github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,630 Commits
33 Branches
229 Tags
18 MiB
Commit Graph

3630 Commits (babb76cb3c4990c4ee119c969d91b9dd9a755a4d)

Author SHA1 Message Date
Serg G. Brester 3ccb026840 Merge pull request #1209 from sebres/ssh-filter-new-regexp 
sshd-aggressive (new ssh rules added (gh-864) and code review...)
 2017-01-21 16:29:42 +01:00
sebres 54a8c681ce suhosin.conf: removed greedy match 2017-01-21 16:26:07 +01:00
sebres 8aa9516d50 sshd.conf: fixed expression "received disconnect ... auth fail" - optional space after port part (gh-1652) 2017-01-21 16:18:03 +01:00
sebres c8f473110c change log update after rebase 2017-01-21 15:59:27 +01:00
sebres 3276bd6d54 sshd: additionally aggressive filter rules - no matching cipher resp. no matching key exchange method (gh-1545, gh-1117) 2017-01-21 15:57:05 +01:00
sebres 628789f9a9 sshd: conditional parameter "mode" for sshd jail (normal, ddos, aggressive) 
filter sshd-ddos and new filter sshd-aggressive are both derivation of sshd-filter
 2017-01-21 15:54:49 +01:00
sebres dd373dba9f test all config-regexp, that contains greedy catch-all before <HOST>, that is hard-anchored at end or precise sub expression after <HOST>; 
new ssh rule(s) added:
- Connection reset by peer (multi-line rule during authorization process);
- No supported authentication methods available;
Single line and multi-line expression optimized, added optional prefixes and suffix (logged from several ssh versions);
closes gh-864
 2017-01-21 15:53:48 +01:00
Serg G. Brester 5e08298b6b Update ChangeLog 2017-01-20 08:47:30 +01:00
Christian Brandlehner a4d8426401 Support for IBM Domino SMTP task (#1603) 
filter.d/domino-smtp.conf
 2017-01-20 08:44:20 +01:00
Serg G. Brester 40f294e6bf Merge pull request #1663 from jjeziorny/netscaler-action 
Introduced citrix netscaler action
 2017-01-19 16:25:23 +01:00
Serg G. Brester 75b252e47f Update ChangeLog 2017-01-19 15:00:08 +01:00
Juliano Jeziorny 1fe554dd25 Introduced Citrix Netscaler action 2017-01-19 14:30:25 +01:00
Serg G. Brester 063a11564b Merge pull request #1673 from chtheis/master 
Wrong paths for apache and nginx under FreeBSD
 2017-01-18 17:12:20 +01:00
Christoph Theis fe76cd9b7d #1667: changelog entry 2017-01-17 14:05:20 +01:00
Christoph Theis 6187431629 #1667: Wrong paths for apache and nginx under FreeBSD 2017-01-17 11:48:25 +01:00
sebres a9523aefbb sshd.conf: fixed non-anchored part of regex (misleading match of colon inside IPv6 address instead of `: ` in the reason-part by missing space). 2017-01-10 12:58:44 +01:00
sebres f8d35a7c9c changelog entry 2017-01-10 11:16:17 +01:00
sebres 2009f1c434 fail2ban-regex: fix for systemd-journal (see gh-1657) 2017-01-10 11:13:18 +01:00
Hank Leininger 9fbf713d7d
Wait up to 30 seconds on "stop" to avoid errors. 
The fail2ban server can take several seconds to shut down.  This can
make Gentoo's start-stop-service time out and decide that stopping has
failed, even if it actually succeeds a few seconds later.

