pull request #430 from grooverdan/apache-overflows
...
ENH: Apache overflows - httpd-2.4 message IDs + samples
2013-11-12 12:46:52 -08:00
50ca16e50e
Merge pull request #431 from grooverdan/apache-noscript
...
ENH: apache-2.4 message IDs for filter apache-noscript
2013-11-12 12:46:09 -08:00
947c6ff9cc
Merge pull request #433 from grooverdan/asterisk
...
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from " regex thanks to Jonathan Lanning
2013-11-12 12:45:52 -08:00
38503a5848
Merge pull request #434 from grooverdan/dos-resistant-dropbear
...
ENH: DoS resistant dropbear filter
2013-11-12 12:45:12 -08:00
62b1f98dff
Merge pull request #435 from grooverdan/dos-resistant-exim
...
BF: exim filter to be DoS resistant
2013-11-12 12:44:53 -08:00
be60518218
BF/ENH: DoS resistant roundcube-auth with test cases and more variation in IMAP error given
2013-11-12 18:57:01 +11:00
52972164a2
BF: exim filter to be DoS resistant
2013-11-12 18:13:35 +11:00
c272573fe3
ENH: DoS resistant dropbear filter
2013-11-12 18:06:16 +11:00
eb9663eb4f
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning
2013-11-12 09:22:41 +11:00
648d48c355
ENH: apache-2.4 message IDs for filter apache-noscript
2013-11-11 10:49:11 +11:00
a4718eb644
ENH: apache-overflow filter to have HTTP-2.4 message IDs and test samples
2013-11-11 10:38:02 +11:00
87516eb92b
ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case
2013-11-11 09:46:40 +11:00
c5021b55f6
Merge pull request #427 from yarikoptic/bf/nginx-regex-injection
...
BF: anchor introduced nginx-http-auth at the end
2013-11-08 17:23:03 -08:00
ccd26578ec
Merge pull request #425 from grooverdan/asterisk-simplify
...
ENH: condense asterisk regexs for speed
2013-11-08 14:42:35 -08:00
ac061155f0
BF: anchor introduced nginx-http-auth at the end
...
needed since request probably could be not a correct HTTP statement but continue with
all those to match till the end and then injected ", client: VICTIM, server..." thus allowing
injection. We better anchor at the end then
2013-11-08 14:40:52 -08:00
ea8fce6308
Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection
...
openssh 6.3 regex injection vectors: inject into ruser and/or exploiting pre-specified limits set for user provided data
2013-11-08 14:35:18 -08:00
bf245f9640
DOC: adding DEV Notes for for non-greedy matchin within sshd.conf
2013-11-08 14:34:31 -08:00
d6bbe03861
Merge pull request #424 from grooverdan/nginx-auth
...
ENH: add filter.d/nginx-http-auth. Partially forfils #405
2013-11-08 14:24:02 -08:00
750e0c1e3d
BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input
...
since daemon might eventually change reported length and we would need to adjust anyways. So limiting
in length does not provide additional security but allows for a possible injection vector
2013-11-08 10:10:33 -08:00
abb012ae5c
BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy
2013-11-08 10:00:37 -08:00
a8a1310098
ENH: sendmail-spam - loose regex on email and domain bits so more likely to match. Added dev notes and author attribution/blame
2013-11-08 10:54:10 +11:00
d7560d4041
ENH: condense asterisk regexs for speed
2013-11-08 10:24:50 +11:00
ab9d921162
BF: missed action in nginx-http-auth
2013-11-08 10:09:19 +11:00
a148d35d70
ENH: add filter.d/nginx-http-auth. Partially forfills #405
2013-11-08 10:06:40 +11:00
4522308354
ENH: regenerated config/filter.d/apache-badbots.conf
2013-11-07 14:26:18 -08:00
cb982ef921
ENH: multiline filter for sendmail-spam. Closes gh-418
2013-11-08 08:55:45 +11:00
0730db9b2b
Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam
...
BF: wuftpd pam filter fix (Debian bug 665925)
2013-11-05 18:39:01 -08:00
e55b24c533
BF: fix dovecot filter for newer failure message. Closes Debian bug #709324
2013-11-06 12:51:21 +11:00
8b54523316
BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925
2013-11-06 12:13:37 +11:00
ac1f45d18c
Merge pull request #412 from grooverdan/firewalld
...
ENH: enhance firewall-cmd to use firewall-0.8.3's --remove-rules
2013-11-05 16:46:18 -08:00
87f68d7564
firewalld-0.3.8 release that support --remove-rules out so documenting this.
2013-11-06 11:37:56 +11:00
ee1edfbf0c
BF: remove duplication definition secion in webmin-auth
2013-11-04 17:54:36 +11:00
60006bd70f
BF: remove duplication definition secion in webmin-auth
2013-11-04 17:51:41 +11:00
47d35c9d80
MRG: 0.8.11 to 0.9
...
Epnoc of selinux is now true UTC
Merge multiline support and date detection in filter
2013-11-02 15:59:05 +11:00
b5c10488c1
Merge pull request #409 from grooverdan/filter-doco
...
DOC: in filters, put user relevant doc at top, and developer info at bot...
2013-10-30 15:11:46 -07:00
5eddd5d12d
DOC: document required firewalld version as > 0.3.7.1
2013-10-31 09:10:59 +11:00
27d257d5a6
Merge pull request #408 from grooverdan/dropbear
...
BF: filter.d/dropbear
2013-10-30 14:43:07 -07:00
8ac6081555
ENH: fix to use upstream --remove-rules
...
https://fedorahosted.org/firewalld/ticket/10
2013-10-31 01:23:00 +11:00
93de46ac72
BF: maxretry=5 for ssh as per DEVELOP. align = in jail.conf
2013-10-31 00:52:47 +11:00
c3f9c9aa60
BF: filter.d/dropbear
...
Add PAM failures which is in dropbear-2013.60 in srv-authpam.c
Patch
http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch
obviously has exit with lower case e so adjust regex for both.
svr-authpasswd.c in 2013.60 (at bottom) for second regex ends after the
IP so the regex was altered.
.*\s* can be compressed to .*
2013-10-31 00:21:30 +11:00
89fd792dfb
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page
2013-10-31 00:02:59 +11:00
de9977441a
DOC: move named and mysql instructions into the filters from jail.conf
2013-10-30 21:12:16 +11:00
7ab909d056
DOC: space out jail.conf consistantly
2013-10-30 20:34:06 +11:00
95f3f38682
MRG: merge ChangeLog and jail.conf
2013-10-30 20:19:41 +11:00
e3150044fd
BF: fix selinux
...
TST: ignore *common.conf files in test cases as these are included
BF: Remove USER_LOGIN from selinux-ssh as its a duplicate message
ENH: add sample jail.conf
2013-10-30 20:05:49 +11:00
0f85aef609
Merge pull request #407 from grooverdan/dovecot-jail
...
ENH: Dovecot jail
2013-10-29 15:15:19 -07:00
a991adb83f
ENH: add submission, smtps and sieve to blocked ports since this also typically rely on dovecot auth
2013-10-29 14:33:45 +11:00
8412303131
ENH: dovecot jail examples
2013-10-29 10:17:45 +11:00
cde389cadc
ENH: additional tweek to dovecot regex based on http://chrisgilligan.com/portfolio/fail2ban-regex/
2013-10-29 10:15:54 +11:00
0c14707201
ENH: add dovecot jail
2013-10-26 10:01:04 +11:00
d451c2a231
FIX: vsftp improvements from Rich Mellor on mailing list
2013-10-26 09:51:25 +11:00
b61fe0f12d
Merge pull request #378 from grooverdan/sasl
...
ENH: filter.d/postfix-sasl - anchor regex at start and rename from filter.d/sasl
2013-10-22 04:51:24 -07:00
4ecc063bd0
ENH: rename filter.d/sasl -> filter.d/postfix-sasl
2013-10-22 22:40:29 +11:00
c2b76d1fd0
Merge pull request #397 from yarikoptic/_enh/unify_default_strings
...
DOC: enh/unify "Default:" strings
2013-10-22 04:36:41 -07:00
b4cbf82912
DOC: remove Default: on action firewall-cmd-direct-new
2013-10-15 08:34:42 +11:00
4149c7495d
Options in actions to be specified in jails have no "Default"s besides those specified in the files -- thus removing from comments
2013-10-14 16:29:16 -04:00
d12eb2526a
Fixing up default values in fail2ban.conf + unifying formatting
2013-10-14 16:28:19 -04:00
f1bb08aa6a
ENH: base blocktype off iptables-blocktype.conf for firewall-cmd-direct-new.conf like other iptables based actions
2013-10-14 23:06:38 +11:00
12f7ea7ec4
DOC: remove excessive comments from firewall-cmd-direct-new
2013-10-14 22:39:38 +11:00
0d8d1ae26c
ENH: new action.d/firewall-cmd-direct-new.conf from Redhat Bugzilla #979622
2013-10-14 22:36:01 +11:00
123ad1cc9c
MRG: Merge branch 'asterisk-common-jail'
2013-10-14 22:29:56 +11:00
8421007f32
MRG: merge man/jail.conf.5 entries
2013-10-14 22:28:34 +11:00
ef62d0d4c1
Merge pull request #391 from grooverdan/jail-mysql-doc
...
ENH: mysql syslog jail.conf base
2013-10-14 04:25:49 -07:00
e417a2112c
Merge pull request #386 from grooverdan/qmail
...
ENH: filter.d/qmail - anchor at start. Add another regex
2013-10-14 04:24:32 -07:00
e227568c3b
Merge pull request #384 from grooverdan/dovecot-325
...
ENH: added to dovecot filter. closes gh-325
2013-10-14 04:23:03 -07:00
0022cca786
Merge pull request #385 from grooverdan/ipset
...
