github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,227 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

4227 Commits (8e6b4346dc505ad4a279bb98c75ce7f2d5cf3a1d)

Author SHA1 Message Date
Yaroslav Halchenko ab2c738b43 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban 
* 'dovecot' of https://github.com/grooverdan/fail2ban:
  TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
  ENH: dovecot regexs rewritten and extra failures

Conflicts:
	ChangeLog -- merged entries
 2013-06-14 12:14:40 -04:00
Daniel Black 8cc13b5b40 BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address 2013-06-14 18:12:53 +10:00
Daniel Black a433a8ea5f ENH: readibility thanks to Yaroslav 2013-06-14 15:21:50 +10:00
Yaroslav Halchenko 948be73115 Merge branch 'assp' of https://github.com/grooverdan/fail2ban 
* 'assp' of https://github.com/grooverdan/fail2ban:
  BF: missed a space
  BF: [SSL-out] is optional in assp
  ENH: regex hardening on assp

Conflicts:
	ChangeLog -- merged the two entries into 1
 2013-06-13 23:32:45 -04:00
Yaroslav Halchenko 77044fce35 DOC: Changelog for fail2ban-regex RF 2013-06-13 23:21:48 -04:00
Yaroslav Halchenko 9b351350dd DOC: Changelog for asterisk hardening 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko e91419d361 ENH: fail2ban-regex -- add specification of loglevels to enable 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko ffe381d91c RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko 97f9cfc0b0 ENH: 'heavydebug' level == 5 for even more debugging in tricky cases 
I mocked logging library directly -- seems to be Ok.
 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko 09302c5c25 ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[ 
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
 2013-06-13 23:15:48 -04:00
Daniel Black 7018d81244 BF: missed a space 2013-06-14 12:35:44 +10:00
Daniel Black a447aa615d BF: [SSL-out] is optional in assp 2013-06-14 12:27:35 +10:00
Daniel Black d4940563d3 ENH: regex hardening on assp 2013-06-14 08:55:25 +10:00
Daniel Black 6a09ecff5c ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal . 2013-06-14 08:41:50 +10:00
Daniel Black e8b6acfa65 TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15 2013-06-14 00:53:03 +10:00
Daniel Black 9940cd1b6b ENH: proftpd chan accept usernames with spaces 2013-06-14 00:29:43 +10:00
Daniel Black 2e2ec5d1f5 ENH: injection of fail data into USER field 2013-06-14 00:17:41 +10:00
Daniel Black dbe7ffe050 ENH: dovecot regexs rewritten and extra failures 2013-06-13 23:52:15 +10:00
Daniel Black 4c67a269bf ENH: proftp regex hardening and log messages 2013-06-13 22:11:05 +10:00
Daniel Black 3e3802512a ENH/BF: exim improvements with sample 2013-06-13 17:44:18 +10:00
Daniel Black 88b4598ed8 BF: fix to proxy port in 3proxy example 2013-06-13 14:43:15 +10:00
Yaroslav Halchenko f6cb981fc0 Merge commit '0.8.10-1-g460e09a' into 0.9 
* commit '0.8.10-1-g460e09a':
  it was not the end of the world and we should continue
  DOC: add information on where to report vulnerabilities + pointer to HOWTO_Seek_Help
  Changes for 0.8.10 release (changelog, version, etc)
  BF: anchor apache- filters.  Close #248
  DOC: credits for gh-244
  Filter Asterisk: Add sample log entry to testcase.
  Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
  ENH: purge a few more .*
  DOC: credits
  DOC: how to do filter enhancements
  TST: normalize logs to use example.com and 1.2.3.4 as IP
  ENH/BF: constrain regex. Fix ACL error regex
  ENH: port optional
  Update asterisk
  Update asterisk.conf

Conflicts:
	ChangeLog
	DEVELOP
	README.md
	fail2ban/version.py
 2013-06-12 21:30:47 -04:00
Yaroslav Halchenko 460e09af66 it was not the end of the world and we should continue 2013-06-12 21:22:26 -04:00
Daniel Black 9dbaec0894 ENH: sample log + more specific regex 2013-06-13 10:23:14 +10:00
Daniel Black 8faf84b7f7 BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon 2013-06-13 08:34:10 +10:00
Yaroslav Halchenko 921d9a8e4b DOC: add information on where to report vulnerabilities + pointer to HOWTO_Seek_Help 
originally following command was used to add header to all config files:

  sed -ie '/# Author/ i\# Please report vulnerabilities to fail2ban-vulnerabilities at lists dot sourceforge dot net\n# and see http://www.fail2ban.org/wiki/index.php/HOWTO_Seek_Help for generic bug-reports.\n#' action.d/* filter.d/*

but it would be overkill ATM causing havoc in user-tuned configs -- postponed for now

