github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
4,324 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

1167 Commits (abb2feafe7e186833221e27fe2ddeb87d7080ef0)

Author SHA1 Message Date
Viktor Szépe 0d8968daa9 Added CloudFlare API error codes URL 2015-09-30 16:07:45 +02:00
Yaroslav Halchenko ff06176e9e Merge remote-tracking branch 'origin/master' into enh-split-comma 
* origin/master:
  DOC: changelog for the timeout change
  Set Timeout at urlopen to 3 seconds
  README :: init/service example mentions debian based systems as the example
  README :: fitted paragraph style
  BF: disable testing on python 3.2 until coverage gets a fix
  README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
  Set Timeout at urlopen to 3 seconds
 2015-09-27 00:52:14 -04:00
M. Maraun 2895d981fa Set Timeout at urlopen to 3 seconds 2015-09-26 21:26:55 +02:00
Yaroslav Halchenko 8cf614e221 ENH: allow to split ignoreip by space and/or comma (Closes #1197) 
Way too many people ran into this gotcha, so lets just do it
 2015-09-23 12:13:52 -04:00
Yaroslav Halchenko 55e542b273 Merge remote-tracking branch 'pr/1170/head' -- opensuse paths 
* pr/1170/head:
  Updated ChangeLog regarding openSUSE's path config
  Added configuration for opensuse path
 2015-09-17 21:59:45 -04:00
Edward Beckett 835b3ff483 Update apache-badbots.conf 
Useragent strings including `+http` need to be escaped to be valid.
 2015-09-05 00:12:28 -04:00
weberho f7af93a677 Added configuration for opensuse path 2015-08-26 15:25:59 +02:00
weberho d278fbca30 Fixed line suspected to be faulty 2015-08-26 14:48:55 +02:00
Yaroslav Halchenko c37009aec7 Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban 
* 'grep-m1k' of github.com:szepeviktor/fail2ban:
  Limit the number of log lines in *-lines.conf actions

Conflicts:
  ChangeLog -- took both versions and adjusted the new one
  for -n 1000 change
 2015-07-27 22:37:46 -04:00
Yaroslav Halchenko 38c320798d Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122 
WIP ENH Add <lockingopt> (Close: #1122) and <iptables> to define the iptables call
 2015-07-27 22:30:54 -04:00
Yaroslav Halchenko 0041bc3770 DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description 2015-07-26 23:10:08 -04:00
Yaroslav Halchenko de2f9504c0 Merge pull request #978 from ediazrod/patch-2 
shorewall-ipset-proto6.conf for shorewall
 2015-07-26 23:00:58 -04:00
Yaroslav Halchenko 65cd218e10 Merge remote-tracking branch 'origin/master' 
* origin/master:
  ipjailmatches is on one line with its description in man jail.conf
  Added a space between IP address and the following colon
 2015-07-26 22:47:43 -04:00
Viktor Szépe c8b3ee10a0 Limit the number of log lines in *-lines.conf actions 2015-07-27 02:35:21 +02:00
Thomas Mayer a19cb1b2b9 Merge 923d807ef8 into cf2feea987 2015-07-25 01:23:39 +00:00
Yaroslav Halchenko 3c0d7f5a4c BF: do not wrap iptables into itself. Thanks Lee 2015-07-24 11:59:53 -04:00
Viktor Szépe ebdfbae559 Added a space between IP address and the following colon 2015-07-24 09:33:47 +02:00
Yaroslav Halchenko 749d3c160c BF: symbiosis-blacklist-allports now also requires iptables-common.conf 2015-07-23 21:53:37 -04:00
Yaroslav Halchenko 916937bb6a RF: use <iptables> to take effect of it being a parameter 2015-07-23 21:38:10 -04:00
Yaroslav Halchenko 31dc4e2263 ENH: added lockingopt option for iptables actions, made iptables cmd itself a parameter 2015-07-23 21:34:20 -04:00
Yaroslav Halchenko 7a011fca1b DOC: adjusted comment in pass2allow-ftp to my suggested wording 2015-07-16 21:55:20 -04:00
Viktor Szépe 948b12e5df Fixed definition of knocking_url for pass2allow 2015-07-14 18:35:51 +02:00
