fail2ban

Commit Graph

Author	SHA1	Message	Date
Mart124	df659a0cbc	Add Bitwarden syslog support	4 years ago
Sergey G. Brester	472bdc437b	Merge pull request #2723 from benrubson/softether Add SoftEtherVPN jail	4 years ago
Sergey G. Brester	010e76406f	small tweaks (both 2nd time and facility are optional, avoid catch-all, etc)	4 years ago
sebres	66ff90408f	Merge branch '0.10' into 0.11	4 years ago
sebres	d4adec7797	Merge branch '0.9' into 0.10	4 years ago
sebres	5430091acb	jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868)	4 years ago
benrubson	ec873e2dc3	Add SoftEtherVPN jail	4 years ago
sebres	6ef69b48ca	Merge branch '0.10' into 0.11	4 years ago
sebres	02525d7b6f	filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended with new rule closing flood attack vector, matching: error: kex_exchange_identification: Connection closed by remote host (gh-2850)	4 years ago
sebres	2817a8144c	`action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used)	4 years ago
sebres	1418bcdf5b	`action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836)	4 years ago
sebres	d253e60a8b	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	d977d81ef7	action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos	4 years ago
sebres	74b73bce8a	Merge branch '0.10' into 0.11	4 years ago
sebres	a038fd5dfe	`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`; small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules); closes gh-2821	4 years ago
Sergey G. Brester	70c601e9e5	involve config parameter (replaces hard-coded path); fixed typo in actionban (looks like copy&paste from trimmed tty)	4 years ago
sebres	4d2734dd86	Merge branch '0.10' into 0.11	4 years ago
sebres	ed20d457b2	jail.conf: removed action parameter `name` that set on jail-name (`name=%(__name__)s` is default in action reader)	4 years ago
sebres	db1f3477cc	amend to 3f04cba9f92a1827d0cb3dcb51e57d9f60900b4a: sendmail-auth has 2 failregex now, so rewritten with prefregex	4 years ago
sebres	3f04cba9f9	filter `sendmail-auth` extended to follow new authentication failure message introduced in sendmail 8.16.1, AUTH_FAIL_LOG_USER (gh-2757)	4 years ago
sebres	07fa9f2912	fixes gh-2787: allow to match `did not issue MAIL/EXPN/VRFY/ETRN during connection` non-anchored with extra mode (default names may deviate); additionally provides common addr-tag for IPv4/IPv6 (`(?:IPv6:<IP6>\|<IP4>)`) and test-coverage for IPv6	4 years ago
sebres	e9071b642a	Merge branch '0.10' into 0.11	4 years ago
benrubson	1707560df8	Enhance Guacamole jail	4 years ago
Chris Caron	2216fd8da4	Add Apprise Support (50+ Notifications)	4 years ago
sebres	067b76fc9e	Merge branch '0.10' into 0.11	4 years ago
sebres	9100d07c03	Merge branch '0.10-ipset-tout' into 0.10, amend to #2703 : resolves names conflict (command action timeout and ipset timeout); closes #2790	4 years ago
sebres	62a6771b33	Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763 action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)	4 years ago
sebres	73a8175bb0	resolves names conflict (command action timeout and ipset timeout); closes gh-2790	4 years ago
Sergey G. Brester	08dbe4abd5	fixed comment for loglevel, default is INFO	4 years ago
sebres	309c8dddd7	action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)	5 years ago
sebres	1da9ab78be	Merge branch '0.10' into 0.11	5 years ago
sebres	5a0edf61c9	filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749)	5 years ago
sebres	1588200274	Merge branch '0.10' into 0.11	5 years ago
Sergey G. Brester	43f699b872	grammar / typos	5 years ago
Sergey G. Brester	368aa9e775	Merge pull request #2689 from benrubson/gitlab New Gitlab jail	5 years ago
Sergey G. Brester	01e92ce4a6	added fallback using tr and sed (jq is optional now)	5 years ago
Sergey G. Brester	1c1b671c74	Update cloudflare.conf	5 years ago
Sergey G. Brester	5b8fc3b51a	cloudflare: fixes ip to id conversion by unban using jq normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)	5 years ago
Viktor Szépe	852670bc99	CloudFlare started to indent their API responses We need to use https://github.com/stedolan/jq to parse it.	5 years ago
Ilya	8b3b9addd1	Change tool from 'cut' to 'sed' Sed regex was tested - it works.	5 years ago
Ilya	5da2422f61	Fix actionunban Add command to remove new line character. Needed for working removing rule from cloudflare firewall.	5 years ago
sebres	87a1a2f1a1	action.d/-ipset.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only)	5 years ago
