github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
2,606 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

821 Commits (bc10b64c69be90f9b5bc487d04c376b9432a40ac)

Author SHA1 Message Date
Daniel Black a044517cb7 MRG: from master to 0.9 2014-02-20 2014-02-20 08:35:24 +11:00
Daniel Black 79e6543eca Merge branch '0.9' into distro-paths-gh-315 2014-02-20 08:20:47 +11:00
Daniel Black 83266eb668 ENH: framework for distro paths 2014-02-20 08:20:02 +11:00
Steven Hiscocks 8c5525163b BF: Fix misplaced ";", and duplicate {ip,}matches 2014-02-18 15:13:02 +00:00
Steven Hiscocks 997729e274 BF: Fix complain action for multiple recipients and misplaced ";" 2014-02-18 15:05:06 +00:00
Steven Hiscocks 7c76f7f204 BF: $EUID not avilable in all shells, replaced with `id -u` in xt_recent 2014-02-16 17:56:06 +00:00
Steven Hiscocks 2a37ee2fb7 ENH: Add root user check in xt_recent, and add missing actionstop 
Thanks to Helmut Grohne on IRC for suggestion
 2014-02-16 16:52:30 +00:00
Steven Hiscocks 5c7630c4be ENH: Allow separate blacklist category for badips.py action 2014-02-14 17:45:08 +00:00
Steven Hiscocks cf81ddd8e2 BF: Add error handling in badips.py action 2014-02-14 17:10:34 +00:00
Steven Hiscocks 31f4ea59cb BF: Use abusix Abuse Contact DB to get more accurate abuse addresses 
Taken from xarf-login-attack action from 0.9 branch by Daniel Black
 2014-02-13 22:00:33 +00:00
Steven Hiscocks f68d85a6ac Merge branch 'master' into 0.9 
Conflicts:
	ChangeLog
                Spelling correction of 0.8.13 fixed in master
	config/jail.conf
                Added nagios and duplicate php-url removal in master
                Just nagios added, duplicate not issue in 0.9
 2014-02-13 20:14:40 +00:00
Daniel Black c701ac9276 DOC: document LogLevel requirement for "Connection from" regex" 2014-02-13 16:20:36 +11:00
Daniel Black 5f4d0ed576 ENH: ssh filter - "Disconnecting: Too many authentication failures.." matching Connection log message 2014-02-13 09:13:46 +11:00
Aarón Nieves Fernández 993b7d3dfb Duplicate jail "php-url-fopen" 2014-02-10 21:41:50 +01:00
Steven Hiscocks dff8909473 ENH: Add badips.com reporting and blacklisting action (python based) 2014-02-09 12:23:14 +00:00
Ivo Truxa c207ad6058 removing ignoreip at [nagios] 
I removed the ignoreip setting from the nagios section. As pointed out, it is redundant here. Nagios server, under normal circumstances should not trigger any access errors, and would be included in the global ignoreips anyway.
 2014-02-06 00:27:38 +01:00
Ivo Truxa f5f434f846 removing the second failregex 
The second failregex was supposed to catch an error concerning an ACL denial over IPv6, but this message is no more generated by the nrpe version (v2.15) that introduced the IPv6 support, so the first failregex seems to be sufficient.
 2014-02-06 00:22:05 +01:00
Ivo Truxa a71bb89ccd removing a dot (typo) 
The dot at the ignoregex did not belong there. Somehow it was added during the copying and pasting. Thanks for reporting it, I did not see it. Otherwise, empty ignoregexes are in all filters, and if they are missing, fail2ban client shows warnings when starting the filter, which I prefer avoiding.
 2014-02-03 23:12:56 +01:00
Ivo Truxa dac4dd465e ENH: Nagios filter 
added typical configuration settings for the nagios filter
 2014-02-03 21:51:49 +01:00
Ivo Truxa c91fda8619 ENH: Nagios filter 
Sample log for the first failregex is available in the testcases. No example available for the IPv6 denial yet.
