Dean Lee
ba44ff312b
grep IP at the start of lines
...
I'm not sure if this regex works best, so I'm patching this single file as a sample.
Don't forget to update `mail-whois-lines.conf` after this patch got merged.
For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
2014-09-09 14:55:34 +08:00
Yaroslav Halchenko
0d9cfb84e3
Merge pull request #778 from yarikoptic/enh/symbiosis
...
ENH: symbiosis-blacklist-allports action
2014-08-20 23:00:11 -04:00
Yaroslav Halchenko
93243e7d57
ENH: Ignore errors while unbaning in symbiosis firewall
...
Fail2Ban at times "interfers" with the firewall reflashing thus leading
to the sporadic errors. IMHO should be safe to ignore
2014-08-12 11:57:07 -04:00
Yaroslav Halchenko
818dd59d65
ENH: symbiosis-blacklist-allports action
2014-08-08 11:57:30 -04:00
Markus Amalthea Magnuson
7b76322898
Fix typos.
2014-08-02 12:21:59 +02:00
leftyfb
6dbd449f77
Changed to Cloudflare JSON API
2014-07-28 11:10:50 -04:00
leftyfb
cba570cabd
Updated comments
2014-07-17 23:49:35 -04:00
leftyfb
5471e99ebe
Added cloudflare action
2014-07-17 22:54:30 -04:00
Yaroslav Halchenko
0adb10f653
Merge branch 'ainfo-copy' of https://github.com/kwirk/fail2ban
...
* 'ainfo-copy' of https://github.com/kwirk/fail2ban :
TST: actions modifying aInfo test more robust
TST: Test for actions modifying (un)ban aInfo
BF: aInfo could be modified by actions, causing unexpected behaviour
2014-06-22 10:53:30 -04:00
SATO Kentaro
65ff3e9604
ENH: Introduce iptables-common.conf.
2014-06-18 19:04:57 +09:00
Steven Hiscocks
8268c1641f
BF: aInfo could be modified by actions, causing unexpected behaviour
...
A separate copy of aInfo is passed to each action
2014-06-17 23:24:23 +01:00
SATO Kentaro
1e1c4ac62a
ENH: Add <chain> to iptables-ipsets.
2014-06-16 21:30:13 +09:00
Steven Hiscocks
db023be09b
BF: Fix bad syntax in badips.py action
...
Taken from https://bugzilla.redhat.com/attachment.cgi?id=895966&action=diff
2014-06-07 20:51:53 +01:00
Yaroslav Halchenko
596b819bdc
DOC: minor -- tabify docstring in badips.py action
2014-04-23 10:04:17 -04:00
Steven Hiscocks
9fcb92524e
BF: badips.py action logging of exc_info on debug typo
2014-04-12 11:21:52 +01:00
yungchin
3a155ed2e0
Update comments in shorewall.conf for new settings
2014-04-01 16:52:21 +01:00
Ruben Kerkhof
1c36da9df9
Fix 2 more typos that codespell didn't catch
2014-03-25 10:57:20 +00:00
Ruben Kerkhof
1695d5c076
Fix a few typos
...
Found with https://github.com/lucasdemarchi/codespell
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
2014-03-24 13:16:52 +00:00
Steven Hiscocks
41cbbbc248
BF: Remove unused imports and variables.
...
All highlighted by using pyflakes.
2014-03-16 14:31:34 +00:00
Steven Hiscocks
16125ec81a
BF: badips.py action methods not static due to use of self._logSys
2014-03-16 14:18:19 +00:00
Steven Hiscocks
9e374b159e
ENH: Allow setting of badips.py key for reporting and blacklisting
2014-03-13 22:45:10 +00:00
Steven Hiscocks
de43d1d6d5
ENH: Change badips.py default score to "3"
...
As per recommendation from Amy from badips.com
2014-03-13 22:05:50 +00:00
Steven Hiscocks
0222ff4677
Merge branch 'badips-blacklist' into 0.9
...
Conflicts:
ChangeLog
- entires added in both branches.
