github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
2,486 Commits
33 Branches
229 Tags
18 MiB
Commit Graph

2486 Commits (a78a9d282c0e7603d2946bf1eabbc9d51d13281d)

Author SHA1 Message Date
Daniel Black cc1a9cc45d BF: match up fail2ban-regex for datedetector/datetemplate changes 2014-01-28 06:59:01 +11:00
Daniel Black a749a2780e Merge pull request #593 from grooverdan/tine 
ENH: Tine20 filter
 2014-01-26 18:50:42 -08:00
Daniel Black 7476ebabbd Merge pull request #596 from grooverdan/pureftpd 
BF: Pureftpd
 2014-01-26 16:52:53 -08:00
Daniel Black ae98a1f70c Merge pull request #598 from kwirk/date-detector-template-rf 
RF: Refactor date detector and date template elements
 2014-01-26 16:51:43 -08:00
Steven Hiscocks e7d4cf6296 TST: Fix dates in ISO8601 being converted back to local time. 2014-01-26 23:37:57 +00:00
Daniel Black 8b51d0c394 ENH: compress DateDetector templates more 2014-01-27 10:10:06 +11:00
Steven Hiscocks f2ddb3e3d0 RF: Refactor date detector and date template elements 
Changes include to use Python class properties, merge some date
patterns, and change ISO8601 date template to DatePatternRegex class.
 2014-01-26 22:03:55 +00:00
Daniel Black 1a1e3bec86 ENH: framework for distro paths 2014-01-25 23:25:54 +11:00
Daniel Black 3c48e3f035 DOC: changelog for pure-ftpd filter fixes 2014-01-25 12:22:27 +11:00
Daniel Black 256c732bcd BF/ENH: filter pure-ftpd - re-add _daemon. Add translations 
_daemon was accidently removed in
89fd792dfb

Added translations from source code
 2014-01-25 12:19:46 +11:00
Daniel Black 1e1261ccb4 MRG: from master 2014-01-23 2014-01-23 17:45:18 +11:00
Daniel Black ca57427080 BF: firewallcmd-ipset had non-working actioncheck 2014-01-23 17:41:13 +11:00
Daniel Black c8ae064b79 ENH: tighten regex and change failJSON to support timezone. Closes gh-583 2014-01-22 22:16:03 +11:00
Daniel Black 36d38043ba DOC: thanks Lars for the filter base and log samples 2014-01-22 18:12:48 +11:00
Daniel Black 2063d96e59 MRG: import Lars' PR for tine20 2014-01-22 18:12:19 +11:00
Daniel Black 499b33f8a6 DOC: post release versioning 2014-01-22 08:37:51 +11:00
Daniel Black 819df889d8 Merge pull request #592 from kwirk/python-action-tests 
TST+BF: Add tests for python actions, including test for smtp.py
 2014-01-20 15:48:08 -08:00
Steven Hiscocks 0fb7921fb1 BF: Tweak python action tests and fix Deprecation Warning 2014-01-20 23:10:43 +00:00
Steven Hiscocks 8221c7ca71 TST+BF: Add tests for python actions, including test for smtp.py 
Also fix bug when specifying multiple recipients for smtp.py action
 2014-01-20 23:10:43 +00:00
Steven Hiscocks a0f39255bc BF: Kerio log datepattern fix for recent datepattern full regex merge 2014-01-20 23:00:38 +00:00
Steven Hiscocks 4aa50684ab Merge pull request #581 from kwirk/datetemplate-regroupdict 
ENH: Full regex for datepattern, utilising modified Python `_strptime`
 2014-01-20 14:53:28 -08:00
Steven Hiscocks e614a2f4a4 BF: Resolve Deprecation Warnings for python3 
Mainly python imp -> importlib for python3.3+, and other minor tweaks
 2014-01-20 22:46:17 +00:00
Daniel Black 33dd1733fb DOC: version and release date to 0.8.12 on 2014-01-22 2014-01-19 16:25:23 +11:00
Daniel Black 79da66df5d Merge pull request #591 from grooverdan/master_to_0.9 
MRG: Master to 0.9 2014-01-19
 2014-01-18 20:12:11 -08:00
Daniel Black a650178bd1 MRG: merge from master 2014-01-19 2014-01-19 14:48:29 +11:00
Steven Hiscocks 77aab8d97a Merge pull request #590 from grooverdan/kerio 
Kerio filter for #120 also fix fail2ban-regex for datepattern
 2014-01-18 04:58:58 -08:00
Daniel Black 97c7d391a4 BF: remove duplicate implemenation of reading datepatterns in fail2ban-regex 2014-01-18 23:52:20 +11:00
Daniel Black 10edd994d1 DOC: ChangeLog for kerio filters 2014-01-18 23:21:44 +11:00
Daniel Black 263ac32730 ENH: test log samples for kerio thanks to 
Tony Lawrence
 2014-01-18 23:18:33 +11:00
Steven Hiscocks 0b4dd6272c Merge pull request #589 from grooverdan/one-bad-regex-gh-585 
fault tolerance when pushing multiple configurations
 2014-01-18 03:27:52 -08:00
Daniel Black 59b1e225e9 DOC/ENH: update man pages for release 2014-01-18 21:13:55 +11:00
Daniel Black 5ade6a13af DOC: ChangeLog dateing and normalisation 2014-01-18 21:00:24 +11:00
Daniel Black 058621f9bd ENH: continue with rest of fail2ban config even if errors. Closes gh-585 2014-01-18 20:16:38 +11:00
Daniel Black 2647461a3c DOC: ChangeLog. Note incompatible changes and group new filters and actions under New Features 2014-01-18 19:38:25 +11:00
Daniel Black c6c75dd19e BF: complete MANIFEST 2014-01-18 19:28:21 +11:00
Daniel Black 224e795f4c DOC: note in man page about "last message repeated" syslog compression. Closes Debian bug #620364 2014-01-18 19:12:33 +11:00
Daniel Black 1452be4a3a Merge pull request #588 from grooverdan/badips 
ENH: Badips action (reporting)
 2014-01-17 23:10:29 -08:00
Daniel Black f5d6f384f7 Merge pull request #587 from grooverdan/dovecot-586 
BF: Dovecot filter fix
 2014-01-17 23:10:06 -08:00
Daniel Black 93613e82f0 DOC: credits for action.d/badips 2014-01-15 09:40:18 +11:00
Daniel Black f566cab766 Merge branch 'master' into badips 2014-01-15 09:37:11 +11:00
Daniel Black 657da2041c BF: dovecot filters, session characters and order of session/tls in log messages 2014-01-15 08:02:47 +11:00
Ivo Truxa 4765bc757c BF Dovecot auth failures 
I am sorry, I installed the Win GIT, but still did not learn how to work with it, so am posting here again. This time, I'll avoid posting two pull requests, so please fix the dovecot.filter for me, if you don't mind.

