Steven Hiscocks
0bcff771b8
ENH: Add <ipmatches> and <ipjailmatches> tags
...
Example use filter also added for sendmail-whois with ipmatches rather
than grepped lines
2013-12-13 22:40:11 +00:00
Steven Hiscocks
2c3dbc8046
BF: In 0.9 recidive bans come from fail2ban.server.actions
...
Also changed journalmatch to limit to WARNING priority to avoid the
recidive + DEBUG combo issue
2013-12-13 21:55:43 +00:00
Steven Hiscocks
b7d1579c9d
MRG: branch 'kwirk/database' into 0.9 - gh-480
...
Conflicts:
fail2ban/tests/utils.py
- Another test suite added in separate commit e09b700
2013-12-13 17:15:19 +00:00
Steven Hiscocks
e18af48e34
ENH: Database now optional, by setting dbfile to "None"
2013-12-10 21:16:36 +00:00
Daniel Black
9d532828fc
BF: multiple _ separated values according to http://wiki.squid-cache.org/SquidFaq/SquidLogs#Squid_result_codes . Thanks Steven
2013-12-11 07:44:41 +11:00
Daniel Black
66374913ec
ENH: add squid filter
2013-12-10 21:24:37 +11:00
Daniel Black
db4c21acde
BF/DOC: fix filename in documentation for filter.d/proftpd
2013-12-09 14:46:01 +11:00
Daniel Black
e8eab11615
DOC: proftp - turn off ReverseDNS
2013-12-09 14:45:09 +11:00
Daniel Black
f385439a41
MRG: ChangeLog merge
2013-12-09 09:28:42 +11:00
Daniel Black
36917d7517
BF: action.d/complain - match IP at beginning and end of lines
2013-12-09 09:21:55 +11:00
Steven Hiscocks
d8c7bca9b0
BF: Fix dbpurgeage default value, and change default dbfile extension
2013-12-08 11:35:12 +00:00
Steven Hiscocks
bbadef847b
ENH: Add fail2ban persistent data storage
2013-12-07 23:23:28 +00:00
Daniel Black
135c759dbb
Merge pull request #477 from kwirk/blocklist.de
...
ENH: Added blocklist.de reporting API action
2013-12-06 16:16:39 -08:00
Steven Hiscocks
630dd91dcd
BF: Add [Init] section to blocklist.de action
2013-12-07 00:09:31 +00:00
Steven Hiscocks
b3c173795e
ENH: blocklist.de action error on HTTP response code 4xx
2013-12-06 08:22:21 +00:00
Daniel Black
51f2619878
Merge pull request #473 from grooverdan/whois-missing
...
ENH: Whois missing in actions? Include output to say so
2013-12-05 12:44:35 -08:00
Daniel Black
e07ba41870
Merge pull request #463 from grooverdan/firewall-cmd-direct-new-length-too-long
...
BF: firewall-cmd-direct-new was too long. Thanks Joel.
2013-12-05 12:42:55 -08:00
Steven Hiscocks
a19b33cc72
ENH: blocklist.de action added fail2ban version as user agent
2013-12-05 18:12:15 +00:00
Steven Hiscocks
f742ed0e4b
DOC: when to use blocklist.de reporting
...
Taken from commit 1846056606
2013-12-05 18:06:53 +00:00
Steven Hiscocks
e810ec009d
ENH: Added blocklist.de reporting API action
2013-12-05 08:22:20 +00:00
Daniel Black
4dc51e5def
BF: put notice in email if whois program could not provide more information. Closes gh-471
2013-12-04 22:43:06 +11:00
Daniel Black
97d7f46bb7
DOC: correct grammar - s/Here are more information/Here is more information/
2013-12-04 22:40:48 +11:00
Daniel Black
8aead9ab79
BF: escape quotes when splitting addresses for xarf
2013-12-04 08:19:05 +11:00
Daniel Black
1846056606
DOC: when to use xarf messages to network owner
2013-12-03 20:40:42 +11:00
Daniel Black
8c37d2e4de
ENH: remove dependency on querycontacts
2013-12-03 20:34:21 +11:00
Daniel Black
bfd435091d
ENH: jail examples for xarf-login-attack
2013-12-01 20:29:43 +11:00
Daniel Black
dd356c3cef
BF: fixed for sendmail and tested the MTA aspects of this action
2013-12-01 19:08:28 +11:00
Daniel Black
9df5f4eec8
BF: remove debugging tee command on xarf-login-attack
2013-12-01 17:53:34 +11:00
Daniel Black
d015f7f4fc
BF/ENH: fixed so xarf-login-attack works
2013-12-01 17:49:35 +11:00
Daniel Black
0495aa098e
BF: grep matches on <ip> shouldn't include other IPs
2013-11-30 18:01:45 +11:00
Daniel Black
95845b7b65
BF: complain action could match too many IP addresses
2013-11-30 17:47:10 +11:00
Daniel Black
5cc7173fd4
ENH: add xarf email sender for login-attack type
2013-11-30 14:16:26 +11:00
Yaroslav Halchenko
3a5983ab0b
Merge branch 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban
...
