fail2ban

Commit Graph

Author	SHA1	Message	Date
Daniel Black	13223c33f5	MRG: recidive-protocol-all	11 years ago
Daniel Black	dc154c792e	BF: add init section with name for action.d/apf. Closes #398	11 years ago
Yaroslav Halchenko	a26d4f42b7	ENH: added optional [PID] matching in recidive.conf	11 years ago
Daniel Black	9a82bc3c61	BF: kernel messages can have space. Thanks ag4ve(shawn). Closes #448	11 years ago
Yaroslav Halchenko	629e9ae445	Merge pull request #443 from grooverdan/apache-authfix BF: apache filters using error log weren't matched when referer existed ...	11 years ago
Daniel Black	284f811c91	BF: apache filters using error log weren't matched when referer existed in HTTP header	11 years ago
Daniel Black	1ea68b2d0c	DOC: filter.d/solid-pop3d - document lack of PAM support. Thanks to Jacques for the log messages	11 years ago
Daniel Black	0eea0a35db	ENH: filter.d/solid-pop3d - added log messages and regexes	11 years ago
Daniel Black	dab2ddb9da	ENH: recidive jail to block all protocols. Closes #440	11 years ago
Daniel Black	b3b9ea4559	ENH: jail for solid-pop3d	11 years ago
Daniel Black	88eff70774	ENH: filter.d/solid-pop3d added	11 years ago
Daniel Black	286d78e13c	Merge pull request #430 from grooverdan/apache-overflows ENH: Apache overflows - httpd-2.4 message IDs + samples	11 years ago
Daniel Black	50ca16e50e	Merge pull request #431 from grooverdan/apache-noscript ENH: apache-2.4 message IDs for filter apache-noscript	11 years ago
Daniel Black	947c6ff9cc	Merge pull request #433 from grooverdan/asterisk BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from " regex thanks to Jonathan Lanning	11 years ago
Daniel Black	38503a5848	Merge pull request #434 from grooverdan/dos-resistant-dropbear ENH: DoS resistant dropbear filter	11 years ago
Daniel Black	62b1f98dff	Merge pull request #435 from grooverdan/dos-resistant-exim BF: exim filter to be DoS resistant	11 years ago
Daniel Black	be60518218	BF/ENH: DoS resistant roundcube-auth with test cases and more variation in IMAP error given	11 years ago
Daniel Black	52972164a2	BF: exim filter to be DoS resistant	11 years ago
Daniel Black	c272573fe3	ENH: DoS resistant dropbear filter	11 years ago
Daniel Black	eb9663eb4f	BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning	11 years ago
Daniel Black	648d48c355	ENH: apache-2.4 message IDs for filter apache-noscript	11 years ago
Daniel Black	a4718eb644	ENH: apache-overflow filter to have HTTP-2.4 message IDs and test samples	11 years ago
Daniel Black	87516eb92b	ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case	11 years ago
Daniel Black	c5021b55f6	Merge pull request #427 from yarikoptic/bf/nginx-regex-injection BF: anchor introduced nginx-http-auth at the end	11 years ago
Yaroslav Halchenko	ccd26578ec	Merge pull request #425 from grooverdan/asterisk-simplify ENH: condense asterisk regexs for speed	11 years ago
Yaroslav Halchenko	ac061155f0	BF: anchor introduced nginx-http-auth at the end needed since request probably could be not a correct HTTP statement but continue with all those to match till the end and then injected ", client: VICTIM, server..." thus allowing injection. We better anchor at the end then	11 years ago
Yaroslav Halchenko	ea8fce6308	Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection openssh 6.3 regex injection vectors: inject into ruser and/or exploiting pre-specified limits set for user provided data	11 years ago
Yaroslav Halchenko	bf245f9640	DOC: adding DEV Notes for for non-greedy matchin within sshd.conf	11 years ago
Daniel Black	d6bbe03861	Merge pull request #424 from grooverdan/nginx-auth ENH: add filter.d/nginx-http-auth. Partially forfils #405	11 years ago
Yaroslav Halchenko	750e0c1e3d	BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input since daemon might eventually change reported length and we would need to adjust anyways. So limiting in length does not provide additional security but allows for a possible injection vector	11 years ago
