github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
1,749 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

376 Commits (b39729a2ab1abea9835fb4f5377c60d56308df9b)

Author SHA1 Message Date
Daniel Black 8b54523316 BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925 2013-11-06 12:13:37 +11:00
Daniel Black 95f3f38682 MRG: merge ChangeLog and jail.conf 2013-10-30 20:19:41 +11:00
Daniel Black e3150044fd BF: fix selinux 
TST: ignore *common.conf files in test cases as these are included
BF: Remove USER_LOGIN from selinux-ssh as its a duplicate message
ENH: add sample jail.conf
 2013-10-30 20:05:49 +11:00
Daniel Black 0f85aef609 Merge pull request #407 from grooverdan/dovecot-jail 
ENH: Dovecot jail
 2013-10-29 15:15:19 -07:00
Daniel Black 7596b96d4f TST: fix date in test comparison for dovecot 2013-10-30 09:05:09 +11:00
Daniel Black cde389cadc ENH: additional tweek to dovecot regex based on http://chrisgilligan.com/portfolio/fail2ban-regex/ 2013-10-29 10:15:54 +11:00
Daniel Black d451c2a231 FIX: vsftp improvements from Rich Mellor on mailing list 2013-10-26 09:51:25 +11:00
Daniel Black b61fe0f12d Merge pull request #378 from grooverdan/sasl 
ENH: filter.d/postfix-sasl - anchor regex at start and rename from filter.d/sasl
 2013-10-22 04:51:24 -07:00
Daniel Black 92f9e049ee TST: rename test log file to match 2013-10-22 22:44:49 +11:00
Daniel Black 445c6e6009 Merge pull request #392 from grooverdan/config_order 
ENH: order config as jail.conf, jail.d/*.conf, jail.local, jail.d/*.local
 2013-10-14 04:25:05 -07:00
Daniel Black e417a2112c Merge pull request #386 from grooverdan/qmail 
ENH: filter.d/qmail - anchor at start. Add another regex
 2013-10-14 04:24:32 -07:00
Daniel Black e227568c3b Merge pull request #384 from grooverdan/dovecot-325 
ENH: added to dovecot filter. closes gh-325
 2013-10-14 04:23:03 -07:00
Daniel Black d6d51e352c ENH: order config as jail.conf, jail.d/*.conf, jail.local, jail.d/*.local. closes gh-388 2013-10-11 00:06:13 +11:00
Daniel Black 351eb5ec8f ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd 2013-10-09 16:44:48 +11:00
Daniel Black 2d1bd54439 Merge pull request #379 from grooverdan/webmin 
ENH: filter.d/webmin anchor at start and use syslog
 2013-10-08 20:13:14 -07:00
Daniel Black d60f470096 ENH: added to dovecot filter. closes gh-325 2013-10-09 10:09:06 +11:00
Daniel Black bc10c90ffe ENH: filter.d/vsftpd - disable regex for Pam pre 0.99.2.0 2013-10-05 20:02:30 +10:00
Daniel Black b64bf3fa7b ENH: filter.d/webmin anchor at start and use syslog 2013-10-05 19:18:44 +10:00
Daniel Black caf284d518 DOC: ChangeLog deconflict 2013-10-02 09:11:15 +10:00
Daniel Black 23dd734aa9 Merge pull request #366 from grooverdan/dovecot 
ENH: dovecot regex to match failure reported by Bob Cohen on mailing lis...
