fail2ban

Commit Graph

Author	SHA1	Message	Date
Daniel Black	a401d11644	ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied	11 years ago
Andy Fragen	ef504c869f	added osx specific ipfw action with random rulenum	11 years ago
Yaroslav Halchenko	265a85ec1f	RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis	11 years ago
Daniel Black	b8e7d0b867	ENH: further tighten lighttpd basic auth regex	11 years ago
Daniel Black	a7ebb84a7d	ENH: tighted up lighttpd regex	11 years ago
François Boulogne	e133b9f1d1	MAINT: add support for lightty1.4.31	11 years ago
Daniel Black	ca4729e943	ENH: filter.d/exim.conf - add authentication failures for "plain" authentication	11 years ago
Daniel Black	ef903db3c9	ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333	11 years ago
Daniel Black	cfb7dba268	DOC: merge ChangeLog	11 years ago
Daniel Black	b589533d69	Merge branch 'master' into kwirk-merge Conflicts: ChangeLog testcases/files/logs/dropbear	11 years ago
Daniel Black	fd7cc5bda7	BF: duplicate regex match fixed	11 years ago
Daniel Black	6a56727669	BF: apache-common regex - datetime could be entirely consumed	11 years ago
Daniel Black	a9eb8a76c6	merge of change log and apache-auth differences	11 years ago
Steven Hiscocks	4e5feed7fc	Merge pull request #8 from grooverdan/gh-303-merge-2 training space on wuftp	11 years ago
Daniel Black	aad7d08451	BF: disable filter expressions without tests	11 years ago
Yaroslav Halchenko	42f3aa9f62	Merge pull request #329 from grooverdan/bind-unauth-zonetransfer Bind unauth zonetransfer. Closes #323	11 years ago
Daniel Black	6a36ff1a4a	BF: order mailx arguments with dest email address last - redhat bugzilla 998020. Closes gh-328	11 years ago
Daniel Black	c44328b1a3	ENH: new "realm mismatch" message from https://issues.apache.org/bugzilla/show_bug.cgi?id=55284#c8	11 years ago
Daniel Black	ea7cba4205	ENH: trailing space as per discussion on gh-303	11 years ago
Daniel Black	61d43608ae	ENH: filter.d/postfix - add filter for VRFY. Closes gh-322	11 years ago
Daniel Black	5d451bc4d6	ENH: add refused zone tranfer to named-refused filter. closes #323	11 years ago
Steven Hiscocks	53e16e07ad	ENH: Minor tweak on previous commit proftpd regex changes	11 years ago
Steven Hiscocks	9002de069e	ENH: Improve proftpd regex. Taken from @yarikoptic comment: https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500	11 years ago
Orion Poplawski	31a78b2711	Use /var/run/fail2ban in config/action.d/dummy.conf	11 years ago
Yaroslav Halchenko	e7d5e466b9	Merge branch 'enh/asterisk_and_dropbear_filters' * enh/asterisk_and_dropbear_filters: ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in '' minor: consistent indentation in dropbear.conf https://github.com/fail2ban/fail2ban/issues/306 fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11	11 years ago
Yaroslav Halchenko	4e0ddc5f67	ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''	11 years ago
Yaroslav Halchenko	9487ee5562	minor: consistent indentation in dropbear.conf	11 years ago
Daniel Black	d8883f4346	DOC: Notes about 401 responses and how apache logs this	11 years ago
Daniel Black	7b2773889d	TST: apache-auth filter - nonce timetravel tests + other expression fixes	12 years ago
Daniel Black	0fb04cb2f0	ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4)	12 years ago
Daniel Black	56faf7f5ad	DOC: fix ChangeLog merge	12 years ago
Jamyn Shanley	a355fab91b	https://github.com/fail2ban/fail2ban/issues/306 Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles. Signed-off-by: Jamyn Shanley <jshanley@gmail.com>	12 years ago
Jamyn Shanley	8936f2cd02	fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11	12 years ago
Steven Hiscocks	2f4aaa9fb9	ENH: Simplify sieve filter failregex	12 years ago
Steven Hiscocks	b5639a8672	ENH: Simplify cyrus-imap filter fail regex	12 years ago
Daniel Black	8f532f9148	NIT: space remove	12 years ago
Daniel Black	7d7ef08145	ENH: authentication_id can be an imap4 quoted string, whatever that is, so using .+ as its id	12 years ago
Daniel Black	abc4146079	ENH: perdition proxies other types hence daemon can include (perdidtion.(imap\|pop)s?\|managesieve). Also support local authentication resulting in the log message: local authentication failure	12 years ago
Steven Hiscocks	cf1e5bdbc2	ENH: Tweak proftpd regex and add sample logs Needed to add optional ":" post __pid_re, and for consistency, decided to make use of __prefix_line instead which includes this.	12 years ago
Steven Hiscocks	8b9bafda79	ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples suhosin is hardened php implmentation, which will log the alerts (as seen in samples) to stderr, which is picked up by fastcgi webserver (e.g. lighttpd, apache, nginx)	12 years ago
Steven Hiscocks	4033857f63	ENH: Improve xinetd-fail regex and add sample logs	12 years ago
Steven Hiscocks	a11f91b835	ENH: Improve cyrus-imap regex and add extra sample line	12 years ago
Steven Hiscocks	534be189dc	ENH: Improve sieve regex and add sample line	12 years ago