* 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban :
Changelog entries for the last changes
ENH: added optional [PID] matching in recidive.conf
ENH: reintroducing levelnameinto syslog msgs, time stamp and indentation in non-syslog msgs
BF/ENH: include [PID] into logging msgs, remove indentation from syslog messages
Conflicts:
ChangeLog
2013-11-29 19:58:56 -05:00
Daniel Black
f7504d5b64
MRG: conflict in THANKS
2013-11-30 10:39:19 +11:00
Daniel Black
56b6bf7d25
ENH: reduce firewalld-cmd-new -> firewallcmd-new
2013-11-30 10:30:29 +11:00
Daniel Black
04438cd1a1
BF/ENH: mysql jail - rename to mysql-syslog to be consistent with 0.8.13. Add port to syslog defination. Document mysql configuration required for mysql jails
2013-11-30 10:00:59 +11:00
Daniel Black
3f4d179612
BF: smtps not an IANA port - from #447
2013-11-30 09:52:32 +11:00
Daniel Black
fe9e077acf
BF: correct spelling of port for solid-pop3 jail in jail.conf
2013-11-30 09:51:30 +11:00
Daniel Black
86a0a5962a
BF: revert to fail2ban- prefix as f2b- was intended for 0.9
2013-11-30 08:05:20 +11:00
Yaroslav Halchenko
25e967f23b
Merge branch 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban
...
* 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban :
BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447 )
Conflicts:
ChangeLog
2013-11-29 10:02:31 -05:00
Daniel Black
b9b2ddf996
BF: smtps not IANA standard. Closes #447
2013-11-29 21:47:53 +11:00
Daniel Black
cade746307
BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan ( #447 )
2013-11-29 21:45:11 +11:00
Daniel Black
9e53892708
BF: did remove instead of move
2013-11-29 19:26:24 +11:00
Daniel Black
af4feb0c92
Actions to have f2b- as prefix instead of fail2ban- as per #462
2013-11-29 19:08:38 +11:00
Daniel Black
fb666b69ff
BF: firewall-cmd-direct-new was too long. Thanks Joel.
2013-11-28 23:35:05 +11:00
Daniel Black
227f27ce6b
ENH: added multiline filter for sshd filter
2013-11-25 14:55:41 +11:00
Daniel Black
f80fa7d7a0
Merge pull request #456 from grooverdan/apffix
...
BF: add init section with name for action.d/apf. Closes #398
2013-11-24 13:48:46 -08:00
Daniel Black
13223c33f5
MRG: recidive-protocol-all
2013-11-25 08:22:09 +11:00
Daniel Black
dc154c792e
BF: add init section with name for action.d/apf. Closes #398
2013-11-25 08:08:20 +11:00
Yaroslav Halchenko
a26d4f42b7
ENH: added optional [PID] matching in recidive.conf
2013-11-24 10:21:02 -05:00
Daniel Black
9a82bc3c61
BF: kernel messages can have space. Thanks ag4ve(shawn). Closes #448
2013-11-24 18:21:02 +11:00
Daniel Black
98eacdf333
MRG/BF: merge from master. Fix bugs in iso8601
2013-11-24 16:36:06 +11:00
Yaroslav Halchenko
629e9ae445
Merge pull request #443 from grooverdan/apache-authfix
...
BF: apache filters using error log weren't matched when referer existed ...
2013-11-18 15:53:39 -08:00
Daniel Black
284f811c91
BF: apache filters using error log weren't matched when referer existed in HTTP header
2013-11-19 10:27:55 +11:00
Daniel Black
1ea68b2d0c
DOC: filter.d/solid-pop3d - document lack of PAM support. Thanks to Jacques for the log messages
2013-11-18 09:44:26 +11:00
Daniel Black
0eea0a35db
ENH: filter.d/solid-pop3d - added log messages and regexes
2013-11-18 08:58:23 +11:00
Daniel Black
dab2ddb9da
ENH: recidive jail to block all protocols. Closes #440
2013-11-18 07:57:16 +11:00
Daniel Black
b3b9ea4559
ENH: jail for solid-pop3d
2013-11-18 07:42:45 +11:00
Daniel Black
88eff70774
ENH: filter.d/solid-pop3d added
2013-11-16 09:43:15 +11:00
Daniel Black
1ac7b53cad
MRG: merge from master
2013-11-13 09:16:45 +11:00
Daniel Black
286d78e13c
Merge pull request #430 from grooverdan/apache-overflows
...
ENH: Apache overflows - httpd-2.4 message IDs + samples
2013-11-12 12:46:52 -08:00
Daniel Black
50ca16e50e
Merge pull request #431 from grooverdan/apache-noscript
...
