github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,666 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

3666 Commits (983b128c5439cacfbc560c600266051b4bf6de6e)

Author SHA1 Message Date
Simon Brown 3dd1c305ce added entry for new screensharingd filter 2015-10-27 21:20:12 -07:00
Simon Brown 6a5f10ee72 name change & new sample data 
changed name to match daemon, log samples with year
 2015-10-27 16:27:14 -07:00
Simon Brown 3e4a77a568 Added json metadata 2015-10-27 12:31:51 -07:00
Simon Brown b3a18631e2 Sample log for test case 2015-10-27 10:43:43 -07:00
Simon Brown 4c3f778b82 Replaced .* with literal 
Per Serg's suggestions. Possible I'm missing some auth attempt types, but I couldn't find anything where literal wasn't sufficient.
 2015-10-27 10:33:30 -07:00
Simon Brown d17d837b8c Update jail.conf 
Added logencoding to screensharing jail to avoid encoding error messages in fail2ban log
 2015-10-27 10:28:07 -07:00
Simon Brown de14946542 Added new path variable for system.log 
Logging location for the majority of Mac OS daemons.
 2015-10-26 18:02:07 -07:00
Simon Brown 80546c6164 Added in settings for screensharingd filter 2015-10-26 17:50:49 -07:00
Simon Brown 3ec725a2ba Created file 
From https://github.com/beezwax/filemaker-fail2ban/blob/master/fail2ban/filter.d/screensharingd.conf
 2015-10-26 17:35:38 -07:00
sebres eb87638ead ChangeLog entry for OpenHAB home automation filter (gh-1223) 2015-10-26 15:56:01 +01:00
1technophile 2861a957a9 filter for openhab domotic software authentication failure with the rest api and web interface + test cases; 
closes gh-1223
 2015-10-26 15:48:23 +01:00
Serg G. Brester 26517b0464 Merge pull request #1226 from pablorf-dev/master 
Minor fix and enhancement (fake google domains)
 2015-10-22 14:23:47 +02:00
Pablo Rodriguez Fernandez 2c576c64f8 Change domain filter regex 
Change domain filter regex since there are other Google crawlers.
See "Google crawlers"
<https://support.google.com/webmasters/answer/1061943?hl=en>
 2015-10-20 10:46:00 +02:00
Pablo Rodriguez Fernandez 74fcb219ab Enhanced Google domain detection in apache-fakegooglebot 
Previously, an attacker could fake a domain like
crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change
avoids to resolve fake Google domains.
 2015-10-20 10:45:53 +02:00
Orion Poplawski 3a9cf2b3da Add and use default_backend to set individual backend defaults to auto 2015-10-19 19:50:03 -06:00
Orion Poplawski 81a26266a9 Add changlog entry for postfix-rbl logpath change 2015-10-19 19:46:43 -06:00
Orion Poplawski ced7be94b2 Fix postfix_log typo 2015-10-19 19:43:10 -06:00
Orion Poplawski 75d33c0f09 Add *_backend options for services to allow distros to set the default backend 
per service.
Set default to systemd for Fedora as appropriate.
 2015-10-18 20:18:50 -06:00
Pablo 7e6964dd9d Fix section jail.conf.5 manpage 
The section of jail.conf manpage is wrong, should be 5, not 10
 2015-10-15 10:40:56 +02:00
Serg G. Brester 3a5d4fdd26 Merge pull request #1221 from pablorf-dev/master 
Add check in apache-fakegooglebot to protect against PTR fake record (gh-1221)
 2015-10-14 11:33:06 +02:00
Pablo Rodriguez Fernandez a28e6b442e Add check in apache-fakegooglebot to protect against PTR fake record 
An attacker may return a PTR record which fakes a Googlebot's domain
name. This modification resolves the PTR records to verify it.

See "Verifying Googlebot":
<https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>
 2015-10-13 17:11:49 +02:00
Yaroslav Halchenko 16443f7b05 Merge pull request #1219 from agentmoller001/patch-1 
Updated route.conf to clear warnings (Closes #1026)
 2015-10-09 21:26:53 -04:00
agentmoller001 617302fcc2 Updated route.conf to clear warnings 
Does not throw warnings when starting/restarting by adding three lines of code.
 2015-10-09 18:16:36 -07:00
Yaroslav Halchenko 6fb5e3a494 removed outdated and "problematic" .pydevproject 2015-10-09 14:10:02 -04:00
Serg G. Brester 42598fbf26 Merge pull request #1215 from paulmenzel/strip-trailing-whitespace-from-files-under-files 
files: Strip trailing whitespace from files
 2015-10-08 18:39:40 +02:00
Paul Menzel 078e2048f2 files: Strip trailing whitespace from files 
Run the command `StripWhitespace` from the [Vim Better Whitespace
Plugin](https://github.com/ntpeters/vim-better-whitespace).
 2015-10-08 16:18:08 +02:00
sebres 2696ede251 mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later 
closes gh-1211
 2015-10-07 14:34:13 +02:00
sebres 61ac481703 IpToName test case fixed ('66.249.66.1' resp. 'crawl-66-249-66-1.googlebot.com' seems to be unresolvable) 2015-10-07 13:36:21 +02:00
Serg G. Brester 68db52474d Merge pull request #1206 from kevinoid/ssh-match-auth-fail 
ssh.conf: Fix disconnect "Auth fail" matching
 2015-10-05 10:15:53 +02:00
Kevin Locke 2a5c93cfb5 Update ChangeLog and THANKS for "Auth fail" changes 
Document the changes from 36919d9f in the ChangeLog and add myself to
the THANKS file (at @sebres suggestion).

