e6ebcf6687
Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
...
* 'dovecot' of https://github.com/grooverdan/fail2ban :
ENH: remove non-capturing groups for readibility
BF: fix dovecot filter for when no TLS is enabled on pop/imap
Conflicts:
ChangeLog -- changelog entries. Also untabified few other spots
2013-07-02 10:12:51 -04:00
f0f237fa05
Merge pull request #269 from grooverdan/asterisk
...
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
2013-07-02 07:04:10 -07:00
e6823149a1
ENH: remove non-capturing groups for readibility
2013-07-02 20:16:43 +10:00
aebd24ec54
BF: replace with ed so its cross platform, fixes permission problem gh-266, and Yaroslav doesn't revert to perl
2013-07-02 20:09:27 +10:00
4777cfd4e7
ENH: split out exim-spam into speparate filter
2013-07-02 20:03:16 +10:00
ca996ace5e
ENH: remove temporary failures from local_scan in line with comments in gh-258
2013-07-01 21:56:02 +10:00
9757e1df2b
ENH: make groupings non-capturing
2013-07-01 21:53:05 +10:00
72f9e6a51e
ENH/TST: more samples and rejection types for sender verify fail and rejected RCPT
2013-07-01 21:50:35 +10:00
3b76fc79f9
BF: fix dovecot filter for when no TLS is enabled on pop/imap
2013-07-01 21:12:51 +10:00
0086a7edab
ENH: missed a $
2013-06-29 11:30:37 +10:00
1b170b2aef
BF: support apache 2.4 more detailed error log format. Close #268
2013-06-28 09:49:36 -04:00
6d331bcbea
BF: make colon after [daemon] optional. Close #267
2013-06-27 11:44:47 -04:00
fa7a105483
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
2013-06-27 09:16:14 +10:00
25c3bbfc2f
DOC: credits/blame to me for changes to exim
2013-06-16 00:25:24 +10:00
b8cfda68b8
ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries
2013-06-16 00:19:37 +10:00
d441d61a1e
TST/ENH: Improve regex around exim
...
rejected by local_scan now has test cases.
Unrouteable address error messages now normalised after looking into
exim code.
2013-06-15 12:34:16 +10:00
9d4b613ee4
Merge branch '3proxy' of https://github.com/grooverdan/fail2ban
...
* '3proxy' of https://github.com/grooverdan/fail2ban :
BF: fix to proxy port in 3proxy example
ENH: sample log + more specific regex
BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
BF: need to anchor the start to avoid another repeat of DoS injection like Apache
ENH: stricter regex thanks to Steven Hiscocks (kwirk)
DOC: credits
Conflicts:
ChangeLog
2013-06-14 12:32:51 -04:00
173fe48e77
Merge branch 'exim' of https://github.com/grooverdan/fail2ban
...
* 'exim' of https://github.com/grooverdan/fail2ban :
BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
ENH: readibility thanks to Yaroslav
ENH/BF: exim improvements with sample
Conflicts:
ChangeLog
2013-06-14 12:28:07 -04:00
ec629ab4e8
Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban
...
* 'proftpd' of https://github.com/grooverdan/fail2ban :
ENH: proftpd chan accept usernames with spaces
ENH: injection of fail data into USER field
ENH: proftp regex hardening and log messages
Conflicts:
ChangeLog
2013-06-14 12:16:59 -04:00
ab2c738b43
Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
...
* 'dovecot' of https://github.com/grooverdan/fail2ban :
TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
ENH: dovecot regexs rewritten and extra failures
Conflicts:
ChangeLog -- merged entries
2013-06-14 12:14:40 -04:00
8cc13b5b40
BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
2013-06-14 18:12:53 +10:00
a433a8ea5f
ENH: readibility thanks to Yaroslav
2013-06-14 15:21:50 +10:00
948be73115
Merge branch 'assp' of https://github.com/grooverdan/fail2ban
...
* 'assp' of https://github.com/grooverdan/fail2ban :
BF: missed a space
BF: [SSL-out] is optional in assp
ENH: regex hardening on assp
Conflicts:
ChangeLog -- merged the two entries into 1
2013-06-13 23:32:45 -04:00
09302c5c25
ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
...
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
2013-06-13 23:15:48 -04:00
7018d81244
BF: missed a space
2013-06-14 12:35:44 +10:00
a447aa615d
BF: [SSL-out] is optional in assp
2013-06-14 12:27:35 +10:00
d4940563d3
ENH: regex hardening on assp
2013-06-14 08:55:25 +10:00
6a09ecff5c
ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
2013-06-14 08:41:50 +10:00
9940cd1b6b
ENH: proftpd chan accept usernames with spaces
2013-06-14 00:29:43 +10:00
dbe7ffe050
ENH: dovecot regexs rewritten and extra failures
2013-06-13 23:52:15 +10:00
4c67a269bf
ENH: proftp regex hardening and log messages
2013-06-13 22:11:05 +10:00
3e3802512a
ENH/BF: exim improvements with sample
2013-06-13 17:44:18 +10:00
88b4598ed8
BF: fix to proxy port in 3proxy example
2013-06-13 14:43:15 +10:00
9dbaec0894
ENH: sample log + more specific regex
2013-06-13 10:23:14 +10:00
8faf84b7f7
BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
2013-06-13 08:34:10 +10:00
6ccd57813c
BF: anchor apache- filters. Close #248
...