Viktor Szépe b638e807ad Explicitly stating that knocking_url needs to be customized 2015-07-13 18:12:04 +02:00
Viktor Szépe 586703dcc2 Test, changelog and fixes to pass2allow 2015-07-13 16:46:04 +02:00
Viktor Szépe 5b7e1de2f4 Instead of allow-iptables-multiport actions swap blocktype and (new) returntype 2015-07-11 18:20:09 +02:00
Viktor Szépe 5d60700c0c Added pass2allow (knocking with fail2ban) 2015-07-10 16:22:43 +02:00
Viktor Szépe a3b8257b73 Add HEAD method verb to apache-badbots, nginx-badbots 2015-07-07 17:45:40 +02:00
Yaroslav Halchenko 8c4c17a880 Merge pull request #1004 from tsabi/fix-lc_time 
Fix of LC_TIME usage, it should be LC_ALL
 2015-07-05 21:36:37 -04:00
Yaroslav Halchenko e38b4b8cb3 Merge pull request #1051 from leeclemens/bf/roundcube 
Update regex to work with roundcube 1.0.5 and 1.1.1
 2015-07-05 21:35:49 -04:00
Lee Clemens 3e902d7b3a Define roundcube_errors_log in paths-common.conf 
Remove from paths-debian
 2015-07-04 14:46:31 -04:00
Lee Clemens fdc3172aec Fix PEP8 E302 expected 2 blank lines, found X 2015-07-04 13:47:40 -04:00
Lee Clemens f7444f16b8 Add optional session id prefix for roundcube 1.1.1 2015-07-04 11:06:51 -04:00
Lee Clemens 2796534a5d Update regex to work with roundcube 1.0.5 on CentOS 6 2015-07-04 11:02:04 -04:00
Viktor Szépe b65a8b065d Other actions do not dive into this gory descriptions, but we do. 2015-07-03 19:17:50 +02:00
Viktor Szépe 2063ce4b23 All the arguments must be listed in [Init] 2015-07-01 14:48:44 +02:00
Viktor Szépe 79457112e9 Updated CF action 2015-07-01 09:38:36 +02:00
Yaroslav Halchenko 345820d2aa Merge pull request #1056 from ipoddubny/asterisk_security_log 
Fix support for Asterisk security log
 2015-05-25 12:50:13 -04:00
Yaroslav Halchenko f41872f034 Merge pull request #1013 from szepeviktor/patch-4 
Non-US locale warning for proftpd
 2015-05-25 10:51:51 -04:00
Yaroslav Halchenko eb091d9b8c Merge remote-tracking branch 'origin/master' into pr-1039 
* origin/master:
  minor: no tripple empty lines
  add froxlor-auth filter and jail
  add froxlor-auth filter and jail 0
  add froxlor-auth filter and jail
  BF: Fix fail2ban-regex not parsing journalmatch correctly
 2015-05-25 10:50:34 -04:00
Yaroslav Halchenko 8c4d4aa7fb minor: no tripple empty lines 2015-05-25 10:42:19 -04:00
Joern Muehlencord 4296d1a9a9 add froxlor-auth filter and jail 2015-05-25 13:51:06 +02:00
Joern Muehlencord 964cdb5d9b add froxlor-auth filter and jail 2015-05-25 13:44:50 +02:00
Ivan Poddubny 7a4e6fa6e5 Asterisk security log: add support for websocket protocol events 
Thanks to @kcormier.
 2015-05-25 08:13:30 +03:00
Ivan Poddubny 988d9a08da Asterisk security log: accept events containing Response/ExpectedResponse 
Event containing Challenge may come without ReceivedChallenge, but with
Response and ExpectedResponse.
Also Challenge now accepts '/' character, since it is used at least by PJSIP.
 2015-05-25 08:12:51 +03:00
Ivan Poddubny 189265a323 Asterisk security log: accept SessionID of PJSIP events 
Unlike chan_sip and manager, PJSIP populates SessionID using
Call-Id header of a related SIP message.
As Call-Id of a SIP message can contain almost anything,
the regular expression for SessionID has been loosened.
 2015-05-25 08:11:34 +03:00
Ivan Poddubny ab2ac1a367 Asterisk security log: accept <unknown> in AccountID 2015-05-24 12:47:55 +03:00
Ivan Poddubny 977f9955e7 Asterisk security log: accept EventTV in ISO8601 
Asterisk uses ISO8601 dates in security log since version 12.

Closes #988
 2015-05-24 12:46:54 +03:00
Anton Shestakov 56e5821c06 Match unknown user in dovecot's passwd-file auth database 2015-04-30 16:53:10 +08:00
Aaron Brice 7ae0ef2408 Fix actions in ufw.conf 
On Ubuntu 15.04 the ufw action was not working.