ENH/BF: Ipset - add iptables-ipset-proto6-allports / use blocktype on iptables-ipset-proto6*
2013-10-14 04:21:52 -07:00
8fe542ca9f
DOC: reintroduce comment on comments
2013-10-11 06:48:31 +11:00
6b6169178f
ENH: mysql syslog jail.conf base
2013-10-10 10:00:20 +11:00
ee58696531
DOC: try to encourage jail.local jail.d/*.local a lot more
2013-10-10 09:56:52 +11:00
6ef33981e3
ENH: new asterisk jail to replace asterisk-(tcp|udp) (now that gh-37 is fixed)
2013-10-10 09:41:05 +11:00
6b519d54db
ENH: filter.d/recidive - replace ignore regex with a negative lookahead assertion
2013-10-10 07:13:37 +11:00
351eb5ec8f
ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd
2013-10-09 16:44:48 +11:00
eb59a57b7f
ENH: tighten pam_unix expression for dovecot
2013-10-09 14:54:36 +11:00
864d2f41b9
ENH: auth-worker as per of _daemon definition for dovecot
2013-10-09 14:52:17 +11:00
2d1bd54439
Merge pull request #379 from grooverdan/webmin
...
ENH: filter.d/webmin anchor at start and use syslog
2013-10-08 20:13:14 -07:00
500968874e
Merge pull request #381 from grooverdan/suhosin
...
ENH: filter.d/suhosin - anchor regex at start
2013-10-08 19:49:51 -07:00
a7b1b802e0
Merge pull request #382 from grooverdan/vsftpd
...
Vsftpd
2013-10-08 19:47:38 -07:00
f0b91fcede
Merge pull request #380 from grooverdan/sogo
...
ENH: filter.d/sogo-auth - anchor regex at start
2013-10-08 19:41:55 -07:00
df313649a4
ENH: escape . in recidive filter
2013-10-09 12:32:06 +11:00
1a5e17f2a3
BF: use blocktype for iptables-ipset-proto6*
2013-10-09 11:59:16 +11:00
dcb845f17c
ENH: add iptables-ipset-proto6-allports for blocking all ports
2013-10-09 11:57:35 +11:00
2a1d629d88
BF: webmin -> webmin-auth
2013-10-09 11:08:44 +11:00
ab457acc4d
BF: fix name in action for uwimap-auth
2013-10-09 11:06:38 +11:00
0beea03914
ENH: jail.conf example for webmin
2013-10-09 11:05:50 +11:00
d60f470096
ENH: added to dovecot filter. closes gh-325
2013-10-09 10:09:06 +11:00
5a2623f0df
ENH: reorder osx-ipfw jail defination to near the other ssh examples
2013-10-09 09:26:36 +11:00
359210f224
ENH: filter.d/squirrelmail added
2013-10-08 20:37:33 +11:00
46386412a4
ENH: filter.d/vsftpd - pam regex as syslog and anchored at start
2013-10-05 20:02:40 +10:00
1519712972
ENH: filter.d/vsftpd anchor internal regex at start
2013-10-05 20:02:21 +10:00
9637c27873
ENH: filter.d/suhosin - anchor regex at start
2013-10-05 19:39:39 +10:00
13bcc9aa84
ENH: filter.d/sogo-auth - anchor regex at start
2013-10-05 19:27:07 +10:00
b64bf3fa7b
ENH: filter.d/webmin anchor at start and use syslog
2013-10-05 19:18:44 +10:00
f4c7c8f4b3
ENH: sasl - anchor regex at start
2013-10-05 18:59:41 +10:00
23dd734aa9
Merge pull request #366 from grooverdan/dovecot
...
ENH: dovecot regex to match failure reported by Bob Cohen on mailing lis...
2013-10-01 15:50:39 -07:00
f998e01590
Merge pull request #359 from grooverdan/pureftpd
...
ENH: Pureftpd syslog prefixing and filter achoring
2013-10-01 15:14:33 -07:00
ba8183b116
Merge pull request #372 from grooverdan/uw-imap
...
ENH: filter.d/uwimap-auth added. Closes #18
2013-10-01 15:13:11 -07:00
262616f7a7
ENH: filter.d/uwimap-auth - failure of an admin override to regex
2013-10-01 22:32:57 +10:00
9211179d30
ENH: filter.d/uwimap-auth - add "disabled" to regex
2013-10-01 22:10:33 +10:00
4649cf9608
ENH: separate selinux and selinux-ssh
2013-10-01 20:21:45 +10:00
791183b639
ENH: filter.d/uwimap-auth - add SYSTEM BREAK-IN ATTEMPT
2013-10-01 10:10:53 +10:00
a1eaa5f755
ENH: filter.d/selinxu added. Closes #296
2013-10-01 09:59:15 +10:00
778f09debe
DOC/ENH: __md5hex regex defination to common.conf. Document debian bug #
2013-10-01 09:03:33 +10:00
b3b62d65bf
ENH: filter.d/uwimap-auth added. Closes #18
2013-09-29 18:06:27 +10:00
f2ae20a3b8
BF: filter.d/sshd group on md5hex and () for serial needed to be escaped
2013-09-29 17:44:45 +10:00
1eeb6e94bd
BF: fix regex for openssh-6.3
2013-09-29 17:28:33 +10:00
e12d389c65
MRG/DOC: jail.conf resolution, ChangeLog fixes
2013-09-29 08:21:13 +10:00
74434694dc
BF: more duplicate jail.conf entries - 3proxy exim{,-spam}, perdition
2013-09-28 21:38:15 +10:00
5cf25a63df
BF: remove duplicate ssh-pf in jail.conf
2013-09-28 21:31:45 +10:00
b6bf26c9f2
dont' need to set a default name
2013-09-25 18:37:22 -04:00
4187e87b69
don't enabel ssh-apf jail by default
2013-09-25 18:35:09 -04:00
f9f4d2728f
add an example jail for apf action and ssh filter
2013-09-25 17:59:37 -04:00
2668adc896
Merge branch 'master' of github.com:fail2ban/fail2ban
2013-09-25 17:54:38 -04:00
1af4543aca
ability to name the jail that banned the IP with apf
2013-09-25 17:52:34 -04:00
dd9ee4c39a
quotes around the comment put in apf's deny_hosts.rules file
2013-09-25 17:51:25 -04:00
e64493c328
use human readable/longer options when banning and un-banning IPs with apf
2013-09-25 16:44:10 -04:00
c692912a82
don't hardcode absolute path for apf firewall
2013-09-25 16:38:45 -04:00
66aff43d68
remove un-needed '$' line
2013-09-25 16:37:58 -04:00
9805d39b60
MRG: merge date changes to support timezones
2013-09-20 18:22:32 +10:00
8c2a5612ed
DOC: resolve ChangeLog conflicts
2013-09-19 19:38:28 +10:00
2a805452c6
DOC: resolve ChangeLog conflicts
2013-09-19 19:28:39 +10:00
8e9fab9b3c
Merge branch 'master' of https://github.com/fail2ban/fail2ban
2013-09-19 19:25:47 +10:00
3be7dcd701
DOC: resolve ChangeLog conflicts
2013-09-19 19:23:02 +10:00
89e0520675
ENH: dovecot regex to match failure reported by Bob Cohen on mailing list
2013-09-19 08:25:50 +10:00
c3ee03b9ba
BF: fix daemon name typo for filter proftpd
2013-09-18 07:32:26 +10:00
39ca8837eb
TST: pureftpd - syslog therefore use syslog prefixes in filter
2013-09-17 22:24:56 +10:00
30bb1a77a3
ENH: added syslog prefix to pam-generic filter. Disable regex match for pre 2006 (< 0.99.2.0) versions on linux-pam
2013-09-17 10:50:46 +10:00
ee497ff1cb
ENH: filter mysqld-auth can be a is a syslog based service so anchor it using syslog prefix
2013-09-17 07:57:19 +10:00
13ec9d58c0
ENH: filter gssftpd is a syslog based service so anchor it using syslog prefix
2013-09-17 07:25:23 +10:00
673cc4d77f
ENH: anchor at end of recidive filter
2013-09-16 18:43:56 +10:00
504111b0b1
ENH: filter.d/recidive - anchor regex at start and support f2b SYSLOG target
2013-09-16 01:22:42 +10:00
060bd45295
ENH - Added server name to subject line in email notifications
...
This is useful when fail2ban is running on multiple servers and
keeping the notifictions separate and knowing which machine is "under
attack".
2013-09-08 15:21:58 -07:00
8c1b828423
BF: capture of microseconds no longer needed. Closes gh-341
2013-09-09 03:41:12 +10:00
d0098b0213
ENH: add timezone offest and subsecond support to Datedetector
2013-09-09 03:37:59 +10:00
1f1a56174f
MRG: merge from master
2013-09-08 21:02:35 +10:00
ad291d7e38
Merge pull request #346 from grooverdan/bsd-ipfw-default-unreach-port
...
BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp ...
2013-09-04 16:18:19 -07:00
e5f1a7f050
Merge pull request #344 from grooverdan/osx
...
ENH: OSX ipfw based on Andy Fragen's work
2013-09-04 16:16:16 -07:00
4face1f3e7
MRG: resolve conficts in action.d/osx-ipfw design
2013-09-05 09:07:10 +10:00
d258a51a23
after some research it looks like setting to unreachable better than deny
2013-09-04 11:28:03 -07:00
fe557e5900
more specific actionunban
2013-09-01 13:09:51 -07:00
a4884f82cd
add mods from grooverdan and fix actionunban
...
actionunban still not working in grooverdan's mod. I made this one grep both <ip> and <port>. It should be more specific if the same <ip> is banned on multiple ports.
2013-08-31 08:39:19 -07:00
6b0e2289d4
Merge pull request #335 from grooverdan/gh-333-bind
...
