github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
2,240 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

675 Commits (9e358541b7f3ed64c70a8500aa141941f65d465e)

Author SHA1 Message Date
Daniel Black 9fe0a69852 ENH: add firewallcmd-ipset 2013-12-14 09:06:01 +00:00
Daniel Black 4ffc57e14f ENH: simplify firewallcmd-new actioncheck and provide output samples 2013-12-14 07:11:29 +00:00
Daniel Black 1ff52dfe4d DOC: document ufw a bit more. Change insertpos default to 1 to allow it to work if the user run ufw enable 2013-12-14 00:40:47 +00:00
Daniel Black f35345ecaa ENH: add ufw action based off Guilhem Lettron's work in lp-#701522. Closes gh-455 2013-12-14 00:34:12 +00:00
Daniel Black 13ccebe78f BF: fix actioncheck in firewallcmd 2013-12-13 23:40:51 +00:00
Steven Hiscocks 0bcff771b8 ENH: Add <ipmatches> and <ipjailmatches> tags 
Example use filter also added for sendmail-whois with ipmatches rather
than grepped lines
 2013-12-13 22:40:11 +00:00
Steven Hiscocks 2c3dbc8046 BF: In 0.9 recidive bans come from fail2ban.server.actions 
Also changed journalmatch to limit to WARNING priority to avoid the
recidive + DEBUG combo issue
 2013-12-13 21:55:43 +00:00
Steven Hiscocks b7d1579c9d MRG: branch 'kwirk/database' into 0.9 - gh-480 
Conflicts:
	fail2ban/tests/utils.py
        - Another test suite added in separate commit e09b700
 2013-12-13 17:15:19 +00:00
Steven Hiscocks e18af48e34 ENH: Database now optional, by setting dbfile to "None" 2013-12-10 21:16:36 +00:00
Daniel Black 9d532828fc BF: multiple _ separated values according to http://wiki.squid-cache.org/SquidFaq/SquidLogs#Squid_result_codes. Thanks Steven 2013-12-11 07:44:41 +11:00
Daniel Black 66374913ec ENH: add squid filter 2013-12-10 21:24:37 +11:00
Daniel Black db4c21acde BF/DOC: fix filename in documentation for filter.d/proftpd 2013-12-09 14:46:01 +11:00
Daniel Black e8eab11615 DOC: proftp - turn off ReverseDNS 2013-12-09 14:45:09 +11:00
Daniel Black f385439a41 MRG: ChangeLog merge 2013-12-09 09:28:42 +11:00
Daniel Black 36917d7517 BF: action.d/complain - match IP at beginning and end of lines 2013-12-09 09:21:55 +11:00
Steven Hiscocks d8c7bca9b0 BF: Fix dbpurgeage default value, and change default dbfile extension 2013-12-08 11:35:12 +00:00
Steven Hiscocks bbadef847b ENH: Add fail2ban persistent data storage 2013-12-07 23:23:28 +00:00
Daniel Black 135c759dbb Merge pull request #477 from kwirk/blocklist.de 
ENH: Added blocklist.de reporting API action
 2013-12-06 16:16:39 -08:00
Steven Hiscocks 630dd91dcd BF: Add [Init] section to blocklist.de action 2013-12-07 00:09:31 +00:00
Steven Hiscocks b3c173795e ENH: blocklist.de action error on HTTP response code 4xx 2013-12-06 08:22:21 +00:00
Daniel Black 51f2619878 Merge pull request #473 from grooverdan/whois-missing 
ENH: Whois missing in actions? Include output to say so
 2013-12-05 12:44:35 -08:00
Daniel Black e07ba41870 Merge pull request #463 from grooverdan/firewall-cmd-direct-new-length-too-long 
BF: firewall-cmd-direct-new was too long. Thanks Joel.
