github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,412 Commits
33 Branches
229 Tags
20 MiB
Commit Graph

5412 Commits (ad3e0d97c47305ddd7bceae85dab6a3cab3404df)

Author SHA1 Message Date
Bigard Florian f4551d02c9 Fix empty logfile.log in xarf login attack action 
Fix empty 3rd MIME part which contains the attack evidence (logfile.log).
 2017-07-25 13:44:29 +02:00
sebres 1a562bed0f Merge remote-tracking branch 'master' into 0.10 
# Conflicts:
#	config/filter.d/asterisk.conf
 2017-07-19 08:57:23 +02:00
Serg G. Brester babb76cb3c Merge pull request #1839 from sebres/asterisk-patch 
Asterisk improvements
 2017-07-19 08:50:05 +02:00
sebres a5b62a7f36 failregex extended and simplified (partially ported from gh-1409). 2017-07-18 16:34:22 +02:00
sebres 098abae4e6 Remove greedy catch-all before `<HOST>`, make regex more universal, fewer prone to errors (should avoid future changes, if some optional parameters coming again before/after `RemoteAddress`) + non-captured groups now. 
Test for possible injection (5.6.7.8 in session-id) already available, line 59 (thus already covered).
 2017-07-18 16:09:53 +02:00
sebres 2ea22b9d30 test coverage for gh-1427 2017-07-18 15:46:53 +02:00
Kirill 4c0c7b97c0 Update asterisk.conf to new log message 
I got an issue like this:
[2016-05-15 22:53:00] SECURITY[26428] res_security_log.c: SecurityEvent="FailedACL",EventTV="2016-05-15T22:53:00.203+0300",Severity="Error",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x7fb580001518",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/78.129.227.4/62389",SessionTV="1970-01-01T03:00:00.000+0300"

