fail2ban

Commit Graph

Author	SHA1	Message	Date
Yaroslav Halchenko	31a1560eaa	minor typos (thanks Vincent Lefevre, Debian #847785 )	8 years ago
roedie	6e18508a07	Add shorewall IPv6 support Small patch which allow fail2ban to use shorewall for IPv6 bans.	8 years ago
sebres	45f1d811c9	Merge branch 'alex1702-1586'	8 years ago
sebres	67c14afd8e	ChangeLog entry added + jail.conf review	8 years ago
sebres	425170cef3	code review, makes the test cases workable, added dev-notes	8 years ago
sebres	931eab84b5	`filter.d/apache-modsecurity.conf` - fixed for newer version (one space, closes gh-1626) reviewed and optimized: - non-greedy catch-all replaced for safer match - unneeded catch-all anchoring removed - non-capturing groups	8 years ago
sebres	40cbe96352	Merge remote-tracking branch 0.10 into _0.10/fix-datedetector-grave-fix-v2	8 years ago
sebres	5678d08a79	filter.d/dovecot.conf update: - fixes failregex, that ignores failures through some irrelevant info (closes #1623); - ignores whole additionally irrelevant info in anchored regex before fixed failure data `$(?:auth failed, \d+ attempts( in \d+ secs)?\|tried to use (disabled\|disallowed) \S+ auth)$` - review, IPv6 compatibility fix, non-capturing groups	8 years ago
sebres	a2af19c9f0	fixed several actions, that could not work with jails using multiple logpath; additionally repaired execution in default shell (bad substitution by `${x//...}` executing in `/bin/sh`); added helper "action.d/helpers-common.conf", and `_grep_logs` part-command for actions needed grep logs from multiple log-files test cases: executing of some complex actions covered	8 years ago
Serg G. Brester	4f5389fee5	Update jail.conf	8 years ago
Johannes Weberhofer	f46ada023e	Use Fedora's backend-settings for openSUSE Those settings are ok for newer openSUSE versions	8 years ago
sebres	b5433f48b7	amend after code review of merge gh-1581	8 years ago
sebres	bee6e7376b	Merge branch 'aclindsa:master'	8 years ago
sebres	ea4c1f6356	Merge branch 'master' into 0.10	8 years ago
sebres	dab5f56609	Merge branch 'fix-gh-1477'	8 years ago
Alex	8ac28e5dcb	Make changes and add test file	8 years ago
Alex	8c40766511	Add Mongodb-auth filter and jail	8 years ago
sebres	faee5f1fdc	better caching (thereby better performance), better recognition of similar regex	8 years ago
sebres	ae7297e16b	more precise date template handling (WARNING: this commit creates possible incompatibilities): - datedetector rewritten more strict as earlier; - default templates can be specified exacter using prefix/suffix syntax (via `datepattern`); - more as one date pattern can be specified using option `datepattern` now (new-line separated); - some default options like `datepattern` can be specified directly in section `[Definition]`, that avoids contrary usage of unnecessarily `[Init]` section, because of performance (each extra section costs time); - option `datepattern` can be specified in jail also (jails without filters); - if first group specified, only this will be cut out from search log-line (e. g.: `^date:[({DATE})]` will cut out only datetime match pattern, and leaves `date:[] failure ip...` for searching in filter); - faster match and fewer searching of appropriate templates (DateDetector.matchTime calls rarer DateTemplate.matchDate now); - standard filters extended with exact prefixed or anchored date templates; template cache introduced (in opposition to default template cache, holds custom templates cached by pattern for possible common usage of same template/regex);	8 years ago
sebres	ab0ac2111c	added possibility to specify more precise default date pattern: - `datepattern = {^LN-BEG}` - only line-begin anchored default patterns (matches date only at begin of line, or with max distance up to 2 non-alphanumeric characters from line-begin); - `datepattern = {*WD-BEG}` - only word-begin anchored default patterns; - `datepattern = ^prefix{DATE}suffix` - exact specified default patterns (using prefix and suffix); common filter configs gets a more precise, line-begin anchored (datepattern = {^LN-BEG}) resp. custom anchoring default date-patterns;	8 years ago
