Tests files are not always needed especially when installing on low
resource systems like an embedded one.
This patch adds the --without-tests option to skip building and
installing of tests files.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
filter.d/sshd.conf: extended with new rules:
- Disconnecting ...: Change of username or service not allowed
- Disconnected from ... [preauth] (extra/aggressive mode only)
proftpd 1.3.5e can leave inconsistent error message if ftp or mod_sftp is used
Oct 2 15:45:31 ftp01 proftpd[5516]: 10.10.2.13 (10.10.2.189[10.10.2.189]) - SECURITY VIOLATION: Root login attempted
Oct 2 15:45:44 ftp01 proftpd[5517]: 10.10.2.13 (10.10.2.189[10.10.2.189]) - SECURITY VIOLATION: Root login attempted.
Fix regex to make trailing period optional, otherwise brute force attacks against root account using ftp are not blocked correctly.
I suggest to clarify what is the corresponding service, and who developed it, and include source of this information. All of the above might be useful for newcomers to F2B and or users not familiar with some service.
- recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
- failregex extended to catch connections rejected for policy reasons (gh-2228);
If you have configured nginx to forbid some paths in your webserver, e.g.:
location ~ /\. {
deny all;
}
if a client tries to access https://yoursite/.user.ini then you will see
in nginx error log:
2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 10.20.30.40, server: www.example.net, request: "GET /.user.ini HTTP/1.1", host: "www.example.net", referrer: "https://www.example.net"
By carefully setting this filter we ban every IP that tries too many times to
access forbidden resources.
Author: Michele Bologna https://www.michelebologna.net/
- extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover
`YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional);
- more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);