github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
2,261 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

499 Commits (93f30fe4f60396aa3936584f5c358a041684ee9d)

Author SHA1 Message Date
Daniel Black ee58696531 DOC: try to encourage jail.local jail.d/*.local a lot more 2013-10-10 09:56:52 +11:00
Daniel Black 6ef33981e3 ENH: new asterisk jail to replace asterisk-(tcp|udp) (now that gh-37 is fixed) 2013-10-10 09:41:05 +11:00
Daniel Black 6b519d54db ENH: filter.d/recidive - replace ignore regex with a negative lookahead assertion 2013-10-10 07:13:37 +11:00
Daniel Black 351eb5ec8f ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd 2013-10-09 16:44:48 +11:00
Daniel Black eb59a57b7f ENH: tighten pam_unix expression for dovecot 2013-10-09 14:54:36 +11:00
Daniel Black 864d2f41b9 ENH: auth-worker as per of _daemon definition for dovecot 2013-10-09 14:52:17 +11:00
Daniel Black 2d1bd54439 Merge pull request #379 from grooverdan/webmin 
ENH: filter.d/webmin anchor at start and use syslog
 2013-10-08 20:13:14 -07:00
Yaroslav Halchenko 500968874e Merge pull request #381 from grooverdan/suhosin 
ENH: filter.d/suhosin - anchor regex at start
 2013-10-08 19:49:51 -07:00
Yaroslav Halchenko a7b1b802e0 Merge pull request #382 from grooverdan/vsftpd 
Vsftpd
 2013-10-08 19:47:38 -07:00
Yaroslav Halchenko f0b91fcede Merge pull request #380 from grooverdan/sogo 
ENH: filter.d/sogo-auth - anchor regex at start
 2013-10-08 19:41:55 -07:00
Daniel Black df313649a4 ENH: escape . in recidive filter 2013-10-09 12:32:06 +11:00
Daniel Black 1a5e17f2a3 BF: use blocktype for iptables-ipset-proto6* 2013-10-09 11:59:16 +11:00
Daniel Black dcb845f17c ENH: add iptables-ipset-proto6-allports for blocking all ports 2013-10-09 11:57:35 +11:00
Daniel Black 2a1d629d88 BF: webmin -> webmin-auth 2013-10-09 11:08:44 +11:00
Daniel Black ab457acc4d BF: fix name in action for uwimap-auth 2013-10-09 11:06:38 +11:00
Daniel Black 0beea03914 ENH: jail.conf example for webmin 2013-10-09 11:05:50 +11:00
Daniel Black d60f470096 ENH: added to dovecot filter. closes gh-325 2013-10-09 10:09:06 +11:00
Daniel Black 46386412a4 ENH: filter.d/vsftpd - pam regex as syslog and anchored at start 2013-10-05 20:02:40 +10:00
Daniel Black 1519712972 ENH: filter.d/vsftpd anchor internal regex at start 2013-10-05 20:02:21 +10:00
Daniel Black 9637c27873 ENH: filter.d/suhosin - anchor regex at start 2013-10-05 19:39:39 +10:00
Daniel Black 13bcc9aa84 ENH: filter.d/sogo-auth - anchor regex at start 2013-10-05 19:27:07 +10:00
Daniel Black b64bf3fa7b ENH: filter.d/webmin anchor at start and use syslog 2013-10-05 19:18:44 +10:00
Daniel Black f4c7c8f4b3 ENH: sasl - anchor regex at start 2013-10-05 18:59:41 +10:00
Daniel Black 23dd734aa9 Merge pull request #366 from grooverdan/dovecot 
ENH: dovecot regex to match failure reported by Bob Cohen on mailing lis...