 2013-12-05 12:42:55 -08:00
Steven Hiscocks a19b33cc72 ENH: blocklist.de action added fail2ban version as user agent 2013-12-05 18:12:15 +00:00
Steven Hiscocks f742ed0e4b DOC: when to use blocklist.de reporting 
Taken from commit 1846056606
 2013-12-05 18:06:53 +00:00
Steven Hiscocks e810ec009d ENH: Added blocklist.de reporting API action 2013-12-05 08:22:20 +00:00
Daniel Black 4dc51e5def BF: put notice in email if whois program could not provide more information. Closes gh-471 2013-12-04 22:43:06 +11:00
Daniel Black 97d7f46bb7 DOC: correct grammar - s/Here are more information/Here is more information/ 2013-12-04 22:40:48 +11:00
Daniel Black 8aead9ab79 BF: escape quotes when splitting addresses for xarf 2013-12-04 08:19:05 +11:00
Daniel Black 1846056606 DOC: when to use xarf messages to network owner 2013-12-03 20:40:42 +11:00
Daniel Black 8c37d2e4de ENH: remove dependency on querycontacts 2013-12-03 20:34:21 +11:00
Daniel Black bfd435091d ENH: jail examples for xarf-login-attack 2013-12-01 20:29:43 +11:00
Daniel Black dd356c3cef BF: fixed for sendmail and tested the MTA aspects of this action 2013-12-01 19:08:28 +11:00
Daniel Black 9df5f4eec8 BF: remove debugging tee command on xarf-login-attack 2013-12-01 17:53:34 +11:00
Daniel Black d015f7f4fc BF/ENH: fixed so xarf-login-attack works 2013-12-01 17:49:35 +11:00
Daniel Black 0495aa098e BF: grep matches on <ip> shouldn't include other IPs 2013-11-30 18:01:45 +11:00
Daniel Black 95845b7b65 BF: complain action could match too many IP addresses 2013-11-30 17:47:10 +11:00
Daniel Black 5cc7173fd4 ENH: add xarf email sender for login-attack type 2013-11-30 14:16:26 +11:00
Yaroslav Halchenko 3a5983ab0b Merge branch 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban 
* 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban:
  Changelog entries for the last changes
  ENH: added optional [PID] matching in recidive.conf
  ENH: reintroducing levelnameinto syslog msgs, time stamp and indentation in non-syslog msgs
  BF/ENH: include [PID] into logging msgs, remove indentation from syslog messages

Conflicts:
	ChangeLog
 2013-11-29 19:58:56 -05:00
Daniel Black f7504d5b64 MRG: conflict in THANKS 2013-11-30 10:39:19 +11:00
Daniel Black 56b6bf7d25 ENH: reduce firewalld-cmd-new -> firewallcmd-new 2013-11-30 10:30:29 +11:00
Daniel Black 04438cd1a1 BF/ENH: mysql jail - rename to mysql-syslog to be consistent with 0.8.13. Add port to syslog defination. Document mysql configuration required for mysql jails 2013-11-30 10:00:59 +11:00
Daniel Black 3f4d179612 BF: smtps not an IANA port - from #447 2013-11-30 09:52:32 +11:00
Daniel Black fe9e077acf BF: correct spelling of port for solid-pop3 jail in jail.conf 2013-11-30 09:51:30 +11:00
Daniel Black 86a0a5962a BF: revert to fail2ban- prefix as f2b- was intended for 0.9 2013-11-30 08:05:20 +11:00
Yaroslav Halchenko 25e967f23b Merge branch 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban 
* 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban:
  BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447)

Conflicts:
	ChangeLog
 2013-11-29 10:02:31 -05:00
Daniel Black b9b2ddf996 BF: smtps not IANA standard. Closes #447 2013-11-29 21:47:53 +11:00
Daniel Black cade746307 BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447) 2013-11-29 21:45:11 +11:00
Daniel Black 9e53892708 BF: did remove instead of move 2013-11-29 19:26:24 +11:00
Daniel Black af4feb0c92 Actions to have f2b- as prefix instead of fail2ban- as per #462 2013-11-29 19:08:38 +11:00
Daniel Black fb666b69ff BF: firewall-cmd-direct-new was too long. Thanks Joel. 2013-11-28 23:35:05 +11:00
Daniel Black 227f27ce6b ENH: added multiline filter for sshd filter 2013-11-25 14:55:41 +11:00
Daniel Black f80fa7d7a0 Merge pull request #456 from grooverdan/apffix 
BF: add init section with name for action.d/apf. Closes #398
 2013-11-24 13:48:46 -08:00
Daniel Black 13223c33f5 MRG: recidive-protocol-all 2013-11-25 08:22:09 +11:00
Daniel Black dc154c792e BF: add init section with name for action.d/apf. Closes #398 2013-11-25 08:08:20 +11:00
Yaroslav Halchenko a26d4f42b7 ENH: added optional [PID] matching in recidive.conf 2013-11-24 10:21:02 -05:00
Daniel Black 9a82bc3c61 BF: kernel messages can have space. Thanks ag4ve(shawn). Closes #448 2013-11-24 18:21:02 +11:00
Daniel Black 98eacdf333 MRG/BF: merge from master. Fix bugs in iso8601 2013-11-24 16:36:06 +11:00
Yaroslav Halchenko 629e9ae445 Merge pull request #443 from grooverdan/apache-authfix 
BF: apache filters using error log weren't matched when referer existed ...