Change:
config/action.d/badips.py
- jail.getName() changed to jail.name
2014-03-13 20:01:15 +00:00
Steven Hiscocks
0c63d0061a
DOC: Add documentation for badips.py action
2014-03-13 19:58:32 +00:00
Steven Hiscocks
dfb46cfda6
BF: Require Python 2.7+ for badips.py action
2014-03-12 21:54:15 +00:00
Daniel Black
cc8ec826c5
MRG: from master 2014-03-02
2014-03-02 14:33:45 +11:00
Steven Hiscocks
df8d700d17
RF: Refactor Jail and JailThread
...
Includes:
- documentation to new format and use of properties
- change isActive->is_active as former no longer documented for
python3, and later introduction and documented in python2.6
- status formatter in beautifier somewhat more automatically
formatted; no changes are required for additional status elements
- JailThread now set to active within `start` method, complimenting
`stop` method
2014-02-23 17:41:14 +00:00
Daniel Black
9be22a96a6
Merge pull request #614 from kwirk/complain-abusix
...
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
2014-02-20 09:17:23 +11:00
Daniel Black
cc463aa60d
Merge pull request #620 from kwirk/xarf-tweaks
...
BF: Fix misplaced ";", and duplicate {ip,}matches
2014-02-20 09:16:11 +11:00
Daniel Black
a044517cb7
MRG: from master to 0.9 2014-02-20
2014-02-20 08:35:24 +11:00
Steven Hiscocks
8c5525163b
BF: Fix misplaced ";", and duplicate {ip,}matches
2014-02-18 15:13:02 +00:00
Steven Hiscocks
997729e274
BF: Fix complain action for multiple recipients and misplaced ";"
2014-02-18 15:05:06 +00:00
Steven Hiscocks
7c76f7f204
BF: $EUID not avilable in all shells, replaced with `id -u` in xt_recent
2014-02-16 17:56:06 +00:00
Steven Hiscocks
2a37ee2fb7
ENH: Add root user check in xt_recent, and add missing actionstop
...
Thanks to Helmut Grohne on IRC for suggestion
2014-02-16 16:52:30 +00:00
Steven Hiscocks
5c7630c4be
ENH: Allow separate blacklist category for badips.py action
2014-02-14 17:45:08 +00:00
Steven Hiscocks
cf81ddd8e2
BF: Add error handling in badips.py action
2014-02-14 17:10:34 +00:00
Steven Hiscocks
31f4ea59cb
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
...
Taken from xarf-login-attack action from 0.9 branch by Daniel Black
2014-02-13 22:00:33 +00:00
Steven Hiscocks
dff8909473
ENH: Add badips.com reporting and blacklisting action (python based)
2014-02-09 12:23:14 +00:00
Daniel Black
1e1261ccb4
MRG: from master 2014-01-23
2014-01-23 17:45:18 +11:00
Daniel Black
ca57427080
BF: firewallcmd-ipset had non-working actioncheck
2014-01-23 17:41:13 +11:00
Steven Hiscocks
8221c7ca71
TST+BF: Add tests for python actions, including test for smtp.py
...
Also fix bug when specifying multiple recipients for smtp.py action
2014-01-20 23:10:43 +00:00
Daniel Black
a650178bd1
MRG: merge from master 2014-01-19
2014-01-19 14:48:29 +11:00
Daniel Black
f566cab766
Merge branch 'master' into badips
2014-01-15 09:37:11 +11:00
Daniel Black
cd3e94140c
MRG: complete merge
2014-01-12 21:16:55 +11:00
Yaroslav Halchenko
9a8b449086
DOC: some typos, fixes from Vincent Lefevre
2014-01-06 23:38:52 -05:00
Daniel Black
76468942f9
MRG: complete merge from master
2014-01-07 10:24:23 +11:00
Daniel Black
ab3ded2205
Merge pull request #549 from kwirk/python-actions
...
ENH: Python actions
2014-01-06 02:58:45 -08:00
Steven Hiscocks
69a850d226
DOC: Update docstrings for smtp.py action
2014-01-04 22:46:57 +00:00
Steven Hiscocks
6e63f0ea5a
RF: Change Jails and Actions to Mapping types
2014-01-04 16:57:08 +00:00
Daniel Black
3d1a1afca4
MRG: to more recent 0.9
2014-01-04 09:31:05 +11:00
Daniel Black
5fe75436cc
DOC: DEV NOTES before author names
2014-01-04 08:53:45 +11:00
Steven Hiscocks
80d6f74ee8
RF: Refactor actions further, include removing server proxy interface
...