Yaroslav Halchenko	abb012ae5c	BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy	11 years ago
Daniel Black	d7560d4041	ENH: condense asterisk regexs for speed	11 years ago
Daniel Black	ab9d921162	BF: missed action in nginx-http-auth	11 years ago
Daniel Black	a148d35d70	ENH: add filter.d/nginx-http-auth. Partially forfills #405	11 years ago
Yaroslav Halchenko	4522308354	ENH: regenerated config/filter.d/apache-badbots.conf	11 years ago
Daniel Black	0730db9b2b	Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam BF: wuftpd pam filter fix (Debian bug 665925)	11 years ago
Daniel Black	e55b24c533	BF: fix dovecot filter for newer failure message. Closes Debian bug #709324	11 years ago
Daniel Black	8b54523316	BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925	11 years ago
Daniel Black	ac1f45d18c	Merge pull request #412 from grooverdan/firewalld ENH: enhance firewall-cmd to use firewall-0.8.3's --remove-rules	11 years ago
Daniel Black	87f68d7564	firewalld-0.3.8 release that support --remove-rules out so documenting this.	11 years ago
Daniel Black	ee1edfbf0c	BF: remove duplication definition secion in webmin-auth	11 years ago
Daniel Black	b5c10488c1	Merge pull request #409 from grooverdan/filter-doco DOC: in filters, put user relevant doc at top, and developer info at bot...	11 years ago
Daniel Black	5eddd5d12d	DOC: document required firewalld version as > 0.3.7.1	11 years ago
Daniel Black	27d257d5a6	Merge pull request #408 from grooverdan/dropbear BF: filter.d/dropbear	11 years ago
Daniel Black	8ac6081555	ENH: fix to use upstream --remove-rules https://fedorahosted.org/firewalld/ticket/10	11 years ago
Daniel Black	93de46ac72	BF: maxretry=5 for ssh as per DEVELOP. align = in jail.conf	11 years ago
Daniel Black	c3f9c9aa60	BF: filter.d/dropbear Add PAM failures which is in dropbear-2013.60 in srv-authpam.c Patch http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch obviously has exit with lower case e so adjust regex for both. svr-authpasswd.c in 2013.60 (at bottom) for second regex ends after the IP so the regex was altered. .\s can be compressed to .*	11 years ago
Daniel Black	89fd792dfb	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	11 years ago
Daniel Black	de9977441a	DOC: move named and mysql instructions into the filters from jail.conf	11 years ago
Daniel Black	7ab909d056	DOC: space out jail.conf consistantly	11 years ago
Daniel Black	95f3f38682	MRG: merge ChangeLog and jail.conf	11 years ago
Daniel Black	e3150044fd	BF: fix selinux TST: ignore *common.conf files in test cases as these are included BF: Remove USER_LOGIN from selinux-ssh as its a duplicate message ENH: add sample jail.conf	11 years ago
Daniel Black	0f85aef609	Merge pull request #407 from grooverdan/dovecot-jail ENH: Dovecot jail	11 years ago
Daniel Black	a991adb83f	ENH: add submission, smtps and sieve to blocked ports since this also typically rely on dovecot auth	11 years ago
Daniel Black	8412303131	ENH: dovecot jail examples	11 years ago
Daniel Black	cde389cadc	ENH: additional tweek to dovecot regex based on http://chrisgilligan.com/portfolio/fail2ban-regex/	11 years ago
Daniel Black	0c14707201	ENH: add dovecot jail	11 years ago
Daniel Black	d451c2a231	FIX: vsftp improvements from Rich Mellor on mailing list	11 years ago
Daniel Black	b61fe0f12d	Merge pull request #378 from grooverdan/sasl ENH: filter.d/postfix-sasl - anchor regex at start and rename from filter.d/sasl	11 years ago
Daniel Black	4ecc063bd0	ENH: rename filter.d/sasl -> filter.d/postfix-sasl	11 years ago
Daniel Black	c2b76d1fd0	Merge pull request #397 from yarikoptic/_enh/unify_default_strings DOC: enh/unify "Default:" strings	11 years ago
Daniel Black	b4cbf82912	DOC: remove Default: on action firewall-cmd-direct-new	11 years ago
Yaroslav Halchenko	4149c7495d	Options in actions to be specified in jails have no "Default"s besides those specified in the files -- thus removing from comments	11 years ago