ENH: apache-2.4 message IDs for filter apache-noscript
2013-11-12 12:46:09 -08:00
Daniel Black
947c6ff9cc
Merge pull request #433 from grooverdan/asterisk
...
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from " regex thanks to Jonathan Lanning
2013-11-12 12:45:52 -08:00
Daniel Black
38503a5848
Merge pull request #434 from grooverdan/dos-resistant-dropbear
...
ENH: DoS resistant dropbear filter
2013-11-12 12:45:12 -08:00
Daniel Black
62b1f98dff
Merge pull request #435 from grooverdan/dos-resistant-exim
...
BF: exim filter to be DoS resistant
2013-11-12 12:44:53 -08:00
Daniel Black
be60518218
BF/ENH: DoS resistant roundcube-auth with test cases and more variation in IMAP error given
2013-11-12 18:57:01 +11:00
Daniel Black
52972164a2
BF: exim filter to be DoS resistant
2013-11-12 18:13:35 +11:00
Daniel Black
c272573fe3
ENH: DoS resistant dropbear filter
2013-11-12 18:06:16 +11:00
Daniel Black
eb9663eb4f
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning
2013-11-12 09:22:41 +11:00
Daniel Black
648d48c355
ENH: apache-2.4 message IDs for filter apache-noscript
2013-11-11 10:49:11 +11:00
Daniel Black
a4718eb644
ENH: apache-overflow filter to have HTTP-2.4 message IDs and test samples
2013-11-11 10:38:02 +11:00
Daniel Black
87516eb92b
ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case
2013-11-11 09:46:40 +11:00
Daniel Black
c5021b55f6
Merge pull request #427 from yarikoptic/bf/nginx-regex-injection
...
BF: anchor introduced nginx-http-auth at the end
2013-11-08 17:23:03 -08:00
Yaroslav Halchenko
ccd26578ec
Merge pull request #425 from grooverdan/asterisk-simplify
...
ENH: condense asterisk regexs for speed
2013-11-08 14:42:35 -08:00
Yaroslav Halchenko
ac061155f0
BF: anchor introduced nginx-http-auth at the end
...
needed since request probably could be not a correct HTTP statement but continue with
all those to match till the end and then injected ", client: VICTIM, server..." thus allowing
injection. We better anchor at the end then
2013-11-08 14:40:52 -08:00
Yaroslav Halchenko
ea8fce6308
Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection
...
openssh 6.3 regex injection vectors: inject into ruser and/or exploiting pre-specified limits set for user provided data
2013-11-08 14:35:18 -08:00
Yaroslav Halchenko
bf245f9640
DOC: adding DEV Notes for for non-greedy matchin within sshd.conf
2013-11-08 14:34:31 -08:00
Daniel Black
d6bbe03861
Merge pull request #424 from grooverdan/nginx-auth
...
ENH: add filter.d/nginx-http-auth. Partially forfils #405
2013-11-08 14:24:02 -08:00
Yaroslav Halchenko
750e0c1e3d
BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input
...
since daemon might eventually change reported length and we would need to adjust anyways. So limiting
in length does not provide additional security but allows for a possible injection vector
2013-11-08 10:10:33 -08:00
Yaroslav Halchenko
abb012ae5c
BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy
2013-11-08 10:00:37 -08:00
Daniel Black
a8a1310098
ENH: sendmail-spam - loose regex on email and domain bits so more likely to match. Added dev notes and author attribution/blame
2013-11-08 10:54:10 +11:00
Daniel Black
d7560d4041
ENH: condense asterisk regexs for speed
2013-11-08 10:24:50 +11:00
Daniel Black
ab9d921162
BF: missed action in nginx-http-auth
2013-11-08 10:09:19 +11:00
Daniel Black
a148d35d70
ENH: add filter.d/nginx-http-auth. Partially forfills #405
2013-11-08 10:06:40 +11:00
Yaroslav Halchenko
4522308354
ENH: regenerated config/filter.d/apache-badbots.conf
2013-11-07 14:26:18 -08:00
Daniel Black
cb982ef921
ENH: multiline filter for sendmail-spam. Closes gh-418
2013-11-08 08:55:45 +11:00
Daniel Black
0730db9b2b
Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam
...
BF: wuftpd pam filter fix (Debian bug 665925)
2013-11-05 18:39:01 -08:00
Daniel Black
e55b24c533
BF: fix dovecot filter for newer failure message. Closes Debian bug #709324
2013-11-06 12:51:21 +11:00
Daniel Black
8b54523316
BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925
2013-11-06 12:13:37 +11:00
Daniel Black
ac1f45d18c
Merge pull request #412 from grooverdan/firewalld
...
ENH: enhance firewall-cmd to use firewall-0.8.3's --remove-rules
2013-11-05 16:46:18 -08:00
Daniel Black
87f68d7564
firewalld-0.3.8 release that support --remove-rules out so documenting this.