- With empty <application>, receiving errors:

2015-04-24 16:28:35,204 fail2ban.filter         [8527]: INFO    [sshd] Found 43.255.190.157
2015-04-24 16:28:35,695 fail2ban.actions        [8527]: NOTICE  [sshd] Ban 43.255.190.157
2015-04-24 16:28:35,802 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stdout: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stderr: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- returned 1

- With action = ufw[application=OpenSSH], it was silently not doing
  anything (no errors after "Ban x.x.x.x", but no IP addresses in ufw
  status).

Re-arranged the bash commands on two lines, and it works with or without
<application>.
 2015-04-28 11:39:00 -07:00
Lee Clemens 8f792f52fb Add drupal-auth filter and jail 2015-04-27 13:10:27 -04:00
Lee Clemens b530d88eca Merge remote-tracking branch 'upstream/master' into bf/1000-asteriskBlocksSelf 
Conflicts:
	ChangeLog
 2015-04-26 15:13:59 -04:00
Markus Oesterle f8c7247f42 added \s after host 2015-04-17 10:22:01 +02:00
Markus Oesterle 5f2807b41f replaced .* before rhost with regex matching all the previous fields 2015-04-17 10:04:35 +02:00
Markus Oesterle 8825a5f31b updated filter.d/sshd.conf 
Added line to match sshd auth errors on OpenSuSE systems
 2015-04-16 19:48:28 +02:00
Viktor Szépe e776a4e1ab Update proftpd.conf 2015-04-08 15:57:39 +02:00
Viktor Szépe f9e8a99a79 Non-US locale warning for proftpd 2015-04-06 17:04:41 +02:00
Thomas Mayer 923d807ef8 use human-readable variable names (issue #1003) 2015-03-29 18:18:30 +02:00
Thomas Mayer 675c3a7c95 use printf instead of echo for POSIX compatibility (issue #1003) 2015-03-29 18:08:47 +02:00
Thomas Mayer ac1e41ea70 Revert "remove '-ne' option as it's not interpreted any way (issue #1003)" 
This reverts commit 4a598070c8.
 2015-03-29 17:54:25 +02:00
Thomas Mayer 4a598070c8 remove '-ne' option as it's not interpreted any way (issue #1003) 2015-03-28 06:58:01 +01:00
Thomas Mayer 80f11a4d28 Add empty Init Section to pass tests (issue #1003) 2015-03-27 18:36:09 +01:00
Thomas Mayer c9b24839e4 Character detection heuristics for whois output via optional setting in mail-whois*.conf (Closes #1003) 
when set by user,
 - detects character set of whois output (which is undefined by RFC 3912) via heuristics of the file command
 - converts whois data to UTF-8 character set with iconv
 - sends the whois output in UTF-8 character set to mail program
 - avoids that heirloom mailx creates binary attachment for input with unknown character set
 2015-03-27 14:27:41 +01:00
Csaba Tóth 0720c831b7 Fix of LC_TIME usage, it should be LC_ALL 2015-03-26 03:02:02 +01:00
Lee Clemens 72f4bcfbff Match hacking attempt IP instead of asterisk server IP (closes #1000) 2015-03-24 19:03:26 -04:00
Yaroslav Halchenko d28880fdca Merge pull request #997 from yarikoptic/bf/long-purge-for-recidive 
DOC: make a warning for recidive jail to increase dbpurgeage (Closes #964)
 2015-03-23 21:30:04 -04:00
ediazrod 5fdd1d1ded Update shorewall-ipset-proto6.conf 2015-03-23 00:56:37 +01:00
ediazrod e26a1ad6b6 Update shorewall-ipset-proto6.conf 2015-03-23 00:55:06 +01:00
Yaroslav Halchenko 56aacf872c Merge pull request #952 from ache/master 
Update bsd-ipfw.conf
 2015-03-21 21:46:54 -04:00
Yaroslav Halchenko 02836b599c Added a comment about systemd backend for jails with logs outside of journal (Closes #959) 2015-03-21 21:25:50 -04:00
Yaroslav Halchenko 320a28a4a4 DOC: make a warning for recidive jail to increase dbpurgeage (Closes #964) 2015-03-21 20:50:03 -04:00
ediazrod d0887f3234 This is a especific configuration for shorewall ipset proto6 
Use ipset proto6 in shorewall. You must follow the rules to enable ipset in you blacklist

if you have a lot of spam (my case) is better use ipset rather than shorewall command line (is my firewall)
stop fail2ban with shorewall on one list of 1000 Ips takes 5 min with ipset in shorewall 10 sec.