sebres	a7d9de8c52	[temp commit] 1st try to optimize datedetector/datetemplate functionality (fix ambiguous resp. misleading date detection if several formats used in log resp. by format switch after restart of some services): * Misleading date patterns defined more precisely (using extended syntax %E[mdHMS] for exact two-digit match) * `filter.d/freeswitch.conf` - Optional prefixes (server, daemon, dual time) if systemd daemon logs used (gh-1548) - User part rewritten to accept IPv6 resp. domain after "@" (gh-1548)	8 years ago
Aaron Lindsay	7805f9972d	filter.d/sshd.conf: Match 'Invalid user' with 'port \d*'	8 years ago
sebres	84c3eb3e0e	filter.d/sendmail-reject.conf: double space (should be by missing dns-host only) Closes #1578	8 years ago
sebres	c809c3e61e	Merge branch 'master' into 0.10	8 years ago
Nils	d08db22b92	Create npf.conf for the NPF packet filter This file adds support for the NPF packet filter, available on NetBSD since version 6.0	8 years ago
sebres	fa8184d4cc	fixes deprecated DNSUtils.IsValidIP in fakegooglebot ignore command + test covered now; Closes #1559	8 years ago
sebres	ee1727ecca	Merge pull request #1563 from niklasf/fix-lazy-ipv6-regex (and sebres/fix-lazy-ipv6-regex) into 0.10	8 years ago
sebres	9bf8985e2a	nginx-limit-req.conf: more precise failregex (word-boundary if `<HOST>` should be non-greedy for some reasons)	8 years ago
Serg G. Brester	ba9a88977f	Merge pull request #1562 from sebres/_0.10/fix-stability-and-speed 0.10/fix stability and speed optimization	8 years ago
sebres	8b0f6c5413	badips test cases check availability of badips service (and skip this tests if it not available)	8 years ago
sebres	310d4e224d	Merge branch master (0.9) into 0.10	8 years ago
sebres	9fb167b5e1	filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543	8 years ago
sebres	c0e0cfb39d	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	8 years ago
sebres	4a1d720344	filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix	8 years ago
sebres	2c54f90469	sshd-filter: better universal regexp, that matches more complex different injects, using conditional expressions (on username and auth-info section), see new test cases also.	8 years ago
sebres	a544c5abac	sshd-filter: recognized "Failed publickey for" now (gh-1477) + improved regexp (not anchored now to recognize all "Failed anything for ... from <HOST>" ChangeLog entry added	8 years ago
sebres	d71a525a85	Merge branch 'master' into 0.10 (resolve conflicts and cleaning tree points after back-porting gh-1508 0.10 -> 0.9)	8 years ago
sebres	38d53a72fd	introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located); fixed pythonic filters and test scripts (running via "fail2ban-python" now); fixed test case "testSetupInstallRoot" not for default python (also using direct call, out of virtualenv); # Conflicts: # config/filter.d/ignorecommands/apache-fakegooglebot # fail2ban/tests/files/config/apache-auth/digest.py # fail2ban/tests/files/ignorecommand.py # fail2ban/tests/misctestcase.py	8 years ago
sebres	77f451c4a3	introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located); fixed pythonic filters and test scripts (running via "fail2ban-python" now); fixed test case "testSetupInstallRoot" not for default python (also using direct call, out of virtualenv);	8 years ago
maksyms	9ddbd642f7	Accept no space after "failed:" (#1501 ) yoh: Squashed to ease cherry-picking into 0.9 * accept no space after "failed:" fix issue #1497 * accept no space after "failed:" * Update postfix-sasl * Update postfix-sasl * Update postfix-sasl	8 years ago
maksyms	04427adb95	Accept no space after "failed:" (#1501 ) yoh: Squashed to ease cherry-picking into 0.9 * accept no space after "failed:" fix issue #1497 * accept no space after "failed:" * Update postfix-sasl * Update postfix-sasl * Update postfix-sasl	8 years ago