 2014-02-03 21:46:07 +01:00
Daniel Black ef82eac790 DOC: openssh real protection is pubkey 2014-02-02 15:16:40 +11:00
Daniel Black 59b9045e88 MRG: from master 2014-02-02 2014-02-02 13:21:16 +11:00
Daniel Black 273b2f45a3 MRG: remove the "no auth attempts" as per aseques gh-600 2014-01-29 20:43:51 +11:00
Daniel Black 9b614ce486 ENH: dovecot filter enhancements 2014-01-29 20:27:45 +11:00
Joan 84617fa6da Fixed a failing case 2014-01-28 16:19:35 +01:00
Joan 08171ba52f Removed the -no auth attempts- from the triggers because of lots of FP 2014-01-28 12:44:46 +01:00
Daniel Black a749a2780e Merge pull request #593 from grooverdan/tine 
ENH: Tine20 filter
 2014-01-26 18:50:42 -08:00
Daniel Black 1a1e3bec86 ENH: framework for distro paths 2014-01-25 23:25:54 +11:00
Daniel Black 256c732bcd BF/ENH: filter pure-ftpd - re-add _daemon. Add translations 
_daemon was accidently removed in
89fd792dfb

Added translations from source code
 2014-01-25 12:19:46 +11:00
Daniel Black 1e1261ccb4 MRG: from master 2014-01-23 2014-01-23 17:45:18 +11:00
Daniel Black ca57427080 BF: firewallcmd-ipset had non-working actioncheck 2014-01-23 17:41:13 +11:00
Daniel Black c8ae064b79 ENH: tighten regex and change failJSON to support timezone. Closes gh-583 2014-01-22 22:16:03 +11:00
Daniel Black 2063d96e59 MRG: import Lars' PR for tine20 2014-01-22 18:12:19 +11:00
Steven Hiscocks 8221c7ca71 TST+BF: Add tests for python actions, including test for smtp.py 
Also fix bug when specifying multiple recipients for smtp.py action
 2014-01-20 23:10:43 +00:00
Steven Hiscocks a0f39255bc BF: Kerio log datepattern fix for recent datepattern full regex merge 2014-01-20 23:00:38 +00:00
Daniel Black a650178bd1 MRG: merge from master 2014-01-19 2014-01-19 14:48:29 +11:00
Daniel Black 263ac32730 ENH: test log samples for kerio thanks to 
Tony Lawrence
 2014-01-18 23:18:33 +11:00
Daniel Black 1452be4a3a Merge pull request #588 from grooverdan/badips 
ENH: Badips action (reporting)
 2014-01-17 23:10:29 -08:00
Daniel Black f566cab766 Merge branch 'master' into badips 2014-01-15 09:37:11 +11:00
Daniel Black 657da2041c BF: dovecot filters, session characters and order of session/tls in log messages 2014-01-15 08:02:47 +11:00
Daniel Black 2333b2d5d9 MRG: from 0.9 2014-01-13 22:17:14 +11:00
Daniel Black c7f887642d Merge branch '0.9' into master_to_0.9 2014-01-13 21:23:42 +11:00
Daniel Black 3de80545e0 MRG: from master 2014/01/13 2014-01-13 21:23:39 +11:00
Daniel Black 01e5ae1234 Merge pull request #584 from grooverdan/exim-auth 
ENH: Exim auth
 2014-01-13 02:20:47 -08:00
Daniel Black 08b4f3e5f2 Merge branch 'patch-5' of https://github.com/truxoft/fail2ban into exim-auth 2014-01-13 19:26:12 +11:00
Lars Kneschke 47dd8fb897 ENH: filter for Tine 2.0 2014-01-13 06:04:59 +01:00
Ivo Truxa 2d8c0b26e4 Matching any Exim authentication name 
As explained in https://github.com/grooverdan/fail2ban/pull/4, in Exim there can be used plenty of other standard authentication names, and in fact the names can be custom. The failregex in Exim filter should catch authentication errors regardless of the name of the authentication. Hence replacing the plain|login with the general \w+
 2014-01-13 01:38:49 +01:00
Daniel Black 6b0e6b9bca ENH: add improper command pipelining postfix filter 2014-01-13 06:59:59 +11:00
Daniel Black a443b8b4d3 BF: remove second jail definition 2014-01-12 21:45:39 +11:00
Daniel Black cd3e94140c MRG: complete merge 2014-01-12 21:16:55 +11:00
Daniel Black f2e55e8499 ENH: add filter for squirrelmail. Closes gh-261 2014-01-12 20:27:36 +11:00
Daniel Black 1e8ed55a36 MRG: from 0.9 2014-01-12 20:15:34 +11:00
Tomas Pihl b52a4441fd Support ACL-events without AccountID. Typically happens when a registration 
from an unknown domain is performed.

