github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,358 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

1719 Commits (9f635c66fb4d8b54c1dcfc553fb12859185cf22c)

Author SHA1 Message Date
sebres 66ff90408f Merge branch '0.10' into 0.11 2020-11-09 12:45:29 +01:00
sebres d4adec7797 Merge branch '0.9' into 0.10 2020-11-09 12:44:07 +01:00
sebres 5430091acb jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868) 2020-11-09 12:43:34 +01:00
sebres 6ef69b48ca Merge branch '0.10' into 0.11 2020-11-05 16:12:31 +01:00
sebres 02525d7b6f filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended with new rule closing flood attack vector, matching: 
error: kex_exchange_identification: Connection closed by remote host
(gh-2850)
 2020-10-08 21:07:51 +02:00
sebres 2817a8144c `action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used) 2020-09-29 13:33:40 +02:00
sebres 1418bcdf5b `action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836) 2020-09-29 12:35:49 +02:00
sebres d253e60a8b Merge branch '0.10' into 0.11 2020-09-23 19:39:50 +02:00
Sergey G. Brester d977d81ef7
action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos 2020-09-17 12:39:08 +02:00
sebres 74b73bce8a Merge branch '0.10' into 0.11 2020-09-04 13:09:47 +02:00
sebres a038fd5dfe `action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`; 
small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules);
closes gh-2821
 2020-09-03 16:41:23 +02:00
sebres 4d2734dd86 Merge branch '0.10' into 0.11 2020-09-02 20:23:07 +02:00
sebres ed20d457b2 jail.conf: removed action parameter `name` that set on jail-name (`name=%(__name__)s` is default in action reader) 2020-09-02 20:14:31 +02:00
sebres db1f3477cc amend to 3f04cba9f92a1827d0cb3dcb51e57d9f60900b4a: sendmail-auth has 2 failregex now, so rewritten with prefregex 2020-08-27 18:07:42 +02:00
sebres 3f04cba9f9 filter `sendmail-auth` extended to follow new authentication failure message introduced in sendmail 8.16.1, AUTH_FAIL_LOG_USER (gh-2757) 2020-08-27 17:44:25 +02:00
sebres 07fa9f2912 fixes gh-2787: allow to match `did not issue MAIL/EXPN/VRFY/ETRN during connection` non-anchored with extra mode (default names may deviate); 
additionally provides common addr-tag for IPv4/IPv6 (`(?:IPv6:<IP6>|<IP4>)`) and test-coverage for IPv6
 2020-08-27 17:04:19 +02:00
sebres e9071b642a Merge branch '0.10' into 0.11 2020-08-25 18:28:18 +02:00
benrubson 1707560df8 Enhance Guacamole jail 2020-08-25 13:01:50 +02:00
sebres 067b76fc9e Merge branch '0.10' into 0.11 2020-08-04 15:40:59 +02:00
sebres 9100d07c03 Merge branch '0.10-ipset-tout' into 0.10, amend to #2703: resolves names conflict (command action timeout and ipset timeout); closes #2790 2020-08-04 13:53:21 +02:00
sebres 62a6771b33 Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763 
action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)
 2020-08-04 13:51:20 +02:00
sebres 73a8175bb0 resolves names conflict (command action timeout and ipset timeout); closes gh-2790 2020-08-04 13:22:02 +02:00
Sergey G. Brester 08dbe4abd5
fixed comment for loglevel, default is INFO 2020-07-03 13:45:29 +02:00
sebres 309c8dddd7 action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`) 2020-06-24 19:20:36 +02:00
sebres 1da9ab78be Merge branch '0.10' into 0.11 2020-06-11 12:52:13 +02:00
sebres 5a0edf61c9 filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749) 2020-06-08 14:38:26 +02:00
sebres 1588200274 Merge branch '0.10' into 0.11 2020-05-25 18:58:05 +02:00
Sergey G. Brester 43f699b872
grammar / typos 2020-05-06 17:32:13 +02:00
Sergey G. Brester 368aa9e775
Merge pull request #2689 from benrubson/gitlab 
New Gitlab jail
 2020-05-04 19:19:13 +02:00
Sergey G. Brester 01e92ce4a6 added fallback using tr and sed (jq is optional now) 2020-04-27 19:26:46 +02:00
Sergey G. Brester 1c1b671c74 Update cloudflare.conf 2020-04-27 19:26:44 +02:00
Sergey G. Brester 5b8fc3b51a cloudflare: fixes ip to id conversion by unban using jq 
normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)
 2020-04-27 19:26:43 +02:00
Viktor Szépe 852670bc99 CloudFlare started to indent their API responses 
We need to use https://github.com/stedolan/jq to parse it.
 2020-04-27 19:26:39 +02:00
Ilya 8b3b9addd1 Change tool from 'cut' to 'sed' 
Sed regex was tested - it works.
 2020-04-27 19:12:36 +02:00
Ilya 5da2422f61 Fix actionunban 
Add command to remove new line character. Needed for working removing rule from cloudflare firewall.
 2020-04-27 19:12:35 +02:00
sebres 87a1a2f1a1 action.d/*-ipset*.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only) 2020-04-25 14:52:38 +02:00
sebres 6b90ca820f filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently: 
- `normal`: matches 401 with supplied username only
  - `ddos`: matches 401 without supplied username only
  - `aggressive`: matches 401 and any variant (with and without username)
closes gh-2693
 2020-04-23 13:08:24 +02:00
sebres affd9cef5f filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697) 2020-04-21 13:32:17 +02:00
sebres 06b46e92eb jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead); 
no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357;
ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686);
don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.
 2020-04-15 19:00:49 +02:00
benrubson 2912bc640b New Gitlab jail 2020-04-09 16:42:08 +02:00
sebres 136781d627 filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682) 2020-04-08 12:17:59 +02:00
sebres 38b32a9a72 Merge branch '0.10' into 0.11 2020-03-18 19:53:55 +01:00
sebres 22a04dae05 Merge branch '0.9' into 0.10 (gh-2246) 2020-03-18 16:11:53 +01:00
Sergey G. Brester b1e1cab4b7
Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2 
Improve regex in proftpd.conf
 2020-03-18 15:49:18 +01:00
sebres 606bf110c9 filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE 
(closes gh-2662)
 2020-03-16 17:31:39 +01:00
sebres 32f02ef3b3 Merge branch '0.10' into 0.11 2020-03-05 14:01:14 +01:00
sebres 42714d0849 filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it); 
amend to 62b1712d22 (PR #2387, backend-related option `logtype`);
testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)
 2020-03-05 13:47:11 +01:00
sebres e6ca04ca9d Merge branch '0.10' into 0.11 + version bump (back to dev) 2020-02-25 16:10:31 +01:00
sebres ab3a7fc6d2 filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect 2020-02-17 16:24:42 +01:00
sebres 7282cf91b0 Merge branch '0.10' into 0.11 2020-02-14 12:13:29 +01:00