sebres	6b90ca820f	filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently: - `normal`: matches 401 with supplied username only - `ddos`: matches 401 without supplied username only - `aggressive`: matches 401 and any variant (with and without username) closes gh-2693	5 years ago
sebres	affd9cef5f	filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697)	5 years ago
sebres	06b46e92eb	jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead); no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357; ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686); don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.	5 years ago
benrubson	2912bc640b	New Gitlab jail	5 years ago
sebres	136781d627	filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682)	5 years ago
sebres	38b32a9a72	Merge branch '0.10' into 0.11	5 years ago
sebres	22a04dae05	Merge branch '0.9' into 0.10 (gh-2246)	5 years ago
Sergey G. Brester	b1e1cab4b7	Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2 Improve regex in proftpd.conf	5 years ago
sebres	606bf110c9	filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE (closes gh-2662)	5 years ago
sebres	32f02ef3b3	Merge branch '0.10' into 0.11	5 years ago
sebres	42714d0849	filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it); amend to `62b1712d22` (PR #2387, backend-related option `logtype`); testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)	5 years ago
sebres	e6ca04ca9d	Merge branch '0.10' into 0.11 + version bump (back to dev)	5 years ago
sebres	ab3a7fc6d2	filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect	5 years ago
sebres	7282cf91b0	Merge branch '0.10' into 0.11	5 years ago
sebres	9137c7bb23	filter processing: - avoid duplicates in "matches" (previously always added matches of pending failures to every next real failure, or nofail-helper recognized IP, now first failure only); - several optimizations of merge mechanism (multi-line parsing); fail2ban-regex: better output handling, extended with tag substitution (ex.: `-o 'fail <ip>, user <F-USER>: <msg>'`); consider a string containing new-line as multi-line log-excerpt (not as a single log-line) filter.d/sshd.conf: introduced parameter `publickey` (allowing change behavior of "Failed publickey" failures): - `nofail` (default) - consider failed publickey (legitimate users) as no failure (helper to get IP and user-name only) - `invalid` - consider failed publickey for invalid users only; - `any` - consider failed publickey for valid users too; - `ignore` - ignore "Failed publickey ..." failures (don't consider failed publickey at all) tests/samplestestcase.py: SampleRegexsFactory gets new failJSON option `constraint` to allow ignore of some tests depending on filter name, options and test parameters	5 years ago
sebres	1492ab2247	improve processing of pending failures (lines without ID/IP) - fail2ban-regex would show those in matched lines now (as well as increase count of matched RE); avoid overwrite of data with empty tags by ticket constructed from multi-line failures; amend to d1b7e2b5fb2b389d04845369d7d29db65425dcf2: better output (as well as ignoring of pending lines) using `--out msg`; filter.d/sshd.conf: don't forget mlf-cache on "disconnecting: too many authentication failures" - message does not have IP (must be followed by "closed [preauth]" to obtain host-IP).	5 years ago
Sergey G. Brester	774dda6105	filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth	5 years ago
Sergey G. Brester	34d63fccfe	close gh-2629 - jail.conf (action_blocklist_de interpolation): replace service parameter (use jail name instead of filter, which can be empty)	5 years ago
sebres	a7c68ea19f	Merge branch '0.10' into 0.11	5 years ago
sebres	569dea2b19	filter.d/mysqld-auth.conf: capture user name in filter (can be more strict if user switched, used in action or fail2ban-regex output); also add coverage for mariadb 10.4 log format (gh-2611)	5 years ago
sebres	70e47c9621	Merge branch '0.10' into 0.11	5 years ago
sebres	ec37b1942c	action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596)	5 years ago
sebres	4860d69909	Merge branch '0.10' into 0.11	5 years ago
sebres	f77398c49d	filter.d/sshd.conf: captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra` (with supplied user only) and `ddos`/`aggressive` mode (`normal` mode is not affected, used there just as a helper with `<F-NOFAIL>` to capture IP for multiline failures without IP); closes gh-2115, gh-2362.	5 years ago
