github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
2,716 Commits
33 Branches
229 Tags
19 MiB
Commit Graph

476 Commits (b0f26fa391ad2582804fd2b70689b8bb0bcdba3c)

Author SHA1 Message Date
Jisoo Park 2e7b8adb3b Fix sieve filter to use correct option 2014-07-28 23:42:02 +09:00
Yaroslav Halchenko f9cfbd66e6 Merge pull request #771 from szepeviktor/patch-1 
named users + smtp auth probes
 2014-07-28 10:14:18 -04:00
Szépe Viktor 143a55bf26 Update courier-smtp.conf 2014-07-28 12:51:38 +02:00
Szépe Viktor d757ef584f Update courier-smtp.conf 2014-07-20 21:09:10 +02:00
Szépe Viktor a786e8a29b named users + smtp atuh probes 2014-07-20 19:59:54 +02:00
Cyril Roos add8e61036 Added Directadmin filter, jail and log test 2014-07-02 13:52:06 +02:00
Steven Hiscocks 2d54161696 Merge branch 'kwirk/harmonize-log-msgs' 
Conflicts:
	ChangeLog - Keep all additions
 2014-06-22 12:57:49 +01:00
Steven Hiscocks 94232d7c31 Merge pull request #726 from pmarrapese/master 
Minor improvement to sshd filter
 2014-06-17 23:43:42 +01:00
Yaroslav Halchenko 994fe77e59 ENH: make oracleims failregex better anchored (more explicit) 2014-06-10 03:52:16 -04:00
JoelSnyder 5165d2f6ea Update oracleims.conf to be 'less greedy' 
This assumes that the protocol is always a string, which it always is, and that the other four fields in the "tr" are always numeric (which they always are).  See port_access documentation at http://docs.oracle.com/cd/E19563-01/819-4428/bgaur/index.html
 2014-06-09 18:44:27 -07:00
Steven Hiscocks e8131475cd ENH: Realign and harmonise log messages with getF2BLogger helper 2014-06-09 22:17:00 +01:00
JoelSnyder 9b7c35810a Create oracleims.conf in filter.d for new filter 
Created oracleims.conf to catch messages from Sun/Oracle Communications Messaging Server v6.3 and above (including v7)
 2014-06-02 22:55:59 -07:00
pmarrapese 96918acee4 more explicit match for sshd filter & added test 2014-05-19 20:47:16 -07:00
pmarrapese 46d6e93800 adjusted sshd filter regex to catch more verbose lines 2014-05-18 22:12:54 -07:00
Steven Hiscocks 77ba065571 Merge pull request #697 from jhmartin/monit_admin_hack 
Block brute-force attempts against the Monit gui
 2014-05-07 22:23:01 +01:00
Steven Hiscocks bc10b64c69 ENH: Match non "Bye Bye" for sshd locked accounts failregex 2014-04-27 13:35:55 +01:00
Jason Martin 9c3cb31862 Even stricter monit regex, now covers entire line 2014-04-22 21:29:52 -07:00
Jason Martin 72bfd14330 Tidy up filter.d/monit.conf, make regex more complete. 
Add ChangeLog / THANKS entry.
Add test cases.
 2014-04-19 13:04:03 -07:00
Steven Hiscocks 03d90c2f42 BF: recidive filter and samples at wrong log level: WARNING->NOTICE 2014-04-19 18:07:23 +01:00
Jason Martin 7d112430ca Block brute-force attempts against the Monit gui 2014-04-16 21:21:41 -07:00
Yaroslav Halchenko 5bccec61e4 ENH: adding pruned with previous merge trailing \s* in nginx filter 2014-04-03 21:31:46 -04:00
Yung-Chin Oei 941a38ea8e nginx-http-auth: match when "referrer" is present 
A sample log-line is provided.  The updated regex successfully matches
this line.

Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>
 2014-04-04 01:27:39 +01:00
yungchin 6e8c1b2871 nginx-http-auth filter: match server_name = "" 
As documented at
http://nginx.org/en/docs/http/server_names.html#miscellaneous_names "If
no server_name is defined in a server block then nginx uses the empty
name as the server name."  This regex change allows us to match error
output for such a configuration.

The log line added to the tests was lifted from our logs verbatim; it
did not match without the patched regex.

Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>
 2014-04-03 11:04:21 +01:00
Ruben Kerkhof 1695d5c076 Fix a few typos 
Found with https://github.com/lucasdemarchi/codespell

Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
 2014-03-24 13:16:52 +00:00
Steven Hiscocks 6c5a978d6f BF: journalmatch for recidive should be NOTICE level not WARNING 2014-03-15 13:29:44 +00:00
Daniel Black 476d79d3cc ENH: asterisk filter to support syslog format 2014-03-14 09:03:27 +11:00
Daniel Black 50d938e0bf MRG: merge filter sendmail-spam into sendmail-reject 2014-03-02 16:28:23 +11:00
Daniel Black cc8ec826c5 MRG: from master 2014-03-02 2014-03-02 14:33:45 +11:00
Daniel Black 853bed8e4f ENH: more sendmail-reject filter items thanks to fab23 2014-03-02 14:04:27 +11:00
Daniel Black d0ec09a3b5 BF: move to right location 2014-03-01 15:50:30 +11:00
Daniel Black c10cc20928 ENH: rename sendmail-spam to sendmail-reject 2014-02-28 08:41:04 +11:00
Daniel Black d34569fb8d BF: email address as arg1 in sendmail filters 2014-02-27 11:38:23 +11:00
Daniel Black 72c84fe9b0 ENH: wider regex for RBL and sendmail-spam 2014-02-27 10:02:34 +11:00
Daniel Black 3d776afbb0 ENH: add filter for sendmail-{auth,spam}. Closes gh-20 2014-02-26 19:16:49 +11:00
Steven Hiscocks f68d85a6ac Merge branch 'master' into 0.9 
Conflicts:
	ChangeLog
                Spelling correction of 0.8.13 fixed in master
	config/jail.conf
                Added nagios and duplicate php-url removal in master
                Just nagios added, duplicate not issue in 0.9
 2014-02-13 20:14:40 +00:00
Daniel Black c701ac9276 DOC: document LogLevel requirement for "Connection from" regex" 2014-02-13 16:20:36 +11:00
Daniel Black 5f4d0ed576 ENH: ssh filter - "Disconnecting: Too many authentication failures.." matching Connection log message 2014-02-13 09:13:46 +11:00
Ivo Truxa f5f434f846 removing the second failregex 
The second failregex was supposed to catch an error concerning an ACL denial over IPv6, but this message is no more generated by the nrpe version (v2.15) that introduced the IPv6 support, so the first failregex seems to be sufficient.
 2014-02-06 00:22:05 +01:00
Ivo Truxa a71bb89ccd removing a dot (typo) 
The dot at the ignoregex did not belong there. Somehow it was added during the copying and pasting. Thanks for reporting it, I did not see it. Otherwise, empty ignoregexes are in all filters, and if they are missing, fail2ban client shows warnings when starting the filter, which I prefer avoiding.
 2014-02-03 23:12:56 +01:00
Ivo Truxa c91fda8619 ENH: Nagios filter 
Sample log for the first failregex is available in the testcases. No example available for the IPv6 denial yet.
 2014-02-03 21:46:07 +01:00
Daniel Black ef82eac790 DOC: openssh real protection is pubkey 2014-02-02 15:16:40 +11:00
Daniel Black 59b9045e88 MRG: from master 2014-02-02 2014-02-02 13:21:16 +11:00
Daniel Black 273b2f45a3 MRG: remove the "no auth attempts" as per aseques gh-600 2014-01-29 20:43:51 +11:00
Daniel Black 9b614ce486 ENH: dovecot filter enhancements 2014-01-29 20:27:45 +11:00
Joan 84617fa6da Fixed a failing case 2014-01-28 16:19:35 +01:00
Joan 08171ba52f Removed the -no auth attempts- from the triggers because of lots of FP 2014-01-28 12:44:46 +01:00
Daniel Black 256c732bcd BF/ENH: filter pure-ftpd - re-add _daemon. Add translations 
_daemon was accidently removed in
89fd792dfb

Added translations from source code
 2014-01-25 12:19:46 +11:00
Daniel Black c8ae064b79 ENH: tighten regex and change failJSON to support timezone. Closes gh-583 2014-01-22 22:16:03 +11:00
Daniel Black 2063d96e59 MRG: import Lars' PR for tine20 2014-01-22 18:12:19 +11:00
Steven Hiscocks a0f39255bc BF: Kerio log datepattern fix for recent datepattern full regex merge 2014-01-20 23:00:38 +00:00