fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	970573d1cb	Merge branch '0.11'	3 years ago
sebres	35d73d9758	Merge branch '0.10' into 0.11	3 years ago
sebres	bf689c27b8	filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of `f77398c49d`); closes gh-3086	3 years ago
sebres	8bf15db688	filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port; closes gh-3169	3 years ago
sebres	80805cabfc	Merge branch '0.11'	3 years ago
sebres	0b3ad780fe	Merge branch '0.10' into 0.11	3 years ago
sebres	4b54a07d71	Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;" This reverts the incompatibility #3047 introduced by commit `a038fd5dfe` (#2821).	3 years ago
Sylvestre Ledru	3245b8018b	Add the Debian path to roundcube error logs	3 years ago
Sergey G. Brester	ba839af8ad	filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116)	3 years ago
sebres	10cd815525	merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm)	3 years ago
sebres	c03fe6682c	merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm)	3 years ago
sebres	410a6ce5c8	fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence	3 years ago
sebres	579c6a94af	filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040)	4 years ago
sebres	43f2923fbd	filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user"; both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters	4 years ago
Sergey G. Brester	bbfff18280	action.d/ufw.conf: amend to #3018 : parameter `kill-mode` extended with conntrack	4 years ago
sebres	c7a86b4616	action.d/firewallcmd-ipset.conf: amend to #2620 : - combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`); - IPv6-capability for firewalld ipset; - no internal timeout handling by default; - no permanent rules yet	4 years ago
Sergey G. Brester	2a508da5a0	Merge pull request #2620 from mspolitaev/master Using native firewalld ipset implementation	4 years ago
sebres	38535b0cca	Merge branch '0.11' into master	4 years ago
sebres	d2f5c7de09	Merge branch '0.10' into 0.11	4 years ago
sebres	92f90038fa	filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553	4 years ago
sebres	8b984a0135	filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553)	4 years ago
sebres	6be1a5a0b1	filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)	4 years ago
sebres	8afea37494	filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757)	4 years ago
sebres	c5f1598a21	filter.d/postfix.conf: extended to cover new vectors: - reject: BDAT/DATA from (gh-2927) - (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else) - matches "Command rejected" and "Data command rejected" now	4 years ago
sebres	ae3e9b9149	filter.d/postfix.conf: extended to cover 2 new vectors: - RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995 - 550 5.7.25 Client host rejected, gh-2996 review combining several regex to single one	4 years ago
sebres	87f717e0e0	filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012)	4 years ago
Sergey G. Brester	3d52fe3e4e	Merge pull request #2679 from mikaku/updated-to-latest-jail.conf Add new jail (and filter) Monitorix	4 years ago
sebres	0a05dbdbfc	Merge branch '0.11' into master	4 years ago
sebres	3312b8cb95	Merge branch '0.10' into 0.11	4 years ago
sebres	1627d4f573	filter.d/sendmail-auth.conf: user not found, closes gh-3030	4 years ago
Sergey G. Brester	f07e0f7ade	Merge pull request #2984 from j-marz/zoneminder_filter_update Zoneminder filter update	4 years ago
Sergey G. Brester	ec4e0dd65b	padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name)	4 years ago
j-marz	2367ad115c	fixed typo in comment	4 years ago
Sergey G. Brester	3f9cf27853	filter.d/apache-fakegooglebot.conf: better, more precise regex and datepattern (closes possible weakness like #3013 )	4 years ago
usernamepi	4f8427178a	Missing comment "#" (#3022 ) Missed this ... but the logs showed it.	4 years ago
usernamepi	88f779ed24	ufw.conf, amend to #3018 - add missing option for comment (#3019 )	4 years ago
Sergey G. Brester	8f6a8df3a4	added new options `kill-mode` and `kill`, which makes the drop of all connections optional	4 years ago
Sergey G. Brester	5debaa4cac	option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat)	4 years ago
usernamepi	e4e7a83cff	Update ufw.conf Prerequisites: * The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY. * Ufw version is => 0.36 (released in 2018) * Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses. * Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532 * Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open. Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option. My system apparently is compiled that way.	4 years ago
sebres	71ce548117	Merge branch '0.11'	4 years ago
sebres	b5b615731e	Merge branch '0.10' into 0.11	4 years ago
sebres	f0214b3d36	filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments	4 years ago
Sergey G. Brester	ab0847e2d5	more precise anchored RE (also combining all 3 REs in a single regex)	4 years ago
Jordi Sanfeliu	7d173b7ce0	Merge branch 'master' into updated-to-latest-jail.conf	4 years ago
sebres	6893d5a8b7	Merge remote-tracking branch 'remotes/gh-upstream/0.11' into master	4 years ago
Sergey G. Brester	d74dd9321b	Merge pull request #2565 from caronc/0.11 Add Apprise Support (50+ Notifications)	4 years ago
Sergey G. Brester	b2f6a3a658	remove unneeded substitution it is enough to add `apprise` to action	4 years ago
Sergey G. Brester	dda70d60c0	Merge branch 'master' into master	4 years ago
