Yaroslav Halchenko
e7cb0f8b8c
ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
2013-05-07 12:22:49 -04:00
Yaroslav Halchenko
2143cdff39
Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups
...
Origin: from https://github.com/jamesstout/fail2ban
* 'OpenSolaris' of https://github.com/jamesstout/fail2ban :
ENH: Removed unused log line
BF: fail2ban.local needs section headers
ENH: Use .local config files for logtarget and jail
ENH+TST: ssh failure messages for OpenSolaris and OS X
ENH: fail message matching for OpenSolaris and OS X
ENH: extra daemon info regex
ENH: actionunban back to a sed command
Readme for config on Solaris
create socket/pid dir if needed
Extra patterns for Solaris
change sed to perl for Solaris
Conflicts:
config/filter.d/sshd.conf
2013-05-06 11:11:12 -04:00
Yaroslav Halchenko
822a01018f
Merge pull request #205 from grooverdan/bsd_ssh
...
BSD ssh improvements (casing, msg)
2013-05-06 07:54:58 -07:00
Daniel Black
40c56b10a0
EHN: enhance sshd filter for bsd.
2013-05-03 16:17:35 +10:00
Daniel Black
495f2dd877
DOC: purge of svn tags
2013-05-03 16:03:38 +10:00
jamesstout
3367dbd987
ENH: fail message matching for OpenSolaris and OS X
...
- OpenSolaris keyboard message matched by new regex 3
- Removed Bye Bye regex per
https://github.com/fail2ban/fail2ban/issues/175#issuecomment-16538036
- PAM auth failure or error and first char case-insensitive, can also
have chars after the hostname. e.g.
Apr 29 16:53:38 Jamess-iMac.local sshd[47831]: error: PAM:
authentication error for james from 205.186.180.101 via 192.168.1.201
2013-04-30 04:23:13 +08:00
jamesstout
10fcfb925d
Extra patterns for Solaris
2013-04-21 07:30:21 +08:00
Daniel Black
41b9f7b6ac
BF: filter.d/sshd "Did not receive identification string" relates to an exploit so document this in sshd-ddos.conf but leave it out of authentication based blocks in sshd.conf
2013-04-18 04:38:03 +10:00
Daniel Black
32d10e904a
ENH: more openssh fail messages from openssh source code (CVS 20121205)
2013-04-17 00:03:36 +10:00
Orion Poplawski
bb7628591c
Update config/filter.d/sshd.conf
...
Do not trigger sshd bans on pam_unix authentication failures, this will trigger on successful logins on systems that use non-pam_unix authentication (sssd, ldap, etc.).
2013-01-18 14:44:49 -07:00
Yaroslav Halchenko
6ecf4fd80a
Merge pull request #64 from sourcejedi/remove_sshd_rdns
...
Misconfigured DNS should not ban *successful* ssh logins
Per our discussion indeed better (and still as "safe") to not punish users behind bad DNS
2012-11-05 18:20:37 -08:00
Yaroslav Halchenko
2082fee7b1
ENH: match possibly present "pam_unix(sshd:auth):" portion for sshd ( Closes : #648020 )
2012-07-31 15:53:41 -04:00
Alan Jenkins
8c38907016
Misconfigured DNS should not ban *successful* ssh logins
...
Noticed while looking at the source (to see the point of ssh-ddos).
POSSIBLE BREAK-IN ATTEMPT - sounds scary? But keep reading
the message. It's not a login failure. It's a warning about
reverse-DNS. The login can still succeed, and if it _does_ fail,
that will be logged as normal.
<exhibit n="1">
Jul 9 05:43:00 brick sshd[18971]: Address 200.41.233.234 maps to host234.advance.com.
ar, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jul 9 05:43:00 brick sshd[18971]: Invalid user html from 200.41.233.234
</exhibit>
The problem (in my mind) is that some users are stuck with bad dns.
The warning won't stop them from logging in. I'm pretty sure they can't
even see it. But when they exceed a threshold number of logins -
which could be all successful logins - fail2ban will trigger.