Steven Hiscocks	ab671b0b1a	ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample For wu-ftpd configured to use pam, the pam filter used be used, as regex is more robust.	12 years ago
Steven Hiscocks	57a6c11260	ENH: Improve courierlogin regex and add sample logs	12 years ago
Steven Hiscocks	bd175f0267	ENH: Improve cyrus-imap regex and add sample log file	12 years ago
Steven Hiscocks	83a80a29ea	ENH: Improve couriersmtp and add sample logs	12 years ago
Steven Hiscocks	eb2f0c9272	ENH: Improve postfix regex and add more samples	12 years ago
Daniel Black	5cfe108186	ENH: filter enhancements (with test cases) for apache-auth (httpd-2.4.4)	12 years ago
Daniel Black	6fdfd8d356	BF: fix port	12 years ago
Daniel Black	eea5b071e6	ENH: jail for perdition	12 years ago
Daniel Black	fcf79b475f	ENH: new filter perdition.conf	12 years ago
Daniel Black	03ec7c211b	ENH: could not find a way to trigger filter ^%(_apache_error_client)s authorization failure $no authenticated user$: \S\s$	12 years ago
Daniel Black	8ce9c78474	TST: apache-auth digest logs	12 years ago
Daniel Black	f8b5b3a1ef	ENH: apache-auth - quite a lot of authorization failure messages depending on module. Make a wildcard	12 years ago
Daniel Black	4eca2c0bd5	TST: apache-auth client denied by server configuration	12 years ago
Daniel Black	e0292913eb	ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner	12 years ago
Yaroslav Halchenko	f6a8a04cf3	ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback I also used non-greedy .? for the login portion since not sure if space could be there and trying to minimize possibility of reacting on injected "from <HOST>" somewhere within the trailing .	12 years ago
Yaroslav Halchenko	8add63c733	ENH: anchor roundcube-auth at the beginning as well	12 years ago
Steven Hiscocks	728399c39e	Merge pull request #281 from kwirk/dovecot-filter ENH: dovecot filter additions for session, time value and blank user	12 years ago
Daniel Black	ab10664b57	ENH: action.d/hostsdeny to take daemon_list arguement as suggested in README.Solaris	12 years ago
Steven Hiscocks	606e97683b	BF: jail.conf multiport actions previously using single port iptables	12 years ago
Daniel Black	975999591f	ENH/DOC: more realm mismatch errors. Documented filter design criteria	12 years ago
Daniel Black	10e3be857a	ENH: apache-auth filter added mod_auth_digest message	12 years ago
Daniel Black	384b72a535	ENH: apache-auth filter - client wrong auth	12 years ago
Daniel Black	fce431add8	ENH: add mod_authz_core failures to apache-auth	12 years ago
Daniel Black	6ce41a611d	BF: fix filter on apache-auth. Closes #286	12 years ago
Daniel Black	1d6d5a7aae	DOC: ChangeLog merge confict	12 years ago
Daniel Black	5412d7336f	DOC: ChangeLog confict	12 years ago
Daniel Black	619603fe05	BF: match asterisk InvalidPassword correctly	12 years ago
Steven Hiscocks	bfa2b9dec3	ENH: dovecot filter additions for session, time value and blank user	12 years ago
Yaroslav Halchenko	04b8069cee	ENH: adjust sendmail-whois 'active' example to have also sendername in it	12 years ago
Alexander Dietrich	2155f6bfa5	Update ChangeLog and jail.conf example	12 years ago
Daniel Black	d6dece4900	ENH: Split log and provide jail examples	12 years ago
Alexander Dietrich	da594075f3	Move sendmail settings to common file, make sender name configurable	12 years ago
Yaroslav Halchenko	e6ebcf6687	Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban * 'dovecot' of https://github.com/grooverdan/fail2ban: ENH: remove non-capturing groups for readibility BF: fix dovecot filter for when no TLS is enabled on pop/imap Conflicts: ChangeLog -- changelog entries. Also untabified few other spots	12 years ago
Yaroslav Halchenko	f0f237fa05	Merge pull request #269 from grooverdan/asterisk ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages	12 years ago
Daniel Black	e6823149a1	ENH: remove non-capturing groups for readibility	12 years ago
Daniel Black	aebd24ec54	BF: replace with ed so its cross platform, fixes permission problem gh-266, and Yaroslav doesn't revert to perl	12 years ago
Daniel Black	4777cfd4e7	ENH: split out exim-spam into speparate filter	12 years ago
Daniel Black	ca996ace5e	ENH: remove temporary failures from local_scan in line with comments in gh-258	12 years ago
Daniel Black	9757e1df2b	ENH: make groupings non-capturing	12 years ago
Daniel Black	72f9e6a51e	ENH/TST: more samples and rejection types for sender verify fail and rejected RCPT	12 years ago
Daniel Black	3b76fc79f9	BF: fix dovecot filter for when no TLS is enabled on pop/imap	12 years ago
Daniel Black	0086a7edab	ENH: missed a $	12 years ago
Yaroslav Halchenko	1b170b2aef	BF: support apache 2.4 more detailed error log format. Close #268	12 years ago
Yaroslav Halchenko	6d331bcbea	BF: make colon after [daemon] optional. Close #267	12 years ago
Daniel Black	fa7a105483	ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages	12 years ago
Daniel Black	25c3bbfc2f	DOC: credits/blame to me for changes to exim	12 years ago