2013-11-06 11:37:56 +11:00
Daniel Black
ee1edfbf0c
BF: remove duplication definition secion in webmin-auth
2013-11-04 17:54:36 +11:00
Daniel Black
60006bd70f
BF: remove duplication definition secion in webmin-auth
2013-11-04 17:51:41 +11:00
Daniel Black
47d35c9d80
MRG: 0.8.11 to 0.9
...
Epnoc of selinux is now true UTC
Merge multiline support and date detection in filter
2013-11-02 15:59:05 +11:00
Daniel Black
b5c10488c1
Merge pull request #409 from grooverdan/filter-doco
...
DOC: in filters, put user relevant doc at top, and developer info at bot...
2013-10-30 15:11:46 -07:00
Daniel Black
5eddd5d12d
DOC: document required firewalld version as > 0.3.7.1
2013-10-31 09:10:59 +11:00
Daniel Black
27d257d5a6
Merge pull request #408 from grooverdan/dropbear
...
BF: filter.d/dropbear
2013-10-30 14:43:07 -07:00
Daniel Black
8ac6081555
ENH: fix to use upstream --remove-rules
...
https://fedorahosted.org/firewalld/ticket/10
2013-10-31 01:23:00 +11:00
Daniel Black
93de46ac72
BF: maxretry=5 for ssh as per DEVELOP. align = in jail.conf
2013-10-31 00:52:47 +11:00
Daniel Black
c3f9c9aa60
BF: filter.d/dropbear
...
Add PAM failures which is in dropbear-2013.60 in srv-authpam.c
Patch
http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch
obviously has exit with lower case e so adjust regex for both.
svr-authpasswd.c in 2013.60 (at bottom) for second regex ends after the
IP so the regex was altered.
.*\s* can be compressed to .*
2013-10-31 00:21:30 +11:00
Daniel Black
89fd792dfb
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page
2013-10-31 00:02:59 +11:00
Daniel Black
de9977441a
DOC: move named and mysql instructions into the filters from jail.conf
2013-10-30 21:12:16 +11:00
Daniel Black
7ab909d056
DOC: space out jail.conf consistantly
2013-10-30 20:34:06 +11:00
Daniel Black
95f3f38682
MRG: merge ChangeLog and jail.conf
2013-10-30 20:19:41 +11:00
Daniel Black
e3150044fd
BF: fix selinux
...
TST: ignore *common.conf files in test cases as these are included
BF: Remove USER_LOGIN from selinux-ssh as its a duplicate message
ENH: add sample jail.conf
2013-10-30 20:05:49 +11:00
Daniel Black
0f85aef609
Merge pull request #407 from grooverdan/dovecot-jail
...
ENH: Dovecot jail
2013-10-29 15:15:19 -07:00
Daniel Black
a991adb83f
ENH: add submission, smtps and sieve to blocked ports since this also typically rely on dovecot auth
2013-10-29 14:33:45 +11:00
Daniel Black
8412303131
ENH: dovecot jail examples
2013-10-29 10:17:45 +11:00
Daniel Black
cde389cadc
ENH: additional tweek to dovecot regex based on http://chrisgilligan.com/portfolio/fail2ban-regex/
2013-10-29 10:15:54 +11:00
Daniel Black
0c14707201
ENH: add dovecot jail
2013-10-26 10:01:04 +11:00
Daniel Black
d451c2a231
FIX: vsftp improvements from Rich Mellor on mailing list
2013-10-26 09:51:25 +11:00
Daniel Black
b61fe0f12d
Merge pull request #378 from grooverdan/sasl
...
ENH: filter.d/postfix-sasl - anchor regex at start and rename from filter.d/sasl
2013-10-22 04:51:24 -07:00
Daniel Black
4ecc063bd0
ENH: rename filter.d/sasl -> filter.d/postfix-sasl
2013-10-22 22:40:29 +11:00
Daniel Black
c2b76d1fd0
Merge pull request #397 from yarikoptic/_enh/unify_default_strings
...
DOC: enh/unify "Default:" strings
2013-10-22 04:36:41 -07:00
Daniel Black
b4cbf82912
DOC: remove Default: on action firewall-cmd-direct-new
2013-10-15 08:34:42 +11:00
Yaroslav Halchenko
4149c7495d
Options in actions to be specified in jails have no "Default"s besides those specified in the files -- thus removing from comments
2013-10-14 16:29:16 -04:00
Yaroslav Halchenko
d12eb2526a
Fixing up default values in fail2ban.conf + unifying formatting
2013-10-14 16:28:19 -04:00
Daniel Black
f1bb08aa6a
ENH: base blocktype off iptables-blocktype.conf for firewall-cmd-direct-new.conf like other iptables based actions
2013-10-14 23:06:38 +11:00
Daniel Black
12f7ea7ec4
DOC: remove excessive comments from firewall-cmd-direct-new
2013-10-14 22:39:38 +11:00
Daniel Black
0d8d1ae26c
ENH: new action.d/firewall-cmd-direct-new.conf from Redhat Bugzilla #979622
2013-10-14 22:36:01 +11:00
Daniel Black
123ad1cc9c
MRG: Merge branch 'asterisk-common-jail'
2013-10-14 22:29:56 +11:00
Daniel Black
8421007f32
MRG: merge man/jail.conf.5 entries
2013-10-14 22:28:34 +11:00
Daniel Black
ef62d0d4c1
Merge pull request #391 from grooverdan/jail-mysql-doc
...