See https://vndh.net/note:fail2ban-089-denial-service for more information
2013-06-11 19:19:25 -04:00
fd9f9f16e0
BF: need to anchor the start to avoid another repeat of DoS injection like Apache
2013-06-12 08:48:30 +10:00
f2fa4d53a8
ENH: stricter regex thanks to Steven Hiscocks (kwirk)
2013-06-12 08:30:59 +10:00
16d63434ef
DOC: credits
2013-06-11 23:56:09 +10:00
47b063b022
Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
...
* I have been seeing bruteforcing attempts where asterisk fails with
AUTH_UNKNOWN_DOMAIN (Not a local domain)
2013-06-10 19:50:35 +02:00
05c88bd85d
ENH: purge a few more .*
2013-05-30 11:34:04 +10:00
4cf402d60e
ENH/BF: constrain regex. Fix ACL error regex
2013-05-30 10:15:58 +10:00
0f7b609336
ENH: port optional
2013-05-30 09:43:39 +10:00
278fd43429
Merge branch 'patch-1' of https://github.com/silviogarbes/fail2ban into asterisk-227
2013-05-30 09:39:12 +10:00
244a96f9b3
fixed failregex line for roundcube 0.9+
...
# Only works only if log driver: is set to 'syslog'. this is becoz fail2ban fails to 'read' the line due to the
brackets around the date timestamp on logline when log driver is set to file
2013-05-25 19:26:13 +02:00
d2b1c73b92
CFG: assure actions for all the jails
2013-05-24 14:33:08 -04:00
89e06bba15
BF: blocktype must be defined within [Init] -- adding [Init] section. Close #232
2013-05-24 11:15:46 -04:00
5c8fb68a2c
Update asterisk.conf
...
Para ficar compatível com asterisk 11
2013-05-14 08:04:11 -03:00
90b8433ac5
DOC: inline commends with ';' are in effect only if ';' follows as space
2013-05-12 21:42:59 -04:00
2b1e19933f
Merge branch 'master' of git://github.com/fail2ban/fail2ban
...
* 'master' of git://github.com/fail2ban/fail2ban:
BF: missed MANIFEST include
DOC: credits for bsd-ipfw
ENH: add ipfw rule for bsd using the tables.
2013-05-08 10:32:18 -04:00
976a65bb89
Merge branch 'bsd_logs' of https://github.com/grooverdan/fail2ban
...
* 'bsd_logs' of https://github.com/grooverdan/fail2ban :
ENH: separate out regex and escape a .
BF: missed MANIFEST include
DOC: credits for bsd log
DOC: bsd syslog files thanks to Nick Hilliard
BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD
Conflicts:
config/filter.d/common.conf
2013-05-08 10:30:04 -04:00
5accc10a47
Merge pull request #206 from grooverdan/bsd_ipfw
...
NF: BSD ipfw
2013-05-08 07:24:56 -07:00
0ae49ab11e
Merge branch 'bsd_pf' of https://github.com/grooverdan/fail2ban
...
* 'bsd_pf' of https://github.com/grooverdan/fail2ban :
BF: missed MANIFEST include
DOC: add jail.conf entry for pf
DOC: credit for pf action. Origin: http://svnweb.freebsd.org/ports/head/security/py-fail2ban/files/patch-pf.conf?view=log
ENH: pf action thanks to Nick Hilliard <nick@foobar.org>.
Conflicts:
ChangeLog
2013-05-08 10:24:01 -04:00
e85914cef8
Merge pull request #215 from grooverdan/reject_no_drop_by_default
...
ENH: add blocktype to all relevant actions and change default action to reject
2013-05-08 07:20:14 -07:00
9c03ee6d9e
ENH: consolidate where blocktype is defined for iptables rules
2013-05-08 07:52:08 +10:00
c7fd777966
BF: default type to unreachable
2013-05-08 07:31:31 +10:00
de56347619
ENH: separate out regex and escape a .
2013-05-08 06:32:27 +10:00
e7cb0f8b8c
ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
2013-05-07 12:22:49 -04:00
2143cdff39
Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups
...