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-05 00:31:13 -07:00
Kevin Locke 42b0e9258d Test cases for ssh.conf disconnect "Auth fail" 
Add test coverage for the new disconnect "Auth fail" matching added in
36919d9f.

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-02 15:56:26 -07:00
Kevin Locke 36919d9f97 ssh.conf: Fix disconnect "Auth fail" matching 
The regex for matching against "Auth fail" disconnect log message does
not match against current versions of ssh.  OpenSSH 5.9 introduced
privilege separation of the pre-auth process, which included
[logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114)
which adds " [preauth]" to the end of each message and causes the log
level to be prepended to each message.

It also fails to match against clients which send a disconnect message
with a description that is either empty or includes a space, since this
is the content in the log message after the disconnect code, per
[packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215),
which was matched by \S+.  Although I have not observed this yet, I
couldn't find anything which would preclude it in [RFC
4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the
message is attacker-controlled it provides a way to avoid getting
banned.

This commit fixes both issues.

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
 2015-10-02 15:46:29 -07:00
Yaroslav Halchenko 8311bad4ea Merge pull request #1204 from szepeviktor/patch-8 
Added CloudFlare API error codes URL
 2015-09-30 07:54:30 -07:00
Viktor Szépe 0d8968daa9 Added CloudFlare API error codes URL 2015-09-30 16:07:45 +02:00
Yaroslav Halchenko 7f3b31aa37 Merge pull request #1198 from yarikoptic/enh-split-comma 
ENH: allow to split ignoreip by space and/or comma (Closes #1197)
 2015-09-27 11:09:55 -04:00
Yaroslav Halchenko ff06176e9e Merge remote-tracking branch 'origin/master' into enh-split-comma 
* origin/master:
  DOC: changelog for the timeout change
  Set Timeout at urlopen to 3 seconds
  README :: init/service example mentions debian based systems as the example
  README :: fitted paragraph style
  BF: disable testing on python 3.2 until coverage gets a fix
  README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
  Set Timeout at urlopen to 3 seconds
 2015-09-27 00:52:14 -04:00
Yaroslav Halchenko 4c48e994eb Merge pull request #1201 from yoosefi/master 
README :: Some style/grammar tweaks, and init/service script mention.…
 2015-09-27 00:51:16 -04:00
Yaroslav Halchenko 6c0f898ec7 DOC: changelog for the timeout change 2015-09-27 00:49:57 -04:00
Yaroslav Halchenko 166e99d2ba Merge pull request #1203 from maxbeth/master 
Add a timeout (3 sec) to urlopen within badips.py action
 2015-09-27 00:48:50 -04:00
M. Maraun ebfd223320 Merge branch 'master' of github.com:maxbeth/fail2ban 2015-09-26 21:30:04 +02:00
M. Maraun 2895d981fa Set Timeout at urlopen to 3 seconds 2015-09-26 21:26:55 +02:00
Ryan Yoosefi 0610791ffe README :: init/service example mentions debian based systems as the example 2015-09-25 02:25:11 -07:00
Ryan Yoosefi c1b80a5e1b README :: fitted paragraph style 2015-09-25 02:23:08 -07:00
Yaroslav Halchenko d618ee3d90 BF: disable testing on python 3.2 until coverage gets a fix 2015-09-24 09:53:55 -04:00
Ryan Yoosefi 4744e16539 README :: Some style/grammar tweaks, and init/service script mention. Re: #1193 2015-09-24 06:37:01 -07:00
Yaroslav Halchenko 8cf614e221 ENH: allow to split ignoreip by space and/or comma (Closes #1197) 
Way too many people ran into this gotcha, so lets just do it
 2015-09-23 12:13:52 -04:00
Yaroslav Halchenko 24f875ad3e Merge pull request #1196 from yarikoptic/bf-longer-margin 
BF: relax 1 sec delay testing to 100ms margin (Closes #1195)
 2015-09-23 09:58:41 -04:00
Yaroslav Halchenko 84afcd8b1f BF(PY26): no assertGreater in 2.6 -- use explicit comparison 2015-09-23 09:45:51 -04:00
Yaroslav Halchenko 17a4289798 BF: relax 1 sec delay testing to 100ms margin (Closes #1195) 2015-09-23 08:38:51 -04:00
Yaroslav Halchenko 55e542b273 Merge remote-tracking branch 'pr/1170/head' -- opensuse paths 
* pr/1170/head:
  Updated ChangeLog regarding openSUSE's path config
  Added configuration for opensuse path
 2015-09-17 21:59:45 -04:00