ENH: mysql syslog jail.conf base
2013-10-14 04:25:49 -07:00
Daniel Black
e417a2112c
Merge pull request #386 from grooverdan/qmail
...
ENH: filter.d/qmail - anchor at start. Add another regex
2013-10-14 04:24:32 -07:00
Daniel Black
e227568c3b
Merge pull request #384 from grooverdan/dovecot-325
...
ENH: added to dovecot filter. closes gh-325
2013-10-14 04:23:03 -07:00
Daniel Black
0022cca786
Merge pull request #385 from grooverdan/ipset
...
ENH/BF: Ipset - add iptables-ipset-proto6-allports / use blocktype on iptables-ipset-proto6*
2013-10-14 04:21:52 -07:00
Daniel Black
8fe542ca9f
DOC: reintroduce comment on comments
2013-10-11 06:48:31 +11:00
Daniel Black
6b6169178f
ENH: mysql syslog jail.conf base
2013-10-10 10:00:20 +11:00
Daniel Black
ee58696531
DOC: try to encourage jail.local jail.d/*.local a lot more
2013-10-10 09:56:52 +11:00
Daniel Black
6ef33981e3
ENH: new asterisk jail to replace asterisk-(tcp|udp) (now that gh-37 is fixed)
2013-10-10 09:41:05 +11:00
Daniel Black
6b519d54db
ENH: filter.d/recidive - replace ignore regex with a negative lookahead assertion
2013-10-10 07:13:37 +11:00
Daniel Black
351eb5ec8f
ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd
2013-10-09 16:44:48 +11:00
Daniel Black
eb59a57b7f
ENH: tighten pam_unix expression for dovecot
2013-10-09 14:54:36 +11:00
Daniel Black
864d2f41b9
ENH: auth-worker as per of _daemon definition for dovecot
2013-10-09 14:52:17 +11:00
Daniel Black
2d1bd54439
Merge pull request #379 from grooverdan/webmin
...
ENH: filter.d/webmin anchor at start and use syslog
2013-10-08 20:13:14 -07:00
Yaroslav Halchenko
500968874e
Merge pull request #381 from grooverdan/suhosin
...
ENH: filter.d/suhosin - anchor regex at start
2013-10-08 19:49:51 -07:00
Yaroslav Halchenko
a7b1b802e0
Merge pull request #382 from grooverdan/vsftpd
...
Vsftpd
2013-10-08 19:47:38 -07:00
Yaroslav Halchenko
f0b91fcede
Merge pull request #380 from grooverdan/sogo
...
ENH: filter.d/sogo-auth - anchor regex at start
2013-10-08 19:41:55 -07:00
Daniel Black
df313649a4
ENH: escape . in recidive filter
2013-10-09 12:32:06 +11:00
Daniel Black
1a5e17f2a3
BF: use blocktype for iptables-ipset-proto6*
2013-10-09 11:59:16 +11:00
Daniel Black
dcb845f17c
ENH: add iptables-ipset-proto6-allports for blocking all ports
2013-10-09 11:57:35 +11:00
Daniel Black
2a1d629d88
BF: webmin -> webmin-auth
2013-10-09 11:08:44 +11:00
Daniel Black
ab457acc4d
BF: fix name in action for uwimap-auth
2013-10-09 11:06:38 +11:00
Daniel Black
0beea03914
ENH: jail.conf example for webmin
2013-10-09 11:05:50 +11:00
Daniel Black
d60f470096
ENH: added to dovecot filter. closes gh-325
2013-10-09 10:09:06 +11:00
Daniel Black
5a2623f0df
ENH: reorder osx-ipfw jail defination to near the other ssh examples
2013-10-09 09:26:36 +11:00
Daniel Black
359210f224
ENH: filter.d/squirrelmail added
2013-10-08 20:37:33 +11:00
Daniel Black
46386412a4
ENH: filter.d/vsftpd - pam regex as syslog and anchored at start
2013-10-05 20:02:40 +10:00
Daniel Black
1519712972
ENH: filter.d/vsftpd anchor internal regex at start
2013-10-05 20:02:21 +10:00
Daniel Black
9637c27873
ENH: filter.d/suhosin - anchor regex at start
2013-10-05 19:39:39 +10:00
Daniel Black
13bcc9aa84
ENH: filter.d/sogo-auth - anchor regex at start
2013-10-05 19:27:07 +10:00
Daniel Black
b64bf3fa7b
ENH: filter.d/webmin anchor at start and use syslog
2013-10-05 19:18:44 +10:00
Daniel Black
f4c7c8f4b3
ENH: sasl - anchor regex at start
2013-10-05 18:59:41 +10:00
Daniel Black
23dd734aa9
Merge pull request #366 from grooverdan/dovecot
...