This allows direct setting of action properties and calling of methods
from the fail2ban-client if so required.
2014-01-03 17:04:49 +00:00
Daniel Black
a0c2de3e4d
DOC: document incompatiblity between APF and iptables-* actions. Closes gh-510
2014-01-03 16:51:38 +11:00
Steven Hiscocks
98bf511443
BF: Incorrect number of arguments in smtp.py action connect log
2014-01-01 23:50:44 +00:00
Steven Hiscocks
5b2b59d752
ENH: python actions use initOpts as **kwargs
...
Adds an easy way to handle case where mandatory arguments are missed, or
not valid arguments are passed
2014-01-01 23:18:11 +00:00
Steven Hiscocks
6ef911185d
ENH: Add matches to smtp.py action
2014-01-01 12:27:49 +00:00
Daniel Black
391b5fc883
MRG: from master again 2014-01-01
2014-01-01 19:28:38 +11:00
Steven Hiscocks
f37c90cdba
ENH: Python based actions
...
Python actions are imported from action.d config folder, which have .py
file extension. This imports and creates an instance of the Action class
(Action can be a variable that points to a class of another name).
fail2ban.server.action.ActionBase is a base class which can be inherited
from or as a minimum has a subclass hook which is used to ensure any
imported actions implements the methods required.
All calls to the execAction are also wrapped in a try except such that
any errors won't cripple the jail.
Action is renamed CommandAction, to clearly distinguish it from other
actions.
Include is an example smtp.py python action for sending emails via smtp.
This is work in progress, as looking to add the <matches> and whois
elements, and also SSL/TLS support.
2013-12-31 18:54:34 +00:00
Daniel Black
be382dae4d
MRG: ufw changelog conflicts
2013-12-29 05:45:06 +00:00
Daniel Black
1f6ece2a40
Merge pull request #490 from grooverdan/firewallcmd-ipset
...
ENH: add firewallcmd-ipset
2013-12-28 21:43:49 -08:00
Daniel Black
a1a219189f
Merge pull request #493 from grooverdan/xarf-ipmatch
...
ENH: use ipmatches for action xarf-login-attack
2013-12-19 01:28:49 -08:00
Daniel Black
7c0efc8ec8
MRG: merge so far - flushLogs not working yet
2013-12-16 15:08:34 +00:00
Daniel Black
4eedf9d4e1
ENH: use ipmatches for action xarf-login-attack
2013-12-15 23:49:38 +00:00
Daniel Black
a398c51d6c
ENH: simplify actioncheck on firewallcmd-new a little more
2013-12-15 22:36:47 +00:00
Daniel Black
772def1095
Merge pull request #491 from kwirk/ipmatches
...
ENH: Add <ipmatches> and <ipjailmatches> tags + sendmail implementations
2013-12-15 14:29:02 -08:00
Steven Hiscocks
40007abc1d
ENH: Refactor and add database matches and failures for sendmail actions
2013-12-15 21:41:43 +00:00
Daniel Black
1c6c011154
EHH missed trailing .
2013-12-14 21:22:46 +00:00
Daniel Black
868a4ea470
ENH: full abusix disclaimer in action xarf-login-attack
2013-12-14 21:18:20 +00:00
Daniel Black
9fe0a69852
ENH: add firewallcmd-ipset
2013-12-14 09:06:01 +00:00
Daniel Black
4ffc57e14f
ENH: simplify firewallcmd-new actioncheck and provide output samples
2013-12-14 07:11:29 +00:00
Daniel Black
ed816afbcd
ENH: add badips action
2013-12-14 01:41:28 +00:00
Daniel Black
1ff52dfe4d
DOC: document ufw a bit more. Change insertpos default to 1 to allow it to work if the user run ufw enable
2013-12-14 00:40:47 +00:00
Daniel Black
f35345ecaa
ENH: add ufw action based off Guilhem Lettron's work in lp-#701522. Closes gh-455
2013-12-14 00:34:12 +00:00
Daniel Black
13ccebe78f
BF: fix actioncheck in firewallcmd
2013-12-13 23:40:51 +00:00
Steven Hiscocks
0bcff771b8
ENH: Add <ipmatches> and <ipjailmatches> tags
...
