github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,833 Commits
33 Branches
229 Tags
19 MiB
Commit Graph

1534 Commits (a462966cf6fe8a55f8af4c4250a939d635f41011)

Author SHA1 Message Date
sebres 6b52f90ad6 Merge branch '0.10' into 0.11 2018-09-21 15:54:16 +02:00
sebres 58b510a5be filter.d/domino-smtp.conf: 
- recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
  - failregex extended to catch connections rejected for policy reasons (gh-2228);
 2018-09-21 14:14:00 +02:00
sebres 8a0c06ba9e Merge branch '0.10' into 0.11 2018-09-14 11:01:40 +02:00
sebres d01fe9d22a action.d/*.conf: correct comments for actionstart/actionstop 2018-09-12 16:01:57 +02:00
sebres 714fd8c915 Merge branch '0.10' into 0.11 2018-08-14 16:01:00 +02:00
Sergey G. Brester ee207d8c31
Merge pull request #2151 from benrubson/merge 
Apache SNI error / misredirect attempts rules are combined in one regex
 2018-08-14 14:56:49 +02:00
Ben RUBSON 77b35b8db7
Improvement 2018-08-14 14:07:32 +02:00
sebres addd26ae55 Merge branch '0.10' into 0.11 2018-08-14 11:13:15 +02:00
sebres e2a255d104 fixed typo in comments by "ignoreself" parameter 2018-08-14 11:11:19 +02:00
sebres 606761b3c7 Merge branch '0.10' into 0.11 2018-08-03 12:06:13 +02:00
sebres e995d5a0b6 filter.d/freeswitch.conf: provide mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)` (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter how to set it to mode `normal`. 2018-08-03 11:42:15 +02:00
sebres bc2dbacc9a filter.d/freeswitch.conf: provide compatibility for log-format from gh-2193: 
- extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover
    `YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional);
  - more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);
 2018-08-03 11:22:30 +02:00
sebres eb1156b099 Merge branch '0.10' into 0.11 2018-07-18 15:57:39 +02:00
sebres 22d37cdce2 sshd: fixed failregex for ddos (resp. aggressive) mode, to cover "authenticating user" case in log-message: 
Connection closed by authenticating user root 192.0.2.10 ... [preauth]
tests extended (also with few injection tries).
closes gh-2185.
 2018-07-18 15:31:04 +02:00
sebres 6a81cc9d8c Merge branch '0.10' into 0.11 2018-07-17 15:18:44 +02:00
sebres 8fe07e29ad filter.d/dovecot.conf: failregex enhancement to catch disconnected with "proxy dest auth failed"; 
closes gh-2184
 2018-07-17 15:06:42 +02:00
sebres 57f2d9e31c Merge branch '0.10' into 0.11 2018-07-06 18:06:54 +02:00
Sergey G. Brester 75330568d9
Merge pull request #2168 from dpavlin/dovecot-add-F-USER 
dovecot: collect F-USER and variants
 2018-07-06 17:16:43 +02:00
sebres 9de1657aab Merge branch '0.10' into 0.11 2018-07-06 11:43:56 +02:00
sebres 6ce67a6d21 coverage 2018-07-05 16:27:36 +02:00
Dobrica Pavlinusic 6f1e789f31 dovecot: collect F-USER and variants 
We are prefering ruser= if availble because this are credentials
presented to dovecot from remote client.
 2018-06-30 16:16:03 +02:00
sebres 0eaa0ecd86 Merge branch '0.10' into 0.11 2018-06-14 12:36:22 +02:00
sebres 8cbe1e6b13 Merge pull request #2155 2018-06-14 12:35:57 +02:00
cheese1 43db4411de small typo 2018-06-14 12:35:04 +02:00
sebres 9fdc6e0e82 Merge branch '0.10' into 0.11 2018-06-11 14:36:35 +02:00
Boris Gulay a923cd209b `filter.d/dovecot.conf`: failregex enhancement to catch sql password mismatch errors; 2018-06-11 14:30:10 +02:00
benrubson f54f6caece Merge Apache SNI error / misredirect attempts rules 2018-06-09 10:19:27 +02:00
sebres 0d40dd42b1 Merge branch '0.10' into 0.11 2018-04-26 13:43:15 +02:00
sebres bba7a6c5cf amend to (gh-2067) / b34ae5999e0d8ee1af8939527305c13152844b3d: fix parameter in config (dynamic parameters stating with '_' are protected and don't allowed in command-actions); 
the interpolation of hostsdeny is test-covered now;
closes gh-2114.