Origin: from https://github.com/jamesstout/fail2ban
* 'OpenSolaris' of https://github.com/jamesstout/fail2ban :
ENH: Removed unused log line
BF: fail2ban.local needs section headers
ENH: Use .local config files for logtarget and jail
ENH+TST: ssh failure messages for OpenSolaris and OS X
ENH: fail message matching for OpenSolaris and OS X
ENH: extra daemon info regex
ENH: actionunban back to a sed command
Readme for config on Solaris
create socket/pid dir if needed
Extra patterns for Solaris
change sed to perl for Solaris
Conflicts:
config/filter.d/sshd.conf
2013-05-06 11:11:12 -04:00
822a01018f
Merge pull request #205 from grooverdan/bsd_ssh
...
BSD ssh improvements (casing, msg)
2013-05-06 07:54:58 -07:00
3b4a7b7926
ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
2013-05-05 15:43:18 +10:00
aa52743f52
DOC: add jail.conf entry for pf
2013-05-03 16:42:10 +10:00
0c5a9c53e1
ENH: pf action thanks to Nick Hilliard <nick@foobar.org>.
2013-05-03 16:34:54 +10:00
b6d0e8ad9c
ENH: add ipfw rule for bsd using the tables.
2013-05-03 16:31:45 +10:00
40c56b10a0
EHN: enhance sshd filter for bsd.
2013-05-03 16:17:35 +10:00
b3bd877d23
BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD
2013-05-03 16:12:13 +10:00
495f2dd877
DOC: purge of svn tags
2013-05-03 16:03:38 +10:00
89adcd7ff7
Merge branch PR #193 ASSP SMTP Proxy support (with some manual squashing)
...
Origin: https://github.com/lenrico/fail2ban
Squashing was done via rebase -i 1524b076d6
2013-05-03 00:57:49 -04:00
36b0d78ff8
tight control of the filter for ASSP
2013-05-03 00:56:53 -04:00
07aee8cd33
as daniel desires
2013-05-03 00:56:53 -04:00
24a8d07c20
added new date format support for ASSP SMTP Proxy
2013-05-03 00:56:46 -04:00
3367dbd987
ENH: fail message matching for OpenSolaris and OS X
...
- OpenSolaris keyboard message matched by new regex 3
- Removed Bye Bye regex per
https://github.com/fail2ban/fail2ban/issues/175#issuecomment-16538036
- PAM auth failure or error and first char case-insensitive, can also
have chars after the hostname. e.g.
Apr 29 16:53:38 Jamess-iMac.local sshd[47831]: error: PAM:
authentication error for james from 205.186.180.101 via 192.168.1.201
2013-04-30 04:23:13 +08:00
d2a9537568
ENH: extra daemon info regex
...
for matching log lines like:
Mar 29 05:20:09 dusky sshd[19558]: [ID 800047 auth.info] Failed
keyboard-interactive for james from 205.186.180.30 port 54520 ssh2
this matches [ID 800047 auth.info]
2013-04-30 04:14:36 +08:00
b7795addd0
ENH: actionunban back to a sed command
...
per https://github.com/fail2ban/fail2ban/pull/182#discussion_r3999128
2013-04-30 04:10:32 +08:00
945ad3d9e6
BF: ensure dates in email are in the C locale. Thanks iGeorgeX
2013-04-29 14:10:23 +10:00
0ac8746d05
ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458
2013-04-28 11:03:44 +10:00
22f04677b6
BF: usedns deals with forward (not reverse) DNS lookups (thanks Steven Hiscocks)
2013-04-23 13:56:51 -04:00
10fcfb925d
Extra patterns for Solaris
2013-04-21 07:30:21 +08:00
de98e3dabd
change sed to perl for Solaris
2013-04-21 07:29:48 +08:00
41b9f7b6ac
BF: filter.d/sshd "Did not receive identification string" relates to an exploit so document this in sshd-ddos.conf but leave it out of authentication based blocks in sshd.conf
2013-04-18 04:38:03 +10:00
32d10e904a
ENH: more openssh fail messages from openssh source code (CVS 20121205)
2013-04-17 00:03:36 +10:00
59192a5585
Merge remote-tracking branch 'github_kwirk_fail2ban/pidfile'
...
* github_kwirk_fail2ban/pidfile:
Typo in default pidfile in fail2ban.conf
2013-04-09 23:48:46 -04:00
99a5d78e37
ENH: for consistency (and future expansion ;)) -- rename to mysqld-auth
2013-04-09 18:03:34 -04:00
ffaa9697ee
Adjusting previous PR (MySQL logs) according to my comments
2013-04-09 18:00:40 -04:00
3e6be243bf
Merge branch 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban
...
* 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban :
Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
Added support for MySQL logfiles
Conflicts:
testcases/datedetectortestcase.py -- conflictde with other added test cases
2013-04-09 17:55:14 -04:00
72b06479a5
ENH: Slight tune ups for fresh SOGo filter + comment into the sample log file
2013-03-27 11:09:54 -04:00
105306e1a8
Merge remote-tracking branch 'pr/117/head' -- SOGo filters
...