Example use filter also added for sendmail-whois with ipmatches rather
than grepped lines
2013-12-13 22:40:11 +00:00
Daniel Black
f385439a41
MRG: ChangeLog merge
2013-12-09 09:28:42 +11:00
Daniel Black
36917d7517
BF: action.d/complain - match IP at beginning and end of lines
2013-12-09 09:21:55 +11:00
Daniel Black
135c759dbb
Merge pull request #477 from kwirk/blocklist.de
...
ENH: Added blocklist.de reporting API action
2013-12-06 16:16:39 -08:00
Steven Hiscocks
630dd91dcd
BF: Add [Init] section to blocklist.de action
2013-12-07 00:09:31 +00:00
Steven Hiscocks
b3c173795e
ENH: blocklist.de action error on HTTP response code 4xx
2013-12-06 08:22:21 +00:00
Daniel Black
51f2619878
Merge pull request #473 from grooverdan/whois-missing
...
ENH: Whois missing in actions? Include output to say so
2013-12-05 12:44:35 -08:00
Steven Hiscocks
a19b33cc72
ENH: blocklist.de action added fail2ban version as user agent
2013-12-05 18:12:15 +00:00
Steven Hiscocks
f742ed0e4b
DOC: when to use blocklist.de reporting
...
Taken from commit 1846056606
2013-12-05 18:06:53 +00:00
Steven Hiscocks
e810ec009d
ENH: Added blocklist.de reporting API action
2013-12-05 08:22:20 +00:00
Daniel Black
4dc51e5def
BF: put notice in email if whois program could not provide more information. Closes gh-471
2013-12-04 22:43:06 +11:00
Daniel Black
97d7f46bb7
DOC: correct grammar - s/Here are more information/Here is more information/
2013-12-04 22:40:48 +11:00
Daniel Black
8aead9ab79
BF: escape quotes when splitting addresses for xarf
2013-12-04 08:19:05 +11:00
Daniel Black
1846056606
DOC: when to use xarf messages to network owner
2013-12-03 20:40:42 +11:00
Daniel Black
8c37d2e4de
ENH: remove dependency on querycontacts
2013-12-03 20:34:21 +11:00
Daniel Black
dd356c3cef
BF: fixed for sendmail and tested the MTA aspects of this action
2013-12-01 19:08:28 +11:00
Daniel Black
9df5f4eec8
BF: remove debugging tee command on xarf-login-attack
2013-12-01 17:53:34 +11:00
Daniel Black
d015f7f4fc
BF/ENH: fixed so xarf-login-attack works
2013-12-01 17:49:35 +11:00
Daniel Black
0495aa098e
BF: grep matches on <ip> shouldn't include other IPs
2013-11-30 18:01:45 +11:00
Daniel Black
95845b7b65
BF: complain action could match too many IP addresses
2013-11-30 17:47:10 +11:00
Daniel Black
5cc7173fd4
ENH: add xarf email sender for login-attack type
2013-11-30 14:16:26 +11:00
Daniel Black
56b6bf7d25
ENH: reduce firewalld-cmd-new -> firewallcmd-new
2013-11-30 10:30:29 +11:00
Daniel Black
86a0a5962a
BF: revert to fail2ban- prefix as f2b- was intended for 0.9
2013-11-30 08:05:20 +11:00
Daniel Black
9e53892708
BF: did remove instead of move
2013-11-29 19:26:24 +11:00
Daniel Black
af4feb0c92
Actions to have f2b- as prefix instead of fail2ban- as per #462
2013-11-29 19:08:38 +11:00
Daniel Black
fb666b69ff
BF: firewall-cmd-direct-new was too long. Thanks Joel.
2013-11-28 23:35:05 +11:00
Daniel Black
dc154c792e
BF: add init section with name for action.d/apf. Closes #398
2013-11-25 08:08:20 +11:00
Daniel Black
87f68d7564
firewalld-0.3.8 release that support --remove-rules out so documenting this.
2013-11-06 11:37:56 +11:00
Daniel Black
5eddd5d12d
DOC: document required firewalld version as > 0.3.7.1
2013-10-31 09:10:59 +11:00
Daniel Black
8ac6081555
ENH: fix to use upstream --remove-rules
...
https://fedorahosted.org/firewalld/ticket/10
2013-10-31 01:23:00 +11:00
Daniel Black
c2b76d1fd0
Merge pull request #397 from yarikoptic/_enh/unify_default_strings
...