sebres	c52aaa8b78	ASSP failregex minor fixes	8 years ago
sebres	70658d7a19	Merge pull request #1494 from rhardy613/master (branch 'sebres:pr-1494')	8 years ago
rhardy613	8265e3f0f9	Fix comments For some reasons the comment changes weren't pickup in the last commit. This fixes it.	8 years ago
rhardy613	66fe5a77ce	Fix ASSP filter to work with both ASSP V1 and V2 ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP. This fix adds V2 support.	8 years ago
rhardy613	890a3dcbb9	Fix ASSP filter to work with current release of ASSP ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. For some reason fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP. Now updated with anchored patterns tested against 6 months of log data.	8 years ago
Yaroslav Halchenko	c0994b0c6c	DOC: minor typo (thanks John Bernard) Closes #1496	8 years ago
sebres	0eea362aa0	Merge branch 'master' into 0.10	8 years ago
rhardy613	f73746d846	Fix ASSP filter to work with current release of ASSP ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. For some reason fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP.	8 years ago
Yaroslav Halchenko	28a0605f69	Merge pull request #1478 from gips0n/master adding openldap slapd filter	9 years ago
Andrii Melnyk	7433b353ee	another variant of regex	9 years ago
Andrii Melnyk	7c5828dd2a	add trailing anchor to failregex	9 years ago
sebres	683f8fc56c	Merge branch 'master' into 0.10	9 years ago
Andrii Melnyk	48c094f612	improved failregex according to @sebres recomendations	9 years ago
sebres	f5f204ca7c	Improved changes of gh-1458: `[^']` after callid was wrong, changed to `[^\)]`; regexp anchored at the end; almost the same regex grouped to one; Closes #1458	9 years ago
nturcksin	72a157b8f2	Improve PJSIP log support for asterisk 13+ with different callID (Squash gh-1458) Change the asterisk pjsip filter to don't take the callId part Add optional part between "Request" and "from" Listed all log message from asterisk	9 years ago
Andrii Melnyk	dcb69b0242	* add `__prefix_line` to regex * fix time in log file	9 years ago
Andrii Melnyk	b2e3affaa0	adding openldap slapd filter	9 years ago
Yaroslav Halchenko	593b1210c0	Merge master (commit '0.9.4-79-gaf8b650') into 0.10 * commit '0.9.4-79-gaf8b650': badip timeout option introduced, set to 30 seconds in our test cases (#1463) DOC: changelog for recent exim filters tune up Asterisk pjsip (#1456) BF: finalize that sample log line for exim4 RF: for consistency use (?:XXX)? instead of (?:\|XXX) ENH: use non-capturing regex groups in exim-common and exim filters ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible BF: make :port and I=[ip]:port optional for a "AUTH command used when not advertised"	9 years ago
Serg G. Brester	af8b650a37	badip timeout option introduced, set to 30 seconds in our test cases (#1463 ) cherry-picked from 0.10 (little bit modified in test_badips.py, because no --fast option in test cases)	9 years ago
sebres	e39126f630	badip timeout option introduced, set to 30 seconds in our test cases	9 years ago
Yaroslav Halchenko	636a93f58b	Merge pull request #1438 from yarikoptic/bf-exim exim filters -- make wider use of host_info helper str susbstitution + fix for #1430	9 years ago
Ludovic Gasc	f85fb45b29	Asterisk pjsip (#1456 ) * Improve PJSIP log support for Asterisk 13+ * Update changelog: filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+ * Change pjsip regexp with sebres observation, thanks to @nturcksin	9 years ago
sebres	39366e703a	Merge branch 'master' into 0.10 # Conflicts: # fail2ban/server/filter.py	9 years ago
Yaroslav Halchenko	6434661480	RF: for consistency use (?:XXX)? instead of (?:\|XXX)	9 years ago
Yaroslav Halchenko	48a8324662	ENH: use non-capturing regex groups in exim-common and exim filters	9 years ago
sebres	8ec4e1189e	use raw host (don't use textToIp) if usedns exactly `raw`, because `usedns = no` should ignore no ip failures	9 years ago