 2018-04-17 18:59:24 +02:00
sebres 0707695146 Merge branch '0.10' into 0.11, version bump 
# Conflicts resolved:
#	fail2ban/server/database.py
 2018-04-05 12:58:11 +02:00
sebres 8069eef50c badips: try to fix sporadic test errors if badips-server timed out resp. not available (502 bad gateway or similar). 2018-04-05 12:31:29 +02:00
sebres 70d099bbd6 Merge branch '0.10' into 0.11 2018-04-04 18:59:44 +02:00
Michael Grant 57bc502d5c Update sendmail-reject.conf 2018-04-04 18:52:36 +02:00
Michael Grant 2ab6a5ae62 Update sendmail-auth.conf 2018-04-04 18:52:35 +02:00
Michael Grant 87520e8008 Sendmail logs IPv6 addresses with the prefix 'IPv6:'. Added (IPv6:)? before all <HOST> regexes to match the IPv6 address (but not the prefix). 2018-04-04 18:52:33 +02:00
sebres 1fdad90b4d Merge branch '0.10' into 0.11 2018-04-04 16:49:57 +02:00
Luis Aranguren fc76ccf192 Fixes abuseipdb curl cypher error and comment $f2bV_matches 
Fixed https://github.com/fail2ban/fail2ban/issues/2044 #2044
and used https://github.com/fail2ban/fail2ban/issues/2039 to fix comment in abuseipdb.com only showing $f2bV_matches
 2018-04-04 16:39:16 +02:00
Sergey G. Brester 7bbc26d67e
Merge pull request #2097 from benrubson/sni 
Detect Apache SNI error / misredirect attempts
 2018-04-04 16:31:38 +02:00
benrubson bd74f7ba8b Detect Apache SNI error / misredirect attempts, typos 2018-04-04 00:20:58 +02:00
sebres 7dfd61f462 Merge branch '0.10' into 0.11-2 2018-04-03 14:14:44 +02:00
sebres 8423f017e7 Merge branch 'sshd-ddos-mode-closed-preauth' into 0.10 2018-04-03 14:12:35 +02:00
sebres 4ee07adde6 Merge branch '0.10' into fix-sshd-filter-suff 
# Conflicts resolved:
#	fail2ban/server/filter.py
 2018-04-03 13:30:57 +02:00
benrubson 30dc22fb2e Detect Apache SNI error / misredirect attempts 2018-03-29 11:36:49 +02:00
sebres 4f6532f810 filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode it causes failure now on closed within preauth stage; 
at least using both modes can ban port-scanners and prevent for other annoying "intruders", closing connection within preauth-stage (see gh-2085 for example).
 2018-03-20 18:54:22 +01:00
sebres cd7f1354c6 remove end-anchors for expressions that are precise enough (with clear flow, simple branches, without catch-all's, etc.) 2018-03-20 18:47:42 +01:00
sebres c31eb1c562 quick optimization: normalizes pam-generic prefregex (more similar to the same regex within sshd-filter) + datepattern anchored now; 2018-03-20 16:00:21 +01:00
sebres 25cc42129a hold all user names affected by interim attempts in order to avoid forget a failures after success login: 
intruder (as legitimate user) firstly tries to login with another user-name (brute-force), so hopes to reset failure counter by succeeded login;
this is fixed and covered in tests now;
sshd-filter extended to cover multiple-login attempts (also fully implements gh-2070);
 2018-03-20 13:09:05 +01:00
sebres a9c94686b6 fixed multiple regexs matched 2018-03-20 09:09:42 +01:00
sebres 8028d3940d amend with better match of optional suffix-groups; 
remove end-anchors for expressions are precise enough (with clear flow, simple branches, without catch-all's, etc.);
 2018-03-19 17:29:26 +01:00
sebres 66d2436f21 filter.d/sshd.conf: extend suffix with optional port, move it to `prefregex` at end outside of the content 2018-03-19 16:50:49 +01:00