Add credits
 2014-01-12 01:28:55 +01:00
Steven Hiscocks 0dd6533680 BF: Add ejabberd-auth to jail.conf 2014-01-09 23:22:12 +00:00
Steven Hiscocks 128112d51c ENH: ejabberd filter 2014-01-09 22:47:17 +00:00
Daniel Black 8333abe420 Merge pull request #557 from grooverdan/apache-botsearch 
ENH: Apache botsearch + BF: tag substition
 2014-01-09 14:11:00 -08:00
Daniel Black b0baab3a0e ENH: more test cases and wider regex 2014-01-10 08:40:24 +11:00
Daniel Black 4b33f96db4 DOC: fix comment regarding apache version in apache-noscript 2014-01-10 08:35:37 +11:00
Daniel Black 8e5366a7e9 DOC: for apache-botsearch and apache-botsearch 2014-01-10 07:34:01 +11:00
Steven Hiscocks 7e8da15fc6 Merge pull request #572 from grooverdan/counterstrike 
ENH: Counter Strike filter
 2014-01-08 12:47:10 -08:00
Yaroslav Halchenko 6532a2e2f7 Merge pull request #548 from grooverdan/exim-honeypot 
Exim honeypot
 2014-01-07 06:14:42 -08:00
Daniel Black d94efe719d ENH: jail.conf for counter-strike 2014-01-07 20:50:50 +11:00
Daniel Black 0fb6bc7188 ENH: add filter for Counter Strike 1.6. Closes gh-347 2014-01-07 20:33:57 +11:00
Daniel Black aabdc51e87 BF: revert separate jail for exim-honeypot as only exim-spam exists. 2014-01-07 16:26:29 +11:00
Daniel Black 9e087b508d MRG: from 0.9 2014-01-07 16:11:40 +11:00
Daniel Black 58ebf659e4 MRG: from 0.9 to make history cleaner 2014-01-07 16:07:58 +11:00
Yaroslav Halchenko 9a8b449086 DOC: some typos, fixes from Vincent Lefevre 2014-01-06 23:38:52 -05:00
Daniel Black 9e390d6549 ENH: jail.conf for exim-honeypot 2014-01-07 11:53:20 +11:00
Daniel Black 809581ae99 ENH: jail.conf for apache-botsearch 2014-01-07 11:52:21 +11:00
Daniel Black ed9ed6d0cb TST/ENH: fix test case for ReadStockJailFilterComplete and add missing jails 2014-01-07 11:27:54 +11:00
Daniel Black 10fa5e3439 BF: fix jails for gssftpd and qmail 2014-01-07 10:49:11 +11:00
Daniel Black 549f64e86c BF: remove imap2 - not an IANA and probably not used 2014-01-07 10:25:29 +11:00
Daniel Black 320861b7dc Merge branch 'more-jails-0.9' into master_to_0.9 2014-01-07 10:24:27 +11:00
Daniel Black 76468942f9 MRG: complete merge from master 2014-01-07 10:24:23 +11:00
Daniel Black fa6a183e94 BF: typos in jail.conf corrected 2014-01-07 09:49:27 +11:00
Daniel Black a31c76f126 ENH: jail cleanup and fill in missing for 0.9 2014-01-07 09:34:39 +11:00
Daniel Black 755af0a51e Merge pull request #562 from grooverdan/jail.conf-complete_and_correct 
ENH: Jail.conf now has all filters and TST: a mechanism to test this is truee
 2014-01-06 12:08:45 -08:00
Daniel Black 90fdf5fc21 ENH: jail.conf entry for groupoffice 2014-01-07 06:55:38 +11:00
Daniel Black ab3ded2205 Merge pull request #549 from kwirk/python-actions 
ENH: Python actions
 2014-01-06 02:58:45 -08:00
Daniel Black 50eab4df81 ENH: add filter groupoffice. Closes gh-566 2014-01-06 21:56:22 +11:00
Daniel Black f137c7b107 BF: stunnel doesnt need datepattern as its inbuilt 2014-01-06 09:53:54 +11:00
Daniel Black 1687505995 BF: Fix datepattern 2014-01-06 09:06:05 +11:00
Steven Hiscocks 6c301ae210 Merge pull request #563 from grooverdan/gh-289-ssh 
BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHAN...
 2014-01-05 09:55:05 -08:00
Daniel Black 03aba92238 ENH: add kerio filter 2014-01-05 23:41:49 +11:00
Daniel Black 1c5787174f BF: escape . in stunnel filter 2014-01-05 23:25:49 +11:00
Daniel Black a8e0498389 BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHANGE_FAILED. closes gh-289 2014-01-05 21:26:26 +11:00
Daniel Black a9f804e443 ENH: complete stock jail.conf to contain all filters 2014-01-05 21:03:16 +11:00
Daniel Black 6ce2ba2895 ENH: additional phpmyadmin tips from Tom on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal. Block is now a prefix of a path 2014-01-05 11:48:35 +11:00
Daniel Black c37ee4cc52 DOC: filter.d/vsftpd doco from wiki 2014-01-05 11:30:56 +11:00
Daniel Black 6602937ee1 DOC: filter.d./pure-ftpd doco from wiki 2014-01-05 11:24:20 +11:00
Steven Hiscocks 69a850d226 DOC: Update docstrings for smtp.py action 2014-01-04 22:46:57 +00:00
Steven Hiscocks 6e63f0ea5a RF: Change Jails and Actions to Mapping types 2014-01-04 16:57:08 +00:00
Daniel Black d7666c8942 DOC: bit more on how to use freeswitch 2014-01-04 12:39:48 +11:00
Daniel Black 23f0b854da MRG: merge in freeswitch 2014-01-04 12:24:40 +11:00
Daniel Black 69b3a1cf64 BF: catchin DEBUG messages will result in duplicates 2014-01-04 12:10:51 +11:00
Daniel Black 05b159c74b Merge pull request #464 from grooverdan/increase-jail-name-length 
ENH: Actions to have f2b- as prefix instead of fail2ban- as per #462
 2014-01-03 14:48:56 -08:00
Daniel Black 3d1a1afca4 MRG: to more recent 0.9 2014-01-04 09:31:05 +11:00
Daniel Black 5fe75436cc DOC: DEV NOTES before author names 2014-01-04 08:53:45 +11:00
Daniel Black 477f30665a DOC: ignoreip for internal ips on freeswitch 2014-01-04 08:31:42 +11:00
Daniel Black 36533de6bc ENH: more filter expressions for freeswitch. Anchored existing one at end too 2014-01-04 08:21:22 +11:00