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
2013-08-30 21:34:22 -07:00
f2bcf84893
BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp rejecting blocked packets
2013-08-31 11:40:04 +10:00
749f215089
ENH: port optional
2013-08-31 11:07:15 +10:00
8b22fa15b5
BF: reverted to simplier random rulenum. If your machine is handling 1000s of block the addition complexity isnt what you want
2013-08-31 11:03:01 +10:00
b31799a322
ENH: add action.d/osx-afctl anonymously contributed on f2b wiki
2013-08-31 10:51:04 +10:00
808aa1a792
ENH: added jail.conf example. closes gh-340
2013-08-31 09:39:21 +10:00
5741348f45
ENH: more options and ruggedness to prevent unintensional consequences
2013-08-31 09:38:18 +10:00
52bd0f86a8
Merge branch 'osx-ipfw' of https://github.com/afragen/fail2ban into osx
2013-08-31 09:09:04 +10:00
7cc3e8a8c0
BF: Invert expression on actionstop in bsd-ipfw.conf to ensure exit status 0 on success. Closes gh-343
2013-08-31 08:59:02 +10:00
15f2f38972
ENH: anchor regex at start
2013-08-28 12:32:40 +10:00
d5684a0834
BF: filter.d/routecube-auth - time offset can be positive or negative
2013-08-28 11:57:38 +10:00
a401d11644
ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied
2013-08-28 00:53:08 +10:00
ef504c869f
added osx specific ipfw action with random rulenum
2013-08-26 16:06:23 -07:00
265a85ec1f
RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis
2013-08-26 09:48:56 -04:00
b8e7d0b867
ENH: further tighten lighttpd basic auth regex
2013-08-26 08:51:40 +10:00
a7ebb84a7d
ENH: tighted up lighttpd regex
2013-08-26 08:42:45 +10:00
e133b9f1d1
MAINT: add support for lightty1.4.31
2013-08-25 21:29:43 +02:00
ca4729e943
ENH: filter.d/exim.conf - add authentication failures for "plain" authentication
2013-08-25 23:02:10 +10:00
ef903db3c9
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
2013-08-25 22:44:30 +10:00
cfb7dba268
DOC: merge ChangeLog
2013-08-25 21:26:13 +10:00
b589533d69
Merge branch 'master' into kwirk-merge
...
Conflicts:
ChangeLog
testcases/files/logs/dropbear
2013-08-25 21:21:14 +10:00
fd7cc5bda7
BF: duplicate regex match fixed
2013-08-25 21:13:11 +10:00
6a56727669
BF: apache-common regex - datetime could be entirely consumed
2013-08-25 18:30:30 +10:00
a9eb8a76c6
merge of change log and apache-auth differences
2013-08-25 16:51:35 +10:00
4e5feed7fc
Merge pull request #8 from grooverdan/gh-303-merge-2
...
training space on wuftp
2013-08-21 12:21:09 -07:00
aad7d08451
BF: disable filter expressions without tests
2013-08-20 07:33:35 +10:00
42f3aa9f62
Merge pull request #329 from grooverdan/bind-unauth-zonetransfer
...
Bind unauth zonetransfer. Closes #323
2013-08-19 06:48:13 -07:00
6a36ff1a4a
BF: order mailx arguments with dest email address last - redhat bugzilla 998020. Closes gh-328
2013-08-19 22:36:58 +10:00
c44328b1a3
ENH: new "realm mismatch" message from https://issues.apache.org/bugzilla/show_bug.cgi?id=55284#c8
2013-08-19 22:04:55 +10:00
ea7cba4205
ENH: trailing space as per discussion on gh-303
2013-08-19 21:42:43 +10:00
61d43608ae
ENH: filter.d/postfix - add filter for VRFY. Closes gh-322
2013-08-19 18:42:39 +10:00
5d451bc4d6
ENH: add refused zone tranfer to named-refused filter. closes #323
2013-08-18 22:19:31 +10:00
53e16e07ad
ENH: Minor tweak on previous commit proftpd regex changes
2013-08-09 19:04:26 +01:00
9002de069e
ENH: Improve proftpd regex.
...
Taken from @yarikoptic comment:
https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500
2013-08-09 18:54:08 +01:00
31a78b2711
Use /var/run/fail2ban in config/action.d/dummy.conf
2013-08-08 20:41:44 -06:00
e7d5e466b9
Merge branch 'enh/asterisk_and_dropbear_filters'
...
* enh/asterisk_and_dropbear_filters:
ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
minor: consistent indentation in dropbear.conf
https://github.com/fail2ban/fail2ban/issues/306
fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
2013-08-08 09:59:24 -04:00
4e0ddc5f67
ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
2013-08-08 09:58:36 -04:00
9487ee5562
minor: consistent indentation in dropbear.conf
2013-08-08 09:54:15 -04:00
d8883f4346
DOC: Notes about 401 responses and how apache logs this
2013-07-29 08:59:25 +10:00
7b2773889d
TST: apache-auth filter - nonce timetravel tests + other expression fixes
2013-07-29 02:29:04 +10:00
0fb04cb2f0
ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4)
2013-07-28 22:00:55 +10:00
d5291517a7
MISC: merge from master
2013-07-28 19:43:54 +10:00
56faf7f5ad
DOC: fix ChangeLog merge
2013-07-28 18:02:38 +10:00
a355fab91b
https://github.com/fail2ban/fail2ban/issues/306
...
Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles.
Signed-off-by: Jamyn Shanley <jshanley@gmail.com>
2013-07-27 03:43:32 +00:00
8936f2cd02
fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
2013-07-27 00:06:06 +00:00
2f4aaa9fb9
ENH: Simplify sieve filter failregex
2013-07-26 12:01:09 +01:00
b5639a8672
ENH: Simplify cyrus-imap filter fail regex
2013-07-26 11:55:09 +01:00
27feb57e80
Merge pull request #299 from kwirk/datepatterns-dateregex
...
Custom date templates and date detector changes
2013-07-26 03:53:40 -07:00
8f532f9148
NIT: space remove
2013-07-24 11:29:58 +10:00
7d7ef08145
ENH: authentication_id can be an imap4 quoted string, whatever that is, so using .+ as its id
2013-07-24 10:44:52 +10:00
abc4146079
ENH: perdition proxies other types hence daemon can include (perdidtion.(imap|pop)s?|managesieve). Also support local authentication resulting in the log message: local authentication failure
2013-07-24 10:27:12 +10:00
cf1e5bdbc2
ENH: Tweak proftpd regex and add sample logs
...
Needed to add optional ":" post __pid_re, and for consistency, decided
to make use of __prefix_line instead which includes this.
2013-07-21 22:03:49 +01:00
8b9bafda79
ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples
...
suhosin is hardened php implmentation, which will log the alerts (as
seen in samples) to stderr, which is picked up by fastcgi webserver
(e.g. lighttpd, apache, nginx)
2013-07-21 16:35:37 +01:00
4033857f63
ENH: Improve xinetd-fail regex and add sample logs
2013-07-21 15:44:09 +01:00
a11f91b835
ENH: Improve cyrus-imap regex and add extra sample line
2013-07-20 17:28:28 +01:00
534be189dc
ENH: Improve sieve regex and add sample line
2013-07-20 17:26:09 +01:00
ab671b0b1a
ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample
...
For wu-ftpd configured to use pam, the pam filter used be used, as regex
is more robust.
2013-07-20 16:34:24 +01:00
57a6c11260
ENH: Improve courierlogin regex and add sample logs
2013-07-20 15:53:18 +01:00
bd175f0267
ENH: Improve cyrus-imap regex and add sample log file
2013-07-20 15:38:29 +01:00
83a80a29ea
ENH: Improve couriersmtp and add sample logs
2013-07-20 15:34:00 +01:00
eb2f0c9272
ENH: Improve postfix regex and add more samples
2013-07-20 15:31:21 +01:00
5cfe108186
ENH: filter enhancements (with test cases) for apache-auth (httpd-2.4.4)
2013-07-20 22:21:08 +10:00
6fdfd8d356
BF: fix port
2013-07-20 15:09:25 +10:00
eea5b071e6
ENH: jail for perdition
2013-07-19 20:27:15 +10:00
fcf79b475f
ENH: new filter perdition.conf
2013-07-19 20:14:53 +10:00
26b472f70f
ENH: Add ejabberd-auth filter and sample log lines
2013-07-18 21:31:51 +01:00
d661b8c046
BF: Apache regex and sample fail data update due to date pattern changes
2013-07-17 21:09:30 +01:00
03ec7c211b
ENH: could not find a way to trigger filter ^%(_apache_error_client)s authorization failure \(no authenticated user\): \S*\s*$
2013-07-18 00:37:33 +10:00
8ce9c78474
TST: apache-auth digest logs
2013-07-18 00:36:17 +10:00
f8b5b3a1ef
ENH: apache-auth - quite a lot of authorization failure messages depending on module. Make a wildcard
2013-07-17 23:31:44 +10:00
4eca2c0bd5
TST: apache-auth client denied by server configuration
2013-07-17 23:24:19 +10:00
e0292913eb
ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner
2013-07-17 23:05:04 +10:00
1eea0dcec8
Merge branch 'master' into 0.9
...
Conflicts:
ChangeLog
bin/fail2ban-regex
bin/fail2ban-testcases
config/jail.conf
fail2ban/server/failregex.py
fail2ban/server/filter.py
fail2ban/tests/files/logs/lighttpd
fail2ban/tests/files/logs/mysqld.log
fail2ban/tests/files/logs/wu-ftpd
fail2ban/tests/filtertestcase.py
fail2ban/tests/utils.py
testcases/files/logs/lighttpd
testcases/files/logs/lighttpd-auth
testcases/files/logs/mysqld-auth
testcases/files/logs/mysqld.log
testcases/files/logs/wu-ftpd
testcases/files/logs/wuftpd
2013-07-16 23:16:22 +01:00
f6a8a04cf3
ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback
...