Daniel Black	b8cfda68b8	ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries	12 years ago
Daniel Black	d441d61a1e	TST/ENH: Improve regex around exim rejected by local_scan now has test cases. Unrouteable address error messages now normalised after looking into exim code.	12 years ago
Yaroslav Halchenko	9d4b613ee4	Merge branch '3proxy' of https://github.com/grooverdan/fail2ban * '3proxy' of https://github.com/grooverdan/fail2ban: BF: fix to proxy port in 3proxy example ENH: sample log + more specific regex BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon BF: need to anchor the start to avoid another repeat of DoS injection like Apache ENH: stricter regex thanks to Steven Hiscocks (kwirk) DOC: credits Conflicts: ChangeLog	12 years ago
Yaroslav Halchenko	173fe48e77	Merge branch 'exim' of https://github.com/grooverdan/fail2ban * 'exim' of https://github.com/grooverdan/fail2ban: BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address ENH: readibility thanks to Yaroslav ENH/BF: exim improvements with sample Conflicts: ChangeLog	12 years ago
Yaroslav Halchenko	ec629ab4e8	Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban * 'proftpd' of https://github.com/grooverdan/fail2ban: ENH: proftpd chan accept usernames with spaces ENH: injection of fail data into USER field ENH: proftp regex hardening and log messages Conflicts: ChangeLog	12 years ago
Yaroslav Halchenko	ab2c738b43	Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban * 'dovecot' of https://github.com/grooverdan/fail2ban: TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15 ENH: dovecot regexs rewritten and extra failures Conflicts: ChangeLog -- merged entries	12 years ago
Daniel Black	8cc13b5b40	BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address	12 years ago
Daniel Black	a433a8ea5f	ENH: readibility thanks to Yaroslav	12 years ago
Yaroslav Halchenko	948be73115	Merge branch 'assp' of https://github.com/grooverdan/fail2ban * 'assp' of https://github.com/grooverdan/fail2ban: BF: missed a space BF: [SSL-out] is optional in assp ENH: regex hardening on assp Conflicts: ChangeLog -- merged the two entries into 1	12 years ago
Yaroslav Halchenko	09302c5c25	ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[ detected date portion is stripped from the string to be matched, so it is not only the right ] is left, but also the left one ;-)	12 years ago
Daniel Black	7018d81244	BF: missed a space	12 years ago
Daniel Black	a447aa615d	BF: [SSL-out] is optional in assp	12 years ago
Daniel Black	d4940563d3	ENH: regex hardening on assp	12 years ago
Daniel Black	6a09ecff5c	ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .	12 years ago
Daniel Black	9940cd1b6b	ENH: proftpd chan accept usernames with spaces	12 years ago
Daniel Black	dbe7ffe050	ENH: dovecot regexs rewritten and extra failures	12 years ago
Daniel Black	4c67a269bf	ENH: proftp regex hardening and log messages	12 years ago
Daniel Black	3e3802512a	ENH/BF: exim improvements with sample	12 years ago
Daniel Black	88b4598ed8	BF: fix to proxy port in 3proxy example	12 years ago
Daniel Black	9dbaec0894	ENH: sample log + more specific regex	12 years ago
Daniel Black	8faf84b7f7	BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon	12 years ago
Yaroslav Halchenko	6ccd57813c	BF: anchor apache- filters. Close #248 See https://vndh.net/note:fail2ban-089-denial-service for more information	12 years ago
Daniel Black	fd9f9f16e0	BF: need to anchor the start to avoid another repeat of DoS injection like Apache	12 years ago
Daniel Black	f2fa4d53a8	ENH: stricter regex thanks to Steven Hiscocks (kwirk)	12 years ago
Daniel Black	16d63434ef	DOC: credits	12 years ago
Carlos Alberto Lopez Perez	47b063b022	Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list * I have been seeing bruteforcing attempts where asterisk fails with AUTH_UNKNOWN_DOMAIN (Not a local domain)	12 years ago
Daniel Black	05c88bd85d	ENH: purge a few more .*	12 years ago
Daniel Black	4cf402d60e	ENH/BF: constrain regex. Fix ACL error regex	12 years ago
Daniel Black	0f7b609336	ENH: port optional	12 years ago
Daniel Black	278fd43429	Merge branch 'patch-1' of https://github.com/silviogarbes/fail2ban into asterisk-227	12 years ago
Terence Namusonge	244a96f9b3	fixed failregex line for roundcube 0.9+ # Only works only if log driver: is set to 'syslog'. this is becoz fail2ban fails to 'read' the line due to the brackets around the date timestamp on logline when log driver is set to file	12 years ago
Yaroslav Halchenko	d2b1c73b92	CFG: assure actions for all the jails	12 years ago
Yaroslav Halchenko	89e06bba15	BF: blocktype must be defined within [Init] -- adding [Init] section. Close #232	12 years ago
silviogarbes	5c8fb68a2c	Update asterisk.conf Para ficar compatível com asterisk 11	12 years ago
Yaroslav Halchenko	90b8433ac5	DOC: inline commends with ';' are in effect only if ';' follows as space	12 years ago