This current filter does not match authentication errors in my Dovecot logs (two different lines attached). First of all the session string is at the end (after the optional TLS string), and not before it as it is now in the filter. I don't see it anywhere in the other logs here in the opposite order, hence I assume it is the rule for all installations. And then, the session ID can include also other characters than those matched by \w+ (i.e. the slash and the plus signs in my case), hence it needs to be \S+ instead. Personally, I'd do the regex much less restrictive than it is, but if I follow the current logics, the following form works:

<pre>^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((no auth attempts|auth failed, \d+ attempts)( in \d+ secs)?|tried to use disabled \S+ auth)\):( user=&lt;\S*&gt;,)?( method=\S+,)? rip=&lt;HO
ST&gt;, lip=(\d{1,3}\.){3}\d{1,3}(, TLS( handshaking)?(: Disconnected)?)?(, session=&lt;\S+&gt;)?\s*$</pre>
 2014-01-14 17:59:40 +01:00
Daniel Black 2333b2d5d9 MRG: from 0.9 2014-01-13 22:17:14 +11:00
Daniel Black 703d337a39 Merge pull request #580 from grooverdan/master_to_0.9 
MRG: Master to 0.9
 2014-01-13 02:37:07 -08:00
Daniel Black c7f887642d Merge branch '0.9' into master_to_0.9 2014-01-13 21:23:42 +11:00
Daniel Black 3de80545e0 MRG: from master 2014/01/13 2014-01-13 21:23:39 +11:00
Daniel Black 01e5ae1234 Merge pull request #584 from grooverdan/exim-auth 
ENH: Exim auth
 2014-01-13 02:20:47 -08:00
Daniel Black b60449e5c7 Merge pull request #579 from grooverdan/squirrelmail 
ENH: Squirrelmail filter
 2014-01-13 02:19:34 -08:00
Daniel Black 812463003d Merge pull request #582 from grooverdan/postfix 
ENH: add improper command pipelining postfix filter
 2014-01-13 02:18:57 -08:00
Daniel Black 08b4f3e5f2 Merge branch 'patch-5' of https://github.com/truxoft/fail2ban into exim-auth 2014-01-13 19:26:12 +11:00