github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,768 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

1167 Commits (9a7c753372c591ea329d30d7fc28db014b73b38e)

Author SHA1 Message Date
sebres c0e0cfb39d Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2016-09-01 16:23:13 +02:00
sebres 4a1d720344 filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix 2016-08-22 14:10:50 +02:00
sebres d71a525a85 Merge branch 'master' into 0.10 (resolve conflicts and cleaning tree points after back-porting gh-1508 0.10 -> 0.9) 2016-08-12 18:51:56 +02:00
sebres 38d53a72fd introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located); 
fixed pythonic filters and test scripts (running via "fail2ban-python" now);
fixed test case "testSetupInstallRoot" not for default python (also using direct call, out of virtualenv);

# Conflicts:
#	config/filter.d/ignorecommands/apache-fakegooglebot
#	fail2ban/tests/files/config/apache-auth/digest.py
#	fail2ban/tests/files/ignorecommand.py
#	fail2ban/tests/misctestcase.py
 2016-08-12 17:58:37 +02:00
sebres 77f451c4a3 introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located); 
fixed pythonic filters and test scripts (running via "fail2ban-python" now);
fixed test case "testSetupInstallRoot" not for default python (also using direct call, out of virtualenv);
 2016-08-11 18:34:18 +02:00
maksyms 9ddbd642f7 Accept no space after "failed:" (#1501) 
yoh: Squashed to ease cherry-picking into 0.9

* accept no space after "failed:"

fix issue #1497

* accept no space after "failed:"

* Update postfix-sasl

* Update postfix-sasl

* Update postfix-sasl
 2016-08-08 17:09:47 -04:00
maksyms 04427adb95 Accept no space after "failed:" (#1501) 
yoh: Squashed to ease cherry-picking into 0.9

* accept no space after "failed:"

fix issue #1497

* accept no space after "failed:"

* Update postfix-sasl

* Update postfix-sasl

* Update postfix-sasl
 2016-08-08 17:07:55 -04:00
sebres c52aaa8b78 ASSP failregex minor fixes 2016-08-08 19:06:28 +02:00
sebres 70658d7a19 Merge pull request #1494 from rhardy613/master (branch 'sebres:pr-1494') 2016-08-08 18:49:32 +02:00
rhardy613 8265e3f0f9 Fix comments 
For some reasons the comment changes weren't pickup in the last commit.
This fixes it.
 2016-08-05 23:25:15 -04:00
rhardy613 66fe5a77ce Fix ASSP filter to work with both ASSP V1 and V2 
ASSP V1 development stopped at the end of 2014 and it is now deprecated.
All users were urged to upgrade to ASSP V2 which is still actively
developed.
fail2ban 0.9.5 (and trunk) still have code which only understands ASSP
V1 logs.
This means the filter ignores brute force attacks against ASSP. This fix
adds V2 support.
 2016-08-05 23:18:51 -04:00
rhardy613 890a3dcbb9 Fix ASSP filter to work with current release of ASSP 
ASSP V1 development stopped at the end of 2014 and it is now deprecated.
All users were urged to upgrade to ASSP V2 which is still actively
developed. For some reason fail2ban 0.9.5 (and trunk) still have code
which only understands ASSP V1 logs. This means the filter ignores brute
force attacks against ASSP.
Now updated with anchored patterns tested against 6 months of log data.
 2016-08-05 17:26:47 -04:00
Yaroslav Halchenko c0994b0c6c DOC: minor typo (thanks John Bernard) Closes #1496 2016-08-04 10:23:05 -04:00
sebres 0eea362aa0 Merge branch 'master' into 0.10 2016-08-01 15:10:52 +02:00
rhardy613 f73746d846 Fix ASSP filter to work with current release of ASSP 
ASSP V1 development stopped at the end of 2014 and it is now deprecated.
All users were urged to upgrade to ASSP V2 which is still actively
developed. For some reason fail2ban 0.9.5 (and trunk) still have code
which only understands ASSP V1 logs. This means the filter ignores brute
force attacks against ASSP.
 2016-07-31 13:50:52 -04:00
Yaroslav Halchenko 28a0605f69 Merge pull request #1478 from gips0n/master 
adding openldap slapd filter
 2016-07-14 08:30:42 -04:00
Andrii Melnyk 7433b353ee another variant of regex 2016-07-14 10:19:21 +03:00
Andrii Melnyk 7c5828dd2a add trailing anchor to failregex 2016-07-13 21:09:42 +03:00
sebres 683f8fc56c Merge branch 'master' into 0.10 2016-07-13 19:41:46 +02:00
Andrii Melnyk 48c094f612 improved failregex according to @sebres recomendations 2016-07-08 13:45:10 +03:00
sebres f5f204ca7c Improved changes of gh-1458: 
`[^']*` after callid was wrong, changed to `[^\)]*`;
  regexp anchored at the end;
  almost the same regex grouped to one;

