github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
2,606 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

821 Commits (bc10b64c69be90f9b5bc487d04c376b9432a40ac)

Author SHA1 Message Date
Daniel Black 9a82bc3c61 BF: kernel messages can have space. Thanks ag4ve(shawn). Closes #448 2013-11-24 18:21:02 +11:00
Daniel Black 98eacdf333 MRG/BF: merge from master. Fix bugs in iso8601 2013-11-24 16:36:06 +11:00
Yaroslav Halchenko 629e9ae445 Merge pull request #443 from grooverdan/apache-authfix 
BF: apache filters using error log weren't matched when referer existed ...
 2013-11-18 15:53:39 -08:00
Daniel Black 284f811c91 BF: apache filters using error log weren't matched when referer existed in HTTP header 2013-11-19 10:27:55 +11:00
Daniel Black 1ea68b2d0c DOC: filter.d/solid-pop3d - document lack of PAM support. Thanks to Jacques for the log messages 2013-11-18 09:44:26 +11:00
Daniel Black 0eea0a35db ENH: filter.d/solid-pop3d - added log messages and regexes 2013-11-18 08:58:23 +11:00
Daniel Black dab2ddb9da ENH: recidive jail to block all protocols. Closes #440 2013-11-18 07:57:16 +11:00
Daniel Black b3b9ea4559 ENH: jail for solid-pop3d 2013-11-18 07:42:45 +11:00
Daniel Black 88eff70774 ENH: filter.d/solid-pop3d added 2013-11-16 09:43:15 +11:00
Daniel Black 1ac7b53cad MRG: merge from master 2013-11-13 09:16:45 +11:00
Daniel Black 286d78e13c Merge pull request #430 from grooverdan/apache-overflows 
ENH: Apache overflows - httpd-2.4 message IDs + samples
 2013-11-12 12:46:52 -08:00
Daniel Black 50ca16e50e Merge pull request #431 from grooverdan/apache-noscript 
ENH: apache-2.4 message IDs for filter apache-noscript
 2013-11-12 12:46:09 -08:00
Daniel Black 947c6ff9cc Merge pull request #433 from grooverdan/asterisk 
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from " regex thanks to Jonathan Lanning
 2013-11-12 12:45:52 -08:00
Daniel Black 38503a5848 Merge pull request #434 from grooverdan/dos-resistant-dropbear 
ENH: DoS resistant dropbear filter
 2013-11-12 12:45:12 -08:00
Daniel Black 62b1f98dff Merge pull request #435 from grooverdan/dos-resistant-exim 
BF: exim filter to be DoS resistant
 2013-11-12 12:44:53 -08:00
Daniel Black be60518218 BF/ENH: DoS resistant roundcube-auth with test cases and more variation in IMAP error given 2013-11-12 18:57:01 +11:00
Daniel Black 52972164a2 BF: exim filter to be DoS resistant 2013-11-12 18:13:35 +11:00
Daniel Black c272573fe3 ENH: DoS resistant dropbear filter 2013-11-12 18:06:16 +11:00
Daniel Black eb9663eb4f BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning 2013-11-12 09:22:41 +11:00
Daniel Black 648d48c355 ENH: apache-2.4 message IDs for filter apache-noscript 2013-11-11 10:49:11 +11:00
Daniel Black a4718eb644 ENH: apache-overflow filter to have HTTP-2.4 message IDs and test samples 2013-11-11 10:38:02 +11:00
Daniel Black 87516eb92b ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case 2013-11-11 09:46:40 +11:00
Daniel Black c5021b55f6 Merge pull request #427 from yarikoptic/bf/nginx-regex-injection 
BF: anchor introduced nginx-http-auth at the end
 2013-11-08 17:23:03 -08:00
Yaroslav Halchenko ccd26578ec Merge pull request #425 from grooverdan/asterisk-simplify 
ENH: condense asterisk regexs for speed
 2013-11-08 14:42:35 -08:00
Yaroslav Halchenko ac061155f0 BF: anchor introduced nginx-http-auth at the end 
needed since request probably could be not a correct HTTP statement but continue with
all those to match till the end and then injected ", client: VICTIM, server..." thus allowing
injection.  We better anchor at the end then
 2013-11-08 14:40:52 -08:00
Yaroslav Halchenko ea8fce6308 Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection 