I also used non-greedy .*? for the login portion since not sure if space could
be there and trying to minimize possibility of reacting on injected "from
<HOST>" somewhere within the trailing .*
2013-07-16 15:07:32 -04:00
8add63c733
ENH: anchor roundcube-auth at the beginning as well
2013-07-16 14:16:23 -04:00
728399c39e
Merge pull request #281 from kwirk/dovecot-filter
...
ENH: dovecot filter additions for session, time value and blank user
2013-07-14 05:18:04 -07:00
ab10664b57
ENH: action.d/hostsdeny to take daemon_list arguement as suggested in README.Solaris
2013-07-14 16:20:21 +10:00
606e97683b
BF: jail.conf multiport actions previously using single port iptables
2013-07-12 23:34:04 +01:00
975999591f
ENH/DOC: more realm mismatch errors. Documented filter design criteria
2013-07-12 07:39:18 +10:00
10e3be857a
ENH: apache-auth filter added mod_auth_digest message
2013-07-11 23:08:46 +10:00
384b72a535
ENH: apache-auth filter - client wrong auth
2013-07-11 22:58:36 +10:00
fce431add8
ENH: add mod_authz_core failures to apache-auth
2013-07-11 22:28:27 +10:00
6ce41a611d
BF: fix filter on apache-auth. Closes #286
2013-07-11 22:13:51 +10:00
1d6d5a7aae
DOC: ChangeLog merge confict
2013-07-09 08:41:28 +10:00
5412d7336f
DOC: ChangeLog confict
2013-07-09 08:23:44 +10:00
619603fe05
BF: match asterisk InvalidPassword correctly
2013-07-07 17:48:20 +10:00
bfa2b9dec3
ENH: dovecot filter additions for session, time value and blank user
2013-07-05 18:36:02 +01:00
04b8069cee
ENH: adjust sendmail-whois 'active' example to have also sendername in it
2013-07-05 10:12:29 -04:00
2155f6bfa5
Update ChangeLog and jail.conf example
2013-07-04 08:57:52 +02:00
d6dece4900
ENH: Split log and provide jail examples
2013-07-03 07:42:47 +10:00
da594075f3
Move sendmail settings to common file, make sender name configurable
2013-07-02 20:30:41 +02:00
e6ebcf6687
Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
...
* 'dovecot' of https://github.com/grooverdan/fail2ban :
ENH: remove non-capturing groups for readibility
BF: fix dovecot filter for when no TLS is enabled on pop/imap
Conflicts:
ChangeLog -- changelog entries. Also untabified few other spots
2013-07-02 10:12:51 -04:00
f0f237fa05
Merge pull request #269 from grooverdan/asterisk
...
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
2013-07-02 07:04:10 -07:00
e6823149a1
ENH: remove non-capturing groups for readibility
2013-07-02 20:16:43 +10:00
aebd24ec54
BF: replace with ed so its cross platform, fixes permission problem gh-266, and Yaroslav doesn't revert to perl
2013-07-02 20:09:27 +10:00
4777cfd4e7
ENH: split out exim-spam into speparate filter
2013-07-02 20:03:16 +10:00
70ae1ed68b
ENH: ban also submission port (587) for all smtp-related jails
...
see http://www.rfc-editor.org/rfc/rfc4409.txt
and http://en.wikipedia.org/wiki/Mail_submission_agent
Users of advanced setups might like to split those into multiple jails anyways
to have separate control over submission agents and incoming mail servers.
2013-07-01 14:50:02 -04:00
ca996ace5e
ENH: remove temporary failures from local_scan in line with comments in gh-258
2013-07-01 21:56:02 +10:00
9757e1df2b
ENH: make groupings non-capturing
2013-07-01 21:53:05 +10:00
72f9e6a51e
ENH/TST: more samples and rejection types for sender verify fail and rejected RCPT
2013-07-01 21:50:35 +10:00
3b76fc79f9
BF: fix dovecot filter for when no TLS is enabled on pop/imap
2013-07-01 21:12:51 +10:00
1dbba35cd9
Merge branch 'master' into 0.9
...
Conflicts:
fail2ban/client/jailreader.py
fail2ban/tests/clientreadertestcase.py
fail2ban/tests/files/logs/sshd
2013-06-29 20:31:26 +01:00
5ca6a9aeb6
Merge branch 'systemd-journal' into 0.9
...
Conflicts:
bin/fail2ban-regex
config/filter.d/sshd.conf
Closes github #224
2013-06-29 13:00:40 +01:00
0086a7edab
ENH: missed a $
2013-06-29 11:30:37 +10:00
1b170b2aef
BF: support apache 2.4 more detailed error log format. Close #268
2013-06-28 09:49:36 -04:00
6d331bcbea
BF: make colon after [daemon] optional. Close #267
2013-06-27 11:44:47 -04:00
fa7a105483
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
2013-06-27 09:16:14 +10:00
8487cb2e90
Merge commit '0.8.10-31-g1ab0f0f' into 0.9
...
* commit '0.8.10-31-g1ab0f0f': (24 commits)
BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
ENH: readibility thanks to Yaroslav
DOC: Changelog for fail2ban-regex RF
DOC: Changelog for asterisk hardening
ENH: fail2ban-regex -- add specification of loglevels to enable
RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs
ENH: 'heavydebug' level == 5 for even more debugging in tricky cases
ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
BF: missed a space
BF: [SSL-out] is optional in assp
ENH: regex hardening on assp
ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
ENH: proftpd chan accept usernames with spaces
ENH: injection of fail data into USER field
ENH: dovecot regexs rewritten and extra failures
ENH: proftp regex hardening and log messages
ENH/BF: exim improvements with sample
BF: fix to proxy port in 3proxy example
ENH: sample log + more specific regex
...
Conflicts: -- it was a messy merge/resolution.
ChangeLog
bin/fail2ban-regex
fail2ban-testcases
fail2ban/server/filter.py
2013-06-18 20:21:23 -04:00
25c3bbfc2f
DOC: credits/blame to me for changes to exim
2013-06-16 00:25:24 +10:00
b8cfda68b8
ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries
2013-06-16 00:19:37 +10:00
d441d61a1e
TST/ENH: Improve regex around exim
...
rejected by local_scan now has test cases.
Unrouteable address error messages now normalised after looking into
exim code.
2013-06-15 12:34:16 +10:00
9d4b613ee4
Merge branch '3proxy' of https://github.com/grooverdan/fail2ban
...
* '3proxy' of https://github.com/grooverdan/fail2ban :
BF: fix to proxy port in 3proxy example
ENH: sample log + more specific regex
BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
BF: need to anchor the start to avoid another repeat of DoS injection like Apache
ENH: stricter regex thanks to Steven Hiscocks (kwirk)
DOC: credits
Conflicts:
ChangeLog
2013-06-14 12:32:51 -04:00
173fe48e77
Merge branch 'exim' of https://github.com/grooverdan/fail2ban
...
* 'exim' of https://github.com/grooverdan/fail2ban :
BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
ENH: readibility thanks to Yaroslav
ENH/BF: exim improvements with sample
Conflicts:
ChangeLog
2013-06-14 12:28:07 -04:00
ec629ab4e8
Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban
...
* 'proftpd' of https://github.com/grooverdan/fail2ban :
ENH: proftpd chan accept usernames with spaces
ENH: injection of fail data into USER field
ENH: proftp regex hardening and log messages
Conflicts:
ChangeLog
2013-06-14 12:16:59 -04:00
ab2c738b43
Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
...
* 'dovecot' of https://github.com/grooverdan/fail2ban :
TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
ENH: dovecot regexs rewritten and extra failures
Conflicts:
ChangeLog -- merged entries
2013-06-14 12:14:40 -04:00
8cc13b5b40
BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
2013-06-14 18:12:53 +10:00
a433a8ea5f
ENH: readibility thanks to Yaroslav
2013-06-14 15:21:50 +10:00
948be73115
Merge branch 'assp' of https://github.com/grooverdan/fail2ban
...
* 'assp' of https://github.com/grooverdan/fail2ban :
BF: missed a space
BF: [SSL-out] is optional in assp
ENH: regex hardening on assp
Conflicts:
ChangeLog -- merged the two entries into 1
2013-06-13 23:32:45 -04:00
09302c5c25
ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
...
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
2013-06-13 23:15:48 -04:00
7018d81244
BF: missed a space
2013-06-14 12:35:44 +10:00
a447aa615d
BF: [SSL-out] is optional in assp
2013-06-14 12:27:35 +10:00
d4940563d3
ENH: regex hardening on assp
2013-06-14 08:55:25 +10:00
6a09ecff5c
ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
2013-06-14 08:41:50 +10:00
9940cd1b6b
ENH: proftpd chan accept usernames with spaces
2013-06-14 00:29:43 +10:00
dbe7ffe050
ENH: dovecot regexs rewritten and extra failures
2013-06-13 23:52:15 +10:00
4c67a269bf
ENH: proftp regex hardening and log messages
2013-06-13 22:11:05 +10:00
3e3802512a
ENH/BF: exim improvements with sample
2013-06-13 17:44:18 +10:00
88b4598ed8
BF: fix to proxy port in 3proxy example
2013-06-13 14:43:15 +10:00
f6cb981fc0
Merge commit '0.8.10-1-g460e09a' into 0.9
...
* commit '0.8.10-1-g460e09a':
it was not the end of the world and we should continue
DOC: add information on where to report vulnerabilities + pointer to HOWTO_Seek_Help
Changes for 0.8.10 release (changelog, version, etc)
BF: anchor apache- filters. Close #248
DOC: credits for gh-244
Filter Asterisk: Add sample log entry to testcase.
Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
ENH: purge a few more .*
DOC: credits
DOC: how to do filter enhancements
TST: normalize logs to use example.com and 1.2.3.4 as IP
ENH/BF: constrain regex. Fix ACL error regex
ENH: port optional
Update asterisk
Update asterisk.conf
Conflicts:
ChangeLog
DEVELOP
README.md
fail2ban/version.py
2013-06-12 21:30:47 -04:00
9dbaec0894
ENH: sample log + more specific regex
2013-06-13 10:23:14 +10:00
8faf84b7f7
BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
2013-06-13 08:34:10 +10:00
6ccd57813c
BF: anchor apache- filters. Close #248
...
See https://vndh.net/note:fail2ban-089-denial-service for more information
2013-06-11 19:19:25 -04:00
fd9f9f16e0
BF: need to anchor the start to avoid another repeat of DoS injection like Apache
2013-06-12 08:48:30 +10:00
f2fa4d53a8
ENH: stricter regex thanks to Steven Hiscocks (kwirk)
2013-06-12 08:30:59 +10:00
16d63434ef
DOC: credits
2013-06-11 23:56:09 +10:00
47b063b022
Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
...
* I have been seeing bruteforcing attempts where asterisk fails with
AUTH_UNKNOWN_DOMAIN (Not a local domain)
2013-06-10 19:50:35 +02:00
05c88bd85d
ENH: purge a few more .*
2013-05-30 11:34:04 +10:00
4cf402d60e
ENH/BF: constrain regex. Fix ACL error regex
2013-05-30 10:15:58 +10:00
0f7b609336
ENH: port optional
2013-05-30 09:43:39 +10:00
278fd43429
Merge branch 'patch-1' of https://github.com/silviogarbes/fail2ban into asterisk-227
2013-05-30 09:39:12 +10:00
a3161f59fa
Merge commit '0.8.9-13-g39d32e0' into 0.9
...
* commit '0.8.9-13-g39d32e0':
Changelog for previous PR
DOC: Changelog entry fro preceeding merge from Terence
TST: Fix fail2ban.conf reader test for unreliable dictionary order
failregex when roundcube log driver is set to 'syslog'
fixed failregex line for roundcube 0.9+
TST: test all stock jails to have actions and correctly specifying blocktype
CFG: assure actions for all the jails
BF: blocktype must be defined within [Init] -- adding [Init] section. Close #232
ENH: since it seems the default is to use file based logging, $syslog is in Should-{Start|Stop} like Debian https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.init
ENH: opensuse script from opensuse: https://build.opensuse.org/package/view_file?expand=1&file=fail2ban.init&package=fail2ban&project=openSUSE%3AFactory
Conflicts:
ChangeLog
config/jail.conf
testcases/clientreadertestcase.py -- had to "git show XXX | patch -p2" under tests/ 2 commits: 8a57ffd7a4db4b
2013-05-29 11:32:35 -04:00
49261925d7
ENH: Add new regex for locked accounts for sshd
2013-05-27 22:06:49 +01:00
244a96f9b3
fixed failregex line for roundcube 0.9+
...
# Only works only if log driver: is set to 'syslog'. this is becoz fail2ban fails to 'read' the line due to the
brackets around the date timestamp on logline when log driver is set to file
2013-05-25 19:26:13 +02:00
d2b1c73b92
CFG: assure actions for all the jails
2013-05-24 14:33:08 -04:00
89e06bba15
BF: blocktype must be defined within [Init] -- adding [Init] section. Close #232
2013-05-24 11:15:46 -04:00
5c8fb68a2c
Update asterisk.conf
...
Para ficar compatível com asterisk 11
2013-05-14 08:04:11 -03:00
f5a8a8ac7c
Release 0.8.9
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlGRBZ8ACgkQjRFFY3XAJMhqzwCgvUsrv6cSjo1d8YCQUA8Na0Kk
44QAoKk7X2sqFM+wvj2vK3stsHa/80qm
=iBfR
-----END PGP SIGNATURE-----
Merge tag '0.8.9' into 0.9 (quite a bit of conflicts "resolved")
Release 0.8.9
* tag '0.8.9':
BF: add missing files to MANIFEST (I think we shoult not rely on sdist anyways -- 'git tag' tarballs are more thorough ;) )
All the (version) updates for the release of 0.8.9
BF: (travis) relax the test for needed to be presented installed directories -- allow new
BF: (travis) if tests ran under coverage -- there is a traceback parts to report (thus > would be present)
ENH: also print the failing traceback line in case of failure
ENH: include explicit list of new files which should not be there upon "install --root"
ENH: now we know that logging handlers closing was still buggy in 2.6.2
ENH: issue a warning if jail name is longer than 19 symbols (Close #222 )
DOC: inline commends with ';' are in effect only if ';' follows as space
BF: Fix for filterpoll incorrectly checking for jailless state
ENH: strengthen detection of working pyinotify
ENH: use the same python executable for setup.py test
ENH: actually tune up TraceBack to determine "unittest" portions of the stack across all python releases
TST: Some primarily smoke tests for tests utils
TST: cover few more lines in fail2banreader.py
ENH: basic test for setup.py itself (when applicable, should greatly improve coverage ;) )
ENH: consistent operation of formatExceptionInfo + unittest for it
ENH: point to the status of master branch on travis
Conflicts:
ChangeLog
MANIFEST
README.md
fail2ban/version.py -- all of the above obvious version changes
below files primarily needed just a bit of help in resolution
config/jail.conf
fail2ban/server/filterpoll.py
fail2ban/server/server.py
fail2ban/tests/servertestcase.py
and following were more difficult -- git wasn't able to track renames/moves of the code
fail2ban-testcases -- needed to introduce those changes to tests/utils.py
testcases/clientreadertestcase.py -- manually applied patch from master
testcases/utils.py -- manually applied patch from master
2013-05-13 12:29:41 -04:00
90b8433ac5
DOC: inline commends with ';' are in effect only if ';' follows as space
2013-05-12 21:42:59 -04:00
f7d328195f
NF: Add systemd journal backend
2013-05-10 00:15:07 +01:00
f1b6806eb4
Merge branch 'master' into 0.9
...
* master: (51 commits)
ENH: Use real (resolving) example.com instead of test.example.com
DOC: Slight tune ups to ChangeLog -- we must release!
Changelog entries for the latest merges
BF: add bash-completion to MANIFEST
DOC: ChangeLog for default action type change
ENH: consolidate where blocktype is defined for iptables rules
BF: default type to unreachable
ENH: separate out regex and escape a .
ENH: logs/sshd -- have ":" after [daemon] (other uses are uncommon)
ENH: logs/sshd -- use example.com as the resolved hostname in sample log lines
ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
DOC: Drop sudo from bash-completion
DOC: Added bash-completion script
ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
ENH: Removed unused log line
ENH: logrotate file
BF: missed MANIFEST include
BF: missed MANIFEST include
BF: missed MANIFEST include
ENH: some form of logrotate based on what distros are doing
...
Conflicts:
ChangeLog
MANIFEST
client/actionreader.py
config/jail.conf
fail2ban/server/datedetector.py
fail2ban/tests/datedetectortestcase.py
2013-05-08 13:53:38 -04:00
2b1e19933f
Merge branch 'master' of git://github.com/fail2ban/fail2ban
...
* 'master' of git://github.com/fail2ban/fail2ban:
BF: missed MANIFEST include
DOC: credits for bsd-ipfw
ENH: add ipfw rule for bsd using the tables.
2013-05-08 10:32:18 -04:00
976a65bb89
Merge branch 'bsd_logs' of https://github.com/grooverdan/fail2ban
...
* 'bsd_logs' of https://github.com/grooverdan/fail2ban :
ENH: separate out regex and escape a .
BF: missed MANIFEST include
DOC: credits for bsd log
DOC: bsd syslog files thanks to Nick Hilliard
BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD
Conflicts:
config/filter.d/common.conf
2013-05-08 10:30:04 -04:00
5accc10a47
Merge pull request #206 from grooverdan/bsd_ipfw
...
NF: BSD ipfw
2013-05-08 07:24:56 -07:00
0ae49ab11e
Merge branch 'bsd_pf' of https://github.com/grooverdan/fail2ban
...
* 'bsd_pf' of https://github.com/grooverdan/fail2ban :
BF: missed MANIFEST include
DOC: add jail.conf entry for pf
DOC: credit for pf action. Origin: http://svnweb.freebsd.org/ports/head/security/py-fail2ban/files/patch-pf.conf?view=log
ENH: pf action thanks to Nick Hilliard <nick@foobar.org>.
Conflicts:
ChangeLog
2013-05-08 10:24:01 -04:00
e85914cef8
Merge pull request #215 from grooverdan/reject_no_drop_by_default
...
ENH: add blocktype to all relevant actions and change default action to reject
2013-05-08 07:20:14 -07:00
9c03ee6d9e
ENH: consolidate where blocktype is defined for iptables rules
2013-05-08 07:52:08 +10:00
c7fd777966
BF: default type to unreachable
2013-05-08 07:31:31 +10:00
de56347619
ENH: separate out regex and escape a .
2013-05-08 06:32:27 +10:00
e7cb0f8b8c
ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
2013-05-07 12:22:49 -04:00
2143cdff39
Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups
...
Origin: from https://github.com/jamesstout/fail2ban
* 'OpenSolaris' of https://github.com/jamesstout/fail2ban :
ENH: Removed unused log line
BF: fail2ban.local needs section headers
ENH: Use .local config files for logtarget and jail
ENH+TST: ssh failure messages for OpenSolaris and OS X
ENH: fail message matching for OpenSolaris and OS X
ENH: extra daemon info regex
ENH: actionunban back to a sed command
Readme for config on Solaris
create socket/pid dir if needed
Extra patterns for Solaris
change sed to perl for Solaris
Conflicts:
config/filter.d/sshd.conf
2013-05-06 11:11:12 -04:00
822a01018f
Merge pull request #205 from grooverdan/bsd_ssh
...