DOC: enh/unify "Default:" strings
2013-10-22 04:36:41 -07:00
Daniel Black
b4cbf82912
DOC: remove Default: on action firewall-cmd-direct-new
2013-10-15 08:34:42 +11:00
Yaroslav Halchenko
4149c7495d
Options in actions to be specified in jails have no "Default"s besides those specified in the files -- thus removing from comments
2013-10-14 16:29:16 -04:00
Daniel Black
f1bb08aa6a
ENH: base blocktype off iptables-blocktype.conf for firewall-cmd-direct-new.conf like other iptables based actions
2013-10-14 23:06:38 +11:00
Daniel Black
12f7ea7ec4
DOC: remove excessive comments from firewall-cmd-direct-new
2013-10-14 22:39:38 +11:00
Daniel Black
0d8d1ae26c
ENH: new action.d/firewall-cmd-direct-new.conf from Redhat Bugzilla #979622
2013-10-14 22:36:01 +11:00
Daniel Black
1a5e17f2a3
BF: use blocktype for iptables-ipset-proto6*
2013-10-09 11:59:16 +11:00
Daniel Black
dcb845f17c
ENH: add iptables-ipset-proto6-allports for blocking all ports
2013-10-09 11:57:35 +11:00
Daniel Black
e12d389c65
MRG/DOC: jail.conf resolution, ChangeLog fixes
2013-09-29 08:21:13 +10:00
Mark McKinstry
b6bf26c9f2
dont' need to set a default name
2013-09-25 18:37:22 -04:00
Mark McKinstry
2668adc896
Merge branch 'master' of github.com:fail2ban/fail2ban
2013-09-25 17:54:38 -04:00
Mark McKinstry
1af4543aca
ability to name the jail that banned the IP with apf
2013-09-25 17:52:34 -04:00
Mark McKinstry
dd9ee4c39a
quotes around the comment put in apf's deny_hosts.rules file
2013-09-25 17:51:25 -04:00
Mark McKinstry
e64493c328
use human readable/longer options when banning and un-banning IPs with apf
2013-09-25 16:44:10 -04:00
Mark McKinstry
c692912a82
don't hardcode absolute path for apf firewall
2013-09-25 16:38:45 -04:00
Mark McKinstry
66aff43d68
remove un-needed '$' line
2013-09-25 16:37:58 -04:00
Beau Raines
060bd45295
ENH - Added server name to subject line in email notifications
...
This is useful when fail2ban is running on multiple servers and
keeping the notifictions separate and knowing which machine is "under
attack".
2013-09-08 15:21:58 -07:00
Daniel Black
ad291d7e38
Merge pull request #346 from grooverdan/bsd-ipfw-default-unreach-port
...
BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp ...
2013-09-04 16:18:19 -07:00
Daniel Black
4face1f3e7
MRG: resolve conficts in action.d/osx-ipfw design
2013-09-05 09:07:10 +10:00
Andy Fragen
d258a51a23
after some research it looks like setting to unreachable better than deny
2013-09-04 11:28:03 -07:00
Andy Fragen
fe557e5900
more specific actionunban
2013-09-01 13:09:51 -07:00
Andy Fragen
a4884f82cd
add mods from grooverdan and fix actionunban
...
actionunban still not working in grooverdan's mod. I made this one grep both <ip> and <port>. It should be more specific if the same <ip> is banned on multiple ports.
