Yaroslav Halchenko
a26d4f42b7
ENH: added optional [PID] matching in recidive.conf
2013-11-24 10:21:02 -05:00
Daniel Black
24c143b411
Merge pull request #445 from grooverdan/suhosin
...
TST: more test cases for suhosin
2013-11-19 15:23:59 -08:00
Daniel Black
015b403df0
TST: more test cases for suhosin
2013-11-20 10:01:06 +11:00
Yaroslav Halchenko
629e9ae445
Merge pull request #443 from grooverdan/apache-authfix
...
BF: apache filters using error log weren't matched when referer existed ...
2013-11-18 15:53:39 -08:00
Daniel Black
284f811c91
BF: apache filters using error log weren't matched when referer existed in HTTP header
2013-11-19 10:27:55 +11:00
Yaroslav Halchenko
491165c929
Merge pull request #438 from grooverdan/solid-pop3d
...
ENH: filter for Solid-pop3d
2013-11-17 17:34:46 -08:00
Daniel Black
1ea68b2d0c
DOC: filter.d/solid-pop3d - document lack of PAM support. Thanks to Jacques for the log messages
2013-11-18 09:44:26 +11:00
Daniel Black
0eea0a35db
ENH: filter.d/solid-pop3d - added log messages and regexes
2013-11-18 08:58:23 +11:00
Yaroslav Halchenko
d4f6ca4f85
ENH: adding custom date format for proftpd when logging in its own log file (default on Debian) -- includes milliseconds
...
Should resolve Debian #648276
2013-11-16 22:15:58 -05:00
Daniel Black
88eff70774
ENH: filter.d/solid-pop3d added
2013-11-16 09:43:15 +11:00
Daniel Black
286d78e13c
Merge pull request #430 from grooverdan/apache-overflows
...
ENH: Apache overflows - httpd-2.4 message IDs + samples
2013-11-12 12:46:52 -08:00
Daniel Black
947c6ff9cc
Merge pull request #433 from grooverdan/asterisk
...
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from " regex thanks to Jonathan Lanning
2013-11-12 12:45:52 -08:00
Daniel Black
be60518218
BF/ENH: DoS resistant roundcube-auth with test cases and more variation in IMAP error given
2013-11-12 18:57:01 +11:00
Daniel Black
eb9663eb4f
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning
2013-11-12 09:22:41 +11:00
Daniel Black
c81ed53805
TST: change source URL
2013-11-11 10:40:12 +11:00
Daniel Black
a4718eb644
ENH: apache-overflow filter to have HTTP-2.4 message IDs and test samples
2013-11-11 10:38:02 +11:00
Daniel Black
87516eb92b
ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case
2013-11-11 09:46:40 +11:00
Daniel Black
d90130234d
TST: end of json in sshd sample log
2013-11-11 08:29:54 +11:00
Daniel Black
061a26c408
TST: fix space in sshd sample log
2013-11-11 08:28:09 +11:00
Daniel Black
d955714d26
TST: test case that shows injection
2013-11-11 08:11:32 +11:00
Yaroslav Halchenko
ea8fce6308
Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection
...
openssh 6.3 regex injection vectors: inject into ruser and/or exploiting pre-specified limits set for user provided data
2013-11-08 14:35:18 -08:00
Yaroslav Halchenko
750e0c1e3d
BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input
...
since daemon might eventually change reported length and we would need to adjust anyways. So limiting
in length does not provide additional security but allows for a possible injection vector
2013-11-08 10:10:33 -08:00
Yaroslav Halchenko
abb012ae5c
BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy
2013-11-08 10:00:37 -08:00
Daniel Black
a148d35d70
ENH: add filter.d/nginx-http-auth. Partially forfills #405
2013-11-08 10:06:40 +11:00
Daniel Black
0730db9b2b
Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam
...