* pr/117/head:
An example of failed logins against sogo
Update sogo-auth.conf
Update config/filter.d/sogo-auth.conf
Create sogo-auth.conf
Update config/jail.conf
2013-03-27 11:09:35 -04:00
91d5736c12
ENH: postfix filter -- react also on (450 4.7.1) with empty from/to. fixes #126
2013-03-26 09:40:04 -04:00
bba3fd8568
Update sogo-auth.conf
...
included hint by user yarikoptic
2013-03-25 08:43:13 +01:00
29d0df58be
Added support for MySQL logfiles
2013-03-24 16:52:58 +02:00
67544d1dd6
DOC: tags are documented in the jail.conf(5) man page
2013-03-17 10:52:49 +11:00
5e5eaaf838
Merge pull request #134 from grooverdan/misc-fixes
...
BF: fail2ban client can't handle multi word setcinfo or action[*] values
2013-03-10 18:01:17 -07:00
a2b29b4875
Fixed typos
2013-03-10 22:05:33 +00:00
a0f088be25
ENH: typo + head -1 has been deprecated for 10+ years.
2013-03-10 16:28:45 +11:00
a8bd9c20a0
Merge branch 'master' of git://github.com/fail2ban/fail2ban
...
* 'master' of git://github.com/fail2ban/fail2ban:
add blocking type
add example jail.conf for blocking through blackhole routes for ssh
add support for blocking through blackhole routes
2013-02-18 23:12:06 -05:00
d5ae28facf
Merge pull request #104 from gebi/t/route
...
add support for blocking through blackhole routes
2013-02-18 08:01:34 -08:00
294f073741
Typo in default pidfile in fail2ban.conf
2013-02-17 22:42:24 +00:00
ce3ab34dd8
Added ability to specify PID file
2013-02-17 22:14:01 +00:00
47b1ee39d8
add blocking type
2013-02-17 12:44:15 +11:00
8cf006827e
BF: remove path from grep call in sendmail-whois-lines.conf Closes: gh-118
2013-02-12 08:48:05 -05:00
6cd358ee95
Update config/filter.d/sogo-auth.conf
...
Comment line in the top altered to fit file name. My local file was named differently...
2013-02-12 10:45:37 +01:00
35bf84abad
Create sogo-auth.conf
...
Regexp works with SOGo 2.0.5 or newer, following new feature implemented here: http://www.sogo.nu/bugs/view.php?id=2229
2013-02-11 08:19:48 -08:00
52f952e645
Update config/jail.conf
...
Update to use the new sogo-auth filter
2013-02-11 17:14:29 +01:00
5f2d3832f7
NF: roundcube-auth filter (to close Debian #699442 , needing debian/jail.conf section)
2013-01-31 14:41:34 -05:00
bb7628591c
Update config/filter.d/sshd.conf
...
Do not trigger sshd bans on pam_unix authentication failures, this will trigger on successful logins on systems that use non-pam_unix authentication (sssd, ldap, etc.).
2013-01-18 14:44:49 -07:00
9a39292813
ENH: Added login authenticator failed regexp for exim filter
2013-01-04 15:23:05 -05:00
b3d8ba146b
DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed ( Closes : #697333 )
2013-01-04 15:23:05 -05:00
03433f79cd
add example jail.conf for blocking through blackhole routes for ssh
2013-01-04 16:09:04 +01:00
f9b78ba927
add support for blocking through blackhole routes
2013-01-03 18:46:31 +01:00
da0ba8ab4c
ENH: add example jail for ipset
2012-12-31 14:38:51 +11:00
9221886df6
more documentation and optimisations/fixes based on testing
2012-12-31 14:31:37 +11:00
abd5984234
base ipset support
2012-12-31 14:31:37 +11:00
f336d9f876
Update config/filter.d/webmin-auth.conf
...
Added '\s*$' to the regular expression to match the space written by webmin logs at line-endings
2012-12-13 08:14:49 +01:00
dc67b24270
Update config/filter.d/webmin-auth.conf
...
Added a trailing '.*$' to each regex so they can find expressions in targeted log files.
2012-12-12 23:07:39 +01:00
3969e3f77b
ENH: dovecot.conf - require space(s) before rip/rhost log entry
2012-12-12 09:16:52 -05:00
266cdc29a6
Update config/filter.d/dovecot.conf
...
even tho not on the fail2ban site..
suggested to not be greedy by yarikoptic
2012-12-11 12:09:28 -05:00
e040c6d8a3
Update config/filter.d/dovecot.conf
...
site actually needs updated because of <HOST> alias
per Notes above.
2012-12-11 03:26:14 -05:00
7ede1e8518
Update config/filter.d/dovecot.conf
...
added failregex line for debian and centos per
http://www.fail2ban.org/wiki/index.php/Talk:Dovecot
2012-12-10 19:17:04 -05:00
fc27e00290
ENH: tune up sshd-ddos to use common.conf and allow training spaces
2012-12-07 15:24:34 -05:00
6ecf4fd80a
Merge pull request #64 from sourcejedi/remove_sshd_rdns
...