openssh 6.3 regex injection vectors:  inject into ruser and/or exploiting pre-specified limits set for user provided data
 2013-11-08 14:35:18 -08:00
Yaroslav Halchenko bf245f9640 DOC: adding DEV Notes for for non-greedy matchin within sshd.conf 2013-11-08 14:34:31 -08:00
Daniel Black d6bbe03861 Merge pull request #424 from grooverdan/nginx-auth 
ENH: add filter.d/nginx-http-auth. Partially forfils #405
 2013-11-08 14:24:02 -08:00
Yaroslav Halchenko 750e0c1e3d BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input 
since daemon might eventually change reported length and we would need to adjust anyways.  So limiting
in length does not provide additional security but allows for a possible injection vector
 2013-11-08 10:10:33 -08:00
Yaroslav Halchenko abb012ae5c BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy 2013-11-08 10:00:37 -08:00
Daniel Black a8a1310098 ENH: sendmail-spam - loose regex on email and domain bits so more likely to match. Added dev notes and author attribution/blame 2013-11-08 10:54:10 +11:00
Daniel Black d7560d4041 ENH: condense asterisk regexs for speed 2013-11-08 10:24:50 +11:00
Daniel Black ab9d921162 BF: missed action in nginx-http-auth 2013-11-08 10:09:19 +11:00
Daniel Black a148d35d70 ENH: add filter.d/nginx-http-auth. Partially forfills #405 2013-11-08 10:06:40 +11:00
Yaroslav Halchenko 4522308354 ENH: regenerated config/filter.d/apache-badbots.conf 2013-11-07 14:26:18 -08:00
Daniel Black cb982ef921 ENH: multiline filter for sendmail-spam. Closes gh-418 2013-11-08 08:55:45 +11:00
Daniel Black 0730db9b2b Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam 
BF:  wuftpd pam filter fix (Debian bug 665925)
 2013-11-05 18:39:01 -08:00
Daniel Black e55b24c533 BF: fix dovecot filter for newer failure message. Closes Debian bug #709324 2013-11-06 12:51:21 +11:00
Daniel Black 8b54523316 BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925 2013-11-06 12:13:37 +11:00
Daniel Black ac1f45d18c Merge pull request #412 from grooverdan/firewalld 
ENH: enhance firewall-cmd to use firewall-0.8.3's --remove-rules
 2013-11-05 16:46:18 -08:00
Daniel Black 87f68d7564 firewalld-0.3.8 release that support --remove-rules out so documenting this. 2013-11-06 11:37:56 +11:00
Daniel Black ee1edfbf0c BF: remove duplication definition secion in webmin-auth 2013-11-04 17:54:36 +11:00
Daniel Black 60006bd70f BF: remove duplication definition secion in webmin-auth 2013-11-04 17:51:41 +11:00
Daniel Black 47d35c9d80 MRG: 0.8.11 to 0.9 
Epnoc of selinux is now true UTC

Merge multiline support and date detection in filter
 2013-11-02 15:59:05 +11:00
Daniel Black b5c10488c1 Merge pull request #409 from grooverdan/filter-doco 
DOC: in filters, put user relevant doc at top, and developer info at bot...
 2013-10-30 15:11:46 -07:00
Daniel Black 5eddd5d12d DOC: document required firewalld version as > 0.3.7.1 2013-10-31 09:10:59 +11:00
Daniel Black 27d257d5a6 Merge pull request #408 from grooverdan/dropbear 
BF: filter.d/dropbear
 2013-10-30 14:43:07 -07:00
Daniel Black 8ac6081555 ENH: fix to use upstream --remove-rules 
https://fedorahosted.org/firewalld/ticket/10
 2013-10-31 01:23:00 +11:00
Daniel Black 93de46ac72 BF: maxretry=5 for ssh as per DEVELOP. align = in jail.conf 2013-10-31 00:52:47 +11:00
Daniel Black c3f9c9aa60 BF: filter.d/dropbear 
Add PAM failures which is in dropbear-2013.60 in srv-authpam.c

Patch
http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch
obviously has exit with lower case e so adjust regex for both.

svr-authpasswd.c in 2013.60 (at bottom) for second regex ends after the
IP so the regex was altered.