Yaroslav Halchenko	2b1e19933f	Merge branch 'master' of git://github.com/fail2ban/fail2ban * 'master' of git://github.com/fail2ban/fail2ban: BF: missed MANIFEST include DOC: credits for bsd-ipfw ENH: add ipfw rule for bsd using the tables.	12 years ago
Yaroslav Halchenko	976a65bb89	Merge branch 'bsd_logs' of https://github.com/grooverdan/fail2ban * 'bsd_logs' of https://github.com/grooverdan/fail2ban: ENH: separate out regex and escape a . BF: missed MANIFEST include DOC: credits for bsd log DOC: bsd syslog files thanks to Nick Hilliard BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD Conflicts: config/filter.d/common.conf	12 years ago
Yaroslav Halchenko	5accc10a47	Merge pull request #206 from grooverdan/bsd_ipfw NF: BSD ipfw	12 years ago
Yaroslav Halchenko	0ae49ab11e	Merge branch 'bsd_pf' of https://github.com/grooverdan/fail2ban * 'bsd_pf' of https://github.com/grooverdan/fail2ban: BF: missed MANIFEST include DOC: add jail.conf entry for pf DOC: credit for pf action. Origin: http://svnweb.freebsd.org/ports/head/security/py-fail2ban/files/patch-pf.conf?view=log ENH: pf action thanks to Nick Hilliard <nick@foobar.org>. Conflicts: ChangeLog	12 years ago
Yaroslav Halchenko	e85914cef8	Merge pull request #215 from grooverdan/reject_no_drop_by_default ENH: add blocktype to all relevant actions and change default action to reject	12 years ago
Daniel Black	9c03ee6d9e	ENH: consolidate where blocktype is defined for iptables rules	12 years ago
Daniel Black	c7fd777966	BF: default type to unreachable	12 years ago
Daniel Black	de56347619	ENH: separate out regex and escape a .	12 years ago
Yaroslav Halchenko	e7cb0f8b8c	ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs	12 years ago
Yaroslav Halchenko	2143cdff39	Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups Origin: from https://github.com/jamesstout/fail2ban * 'OpenSolaris' of https://github.com/jamesstout/fail2ban: ENH: Removed unused log line BF: fail2ban.local needs section headers ENH: Use .local config files for logtarget and jail ENH+TST: ssh failure messages for OpenSolaris and OS X ENH: fail message matching for OpenSolaris and OS X ENH: extra daemon info regex ENH: actionunban back to a sed command Readme for config on Solaris create socket/pid dir if needed Extra patterns for Solaris change sed to perl for Solaris Conflicts: config/filter.d/sshd.conf	12 years ago
Yaroslav Halchenko	822a01018f	Merge pull request #205 from grooverdan/bsd_ssh BSD ssh improvements (casing, msg)	12 years ago
Daniel Black	3b4a7b7926	ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop	12 years ago
Daniel Black	aa52743f52	DOC: add jail.conf entry for pf	12 years ago
Daniel Black	0c5a9c53e1	ENH: pf action thanks to Nick Hilliard <nick@foobar.org>.	12 years ago
Daniel Black	b6d0e8ad9c	ENH: add ipfw rule for bsd using the tables.	12 years ago
Daniel Black	40c56b10a0	EHN: enhance sshd filter for bsd.	12 years ago
Daniel Black	b3bd877d23	BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD	12 years ago
Daniel Black	495f2dd877	DOC: purge of svn tags	12 years ago
Yaroslav Halchenko	89adcd7ff7	Merge branch PR #193 ASSP SMTP Proxy support (with some manual squashing) Origin: https://github.com/lenrico/fail2ban Squashing was done via rebase -i `1524b076d6` to eliminate massive assp sample log file originally added fixed test date thx to steven tight control of the filter for ASSP as yaroslav wishes as daniel desires changed from DateASSPlike class to DateStrptime fixed little things added new date format support for ASSP SMTP Proxy	12 years ago
Enrico Labedzki	36b0d78ff8	tight control of the filter for ASSP	12 years ago
Enrico Labedzki	07aee8cd33	as daniel desires	12 years ago
Enrico Labedzki	24a8d07c20	added new date format support for ASSP SMTP Proxy	12 years ago
jamesstout	3367dbd987	ENH: fail message matching for OpenSolaris and OS X - OpenSolaris keyboard message matched by new regex 3 - Removed Bye Bye regex per https://github.com/fail2ban/fail2ban/issues/175#issuecomment-16538036 - PAM auth failure or error and first char case-insensitive, can also have chars after the hostname. e.g. Apr 29 16:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication error for james from 205.186.180.101 via 192.168.1.201	12 years ago
jamesstout	d2a9537568	ENH: extra daemon info regex for matching log lines like: Mar 29 05:20:09 dusky sshd[19558]: [ID 800047 auth.info] Failed keyboard-interactive for james from 205.186.180.30 port 54520 ssh2 this matches [ID 800047 auth.info]	12 years ago
jamesstout	b7795addd0	ENH: actionunban back to a sed command per https://github.com/fail2ban/fail2ban/pull/182#discussion_r3999128	12 years ago
Daniel Black	945ad3d9e6	BF: ensure dates in email are in the C locale. Thanks iGeorgeX	12 years ago
Daniel Black	0ac8746d05	ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458	12 years ago
Yaroslav Halchenko	22f04677b6	BF: usedns deals with forward (not reverse) DNS lookups (thanks Steven Hiscocks)	12 years ago
