github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
1,929 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

1929 Commits (9928f1df9651aa388452cbb396cf3a3d5da1dd22)

Author SHA1 Message Date
Steven Hiscocks 9928f1df96 ENH: Allow 255.255.255.0 style mask for ignoreip 2014-02-19 17:51:08 +00:00
Daniel Black 350d2dfd8e Merge pull request #618 from kwirk/xt_recent-tweaks 
ENH: Add root user check in xt_recent, and add missing actionstop
 2014-02-18 08:15:22 +11:00
Steven Hiscocks 4102f4f8c7 TST: Fix TravisCI build, install of coveralls from pip 2014-02-16 23:08:49 +00:00
Steven Hiscocks 7c76f7f204 BF: $EUID not avilable in all shells, replaced with `id -u` in xt_recent 2014-02-16 17:56:06 +00:00
Steven Hiscocks 2a37ee2fb7 ENH: Add root user check in xt_recent, and add missing actionstop 
Thanks to Helmut Grohne on IRC for suggestion
 2014-02-16 16:52:30 +00:00
Steven Hiscocks 9bfc77c320 BF: fail2ban-client processCmd ret was being overwritten each loop 2014-02-13 20:03:45 +00:00
Steven Hiscocks 1e9910fcb0 ENH: Added traceback for error log on pyinotify callback when in debug 
Thanks to Helmut Grohne for idea on #fail2ban IRC
 2014-02-12 22:18:09 +00:00
Steven Hiscocks bda9b7d725 BF: Add handling of exception in pyinotify callback 
If error isn't handled, no error messages are printed and the jail
ceases to function.
 2014-02-12 18:07:31 +00:00
Daniel Black fb557761e4 Merge pull request #610 from tecnocat/patch-1 
BF: Duplicate jail "php-url-fopen"
 2014-02-11 07:56:00 +11:00
Aarón Nieves Fernández 993b7d3dfb Duplicate jail "php-url-fopen" 2014-02-10 21:41:50 +01:00
Steven Hiscocks 3cbfe9b057 BF: `ret` now changed after beautifier called 2014-02-08 22:15:19 +00:00
Yaroslav Halchenko c424e4032d DOC: minor - replace tabs with spaces for consistent formatting 2014-02-07 00:41:22 -05:00
Daniel Black 1c740636e3 Merge pull request #603 from truxoft/master 
ENH: Nagios filter
 2014-02-06 11:09:49 +11:00
Ivo Truxa c207ad6058 removing ignoreip at [nagios] 
I removed the ignoreip setting from the nagios section. As pointed out, it is redundant here. Nagios server, under normal circumstances should not trigger any access errors, and would be included in the global ignoreips anyway.
 2014-02-06 00:27:38 +01:00
Ivo Truxa f5f434f846 removing the second failregex 
The second failregex was supposed to catch an error concerning an ACL denial over IPv6, but this message is no more generated by the nrpe version (v2.15) that introduced the IPv6 support, so the first failregex seems to be sufficient.
 2014-02-06 00:22:05 +01:00
Daniel Black 338d40f717 Merge pull request #606 from cmarkle/patch-1 
Correct spelling error in changelog
 2014-02-06 07:50:04 +11:00
Chris Markle 20886288e5 Correct spelling error in changelog 
I know it's a nit but still... ;)
 2014-02-05 10:44:46 -08:00
Ivo Truxa f6ccd8878d date fix 
sorry, need to get some glasses
 2014-02-03 23:27:19 +01:00
Ivo Truxa a71bb89ccd removing a dot (typo) 
The dot at the ignoregex did not belong there. Somehow it was added during the copying and pasting. Thanks for reporting it, I did not see it. Otherwise, empty ignoregexes are in all filters, and if they are missing, fail2ban client shows warnings when starting the filter, which I prefer avoiding.
 2014-02-03 23:12:56 +01:00
Ivo Truxa a8a43e8f38 ENH: Nagios filter 
new filter Nagios added
 2014-02-03 22:01:22 +01:00
Ivo Truxa dac4dd465e ENH: Nagios filter 
added typical configuration settings for the nagios filter
 2014-02-03 21:51:49 +01:00
Ivo Truxa c91fda8619 ENH: Nagios filter 
Sample log for the first failregex is available in the testcases. No example available for the IPv6 denial yet.
 2014-02-03 21:46:07 +01:00
Ivo Truxa 110b8e6905 ENH: Nagios filter 
Sample log entry from /var/log/messages for a denied access to the nrpe2 (Nagios Remote Plugin Executor) daemon
 2014-02-03 21:39:52 +01:00
Daniel Black 1366ea382d Merge pull request #601 from grooverdan/dovecot-no-lip-tls 
ENH: dovecot filter enhancements / BF: remove "no auth attempts"
 2014-01-31 01:57:02 -08:00
Daniel Black 273b2f45a3 MRG: remove the "no auth attempts" as per aseques gh-600 2014-01-29 20:43:51 +11:00
Daniel Black 9b614ce486 ENH: dovecot filter enhancements 2014-01-29 20:27:45 +11:00
Joan 9c6aab37d6 As suggested by @grooverdan, grouping the tests and making them false to avoid accidentally reenabling them in the future 2014-01-29 08:32:14 +01:00
Joan aaa86cd10f As suggested by @grooverdan, grouping the tests and making them false to avoid accidentally reenabling them in the future 2014-01-29 08:31:29 +01:00
Joan 84617fa6da Fixed a failing case 2014-01-28 16:19:35 +01:00
Joan 08171ba52f Removed the -no auth attempts- from the triggers because of lots of FP 2014-01-28 12:44:46 +01:00
Daniel Black 7476ebabbd Merge pull request #596 from grooverdan/pureftpd 
BF: Pureftpd
 2014-01-26 16:52:53 -08:00
Daniel Black 3c48e3f035 DOC: changelog for pure-ftpd filter fixes 2014-01-25 12:22:27 +11:00
Daniel Black 256c732bcd BF/ENH: filter pure-ftpd - re-add _daemon. Add translations 
_daemon was accidently removed in
89fd792dfb