.*\s* can be compressed to .*
 2013-10-31 00:21:30 +11:00
Daniel Black 89fd792dfb DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-31 00:02:59 +11:00
Daniel Black de9977441a DOC: move named and mysql instructions into the filters from jail.conf 2013-10-30 21:12:16 +11:00
Daniel Black 7ab909d056 DOC: space out jail.conf consistantly 2013-10-30 20:34:06 +11:00
Daniel Black 95f3f38682 MRG: merge ChangeLog and jail.conf 2013-10-30 20:19:41 +11:00
Daniel Black e3150044fd BF: fix selinux 
TST: ignore *common.conf files in test cases as these are included
BF: Remove USER_LOGIN from selinux-ssh as its a duplicate message
ENH: add sample jail.conf
 2013-10-30 20:05:49 +11:00
Daniel Black 0f85aef609 Merge pull request #407 from grooverdan/dovecot-jail 
ENH: Dovecot jail
 2013-10-29 15:15:19 -07:00
Daniel Black a991adb83f ENH: add submission, smtps and sieve to blocked ports since this also typically rely on dovecot auth 2013-10-29 14:33:45 +11:00
Daniel Black 8412303131 ENH: dovecot jail examples 2013-10-29 10:17:45 +11:00
Daniel Black cde389cadc ENH: additional tweek to dovecot regex based on http://chrisgilligan.com/portfolio/fail2ban-regex/ 2013-10-29 10:15:54 +11:00
Daniel Black 0c14707201 ENH: add dovecot jail 2013-10-26 10:01:04 +11:00
Daniel Black d451c2a231 FIX: vsftp improvements from Rich Mellor on mailing list 2013-10-26 09:51:25 +11:00
Daniel Black b61fe0f12d Merge pull request #378 from grooverdan/sasl 
ENH: filter.d/postfix-sasl - anchor regex at start and rename from filter.d/sasl
 2013-10-22 04:51:24 -07:00
Daniel Black 4ecc063bd0 ENH: rename filter.d/sasl -> filter.d/postfix-sasl 2013-10-22 22:40:29 +11:00
Daniel Black c2b76d1fd0 Merge pull request #397 from yarikoptic/_enh/unify_default_strings 
DOC: enh/unify "Default:" strings
 2013-10-22 04:36:41 -07:00
Daniel Black b4cbf82912 DOC: remove Default: on action firewall-cmd-direct-new 2013-10-15 08:34:42 +11:00
Yaroslav Halchenko 4149c7495d Options in actions to be specified in jails have no "Default"s besides those specified in the files -- thus removing from comments 2013-10-14 16:29:16 -04:00
Yaroslav Halchenko d12eb2526a Fixing up default values in fail2ban.conf + unifying formatting 2013-10-14 16:28:19 -04:00
Daniel Black f1bb08aa6a ENH: base blocktype off iptables-blocktype.conf for firewall-cmd-direct-new.conf like other iptables based actions 2013-10-14 23:06:38 +11:00
Daniel Black 12f7ea7ec4 DOC: remove excessive comments from firewall-cmd-direct-new 2013-10-14 22:39:38 +11:00
Daniel Black 0d8d1ae26c ENH: new action.d/firewall-cmd-direct-new.conf from Redhat Bugzilla #979622 2013-10-14 22:36:01 +11:00
Daniel Black 123ad1cc9c MRG: Merge branch 'asterisk-common-jail' 2013-10-14 22:29:56 +11:00
Daniel Black 8421007f32 MRG: merge man/jail.conf.5 entries 2013-10-14 22:28:34 +11:00
Daniel Black ef62d0d4c1 Merge pull request #391 from grooverdan/jail-mysql-doc 
ENH: mysql syslog jail.conf base
 2013-10-14 04:25:49 -07:00
Daniel Black e417a2112c Merge pull request #386 from grooverdan/qmail 
ENH: filter.d/qmail - anchor at start. Add another regex
 2013-10-14 04:24:32 -07:00
Daniel Black e227568c3b Merge pull request #384 from grooverdan/dovecot-325 
ENH: added to dovecot filter. closes gh-325