ENH: dovecot regex to match failure reported by Bob Cohen on mailing lis...
2013-10-01 15:50:39 -07:00
Daniel Black
f998e01590
Merge pull request #359 from grooverdan/pureftpd
...
ENH: Pureftpd syslog prefixing and filter achoring
2013-10-01 15:14:33 -07:00
Daniel Black
ba8183b116
Merge pull request #372 from grooverdan/uw-imap
...
ENH: filter.d/uwimap-auth added. Closes #18
2013-10-01 15:13:11 -07:00
Daniel Black
262616f7a7
ENH: filter.d/uwimap-auth - failure of an admin override to regex
2013-10-01 22:32:57 +10:00
Daniel Black
9211179d30
ENH: filter.d/uwimap-auth - add "disabled" to regex
2013-10-01 22:10:33 +10:00
Daniel Black
4649cf9608
ENH: separate selinux and selinux-ssh
2013-10-01 20:21:45 +10:00
Daniel Black
791183b639
ENH: filter.d/uwimap-auth - add SYSTEM BREAK-IN ATTEMPT
2013-10-01 10:10:53 +10:00
Daniel Black
a1eaa5f755
ENH: filter.d/selinxu added. Closes #296
2013-10-01 09:59:15 +10:00
Daniel Black
778f09debe
DOC/ENH: __md5hex regex defination to common.conf. Document debian bug #
2013-10-01 09:03:33 +10:00
Daniel Black
b3b62d65bf
ENH: filter.d/uwimap-auth added. Closes #18
2013-09-29 18:06:27 +10:00
Daniel Black
f2ae20a3b8
BF: filter.d/sshd group on md5hex and () for serial needed to be escaped
2013-09-29 17:44:45 +10:00
Daniel Black
1eeb6e94bd
BF: fix regex for openssh-6.3
2013-09-29 17:28:33 +10:00
Daniel Black
e12d389c65
MRG/DOC: jail.conf resolution, ChangeLog fixes
2013-09-29 08:21:13 +10:00
Daniel Black
74434694dc
BF: more duplicate jail.conf entries - 3proxy exim{,-spam}, perdition
2013-09-28 21:38:15 +10:00
Daniel Black
5cf25a63df
BF: remove duplicate ssh-pf in jail.conf
2013-09-28 21:31:45 +10:00
Mark McKinstry
b6bf26c9f2
dont' need to set a default name
2013-09-25 18:37:22 -04:00
Mark McKinstry
4187e87b69
don't enabel ssh-apf jail by default
2013-09-25 18:35:09 -04:00
Mark McKinstry
f9f4d2728f
add an example jail for apf action and ssh filter
2013-09-25 17:59:37 -04:00
Mark McKinstry
2668adc896
Merge branch 'master' of github.com:fail2ban/fail2ban
2013-09-25 17:54:38 -04:00
Mark McKinstry
1af4543aca
ability to name the jail that banned the IP with apf
2013-09-25 17:52:34 -04:00
Mark McKinstry
dd9ee4c39a
quotes around the comment put in apf's deny_hosts.rules file
2013-09-25 17:51:25 -04:00
Mark McKinstry
e64493c328
use human readable/longer options when banning and un-banning IPs with apf
2013-09-25 16:44:10 -04:00
Mark McKinstry
c692912a82
don't hardcode absolute path for apf firewall
2013-09-25 16:38:45 -04:00
Mark McKinstry
66aff43d68
remove un-needed '$' line
2013-09-25 16:37:58 -04:00
Daniel Black
9805d39b60
MRG: merge date changes to support timezones
2013-09-20 18:22:32 +10:00
Daniel Black
8c2a5612ed
DOC: resolve ChangeLog conflicts
2013-09-19 19:38:28 +10:00
Daniel Black
2a805452c6
DOC: resolve ChangeLog conflicts
2013-09-19 19:28:39 +10:00
Daniel Black
8e9fab9b3c
Merge branch 'master' of https://github.com/fail2ban/fail2ban
2013-09-19 19:25:47 +10:00
Daniel Black
3be7dcd701
DOC: resolve ChangeLog conflicts
2013-09-19 19:23:02 +10:00
Daniel Black
89e0520675
ENH: dovecot regex to match failure reported by Bob Cohen on mailing list
2013-09-19 08:25:50 +10:00
Daniel Black
c3ee03b9ba
BF: fix daemon name typo for filter proftpd
2013-09-18 07:32:26 +10:00
Daniel Black
39ca8837eb
TST: pureftpd - syslog therefore use syslog prefixes in filter
2013-09-17 22:24:56 +10:00
Daniel Black
30bb1a77a3
ENH: added syslog prefix to pam-generic filter. Disable regex match for pre 2006 (< 0.99.2.0) versions on linux-pam
2013-09-17 10:50:46 +10:00
Daniel Black
ee497ff1cb
ENH: filter mysqld-auth can be a is a syslog based service so anchor it using syslog prefix
2013-09-17 07:57:19 +10:00
Daniel Black
13ec9d58c0
ENH: filter gssftpd is a syslog based service so anchor it using syslog prefix
2013-09-17 07:25:23 +10:00
Daniel Black
673cc4d77f
ENH: anchor at end of recidive filter
2013-09-16 18:43:56 +10:00
Daniel Black
504111b0b1
ENH: filter.d/recidive - anchor regex at start and support f2b SYSLOG target
2013-09-16 01:22:42 +10:00
Beau Raines
060bd45295
ENH - Added server name to subject line in email notifications
...
