sebres
6f4b6ec8cc
action.d/badips.* removed (badips.com is no longer active, gh-2889)
4 years ago
benrubson
840f0ff10a
Add Grafana jail
4 years ago
Sergey G. Brester
472bdc437b
Merge pull request #2723 from benrubson/softether
...
Add SoftEtherVPN jail
4 years ago
sebres
d4adec7797
Merge branch '0.9' into 0.10
4 years ago
sebres
5430091acb
jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868)
4 years ago
benrubson
ec873e2dc3
Add SoftEtherVPN jail
4 years ago
sebres
ed20d457b2
jail.conf: removed action parameter `name` that set on jail-name (`name=%(__name__)s` is default in action reader)
4 years ago
benrubson
1707560df8
Enhance Guacamole jail
4 years ago
Sergey G. Brester
368aa9e775
Merge pull request #2689 from benrubson/gitlab
...
New Gitlab jail
5 years ago
sebres
06b46e92eb
jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead);
...
no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357;
ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686);
don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.
5 years ago
benrubson
2912bc640b
New Gitlab jail
5 years ago
Sergey G. Brester
34d63fccfe
close gh-2629 - jail.conf (action_blocklist_de interpolation): replace service parameter (use jail name instead of filter, which can be empty)
5 years ago
sebres
67fd75c88e
pass2allow-ftp: inverted handling - action should prohibit access per default for any IP, so reset start on demand parameter for this action (will be started immediately).
5 years ago
sebres
8f6ba15325
avoid unhandled exception during flush, better invariant check (and repair), avoid repair by unban/stop etc...
5 years ago
Mart124
30e742a849
Update jail.conf
5 years ago
Mart124
ef394b3cf0
Update jail.conf
5 years ago
Sergey G. Brester
e4c2f303bd
Merge pull request #2550 from CPbN/centreonjail
...
Add Centreon jail
5 years ago
sebres
5cf064a112
monit: accepting both logpath's: monit and monit.log, closes gh-2495
5 years ago
CPbN
9e699646f8
Add Centreon jail
5 years ago
CPbN
18ba714f97
Add Centreon jail
5 years ago
girst
b288ccd6b6
new filter: znc-adminlog
6 years ago
Holston
5d6a84ba78
Updated to correct logging option
6 years ago
sebres
0386df0042
introduced new options: `dbmaxmatches` (fail2ban.conf) and `maxmatches` (jail.conf);
...
setting `maxmatches` and `dbmaxmatches` to 0 saves memory usage and database size (closes gh-2118).
6 years ago
Sergey G. Brester
d3f6d6ffdd
Merge pull request #2286 from crazy-max/0.10
...
New filter `traefik-auth`
6 years ago
Sergey G. Brester
dcede9b3f1
comment rewritten (belongs to the filter)
6 years ago
sebres
e651bc7866
amend to #1622 : jail-reader supports now multi-line option for multi-line action parameter:
...
logpath = a.log
b.log
c.log
action = ban[...]
= log[logpath="%(logpath)s"]
closes gh-2341, ultimate fix for gh-976
6 years ago
CrazyMax
a51f82770b
New filter `traefik-auth`
6 years ago
sebres
e2a255d104
fixed typo in comments by "ignoreself" parameter
6 years ago
sebres
ffd6b9f6de
jail.conf: extended with new parameter `mode` for the filters supporting it;
7 years ago
sebres
7e756da2b9
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
7 years ago
Serg G. Brester
9876dd44f9
replace port imap3 with imap everywhere, since imap3 is not a standard port and old rarely (if ever) used and missing on some systems
...
(see gh-1942)
7 years ago
Jeff Potter
4a2fc8b7e8
Include imap (port 143) in courier-auth ports
...
imap was missing from the list of ports, preventing fail2ban from blocking connections on standard IMAP port 143.
7 years ago
sebres
b615a98540
jail.conf: avoid overwriting of default value of the parameter `chain` of several actions (where default chain != INPUT);
...
test-cases extended to cover the same logic (use `<known/chain>` instead of fix value `INPUT`);
Closes gh-1949
7 years ago
Serg G. Brester
e07a8cda07
Update jail.conf
...
Documentation of parameters for action blocklist_de, closes gh-1940
7 years ago
sebres
b185e7cb04
Merge remote-tracking branch 'upstream/master' into 0.10
7 years ago
Serg G. Brester
fd83260bd8
jail "pass2allow-ftp" should supply blocktype to action
...
closes gh-1884
7 years ago
john
7013729a1f
removed redundant options for zoneminder from jail.conf
7 years ago
john
3d45fd2713
implemented yarikoptic's suggestions in fail2ban pull request #1376
7 years ago
john
a90f6c4ae8
added zoneminder jail and filter
...
# Conflicts:
# config/jail.conf
7 years ago
Pavel Mihadyuk
d09304b897
phpmyadmin-syslog: added default jail config
7 years ago
sebres
e26cc5de45
restore backwards compatibility (jail postfix-sasl); changelog update
8 years ago
sebres
aa92b68d4a
filter.d/postfix.conf: normalized several postfix-filters using parameter `mode` (as discussed in gh-1813);
...
introduced parameter `mode`: more (default, combines normal and rbl), auth, normal, rbl, ddos, extra or aggressive (combines all)
replacement for gh-1239, gh-1697, gh-1764; closes gh-1245, gh-1297.
8 years ago
sebres
d3ae70beb6
filter.d/roundcube-auth.conf: Use the same filter-file and jail also when logging errors to journal instead to a local file.
...
Additionally fixes more complex injections on username.
8 years ago
Johannes Weberhofer
691c080dc7
Added roundcube authentication filter, new jail and log-examples
8 years ago
sebres
99344d28c8
Introduces new tags with hostname:
...
- `<fq-hostname>` - fully-qualified name of host (the same as `$(hostname -f)`)
- `<sh-hostname>` - short hostname (the same as `$(uname -n)`)
Execution of `uname -n` replaced in all mail actions with most interesting fully-qualified `<fq-hostname>`.
8 years ago
sebres
5e93bf9bd3
Introduced new option "ignoreself", specifies whether the local resp. own IP addresses should be ignored (default is true).
...
Fail2ban will not ban a host which matches such addresses.
Option "ignoreip" affects additionally to "ignoreself" and don't need to include the DNS resp. IPs of the host self.
8 years ago
sebres
0c1707afda
filter.d/sshd.conf:
...
- optional parameter `mode` rewritten: normal (default), ddos, extra or aggressive (combines all), see sshd for regex details);
test cases reformatted (since "filterOptions", we don't need multiple test log-files anymore);
8 years ago
Serg G. Brester
d042981954
Merge pull request #1655 from ajcollett/0.10
...
Added config for AbuseIPDB
8 years ago
Serg G. Brester
62fa02241f
Update jail.conf
8 years ago
sebres
e8a1556562
Merge remote-tracking branch 'master' into 0.10
...
# Conflicts:
# fail2ban/tests/samplestestcase.py
8 years ago