 2013-10-01 15:50:39 -07:00
Daniel Black f998e01590 Merge pull request #359 from grooverdan/pureftpd 
ENH: Pureftpd syslog prefixing and filter achoring
 2013-10-01 15:14:33 -07:00
Daniel Black ba8183b116 Merge pull request #372 from grooverdan/uw-imap 
ENH: filter.d/uwimap-auth added. Closes #18
 2013-10-01 15:13:11 -07:00
Daniel Black 262616f7a7 ENH: filter.d/uwimap-auth - failure of an admin override to regex 2013-10-01 22:32:57 +10:00
Daniel Black 9211179d30 ENH: filter.d/uwimap-auth - add "disabled" to regex 2013-10-01 22:10:33 +10:00
Daniel Black 4649cf9608 ENH: separate selinux and selinux-ssh 2013-10-01 20:21:45 +10:00
Daniel Black cbdf4ceedd TST: test cases for uw-imapd thanks to Internet 2013-10-01 10:21:11 +10:00
Yaroslav Halchenko fab3772a60 TST: explicitly test date patterns being anchored or not 2013-09-30 20:15:24 -04:00
Daniel Black a1eaa5f755 ENH: filter.d/selinxu added. Closes #296 2013-10-01 09:59:15 +10:00
Yaroslav Halchenko c35d2844bd Merge pull request #371 from grooverdan/ssh-6.3 
BF: fix regex for openssh-6.3
 2013-09-30 16:32:14 -07:00
Yaroslav Halchenko c7728331c7 Merge pull request #369 from yarikoptic/master 
Dealing with dangling symlinks -- avoid adding those files to server for monitoring
 2013-09-30 16:28:54 -07:00
Steven Hiscocks a8f2448349 ENH: Allow SE Linux epoch date detection 2013-09-30 20:58:24 +01:00
Daniel Black b3b62d65bf ENH: filter.d/uwimap-auth added. Closes #18 2013-09-29 18:06:27 +10:00
Daniel Black 1eeb6e94bd BF: fix regex for openssh-6.3 2013-09-29 17:28:33 +10:00
Daniel Black 8a458b45bc TST: dummyjail in own class 2013-09-29 15:57:03 +10:00
Daniel Black 86d3ee5373 TST: py2.5 compatibility - no with 2013-09-29 15:46:15 +10:00
Daniel Black 723ea964a7 TST: failmanager get/sets on FailTotal and MaxTime 2013-09-29 15:12:44 +10:00
Daniel Black bcc16789d0 TST: test elements of DateTemplate base class 2013-09-29 15:02:38 +10:00
Daniel Black b576c4718d TST: add test cases for Actions 2013-09-29 14:52:59 +10:00
Daniel Black 891b436874 TST: more complete Action testing 2013-09-29 14:17:31 +10:00
Yaroslav Halchenko dcaacad7e3 BF: do not pass dangling symlinks to the server to be monitored 
This is more of a workaround I guess than a "solution".  Ideally server
should be more clever and allow adding symlinks which eventually might
point to existing file.  But that is probably would be too much complication
for a rare use case.  User on the mailing list informed that then server
does not monitor even other files, thus as a quick workaround -- do not even add dangling links
 2013-09-28 22:16:34 -04:00
Yaroslav Halchenko cf76019cca TST: that we do receive IOError if trying to feed broken symlink into path to be monitored by server 2013-09-28 21:59:11 -04:00
Daniel Black 4b5ecbccd1 ENH: debuggex URLs with fail2ban-regex 2013-09-22 13:20:17 +10:00
Daniel Black 8c2a5612ed DOC: resolve ChangeLog conflicts 2013-09-19 19:38:28 +10:00
Daniel Black 3be7dcd701 DOC: resolve ChangeLog conflicts 2013-09-19 19:23:02 +10:00
Daniel Black 89e0520675 ENH: dovecot regex to match failure reported by Bob Cohen on mailing list 2013-09-19 08:25:50 +10:00
Daniel Black 9ce1e33313 TST: pureftpd - everything I've seen suggests that pureftpd only does syslog - even back to 2004. Not sure how this second example came into existance 2013-09-17 22:24:28 +10:00