 2013-11-18 15:53:39 -08:00
Daniel Black 284f811c91 BF: apache filters using error log weren't matched when referer existed in HTTP header 2013-11-19 10:27:55 +11:00
Daniel Black 1ea68b2d0c DOC: filter.d/solid-pop3d - document lack of PAM support. Thanks to Jacques for the log messages 2013-11-18 09:44:26 +11:00
Daniel Black 0eea0a35db ENH: filter.d/solid-pop3d - added log messages and regexes 2013-11-18 08:58:23 +11:00
Daniel Black dab2ddb9da ENH: recidive jail to block all protocols. Closes #440 2013-11-18 07:57:16 +11:00
Daniel Black b3b9ea4559 ENH: jail for solid-pop3d 2013-11-18 07:42:45 +11:00
Daniel Black 88eff70774 ENH: filter.d/solid-pop3d added 2013-11-16 09:43:15 +11:00
Daniel Black 1ac7b53cad MRG: merge from master 2013-11-13 09:16:45 +11:00
Daniel Black 286d78e13c Merge pull request #430 from grooverdan/apache-overflows 
ENH: Apache overflows - httpd-2.4 message IDs + samples
 2013-11-12 12:46:52 -08:00
Daniel Black 50ca16e50e Merge pull request #431 from grooverdan/apache-noscript 
ENH: apache-2.4 message IDs for filter apache-noscript
 2013-11-12 12:46:09 -08:00
Daniel Black 947c6ff9cc Merge pull request #433 from grooverdan/asterisk 
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from " regex thanks to Jonathan Lanning
 2013-11-12 12:45:52 -08:00
Daniel Black 38503a5848 Merge pull request #434 from grooverdan/dos-resistant-dropbear 
ENH: DoS resistant dropbear filter
 2013-11-12 12:45:12 -08:00
Daniel Black 62b1f98dff Merge pull request #435 from grooverdan/dos-resistant-exim 
BF: exim filter to be DoS resistant
 2013-11-12 12:44:53 -08:00
Daniel Black be60518218 BF/ENH: DoS resistant roundcube-auth with test cases and more variation in IMAP error given 2013-11-12 18:57:01 +11:00
Daniel Black 52972164a2 BF: exim filter to be DoS resistant 2013-11-12 18:13:35 +11:00
Daniel Black c272573fe3 ENH: DoS resistant dropbear filter 2013-11-12 18:06:16 +11:00
Daniel Black eb9663eb4f BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning 2013-11-12 09:22:41 +11:00
Daniel Black 648d48c355 ENH: apache-2.4 message IDs for filter apache-noscript 2013-11-11 10:49:11 +11:00
Daniel Black a4718eb644 ENH: apache-overflow filter to have HTTP-2.4 message IDs and test samples 2013-11-11 10:38:02 +11:00
Daniel Black 87516eb92b ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case 2013-11-11 09:46:40 +11:00
Daniel Black c5021b55f6 Merge pull request #427 from yarikoptic/bf/nginx-regex-injection 
BF: anchor introduced nginx-http-auth at the end
 2013-11-08 17:23:03 -08:00
Yaroslav Halchenko ccd26578ec Merge pull request #425 from grooverdan/asterisk-simplify 
ENH: condense asterisk regexs for speed
 2013-11-08 14:42:35 -08:00
Yaroslav Halchenko ac061155f0 BF: anchor introduced nginx-http-auth at the end 
needed since request probably could be not a correct HTTP statement but continue with
all those to match till the end and then injected ", client: VICTIM, server..." thus allowing