Added translations from source code
 2014-01-25 12:19:46 +11:00
Daniel Black ca57427080 BF: firewallcmd-ipset had non-working actioncheck 2014-01-23 17:41:13 +11:00
Daniel Black 499b33f8a6 DOC: post release versioning 2014-01-22 08:37:51 +11:00
Daniel Black 33dd1733fb DOC: version and release date to 0.8.12 on 2014-01-22 2014-01-19 16:25:23 +11:00
Steven Hiscocks 0b4dd6272c Merge pull request #589 from grooverdan/one-bad-regex-gh-585 
fault tolerance when pushing multiple configurations
 2014-01-18 03:27:52 -08:00
Daniel Black 59b1e225e9 DOC/ENH: update man pages for release 2014-01-18 21:13:55 +11:00
Daniel Black 5ade6a13af DOC: ChangeLog dateing and normalisation 2014-01-18 21:00:24 +11:00
Daniel Black 058621f9bd ENH: continue with rest of fail2ban config even if errors. Closes gh-585 2014-01-18 20:16:38 +11:00
Daniel Black 2647461a3c DOC: ChangeLog. Note incompatible changes and group new filters and actions under New Features 2014-01-18 19:38:25 +11:00
Daniel Black c6c75dd19e BF: complete MANIFEST 2014-01-18 19:28:21 +11:00
Daniel Black 224e795f4c DOC: note in man page about "last message repeated" syslog compression. Closes Debian bug #620364 2014-01-18 19:12:33 +11:00
Daniel Black 1452be4a3a Merge pull request #588 from grooverdan/badips 
ENH: Badips action (reporting)
 2014-01-17 23:10:29 -08:00
Daniel Black f5d6f384f7 Merge pull request #587 from grooverdan/dovecot-586 
BF: Dovecot filter fix
 2014-01-17 23:10:06 -08:00
Daniel Black 93613e82f0 DOC: credits for action.d/badips 2014-01-15 09:40:18 +11:00
Daniel Black f566cab766 Merge branch 'master' into badips 2014-01-15 09:37:11 +11:00
Daniel Black 657da2041c BF: dovecot filters, session characters and order of session/tls in log messages 2014-01-15 08:02:47 +11:00
Ivo Truxa 4765bc757c BF Dovecot auth failures 
I am sorry, I installed the Win GIT, but still did not learn how to work with it, so am posting here again. This time, I'll avoid posting two pull requests, so please fix the dovecot.filter for me, if you don't mind.

This current filter does not match authentication errors in my Dovecot logs (two different lines attached). First of all the session string is at the end (after the optional TLS string), and not before it as it is now in the filter. I don't see it anywhere in the other logs here in the opposite order, hence I assume it is the rule for all installations. And then, the session ID can include also other characters than those matched by \w+ (i.e. the slash and the plus signs in my case), hence it needs to be \S+ instead. Personally, I'd do the regex much less restrictive than it is, but if I follow the current logics, the following form works:

<pre>^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((no auth attempts|auth failed, \d+ attempts)( in \d+ secs)?|tried to use disabled \S+ auth)\):( user=&lt;\S*&gt;,)?( method=\S+,)? rip=&lt;HO
ST&gt;, lip=(\d{1,3}\.){3}\d{1,3}(, TLS( handshaking)?(: Disconnected)?)?(, session=&lt;\S+&gt;)?\s*$</pre>
 2014-01-14 17:59:40 +01:00
Daniel Black 01e5ae1234 Merge pull request #584 from grooverdan/exim-auth 
ENH: Exim auth
 2014-01-13 02:20:47 -08:00