Daniel Black ad5fb81f4b TST: failJSON set match to false on longer supported pam version 2013-09-17 21:18:24 +10:00
Daniel Black bec723b21d TST: failJSON date fix 2013-09-17 10:51:48 +10:00
Daniel Black 7e756dfada TST: correct failJSON for www3.google.com -> www.google.com changes. Disable test case for pre-0.99.2.0 version of linux-pam failure messages 2013-09-17 10:48:09 +10:00
Daniel Black 8f41422262 TST: domains need to exist for fail2ban-regex to work 2013-09-17 10:09:19 +10:00
Daniel Black ee497ff1cb ENH: filter mysqld-auth can be a is a syslog based service so anchor it using syslog prefix 2013-09-17 07:57:19 +10:00
Daniel Black 504111b0b1 ENH: filter.d/recidive - anchor regex at start and support f2b SYSLOG target 2013-09-16 01:22:42 +10:00
Yaroslav Halchenko f1adf75b59 ENH: basic testing for iso8601 code which had no explicit tests + spit out ValueError for incorrect type of input and ParseError otherwise 2013-09-12 23:12:18 -04:00
Daniel Black 317e82e144 TST: one more exim test case 2013-09-02 17:10:49 +10:00
Yaroslav Halchenko cd100ce274 Merge pull request #342 from grooverdan/datedetector_test 
TST: improve datedetector error reporting
 2013-08-31 06:53:59 -07:00
Daniel Black 6b0e2289d4 Merge pull request #335 from grooverdan/gh-333-bind 
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
 2013-08-30 21:34:22 -07:00
Daniel Black 2acaef9d89 TST: more detail in assertion 2013-08-29 09:17:13 +10:00
Daniel Black f2a60daea1 TST/BF: assertIsNotNone replaced with assertNotEqual for python 2.4 compatibility 2013-08-28 12:55:21 +10:00
Daniel Black 13b4f176ab TST: improve datedetector error reporting 2013-08-28 12:41:20 +10:00
Daniel Black cbed57bffd TST: fix year in named-bind test case 2013-08-28 08:52:56 +10:00
Daniel Black a401d11644 ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied 2013-08-28 00:53:08 +10:00
Yaroslav Halchenko 265a85ec1f RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis 2013-08-26 09:48:56 -04:00
François Boulogne e133b9f1d1 MAINT: add support for lightty1.4.31 2013-08-25 21:29:43 +02:00
Daniel Black ca4729e943 ENH: filter.d/exim.conf - add authentication failures for "plain" authentication 2013-08-25 23:02:10 +10:00
Daniel Black ef903db3c9 ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333 2013-08-25 22:44:30 +10:00
Daniel Black cfb7dba268 DOC: merge ChangeLog 2013-08-25 21:26:13 +10:00
Daniel Black b589533d69 Merge branch 'master' into kwirk-merge 
Conflicts:
	ChangeLog
	testcases/files/logs/dropbear
 2013-08-25 21:21:14 +10:00
Daniel Black 62c13c15d6 TST: reorder and condense error message for Multiple regexs matched 2013-08-25 21:02:30 +10:00
Daniel Black 9a1df3501b TST: display details of duplicate matches 2013-08-25 20:19:42 +10:00
Daniel Black cb61fcd326 TST: standardise output format on Time mismatch test 2013-08-25 18:11:54 +10:00
Daniel Black 8e467437b2 TST: fix year on asctime 2013-08-25 18:09:39 +10:00
Yaroslav Halchenko c84a2e595a ENH(BF): put 'standard' template after more detailed ones with day of week and year 
otherwise years present in the freshly contributed by Dan apache regexes do not match
although should have.  I had also to adjust failing now vsftpd test
 2013-08-25 17:52:12 +10:00
Daniel Black 21914d155e TST: add failJSON data 2013-08-25 17:49:09 +10:00
Daniel Black 1d9702be32 TST: datetime mismatch to show error line 2013-08-25 17:34:36 +10:00
Daniel Black 0204cec5ce TST: www.example.com DNS changed 2013-08-25 17:06:10 +10:00