2013-08-31 08:39:19 -07:00
Daniel Black
f2bcf84893
BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp rejecting blocked packets
2013-08-31 11:40:04 +10:00
Daniel Black
749f215089
ENH: port optional
2013-08-31 11:07:15 +10:00
Daniel Black
8b22fa15b5
BF: reverted to simplier random rulenum. If your machine is handling 1000s of block the addition complexity isnt what you want
2013-08-31 11:03:01 +10:00
Daniel Black
b31799a322
ENH: add action.d/osx-afctl anonymously contributed on f2b wiki
2013-08-31 10:51:04 +10:00
Daniel Black
5741348f45
ENH: more options and ruggedness to prevent unintensional consequences
2013-08-31 09:38:18 +10:00
Daniel Black
52bd0f86a8
Merge branch 'osx-ipfw' of https://github.com/afragen/fail2ban into osx
2013-08-31 09:09:04 +10:00
Daniel Black
7cc3e8a8c0
BF: Invert expression on actionstop in bsd-ipfw.conf to ensure exit status 0 on success. Closes gh-343
2013-08-31 08:59:02 +10:00
Andy Fragen
ef504c869f
added osx specific ipfw action with random rulenum
2013-08-26 16:06:23 -07:00
Daniel Black
6a36ff1a4a
BF: order mailx arguments with dest email address last - redhat bugzilla 998020. Closes gh-328
2013-08-19 22:36:58 +10:00
Orion Poplawski
31a78b2711
Use /var/run/fail2ban in config/action.d/dummy.conf
2013-08-08 20:41:44 -06:00
Daniel Black
ab10664b57
ENH: action.d/hostsdeny to take daemon_list arguement as suggested in README.Solaris
2013-07-14 16:20:21 +10:00
Daniel Black
1d6d5a7aae
DOC: ChangeLog merge confict
2013-07-09 08:41:28 +10:00
Alexander Dietrich
da594075f3
Move sendmail settings to common file, make sender name configurable
2013-07-02 20:30:41 +02:00
Daniel Black
aebd24ec54
BF: replace with ed so its cross platform, fixes permission problem gh-266, and Yaroslav doesn't revert to perl
2013-07-02 20:09:27 +10:00
Yaroslav Halchenko
89e06bba15
BF: blocktype must be defined within [Init] -- adding [Init] section. Close #232
2013-05-24 11:15:46 -04:00
Yaroslav Halchenko
5accc10a47
Merge pull request #206 from grooverdan/bsd_ipfw
...
NF: BSD ipfw
2013-05-08 07:24:56 -07:00
Yaroslav Halchenko
0ae49ab11e
Merge branch 'bsd_pf' of https://github.com/grooverdan/fail2ban
...
* 'bsd_pf' of https://github.com/grooverdan/fail2ban :
BF: missed MANIFEST include
DOC: add jail.conf entry for pf
DOC: credit for pf action. Origin: http://svnweb.freebsd.org/ports/head/security/py-fail2ban/files/patch-pf.conf?view=log
ENH: pf action thanks to Nick Hilliard <nick@foobar.org>.
Conflicts:
ChangeLog
2013-05-08 10:24:01 -04:00
Yaroslav Halchenko
e85914cef8
Merge pull request #215 from grooverdan/reject_no_drop_by_default
...
ENH: add blocktype to all relevant actions and change default action to reject
2013-05-08 07:20:14 -07:00
Daniel Black
9c03ee6d9e
ENH: consolidate where blocktype is defined for iptables rules
2013-05-08 07:52:08 +10:00
Daniel Black
c7fd777966
BF: default type to unreachable
2013-05-08 07:31:31 +10:00
Yaroslav Halchenko
2143cdff39
Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups
...
Origin: from https://github.com/jamesstout/fail2ban
* 'OpenSolaris' of https://github.com/jamesstout/fail2ban :
ENH: Removed unused log line
BF: fail2ban.local needs section headers
ENH: Use .local config files for logtarget and jail
ENH+TST: ssh failure messages for OpenSolaris and OS X
ENH: fail message matching for OpenSolaris and OS X
ENH: extra daemon info regex
ENH: actionunban back to a sed command
Readme for config on Solaris
create socket/pid dir if needed
Extra patterns for Solaris
change sed to perl for Solaris
Conflicts:
config/filter.d/sshd.conf
2013-05-06 11:11:12 -04:00
Daniel Black
3b4a7b7926
ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
2013-05-05 15:43:18 +10:00
Daniel Black
0c5a9c53e1
ENH: pf action thanks to Nick Hilliard <nick@foobar.org>.
2013-05-03 16:34:54 +10:00
Daniel Black
b6d0e8ad9c
ENH: add ipfw rule for bsd using the tables.
2013-05-03 16:31:45 +10:00
Daniel Black
495f2dd877
DOC: purge of svn tags
2013-05-03 16:03:38 +10:00
jamesstout
b7795addd0
ENH: actionunban back to a sed command
...
per https://github.com/fail2ban/fail2ban/pull/182#discussion_r3999128
2013-04-30 04:10:32 +08:00
Daniel Black
945ad3d9e6
BF: ensure dates in email are in the C locale. Thanks iGeorgeX
2013-04-29 14:10:23 +10:00
jamesstout
de98e3dabd
change sed to perl for Solaris
2013-04-21 07:29:48 +08:00
Daniel Black
67544d1dd6
DOC: tags are documented in the jail.conf(5) man page
2013-03-17 10:52:49 +11:00
Yaroslav Halchenko
5e5eaaf838
Merge pull request #134 from grooverdan/misc-fixes
...