This is useful when fail2ban is running on multiple servers and
keeping the notifictions separate and knowing which machine is "under
attack".
2013-09-08 15:21:58 -07:00
Daniel Black
8c1b828423
BF: capture of microseconds no longer needed. Closes gh-341
2013-09-09 03:41:12 +10:00
Daniel Black
d0098b0213
ENH: add timezone offest and subsecond support to Datedetector
2013-09-09 03:37:59 +10:00
Daniel Black
1f1a56174f
MRG: merge from master
2013-09-08 21:02:35 +10:00
Daniel Black
ad291d7e38
Merge pull request #346 from grooverdan/bsd-ipfw-default-unreach-port
...
BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp ...
2013-09-04 16:18:19 -07:00
Daniel Black
e5f1a7f050
Merge pull request #344 from grooverdan/osx
...
ENH: OSX ipfw based on Andy Fragen's work
2013-09-04 16:16:16 -07:00
Daniel Black
4face1f3e7
MRG: resolve conficts in action.d/osx-ipfw design
2013-09-05 09:07:10 +10:00
Andy Fragen
d258a51a23
after some research it looks like setting to unreachable better than deny
2013-09-04 11:28:03 -07:00
Andy Fragen
fe557e5900
more specific actionunban
2013-09-01 13:09:51 -07:00
Andy Fragen
a4884f82cd
add mods from grooverdan and fix actionunban
...
actionunban still not working in grooverdan's mod. I made this one grep both <ip> and <port>. It should be more specific if the same <ip> is banned on multiple ports.
2013-08-31 08:39:19 -07:00
Daniel Black
6b0e2289d4
Merge pull request #335 from grooverdan/gh-333-bind
...
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
2013-08-30 21:34:22 -07:00
Daniel Black
f2bcf84893
BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp rejecting blocked packets
2013-08-31 11:40:04 +10:00
Daniel Black
749f215089
ENH: port optional
2013-08-31 11:07:15 +10:00
Daniel Black
8b22fa15b5
BF: reverted to simplier random rulenum. If your machine is handling 1000s of block the addition complexity isnt what you want
2013-08-31 11:03:01 +10:00
Daniel Black
b31799a322
ENH: add action.d/osx-afctl anonymously contributed on f2b wiki
2013-08-31 10:51:04 +10:00
Daniel Black
808aa1a792
ENH: added jail.conf example. closes gh-340
2013-08-31 09:39:21 +10:00
Daniel Black
5741348f45
ENH: more options and ruggedness to prevent unintensional consequences
2013-08-31 09:38:18 +10:00
Daniel Black
52bd0f86a8
Merge branch 'osx-ipfw' of https://github.com/afragen/fail2ban into osx
2013-08-31 09:09:04 +10:00
Daniel Black
7cc3e8a8c0
BF: Invert expression on actionstop in bsd-ipfw.conf to ensure exit status 0 on success. Closes gh-343
2013-08-31 08:59:02 +10:00
Daniel Black
15f2f38972
ENH: anchor regex at start
2013-08-28 12:32:40 +10:00
Daniel Black
d5684a0834
BF: filter.d/routecube-auth - time offset can be positive or negative
2013-08-28 11:57:38 +10:00
Daniel Black
a401d11644
ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied
2013-08-28 00:53:08 +10:00
Andy Fragen
ef504c869f
added osx specific ipfw action with random rulenum
2013-08-26 16:06:23 -07:00
Yaroslav Halchenko
265a85ec1f
RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis
2013-08-26 09:48:56 -04:00
Daniel Black
b8e7d0b867
ENH: further tighten lighttpd basic auth regex
2013-08-26 08:51:40 +10:00
Daniel Black
a7ebb84a7d
ENH: tighted up lighttpd regex
2013-08-26 08:42:45 +10:00
François Boulogne
e133b9f1d1
MAINT: add support for lightty1.4.31
2013-08-25 21:29:43 +02:00
Daniel Black
ca4729e943
ENH: filter.d/exim.conf - add authentication failures for "plain" authentication
2013-08-25 23:02:10 +10:00
Daniel Black
ef903db3c9
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
2013-08-25 22:44:30 +10:00
Daniel Black
cfb7dba268
DOC: merge ChangeLog
2013-08-25 21:26:13 +10:00
Daniel Black
b589533d69
Merge branch 'master' into kwirk-merge
...