Daniel Black a9eb8a76c6 merge of change log and apache-auth differences 2013-08-25 16:51:35 +10:00
Steven Hiscocks 53d8a46e8a Merge pull request #7 from grooverdan/gh-303-merge 
Gh 303 merge
 2013-08-21 12:20:48 -07:00
Daniel Black ed42b08789 TST: merge dropbear log samples 2013-08-19 21:25:33 +10:00
Daniel Black 61d43608ae ENH: filter.d/postfix - add filter for VRFY. Closes gh-322 2013-08-19 18:42:39 +10:00
Daniel Black 4f39d2b1fd TST: fix failJson year 2013-08-18 23:04:53 +10:00
Daniel Black 444e989dd5 TST: another zone transfer refused example for file named-refused 2013-08-18 22:49:59 +10:00
Daniel Black 5d451bc4d6 ENH: add refused zone tranfer to named-refused filter. closes #323 2013-08-18 22:19:31 +10:00
Yaroslav Halchenko 2aa8ddea4d BF: fixed up conditioning of tests under cygwin (still 3 fail) 2013-08-08 22:58:06 -04:00
Yaroslav Halchenko 511e0ace2e TST: Even more of conditioning of tests for cygwin 2013-08-08 22:35:07 -04:00
Yaroslav Halchenko e4dad8dfc9 TST: SYSLOG present only on Linuxes thus do not test if not Linux 2013-08-08 22:00:17 -04:00
Yaroslav Halchenko e7d5e466b9 Merge branch 'enh/asterisk_and_dropbear_filters' 
* enh/asterisk_and_dropbear_filters:
  ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
  minor: consistent indentation in dropbear.conf
  https://github.com/fail2ban/fail2ban/issues/306
  fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
 2013-08-08 09:59:24 -04:00
Yaroslav Halchenko 547c123cfb BF: example.com is pointing to another IP now. Closes #313 
This is a permanent change according to private correspondence with
David Closson @ IANN, thus replaced 192.0.43.10 with updated IP
93.184.216.119, while leaving 192.0.43.10 as is in the sample log
files (it is still within IANN dedicated testing network).
 2013-08-07 22:56:57 -04:00
Daniel Black c0a2e50559 TST: apache auth - opaque value 2013-08-06 17:13:09 +10:00
Daniel Black 7b2773889d TST: apache-auth filter - nonce timetravel tests + other expression fixes 2013-07-29 02:29:04 +10:00
Daniel Black 52aaa1c9bb TST: bad include of vim swap files 2013-07-28 22:01:51 +10:00
Daniel Black 0fb04cb2f0 ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4) 2013-07-28 22:00:55 +10:00
Steven Hiscocks 1e270078b4 TST: Warn if date templates overlap in default detectors 2013-07-27 20:21:05 +01:00
Jamyn Shanley a355fab91b https://github.com/fail2ban/fail2ban/issues/306 
Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles.

Signed-off-by: Jamyn Shanley <jshanley@gmail.com>
 2013-07-27 03:43:32 +00:00
Jamyn Shanley 8936f2cd02 fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11 2013-07-27 00:06:06 +00:00
Steven Hiscocks bf021ebd97 TST: Mandate that all filters and each regex has sample log entry 2013-07-26 17:05:17 +01:00
Steven Hiscocks 1c7d28d1ea TST: Add qmail sample log 2013-07-26 17:03:14 +01:00
Steven Hiscocks 5437f5fe90 TST: Add gssftpd sample log 2013-07-26 17:02:53 +01:00
Steven Hiscocks f7d8e68738 TST: Add apache-badbots sample log 2013-07-26 12:32:29 +01:00
Yaroslav Halchenko 1721991755 Merge pull request #304 from yarikoptic/master 
RF(ENH): JailsReader.getOptions -- avoid code duplication when asking for 1 jail or all

upon @kwirk blessing ;)
 2013-07-25 18:45:10 -07:00
Yaroslav Halchenko 3b52eca608 ENH+TST: Ticket -- drop unused/bogus get|setFile + enh __str__ + basic testing 2013-07-22 12:09:33 -04:00