Misconfigured DNS should not ban *successful* ssh logins
Per our discussion indeed better (and still as "safe") to not punish users behind bad DNS
2012-11-05 18:20:37 -08:00
95de9c1a97
add support for the APF firewall
2012-10-18 11:17:04 -04:00
282724a7f9
ENH: join both failregex for lighttpd-auth into a single one
...
they are close in meaning
should provide a slight run-time performance benefit
2012-09-30 11:30:24 -04:00
958a1b0a40
Lighttpd: support auth.backend = "htdigest"
2012-09-30 13:27:21 +02:00
2a225aa6ee
Added a warning within "complaint.conf" action about care with enabling it
2012-08-13 23:03:52 -04:00
2082fee7b1
ENH: match possibly present "pam_unix(sshd:auth):" portion for sshd ( Closes : #648020 )
2012-07-31 15:53:41 -04:00
6ad55f64b3
ENH: add wu-ftpd failregex for use against syslog ( Closes : #514239 )
2012-07-31 15:43:13 -04:00
80b191c7fd
BF: anchor chain name in actioncheck's for iptables actions ( Closes : #672228 )
2012-07-31 15:27:05 -04:00
a3b242d6dd
BF: inline comments must use ; not # -- recidive jail
2012-07-31 14:05:42 -04:00
8c38907016
Misconfigured DNS should not ban *successful* ssh logins
...
Noticed while looking at the source (to see the point of ssh-ddos).
POSSIBLE BREAK-IN ATTEMPT - sounds scary? But keep reading
the message. It's not a login failure. It's a warning about
reverse-DNS. The login can still succeed, and if it _does_ fail,
that will be logged as normal.
<exhibit n="1">
Jul 9 05:43:00 brick sshd[18971]: Address 200.41.233.234 maps to host234.advance.com.
ar, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jul 9 05:43:00 brick sshd[18971]: Invalid user html from 200.41.233.234
</exhibit>
The problem (in my mind) is that some users are stuck with bad dns.
The warning won't stop them from logging in. I'm pretty sure they can't
even see it. But when they exceed a threshold number of logins -
which could be all successful logins - fail2ban will trigger.
fail2ban shouldn't adding additional checks to successful logins
- it goes against the name fail2ban :)
- the first X "POSSIBLE BREAK-IN ATTEMPT"s would be permitted anyway
- if you want to ban bad DNS, the right way is PARANOID in /etc/hosts.deny
I've checked the source of OpenSSH, and this will only affect the
reverse-DNS error. (I won't be offended if you want to check
for yourself though ;)
<exhibit n="2">
$ grep -r -h -C1 'ATTEMPT' openssh-5.5p1/
logit("reverse mapping checking getaddrinfo for %.700s "
"[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
return xstrdup(ntop);
--
logit("Address %.100s maps to %.600s, but this does not "
"map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
ntop, name);
$
</exhibit>
2012-07-13 21:41:58 +01:00
b4099dae57
DOC: Adjusted header for config/*.conf to mention .local and way to comment
...
thanks to Stefano Forli for reminding about comments
see Debian Bug#676146
2012-06-04 22:41:28 -04:00
4007751191
ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 ( Closes : #669063 )
2012-04-16 20:36:53 -04:00
7b77beee0e
DOC: comment in jail.conf for the need of multiple jails for asterisk
2012-02-28 12:04:24 -05:00
71a3fb17e2
Merge remote-tracking branch 'gh-magicrhesus/master'
...
* gh-magicrhesus/master:
Add the INCLUDE section to use __pid_re feature
Disable asterisk jail by default
Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
Change NOTICE by NOTICE%(__pid_re)s
Remove custom bantime
Add sample log file for asterisk
Add $ at the end of the failregex
Add asterisk support
Conflicts:
config/jail.conf -- placed asterisk jails before recidive and added blank lines after the jail headers
2012-02-28 12:03:16 -05:00
8c00ce0a65
Add the INCLUDE section to use __pid_re feature
2012-02-28 17:28:06 +01:00
180c17bede
Disable asterisk jail by default
2012-02-27 16:14:18 +01:00
df0e0fdc07
Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
2012-02-21 18:53:44 +01:00
c679a1a588
Change NOTICE by NOTICE%(__pid_re)s
2012-02-21 18:05:53 +01:00
42dd05210a
Added a warning for the recidive jail
2012-02-18 20:15:42 -05:00
d7ca754980
Merge branch 'master' of github.com:magicrhesus/fail2ban
2012-02-15 19:47:04 +01:00
c7613ce311
Remove custom bantime
2012-02-15 18:55:35 +01:00
d98cdb25d6
Add $ at the end of the failregex
2012-02-13 17:11:32 +01:00
25f1e8d98c
BF: allow trailing whitespace in few missing it regexes for sshd.conf
2012-02-10 21:14:51 -05:00
1807be5a8c
ENH: moved jail definition for recidive into jail.conf + swapped/commented durations + non-groupping ?:
...
thanks @cepheid666 for the useful comments
2012-01-26 23:28:44 -05:00
f94a121663
Fix for https://github.com/fail2ban/fail2ban/issues/19
...