The default timeout for start-stop-service if --retry is not specified
appears to be 5 seconds.  Increase that to 30 seconds to be sure that if
fail2ban-server is going to be able to stop, it has time to do so.
 2016-12-28 11:14:32 -05:00
Yaroslav Halchenko 31a1560eaa minor typos (thanks Vincent Lefevre, Debian #847785) 2016-12-11 15:13:11 -05:00
Yaroslav Halchenko 4a1fd888f0 Carry on development 2016-12-11 00:49:09 -05:00
Yaroslav Halchenko 3605155978 updated man pages 2016-12-09 09:36:08 -05:00
Yaroslav Halchenko 482252dbd4 ENH: prep for 0.9.6 release (as of tomorrow) 2016-12-09 09:35:03 -05:00
Yaroslav Halchenko e550850b9c BF: added missing entires into MANIFEST 2016-12-09 09:34:44 -05:00
Serg G. Brester 556a9373ce Update ChangeLog 2016-11-28 23:40:33 +01:00
sebres 45f1d811c9 Merge branch 'alex1702-1586' 2016-11-28 18:54:02 +01:00
sebres 67c14afd8e ChangeLog entry added + jail.conf review 2016-11-28 18:51:23 +01:00
sebres 425170cef3 code review, makes the test cases workable, added dev-notes 2016-11-28 18:39:07 +01:00
Serg G. Brester f827675822 Merge pull request #1627 from sebres/fix-gh-1626 
Fix gh-1626: one space after ModSecurity
 2016-11-28 12:00:53 +01:00
sebres b8c41dcb49 ChangeLog update 2016-11-28 11:31:51 +01:00
sebres 931eab84b5 `filter.d/apache-modsecurity.conf` 
- fixed for newer version (one space, closes gh-1626)
reviewed and optimized:
  - non-greedy catch-all replaced for safer match
  - unneeded catch-all anchoring removed
  - non-capturing groups
 2016-11-28 11:28:27 +01:00
Serg G. Brester b8b5907706 Merge pull request #1624 from sebres/fix-gh-1623 
filter.d/dovecot.conf update: ignore additionally irrelevant info in anchored regex before "auth failed"
 2016-11-26 17:07:39 +01:00
sebres 5678d08a79 filter.d/dovecot.conf update: 
- fixes failregex, that ignores failures through some irrelevant info (closes #1623);
- ignores whole additionally irrelevant info in anchored regex before fixed failure data `\((?:auth failed, \d+ attempts( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\)`
- review, IPv6 compatibility fix, non-capturing groups
 2016-11-26 16:50:37 +01:00
Serg G. Brester ac1729e473 Merge pull request #1620 from fail2ban/close-gh-1120 
jail.conf: added  `knocking_url` filter-parameter of `pass2allow-ftp`...
 2016-11-25 19:29:10 +01:00
Serg G. Brester 4f5389fee5 Update jail.conf 2016-11-24 19:30:10 +01:00
Johannes Weberhofer f46ada023e Use Fedora's backend-settings for openSUSE 
Those settings are ok for newer openSUSE versions
 2016-11-22 09:03:54 +01:00
sebres b5433f48b7 amend after code review of merge gh-1581 2016-11-11 11:09:46 +01:00
sebres bee6e7376b Merge branch 'aclindsa:master' 2016-11-11 10:58:40 +01:00
sebres dab5f56609 Merge branch 'fix-gh-1477' 2016-11-11 10:17:07 +01:00
Alex 8ac28e5dcb Make changes and add test file 2016-11-10 13:09:32 +01:00
Alex 8c40766511 Add Mongodb-auth filter and jail 2016-11-10 12:48:24 +01:00
Serg G. Brester 4e252be76f Update FILTERS 
closes #1591
 2016-10-25 11:01:32 +02:00
Aaron Lindsay 7805f9972d filter.d/sshd.conf: Match 'Invalid user' with 'port \d*' 2016-10-15 15:52:19 -04:00
Yaroslav Halchenko 5502e47486 Merge pull request #1579 from sebres/fix-gh-1578 
filter.d/sendmail-reject.conf: double space (should be by missing dns-host only)
 2016-10-15 13:18:52 -04:00
sebres 519e355bf2 ChangeLog entry added 2016-10-15 14:59:36 +02:00
sebres 84c3eb3e0e filter.d/sendmail-reject.conf: double space (should be by missing dns-host only) 
Closes #1578
 2016-10-15 14:53:45 +02:00
sebres 15dc2db8bb Merge pull request #1498 from ahpnils:npf to master: 
This new action files adds support for the NPF packet filter, available on NetBSD since version 6.0.
Closes #1498
 2016-10-13 19:00:54 +02:00
Nils f7df6026a3 Update Changelog to reflect the new np.conf action 2016-10-13 18:53:16 +02:00
Nils d08db22b92 Create npf.conf for the NPF packet filter 
This file adds support for the NPF packet filter, available on NetBSD since version 6.0
 2016-10-13 18:50:54 +02:00
Serg G. Brester 8e3e333d54 Update ChangeLog 2016-09-27 14:17:45 +02:00