Closes #1458
 2016-07-08 11:45:25 +02:00
nturcksin 72a157b8f2 Improve PJSIP log support for asterisk 13+ with different callID (Squash gh-1458) 
Change the asterisk pjsip filter to don't take the callId part
Add optional part between "Request" and "from"
Listed all log message from asterisk
 2016-07-08 11:45:22 +02:00
Andrii Melnyk dcb69b0242 * add `__prefix_line` to regex 
* fix time in log file
 2016-07-08 05:29:51 +03:00
Andrii Melnyk b2e3affaa0 adding openldap slapd filter 2016-07-08 04:50:57 +03:00
Yaroslav Halchenko 593b1210c0 Merge master (commit '0.9.4-79-gaf8b650') into 0.10 
* commit '0.9.4-79-gaf8b650':
  badip timeout option introduced, set to 30 seconds in our test cases (#1463)
  DOC: changelog for recent exim filters tune up
  Asterisk pjsip (#1456)
  BF: finalize that sample log line for exim4
  RF: for consistency use (?:XXX)? instead of (?:|XXX)
  ENH: use non-capturing regex groups in exim-common and exim filters
  ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible
  BF: make :port and I=[ip]:port optional for a "AUTH command used when not advertised"
 2016-06-19 20:06:16 -04:00
Serg G. Brester af8b650a37 badip timeout option introduced, set to 30 seconds in our test cases (#1463) 
cherry-picked from 0.10 (little bit modified in test_badips.py, because no --fast option in test cases)
 2016-06-13 12:56:53 +02:00
sebres e39126f630 badip timeout option introduced, set to 30 seconds in our test cases 2016-06-10 13:15:46 +02:00
Yaroslav Halchenko 636a93f58b Merge pull request #1438 from yarikoptic/bf-exim 
exim filters -- make wider use of host_info helper str susbstitution + fix for #1430
 2016-06-07 21:35:52 -04:00
Ludovic Gasc f85fb45b29 Asterisk pjsip (#1456) 
* Improve PJSIP log support for Asterisk 13+

* Update changelog: filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+

* Change pjsip regexp with sebres observation, thanks to @nturcksin
 2016-06-07 11:40:35 +02:00
sebres 39366e703a Merge branch 'master' into 0.10 
# Conflicts:
#	fail2ban/server/filter.py
 2016-05-31 18:06:18 +02:00
Yaroslav Halchenko 6434661480 RF: for consistency use (?:XXX)? instead of (?:|XXX) 2016-05-30 12:12:53 -04:00
Yaroslav Halchenko 48a8324662 ENH: use non-capturing regex groups in exim-common and exim filters 2016-05-30 11:02:12 -04:00
sebres 8ec4e1189e use raw host (don't use textToIp) if usedns exactly `raw`, because `usedns = no` should ignore no ip failures 2016-05-30 15:34:21 +02:00
Serg G. Brester b6700f3e52 Merge pull request #1433 from yarikoptic/bf-0.10-pf-prevbeh 
BF: maintain previous default beh for pf -- default ban type is multiport
 2016-05-23 15:20:57 +02:00
Yaroslav Halchenko 9bb869b8d4 ENH: courier-smtp -- allow for trailing username (no spaces) in the logline 
Closes #1440
 2016-05-21 22:17:09 -04:00
Yaroslav Halchenko 8b8cf2a660 ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible 2016-05-21 10:29:09 -04:00
Yaroslav Halchenko 743a531eb5 BF: make :port and I=[ip]:port optional for a "AUTH command used when not advertised" 
Closes #1430
 2016-05-21 10:29:01 -04:00
sebres f62266659f Merge branch 'master' into '0.10' 2016-05-21 13:48:00 +02:00
sebres 52377984cd back to mandatory space, ungrouping of sub parameters in `__prefix_line` + small code review; 2016-05-19 17:57:48 +02:00
sebres 0fdc56546f Fixed misunderstanding of port in (ban)action: port will be always specified in jail config ([DEFAULT] or jail) 2016-05-19 17:45:41 +02:00
Yaroslav Halchenko 1ebc3facb1 BF: maintain previous default beh for pf -- ban a port (ssh) only 2016-05-19 17:14:33 +02:00
sebres 4cdca8c258 amend-merge for pull request #1429 from sebres/0.10-freebsd-fix-pf 
actiontype for PF action (all- and multi port)
 2016-05-19 14:52:10 +02:00
sebres 4d51c591c1 pf.conf: warranted consistently echoing for the pf actiontype if actiontype or multiport tags will be customized; 2016-05-19 14:50:41 +02:00
Serg G. Brester 01d9a41ba1 Merge pull request #1429 from koeppea/0.10-freebsd-fix-pf 
actiontype for PF action (all- and multi port)
 2016-05-18 11:12:31 +02:00
Alexander Koeppe b5e031f3c3 some documentation for multiport use in pf.conf 2016-05-17 21:32:21 +02:00
sebres 1e7fd26f5f rename `actionoptions` to `actiontype` in pf-action (multiport) + fixed test cases 2016-05-17 20:51:12 +02:00
sebres 25af11215b test case for generic common moved to `./fail2ban/tests/config/filter.d/zzz-generic-example.conf` to prevent shipping it with fail2ban installations 2016-05-17 20:08:46 +02:00
Alexander Koeppe e74047ae49 revert to common config for PF covering multi and allports 2016-05-17 18:19:40 +02:00
Alexander Koeppe 3e1328c83b split PF config files between all- and multi port 2016-05-17 18:19:27 +02:00
sebres cb4f9be8b2 the date brackets removed from filters using `__prefix_line`, because `__prefix_line` already contains the date ambit; 2016-05-17 11:55:02 +02:00