Based on previous work as documented in the bug by Amir and myself,
plus some enhancements and documentation added to the file itself rather
than a URL (they rot).
2012-01-26 23:33:01 +01:00
d73a71f5cf
ENH: Add usedns parameter for the jails
...
following commits were squashed from feature branch use_dns
commit 068c105eb5635ed36a8c24656d28127957fbec429f5c7957fbe8216ce9d04640cfb2c75b49f6186eff1482c62d29dcdc0ae21932594e25818c48ff80ffac0bdab4c2d76d6b734ea511ad2b6125b48fa9b6afc429f5c91a4b18afb0021906#3 from yarikoptic/enh/use_dns
let's be consistent ;-)
commit 00219063584b18afb28a4fae37e46fe94806ce484d30c5290776696d452a0631618087d23d4955479538553bc5ae1e857e53ace43eb941
2012-01-12 23:23:41 -05:00
7d465f98c1
Add asterisk support
2012-01-11 16:35:40 +01:00
9559fcd3a0
Merge pull request #25 from leeclemens/enh/pyinotify
...
ENH: pyinotify
2012-01-09 18:17:41 -08:00
35201f6690
Merge remote-tracking branch 'gh-keszybz/master'
...
* gh-keszybz/master:
NF: xt_recent-echo action
2012-01-07 20:59:50 -05:00
321670487e
NF: xt_recent-echo action
...
The default configuration can only be run by root. To actually support
running as a different user, the setup action must be disabled.
2012-01-06 00:51:03 +01:00
8a2e26403a
Merge remote-tracking branch 'upstream/master'
2011-12-31 01:57:55 -05:00
4502adfe69
Fix comments to reflect code
...
Commit 638bb6652
2011-12-30 12:41:46 -05:00
e442503133
Added pyinotify backend
2011-12-30 00:18:52 -05:00
4c76fb3b54
ENH: allow trailing white-spaces in lighttpd-auth.conf
...
now catches the one in testcases/files/logs/lighttpd
2011-12-25 10:00:50 -05:00
683d4f269d
modifications suggested by a referee (log ex+regexp)
2011-12-24 22:24:08 +01:00
a7cb20edac
add lighttpd-auth jail
2011-12-24 21:56:38 +01:00
b6d9f795dc
add filter for lighttpd mod_auth failure
2011-12-24 21:51:18 +01:00
9fa54cf233
Add Date: header for sendmail*.conf actions
...
According to rfc2822, Date: headers are not optional.
Added these to all sendmail action templates, format specification
should conform to rfc and be portable across multiple platforms.
2011-11-18 16:52:44 -05:00
a9be451079
ENH: removed expansion for few Date and Revision SVN keywords
...
For consistency of appearance... eventually we might just remove them
altogether
2011-11-18 10:14:39 -05:00
dad91f7969
ENH: sshd.conf -- allow user names to have spaces and trailing spaces in the line
...
absorbed from patches carried by Debian distribution of f2b
2011-11-18 10:07:13 -05:00
ed0bf3ad96
Removed duplicate entry for DataCha0s/2\.0 in badbots ( closes : #519557 )
2011-11-18 09:40:56 -05:00
3152afbdc2
Recognise time-stamped kernel messages
...
e.g.
Sep 25 12:51:04 myhost kernel: [773580.832329] sshd[25557]: Invalid user pgsql from 91.203.223.206
This fixes the sshd filter on Fedora 15, and probably other filters on
other newish distros too.
2011-09-28 12:46:28 -04:00
3eb5e3b876
BF: Allow for trailing spaces in sasl logs
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@783 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-08-07 02:41:08 +00:00
02be7d03b2
BF: use standard/reserved example.com instead of mail.com
...
Adapted from fail2ban-0.8.4-examplemail.patch in Fedora:
http://sophie.zarb.org/sources/fail2ban/fail2ban-0.8.4-examplemail.patch
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@777 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-05-07 03:16:40 +00:00
6d25310e28
ENH: Adding author for dovecot filter and prunning unneeded space in the regexp
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@776 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 21:38:26 +00:00
eab9af9caa
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@775 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:37:19 +00:00
d4b89d8404
BF: Allow for trailing spaces in proftpd logs
...
See http://bugs.debian.org/507986
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@774 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:37:10 +00:00
1cb48bbc96
BF: escaping () in pure-ftpd filter. Thanks Teodor
...