BSD ssh improvements (casing, msg)
2013-05-06 07:54:58 -07:00
3b4a7b7926
ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
2013-05-05 15:43:18 +10:00
aa52743f52
DOC: add jail.conf entry for pf
2013-05-03 16:42:10 +10:00
0c5a9c53e1
ENH: pf action thanks to Nick Hilliard <nick@foobar.org>.
2013-05-03 16:34:54 +10:00
b6d0e8ad9c
ENH: add ipfw rule for bsd using the tables.
2013-05-03 16:31:45 +10:00
40c56b10a0
EHN: enhance sshd filter for bsd.
2013-05-03 16:17:35 +10:00
b3bd877d23
BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD
2013-05-03 16:12:13 +10:00
495f2dd877
DOC: purge of svn tags
2013-05-03 16:03:38 +10:00
89adcd7ff7
Merge branch PR #193 ASSP SMTP Proxy support (with some manual squashing)
...
Origin: https://github.com/lenrico/fail2ban
Squashing was done via rebase -i 1524b076d6
2013-05-03 00:57:49 -04:00
36b0d78ff8
tight control of the filter for ASSP
2013-05-03 00:56:53 -04:00
07aee8cd33
as daniel desires
2013-05-03 00:56:53 -04:00
24a8d07c20
added new date format support for ASSP SMTP Proxy
2013-05-03 00:56:46 -04:00
b65205d4ad
Merge branch 'master' into 0.9
...
* master:
ENH: "is None" instead of "== None" + tune ups in headers
BF: log error only if there were missed config files that couldn't be read
DOC: missing cinfo tags are ok. Log error for self referencing definitions
DOC: s/defination/definition/g learn to spell
Changelog entry for the previous commit and some untabify
BF: pyinotify backend should also handle IN_MOVED_TO events
ENH: remove stats of config files and use results of SafeConfigParserWithIncludes.read to facilitate meaningful error messages
DOC: credits for gh-70 fix
BF: ensure dates in email are in the C locale. Thanks iGeorgeX
DOC: ChangeLog for recursive tag substition
ENH: allow recursive tag substitution in action files.
DOC: document <br> tag
DOC: ChangeLog for named-refused entry
ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458
DOC: release documentation and distributor contacts
DOC: changelog entry for enhanced ssh filter
BF: Rename mentioning of README to README.md (Fixes #187 )
updated README.md to hyperlink, add travis and coversall
Moving README into a markup README.md for github's goodnesses
Conflicts:
DEVELOP
README.md
fail2ban/client/configreader.py
fail2ban/server/datedetector.py
2013-05-02 23:55:26 -04:00
f196709be1
ENH: Update asterisk example jail.conf entry for multiaction
2013-04-29 23:40:18 +01:00
3367dbd987
ENH: fail message matching for OpenSolaris and OS X
...
- OpenSolaris keyboard message matched by new regex 3
- Removed Bye Bye regex per
https://github.com/fail2ban/fail2ban/issues/175#issuecomment-16538036
- PAM auth failure or error and first char case-insensitive, can also
have chars after the hostname. e.g.
Apr 29 16:53:38 Jamess-iMac.local sshd[47831]: error: PAM:
authentication error for james from 205.186.180.101 via 192.168.1.201
2013-04-30 04:23:13 +08:00
d2a9537568
ENH: extra daemon info regex
...
for matching log lines like:
Mar 29 05:20:09 dusky sshd[19558]: [ID 800047 auth.info] Failed
keyboard-interactive for james from 205.186.180.30 port 54520 ssh2
this matches [ID 800047 auth.info]
2013-04-30 04:14:36 +08:00
b7795addd0
ENH: actionunban back to a sed command
...
per https://github.com/fail2ban/fail2ban/pull/182#discussion_r3999128
2013-04-30 04:10:32 +08:00
945ad3d9e6
BF: ensure dates in email are in the C locale. Thanks iGeorgeX
2013-04-29 14:10:23 +10:00
0ac8746d05
ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458
2013-04-28 11:03:44 +10:00
62602a9ed0
Revert "ENH: by default enable a single jail -- sshd"
...
This reverts commit 47a62b6072
2013-04-23 13:58:58 -04:00
1d72a8265d
Merge branch '0.9' into _tent/jail.conf
...
* 0.9:
BF: usedns deals with forward (not reverse) DNS lookups (thanks Steven Hiscocks)
Conflicts:
config/jail.conf
2013-04-23 13:57:52 -04:00
2a48b0ab54
Merge branch 'master' into 0.9
...
* master:
BF: usedns deals with forward (not reverse) DNS lookups (thanks Steven Hiscocks)
2013-04-23 13:57:07 -04:00
22f04677b6
BF: usedns deals with forward (not reverse) DNS lookups (thanks Steven Hiscocks)
2013-04-23 13:56:51 -04:00
87bac37139
ENH: default port to all ports (0:65535) + remove where thus not needed + typos
2013-04-23 13:55:26 -04:00
f4a74d8d8b
RF: rename/unify naming of courier filters/jails
2013-04-22 22:42:09 -04:00
47a62b6072
ENH: by default enable a single jail -- sshd
2013-04-22 22:35:01 -04:00
3ba540eca3
ENH+BF: use %(__name__) by default for filter, defined enabled = false by DEFAULT
...
Now jail.conf is really neat.
BF: tests
2013-04-22 22:23:23 -04:00
24e4cfe1b7
Merge branch '0.9' into _tent/jail.conf
...
* 0.9: (45 commits)
Beef up changelog for 0.9
ENH: make fail2ban-regex aware of possible maxlines in the filter config file
BF+TST: Correctly reset time in tearDownMyTime
ENH: Reimplement warning suppression of setup.py test --quiet
ENH: Renamed OptionConfigReader to DefinitionInitConfigReader
ENH: Rename splitAction to extractOptions in jailreader
ENH: Use os.path.join for filter/action config readers
BF: Remove warnings handler which breaks setup.py python2<2.7 and python3<3.2
ENH: For python3.2+ use ConfigPaser which replaces SafeConfigParser
TST: Change depreciated unittest assertEquals method to assertEqual
TST: Ensure files are closed in tests to remove ResourceWarnings
BF: Change logging instance logSys `warn` method to `warning`
ENH: use os.path.join for consistency -- add "Contributors" to authors
RF: setup.py now imports version number again
DOC: tune up formatting (spaces) and prelude for the changelog entry
TST+RF: Add ability to execute test from setup.py with setuptools
TST: Move test gathering to function is test utils
TST: Move test TZ changes to setUp and tearDown methods
ENH: Remove redundant `maxlines` option from jail reader
TST: Add test for FilterReader [Init] `maxlines` override
...
Conflicts:
config/jail.conf
2013-04-22 10:21:13 -04:00
698c74d9ed
Merge commit '0.8.8-212-gf6f30f1' into 0.9
...
* commit '0.8.8-212-gf6f30f1': (24 commits)
DOC: tune up formatting (spaces) and prelude for the changelog entry
DOC: more ChangeLog entries all the way back to 0.8.8
DOC: move new actions and filters to New Features in ChangeLog
DOC: tomcat and Guacmole are next release
DOC: credit man page edits
DOC: developers please rebase and use a single commit
DOC: post release ChangeLog entry
DOC: ChangeLog - current HEAD back to ce3ab34
2013-04-22 09:55:27 -04:00
10fcfb925d
Extra patterns for Solaris
2013-04-21 07:30:21 +08:00
de98e3dabd
change sed to perl for Solaris
2013-04-21 07:29:48 +08:00
9672e44d39
ENH: Move jail `maxlines` to filter config
2013-04-18 22:11:41 +01:00
41b9f7b6ac
BF: filter.d/sshd "Did not receive identification string" relates to an exploit so document this in sshd-ddos.conf but leave it out of authentication based blocks in sshd.conf
2013-04-18 04:38:03 +10:00
4665ac6b27
RF: jail.conf with entries from Debian's copy and changing existing ones to conform the "template"
...
our unittests fail now -- will BF later
2013-04-17 01:05:04 -04:00
9a14cf8b7b
Merge branch 'master' into 0.9
...
* master:
DOC: initiated changelog (but not juice left to actually fill it up ;-))
TST: test all valid loglevels in server testcases
TST: Add tag replace and escape test for actions
ENH: Minor change to action for consistency of execStart/Stop
TST: Coverage for coveralls.io should only be run on success
TST: no cover additions to server, primarily daemon creation
DOC: thanks @kwirk for spotting the typos in exception message
FD_CLOEXEC support
Typo in default pidfile in fail2ban.conf
Conflicts:
.travis.yml -- after_success
ChangeLog -- added perspective changelog for 0.8.9
fail2ban/server/asyncserver.py -- imports
fail2ban/server/server.py -- no pragma (if I got it right ;-) )
2013-04-16 23:50:43 -04:00
4869186c8f
Merge branch 'py3' of https://github.com/kwirk/fail2ban into 0.9
...
* 'py3' of https://github.com/kwirk/fail2ban : (38 commits)
DOC: Add python3 to requirements
ENH: Clarify use of bytes in csocket and asyncserver for python3
DOC: Revert dnsToIp error change, seperate log message for socket.error
TST: Tweak python3 open statement to resolve python2.5 SyntaxError
TST: Revert changes for filter testcase open statement
DOC: Revert setup.py messages to use print statement
Add *.bak files generated by 2to3 to gitignore
TST: Fix up fail2ban python3 scripts
TST: Fix issues in tests which assumed dictionary's order
ENH: setup.py now automatically runs 2to3 for python3.x
TST: Remove Travis CI unsupported versions of python from Travis config
add fail2ban-2to3 to MANIFEST file
ENH: Add python3 versions to Travis CI config
BF: Handle expected errors for python3.{0,1} when changing log target
Minor tweaks to fail2ban-regex for encoding
Added ability to set log file encoding with fail2ban-regex
Add ability to set log encoding for jail
Move handling of unicode decoding to FileContainer readline
Fix incorrect exit code from fail2ban-2to3
Remove redundant reassignment of variable
...