jamesstout	10fcfb925d	Extra patterns for Solaris	12 years ago
jamesstout	de98e3dabd	change sed to perl for Solaris	12 years ago
Daniel Black	41b9f7b6ac	BF: filter.d/sshd "Did not receive identification string" relates to an exploit so document this in sshd-ddos.conf but leave it out of authentication based blocks in sshd.conf	12 years ago
Daniel Black	32d10e904a	ENH: more openssh fail messages from openssh source code (CVS 20121205)	12 years ago
Yaroslav Halchenko	59192a5585	Merge remote-tracking branch 'github_kwirk_fail2ban/pidfile' * github_kwirk_fail2ban/pidfile: Typo in default pidfile in fail2ban.conf	12 years ago
Yaroslav Halchenko	99a5d78e37	ENH: for consistency (and future expansion ;)) -- rename to mysqld-auth	12 years ago
Yaroslav Halchenko	ffaa9697ee	Adjusting previous PR (MySQL logs) according to my comments	12 years ago
Yaroslav Halchenko	3e6be243bf	Merge branch 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban * 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban: Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file. Added support for MySQL logfiles Conflicts: testcases/datedetectortestcase.py -- conflictde with other added test cases	12 years ago
Yaroslav Halchenko	72b06479a5	ENH: Slight tune ups for fresh SOGo filter + comment into the sample log file	12 years ago
Yaroslav Halchenko	105306e1a8	Merge remote-tracking branch 'pr/117/head' -- SOGo filters * pr/117/head: An example of failed logins against sogo Update sogo-auth.conf Update config/filter.d/sogo-auth.conf Create sogo-auth.conf Update config/jail.conf	12 years ago
Yaroslav Halchenko	91d5736c12	ENH: postfix filter -- react also on (450 4.7.1) with empty from/to. fixes #126	12 years ago
ArndRa	bba3fd8568	Update sogo-auth.conf included hint by user yarikoptic	12 years ago
Artur Penttinen	29d0df58be	Added support for MySQL logfiles	12 years ago
Daniel Black	67544d1dd6	DOC: tags are documented in the jail.conf(5) man page	12 years ago
Yaroslav Halchenko	5e5eaaf838	Merge pull request #134 from grooverdan/misc-fixes BF: fail2ban client can't handle multi word setcinfo or action[*] values	12 years ago
Pascal Borreli	a2b29b4875	Fixed typos	12 years ago
Daniel Black	a0f088be25	ENH: typo + head -1 has been deprecated for 10+ years.	12 years ago
Yaroslav Halchenko	a8bd9c20a0	Merge branch 'master' of git://github.com/fail2ban/fail2ban * 'master' of git://github.com/fail2ban/fail2ban: add blocking type add example jail.conf for blocking through blackhole routes for ssh add support for blocking through blackhole routes	12 years ago
Yaroslav Halchenko	d5ae28facf	Merge pull request #104 from gebi/t/route add support for blocking through blackhole routes	12 years ago
Steven Hiscocks	294f073741	Typo in default pidfile in fail2ban.conf	12 years ago
Steven Hiscocks	ce3ab34dd8	Added ability to specify PID file	12 years ago
Daniel Black	47b1ee39d8	add blocking type	12 years ago
Yaroslav Halchenko	8cf006827e	BF: remove path from grep call in sendmail-whois-lines.conf Closes: gh-118	12 years ago
ArndRa	6cd358ee95	Update config/filter.d/sogo-auth.conf Comment line in the top altered to fit file name. My local file was named differently...	12 years ago
ArndRa	35bf84abad	Create sogo-auth.conf Regexp works with SOGo 2.0.5 or newer, following new feature implemented here: http://www.sogo.nu/bugs/view.php?id=2229	12 years ago
ArndRa	52f952e645	Update config/jail.conf Update to use the new sogo-auth filter	12 years ago
Yaroslav Halchenko	5f2d3832f7	NF: roundcube-auth filter (to close Debian #699442 , needing debian/jail.conf section)	12 years ago
Orion Poplawski	bb7628591c	Update config/filter.d/sshd.conf Do not trigger sshd bans on pam_unix authentication failures, this will trigger on successful logins on systems that use non-pam_unix authentication (sssd, ldap, etc.).	12 years ago
Yaroslav Halchenko	9a39292813	ENH: Added login authenticator failed regexp for exim filter	12 years ago
Yaroslav Halchenko	b3d8ba146b	DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333 )	12 years ago
Michael Gebetsroither	03433f79cd	add example jail.conf for blocking through blackhole routes for ssh	12 years ago
Michael Gebetsroither	f9b78ba927	add support for blocking through blackhole routes	12 years ago
Daniel Black	da0ba8ab4c	ENH: add example jail for ipset	12 years ago
Daniel Black	9221886df6	more documentation and optimisations/fixes based on testing	12 years ago
Daniel Black	abd5984234	base ipset support	12 years ago
pigsyn	f336d9f876	Update config/filter.d/webmin-auth.conf Added '\s*$' to the regular expression to match the space written by webmin logs at line-endings	12 years ago
pigsyn	dc67b24270	Update config/filter.d/webmin-auth.conf Added a trailing '.*$' to each regex so they can find expressions in targeted log files.	12 years ago
Yaroslav Halchenko	3969e3f77b	ENH: dovecot.conf - require space(s) before rip/rhost log entry	12 years ago