Serg G. Brester	b6700f3e52	Merge pull request #1433 from yarikoptic/bf-0.10-pf-prevbeh BF: maintain previous default beh for pf -- default ban type is multiport	9 years ago
Yaroslav Halchenko	9bb869b8d4	ENH: courier-smtp -- allow for trailing username (no spaces) in the logline Closes #1440	9 years ago
Yaroslav Halchenko	8b8cf2a660	ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible	9 years ago
Yaroslav Halchenko	743a531eb5	BF: make :port and I=[ip]:port optional for a "AUTH command used when not advertised" Closes #1430	9 years ago
sebres	f62266659f	Merge branch 'master' into '0.10'	9 years ago
sebres	52377984cd	back to mandatory space, ungrouping of sub parameters in `__prefix_line` + small code review;	9 years ago
sebres	0fdc56546f	Fixed misunderstanding of port in (ban)action: port will be always specified in jail config ([DEFAULT] or jail)	9 years ago
Yaroslav Halchenko	1ebc3facb1	BF: maintain previous default beh for pf -- ban a port (ssh) only	9 years ago
sebres	4cdca8c258	amend-merge for pull request #1429 from sebres/0.10-freebsd-fix-pf actiontype for PF action (all- and multi port)	9 years ago
sebres	4d51c591c1	pf.conf: warranted consistently echoing for the pf actiontype if actiontype or multiport tags will be customized;	9 years ago
Serg G. Brester	01d9a41ba1	Merge pull request #1429 from koeppea/0.10-freebsd-fix-pf actiontype for PF action (all- and multi port)	9 years ago
Alexander Koeppe	b5e031f3c3	some documentation for multiport use in pf.conf	9 years ago
sebres	1e7fd26f5f	rename `actionoptions` to `actiontype` in pf-action (multiport) + fixed test cases	9 years ago
sebres	25af11215b	test case for generic common moved to `./fail2ban/tests/config/filter.d/zzz-generic-example.conf` to prevent shipping it with fail2ban installations	9 years ago
Alexander Koeppe	e74047ae49	revert to common config for PF covering multi and allports	9 years ago
Alexander Koeppe	3e1328c83b	split PF config files between all- and multi port	9 years ago
sebres	cb4f9be8b2	the date brackets removed from filters using `__prefix_line`, because `__prefix_line` already contains the date ambit;	9 years ago
sebres	de813acf51	extends generic `__prefix_line` with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` + test case added;	9 years ago
Alexander Koeppe	975608dfb6	no hardcoded python interpreter path	9 years ago
sebres	0c44ecfc77	action.d/firewallcmd-ipset.conf: different name of the match set's for IPv4/IPv6, using conditional <ipmset>, analog to the iptables-ipset; test cases for 3 firewallcmd extended;	9 years ago
TorontoMedia	ffebde68e0	Update firewallcmd-multiport.conf	9 years ago
TorontoMedia	07de83e04a	Update firewallcmd-common.conf	9 years ago
TorontoMedia	810d5996b5	Update firewallcmd-rich-logging.conf	9 years ago
TorontoMedia	7e54cee8d6	updated firewallcmd actions	9 years ago
sebres	3e49522b7a	fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405, misleadingly committed in `d2a9537568`); all optional spaces normalized in generic include `common.conf` + test cases are extended (using new example pseudo-filter and test log `zzz-generic-example`);	9 years ago
sebres	bdc2d07946	fix suhosin_log in common paths - log files should be separated using "\n": prevents to throw an error "File option must be 'head' or 'tail'", if jail suhosin will be enabled.	9 years ago
sebres	504e5ba6f2	actions support IPv6 now: - introduced "conditional" sections, see for example `[Init?family=inet6]`; - iptables-common and other iptables config(s) made IPv6 capable; - several small code optimizations; * all test cases passed (py3.x compatible);	9 years ago
sebres	75028585c0	test cases extended for verifying ipv4/ipv6, normalized pf-action with test case	9 years ago
Alexander Koeppe	ed2f3ef77d	improve PF action and make IPv6 aware	9 years ago
sebres	25d6cf8dd2	fix suhosin_log in common paths - log files should be separated using "\n": prevents to throw an error "File option must be 'head' or 'tail'", if jail suhosin will be enabled.	9 years ago