BF: fail2ban client can't handle multi word setcinfo or action[*] values
2013-03-10 18:01:17 -07:00
Pascal Borreli
a2b29b4875
Fixed typos
2013-03-10 22:05:33 +00:00
Daniel Black
a0f088be25
ENH: typo + head -1 has been deprecated for 10+ years.
2013-03-10 16:28:45 +11:00
Yaroslav Halchenko
d5ae28facf
Merge pull request #104 from gebi/t/route
...
add support for blocking through blackhole routes
2013-02-18 08:01:34 -08:00
Daniel Black
47b1ee39d8
add blocking type
2013-02-17 12:44:15 +11:00
Yaroslav Halchenko
8cf006827e
BF: remove path from grep call in sendmail-whois-lines.conf Closes: gh-118
2013-02-12 08:48:05 -05:00
Michael Gebetsroither
f9b78ba927
add support for blocking through blackhole routes
2013-01-03 18:46:31 +01:00
Daniel Black
9221886df6
more documentation and optimisations/fixes based on testing
2012-12-31 14:31:37 +11:00
Daniel Black
abd5984234
base ipset support
2012-12-31 14:31:37 +11:00
Mark McKinstry
95de9c1a97
add support for the APF firewall
2012-10-18 11:17:04 -04:00
Yaroslav Halchenko
2a225aa6ee
Added a warning within "complaint.conf" action about care with enabling it
2012-08-13 23:03:52 -04:00
Yaroslav Halchenko
80b191c7fd
BF: anchor chain name in actioncheck's for iptables actions ( Closes : #672228 )
2012-07-31 15:27:05 -04:00
Yaroslav Halchenko
35201f6690
Merge remote-tracking branch 'gh-keszybz/master'
...
* gh-keszybz/master:
NF: xt_recent-echo action
2012-01-07 20:59:50 -05:00
Zbigniew Jędrzejewski-Szmek
321670487e
NF: xt_recent-echo action
...
The default configuration can only be run by root. To actually support
running as a different user, the setup action must be disabled.
2012-01-06 00:51:03 +01:00
Leonardo Chiquitto
4502adfe69
Fix comments to reflect code
...
Commit 638bb6652
changed some defaults but the comments still point
to the previous values.
2011-12-30 12:41:46 -05:00
Tom Hendrikx
9fa54cf233
Add Date: header for sendmail*.conf actions
...
According to rfc2822, Date: headers are not optional.
Added these to all sendmail action templates, format specification
should conform to rfc and be portable across multiple platforms.
2011-11-18 16:52:44 -05:00
Yaroslav Halchenko
3831fbf98b
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@771 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:41 +00:00
Yaroslav Halchenko
638bb66523
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
...
It should be robust since /var/run/fail2ban is guaranteed to exist to carry the
socket file, and it will be owned by root (or some other dedicated fail2ban
user) thus avoiding possibility for the exploit
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:35:56 +00:00
Cyril Jaquier
e16c18d091
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@724 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-01-27 23:39:38 +00:00
Cyril Jaquier
6cd56802bb
- Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to Russell Odom.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@717 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-13 14:56:54 +00:00
Cyril Jaquier
9ed39a4387
- Send file if the number of lines is greater or equal and not only equal to the limit.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@701 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-07-16 21:11:42 +00:00
Cyril Jaquier
55d6baa66d
- Added svn:keywords
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@668 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 22:37:20 +00:00
Cyril Jaquier
f77057d3dd
- Fixed Debian bug #462060
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@666 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 22:23:41 +00:00
Cyril Jaquier
17e31b167e
- Replaced "reject" with "drop" in shorwall action. Fix #1854875
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@661 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 23:20:10 +00:00
Cyril Jaquier
0afa6fb2be
- Replaced "echo" with "printf" in actions. Fix #1839673
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@660 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 23:11:28 +00:00
Cyril Jaquier
f0399ca5a4
- Absorbed some Debian patches. Thanks to Yaroslav Halchenko.
