github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,762 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

1875 Commits (b892133d516d1389a647a287a1a3b58e2eece65f)

Author SHA1 Message Date
Sergey G. Brester d46ec3a555 add jail boundary to flush command for more precise targeting of jail (if some name may be equal to prefix of other name) 2023-03-08 09:17:13 +00:00
Duncan Bellamy 5781675a7d change startcomment and comment so correct rules are flushed 2023-03-08 09:17:13 +00:00
Duncan Bellamy ac2076ef4f change unban back to find comment so correct entry always deleted 2023-03-08 09:17:13 +00:00
Duncan Bellamy 0e3e9b1d7f Add flushaction 
Change unban to find by ip address not comment
 2023-03-08 09:17:13 +00:00
Duncan Bellamy 9997807fb3 Add action for mikrotik routerOS 2023-03-08 09:17:13 +00:00
Sergey G. Brester efbbcb41ea
non capturing group 2022-11-18 12:32:15 +01:00
Sergey G. Brester 996553f330
review, simplify regex and capture user name 2022-11-18 12:31:11 +01:00
Andrey Alekseenko df91b047d2 Dante SOCKS server: handle "1 byte/second" case 
Thanks to @Loriowar and @sebres for pointing it out
 2022-11-17 23:22:56 +01:00
Andrey Alekseenko 05c162ef10 Create filter for Dante SOCKS server 2022-11-17 23:22:55 +01:00
Sergey G. Brester ae5fe2e003
amend to #3405, eliminate catch-all 2022-11-15 14:29:59 +01:00
sebres cbb097a2b3 small amend (non capturing group) 2022-11-14 18:56:01 +01:00
sebres 82506f0586 filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new format with GS and additional parameters, e. g. grantors) 2022-11-14 18:51:06 +01:00
sebres d8e2b03a24 `filter.d/named-refused.conf` extended (closes gh-3388): 
- support BIND named log categories
  - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)
 2022-11-03 11:41:21 +01:00
sebres ca2b94c522 fixes gh-3370: resolve extremely long search by repeated apply of non-greedy RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests 
amend to gh-3210: fixes regression and matches new format in aggressive mode too
 2022-10-04 14:10:45 +02:00
Jeff Johnson f9f78ed9d2
IPThreat integration (#3349) 
new IPThreat action
 2022-09-13 11:01:46 +02:00
sebres d6896eb26d New logtarget: systemd-journal; 
rebased #1403 from da2x:feature-systemd-journal
 2022-08-29 12:30:05 +02:00
sebres a08b925468 Merge branch '0.11' 2022-08-17 16:59:02 +02:00
sebres 467024797f Merge branch '0.10' into 0.11 2022-08-17 16:56:10 +02:00
Sergey G. Brester e289a1155e
Merge pull request #3269 from Logic-32/feature/cloudflare-token 
Adding support for Cloudflare Token API.
 2022-08-09 16:56:17 +02:00
Sergey G. Brester 514cca9ade
filter.d/sendmail-auth.conf: detect failures without user part 2022-08-01 09:20:28 +02:00
Sergey G. Brester a2264dcef0
Merge pull request #2636 from brianjmurrell/patch-2 
FreeIPA renames named to named-pkcs11
 2022-06-21 14:19:16 +02:00
Sergey G. Brester 3e9321e71b
non-capturing group and any variant of suffix 2022-06-21 14:15:38 +02:00
sebres 9272cce13d Merge branch '0.11' 2022-06-02 21:06:12 +02:00
sebres a69d42cea5 Merge branch '0.10' into 0.11 2022-06-02 21:04:43 +02:00
Sergey G. Brester fbfc85d8c0
common.conf: fixed typo in comment (rfc5424 for logtype) 
no functional changes; closes #3274
 2022-05-12 18:09:09 +02:00
Logic-32 d11ad3b90f Adding jail name to notes to disambiguate between jails. 2022-05-07 20:52:39 -06:00
Logic-32 e89b2c0ff7 Moving inet6 family block to the end so other config doesn't get added to it. 2022-05-07 20:41:33 -06:00
Logic-32 7e7b9f4a35 Adding support for Cloudflare Token API. 
Closes #3080
 2022-04-27 14:19:18 -06:00
sebres a2431158f6 implements new interpolation variable `%(fail2ban_confpath)s` (automatically substituted from config-reader path, default `/etc/fail2ban` or `/usr/local/etc/fail2ban` depending on distribution); `ignorecommands_dir` is unneeded anymore, thus removed from `paths-common.conf`; 
fixes gh-3005
 2022-02-09 17:10:19 +01:00
sebres 13520a0494 Merge branch '0.11' 2022-02-09 15:45:17 +01:00
sebres 8ac49b5858 Merge branch '0.10' into 0.11 2022-02-09 15:44:35 +01:00
László Károlyi f380d6202d cherry pick #3210 from master 2022-02-09 15:43:21 +01:00
sebres 498e473a10 filter.d/courier-auth.conf: consider optional port after IP, regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now; 
closes #3211
 2022-02-09 12:18:23 +01:00
sebres 810386a265 filter.d/dovecot.conf: parse everything in parenthesis by auth-worker info, e. g. can match (pid=...,uid=...) too 
(amend to 92f90038fa)
 2022-02-08 19:21:37 +01:00
Sergey G. Brester dfc866ea41
improve RE to solve conflict with expected another open parenthesis 2022-01-27 17:50:28 +01:00
László Károlyi 0f1706d4a1
Adjusting for updated dovecot log format 
This should now match:

`Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=<sales@karolyi.hu>, rip=183.111.188.94, lip=127.0.0.19, session=<Lsz0Oo7WXti3b7xe>`

the issue is the `read(size=1003)` that probably has been added lately and which causes the rule not to discover the log message.
 2022-01-27 11:28:20 +00:00
sebres 06d2623c5e iptables and iptables-ipset actions extended to support multiple protocols with single action for multiport or oneport type (back-ported from nftables action); 
amend to gh-980 fixing several actions (correctly supporting new enhancements now)
 2022-01-26 21:51:11 +01:00
sebres b639c8869c make several iptables actions more breakdown-safe: start wouldn't fail if chain or rule already exists (e. g. created by previous instance and doesn't get purged properly); 
ultimately closes gh-980
 2022-01-25 00:35:14 +01:00
sebres 3d7e3bc2fb make ipset actions more breakdown-safe: start wouldn't fail if set with this name already exists (e. g. created by previous instance and don't deleted properly) 2022-01-24 22:56:16 +01:00
sebres 7db1c97a3e Merge remote-tracking branch 'remotes/sebres/1.0-breakdown-safe-actions' with master; 
conflicts resolved
 2022-01-24 22:31:51 +01:00
sebres 970573d1cb Merge branch '0.11' 2022-01-18 16:17:49 +01:00
sebres 35d73d9758 Merge branch '0.10' into 0.11 2022-01-18 16:17:07 +01:00
sebres bf689c27b8 filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of f77398c49d); 
closes gh-3086
 2022-01-18 15:42:35 +01:00
sebres 8bf15db688 filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port; 
closes gh-3169
 2022-01-18 15:41:27 +01:00
sebres 80805cabfc Merge branch '0.11' 2021-11-03 16:01:00 +01:00
sebres 0b3ad780fe Merge branch '0.10' into 0.11 2021-11-03 15:48:21 +01:00
sebres 4b54a07d71 Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;" 
This reverts the incompatibility #3047 introduced by commit a038fd5dfe (#2821).
 2021-11-01 11:45:40 +01:00
Sylvestre Ledru 3245b8018b
Add the Debian path to roundcube error logs 2021-10-23 17:38:20 +02:00
Sergey G. Brester ba839af8ad
filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116) 2021-10-01 15:03:24 +02:00
sebres 10cd815525 merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:06:06 +02:00