Yaroslav Halchenko	d12eb2526a	Fixing up default values in fail2ban.conf + unifying formatting	11 years ago
Daniel Black	f1bb08aa6a	ENH: base blocktype off iptables-blocktype.conf for firewall-cmd-direct-new.conf like other iptables based actions	11 years ago
Daniel Black	12f7ea7ec4	DOC: remove excessive comments from firewall-cmd-direct-new	11 years ago
Daniel Black	0d8d1ae26c	ENH: new action.d/firewall-cmd-direct-new.conf from Redhat Bugzilla #979622	11 years ago
Daniel Black	123ad1cc9c	MRG: Merge branch 'asterisk-common-jail'	11 years ago
Daniel Black	8421007f32	MRG: merge man/jail.conf.5 entries	11 years ago
Daniel Black	ef62d0d4c1	Merge pull request #391 from grooverdan/jail-mysql-doc ENH: mysql syslog jail.conf base	11 years ago
Daniel Black	e417a2112c	Merge pull request #386 from grooverdan/qmail ENH: filter.d/qmail - anchor at start. Add another regex	11 years ago
Daniel Black	e227568c3b	Merge pull request #384 from grooverdan/dovecot-325 ENH: added to dovecot filter. closes gh-325	11 years ago
Daniel Black	0022cca786	Merge pull request #385 from grooverdan/ipset ENH/BF: Ipset - add iptables-ipset-proto6-allports / use blocktype on iptables-ipset-proto6*	11 years ago
Daniel Black	8fe542ca9f	DOC: reintroduce comment on comments	11 years ago
Daniel Black	6b6169178f	ENH: mysql syslog jail.conf base	11 years ago
Daniel Black	ee58696531	DOC: try to encourage jail.local jail.d/*.local a lot more	11 years ago
Daniel Black	6ef33981e3	ENH: new asterisk jail to replace asterisk-(tcp\|udp) (now that gh-37 is fixed)	11 years ago
Daniel Black	6b519d54db	ENH: filter.d/recidive - replace ignore regex with a negative lookahead assertion	11 years ago
Daniel Black	351eb5ec8f	ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd	11 years ago
Daniel Black	eb59a57b7f	ENH: tighten pam_unix expression for dovecot	11 years ago
Daniel Black	864d2f41b9	ENH: auth-worker as per of _daemon definition for dovecot	11 years ago
Daniel Black	2d1bd54439	Merge pull request #379 from grooverdan/webmin ENH: filter.d/webmin anchor at start and use syslog	11 years ago
Yaroslav Halchenko	500968874e	Merge pull request #381 from grooverdan/suhosin ENH: filter.d/suhosin - anchor regex at start	11 years ago
Yaroslav Halchenko	a7b1b802e0	Merge pull request #382 from grooverdan/vsftpd Vsftpd	11 years ago
Yaroslav Halchenko	f0b91fcede	Merge pull request #380 from grooverdan/sogo ENH: filter.d/sogo-auth - anchor regex at start	11 years ago
Daniel Black	df313649a4	ENH: escape . in recidive filter	11 years ago
Daniel Black	1a5e17f2a3	BF: use blocktype for iptables-ipset-proto6*	11 years ago
Daniel Black	dcb845f17c	ENH: add iptables-ipset-proto6-allports for blocking all ports	11 years ago
Daniel Black	2a1d629d88	BF: webmin -> webmin-auth	11 years ago
Daniel Black	ab457acc4d	BF: fix name in action for uwimap-auth	11 years ago
Daniel Black	0beea03914	ENH: jail.conf example for webmin	11 years ago
Daniel Black	d60f470096	ENH: added to dovecot filter. closes gh-325	11 years ago
Daniel Black	46386412a4	ENH: filter.d/vsftpd - pam regex as syslog and anchored at start	11 years ago
Daniel Black	1519712972	ENH: filter.d/vsftpd anchor internal regex at start	11 years ago
Daniel Black	9637c27873	ENH: filter.d/suhosin - anchor regex at start	11 years ago
Daniel Black	13bcc9aa84	ENH: filter.d/sogo-auth - anchor regex at start	11 years ago
Daniel Black	b64bf3fa7b	ENH: filter.d/webmin anchor at start and use syslog	11 years ago
Daniel Black	f4c7c8f4b3	ENH: sasl - anchor regex at start	11 years ago
Daniel Black	23dd734aa9	Merge pull request #366 from grooverdan/dovecot ENH: dovecot regex to match failure reported by Bob Cohen on mailing lis...	11 years ago
Daniel Black	f998e01590	Merge pull request #359 from grooverdan/pureftpd ENH: Pureftpd syslog prefixing and filter achoring	11 years ago

1 2 3 4 5 ...

574 Commits (a0c2de3e4db65f429382e8ccaed66cb0f0ca88e6)