github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,682 Commits
34 Branches
230 Tags
18 MiB
Commit Graph

3682 Commits (aa158ac05fc8bfcd21c5ba8dac2f77934dc8fbcb)

Author SHA1 Message Date
Bigard Florian f4551d02c9 Fix empty logfile.log in xarf login attack action 
Fix empty 3rd MIME part which contains the attack evidence (logfile.log).
 2017-07-25 13:44:29 +02:00
Serg G. Brester babb76cb3c Merge pull request #1839 from sebres/asterisk-patch 
Asterisk improvements
 2017-07-19 08:50:05 +02:00
sebres a5b62a7f36 failregex extended and simplified (partially ported from gh-1409). 2017-07-18 16:34:22 +02:00
sebres 098abae4e6 Remove greedy catch-all before `<HOST>`, make regex more universal, fewer prone to errors (should avoid future changes, if some optional parameters coming again before/after `RemoteAddress`) + non-captured groups now. 
Test for possible injection (5.6.7.8 in session-id) already available, line 59 (thus already covered).
 2017-07-18 16:09:53 +02:00
sebres 2ea22b9d30 test coverage for gh-1427 2017-07-18 15:46:53 +02:00
Kirill 4c0c7b97c0 Update asterisk.conf to new log message 
I got an issue like this:
[2016-05-15 22:53:00] SECURITY[26428] res_security_log.c: SecurityEvent="FailedACL",EventTV="2016-05-15T22:53:00.203+0300",Severity="Error",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x7fb580001518",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/78.129.227.4/62389",SessionTV="1970-01-01T03:00:00.000+0300"

# [sebres] rebased to current master and resolving conflicts.
 2017-07-18 15:40:32 +02:00
Serg G. Brester 99b668a3cc Merge pull request #1390 from khumarahn/xxx 
ensure /var/run/fail2ban is created in systemd service file
 2017-07-11 15:53:42 +02:00
Serg G. Brester 5dcbcb99b9 Merge pull request #1648 from hlein/master 
gentoo-initd: wait up to 30 seconds on "stop" to avoid errors.
 2017-07-11 15:41:48 +02:00
Serg G. Brester d05d9f4c28 Merge pull request #1816 from sebres/fix-gh-1302 
filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed
 2017-07-03 12:59:46 +02:00
sebres a1d0633e69 filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302): 
- optional space between NOTICE and pid;
- optional part "Host " before IP-address;
 2017-07-03 12:57:28 +02:00
sebres 9f55ed86df fixed testCymruInfoNxdomain (since cymru does not provide ASN mapping info for "10.0.0.0" anymore) 2017-07-03 12:41:54 +02:00
Serg G. Brester 205edff65d Merge pull request #1690 from chtheis/master 
#1689: Make lowest rule number in action.d/bsd-ipfw.conf configurable
 2017-07-01 17:16:50 +02:00
Serg G. Brester f27e053592 Update bsd-ipfw.conf 
increased starting rule number (lowest_rule_num = 111)
 2017-07-01 17:10:53 +02:00
Serg G. Brester 001c0898d6 Merge branch 'master' into master 2017-06-30 18:07:38 +02:00
Serg G. Brester 6110ba9cc3 filter.d/proftpd.conf: added option `journalmatch` for systemd backend (closes gh-1613) 2017-06-30 18:00:01 +02:00
Serg G. Brester d54c40bba5 Merge pull request #1805 from sebres/fix-gh-1790 
filter.d/apache-overflows.conf: rewritten without end-anchor ($)...
 2017-06-15 11:48:45 +02:00
sebres e1234a5249 ChangeLog update 2017-06-15 11:47:16 +02:00
sebres 2b358bc1a4 filter.d/apache-overflows.conf: rewritten without end-anchor ($), because apache-log could contain very long URLs (and/or referrer), the parsing of it anchored way may be very vulnerable (at least as regards the system resources, see gh-1790). 2017-06-15 11:16:19 +02:00
Serg G. Brester 08591a52a4 Merge pull request #1796 from peternowee/fix-dovecot-empty-user 
dovecot: revert `<[^>]+>` back to `<[^>]*>` - allows empty user again [mistakenly changed in 5678d08]
 2017-05-31 19:03:34 +02:00
Peter Nowee b93e47b12f
dovecot: Match also when user field is empty 
Commit 5678d08 of 2016-11-26 changed:

    ( user=<\S*>,)?

to:

    ( user=<[^>]+>,)?

The change from `*` (zero or more times) to `+` (one or more times) may
not have been intended. It will miss lines containing, for example:

    Aborted login (tried to use disallowed plaintext auth): user=<>

This commit reverts the `+` back to `*`.
 2017-05-31 15:54:30 +02:00
Serg G. Brester 5214c1c5d1 Update changelog (gh-1455) 2017-05-30 20:31:48 +02:00
Marcel Bischoff 228d25c548 Update Kerio Connect filter (#1455) 
* Update Kerio Connect filter

Fixed regex for some log entries that did not get recognized and some additional error formats are added.