See http://bugs.debian.org/544744
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@773 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:37:00 +00:00
02e7dfb099
BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@772 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:50 +00:00
3831fbf98b
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@771 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:41 +00:00
6558c03f8e
NF: Adding found on a drive filter.d/dovecot.conf
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@770 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:28 +00:00
10faba5163
ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@769 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:17 +00:00
0073ba3838
ENH: dropbear filter: see http://bugs.debian.org/546913
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@768 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:08 +00:00
638bb66523
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
...
It should be robust since /var/run/fail2ban is guaranteed to exist to carry the
socket file, and it will be owned by root (or some other dedicated fail2ban
user) thus avoiding possibility for the exploit
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:35:56 +00:00
7b54c7b33b
spellcheck jail.conf. Thanks Christoph Anton Mitterer
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@766 a942ae1a-1317-0410-a47c-b1dcaea8d605
2010-09-27 13:18:32 +00:00
521631cfcc
default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@765 a942ae1a-1317-0410-a47c-b1dcaea8d605
2010-09-27 13:10:48 +00:00
dabe3aeae1
disabling entirely named-refused-udp jail with a big fat warning
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@761 a942ae1a-1317-0410-a47c-b1dcaea8d605
2010-06-29 01:34:08 +00:00
b91595dd11
Disabled jail lighttpd-fastcgi by default.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@747 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-08-31 13:57:32 +00:00
dde7afe1f3
added two new filter files (PHP url_fopen, lighttpd fastcgi alerts), updated MANIFEST and jail.conf accordingly
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@742 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-08-30 14:17:29 +00:00
55fd21ec4b
- Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@730 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-09 20:27:35 +00:00
abd061bad8
- Changed <HOST> template to be more restrictive. Debian bug #514163 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@728 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-08 17:31:24 +00:00
7fd0300a73
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@727 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-03 22:37:46 +00:00
376f348823
- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log ( closes : #512193 ).
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@726 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-03 21:56:03 +00:00
e86e7d002e
- Added missing semi-colon in the bind9 example. Thanks to Yaroslav Halchenko.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@725 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-03 21:51:32 +00:00
e16c18d091
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@724 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-01-27 23:39:38 +00:00
e46e8ed32e
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@723 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-01-27 23:35:46 +00:00
6cd56802bb
- Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to Russell Odom.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@717 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-13 14:56:54 +00:00
622218271d
- Added svn:keywords property.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@716 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-13 14:38:41 +00:00
bb8e610795
- Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@715 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-13 14:37:25 +00:00
391a38a7a8
- Added new regex. Thanks to Tobias Offermann.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@713 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-10 16:00:10 +00:00
3615c8ec81
- Improved pattern. Thanks to Yaroslav Halchenko.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@707 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-08-12 19:20:02 +00:00
155c4652a4
- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@706 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-07-22 22:29:57 +00:00
9ed39a4387
- Send file if the number of lines is greater or equal and not only equal to the limit.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@701 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-07-16 21:11:42 +00:00
11c8c71014
- Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@699 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-05-21 22:17:00 +00:00
7dde8d6694
- Added svn:keywords.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@684 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-04-07 22:45:37 +00:00
a32f04b0cb
- Added gssftpd filter. Thanks to Kevin Zembower.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@683 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-04-07 22:41:19 +00:00
d9f9a31802
- Added "pam-generic" filter and more configuration fixes. Thanks to Yaroslav Halchenko.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@677 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-10 22:03:34 +00:00
55d6baa66d
- Added svn:keywords
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@668 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 22:37:20 +00:00
e7eaf5c488
- Fixed Debian bug #461426
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@667 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 22:35:09 +00:00
f77057d3dd
- Fixed Debian bug #462060
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@666 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 22:23:41 +00:00
06f8a1a8ca
- Fixed Debian bug #468477
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@665 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 21:53:33 +00:00
ead3e50c97
- Fixed Debian bug #456567
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@664 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 21:47:59 +00:00
6db1212152
- Added revision.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@663 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 21:47:14 +00:00
17e31b167e
- Replaced "reject" with "drop" in shorwall action. Fix #1854875
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@661 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 23:20:10 +00:00
0afa6fb2be
- Replaced "echo" with "printf" in actions. Fix #1839673
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@660 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 23:11:28 +00:00
f0399ca5a4
- Absorbed some Debian patches. Thanks to Yaroslav Halchenko.
...
- Renamed actionend to actionstop.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@658 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 22:41:28 +00:00
174ce7027a
- Fixed fail2ban-regex. It support "includes" in configuration files.
...
- Modified "includes" to be more generic. We will probably support URL in the future.