sebres	8cb4a3f59e	move DNTUtils, IPAddr related code to dedicated source file ipdns.py (also resolves some cyclic import references)	9 years ago
Alexander Koeppe	db9f3f738f	add ip6-loopback to default ignoreip statement	9 years ago
sebres	05f38285f1	Merge remote-tracking branch 'remotes/gh-upstream/master' into f2b-perfom-prepare-716	9 years ago
jungle-boogie	d889918f19	update doc url direct to confluence page. no code changes.	9 years ago
Yaroslav Halchenko	aa303acfd6	Merge pull request #1381 from theDogOfPavlov/patch-3 Tightened up exim regexes to catch rDNS entries	9 years ago
Alexandre Perrin	7712310d2d	Be more backward compatible on matching postfix/smtps/smtpd Support trailing smtps also and not only smtpd. suggested by @sebres	9 years ago
Alexandre Perrin	1a299409e5	Fix postfix/smtps/smtpd matching.	9 years ago
theDogOfPavlov	1eb51b1bc2	Tightened up regexes to catch rDNS entries	9 years ago
Yaroslav Halchenko	db2dd070ad	Merge pull request #1356 from opoplawski/bug-1354 Fedora use mariadb by default, fix log path	9 years ago
Serg G. Brester	b9b7ecbf6b	Merge pull request #1357 from sebres/monit-new-fltr monit filter fixup for the new version (gh-1355)	9 years ago
TorontoMedia	3d239215cd	Two new firewalld actions with rich rules for firewalld-0.3.1+ (gh-1367) closes #1367	9 years ago
sebres	ac27c9cb96	Merge branch 'patch-2' (gh-1371)	9 years ago
Serg G. Brester	0effe76971	Merge pull request #1370 from theDogOfPavlov/patch-1 Added regex for LDAP authentication failures	9 years ago
jblachly	e9202fa0b2	Placed failure (illumos) at end of regex	9 years ago
theDogOfPavlov	fe1475be95	Additional exim regexes to cover common attacks...	9 years ago
theDogOfPavlov	cf2aa9c1c0	Added regex for LDAP authentication failures	9 years ago
jblachly	25c2334bc8	SmartOS PAM Authentication failed (not failURE) SmartOS (and likely other Illumos platforms) enter log entries for failed sshd logins of the form: `Authentication failed for USER from HOST` The current sshd.conf regex matches `failure` -- add to this a match for `failed` to support Illumos	9 years ago
Johannes Weberhofer	bd25a43417	define journalmatch setting for pure-ftps	9 years ago
Orion Poplawski	f3f813a925	- mysqld does not log login attempts to the journal. - Add /var/log/mysqld.log to mysql_log	9 years ago
sebres	37c9075fad	fixed monit filter: failregex find now both previous and new versions: - failregex of previous monit version merged as single expression; - extended failregex with new monit "access denied" version;	9 years ago
Orion Poplawski	dfc65018da	Fedora use mariadb by default, fix log path	9 years ago
sebres	d7e7b52013	Merge remote-tracking branch 'remotes/gh-upstream/master' into f2b-perfom-prepare-716	9 years ago
Yaroslav Halchenko	385b50e4a9	Merge pull request #1343 from denics/master adding wp-admin to bot search	9 years ago
Denix	ed0e572bfc	added wp-admin bot are very annoying and I am getting a lot of checks on wp-admin. This should calm them.	9 years ago
Yaroslav Halchenko	6ffbc1ffad	ENH: revert back to having detailed suffix anchored at the end for mysqld-auto.conf As discussed in https://github.com/fail2ban/fail2ban/pull/1333#discussion_r54100127	9 years ago
Yaroslav Halchenko	3e31145c33	Merge pull request #1331 from whyscream/postfix-multi-instance-support Add support for matching postfix multi-instance daemon names by default	9 years ago
sebres	667785b608	mysqld: failregex fixed (accepts different log level, more secure expression now); closes #1332	9 years ago
Tom Hendrikx	6c606cf98f	Add support for matching postfix multi-instance daemon names by default	9 years ago
Yaroslav Halchenko	905c87ca4a	Merge pull request #1310 from yarikoptic/pr-1288 NF: HAProxy HTTP Auth filter	9 years ago
sebres	d8e81eb417	regexp rewritten (few vulnerable as previous) + test case added	9 years ago