Conflicts:
ChangeLog
testcases/files/logs/dropbear
2013-08-25 21:21:14 +10:00
Daniel Black
fd7cc5bda7
BF: duplicate regex match fixed
2013-08-25 21:13:11 +10:00
Daniel Black
6a56727669
BF: apache-common regex - datetime could be entirely consumed
2013-08-25 18:30:30 +10:00
Daniel Black
a9eb8a76c6
merge of change log and apache-auth differences
2013-08-25 16:51:35 +10:00
Steven Hiscocks
4e5feed7fc
Merge pull request #8 from grooverdan/gh-303-merge-2
...
training space on wuftp
2013-08-21 12:21:09 -07:00
Daniel Black
aad7d08451
BF: disable filter expressions without tests
2013-08-20 07:33:35 +10:00
Yaroslav Halchenko
42f3aa9f62
Merge pull request #329 from grooverdan/bind-unauth-zonetransfer
...
Bind unauth zonetransfer. Closes #323
2013-08-19 06:48:13 -07:00
Daniel Black
6a36ff1a4a
BF: order mailx arguments with dest email address last - redhat bugzilla 998020. Closes gh-328
2013-08-19 22:36:58 +10:00
Daniel Black
c44328b1a3
ENH: new "realm mismatch" message from https://issues.apache.org/bugzilla/show_bug.cgi?id=55284#c8
2013-08-19 22:04:55 +10:00
Daniel Black
ea7cba4205
ENH: trailing space as per discussion on gh-303
2013-08-19 21:42:43 +10:00
Daniel Black
61d43608ae
ENH: filter.d/postfix - add filter for VRFY. Closes gh-322
2013-08-19 18:42:39 +10:00
Daniel Black
5d451bc4d6
ENH: add refused zone tranfer to named-refused filter. closes #323
2013-08-18 22:19:31 +10:00
Steven Hiscocks
53e16e07ad
ENH: Minor tweak on previous commit proftpd regex changes
2013-08-09 19:04:26 +01:00
Steven Hiscocks
9002de069e
ENH: Improve proftpd regex.
...
Taken from @yarikoptic comment:
https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500
2013-08-09 18:54:08 +01:00
Orion Poplawski
31a78b2711
Use /var/run/fail2ban in config/action.d/dummy.conf
2013-08-08 20:41:44 -06:00
Yaroslav Halchenko
e7d5e466b9
Merge branch 'enh/asterisk_and_dropbear_filters'
...
* enh/asterisk_and_dropbear_filters:
ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
minor: consistent indentation in dropbear.conf
https://github.com/fail2ban/fail2ban/issues/306
fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
2013-08-08 09:59:24 -04:00
Yaroslav Halchenko
4e0ddc5f67
ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
2013-08-08 09:58:36 -04:00
Yaroslav Halchenko
9487ee5562
minor: consistent indentation in dropbear.conf
2013-08-08 09:54:15 -04:00
Daniel Black
d8883f4346
DOC: Notes about 401 responses and how apache logs this
2013-07-29 08:59:25 +10:00
Daniel Black
7b2773889d
TST: apache-auth filter - nonce timetravel tests + other expression fixes
2013-07-29 02:29:04 +10:00
Daniel Black
0fb04cb2f0
ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4)
2013-07-28 22:00:55 +10:00
Daniel Black
d5291517a7
MISC: merge from master
2013-07-28 19:43:54 +10:00
Daniel Black
56faf7f5ad
DOC: fix ChangeLog merge
2013-07-28 18:02:38 +10:00
Jamyn Shanley
a355fab91b
https://github.com/fail2ban/fail2ban/issues/306
...
Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles.
Signed-off-by: Jamyn Shanley <jshanley@gmail.com>
2013-07-27 03:43:32 +00:00
Jamyn Shanley
8936f2cd02
fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
2013-07-27 00:06:06 +00:00
Steven Hiscocks
2f4aaa9fb9
ENH: Simplify sieve filter failregex
2013-07-26 12:01:09 +01:00
Steven Hiscocks
b5639a8672
ENH: Simplify cyrus-imap filter fail regex
2013-07-26 11:55:09 +01:00
Steven Hiscocks
27feb57e80
Merge pull request #299 from kwirk/datepatterns-dateregex
...
Custom date templates and date detector changes
2013-07-26 03:53:40 -07:00
Daniel Black
8f532f9148
NIT: space remove
2013-07-24 11:29:58 +10:00
Daniel Black
7d7ef08145
ENH: authentication_id can be an imap4 quoted string, whatever that is, so using .+ as its id
2013-07-24 10:44:52 +10:00