Conflicts:
fail2ban/tests/servertestcase.py -- both branches added a new unittest at the same point
2013-04-16 23:24:49 -04:00
f5572c8ade
Merge pull request #173 from kwirk/maxlines
...
Maxlines jail setting tweaks
2013-04-16 19:50:00 -07:00
4d80fad874
ENH+DOC: Add Guacamole filter, example log and jail
2013-04-16 21:13:31 +01:00
32d10e904a
ENH: more openssh fail messages from openssh source code (CVS 20121205)
2013-04-17 00:03:36 +10:00
183cfa6e00
ENH: Default maxlines value in jail.conf, and verify value is int >0
2013-04-15 21:21:19 +01:00
fa0f8f9e6d
Merge branch '0.9' into py3
...
Conflicts:
.travis.yml
MANIFEST
bin/fail2ban-regex
fail2ban/server/filter.py
fail2ban/tests/servertestcase.py
setup.py
2013-04-13 16:54:22 +01:00
59192a5585
Merge remote-tracking branch 'github_kwirk_fail2ban/pidfile'
...
* github_kwirk_fail2ban/pidfile:
Typo in default pidfile in fail2ban.conf
2013-04-09 23:48:46 -04:00
99a5d78e37
ENH: for consistency (and future expansion ;)) -- rename to mysqld-auth
2013-04-09 18:03:34 -04:00
ffaa9697ee
Adjusting previous PR (MySQL logs) according to my comments
2013-04-09 18:00:40 -04:00
3e6be243bf
Merge branch 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban
...
* 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban :
Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
Added support for MySQL logfiles
Conflicts:
testcases/datedetectortestcase.py -- conflictde with other added test cases
2013-04-09 17:55:14 -04:00
77aa523f22
Merge branch 'master' into py3
...
Conflicts:
.travis.yml
server/datetemplate.py
server/server.py
testcases/filtertestcase.py
2013-03-30 22:51:36 +00:00
72b06479a5
ENH: Slight tune ups for fresh SOGo filter + comment into the sample log file
2013-03-27 11:09:54 -04:00
105306e1a8
Merge remote-tracking branch 'pr/117/head' -- SOGo filters
...
* pr/117/head:
An example of failed logins against sogo
Update sogo-auth.conf
Update config/filter.d/sogo-auth.conf
Create sogo-auth.conf
Update config/jail.conf
2013-03-27 11:09:35 -04:00
91d5736c12
ENH: postfix filter -- react also on (450 4.7.1) with empty from/to. fixes #126
2013-03-26 09:40:04 -04:00
bba3fd8568
Update sogo-auth.conf
...
included hint by user yarikoptic
2013-03-25 08:43:13 +01:00
29d0df58be
Added support for MySQL logfiles
2013-03-24 16:52:58 +02:00
67544d1dd6
DOC: tags are documented in the jail.conf(5) man page
2013-03-17 10:52:49 +11:00
5e5eaaf838
Merge pull request #134 from grooverdan/misc-fixes
...
BF: fail2ban client can't handle multi word setcinfo or action[*] values
2013-03-10 18:01:17 -07:00
a2b29b4875
Fixed typos
2013-03-10 22:05:33 +00:00
a0f088be25
ENH: typo + head -1 has been deprecated for 10+ years.
2013-03-10 16:28:45 +11:00
66367876bb
Add ability to set log encoding for jail
2013-02-27 18:09:55 +00:00
a8bd9c20a0
Merge branch 'master' of git://github.com/fail2ban/fail2ban
...
* 'master' of git://github.com/fail2ban/fail2ban:
add blocking type
add example jail.conf for blocking through blackhole routes for ssh
add support for blocking through blackhole routes
2013-02-18 23:12:06 -05:00
d5ae28facf
Merge pull request #104 from gebi/t/route
...
add support for blocking through blackhole routes
2013-02-18 08:01:34 -08:00
294f073741
Typo in default pidfile in fail2ban.conf
2013-02-17 22:42:24 +00:00
ce3ab34dd8
Added ability to specify PID file
2013-02-17 22:14:01 +00:00
47b1ee39d8
add blocking type
2013-02-17 12:44:15 +11:00
8cf006827e
BF: remove path from grep call in sendmail-whois-lines.conf Closes: gh-118
2013-02-12 08:48:05 -05:00
6cd358ee95
Update config/filter.d/sogo-auth.conf
...
Comment line in the top altered to fit file name. My local file was named differently...
2013-02-12 10:45:37 +01:00
35bf84abad
Create sogo-auth.conf
...
Regexp works with SOGo 2.0.5 or newer, following new feature implemented here: http://www.sogo.nu/bugs/view.php?id=2229
2013-02-11 08:19:48 -08:00
52f952e645
Update config/jail.conf
...
Update to use the new sogo-auth filter
2013-02-11 17:14:29 +01:00
5f2d3832f7
NF: roundcube-auth filter (to close Debian #699442 , needing debian/jail.conf section)
2013-01-31 14:41:34 -05:00
bb7628591c
Update config/filter.d/sshd.conf
...
Do not trigger sshd bans on pam_unix authentication failures, this will trigger on successful logins on systems that use non-pam_unix authentication (sssd, ldap, etc.).
2013-01-18 14:44:49 -07:00
9a39292813
ENH: Added login authenticator failed regexp for exim filter
2013-01-04 15:23:05 -05:00
b3d8ba146b
DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed ( Closes : #697333 )
2013-01-04 15:23:05 -05:00
03433f79cd
add example jail.conf for blocking through blackhole routes for ssh
2013-01-04 16:09:04 +01:00
f9b78ba927
add support for blocking through blackhole routes
2013-01-03 18:46:31 +01:00
da0ba8ab4c
ENH: add example jail for ipset
2012-12-31 14:38:51 +11:00
9221886df6
more documentation and optimisations/fixes based on testing
2012-12-31 14:31:37 +11:00
abd5984234
base ipset support
2012-12-31 14:31:37 +11:00
f336d9f876
Update config/filter.d/webmin-auth.conf
...
Added '\s*$' to the regular expression to match the space written by webmin logs at line-endings
2012-12-13 08:14:49 +01:00
dc67b24270
Update config/filter.d/webmin-auth.conf
...
Added a trailing '.*$' to each regex so they can find expressions in targeted log files.
2012-12-12 23:07:39 +01:00
3969e3f77b
ENH: dovecot.conf - require space(s) before rip/rhost log entry
2012-12-12 09:16:52 -05:00
266cdc29a6
Update config/filter.d/dovecot.conf
...
even tho not on the fail2ban site..
suggested to not be greedy by yarikoptic
2012-12-11 12:09:28 -05:00
e040c6d8a3
Update config/filter.d/dovecot.conf
...
site actually needs updated because of <HOST> alias
per Notes above.
2012-12-11 03:26:14 -05:00
7ede1e8518
Update config/filter.d/dovecot.conf
...
added failregex line for debian and centos per
http://www.fail2ban.org/wiki/index.php/Talk:Dovecot
2012-12-10 19:17:04 -05:00
fc27e00290
ENH: tune up sshd-ddos to use common.conf and allow training spaces
2012-12-07 15:24:34 -05:00
6ecf4fd80a
Merge pull request #64 from sourcejedi/remove_sshd_rdns
...
Misconfigured DNS should not ban *successful* ssh logins
Per our discussion indeed better (and still as "safe") to not punish users behind bad DNS
2012-11-05 18:20:37 -08:00
95de9c1a97
add support for the APF firewall
2012-10-18 11:17:04 -04:00
282724a7f9
ENH: join both failregex for lighttpd-auth into a single one
...
they are close in meaning
should provide a slight run-time performance benefit
2012-09-30 11:30:24 -04:00
958a1b0a40
Lighttpd: support auth.backend = "htdigest"
2012-09-30 13:27:21 +02:00
2a225aa6ee
Added a warning within "complaint.conf" action about care with enabling it
2012-08-13 23:03:52 -04:00
2082fee7b1
ENH: match possibly present "pam_unix(sshd:auth):" portion for sshd ( Closes : #648020 )
2012-07-31 15:53:41 -04:00
6ad55f64b3
ENH: add wu-ftpd failregex for use against syslog ( Closes : #514239 )
2012-07-31 15:43:13 -04:00
80b191c7fd
BF: anchor chain name in actioncheck's for iptables actions ( Closes : #672228 )
2012-07-31 15:27:05 -04:00
a3b242d6dd
BF: inline comments must use ; not # -- recidive jail
2012-07-31 14:05:42 -04:00
8c38907016
Misconfigured DNS should not ban *successful* ssh logins
...
Noticed while looking at the source (to see the point of ssh-ddos).
POSSIBLE BREAK-IN ATTEMPT - sounds scary? But keep reading
the message. It's not a login failure. It's a warning about
reverse-DNS. The login can still succeed, and if it _does_ fail,
that will be logged as normal.
<exhibit n="1">
Jul 9 05:43:00 brick sshd[18971]: Address 200.41.233.234 maps to host234.advance.com.
ar, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jul 9 05:43:00 brick sshd[18971]: Invalid user html from 200.41.233.234
</exhibit>
The problem (in my mind) is that some users are stuck with bad dns.