3eBoP	257b7049d8	Update asterisk filter: changed regex for "Call from ...". Sometimes extension can have a plus symbol (+) because they can be phone number. Closes #1309	9 years ago
Pierre GINDRAUD	b5a07741c8	Add new regex into postfix filter. The new regexp is able to detect bad formatted SMTP EHLO command	9 years ago
Yaroslav Halchenko	3f437b32db	Merge remote-tracking branch 'pr/1288/head' * pr/1288/head: Update haproxy-http-auth.conf Added HAProxy HTTP Auth filter Conflicts: config/jail.conf - resolved + removed unnecessary filter/enabled (defaults should be as good)	9 years ago
Yaroslav Halchenko	377ea32441	Merge pull request #1295 from obounaim/master The sender option is ignored by some actions	9 years ago
Serg G. Brester	fe14c8fa05	Merge pull request #1292 from albel727/master Add nftables actions	9 years ago
Jordan Moeser	d7b46509d8	Update haproxy-http-auth.conf Updated failregex to be more strict	9 years ago
local	40c0bed82c	action_mw, action_mwl, action_cf_mwl ignore the "sender" option when sending a notification email. This commit adds "sender="%(sender)s"" to the three actions to correct this issue.	9 years ago
Yaroslav Halchenko	5d0d96a5cb	Merge pull request #1286 from yarikoptic/enh-jail ENH: harmonize jail.conf + 1 more test that passed bantime is non-degenerate and int	9 years ago
Alexander Belykh	985e8938a4	Refactor nftables actionstop into smaller parts	9 years ago
Alexander Belykh	9779eeb986	Add nftables_type/family/table parameters	9 years ago
Alexander Belykh	260c30535d	Escape curly braces in nftables actions	9 years ago
Alexander Belykh	1983e15580	Add empty line between parameters in nftables-common.conf	9 years ago
Alexander Belykh	f7f91a8bd4	Refactor common code out of nftables-multiport/allports.conf	9 years ago
sebres	69f5623f83	code simplifying (remove duplication): agent will be always supplied as parameter from jail.conf	9 years ago
Alexander Belykh	618e97bce8	Add nftables actions	9 years ago
sebres	ac31121432	amend to fix fail2ban-version: correct user-agent for badips.py "Fail2Ban/ver", changeable within jail/config now;	9 years ago
Jordan Moeser	e133762a28	Added HAProxy HTTP Auth filter	9 years ago
sebres	cf334421bd	Provides fail2ban version to jail (as interpolation variable during parse of jail.conf); BF: use `fail2ban_agent` as user-agent in actions badips, blocklist_de, etc. (closes #1271, closes #1272)	9 years ago
Yaroslav Halchenko	28c9832293	RF: harmonize jail.conf (no explicit enabled=false in jails, match filter name for screesharingd, etc)	9 years ago
Yaroslav Halchenko	69aa1feac0	Merge "Mac OS Screen Sharing filter" PR 1232 * pr/1232/head: removed system.log Removed old svn revision comment removed false matches Removed includes comment for screensharing jail Now using a literal logpath for screensharing jail Fixed blatant typo in regex clarified comments on sample log format Fixed name (again?) Made screensharing jail off by default Changed regex prequel added entry for new screensharingd filter name change & new sample data Added json metadata Sample log for test case Replaced .* with literal Update jail.conf Added new path variable for system.log Added in settings for screensharingd filter Created file Conflicts: ChangeLog - moved to New Features config/jail.conf - kept at the end	9 years ago
sebres	d22b2498d4	normalizing time config entries: use time abbreviation (str2seconds) for all time options such 'dbpurgeage', 'bantime', 'findtime', ex.: default '1d' instead '86400'; code review and test case extended;	9 years ago
Yaroslav Halchenko	26dd6d7425	Merge pull request #1258 from aleksandrs-ledovskis/feature/postfix-domain-not-found-failregex Add 'Sender address rejected: Domain not found' Postfix failregex	9 years ago
Ross Brown	8d12dba245	Merge remote-tracking branch 'upstream/master'	9 years ago
Ross Brown	ead2d509dc	Updated 'murmur' filter to use new double-anchored regex based on @yarikoptic's suggestions.	9 years ago