hamilton5	266cdc29a6	Update config/filter.d/dovecot.conf even tho not on the fail2ban site.. suggested to not be greedy by yarikoptic	12 years ago
hamilton5	e040c6d8a3	Update config/filter.d/dovecot.conf site actually needs updated because of <HOST> alias per Notes above.	12 years ago
hamilton5	7ede1e8518	Update config/filter.d/dovecot.conf added failregex line for debian and centos per http://www.fail2ban.org/wiki/index.php/Talk:Dovecot	12 years ago
Yaroslav Halchenko	fc27e00290	ENH: tune up sshd-ddos to use common.conf and allow training spaces	12 years ago
Yaroslav Halchenko	6ecf4fd80a	Merge pull request #64 from sourcejedi/remove_sshd_rdns Misconfigured DNS should not ban successful ssh logins Per our discussion indeed better (and still as "safe") to not punish users behind bad DNS	12 years ago
Mark McKinstry	95de9c1a97	add support for the APF firewall	12 years ago
Yaroslav Halchenko	282724a7f9	ENH: join both failregex for lighttpd-auth into a single one they are close in meaning should provide a slight run-time performance benefit	12 years ago
François Boulogne	958a1b0a40	Lighttpd: support auth.backend = "htdigest"	12 years ago
Yaroslav Halchenko	2a225aa6ee	Added a warning within "complaint.conf" action about care with enabling it	12 years ago
Yaroslav Halchenko	2082fee7b1	ENH: match possibly present "pam_unix(sshd:auth):" portion for sshd (Closes: #648020 )	13 years ago
Yaroslav Halchenko	6ad55f64b3	ENH: add wu-ftpd failregex for use against syslog (Closes: #514239 )	13 years ago
Yaroslav Halchenko	80b191c7fd	BF: anchor chain name in actioncheck's for iptables actions (Closes: #672228 )	13 years ago
Yaroslav Halchenko	a3b242d6dd	BF: inline comments must use ; not # -- recidive jail	13 years ago
Alan Jenkins	8c38907016	Misconfigured DNS should not ban successful ssh logins Noticed while looking at the source (to see the point of ssh-ddos). POSSIBLE BREAK-IN ATTEMPT - sounds scary? But keep reading the message. It's not a login failure. It's a warning about reverse-DNS. The login can still succeed, and if it _does_ fail, that will be logged as normal. <exhibit n="1"> Jul 9 05:43:00 brick sshd[18971]: Address 200.41.233.234 maps to host234.advance.com. ar, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Jul 9 05:43:00 brick sshd[18971]: Invalid user html from 200.41.233.234 </exhibit> The problem (in my mind) is that some users are stuck with bad dns. The warning won't stop them from logging in. I'm pretty sure they can't even see it. But when they exceed a threshold number of logins - which could be all successful logins - fail2ban will trigger. fail2ban shouldn't adding additional checks to successful logins - it goes against the name fail2ban :) - the first X "POSSIBLE BREAK-IN ATTEMPT"s would be permitted anyway - if you want to ban bad DNS, the right way is PARANOID in /etc/hosts.deny I've checked the source of OpenSSH, and this will only affect the reverse-DNS error. (I won't be offended if you want to check for yourself though ;) <exhibit n="2"> $ grep -r -h -C1 'ATTEMPT' openssh-5.5p1/ logit("reverse mapping checking getaddrinfo for %.700s " "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop); return xstrdup(ntop); -- logit("Address %.100s maps to %.600s, but this does not " "map back to the address - POSSIBLE BREAK-IN ATTEMPT!", ntop, name); $ </exhibit>	13 years ago
Yaroslav Halchenko	b4099dae57	DOC: Adjusted header for config/*.conf to mention .local and way to comment thanks to Stefano Forli for reminding about comments see Debian Bug#676146	13 years ago
Petr Voralek	4007751191	ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 (Closes: #669063 )	13 years ago
Yaroslav Halchenko	7b77beee0e	DOC: comment in jail.conf for the need of multiple jails for asterisk	13 years ago
Yaroslav Halchenko	71a3fb17e2	Merge remote-tracking branch 'gh-magicrhesus/master' * gh-magicrhesus/master: Add the INCLUDE section to use __pid_re feature Disable asterisk jail by default Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports Change NOTICE by NOTICE%(__pid_re)s Remove custom bantime Add sample log file for asterisk Add $ at the end of the failregex Add asterisk support Conflicts: config/jail.conf -- placed asterisk jails before recidive and added blank lines after the jail headers	13 years ago
Xavier Devlamynck	8c00ce0a65	Add the INCLUDE section to use __pid_re feature	13 years ago
Xavier Devlamynck	180c17bede	Disable asterisk jail by default	13 years ago
Xavier Devlamynck	df0e0fdc07	Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports	13 years ago
Xavier Devlamynck	c679a1a588	Change NOTICE by NOTICE%(__pid_re)s	13 years ago
Yaroslav Halchenko	42dd05210a	Added a warning for the recidive jail	13 years ago
Xavier Devlamynck	d7ca754980	Merge branch 'master' of github.com:magicrhesus/fail2ban	13 years ago
Xavier Devlamynck	c7613ce311	Remove custom bantime	13 years ago
Xavier D	d98cdb25d6	Add $ at the end of the failregex	13 years ago
Yaroslav Halchenko	25f1e8d98c	BF: allow trailing whitespace in few missing it regexes for sshd.conf	13 years ago