Michele Mondelli	7579072e3b	docs: fix typos	4 years ago
Sergey G. Brester	4eba9f2a4b	Merge pull request #2950 from sunweaver/pr/scanlogd-filter Add support for filtering out detected port scans via scanlogd.	4 years ago
Sergey G. Brester	2d51240b3e	correction for default log interpolation and added allports banaction	4 years ago
Sergey G. Brester	977dfe4bd7	small amend: sport after saddr is optional format of message: saddr[:sport] to daddr [and others,] ports port[, port...], ..., flags[, TOS TOS][, TTL TTL] @HH:MM:SS	4 years ago
Sergey G. Brester	14edeed310	fixed regex (don't need to match whole line, e. g. every port etc)	4 years ago
Sergey G. Brester	080dd12288	Merge pull request #2965 from oukb/patch-1 nsd.conf: fix for the current log format	4 years ago
Sergey G. Brester	a838deba7f	restore anchor (e. g. catch all in the middle), dot is optional now, RE rewritten a bit more precise	4 years ago
sebres	7f38b80d35	precise regex (left anchor and fewer catch-all's); fixed tests (added failJSON and more tests for some corner-cases around new RE)	4 years ago
Rüdiger Olschewsky	9eaa2322b0	Filter and Defaults for Microsoft SQL Server	4 years ago
Markus Felten	5aa20c30d8	fix: add journalmatch to nginx filters	4 years ago
j-marz	5d8f500471	updated formatting to pass tests	4 years ago
j-marz	2686811593	Updated zoneminder filter Support new log format, ERR instead of WAR. Add detection of non-existent user login attempts	4 years ago
oukb	529866b2bb	nsd.conf: fix for the current log format New nsd 4.3.5 log format: \| [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches \| [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches \| [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches \| [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches	4 years ago
Mike Gabriel	f15ed35619	config/: Add support for filtering out detected port scans via scanlogd.	4 years ago
sebres	fb08534ed7	Merge branch '0.11'	4 years ago
sebres	3eaefe8da0	Merge branch '0.10' into 0.11	4 years ago
sebres	a45b1c974c	filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast); closes gh-2951	4 years ago
sebres	63acc862b1	`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action	4 years ago
sebres	fb6315ea5e	Merge branch '0.10' into 0.11	4 years ago
sebres	6f4b6ec8cc	action.d/badips.* removed (badips.com is no longer active, gh-2889)	4 years ago
Sergey G. Brester	a2f0dbad87	Merge pull request #2742 from aresxc/patch-1 Update drupal-auth.conf	4 years ago
Sergey G. Brester	d678440658	more precise RE (avoids weakness with catch-all's and is injection safe)	4 years ago
sebres	ea26509594	Merge branch '0.11'	4 years ago
sebres	6198b4566c	Merge branch '0.10' into 0.11	4 years ago
Brian J. Murrell	dc4ee5aa47	Add transport to asterisk RE Call rejection messages from Asterisk can have the transport prefixed to the IP address. Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>	4 years ago
sebres	c75748c5d3	fail2ban.conf: added new fail2ban configuration option "allowipv6" (default auto), can be used to allow or disallow IPv6 interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces). closes gh-2804	4 years ago
sebres	21dd317870	Merge branch '0.11'	4 years ago
sebres	dbc77c47c3	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	5f3f4d1e2f	action.d/cloudflare.conf: better IPv6 capability closes gh-2891	4 years ago
sebres	9df332fdef	filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...); closes gh-2908	4 years ago
sebres	2c60d08b28	Merge '0.11' (fix gh-2899) into master	4 years ago
sebres	fe334590cd	Merge branch '0.10' into 0.11	4 years ago
sebres	73b39e0894	filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp) closes gh-2899	4 years ago
defanor	ba7daef86c	Handle postscreen's PREGREET and HANGUP messages Provoking those seems to be a popular activity among spammers.	4 years ago
stepodev	cecc3d62ff	add mode explanation to nginx-http-auth in jail.conf	4 years ago
stepodev	d0ba27cf46	move nginx-tls-fallback rules to nginx-http-auth	4 years ago
Sergey G. Brester	d959f6d199	Update nginx-tls-fallback.conf more precise and conclusive regex without catch-all's	4 years ago
stepodev	c0256724a7	fix monitoring wrong error log. was access log, should be error.log	4 years ago
stepodev	27c40a77a3	add nginx-tls-downgrade	4 years ago
sebres	a03109d096	Merge branch '0.11' into master (0.11.2 released)	4 years ago
sebres	b78d1e439a	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	753fff9c15	amend to #2750 , add jail for new filter nginx-bad-request	4 years ago
Sergey G. Brester	071048b8f2	Merge pull request #2750 from janprzy/master Added filter nginx-bad-request	4 years ago
sebres	7965d652a1	filter.d/dovecot.conf: allow more verbose logging closes #2573	4 years ago
sebres	a6de9459fc	typo	4 years ago
RyuaNerin	bba8844af8	typo	4 years ago
mpoliwczak834	595ee7ed74	add submission	4 years ago
mpoliwczak834	0c12cb7970	add managesieve support dovecot filter	4 years ago
sebres	cc64ef25f6	filter.d/apache-noscript.conf: extended to match "script not found" with error AH02811 (and cgi-bin path segment in script) closes gh-2805	4 years ago
sebres	adbfdc222d	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	1c1a9b868c	no catch-alls, user name and error message stored in ticket	4 years ago
benrubson	840f0ff10a	Add Grafana jail	4 years ago

1 2 3 4 5 ...

1887 Commits (bbca81f34cb8104a71f6508dba4c7e2d776ac7fe)