Yaroslav Halchenko
a6f085786c
ENH: reintroducing levelnameinto syslog msgs, time stamp and indentation in non-syslog msgs
...
any indentation from syslog msgs wsa removed -- no need
11 years ago
Yaroslav Halchenko
d34d8db3d2
BF/ENH: include [PID] into logging msgs, remove indentation from syslog messages
...
Otherwise leads to incorrect parsing of the log messages by syslog(-ng). See
http://bugs.debian.org/730202
I also removed %(levelname)-6s from syslog messages completely since they are
passed to the syslog and it is up to the configuration/admin to decide include
levels into the messages or not (I have checked that at least debug level indeed
goes to /var/log/debug)
11 years ago
Daniel Black
28d8aec511
DOC: Arch Linux link
11 years ago
Daniel Black
24c143b411
Merge pull request #445 from grooverdan/suhosin
...
TST: more test cases for suhosin
11 years ago
Daniel Black
015b403df0
TST: more test cases for suhosin
11 years ago
Yaroslav Halchenko
629e9ae445
Merge pull request #443 from grooverdan/apache-authfix
...
BF: apache filters using error log weren't matched when referer existed ...
11 years ago
Daniel Black
284f811c91
BF: apache filters using error log weren't matched when referer existed in HTTP header
11 years ago
Yaroslav Halchenko
491165c929
Merge pull request #438 from grooverdan/solid-pop3d
...
ENH: filter for Solid-pop3d
11 years ago
Daniel Black
1ea68b2d0c
DOC: filter.d/solid-pop3d - document lack of PAM support. Thanks to Jacques for the log messages
11 years ago
Daniel Black
0eea0a35db
ENH: filter.d/solid-pop3d - added log messages and regexes
11 years ago
Daniel Black
2c63b1fe93
Merge pull request #439 from yarikoptic/bf/proftpd-millisec
...
ENH: proftpd in Debian (now or forever) has ",milliseconds" in its date format
11 years ago
Daniel Black
b3b9ea4559
ENH: jail for solid-pop3d
11 years ago
Yaroslav Halchenko
82174ea4c4
Changelog for preceding proftpd date format change
11 years ago
Yaroslav Halchenko
d4f6ca4f85
ENH: adding custom date format for proftpd when logging in its own log file (default on Debian) -- includes milliseconds
...
Should resolve Debian #648276
11 years ago
Daniel Black
88eff70774
ENH: filter.d/solid-pop3d added
11 years ago
Daniel Black
ed212fcdcc
DOC: new ChangeLog header
11 years ago
Daniel Black
a7604c899f
DOC: list Wiki pages to update after a release
11 years ago
Daniel Black
752ea054db
DOC: post release version change
11 years ago
Daniel Black
fc213a103e
Merge pull request #437 from grooverdan/0.8.11_release
...
DOC: finalise 0.8.11 release
11 years ago
Daniel Black
d0498bec69
DOC: finalise 0.8.11 release
11 years ago
Daniel Black
286d78e13c
Merge pull request #430 from grooverdan/apache-overflows
...
ENH: Apache overflows - httpd-2.4 message IDs + samples
11 years ago
Daniel Black
50ca16e50e
Merge pull request #431 from grooverdan/apache-noscript
...
ENH: apache-2.4 message IDs for filter apache-noscript
11 years ago
Daniel Black
947c6ff9cc
Merge pull request #433 from grooverdan/asterisk
...
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from " regex thanks to Jonathan Lanning
11 years ago
Daniel Black
38503a5848
Merge pull request #434 from grooverdan/dos-resistant-dropbear
...
ENH: DoS resistant dropbear filter
11 years ago
Daniel Black
62b1f98dff
Merge pull request #435 from grooverdan/dos-resistant-exim
...
BF: exim filter to be DoS resistant
11 years ago
Daniel Black
0d47ea3348
Merge pull request #436 from grooverdan/dos-resistant-roundcube-auth
...
BF/ENH: DoS resistant roundcube-auth with test cases and more variation from IMAP responses
11 years ago
Daniel Black
be60518218
BF/ENH: DoS resistant roundcube-auth with test cases and more variation in IMAP error given
11 years ago
Daniel Black
52972164a2
BF: exim filter to be DoS resistant
11 years ago
Daniel Black
c272573fe3
ENH: DoS resistant dropbear filter
11 years ago
Daniel Black
eb9663eb4f
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning
11 years ago
Daniel Black
648d48c355
ENH: apache-2.4 message IDs for filter apache-noscript
11 years ago
Daniel Black
c81ed53805
TST: change source URL
11 years ago
Daniel Black
a4718eb644
ENH: apache-overflow filter to have HTTP-2.4 message IDs and test samples
11 years ago
Daniel Black
87516eb92b
ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case
11 years ago
Daniel Black
e8aa676cf5
Merge pull request #429 from grooverdan/filter-develop-doco
...
DOC: Filter development doco
11 years ago
Daniel Black
191c4fda1b
Merge pull request #428 from grooverdan/ssh-dos
...
TST: test case that shows injection into username
11 years ago
Daniel Black
d90130234d
TST: end of json in sshd sample log
11 years ago
Daniel Black
061a26c408
TST: fix space in sshd sample log
11 years ago
Daniel Black
d955714d26
TST: test case that shows injection
11 years ago
Daniel Black
b8f40fef1b
DOC: more on filter regexes - DEVELOP
11 years ago
Daniel Black
c5021b55f6
Merge pull request #427 from yarikoptic/bf/nginx-regex-injection
...
BF: anchor introduced nginx-http-auth at the end
11 years ago
Daniel Black
724c6bfd92
DOC: filter regex debugging
11 years ago
Yaroslav Halchenko
ccd26578ec
Merge pull request #425 from grooverdan/asterisk-simplify
...
ENH: condense asterisk regexs for speed
11 years ago
Yaroslav Halchenko
ac061155f0
BF: anchor introduced nginx-http-auth at the end
...
needed since request probably could be not a correct HTTP statement but continue with
all those to match till the end and then injected ", client: VICTIM, server..." thus allowing
injection. We better anchor at the end then
11 years ago
Yaroslav Halchenko
49024fe6ea
DOC: minor typos in ChangeLog
11 years ago
Yaroslav Halchenko
ea8fce6308
Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection
...
openssh 6.3 regex injection vectors: inject into ruser and/or exploiting pre-specified limits set for user provided data
11 years ago
Yaroslav Halchenko
bf245f9640
DOC: adding DEV Notes for for non-greedy matchin within sshd.conf
11 years ago
Daniel Black
d6bbe03861
Merge pull request #424 from grooverdan/nginx-auth
...
ENH: add filter.d/nginx-http-auth. Partially forfils #405
11 years ago
Yaroslav Halchenko
a169badb95
Merge pull request #423 from yarikoptic/enh/gen_badbots
...
badbots filter: adding the script which was used + updated filter
11 years ago
Yaroslav Halchenko
750e0c1e3d
BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input
...
since daemon might eventually change reported length and we would need to adjust anyways. So limiting
in length does not provide additional security but allows for a possible injection vector
11 years ago