Yaroslav Halchenko	5d6cead996	ENH: sshd filter -- match new "maximum auth attempts exceeded" (Closes #1269 )	9 years ago
Ross Brown	106c3eab9a	Added filter and jail for murmur/mumble-server.	9 years ago
Aleksandrs Ļedovskis	fa59a6850f	Add 'Sender address rejected: Domain not found' Postfix failregex Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>	9 years ago
Orion Poplawski	c656cb0d36	Merge branch 'master' into journaldefault Conflicts: ChangeLog	9 years ago
Orion Poplawski	ba76f4ca2f	Fix typo	9 years ago
Simon Brown	69bb532db0	removed system.log	9 years ago
Simon Brown	3e16f33dbe	Removed old svn revision comment	9 years ago
Serg G. Brester	eef7771b4e	Merge pull request #1238 from sebres/fix/gh-1216 Fixed directly defined banaction for allports jails like pam-generic, recidive, etc	9 years ago
sebres	e825e977cc	Nginx log paths extended (prefixed with "*" wildcard) closes gh-1237	9 years ago
sebres	f359ed8c36	Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added); closes gh-1216	9 years ago
Simon Brown	5839a3bd80	Removed includes comment for screensharing jail	9 years ago
sebres	53b39162a1	Shortly, much faster and stable version of regexp (possible because expression is start-anchored and does not contains closely to catch-all sub expressions)	9 years ago
sebres	6884593ab8	New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module)	9 years ago
Orion Poplawski	0661aece46	Merge branch 'master' into journaldefault Conflicts: ChangeLog	9 years ago
Simon Brown	65bc5cf6ba	Now using a literal logpath for screensharing jail	9 years ago
Simon Brown	cabd46f069	Fixed blatant typo in regex However, still failing test, even though ```PYTHONPATH=. fail2ban-regex -v fail2ban/tests/files/logs/screensharingd /etc/fail2ban/filter.d/screensharingd.conf``` gives desired result	9 years ago
Simon Brown	acee68a9ee	Made screensharing jail off by default Also added note about requiring paths-osx.conf.	9 years ago
Simon Brown	4b4d5a95b7	Changed regex prequel Use standard prefix macro instead of literal daemon name.	9 years ago
Simon Brown	4c3f778b82	Replaced .* with literal Per Serg's suggestions. Possible I'm missing some auth attempt types, but I couldn't find anything where literal wasn't sufficient.	9 years ago
Simon Brown	d17d837b8c	Update jail.conf Added logencoding to screensharing jail to avoid encoding error messages in fail2ban log	9 years ago
Simon Brown	de14946542	Added new path variable for system.log Logging location for the majority of Mac OS daemons.	9 years ago
Simon Brown	80546c6164	Added in settings for screensharingd filter	9 years ago
Simon Brown	3ec725a2ba	Created file From https://github.com/beezwax/filemaker-fail2ban/blob/master/fail2ban/filter.d/screensharingd.conf	9 years ago
1technophile	2861a957a9	filter for openhab domotic software authentication failure with the rest api and web interface + test cases; closes gh-1223	9 years ago
Pablo Rodriguez Fernandez	2c576c64f8	Change domain filter regex Change domain filter regex since there are other Google crawlers. See "Google crawlers" <https://support.google.com/webmasters/answer/1061943?hl=en>	9 years ago
Pablo Rodriguez Fernandez	74fcb219ab	Enhanced Google domain detection in apache-fakegooglebot Previously, an attacker could fake a domain like crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change avoids to resolve fake Google domains.	9 years ago
Orion Poplawski	3a9cf2b3da	Add and use default_backend to set individual backend defaults to auto	9 years ago
Orion Poplawski	ced7be94b2	Fix postfix_log typo	9 years ago
Orion Poplawski	75d33c0f09	Add *_backend options for services to allow distros to set the default backend per service. Set default to systemd for Fedora as appropriate.	9 years ago
Pablo Rodriguez Fernandez	a28e6b442e	Add check in apache-fakegooglebot to protect against PTR fake record An attacker may return a PTR record which fakes a Googlebot's domain name. This modification resolves the PTR records to verify it. See "Verifying Googlebot": <https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>	9 years ago