# [sebres] rebased to current master and resolving conflicts.
 2017-07-18 15:40:32 +02:00
Serg G. Brester 34cb55fd91 Merge pull request #1695 from benrubson/issue1693 
Apache, detect syslog prefix
 2017-07-14 02:05:23 +02:00
sebres a12ac4242b ChangeLog updated 2017-07-12 11:59:42 +02:00
sebres 0e33125129 be more precise using common `__prefix_line` expression (set `_daemon` to recognize apache and httpd only) 2017-07-12 11:59:02 +02:00
sebres b561af45ef apache-common.conf: introduced parameter `logging` for possibility to match lines, if apache logs into syslog/systemd journal; 
added test cases to cover `apache-auth[logging=syslog]`.
 2017-07-12 11:45:44 +02:00
benrubson 10cc7e6e59 Apache, detect syslog prefix, add test 2017-07-12 11:39:20 +02:00
benrubson b662cf03ac Apache, detect syslog prefix, simple example 2017-07-12 11:36:34 +02:00
Serg G. Brester 6c030c5e10 Merge pull request #1717 from szepeviktor/patch-11 
Updated xarf-specification repo URL in xarf action
 2017-07-12 09:54:15 +02:00
Serg G. Brester 99b668a3cc Merge pull request #1390 from khumarahn/xxx 
ensure /var/run/fail2ban is created in systemd service file
 2017-07-11 15:53:42 +02:00
Serg G. Brester 4126b16e7c Merge pull request #1828 from sebres/filter-ejabberd-auth-gh-993 
Accept new format for filter ejabberd-auth
 2017-07-11 15:43:28 +02:00
Serg G. Brester 5dcbcb99b9 Merge pull request #1648 from hlein/master 
gentoo-initd: wait up to 30 seconds on "stop" to avoid errors.
 2017-07-11 15:41:48 +02:00
sebres c9385a2e04 ChangeLog updated 2017-07-11 15:28:04 +02:00
sebres 7217ef5c9e filter.d/ejabberd-auth.conf: fixed ejabberd filter - accept new log-format with `wait_for_sasl_response` instead of `wait_for_feature_request` + optional part "IP " (gh-993) 2017-07-11 15:25:51 +02:00
Serg G. Brester ad9f364800 Merge pull request #1827 from sebres/filter-roundcube-fix-gh-1303 
Filter roundcube: fixed gh-1303 - X-Real-IP or/and X-Forwarded-For after host
 2017-07-11 15:21:04 +02:00
sebres ea3a6aa971 ChangeLog updated 2017-07-11 15:02:59 +02:00
sebres dae4988aea filter.d/roundcube-auth.conf: fixes failregex not working with `X-Real-IP` or/and `X-Forwarded-For` (gh-1303) 2017-07-11 14:59:24 +02:00
sebres 00456b8270 review: documentation, small enhancement of `fail2ban-client` to test time abbreviation format: 
fail2ban-client --str2sec 1d12h30m
 2017-07-11 14:03:00 +02:00
sebres 89f2dbb97b small bug fix (missing `-` by option `--timeout`, wrong module reference) 2017-07-11 14:01:42 +02:00
Serg G. Brester d334a36a60 Merge pull request #1825 from sebres/_0.10/postfix-filter-opti 
0.10 - postfix filter optimizations
 2017-07-11 12:34:56 +02:00
sebres cf3b8f63f6 coverage fix 2017-07-11 12:16:12 +02:00
sebres e26cc5de45 restore backwards compatibility (jail postfix-sasl); changelog update 2017-07-11 11:57:48 +02:00
sebres aa92b68d4a filter.d/postfix.conf: normalized several postfix-filters using parameter `mode` (as discussed in gh-1813); 
introduced parameter `mode`: more (default, combines normal and rbl), auth, normal, rbl, ddos, extra or aggressive (combines all)
replacement for gh-1239, gh-1697, gh-1764; closes gh-1245, gh-1297.
 2017-07-10 20:49:28 +02:00
sebres 36d42d7f0b SampleRegexsFactory: introduce opportunity to supply multiple options combinations (check lines using filters with several options), see for example filter sshd.conf 2017-07-10 19:57:02 +02:00
sebres d32a3913cf postfix postscreen (resp. other RBL's compatibility fix) / gh-1764 2017-07-10 15:38:24 +02:00
Serg G. Brester 57ea38c342 Update paths-debian.conf 
Fixed mail.log path since in the default rsyslog configuration of debians the `mail.warn` is commented now (see `/etc/rsyslog.d/50-default.conf`: `#mail.warn -/var/log/mail.warn`).
Closes gh-1687
 2017-07-05 19:57:30 +02:00
sebres 546cd55342 Merge branch 'master' into 0.10 2017-07-03 13:02:25 +02:00
Serg G. Brester d05d9f4c28 Merge pull request #1816 from sebres/fix-gh-1302 
filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed
 2017-07-03 12:59:46 +02:00
sebres a1d0633e69 filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302): 
- optional space between NOTICE and pid;
- optional part "Host " before IP-address;
 2017-07-03 12:57:28 +02:00
sebres 33fcf8d809 Merge branch 'master' into 0.10 2017-07-03 12:43:48 +02:00
sebres 9f55ed86df fixed testCymruInfoNxdomain (since cymru does not provide ASN mapping info for "10.0.0.0" anymore) 2017-07-03 12:41:54 +02:00
Serg G. Brester 1307e0a5b9 Merge pull request #1760 from szepeviktor/patch-12 
Courier may complain about the method only
 2017-07-03 12:00:36 +02:00
Serg G. Brester 205edff65d Merge pull request #1690 from chtheis/master 
#1689: Make lowest rule number in action.d/bsd-ipfw.conf configurable
 2017-07-01 17:16:50 +02:00
Serg G. Brester f27e053592 Update bsd-ipfw.conf 
increased starting rule number (lowest_rule_num = 111)
 2017-07-01 17:10:53 +02:00
Serg G. Brester 001c0898d6 Merge branch 'master' into master 2017-06-30 18:07:38 +02:00
Serg G. Brester 6110ba9cc3 filter.d/proftpd.conf: added option `journalmatch` for systemd backend (closes gh-1613) 2017-06-30 18:00:01 +02:00
sebres 5974b0fb35 amend to merge PR gh-1783: restores lost entry `journalmatch` for `filter.d/roundcube-auth.conf` 2017-06-26 11:32:34 +02:00
sebres 37ca4f17c2 filter.d/roundcube-auth.conf: added missing entry `journalmatch` from original gh-1783. 2017-06-26 11:24:10 +02:00
Serg G. Brester 986dd3107d Merge branch '0.10' into patch-12 2017-06-19 18:37:28 +02:00
Serg G. Brester f3ba66d1c6 Merge pull request #1783 from weberhofer/0.10 
filter.d/roundcube-auth.conf: Fixed failregex when logging errors to journal instead to a local file.
Additionally fixes more complex injections on username.
 2017-06-19 18:34:08 +02:00
sebres 9b0f39a17d ChangeLog updated 2017-06-19 18:12:37 +02:00
sebres d3ae70beb6 filter.d/roundcube-auth.conf: Use the same filter-file and jail also when logging errors to journal instead to a local file. 
Additionally fixes more complex injections on username.
 2017-06-19 18:12:13 +02:00
Johannes Weberhofer 691c080dc7 Added roundcube authentication filter, new jail and log-examples 2017-06-19 16:52:42 +02:00
Serg G. Brester 3294840c2a Merge pull request #1801 from jeaye/postfix-updates 
filter.d/postfix.conf: update to the latest postfix logging format
 2017-06-19 16:44:37 +02:00
Serg G. Brester efeca8fdeb postfix.conf: removes unneeded end-anchoring like `.*$`, etc. 
also removes several dynamic content at end, which are of no avail there.
Additionally normalizes optional part (mail-ID) after reason number.
 2017-06-19 16:25:46 +02:00