 2013-10-14 04:23:03 -07:00
Daniel Black 0022cca786 Merge pull request #385 from grooverdan/ipset 
ENH/BF: Ipset  - add iptables-ipset-proto6-allports / use blocktype on iptables-ipset-proto6*
 2013-10-14 04:21:52 -07:00
Daniel Black 8fe542ca9f DOC: reintroduce comment on comments 2013-10-11 06:48:31 +11:00
Daniel Black 6b6169178f ENH: mysql syslog jail.conf base 2013-10-10 10:00:20 +11:00
Daniel Black ee58696531 DOC: try to encourage jail.local jail.d/*.local a lot more 2013-10-10 09:56:52 +11:00
Daniel Black 6ef33981e3 ENH: new asterisk jail to replace asterisk-(tcp|udp) (now that gh-37 is fixed) 2013-10-10 09:41:05 +11:00
Daniel Black 6b519d54db ENH: filter.d/recidive - replace ignore regex with a negative lookahead assertion 2013-10-10 07:13:37 +11:00
Daniel Black 351eb5ec8f ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd 2013-10-09 16:44:48 +11:00
Daniel Black eb59a57b7f ENH: tighten pam_unix expression for dovecot 2013-10-09 14:54:36 +11:00
Daniel Black 864d2f41b9 ENH: auth-worker as per of _daemon definition for dovecot 2013-10-09 14:52:17 +11:00
Daniel Black 2d1bd54439 Merge pull request #379 from grooverdan/webmin 
ENH: filter.d/webmin anchor at start and use syslog
 2013-10-08 20:13:14 -07:00
Yaroslav Halchenko 500968874e Merge pull request #381 from grooverdan/suhosin 
ENH: filter.d/suhosin - anchor regex at start
 2013-10-08 19:49:51 -07:00
Yaroslav Halchenko a7b1b802e0 Merge pull request #382 from grooverdan/vsftpd 
Vsftpd
 2013-10-08 19:47:38 -07:00
Yaroslav Halchenko f0b91fcede Merge pull request #380 from grooverdan/sogo 
ENH: filter.d/sogo-auth - anchor regex at start
 2013-10-08 19:41:55 -07:00
Daniel Black df313649a4 ENH: escape . in recidive filter 2013-10-09 12:32:06 +11:00
Daniel Black 1a5e17f2a3 BF: use blocktype for iptables-ipset-proto6* 2013-10-09 11:59:16 +11:00
Daniel Black dcb845f17c ENH: add iptables-ipset-proto6-allports for blocking all ports 2013-10-09 11:57:35 +11:00
Daniel Black 2a1d629d88 BF: webmin -> webmin-auth 2013-10-09 11:08:44 +11:00
Daniel Black ab457acc4d BF: fix name in action for uwimap-auth 2013-10-09 11:06:38 +11:00
Daniel Black 0beea03914 ENH: jail.conf example for webmin 2013-10-09 11:05:50 +11:00
Daniel Black d60f470096 ENH: added to dovecot filter. closes gh-325 2013-10-09 10:09:06 +11:00
Daniel Black 5a2623f0df ENH: reorder osx-ipfw jail defination to near the other ssh examples 2013-10-09 09:26:36 +11:00
Daniel Black 359210f224 ENH: filter.d/squirrelmail added 2013-10-08 20:37:33 +11:00
Daniel Black 46386412a4 ENH: filter.d/vsftpd - pam regex as syslog and anchored at start 2013-10-05 20:02:40 +10:00
Daniel Black 1519712972 ENH: filter.d/vsftpd anchor internal regex at start 2013-10-05 20:02:21 +10:00
Daniel Black 9637c27873 ENH: filter.d/suhosin - anchor regex at start 2013-10-05 19:39:39 +10:00
Daniel Black 13bcc9aa84 ENH: filter.d/sogo-auth - anchor regex at start 2013-10-05 19:27:07 +10:00
Daniel Black b64bf3fa7b ENH: filter.d/webmin anchor at start and use syslog 2013-10-05 19:18:44 +10:00
Daniel Black f4c7c8f4b3 ENH: sasl - anchor regex at start 2013-10-05 18:59:41 +10:00
Daniel Black 23dd734aa9 Merge pull request #366 from grooverdan/dovecot 
ENH: dovecot regex to match failure reported by Bob Cohen on mailing lis...