 2015-02-26 18:48:31 +01:00
Yaroslav Halchenko e788e3823e Merge pull request #965 from TorontoMedia/master 
Split output of firewallcmd list into separate lines for grepping (Close #908)
 2015-02-14 16:06:10 -05:00
TorontoMedia b4f1f613bb Update firewallcmd-allports.conf 2015-02-14 12:32:36 -05:00
TorontoMedia 0fac7e40b6 Update firewallcmd-multiport.conf 2015-02-14 12:31:33 -05:00
Yaroslav Halchenko 07b0ab07ad Merge branch 'master' of https://github.com/rumple010/fail2ban 
* 'master' of https://github.com/rumple010/fail2ban:
  Changed default TTL value to 60 seconds.
  Added a reminder to create an nsupdate.local file to set required options.
  Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf.
  add nsupdate action

Conflicts:
	ChangeLog
 2015-02-14 09:32:05 -05:00
Yaroslav Halchenko d5e68abf95 ENH: check badips.com response on presence of "categories" in it 
As https://travis-ci.org/fail2ban/fail2ban/jobs/50609529 query might fail in
that response would not contain "categories".  With this change we will handle
it explicitly and will spit out ValueError, providing information about
the response so it could be troubleshooted
 2015-02-13 08:55:35 -05:00
Ache ae1451b29f Update bsd-ipfw.conf 
Deleting not existent is not error.
Adding already present is not error.
Otherwise all those entries becomes stale forever, not removed and its number increases over time.
 2015-02-08 15:55:32 +03:00
Yaroslav Halchenko 3fb2becddb Merge pull request #949 from leeclemens/enh/configSyslogSocket 
Configure Syslog Socket Path (closes #814)
 2015-02-06 20:08:15 -05:00
Lee Clemens 6268eb32be Use syslogsocket value "auto" to determine syslog socket's path 2015-02-06 19:14:09 -05:00
Luke Hollins 549ab24e70 Fixed grammatical error in emails sent 2015-02-06 11:47:03 -05:00
Yaroslav Halchenko 119a7bbb16 Merge pull request #939 from szepeviktor/geoip 
Added sendmail-geoip-lines.conf
 2015-02-06 11:32:41 -05:00
Viktor Szépe 4c88a00c28 Line notes implemented 2015-02-06 17:22:30 +01:00
Lee Clemens 445fd7367f Configure Syslog Socket Path 2015-02-05 23:44:57 -05:00
František Šumšal eb0d086ed0 Merge branch 'master' into nginx-botsearch 2015-02-04 02:13:33 +01:00
František Šumšal 1c6d2074fb Changed default settings for nginx-botseach filter 2015-02-04 01:48:59 +01:00
Orion Poplawski e7ff7e90b7 [postfix-sasl] update regexes 
- Add : to match "SASL LOGIN authentication failed: Password:"
- Add ignoreregex to ignore system authentication issues:
  "warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Connection lost to authentication server"
- Add test log messages for both
 2015-02-03 11:30:16 -07:00
František Šumšal fb0f463eac Include consistency 2015-02-03 15:54:05 +01:00
František Šumšal 705718be52 Filter apache-botsearch.conf now loads variables from botsearch-common.conf 2015-02-03 04:44:33 +01:00
František Šumšal 18778d9174 Created botsearch-common.conf 
File contains variables used in -botsearch filters
 2015-02-03 04:25:47 +01:00
Yaroslav Halchenko 73af02ffc6 Merge pull request #940 from leeclemens/ENH/ApacheFakeGoogleBot 
New jail: apache-fakegooglebot
 2015-02-02 21:44:04 -05:00
Yaroslav Halchenko df581fe6e2 Merge pull request #929 from opoplawski/pam_auth 
Add filter variable __pam_auth to allow customize for setups with multiple authorization schemes (Close #928)
 2015-02-02 21:42:10 -05:00
Yaroslav Halchenko 7ada96b4e9 Merge pull request #932 from opoplawski/dovecot 
Dovecot - dovecot auth failure from EL7
 2015-02-02 21:37:28 -05:00
František Šumšal f8fe165cd2 Switched from tabs to spaces for indents 2015-02-03 03:35:22 +01:00
Yaroslav Halchenko 8f6d9c6a5a Merge branch 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban 