agentmoller001	617302fcc2	Updated route.conf to clear warnings Does not throw warnings when starting/restarting by adding three lines of code.	9 years ago
sebres	2696ede251	mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later closes gh-1211	9 years ago
Kevin Locke	36919d9f97	ssh.conf: Fix disconnect "Auth fail" matching The regex for matching against "Auth fail" disconnect log message does not match against current versions of ssh. OpenSSH 5.9 introduced privilege separation of the pre-auth process, which included [logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114) which adds " [preauth]" to the end of each message and causes the log level to be prepended to each message. It also fails to match against clients which send a disconnect message with a description that is either empty or includes a space, since this is the content in the log message after the disconnect code, per [packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215), which was matched by \S+. Although I have not observed this yet, I couldn't find anything which would preclude it in [RFC 4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the message is attacker-controlled it provides a way to avoid getting banned. This commit fixes both issues. Signed-off-by: Kevin Locke <kevin@kevinlocke.name>	9 years ago
Viktor Szépe	0d8968daa9	Added CloudFlare API error codes URL	9 years ago
Yaroslav Halchenko	ff06176e9e	Merge remote-tracking branch 'origin/master' into enh-split-comma * origin/master: DOC: changelog for the timeout change Set Timeout at urlopen to 3 seconds README :: init/service example mentions debian based systems as the example README :: fitted paragraph style BF: disable testing on python 3.2 until coverage gets a fix README :: Some style/grammar tweaks, and init/service script mention. Re: #1193 Set Timeout at urlopen to 3 seconds	9 years ago
M. Maraun	2895d981fa	Set Timeout at urlopen to 3 seconds	9 years ago
Yaroslav Halchenko	8cf614e221	ENH: allow to split ignoreip by space and/or comma (Closes #1197 ) Way too many people ran into this gotcha, so lets just do it	9 years ago
Yaroslav Halchenko	55e542b273	Merge remote-tracking branch 'pr/1170/head' -- opensuse paths * pr/1170/head: Updated ChangeLog regarding openSUSE's path config Added configuration for opensuse path	9 years ago
Edward Beckett	835b3ff483	Update apache-badbots.conf Useragent strings including `+http` need to be escaped to be valid.	9 years ago
weberho	f7af93a677	Added configuration for opensuse path	9 years ago
weberho	d278fbca30	Fixed line suspected to be faulty	9 years ago
Yaroslav Halchenko	c37009aec7	Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban * 'grep-m1k' of github.com:szepeviktor/fail2ban: Limit the number of log lines in *-lines.conf actions Conflicts: ChangeLog -- took both versions and adjusted the new one for -n 1000 change	9 years ago
Yaroslav Halchenko	38c320798d	Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122 WIP ENH Add <lockingopt> (Close: #1122) and <iptables> to define the iptables call	9 years ago
Yaroslav Halchenko	0041bc3770	DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description	9 years ago
Yaroslav Halchenko	de2f9504c0	Merge pull request #978 from ediazrod/patch-2 shorewall-ipset-proto6.conf for shorewall	9 years ago
Yaroslav Halchenko	65cd218e10	Merge remote-tracking branch 'origin/master' * origin/master: ipjailmatches is on one line with its description in man jail.conf Added a space between IP address and the following colon	9 years ago
Viktor Szépe	c8b3ee10a0	Limit the number of log lines in *-lines.conf actions	9 years ago
Thomas Mayer	a19cb1b2b9	Merge `923d807ef8` into `cf2feea987`	9 years ago
Yaroslav Halchenko	3c0d7f5a4c	BF: do not wrap iptables into itself. Thanks Lee	9 years ago

... 2 3 4 5 6 ...

1351 Commits (b185e7cb04206aac48f33414685f4d54662dfdf0)