 2013-10-01 15:50:39 -07:00
Daniel Black f998e01590 Merge pull request #359 from grooverdan/pureftpd 
ENH: Pureftpd syslog prefixing and filter achoring
 2013-10-01 15:14:33 -07:00
Daniel Black ba8183b116 Merge pull request #372 from grooverdan/uw-imap 
ENH: filter.d/uwimap-auth added. Closes #18
 2013-10-01 15:13:11 -07:00
Daniel Black 262616f7a7 ENH: filter.d/uwimap-auth - failure of an admin override to regex 2013-10-01 22:32:57 +10:00
Daniel Black 9211179d30 ENH: filter.d/uwimap-auth - add "disabled" to regex 2013-10-01 22:10:33 +10:00
Daniel Black 4649cf9608 ENH: separate selinux and selinux-ssh 2013-10-01 20:21:45 +10:00
Daniel Black 791183b639 ENH: filter.d/uwimap-auth - add SYSTEM BREAK-IN ATTEMPT 2013-10-01 10:10:53 +10:00
Daniel Black a1eaa5f755 ENH: filter.d/selinxu added. Closes #296 2013-10-01 09:59:15 +10:00
Daniel Black 778f09debe DOC/ENH: __md5hex regex defination to common.conf. Document debian bug # 2013-10-01 09:03:33 +10:00
Daniel Black b3b62d65bf ENH: filter.d/uwimap-auth added. Closes #18 2013-09-29 18:06:27 +10:00
Daniel Black f2ae20a3b8 BF: filter.d/sshd group on md5hex and () for serial needed to be escaped 2013-09-29 17:44:45 +10:00
Daniel Black 1eeb6e94bd BF: fix regex for openssh-6.3 2013-09-29 17:28:33 +10:00
Daniel Black e12d389c65 MRG/DOC: jail.conf resolution, ChangeLog fixes 2013-09-29 08:21:13 +10:00
Daniel Black 74434694dc BF: more duplicate jail.conf entries - 3proxy exim{,-spam}, perdition 2013-09-28 21:38:15 +10:00
Daniel Black 5cf25a63df BF: remove duplicate ssh-pf in jail.conf 2013-09-28 21:31:45 +10:00
Mark McKinstry b6bf26c9f2 dont' need to set a default name 2013-09-25 18:37:22 -04:00
Mark McKinstry 4187e87b69 don't enabel ssh-apf jail by default 2013-09-25 18:35:09 -04:00
Mark McKinstry f9f4d2728f add an example jail for apf action and ssh filter 2013-09-25 17:59:37 -04:00
Mark McKinstry 2668adc896 Merge branch 'master' of github.com:fail2ban/fail2ban 2013-09-25 17:54:38 -04:00
Mark McKinstry 1af4543aca ability to name the jail that banned the IP with apf 2013-09-25 17:52:34 -04:00
Mark McKinstry dd9ee4c39a quotes around the comment put in apf's deny_hosts.rules file 2013-09-25 17:51:25 -04:00
Mark McKinstry e64493c328 use human readable/longer options when banning and un-banning IPs with apf 2013-09-25 16:44:10 -04:00
Mark McKinstry c692912a82 don't hardcode absolute path for apf firewall 2013-09-25 16:38:45 -04:00
Mark McKinstry 66aff43d68 remove un-needed '$' line 2013-09-25 16:37:58 -04:00
Daniel Black 9805d39b60 MRG: merge date changes to support timezones 2013-09-20 18:22:32 +10:00
Daniel Black 8c2a5612ed DOC: resolve ChangeLog conflicts 2013-09-19 19:38:28 +10:00
Daniel Black 2a805452c6 DOC: resolve ChangeLog conflicts 2013-09-19 19:28:39 +10:00
Daniel Black 8e9fab9b3c Merge branch 'master' of https://github.com/fail2ban/fail2ban 2013-09-19 19:25:47 +10:00
Daniel Black 3be7dcd701 DOC: resolve ChangeLog conflicts 2013-09-19 19:23:02 +10:00
Daniel Black 89e0520675 ENH: dovecot regex to match failure reported by Bob Cohen on mailing list 2013-09-19 08:25:50 +10:00
Daniel Black c3ee03b9ba BF: fix daemon name typo for filter proftpd 2013-09-18 07:32:26 +10:00
Daniel Black 39ca8837eb TST: pureftpd - syslog therefore use syslog prefixes in filter 2013-09-17 22:24:56 +10:00
Daniel Black 30bb1a77a3 ENH: added syslog prefix to pam-generic filter. Disable regex match for pre 2006 (< 0.99.2.0) versions on linux-pam 2013-09-17 10:50:46 +10:00
Daniel Black ee497ff1cb ENH: filter mysqld-auth can be a is a syslog based service so anchor it using syslog prefix 2013-09-17 07:57:19 +10:00
Daniel Black 13ec9d58c0 ENH: filter gssftpd is a syslog based service so anchor it using syslog prefix 2013-09-17 07:25:23 +10:00
Daniel Black 673cc4d77f ENH: anchor at end of recidive filter 2013-09-16 18:43:56 +10:00
Daniel Black 504111b0b1 ENH: filter.d/recidive - anchor regex at start and support f2b SYSLOG target 2013-09-16 01:22:42 +10:00
Beau Raines 060bd45295 ENH - Added server name to subject line in email notifications 
This is useful when fail2ban is running on multiple servers and
keeping the notifictions separate and knowing which machine is "under
attack".