Yaroslav Halchenko	1807be5a8c	ENH: moved jail definition for recidive into jail.conf + swapped/commented durations + non-groupping ?: thanks @cepheid666 for the useful comments	13 years ago
Tom Hendrikx	f94a121663	Fix for https://github.com/fail2ban/fail2ban/issues/19 Based on previous work as documented in the bug by Amir and myself, plus some enhancements and documentation added to the file itself rather than a URL (they rot).	13 years ago
Lee Clemens	d73a71f5cf	ENH: Add usedns parameter for the jails following commits were squashed from feature branch use_dns commit `068c105eb5` Author: Lee Clemens <java@leeclemens.net> Date: Tue Jan 10 22:19:04 2012 -0500 Prevent warning when IP is read from log commit `635ed36a8c` Author: Lee Clemens <java@leeclemens.net> Date: Tue Jan 10 22:17:08 2012 -0500 Removed logDebug commit `24656d2812` Merge: `7957fbe` `c429f5c` Author: Lee Clemens <java@leeclemens.net> Date: Tue Jan 10 21:13:11 2012 -0500 Merge branch 'enh/use_dns' of github:leeclemens/fail2ban into enh/use_dns Conflicts: testcases/filtertestcase.py commit `7957fbe821` Author: Lee Clemens <java@leeclemens.net> Date: Tue Jan 10 21:09:58 2012 -0500 filtertestcase fixes from yarikoptic commit `6ce9d04640` Author: Yaroslav Halchenko <debian@onerussian.com> Date: Tue Jan 10 19:26:05 2012 -0500 RF: for consistency use_dns -> usedns I guess it was might fault of inconsistency suggesting that name. Other options/commands do not have _ in the names, so let it be consistent with the rest for now commit `cfb2c75b49` Author: Lee Clemens <java@leeclemens.net> Date: Tue Jan 10 19:18:41 2012 -0500 Updated DNSUtilsTests to test use_dns and added positive test to testTextToIp commit `f6186eff14` Author: Lee Clemens <java@leeclemens.net> Date: Tue Jan 10 19:02:04 2012 -0500 Changed wording of 'DNS Reverse lookup used' message commit `82c62d29dc` Author: Lee Clemens <java@leeclemens.net> Date: Tue Jan 10 18:53:17 2012 -0500 Removed extraneous "n" commit `dc0ae21932` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 23:07:59 2012 -0500 ENH: use_dns - removed debugging statements commit `594e25818c` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 22:53:39 2012 -0500 Added use_dns protocol to set and get per jail during runtime commit `48ff80ffac` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 22:41:18 2012 -0500 Completed use_dns for initial startup - with debugging statements commit `0bdab4c2d7` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 20:05:35 2012 -0500 ENH: Added use_dns option commit `6d6b734ea5` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 20:01:34 2012 -0500 ENH: Added use_dns option commit `11ad2b6125` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 19:17:30 2012 -0500 Added useDns flag to testcase commit `b48fa9b6af` Author: Lee Clemens <java@leeclemens.net> Date: Sun Jan 8 15:13:27 2012 -0500 Added use_dns option in jail.conf commit `c429f5c91a` Merge: `4b18afb` `0021906` Author: leeclemens <java@leeclemens.net> Date: Tue Jan 10 16:32:22 2012 -0800 Merge pull request #3 from yarikoptic/enh/use_dns let's be consistent ;-) commit `0021906358` Author: Yaroslav Halchenko <debian@onerussian.com> Date: Tue Jan 10 19:26:05 2012 -0500 RF: for consistency use_dns -> usedns I guess it was might fault of inconsistency suggesting that name. Other options/commands do not have _ in the names, so let it be consistent with the rest for now commit `4b18afb28a` Author: Lee Clemens <java@leeclemens.net> Date: Tue Jan 10 19:18:41 2012 -0500 Updated DNSUtilsTests to test use_dns and added positive test to testTextToIp commit `4fae37e46f` Author: Lee Clemens <java@leeclemens.net> Date: Tue Jan 10 19:02:04 2012 -0500 Changed wording of 'DNS Reverse lookup used' message commit `e94806ce48` Author: Lee Clemens <java@leeclemens.net> Date: Tue Jan 10 18:53:17 2012 -0500 Removed extraneous "n" commit `4d30c52907` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 23:07:59 2012 -0500 ENH: use_dns - removed debugging statements commit `76696d452a` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 22:53:39 2012 -0500 Added use_dns protocol to set and get per jail during runtime commit `0631618087` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 22:41:18 2012 -0500 Completed use_dns for initial startup - with debugging statements commit `d23d495547` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 20:05:35 2012 -0500 ENH: Added use_dns option commit `9538553bc5` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 20:01:34 2012 -0500 ENH: Added use_dns option commit `ae1e857e53` Author: Lee Clemens <java@leeclemens.net> Date: Mon Jan 9 19:17:30 2012 -0500 Added useDns flag to testcase commit `ace43eb941` Author: Lee Clemens <java@leeclemens.net> Date: Sun Jan 8 15:13:27 2012 -0500 Added use_dns option in jail.conf	13 years ago
Xavier Devlamynck	7d465f98c1	Add asterisk support	13 years ago