* 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban:
  fixed typos, thanks szepeviktor for review
  ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)

Conflicts:
	ChangeLog
 2015-02-02 21:21:44 -05:00
Lee Clemens 841c476045 Merge branch 'enh/fakegooglebot' of https://github.com/yarikoptic/fail2ban into yarikoptic-enh/fakegooglebot 
Conflicts:
	config/filter.d/ignorecommands/apache-fakegooglebot
 2015-02-02 13:01:23 -05:00
Yaroslav Halchenko 15b65c7ad2 NF: apache-fakegooglebot ignorecommand + DNSUtils.ipToName 2015-02-02 12:19:20 -05:00
Lee Clemens 7e94ba6f0c Remove implementation specific suffix 2015-02-02 11:43:05 -05:00
Lee Clemens 854915920f Remove implementation specific suffix 2015-02-02 11:38:23 -05:00
Lee Clemens af078532ac New jail: apache-fakegooglebot 
Detects fake googlebot user agents in apache access log
 2015-02-02 00:42:01 -05:00
Viktor Szépe 1619ab3145 Added sendmail-geoip-lines.conf 2015-02-01 00:06:56 +01:00
Yaroslav Halchenko ec6a30efcf ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934) 2015-01-30 10:38:28 -05:00
František Šumšal c8e82f18b6 Add jail nginx-botsearch 
Jail blocks requests for predefined non-existent folders. Based on
apache-botsearch jail.
 2015-01-29 17:57:52 +01:00
Orion Poplawski b4776a1ba0 Match dovecot unknown user line 2015-01-29 09:37:37 -07:00
Orion Poplawski 3bc92610f7 Add dovecot auth failure from EL7 2015-01-29 09:11:59 -07:00
Andrew St. Jean 6bdfe756cf Changed default TTL value to 60 seconds. 2015-01-28 22:46:43 -05:00
Orion Poplawski 79b5a2617f Add filter variable __pam_auth to allow easier changing of pam auth backend 2015-01-27 14:34:27 -07:00
Andrew St. Jean 43732acae1 Added a reminder to create an nsupdate.local file to set required options. 2015-01-26 21:48:16 -05:00
Yaroslav Halchenko 085d0f72ed ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z) 2015-01-26 09:19:44 -05:00
Yaroslav Halchenko 65980a70fc Merge branch 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban 
* 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban:
  use iptables-allports for recidive

Conflicts:
	ChangeLog
 2015-01-26 09:04:42 -05:00
rumple010 eb76dcd5a0 add nsupdate action 
Adds a new action file that uses nsupdate to dynamically update a BIND
zone file with a TXT resource record representing a banned IP address.
Resource record is deleted from the zone when the ban expires.
 2015-01-25 23:15:07 -05:00
sebres 12e3cca3f2 port[s] typo fixed in jail.conf/nginx-http-auth, issue gh-913 2015-01-19 10:28:53 +01:00
Yaroslav Halchenko 083031524d BF: adding missing Definition section header to firewallcmd-allports 2015-01-08 21:14:50 -05:00
TorontoMedia d7b7f4bc91 Update firewallcmd-allports.conf 2015-01-08 21:06:43 -05:00
Lee Clemens 77677e43df Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL 2015-01-07 20:39:04 -05:00
Lee Clemens bda8dc1926 Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL 2015-01-03 15:29:42 -05:00
TorontoMedia 7eed55266b Created firewallcmd-multiport 2015-01-01 12:46:48 -05:00
TorontoMedia 9f91cb2fd8 Created firewallcmd-allports 2015-01-01 12:44:34 -05:00
TorontoMedia 50e5fd9ed7 Create firewallcmd-multiport.conf 2015-01-01 05:32:41 -05:00
TorontoMedia 591e444753 Create firewallcmd-allports.conf 2015-01-01 05:32:06 -05:00
Lee Clemens 0f48cf4284 loosen up regex for spamhaus (spamcop says "Blocked" as part of url) 2014-12-30 19:14:39 -05:00
Lee Clemens fe72a5585c Create Jail for Postfix based on RBL 
Use RBL blocks to ban addresses, unique Jail so maxretry can be set to 1 (vs postfix.conf)
 2014-12-30 19:06:17 -05:00
Lee Clemens 2d7429c47c Add 'Client host rejected error message' regex 
Not sure if it was reworded (using Postfix 2.6) or a slightly different error, but I only have "Client host rejected: cannot find your hostname"