BF: wuftpd pam filter fix (Debian bug 665925)
2013-11-05 18:39:01 -08:00
Daniel Black
e55b24c533
BF: fix dovecot filter for newer failure message. Closes Debian bug #709324
2013-11-06 12:51:21 +11:00
Daniel Black
8b54523316
BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925
2013-11-06 12:13:37 +11:00
Daniel Black
95f3f38682
MRG: merge ChangeLog and jail.conf
2013-10-30 20:19:41 +11:00
Daniel Black
e3150044fd
BF: fix selinux
...
TST: ignore *common.conf files in test cases as these are included
BF: Remove USER_LOGIN from selinux-ssh as its a duplicate message
ENH: add sample jail.conf
2013-10-30 20:05:49 +11:00
Daniel Black
0f85aef609
Merge pull request #407 from grooverdan/dovecot-jail
...
ENH: Dovecot jail
2013-10-29 15:15:19 -07:00
Daniel Black
7596b96d4f
TST: fix date in test comparison for dovecot
2013-10-30 09:05:09 +11:00
Daniel Black
cde389cadc
ENH: additional tweek to dovecot regex based on http://chrisgilligan.com/portfolio/fail2ban-regex/
2013-10-29 10:15:54 +11:00
Daniel Black
d451c2a231
FIX: vsftp improvements from Rich Mellor on mailing list
2013-10-26 09:51:25 +11:00
Daniel Black
b61fe0f12d
Merge pull request #378 from grooverdan/sasl
...
ENH: filter.d/postfix-sasl - anchor regex at start and rename from filter.d/sasl
2013-10-22 04:51:24 -07:00
Daniel Black
92f9e049ee
TST: rename test log file to match
2013-10-22 22:44:49 +11:00
Daniel Black
e417a2112c
Merge pull request #386 from grooverdan/qmail
...
ENH: filter.d/qmail - anchor at start. Add another regex
2013-10-14 04:24:32 -07:00
Daniel Black
e227568c3b
Merge pull request #384 from grooverdan/dovecot-325
...
ENH: added to dovecot filter. closes gh-325
2013-10-14 04:23:03 -07:00
Daniel Black
351eb5ec8f
ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd
2013-10-09 16:44:48 +11:00
Daniel Black
2d1bd54439
Merge pull request #379 from grooverdan/webmin
...
ENH: filter.d/webmin anchor at start and use syslog
2013-10-08 20:13:14 -07:00
Daniel Black
d60f470096
ENH: added to dovecot filter. closes gh-325
2013-10-09 10:09:06 +11:00
Daniel Black
bc10c90ffe
ENH: filter.d/vsftpd - disable regex for Pam pre 0.99.2.0
2013-10-05 20:02:30 +10:00
Daniel Black
b64bf3fa7b
ENH: filter.d/webmin anchor at start and use syslog
2013-10-05 19:18:44 +10:00
Daniel Black
23dd734aa9
Merge pull request #366 from grooverdan/dovecot
...
ENH: dovecot regex to match failure reported by Bob Cohen on mailing lis...
2013-10-01 15:50:39 -07:00
Daniel Black
f998e01590
Merge pull request #359 from grooverdan/pureftpd
...
ENH: Pureftpd syslog prefixing and filter achoring
2013-10-01 15:14:33 -07:00
Daniel Black
ba8183b116
Merge pull request #372 from grooverdan/uw-imap
...
ENH: filter.d/uwimap-auth added. Closes #18
2013-10-01 15:13:11 -07:00
Daniel Black
262616f7a7
ENH: filter.d/uwimap-auth - failure of an admin override to regex
2013-10-01 22:32:57 +10:00
Daniel Black
9211179d30
ENH: filter.d/uwimap-auth - add "disabled" to regex
2013-10-01 22:10:33 +10:00
Daniel Black
4649cf9608
ENH: separate selinux and selinux-ssh
2013-10-01 20:21:45 +10:00
Daniel Black
cbdf4ceedd
TST: test cases for uw-imapd thanks to Internet
2013-10-01 10:21:11 +10:00
Daniel Black
a1eaa5f755
ENH: filter.d/selinxu added. Closes #296
2013-10-01 09:59:15 +10:00