 2013-10-01 15:50:39 -07:00
Daniel Black f998e01590 Merge pull request #359 from grooverdan/pureftpd 
ENH: Pureftpd syslog prefixing and filter achoring
 2013-10-01 15:14:33 -07:00
Daniel Black ba8183b116 Merge pull request #372 from grooverdan/uw-imap 
ENH: filter.d/uwimap-auth added. Closes #18
 2013-10-01 15:13:11 -07:00
Daniel Black 262616f7a7 ENH: filter.d/uwimap-auth - failure of an admin override to regex 2013-10-01 22:32:57 +10:00
Daniel Black 9211179d30 ENH: filter.d/uwimap-auth - add "disabled" to regex 2013-10-01 22:10:33 +10:00
Daniel Black 4649cf9608 ENH: separate selinux and selinux-ssh 2013-10-01 20:21:45 +10:00
Daniel Black 791183b639 ENH: filter.d/uwimap-auth - add SYSTEM BREAK-IN ATTEMPT 2013-10-01 10:10:53 +10:00
Daniel Black a1eaa5f755 ENH: filter.d/selinxu added. Closes #296 2013-10-01 09:59:15 +10:00
Daniel Black 778f09debe DOC/ENH: __md5hex regex defination to common.conf. Document debian bug # 2013-10-01 09:03:33 +10:00
Daniel Black b3b62d65bf ENH: filter.d/uwimap-auth added. Closes #18 2013-09-29 18:06:27 +10:00
Daniel Black f2ae20a3b8 BF: filter.d/sshd group on md5hex and () for serial needed to be escaped 2013-09-29 17:44:45 +10:00
Daniel Black 1eeb6e94bd BF: fix regex for openssh-6.3 2013-09-29 17:28:33 +10:00
Daniel Black e12d389c65 MRG/DOC: jail.conf resolution, ChangeLog fixes 2013-09-29 08:21:13 +10:00
Mark McKinstry b6bf26c9f2 dont' need to set a default name 2013-09-25 18:37:22 -04:00
Mark McKinstry 4187e87b69 don't enabel ssh-apf jail by default 2013-09-25 18:35:09 -04:00
Mark McKinstry f9f4d2728f add an example jail for apf action and ssh filter 2013-09-25 17:59:37 -04:00
Mark McKinstry 2668adc896 Merge branch 'master' of github.com:fail2ban/fail2ban 2013-09-25 17:54:38 -04:00
Mark McKinstry 1af4543aca ability to name the jail that banned the IP with apf 2013-09-25 17:52:34 -04:00
Mark McKinstry dd9ee4c39a quotes around the comment put in apf's deny_hosts.rules file 2013-09-25 17:51:25 -04:00
Mark McKinstry e64493c328 use human readable/longer options when banning and un-banning IPs with apf 2013-09-25 16:44:10 -04:00
Mark McKinstry c692912a82 don't hardcode absolute path for apf firewall 2013-09-25 16:38:45 -04:00
Mark McKinstry 66aff43d68 remove un-needed '$' line 2013-09-25 16:37:58 -04:00
Daniel Black 8c2a5612ed DOC: resolve ChangeLog conflicts 2013-09-19 19:38:28 +10:00
Daniel Black 2a805452c6 DOC: resolve ChangeLog conflicts 2013-09-19 19:28:39 +10:00
Daniel Black 8e9fab9b3c Merge branch 'master' of https://github.com/fail2ban/fail2ban 2013-09-19 19:25:47 +10:00
Daniel Black 3be7dcd701 DOC: resolve ChangeLog conflicts 2013-09-19 19:23:02 +10:00
Daniel Black 89e0520675 ENH: dovecot regex to match failure reported by Bob Cohen on mailing list 2013-09-19 08:25:50 +10:00
Daniel Black c3ee03b9ba BF: fix daemon name typo for filter proftpd 2013-09-18 07:32:26 +10:00
Daniel Black 39ca8837eb TST: pureftpd - syslog therefore use syslog prefixes in filter 2013-09-17 22:24:56 +10:00
Daniel Black 30bb1a77a3 ENH: added syslog prefix to pam-generic filter. Disable regex match for pre 2006 (< 0.99.2.0) versions on linux-pam 2013-09-17 10:50:46 +10:00
Daniel Black ee497ff1cb ENH: filter mysqld-auth can be a is a syslog based service so anchor it using syslog prefix 2013-09-17 07:57:19 +10:00
Daniel Black 13ec9d58c0 ENH: filter gssftpd is a syslog based service so anchor it using syslog prefix 2013-09-17 07:25:23 +10:00
Daniel Black 673cc4d77f ENH: anchor at end of recidive filter 2013-09-16 18:43:56 +10:00
Daniel Black 504111b0b1 ENH: filter.d/recidive - anchor regex at start and support f2b SYSLOG target 2013-09-16 01:22:42 +10:00
Beau Raines 060bd45295 ENH - Added server name to subject line in email notifications 
This is useful when fail2ban is running on multiple servers and
keeping the notifictions separate and knowing which machine is "under
attack".
 2013-09-08 15:21:58 -07:00
Daniel Black ad291d7e38 Merge pull request #346 from grooverdan/bsd-ipfw-default-unreach-port 
BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp ...
 2013-09-04 16:18:19 -07:00
Daniel Black e5f1a7f050 Merge pull request #344 from grooverdan/osx 
ENH: OSX ipfw based on Andy Fragen's work
 2013-09-04 16:16:16 -07:00
Daniel Black 4face1f3e7 MRG: resolve conficts in action.d/osx-ipfw design 2013-09-05 09:07:10 +10:00
Andy Fragen d258a51a23 after some research it looks like setting to unreachable better than deny 2013-09-04 11:28:03 -07:00
Andy Fragen fe557e5900 more specific actionunban 2013-09-01 13:09:51 -07:00
Andy Fragen a4884f82cd add mods from grooverdan and fix actionunban 
actionunban still not working in grooverdan's mod. I made this one grep both <ip> and <port>. It should be more specific if the same <ip> is banned on multiple ports.