...
- Renamed actionend to actionstop.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@658 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 22:41:28 +00:00
Cyril Jaquier
c40534123c
- Fixed ipfw action script. Thanks to Nick Munger
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@623 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-10-23 22:06:31 +00:00
Cyril Jaquier
26c54c4538
- Added new action iptables-allports. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@606 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:13:09 +00:00
Cyril Jaquier
711f936ed0
- Corrected subject
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@604 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-05 19:33:15 +00:00
Cyril Jaquier
08c2c55742
- Added sendmail actions. The action started with "mail" are now deprecated. Thanks to Raphaël Marichez
...
- Fixed a small typo
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@595 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-05 16:10:33 +00:00
Cyril Jaquier
bfab0409a2
- Replaced -d with -f. We are looking for a file, not a directory
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@570 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-04-19 21:43:45 +00:00
Cyril Jaquier
b40b9d88d2
- Added a new line before "Regards,"
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@566 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-03-26 21:08:09 +00:00
Cyril Jaquier
0b9c41c015
- Removed actionstart and actionstop which are now obsolete
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@554 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-03-07 20:47:41 +00:00
Cyril Jaquier
b4caed8c00
- Added new filter for spam bots
...
- Added new action for buffered mails
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@549 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-02-12 21:50:50 +00:00
Cyril Jaquier
04cd3f5bd5
- Added new filters/actions. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@520 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-08 21:40:37 +00:00
Cyril Jaquier
44d75eb54f
- Added missing svn:keywords
...
- Split failregex in sshd.conf
- Added sshd-ddos.conf. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@510 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-04 12:21:44 +00:00
Cyril Jaquier
2e197487a2
- Fixed removal of host in hosts.deny. Thanks to René Berber
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@496 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-19 21:51:14 +00:00
Cyril Jaquier
0c40adda4b
- Fixed some comments
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@494 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-18 22:33:01 +00:00
Cyril Jaquier
6f7df2cc3c
- Use numeric output for iptables in "actioncheck"
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@489 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-14 21:20:03 +00:00
Yaroslav Halchenko
90fb1d442e
slight english adjustment with no good english: Destinataire->Destination/Addressee
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@479 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-07 03:12:28 +00:00
Cyril Jaquier
d6e49f8480
- Fixed rebanned bug
...
- Clarified available tags
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@455 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-12 10:56:21 +00:00
Cyril Jaquier
51fd8fac27
- Added ipfw action script and example. Thanks to Nick Munger
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@421 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-19 20:15:24 +00:00
Cyril Jaquier
15a4634c38
- Added "shorewall" action
...
- Use glob in setup.py
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@413 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-17 21:13:11 +00:00
Cyril Jaquier
2bcc036cf2
- Improved configuration files
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@394 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-01 21:19:56 +00:00
Cyril Jaquier
5c020b99da
- mail-report.conf is not a good idea as the jail is already deleted when creating the report
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@339 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-10 20:41:57 +00:00
Cyril Jaquier
7864bdc953
- Improved jail.conf
...
- Removed useless parameter in mail-report.conf
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@335 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-06 21:33:18 +00:00
Cyril Jaquier
1c3088b267
- Added new action
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@334 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-06 21:19:58 +00:00
Cyril Jaquier
d7682360bc
- Clean up configuration files
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@281 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-20 21:34:55 +00:00
Cyril Jaquier
4bc6fe419b
- Removed a new line
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@268 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-06 22:15:10 +00:00
Cyril Jaquier
b5c0f7bae2
- Added whois information to mail. Feature Request #1533626
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@260 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-06 21:20:28 +00:00
Cyril Jaquier
894bcbdbbf
- Improved mail script
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@257 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-31 21:48:13 +00:00
Cyril Jaquier
be7cc4f81c
- Added mail script
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@256 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-19 21:35:22 +00:00
Cyril Jaquier
9aa6a505eb
- Added header
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@254 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-17 19:26:14 +00:00
Cyril Jaquier
7048e19995
- 0.7.0 soon
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@251 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-16 21:35:08 +00:00
Cyril Jaquier
12c222bd1c
- One step forward to 0.7.0
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@250 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-08 16:51:14 +00:00
Cyril Jaquier
ea1948eff4
- Initial commit of the new development release 0.7
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-06-26 20:05:00 +00:00