* Add missing colon, GitHub address

* Add filter tests

* Add missing test
 2017-05-30 20:27:44 +02:00
sebres c7ddf1f940 [systemd-backend] implicit closing journal descriptor by stop filter. 
Partially cherry-picked from 0.10 (d153555a07)
 2017-05-19 15:36:06 +02:00
sebres 0a707d0302 Merge branch 'travis-fix-pypy' 2017-05-15 16:41:22 +02:00
sebres f099558bcf try to fix travis build for pypy3 (after switch to 'pypy3.3-5.2-alpha1' the test cases seems to never run anymore). 2017-05-15 16:32:41 +02:00
Filippo Tessarotto ff1c6718da Postfix RBL: 554 & SMTP 
Cherry-pick of 607568f5da (see gh-1686)
 2017-05-15 14:42:37 +02:00
Yaroslav Halchenko 407b2ea936 life is going on 2017-05-11 11:17:27 -04:00
Yaroslav Halchenko bc60d6feb6 Merge remote-tracking branch 'origin/master' 
* origin/master:
  exim test cases extended: cover short form of the logging (without session-id, gh-1771)
 2017-05-11 11:13:07 -04:00
sebres a5cdb9c977 exim test cases extended: cover short form of the logging (without session-id, gh-1771) 2017-05-11 09:10:45 +02:00
Yaroslav Halchenko 35280044ff Preparing for 0.9.7 release 2017-05-10 21:38:57 -04:00
Yaroslav Halchenko 663d526d74 Added newly added files to MANIFEST 2017-05-10 21:31:09 -04:00
sebres bea3a62a37 update ChangeLog 2017-05-07 14:02:45 +02:00
sebres 0600d51511 filter.d/exim.conf: added new reason for "rejected RCPT" regex: Unrouteable address 2017-05-07 14:02:38 +02:00
sebres 3d64d705f3 try to fix travis integration of pypy3: setuptools recently dropped support for Python 3.0 - 3.2, but old pypy3 based on Python 3.2.5 2017-05-07 13:28:35 +02:00
sebres c546f85207 filter.d/exim.conf: cherry-picked from 0.10, match complex time like `D=2m42s` (closes gh-1766) 2017-05-07 13:02:32 +02:00
Serg G. Brester fafe11d326 Merge pull request #1757 from sebres/0.9-fix-gh-1751 
filter.d/exim.conf: optional part `(...)` by authenticator failed for ...
 2017-04-25 10:05:27 +02:00
sebres 462442a517 Update ChangeLog #1757 2017-04-25 10:04:45 +02:00
sebres 3161bcf78b filter.d/exim.conf: optional part `(...)` after host-name before `[IP]`, normalized over whole config file. 
# Conflicts:
#	config/filter.d/exim.conf
 2017-04-24 19:21:26 +02:00
Yaroslav Halchenko a0cf31903d Merge pull request #1754 from yarikoptic/bf-tzdata 
BF: specify explicit time offset not a time zone name to avoid needing tzdata during testing
 2017-04-17 10:26:37 -04:00
Paul Brook a639f0b083 BF: specify explicit time offset not a time zone name to avoid needing tzdata during testing 2017-04-16 12:11:05 -04:00
sebres 7982d1e627 Update ChangeLog 2017-03-27 11:31:41 +02:00
sebres e8596cfce7 amend resp. restore of change from 59c35bc44a (gh-129): 
- logging of "Log rotation detected" with new MSG level
- introduces new log-level MSG (as INFO-2, 18)
 2017-03-27 11:27:41 +02:00
Serg G. Brester 52c1950371 Update mysqld-auth.conf 
small typo, closes gh-1725 (Thx @seth-reeser)
 2017-03-24 19:03:17 +01:00
Serg G. Brester d3b644acae Merge pull request #1708 from sebres/fix-gh-1707 
filter.d/cyrus-imap.conf: accept entries without login-info resp. hostname before IP address (gh-1707)
 2017-03-09 16:26:06 +01:00
sebres 0f8cb1749f Update ChangeLog 2017-03-09 16:15:45 +01:00
sebres 8768776d68 filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address 2017-03-09 16:13:45 +01:00
Serg G. Brester 2fa18a74c4 Merge branch 'master' into master 2017-02-17 09:06:09 +01:00
Christoph Theis 861ce4177c #1689: Make lowest rule number in action.d/bsd-ipfw.conf configurable 2017-02-14 18:31:42 +01:00
sebres c4dc698d98 evil symlink removed: does not supported by some file systems (e. g. development over net share) 2017-01-23 09:26:05 +01:00
sebres c4d56ea84a Merge branch 'ssh-filter-new-regexp' 2017-01-23 08:58:03 +01:00