 2013-08-31 08:39:19 -07:00
Daniel Black 6b0e2289d4 Merge pull request #335 from grooverdan/gh-333-bind 
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
 2013-08-30 21:34:22 -07:00
Daniel Black f2bcf84893 BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp rejecting blocked packets 2013-08-31 11:40:04 +10:00
Daniel Black 749f215089 ENH: port optional 2013-08-31 11:07:15 +10:00
Daniel Black 8b22fa15b5 BF: reverted to simplier random rulenum. If your machine is handling 1000s of block the addition complexity isnt what you want 2013-08-31 11:03:01 +10:00
Daniel Black b31799a322 ENH: add action.d/osx-afctl anonymously contributed on f2b wiki 2013-08-31 10:51:04 +10:00
Daniel Black 808aa1a792 ENH: added jail.conf example. closes gh-340 2013-08-31 09:39:21 +10:00
Daniel Black 5741348f45 ENH: more options and ruggedness to prevent unintensional consequences 2013-08-31 09:38:18 +10:00
Daniel Black 52bd0f86a8 Merge branch 'osx-ipfw' of https://github.com/afragen/fail2ban into osx 2013-08-31 09:09:04 +10:00
Daniel Black 7cc3e8a8c0 BF: Invert expression on actionstop in bsd-ipfw.conf to ensure exit status 0 on success. Closes gh-343 2013-08-31 08:59:02 +10:00
Daniel Black 15f2f38972 ENH: anchor regex at start 2013-08-28 12:32:40 +10:00
Daniel Black d5684a0834 BF: filter.d/routecube-auth - time offset can be positive or negative 2013-08-28 11:57:38 +10:00
Daniel Black a401d11644 ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied 2013-08-28 00:53:08 +10:00
Andy Fragen ef504c869f added osx specific ipfw action with random rulenum 2013-08-26 16:06:23 -07:00
Yaroslav Halchenko 265a85ec1f RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis 2013-08-26 09:48:56 -04:00
Daniel Black b8e7d0b867 ENH: further tighten lighttpd basic auth regex 2013-08-26 08:51:40 +10:00
Daniel Black a7ebb84a7d ENH: tighted up lighttpd regex 2013-08-26 08:42:45 +10:00
François Boulogne e133b9f1d1 MAINT: add support for lightty1.4.31 2013-08-25 21:29:43 +02:00
Daniel Black ca4729e943 ENH: filter.d/exim.conf - add authentication failures for "plain" authentication 2013-08-25 23:02:10 +10:00
Daniel Black ef903db3c9 ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333 2013-08-25 22:44:30 +10:00
Daniel Black cfb7dba268 DOC: merge ChangeLog 2013-08-25 21:26:13 +10:00
Daniel Black b589533d69 Merge branch 'master' into kwirk-merge 
Conflicts:
	ChangeLog
	testcases/files/logs/dropbear
 2013-08-25 21:21:14 +10:00
Daniel Black fd7cc5bda7 BF: duplicate regex match fixed 2013-08-25 21:13:11 +10:00
Daniel Black 6a56727669 BF: apache-common regex - datetime could be entirely consumed 2013-08-25 18:30:30 +10:00
Daniel Black a9eb8a76c6 merge of change log and apache-auth differences 2013-08-25 16:51:35 +10:00
Steven Hiscocks 4e5feed7fc Merge pull request #8 from grooverdan/gh-303-merge-2 
training space on wuftp
 2013-08-21 12:21:09 -07:00
Daniel Black aad7d08451 BF: disable filter expressions without tests 2013-08-20 07:33:35 +10:00
Yaroslav Halchenko 42f3aa9f62 Merge pull request #329 from grooverdan/bind-unauth-zonetransfer 
Bind unauth zonetransfer.  Closes #323
 2013-08-19 06:48:13 -07:00
Daniel Black 6a36ff1a4a BF: order mailx arguments with dest email address last - redhat bugzilla 998020. Closes gh-328 2013-08-19 22:36:58 +10:00
Daniel Black c44328b1a3 ENH: new "realm mismatch" message from https://issues.apache.org/bugzilla/show_bug.cgi?id=55284#c8 2013-08-19 22:04:55 +10:00
Daniel Black ea7cba4205 ENH: trailing space as per discussion on gh-303 2013-08-19 21:42:43 +10:00
Daniel Black 61d43608ae ENH: filter.d/postfix - add filter for VRFY. Closes gh-322 2013-08-19 18:42:39 +10:00
Daniel Black 5d451bc4d6 ENH: add refused zone tranfer to named-refused filter. closes #323 2013-08-18 22:19:31 +10:00
Steven Hiscocks 53e16e07ad ENH: Minor tweak on previous commit proftpd regex changes 2013-08-09 19:04:26 +01:00
Steven Hiscocks 9002de069e ENH: Improve proftpd regex. 
Taken from @yarikoptic comment:
https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500
 2013-08-09 18:54:08 +01:00
Orion Poplawski 31a78b2711 Use /var/run/fail2ban in config/action.d/dummy.conf 2013-08-08 20:41:44 -06:00
Yaroslav Halchenko e7d5e466b9 Merge branch 'enh/asterisk_and_dropbear_filters' 
* enh/asterisk_and_dropbear_filters:
  ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
  minor: consistent indentation in dropbear.conf
  https://github.com/fail2ban/fail2ban/issues/306
  fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
 2013-08-08 09:59:24 -04:00