Yaroslav Halchenko	9559fcd3a0	Merge pull request #25 from leeclemens/enh/pyinotify ENH: pyinotify	13 years ago
Yaroslav Halchenko	35201f6690	Merge remote-tracking branch 'gh-keszybz/master' * gh-keszybz/master: NF: xt_recent-echo action	13 years ago
Zbigniew Jędrzejewski-Szmek	321670487e	NF: xt_recent-echo action The default configuration can only be run by root. To actually support running as a different user, the setup action must be disabled.	13 years ago
Lee Clemens	8a2e26403a	Merge remote-tracking branch 'upstream/master'	13 years ago
Leonardo Chiquitto	4502adfe69	Fix comments to reflect code Commit `638bb6652` changed some defaults but the comments still point to the previous values.	13 years ago
Lee Clemens	e442503133	Added pyinotify backend	13 years ago
Yaroslav Halchenko	4c76fb3b54	ENH: allow trailing white-spaces in lighttpd-auth.conf now catches the one in testcases/files/logs/lighttpd	13 years ago
François Boulogne	683d4f269d	modifications suggested by a referee (log ex+regexp)	13 years ago
François Boulogne	a7cb20edac	add lighttpd-auth jail	13 years ago
François Boulogne	b6d9f795dc	add filter for lighttpd mod_auth failure	13 years ago
Tom Hendrikx	9fa54cf233	Add Date: header for sendmail*.conf actions According to rfc2822, Date: headers are not optional. Added these to all sendmail action templates, format specification should conform to rfc and be portable across multiple platforms.	13 years ago
Yaroslav Halchenko	a9be451079	ENH: removed expansion for few Date and Revision SVN keywords For consistency of appearance... eventually we might just remove them altogether	13 years ago
Yaroslav Halchenko	dad91f7969	ENH: sshd.conf -- allow user names to have spaces and trailing spaces in the line absorbed from patches carried by Debian distribution of f2b	13 years ago
Yaroslav Halchenko	ed0bf3ad96	Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557 )	13 years ago
Adam Spiers	3152afbdc2	Recognise time-stamped kernel messages e.g. Sep 25 12:51:04 myhost kernel: [773580.832329] sshd[25557]: Invalid user pgsql from 91.203.223.206 This fixes the sshd filter on Fedora 15, and probably other filters on other newish distros too.	13 years ago
Yaroslav Halchenko	3eb5e3b876	BF: Allow for trailing spaces in sasl logs git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@783 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	02be7d03b2	BF: use standard/reserved example.com instead of mail.com Adapted from fail2ban-0.8.4-examplemail.patch in Fedora: http://sophie.zarb.org/sources/fail2ban/fail2ban-0.8.4-examplemail.patch git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@777 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	6d25310e28	ENH: Adding author for dovecot filter and prunning unneeded space in the regexp git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@776 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	eab9af9caa	BF: proftpd filter -- if login failed -- count regardless of the reason for failure git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@775 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	d4b89d8404	BF: Allow for trailing spaces in proftpd logs See http://bugs.debian.org/507986 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@774 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	1cb48bbc96	BF: escaping () in pure-ftpd filter. Thanks Teodor See http://bugs.debian.org/544744 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@773 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	02e7dfb099	BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@772 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	3831fbf98b	ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@771 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	6558c03f8e	NF: Adding found on a drive filter.d/dovecot.conf git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@770 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	10faba5163	ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@769 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	0073ba3838	ENH: dropbear filter: see http://bugs.debian.org/546913 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@768 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	638bb66523	BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232 It should be robust since /var/run/fail2ban is guaranteed to exist to carry the socket file, and it will be owned by root (or some other dedicated fail2ban user) thus avoiding possibility for the exploit git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	7b54c7b33b	spellcheck jail.conf. Thanks Christoph Anton Mitterer git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@766 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago
Yaroslav Halchenko	521631cfcc	default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@765 a942ae1a-1317-0410-a47c-b1dcaea8d605	14 years ago

... 3 4 5 6 7 ...

574 Commits (a0c2de3e4db65f429382e8ccaed66cb0f0ca88e6)