 2014-12-30 18:05:19 -05:00
Viktor Szépe 81b3dbde1d postfix-sasl failregex case insensitive 2014-12-11 00:10:37 +01:00
bes-internal ccc986b7d8 exim filter: correct failregex for exim with extended log options 
incoming_interface, incoming_port, outgoing_port
 2014-12-04 13:34:44 +03:00
Orion Poplawski d8867807f5 Separate php-url-fopen logpath by newline 2014-11-28 22:04:09 -07:00
Guillaume FRANCOIS a6a2dc868b Add ignoreregex to avoid warning on start 2014-11-12 11:05:56 +01:00
Guillaume FRANCOIS 9269664350 Add ignoreregex to avoid warning on start 2014-11-12 10:30:28 +01:00
Yaroslav Halchenko 2a3790f8e8 use iptables-allports for recidive 2014-11-04 13:24:54 -05:00
Yaroslav Halchenko 967485c2d0 improving grepping 2014-10-29 23:14:47 -04:00
Yaroslav Halchenko efbf5064a1 Merge pull request #807 from xslidian/patch-1 
grep IP at the start of lines
 2014-10-29 23:07:10 -04:00
Orion Poplawski 01b2673e34 Use multiport for firewallcmd-new 2014-10-29 16:27:37 -06:00
Yaroslav Halchenko 36abb5ed96 BF: fix $ for % in jail.conf. Debian bug #767255 2014-10-29 13:08:51 -04:00
pacop e3a037ee3f merge master 2014-10-25 18:15:34 +02:00
pacop ce4f2d1c88 added filter for PortSentry with jail and samples 2014-10-04 15:08:12 +02:00
SlowRiot fc5f729f01 adding jail conf for shellshock filter 2014-09-26 16:37:50 +01:00
SlowRiot 4f636eb0e3 adding filter to detect Shellshock attack attempts against bash scripts through apache. See http://seclists.org/oss-sec/2014/q3/650 2014-09-26 16:25:07 +01:00
Nick Weeds 2c158fe168 Add apache filter for AH01630 client denied by server configuration 2014-09-14 21:54:05 +01:00
Yaroslav Halchenko 0e1f8f7f39 RF: remove those two additional failregexes for the postfix 
see comment
https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426
 2014-09-13 10:25:27 -04:00
Yaroslav Halchenko 96c20c8379 Merge pull request #804 from pleasantone/master 
Add support for postfix/submission/smtpd matching.
 2014-09-13 10:24:06 -04:00
Yaroslav Halchenko c58c4de9bc ENH: add empty ignoreregex to avoid a warning (Close #805) 2014-09-13 10:18:37 -04:00
Dean Lee ba44ff312b grep IP at the start of lines 
I'm not sure if this regex works best, so I'm patching this single file as a sample.

Don't forget to update `mail-whois-lines.conf` after this patch got merged.

For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
 2014-09-09 14:55:34 +08:00
Paul Traina 249e169d8e Update test cases and also suport smtps per request. 2014-09-08 11:53:51 -07:00
Daniel Black 1864f75b3b Credits and notes from #806 2014-09-08 19:02:37 +10:00
weberho d2c086b187 fixed encoding 2014-09-08 10:26:08 +02:00
weberho 218ffe862e fixed encoding 2014-09-08 10:23:07 +02:00
Paul Traina 544cfaff2c Add support for postfix/submission/smtpd matching. 2014-09-06 10:23:38 -07:00
Yaroslav Halchenko 0d9cfb84e3 Merge pull request #778 from yarikoptic/enh/symbiosis 
ENH: symbiosis-blacklist-allports action
 2014-08-20 23:00:11 -04:00
Yaroslav Halchenko 426ed7ff2f Merge pull request #780 from opoplawski/logpath 
Fxi jail.conf to use more syslog macros
 2014-08-20 22:59:23 -04:00
Yaroslav Halchenko 93243e7d57 ENH: Ignore errors while unbaning in symbiosis firewall 
Fail2Ban at times "interfers" with the firewall reflashing thus leading
to the sporadic errors.  IMHO should be safe to ignore
 2014-08-12 11:57:07 -04:00
Luc Maisonobe 763115b1eb added systemd configuration for postfix-sasl.conf 2014-08-11 21:54:27 +02:00
Yaroslav Halchenko aee560b1c6 Merge branch 'master' of git://github.com/fail2ban/fail2ban 
* 'master' of git://github.com/fail2ban/fail2ban:
  1.5 version of Fail2ban logwatch file
  Fix typos.