The warning won't stop them from logging in. I'm pretty sure they can't
even see it. But when they exceed a threshold number of logins -
which could be all successful logins - fail2ban will trigger.
fail2ban shouldn't adding additional checks to successful logins
- it goes against the name fail2ban :)
- the first X "POSSIBLE BREAK-IN ATTEMPT"s would be permitted anyway
- if you want to ban bad DNS, the right way is PARANOID in /etc/hosts.deny
I've checked the source of OpenSSH, and this will only affect the
reverse-DNS error. (I won't be offended if you want to check
for yourself though ;)
<exhibit n="2">
$ grep -r -h -C1 'ATTEMPT' openssh-5.5p1/
logit("reverse mapping checking getaddrinfo for %.700s "
"[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
return xstrdup(ntop);
--
logit("Address %.100s maps to %.600s, but this does not "
"map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
ntop, name);
$
</exhibit>
2012-07-13 21:41:58 +01:00
b4099dae57
DOC: Adjusted header for config/*.conf to mention .local and way to comment
...
thanks to Stefano Forli for reminding about comments
see Debian Bug#676146
2012-06-04 22:41:28 -04:00
4007751191
ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 ( Closes : #669063 )
2012-04-16 20:36:53 -04:00
7b77beee0e
DOC: comment in jail.conf for the need of multiple jails for asterisk
2012-02-28 12:04:24 -05:00
71a3fb17e2
Merge remote-tracking branch 'gh-magicrhesus/master'
...
* gh-magicrhesus/master:
Add the INCLUDE section to use __pid_re feature
Disable asterisk jail by default
Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
Change NOTICE by NOTICE%(__pid_re)s
Remove custom bantime
Add sample log file for asterisk
Add $ at the end of the failregex
Add asterisk support
Conflicts:
config/jail.conf -- placed asterisk jails before recidive and added blank lines after the jail headers
2012-02-28 12:03:16 -05:00
8c00ce0a65
Add the INCLUDE section to use __pid_re feature
2012-02-28 17:28:06 +01:00
180c17bede
Disable asterisk jail by default
2012-02-27 16:14:18 +01:00
df0e0fdc07
Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
2012-02-21 18:53:44 +01:00
c679a1a588
Change NOTICE by NOTICE%(__pid_re)s
2012-02-21 18:05:53 +01:00
42dd05210a
Added a warning for the recidive jail
2012-02-18 20:15:42 -05:00
d7ca754980
Merge branch 'master' of github.com:magicrhesus/fail2ban
2012-02-15 19:47:04 +01:00
c7613ce311
Remove custom bantime
2012-02-15 18:55:35 +01:00
d98cdb25d6
Add $ at the end of the failregex
2012-02-13 17:11:32 +01:00
25f1e8d98c
BF: allow trailing whitespace in few missing it regexes for sshd.conf
2012-02-10 21:14:51 -05:00
1807be5a8c
ENH: moved jail definition for recidive into jail.conf + swapped/commented durations + non-groupping ?:
...
thanks @cepheid666 for the useful comments
2012-01-26 23:28:44 -05:00
f94a121663
Fix for https://github.com/fail2ban/fail2ban/issues/19
...
Based on previous work as documented in the bug by Amir and myself,
plus some enhancements and documentation added to the file itself rather
than a URL (they rot).
2012-01-26 23:33:01 +01:00
d73a71f5cf
ENH: Add usedns parameter for the jails
...
following commits were squashed from feature branch use_dns
commit 068c105eb5635ed36a8c24656d28127957fbec429f5c7957fbe8216ce9d04640cfb2c75b49f6186eff1482c62d29dcdc0ae21932594e25818c48ff80ffac0bdab4c2d76d6b734ea511ad2b6125b48fa9b6afc429f5c91a4b18afb0021906#3 from yarikoptic/enh/use_dns
let's be consistent ;-)
commit 00219063584b18afb28a4fae37e46fe94806ce484d30c5290776696d452a0631618087d23d4955479538553bc5ae1e857e53ace43eb941
2012-01-12 23:23:41 -05:00
7d465f98c1
Add asterisk support
2012-01-11 16:35:40 +01:00
9559fcd3a0
Merge pull request #25 from leeclemens/enh/pyinotify
...
ENH: pyinotify
2012-01-09 18:17:41 -08:00
35201f6690
Merge remote-tracking branch 'gh-keszybz/master'
...
* gh-keszybz/master:
NF: xt_recent-echo action
2012-01-07 20:59:50 -05:00
321670487e
NF: xt_recent-echo action
...
The default configuration can only be run by root. To actually support
running as a different user, the setup action must be disabled.
2012-01-06 00:51:03 +01:00
8a2e26403a
Merge remote-tracking branch 'upstream/master'
2011-12-31 01:57:55 -05:00
4502adfe69
Fix comments to reflect code
...
Commit 638bb6652
2011-12-30 12:41:46 -05:00
e442503133
Added pyinotify backend
2011-12-30 00:18:52 -05:00
4c76fb3b54
ENH: allow trailing white-spaces in lighttpd-auth.conf
...
now catches the one in testcases/files/logs/lighttpd
2011-12-25 10:00:50 -05:00
683d4f269d
modifications suggested by a referee (log ex+regexp)
2011-12-24 22:24:08 +01:00
a7cb20edac
add lighttpd-auth jail
2011-12-24 21:56:38 +01:00
b6d9f795dc
add filter for lighttpd mod_auth failure
2011-12-24 21:51:18 +01:00
9fa54cf233
Add Date: header for sendmail*.conf actions
...
According to rfc2822, Date: headers are not optional.
Added these to all sendmail action templates, format specification
should conform to rfc and be portable across multiple platforms.
2011-11-18 16:52:44 -05:00
a9be451079
ENH: removed expansion for few Date and Revision SVN keywords
...
For consistency of appearance... eventually we might just remove them
altogether
2011-11-18 10:14:39 -05:00
dad91f7969
ENH: sshd.conf -- allow user names to have spaces and trailing spaces in the line
...
absorbed from patches carried by Debian distribution of f2b
2011-11-18 10:07:13 -05:00
ed0bf3ad96
Removed duplicate entry for DataCha0s/2\.0 in badbots ( closes : #519557 )
2011-11-18 09:40:56 -05:00
3152afbdc2
Recognise time-stamped kernel messages
...
e.g.
Sep 25 12:51:04 myhost kernel: [773580.832329] sshd[25557]: Invalid user pgsql from 91.203.223.206
This fixes the sshd filter on Fedora 15, and probably other filters on
other newish distros too.
2011-09-28 12:46:28 -04:00
3eb5e3b876
BF: Allow for trailing spaces in sasl logs
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@783 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-08-07 02:41:08 +00:00
02be7d03b2
BF: use standard/reserved example.com instead of mail.com
...
Adapted from fail2ban-0.8.4-examplemail.patch in Fedora:
http://sophie.zarb.org/sources/fail2ban/fail2ban-0.8.4-examplemail.patch
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@777 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-05-07 03:16:40 +00:00
6d25310e28
ENH: Adding author for dovecot filter and prunning unneeded space in the regexp
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@776 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 21:38:26 +00:00
eab9af9caa
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@775 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:37:19 +00:00
d4b89d8404
BF: Allow for trailing spaces in proftpd logs
...
See http://bugs.debian.org/507986
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@774 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:37:10 +00:00
1cb48bbc96
BF: escaping () in pure-ftpd filter. Thanks Teodor
...
See http://bugs.debian.org/544744
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@773 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:37:00 +00:00
02e7dfb099
BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@772 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:50 +00:00
3831fbf98b
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@771 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:41 +00:00
6558c03f8e
NF: Adding found on a drive filter.d/dovecot.conf
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@770 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:28 +00:00
10faba5163
ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@769 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:17 +00:00
0073ba3838
ENH: dropbear filter: see http://bugs.debian.org/546913
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@768 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:08 +00:00
638bb66523
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
...
It should be robust since /var/run/fail2ban is guaranteed to exist to carry the
socket file, and it will be owned by root (or some other dedicated fail2ban
user) thus avoiding possibility for the exploit
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:35:56 +00:00
7b54c7b33b
spellcheck jail.conf. Thanks Christoph Anton Mitterer
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@766 a942ae1a-1317-0410-a47c-b1dcaea8d605
2010-09-27 13:18:32 +00:00
521631cfcc
default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@765 a942ae1a-1317-0410-a47c-b1dcaea8d605
2010-09-27 13:10:48 +00:00
dabe3aeae1
disabling entirely named-refused-udp jail with a big fat warning
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@761 a942ae1a-1317-0410-a47c-b1dcaea8d605
2010-06-29 01:34:08 +00:00
b91595dd11
Disabled jail lighttpd-fastcgi by default.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@747 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-08-31 13:57:32 +00:00
dde7afe1f3
added two new filter files (PHP url_fopen, lighttpd fastcgi alerts), updated MANIFEST and jail.conf accordingly
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@742 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-08-30 14:17:29 +00:00
55fd21ec4b
- Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@730 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-09 20:27:35 +00:00
abd061bad8
- Changed <HOST> template to be more restrictive. Debian bug #514163 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@728 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-08 17:31:24 +00:00
7fd0300a73
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@727 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-03 22:37:46 +00:00
376f348823
- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log ( closes : #512193 ).
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@726 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-03 21:56:03 +00:00
e86e7d002e
- Added missing semi-colon in the bind9 example. Thanks to Yaroslav Halchenko.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@725 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-03 21:51:32 +00:00
e16c18d091
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@724 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-01-27 23:39:38 +00:00
e46e8ed32e
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@723 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-01-27 23:35:46 +00:00
6cd56802bb
- Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to Russell Odom.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@717 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-13 14:56:54 +00:00
622218271d
- Added svn:keywords property.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@716 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-13 14:38:41 +00:00
bb8e610795
- Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@715 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-13 14:37:25 +00:00
TorontoMedia