sebres	587e4ff573	Merge branch '0.10' into 0.11 (conflicts resolved)	5 years ago
sebres	67fd75c88e	pass2allow-ftp: inverted handling - action should prohibit access per default for any IP, so reset start on demand parameter for this action (will be started immediately).	5 years ago
sebres	8f6ba15325	avoid unhandled exception during flush, better invariant check (and repair), avoid repair by unban/stop etc...	5 years ago
Mart124	e763c657c4	Let's get back to WRN	5 years ago
Mart124	d7b707b09d	Update bitwarden.conf	5 years ago
Mart124	869327e9b1	Update bitwarden.conf	5 years ago
Mart124	79caeaa520	Create bitwarden.conf	5 years ago
Mart124	30e742a849	Update jail.conf	5 years ago
Mart124	ef394b3cf0	Update jail.conf	5 years ago
sebres	24d1ea9aa2	Merge branch '0.10' into 0.11	5 years ago
Sergey G. Brester	e4c2f303bd	Merge pull request #2550 from CPbN/centreonjail Add Centreon jail	5 years ago
sebres	0e8a8edb5e	filter.d/sendmail-*.conf: both filters have same `__prefix_line` now (and same RE for ID, 14-20 chars long, optional) + adjusted test cases (gh-2563)	5 years ago
Henry van Megen	548e2e0054	sendmail-auth.conf: filter updated for longer mail IDs (up to 20, see gh-2562)	5 years ago
sebres	5cf064a112	monit: accepting both logpath's: monit and monit.log, closes gh-2495	5 years ago
CPbN	9e699646f8	Add Centreon jail	5 years ago
CPbN	18ba714f97	Add Centreon jail	5 years ago
sebres	3515d06979	Merge branch '0.10' into 0.11	5 years ago
sebres	85ec605358	nftables: amend to gh-2254 - implemented shutdown of action (proper clean-up) - at stop it checks now the last set was deleted and removes table completely (if table does not contain any set); this is avoided if some sets were added manually or can be avoided via overwriting of parameter `_nft_shutdown_table`, for example: banaction = nftables[_nft_shutdown_table=''][...]	5 years ago
sebres	51af193402	nftables: add options allowing to specify own table (default `f2b-table`) and chain (default `f2b-chain`)	5 years ago
sebres	955d690e56	regrouping expressions with curly braces, added more escapes (better handling in posix shell)	5 years ago
sebres	0824ad0d73	Merge branch '0.10' into 0.11	5 years ago
Sergey G. Brester	54298fe761	Merge pull request #2254 Nftables: isolate fail2ban rules into a dedicated table and chain	5 years ago
sebres	d1a73d3004	filter.d/apache-auth.conf: - ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548); - extended with option `mode` - `normal` (default) and `aggressive` close gh-2548	5 years ago
sebres	8c6a547215	Merge branch '0.10' into 0.11	5 years ago
sebres	50595b70fd	filter.d/mysqld-auth.conf: ISO timestamp format (dual time) within log message (https://serverfault.com/questions/982126/fail2ban-fails-to-recognize-ip)	5 years ago
sebres	9e28b6c65f	filter.d/asterisk.conf: relaxing protocol RE-part before IP in RemoteAddress (gh-2531)	5 years ago
sebres	8ea00c1d5d	fixed mistake in config (semicolon after space as comment in configs?) and coverage, suppress errors by unsupported flush, better space handling in helper _nft_get_handle_id, etc	5 years ago
sebres	492205d30e	action.d/nftables.conf: implemented `actionflush` (allows flushing nftables sets resp. fast unban of all jail tickets at all)	5 years ago
sebres	abc4d9fe37	allow to use multiple protocols in multiport (single set with multiple rules in chain): `banaction = nftables[type=multiport]` with `protocol="tcp,udp,sctp"` in jail replace 3 separate actions. more robust if deleting multiple references to set (rules in chain)	5 years ago
sebres	c753ffb11d	combine nftables actions to single action: - nftables-common is removed - nftables-allports is obsolete, replaced by nftables[type=allports] - nftables-multiport is obsolete, replaced by nftables[type=multiport]	5 years ago
sebres	c59d49da22	nftables-allports: support multiple protocols in single rule; tests/servertestcase.py: added coverage for nftables actions	5 years ago
Ririsoft	dde51b4682	fix actionban/unban ip definition syntax	5 years ago
Monson Shao	1cda50ce05	Rewrite nftables variables based on nftables' logic. Add an example for redirecting.	5 years ago
sebres	990c410877	Merge branch '0.10' into 0.11 # Conflicts (resolved): # fail2ban/client/jailreader.py	5 years ago

1 2 3 4 5 ...

1775 Commits (8c4d02403b4768fb1a76372a7a462fc903c2711e)