fail2ban shouldn't adding additional checks to successful logins
- it goes against the name fail2ban :)
- the first X "POSSIBLE BREAK-IN ATTEMPT"s would be permitted anyway
- if you want to ban bad DNS, the right way is PARANOID in /etc/hosts.deny
I've checked the source of OpenSSH, and this will only affect the
reverse-DNS error. (I won't be offended if you want to check
for yourself though ;)
<exhibit n="2">
$ grep -r -h -C1 'ATTEMPT' openssh-5.5p1/
logit("reverse mapping checking getaddrinfo for %.700s "
"[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
return xstrdup(ntop);
--
logit("Address %.100s maps to %.600s, but this does not "
"map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
ntop, name);
$
</exhibit>
2012-07-13 21:41:58 +01:00
Petr Voralek
4007751191
ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 ( Closes : #669063 )
2012-04-16 20:36:53 -04:00
Yaroslav Halchenko
25f1e8d98c
BF: allow trailing whitespace in few missing it regexes for sshd.conf
2012-02-10 21:14:51 -05:00
Yaroslav Halchenko
dad91f7969
ENH: sshd.conf -- allow user names to have spaces and trailing spaces in the line
...
absorbed from patches carried by Debian distribution of f2b
2011-11-18 10:07:13 -05:00
Cyril Jaquier
abd061bad8
- Changed <HOST> template to be more restrictive. Debian bug #514163 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@728 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-08 17:31:24 +00:00
Cyril Jaquier
376f348823
- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log ( closes : #512193 ).
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@726 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-03 21:56:03 +00:00
Cyril Jaquier
391a38a7a8
- Added new regex. Thanks to Tobias Offermann.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@713 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-10 16:00:10 +00:00
Cyril Jaquier
155c4652a4
- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@706 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-07-22 22:29:57 +00:00
Cyril Jaquier
6db1212152
- Added revision.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@663 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 21:47:14 +00:00
Cyril Jaquier
f0399ca5a4
- Absorbed some Debian patches. Thanks to Yaroslav Halchenko.
...
- Renamed actionend to actionstop.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@658 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 22:41:28 +00:00
Cyril Jaquier
174ce7027a
- Fixed fail2ban-regex. It support "includes" in configuration files.
...
- Modified "includes" to be more generic. We will probably support URL in the future.
- Small refactoring.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@656 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 00:17:56 +00:00
Cyril Jaquier
66063d2731
- Added "full line failregex" patch. Thanks to Yaroslav Halchenko. It will be possible to create stronger failregex against log injection
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@621 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-09-12 21:38:51 +00:00
Cyril Jaquier
732c66215f
- Improved regular expressions
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@613 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-13 21:39:26 +00:00
Cyril Jaquier
3ef8fbe2e3
- Modified failregex again. Thanks to Yaroslav Halchenko
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@609 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:29:13 +00:00
Cyril Jaquier
f714c96d0e
- Updated regular expressions
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@598 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-10 20:24:44 +00:00
Cyril Jaquier
1e2ddec485
- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@587 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-06-07 21:29:18 +00:00
Cyril Jaquier
54e4d012d1
- Fixed bug #1664386 . Thanks to Harry Rarig
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@551 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-02-22 20:52:35 +00:00
Cyril Jaquier
743ec88eef
- Updated failregex
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@532 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-29 20:32:13 +00:00
Cyril Jaquier
6cf814245e
- Fixed missing regular expression
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@513 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-04 13:07:04 +00:00
Cyril Jaquier
44d75eb54f
- Added missing svn:keywords
...
- Split failregex in sshd.conf
- Added sshd-ddos.conf. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@510 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-04 12:21:44 +00:00
Cyril Jaquier
840b9fff0f
- Fixed some comments
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@495 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-18 22:35:34 +00:00
Cyril Jaquier
f5d4cb6be2
- Added alias "<HOST>" for failregex
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@471 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-19 21:25:51 +00:00
Cyril Jaquier
0fd9865172
- Defined default values in .conf. Should fix Debian bug #398758
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@464 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-15 18:44:28 +00:00
Cyril Jaquier
90359ba523
- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request #1283304
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@458 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-12 14:52:36 +00:00
Cyril Jaquier
2bcc036cf2
- Improved configuration files
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@394 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-01 21:19:56 +00:00
Cyril Jaquier
21b6e76cde
- Added date detector
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@325 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-05 21:16:28 +00:00
Cyril Jaquier
f1f12518c8
- Moved "logpath" and "maxtime" to "jail.conf"
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@320 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-04 19:18:57 +00:00
Cyril Jaquier
857f6d619b
- Fixed bug in failregex
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@267 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-06 22:14:34 +00:00
Cyril Jaquier
3d73f45531
- Added 'host' group in failregex
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@262 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-06 21:23:06 +00:00
Cyril Jaquier
9aa6a505eb
- Added header
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@254 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-17 19:26:14 +00:00
Cyril Jaquier
7048e19995
- 0.7.0 soon
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@251 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-16 21:35:08 +00:00
Cyril Jaquier
ea1948eff4
- Initial commit of the new development release 0.7
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-06-26 20:05:00 +00:00