injection.  We better anchor at the end then
 2013-11-08 14:40:52 -08:00
Yaroslav Halchenko ea8fce6308 Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection 
openssh 6.3 regex injection vectors:  inject into ruser and/or exploiting pre-specified limits set for user provided data
 2013-11-08 14:35:18 -08:00
Yaroslav Halchenko bf245f9640 DOC: adding DEV Notes for for non-greedy matchin within sshd.conf 2013-11-08 14:34:31 -08:00
Daniel Black d6bbe03861 Merge pull request #424 from grooverdan/nginx-auth 
ENH: add filter.d/nginx-http-auth. Partially forfils #405
 2013-11-08 14:24:02 -08:00
Yaroslav Halchenko 750e0c1e3d BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input 
since daemon might eventually change reported length and we would need to adjust anyways.  So limiting
in length does not provide additional security but allows for a possible injection vector
 2013-11-08 10:10:33 -08:00
Yaroslav Halchenko abb012ae5c BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy 2013-11-08 10:00:37 -08:00
Daniel Black a8a1310098 ENH: sendmail-spam - loose regex on email and domain bits so more likely to match. Added dev notes and author attribution/blame 2013-11-08 10:54:10 +11:00
Daniel Black d7560d4041 ENH: condense asterisk regexs for speed 2013-11-08 10:24:50 +11:00
Daniel Black ab9d921162 BF: missed action in nginx-http-auth 2013-11-08 10:09:19 +11:00
Daniel Black a148d35d70 ENH: add filter.d/nginx-http-auth. Partially forfills #405 2013-11-08 10:06:40 +11:00
Yaroslav Halchenko 4522308354 ENH: regenerated config/filter.d/apache-badbots.conf 2013-11-07 14:26:18 -08:00
Daniel Black cb982ef921 ENH: multiline filter for sendmail-spam. Closes gh-418 2013-11-08 08:55:45 +11:00
Daniel Black 0730db9b2b Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam 
BF:  wuftpd pam filter fix (Debian bug 665925)
 2013-11-05 18:39:01 -08:00
Daniel Black e55b24c533 BF: fix dovecot filter for newer failure message. Closes Debian bug #709324 2013-11-06 12:51:21 +11:00
Daniel Black 8b54523316 BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925 2013-11-06 12:13:37 +11:00
Daniel Black ac1f45d18c Merge pull request #412 from grooverdan/firewalld 
ENH: enhance firewall-cmd to use firewall-0.8.3's --remove-rules
 2013-11-05 16:46:18 -08:00
Daniel Black 87f68d7564 firewalld-0.3.8 release that support --remove-rules out so documenting this. 2013-11-06 11:37:56 +11:00
Daniel Black ee1edfbf0c BF: remove duplication definition secion in webmin-auth 2013-11-04 17:54:36 +11:00
Daniel Black 60006bd70f BF: remove duplication definition secion in webmin-auth 2013-11-04 17:51:41 +11:00
Daniel Black 47d35c9d80 MRG: 0.8.11 to 0.9 
Epnoc of selinux is now true UTC

Merge multiline support and date detection in filter
 2013-11-02 15:59:05 +11:00
Daniel Black b5c10488c1 Merge pull request #409 from grooverdan/filter-doco 
DOC: in filters, put user relevant doc at top, and developer info at bot...
 2013-10-30 15:11:46 -07:00