Also adjusted the release date for today (by mistake in 1 commit ... sorry)
 2013-06-12 13:21:12 -04:00
Yaroslav Halchenko 728b5e8bf4 Changes for 0.8.10 release (changelog, version, etc) 2013-06-11 19:20:50 -04:00
Yaroslav Halchenko 6ccd57813c BF: anchor apache- filters. Close #248 
See https://vndh.net/note:fail2ban-089-denial-service for more information
 2013-06-11 19:19:25 -04:00
Daniel Black fd9f9f16e0 BF: need to anchor the start to avoid another repeat of DoS injection like Apache 2013-06-12 08:48:30 +10:00
Daniel Black f2fa4d53a8 ENH: stricter regex thanks to Steven Hiscocks (kwirk) 2013-06-12 08:30:59 +10:00
Daniel Black 16d63434ef DOC: credits 2013-06-11 23:56:09 +10:00
Daniel Black 4787777cee DOC: credits for gh-244 2013-06-11 10:30:56 +10:00
Daniel Black 66d8210f80 Merge pull request #244 from clopez/filter-asterisk 
Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
 2013-06-10 17:28:35 -07:00
Carlos Alberto Lopez Perez 7248ef4564 Filter Asterisk: Add sample log entry to testcase. 
* Sample log entry for AUTH_UNKNOWN_DOMAIN (Not a local domain)
 2013-06-11 02:13:37 +02:00
Carlos Alberto Lopez Perez 47b063b022 Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list 
* I have been seeing bruteforcing attempts where asterisk fails with
   AUTH_UNKNOWN_DOMAIN (Not a local domain)
 2013-06-10 19:50:35 +02:00
JP Espinosa 32b271c36e Update redhat-initd 
- Using `-x` to remove previous socket on start
- Using Should- to wait for iptables and wrappers
 2013-06-03 12:34:47 -04:00
JP Espinosa 3736d7ddbf Rewrite to use native init.d functions 
- There was a bug with the old "getpid" function, when running linux containers you can see multiple fail2ban instances on hardware node and could stop one on a random virtual environment
- Added reload and status options
 2013-06-03 06:29:36 -05:00
Yaroslav Halchenko b53612cb10 Merge pull request #237 from grooverdan/asterisk-227 
Asterisk enhancements
 2013-05-29 18:38:15 -07:00
Daniel Black 05c88bd85d ENH: purge a few more .* 2013-05-30 11:34:04 +10:00
Daniel Black 28fc14d010 DOC: credits 2013-05-30 10:27:30 +10:00
Daniel Black e54498f6fe DOC: how to do filter enhancements 2013-05-30 10:25:03 +10:00
Daniel Black 916b5a7c23 TST: normalize logs to use example.com and 1.2.3.4 as IP 2013-05-30 10:24:48 +10:00
Daniel Black 4cf402d60e ENH/BF: constrain regex. Fix ACL error regex 2013-05-30 10:15:58 +10:00
Daniel Black 0f7b609336 ENH: port optional 2013-05-30 09:43:39 +10:00
Daniel Black 278fd43429 Merge branch 'patch-1' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:39:12 +10:00
Daniel Black eceede175a Merge branch 'patch-4' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:37:00 +10:00
Yaroslav Halchenko 9f9e9a33c6 BF: in 0.9 it is allowed to have multiple same actions with different names -- so use action_name 
+ address RF action._ActionReader__cInfo -> action._initOpts
 2013-05-29 12:38:03 -04:00
Yaroslav Halchenko ea6f3bedb0 BF: DefinitionInitConfigReader has _file, not __file 2013-05-29 12:36:40 -04:00
Yaroslav Halchenko a3161f59fa Merge commit '0.8.9-13-g39d32e0' into 0.9 
* commit '0.8.9-13-g39d32e0':
  Changelog for previous PR
  DOC: Changelog entry fro preceeding merge from Terence
  TST: Fix fail2ban.conf reader test for unreliable dictionary order
  failregex when roundcube log driver is set to 'syslog'
  fixed failregex line for roundcube 0.9+
  TST: test all stock jails to have actions and correctly specifying blocktype
  CFG: assure actions for all the jails
  BF: blocktype must be defined within [Init] -- adding [Init] section.  Close #232
  ENH: since it seems the default is to use file based logging, $syslog is in Should-{Start|Stop} like Debian https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.init
  ENH: opensuse script from opensuse: https://build.opensuse.org/package/view_file?expand=1&file=fail2ban.init&package=fail2ban&project=openSUSE%3AFactory

Conflicts:
	ChangeLog
	config/jail.conf
	testcases/clientreadertestcase.py -- had to "git show XXX | patch -p2" under tests/ 2 commits: 8a57ffd 7a4db4b
 2013-05-29 11:32:35 -04:00
Yaroslav Halchenko 39d32e0352 Changelog for previous PR 2013-05-29 09:56:15 -04:00