 2014-08-11 13:10:02 -04:00
Yaroslav Halchenko 6fc04c2256 Merge branch 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban (with some tune up to Changelog entry) 
* 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban:
  ENH: cyrus-imap -- catch also 'user not found' attempts
  BF: cyrus-imaps -- catch also for secured daemons

Conflicts:
	ChangeLog
 2014-08-11 13:09:43 -04:00
Yaroslav Halchenko f403bad0ab Merge pull request #775 from alimony/patch-1 
Fix typos.
 2014-08-11 13:08:30 -04:00
Yaroslav Halchenko b79a82ebdd minor typo 2014-08-08 15:57:41 -04:00
Orion Poplawski 6b554fbe98 Fxi jail.conf to use more syslog macros 2014-08-08 13:27:32 -06:00
Yaroslav Halchenko 818dd59d65 ENH: symbiosis-blacklist-allports action 2014-08-08 11:57:30 -04:00
Markus Amalthea Magnuson 7b76322898 Fix typos. 2014-08-02 12:21:59 +02:00
Yaroslav Halchenko 4a23a7dcf1 Merge pull request #766 from leftyfb/master 
Added cloudflare action
 2014-07-28 15:34:09 -04:00
leftyfb 6dbd449f77 Changed to Cloudflare JSON API 2014-07-28 11:10:50 -04:00
Jisoo Park 2e7b8adb3b Fix sieve filter to use correct option 2014-07-28 23:42:02 +09:00
Yaroslav Halchenko f19c5fc939 Merge pull request #770 from eltrai/master 
Forwards bantime to action scripts
 2014-07-28 10:17:08 -04:00
Yaroslav Halchenko f9cfbd66e6 Merge pull request #771 from szepeviktor/patch-1 
named users + smtp auth probes
 2014-07-28 10:14:18 -04:00
Szépe Viktor 143a55bf26 Update courier-smtp.conf 2014-07-28 12:51:38 +02:00
Yaroslav Halchenko 2d7f2fa33f Merge pull request #756 from marclaporte/patch-1 
typo
 2014-07-27 21:49:24 -04:00
Yaroslav Halchenko 45c1095606 Merge pull request #750 from niorg/master 
Added Directadmin filter, jail and log test
 2014-07-27 21:47:07 -04:00
Yaroslav Halchenko 3339dc8d84 ENH: cyrus-imap -- catch also 'user not found' attempts 2014-07-25 10:13:04 -04:00
Yaroslav Halchenko 3e5c598b79 BF: cyrus-imaps -- catch also for secured daemons 2014-07-25 10:02:40 -04:00
Szépe Viktor d757ef584f Update courier-smtp.conf 2014-07-20 21:09:10 +02:00
Szépe Viktor a786e8a29b named users + smtp atuh probes 2014-07-20 19:59:54 +02:00
Pierre-Alain Dupont 3d7504c19e Forwards bantime to action scripts 
That way, ipset and afctl will use a real timeout and not default to a fixed value for all jails
 2014-07-20 16:25:59 +02:00
leftyfb cba570cabd Updated comments 2014-07-17 23:49:35 -04:00
leftyfb 5471e99ebe Added cloudflare action 2014-07-17 22:54:30 -04:00
Yaroslav Halchenko 6cddc65cee BF: path to exim's mainlog on Fedora (Thanks Frantisek Sumsal) + changelog entry 2014-07-14 12:16:12 -04:00
Yaroslav Halchenko 43950d8b7e BF: fix path to the exim log on Debian systems (/var/log/exim4) 2014-07-08 11:09:25 -04:00
Marc Laporte 3777591ab0 typo 2014-07-05 11:55:57 -04:00
Cyril Roos add8e61036 Added Directadmin filter, jail and log test 2014-07-02 13:52:06 +02:00
Yaroslav Halchenko 0adb10f653 Merge branch 'ainfo-copy' of https://github.com/kwirk/fail2ban 
* 'ainfo-copy' of https://github.com/kwirk/fail2ban:
  TST: actions modifying aInfo test more robust
  TST: Test for actions modifying (un)ban aInfo
  BF: aInfo could be modified by actions, causing unexpected behaviour
 2014-06-22 10:53:30 -04:00
Steven Hiscocks 2d54161696 Merge branch 'kwirk/harmonize-log-msgs' 
Conflicts:
	ChangeLog - Keep all additions
 2014-06-22 12:57:49 +01:00
Steven Hiscocks 76a5633ff9 Merge pull request #739 from ranvis/enh-iptables-ipsets 
ENH: Add <chain> to iptables-ipsets.