- Small refactoring.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@656 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 00:17:56 +00:00
e66d9eee41
- Moved socket to /var/run/fail2ban.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@629 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-12-14 21:33:33 +00:00
c40534123c
- Fixed ipfw action script. Thanks to Nick Munger
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@623 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-10-23 22:06:31 +00:00
66063d2731
- Added "full line failregex" patch. Thanks to Yaroslav Halchenko. It will be possible to create stronger failregex against log injection
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@621 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-09-12 21:38:51 +00:00
d885fc786e
- Fixed wrong path for apache-auth in jail.conf. Thanks to Vincent Deffontaines
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@617 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-27 21:25:56 +00:00
938297138b
- Fixed named filter. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@616 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-27 21:03:33 +00:00
732c66215f
- Improved regular expressions
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@613 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-13 21:39:26 +00:00
5fd5a8112a
- Added named (bind9) example. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@611 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:49:58 +00:00
49b2e40682
- Fixed vsftpd filter. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@610 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:31:47 +00:00
3ef8fbe2e3
- Modified failregex again. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@609 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:29:13 +00:00
a3ace8040b
- Added filter file for named (bind9). Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@608 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:21:15 +00:00
26c54c4538
- Added new action iptables-allports. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@606 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:13:09 +00:00
711f936ed0
- Corrected subject
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@604 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-05 19:33:15 +00:00
e841209f1b
- Added new regex for proftpd. Thanks to Vaclav Misek
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@603 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-17 20:41:00 +00:00
9ac663a121
- Added webmin authentication filter. Thanks to Guillaume Delvit
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@601 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-11 22:27:16 +00:00
f714c96d0e
- Updated regular expressions
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@598 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-10 20:24:44 +00:00
08c2c55742
- Added sendmail actions. The action started with "mail" are now deprecated. Thanks to Raphaël Marichez
...
- Fixed a small typo
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@595 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-05 16:10:33 +00:00
e2334db7a6
- Improved regular expressions. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@592 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-06-25 21:57:10 +00:00
1e2ddec485
- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@587 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-06-07 21:29:18 +00:00
bfab0409a2
- Replaced -d with -f. We are looking for a file, not a directory
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@570 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-04-19 21:43:45 +00:00
ac54c8b4f1
- Modified filters config. Thanks to Michael C. Haller
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@569 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-04-18 20:22:54 +00:00
b40b9d88d2
- Added a new line before "Regards,"
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@566 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-03-26 21:08:09 +00:00
ee234d424c
- Added pure-ftpd filter. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@560 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-03-19 20:32:28 +00:00
64226d09c0
- Improved failregex a bit
...
- Added TrackBack/1.02
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@558 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-03-07 21:32:33 +00:00
0b9c41c015
- Removed actionstart and actionstop which are now obsolete
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@554 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-03-07 20:47:41 +00:00
f02a915de1
- Added a new example for vsftpd. Thanks to Christian Rauch
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@552 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-02-22 21:11:30 +00:00
54e4d012d1
- Fixed bug #1664386 . Thanks to Harry Rarig
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@551 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-02-22 20:52:35 +00:00
b4caed8c00
- Added new filter for spam bots
...
- Added new action for buffered mails
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@549 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-02-12 21:50:50 +00:00
d5ededc340
- Updated failregex
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@534 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-29 20:51:43 +00:00
743ec88eef
- Updated failregex
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@532 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-29 20:32:13 +00:00
45277fff4a
- Removed section with mail-report script which does not exist anymore
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@524 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-21 22:22:29 +00:00
04cd3f5bd5
- Added new filters/actions. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@520 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-08 21:40:37 +00:00
6cf814245e
- Fixed missing regular expression
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@513 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-04 13:07:04 +00:00
44d75eb54f
- Added missing svn:keywords
...
- Split failregex in sshd.conf
- Added sshd-ddos.conf. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@510 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-04 12:21:44 +00:00
7719c00d37
- Allow comma in action options. The value of the option must be escaped with " or '. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@509 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-04 11:58:58 +00:00
3a344557ec
- Exim4 filter. Thanks to mEDI
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@499 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-23 09:49:19 +00:00
1ac00d062a
- Regular expression should be more correct now
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@498 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-23 09:48:49 +00:00
2e197487a2
- Fixed removal of host in hosts.deny. Thanks to René Berber
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@496 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-19 21:51:14 +00:00
840b9fff0f
- Fixed some comments
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@495 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-18 22:35:34 +00:00
0c40adda4b
- Fixed some comments
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@494 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-18 22:33:01 +00:00
6f7df2cc3c
- Use numeric output for iptables in "actioncheck"
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@489 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-14 21:20:03 +00:00
8ca367d609
- Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@488 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-13 23:02:46 +00:00
90fb1d442e
slight english adjustment with no good english: Destinataire->Destination/Addressee
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@479 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-07 03:12:28 +00:00
f5d4cb6be2
- Added alias "<HOST>" for failregex
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@471 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-19 21:25:51 +00:00
911b2b15fc
- Merged "maxtime" with "findtime"
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@470 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-18 15:15:58 +00:00
Yaroslav Halchenko