 2014-06-21 22:48:49 +01:00
SATO Kentaro 65ff3e9604 ENH: Introduce iptables-common.conf. 2014-06-18 19:04:57 +09:00
Steven Hiscocks 94232d7c31 Merge pull request #726 from pmarrapese/master 
Minor improvement to sshd filter
 2014-06-17 23:43:42 +01:00
Steven Hiscocks 8268c1641f BF: aInfo could be modified by actions, causing unexpected behaviour 
A separate copy of aInfo is passed to each action
 2014-06-17 23:24:23 +01:00
Yaroslav Halchenko 93d5c363ca Merge branch 'enh/oracle_msg_server' 
* enh/oracle_msg_server:
  ENH: make oracleims failregex better anchored (more explicit)
  Update oracleims.conf to be 'less greedy'
  Update THANKS
  Update jail.conf for oracleims filter.
  Create test for oracleims filter
  Create oracleims.conf in filter.d for new filter
 2014-06-16 09:22:42 -04:00
SATO Kentaro 1e1c4ac62a ENH: Add <chain> to iptables-ipsets. 2014-06-16 21:30:13 +09:00
Yaroslav Halchenko 994fe77e59 ENH: make oracleims failregex better anchored (more explicit) 2014-06-10 03:52:16 -04:00
JoelSnyder 5165d2f6ea Update oracleims.conf to be 'less greedy' 
This assumes that the protocol is always a string, which it always is, and that the other four fields in the "tr" are always numeric (which they always are).  See port_access documentation at http://docs.oracle.com/cd/E19563-01/819-4428/bgaur/index.html
 2014-06-09 18:44:27 -07:00
JoelSnyder 70ed93d8cc Update jail.conf for oracleims filter. 
This is the jail.conf update.  Hopefully this will go into pull request #734.
 2014-06-09 18:37:31 -07:00
Steven Hiscocks e8131475cd ENH: Realign and harmonise log messages with getF2BLogger helper 2014-06-09 22:17:00 +01:00
Steven Hiscocks db023be09b BF: Fix bad syntax in badips.py action 
Taken from https://bugzilla.redhat.com/attachment.cgi?id=895966&action=diff
 2014-06-07 20:51:53 +01:00
JoelSnyder 9b7c35810a Create oracleims.conf in filter.d for new filter 
Created oracleims.conf to catch messages from Sun/Oracle Communications Messaging Server v6.3 and above (including v7)
 2014-06-02 22:55:59 -07:00
pmarrapese 96918acee4 more explicit match for sshd filter & added test 2014-05-19 20:47:16 -07:00
pmarrapese 46d6e93800 adjusted sshd filter regex to catch more verbose lines 2014-05-18 22:12:54 -07:00
Steven Hiscocks 77ba065571 Merge pull request #697 from jhmartin/monit_admin_hack 
Block brute-force attempts against the Monit gui
 2014-05-07 22:23:01 +01:00
Steven Hiscocks bc10b64c69 ENH: Match non "Bye Bye" for sshd locked accounts failregex 2014-04-27 13:35:55 +01:00
Yaroslav Halchenko 596b819bdc DOC: minor -- tabify docstring in badips.py action 2014-04-23 10:04:17 -04:00
Jason Martin 9c3cb31862 Even stricter monit regex, now covers entire line 2014-04-22 21:29:52 -07:00
Jason Martin 72bfd14330 Tidy up filter.d/monit.conf, make regex more complete. 
Add ChangeLog / THANKS entry.
Add test cases.
 2014-04-19 13:04:03 -07:00
Steven Hiscocks 03d90c2f42 BF: recidive filter and samples at wrong log level: WARNING->NOTICE 2014-04-19 18:07:23 +01:00
Jason Martin 7d112430ca Block brute-force attempts against the Monit gui 2014-04-16 21:21:41 -07:00
Steven Hiscocks d4427e5a76 Merge pull request #683 from yarikoptic/fix/682 
Fix typos referencing  paths-common, provide empty defaults for syslog_ log files (Partial fix to #682)
 2014-04-15 17:14:28 +01:00