 2013-09-08 15:21:58 -07:00
Daniel Black 8c1b828423 BF: capture of microseconds no longer needed. Closes gh-341 2013-09-09 03:41:12 +10:00
Daniel Black d0098b0213 ENH: add timezone offest and subsecond support to Datedetector 2013-09-09 03:37:59 +10:00
Daniel Black 1f1a56174f MRG: merge from master 2013-09-08 21:02:35 +10:00
Daniel Black ad291d7e38 Merge pull request #346 from grooverdan/bsd-ipfw-default-unreach-port 
BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp ...
 2013-09-04 16:18:19 -07:00
Daniel Black e5f1a7f050 Merge pull request #344 from grooverdan/osx 
ENH: OSX ipfw based on Andy Fragen's work
 2013-09-04 16:16:16 -07:00
Daniel Black 4face1f3e7 MRG: resolve conficts in action.d/osx-ipfw design 2013-09-05 09:07:10 +10:00
Andy Fragen d258a51a23 after some research it looks like setting to unreachable better than deny 2013-09-04 11:28:03 -07:00
Andy Fragen fe557e5900 more specific actionunban 2013-09-01 13:09:51 -07:00
Andy Fragen a4884f82cd add mods from grooverdan and fix actionunban 
actionunban still not working in grooverdan's mod. I made this one grep both <ip> and <port>. It should be more specific if the same <ip> is banned on multiple ports.
 2013-08-31 08:39:19 -07:00
Daniel Black 6b0e2289d4 Merge pull request #335 from grooverdan/gh-333-bind 
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
 2013-08-30 21:34:22 -07:00
Daniel Black f2bcf84893 BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp rejecting blocked packets 2013-08-31 11:40:04 +10:00
Daniel Black 749f215089 ENH: port optional 2013-08-31 11:07:15 +10:00
Daniel Black 8b22fa15b5 BF: reverted to simplier random rulenum. If your machine is handling 1000s of block the addition complexity isnt what you want 2013-08-31 11:03:01 +10:00
Daniel Black b31799a322 ENH: add action.d/osx-afctl anonymously contributed on f2b wiki 2013-08-31 10:51:04 +10:00
Daniel Black 808aa1a792 ENH: added jail.conf example. closes gh-340 2013-08-31 09:39:21 +10:00
Daniel Black 5741348f45 ENH: more options and ruggedness to prevent unintensional consequences 2013-08-31 09:38:18 +10:00
Daniel Black 52bd0f86a8 Merge branch 'osx-ipfw' of https://github.com/afragen/fail2ban into osx 2013-08-31 09:09:04 +10:00
Daniel Black 7cc3e8a8c0 BF: Invert expression on actionstop in bsd-ipfw.conf to ensure exit status 0 on success. Closes gh-343 2013-08-31 08:59:02 +10:00
Daniel Black 15f2f38972 ENH: anchor regex at start 2013-08-28 12:32:40 +10:00
Daniel Black d5684a0834 BF: filter.d/routecube-auth - time offset can be positive or negative 2013-08-28 11:57:38 +10:00
Daniel Black a401d11644 ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied 2013-08-28 00:53:08 +10:00
Andy Fragen ef504c869f added osx specific ipfw action with random rulenum 2013-08-26 16:06:23 -07:00
Yaroslav Halchenko 265a85ec1f RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis 2013-08-26 09:48:56 -04:00
Daniel Black b8e7d0b867 ENH: further tighten lighttpd basic auth regex 2013-08-26 08:51:40 +10:00
Daniel Black a7ebb84a7d ENH: tighted up lighttpd regex 2013-08-26 08:42:45 +10:00
François Boulogne e133b9f1d1 MAINT: add support for lightty1.4.31 2013-08-25 21:29:43 +02:00
Daniel Black ca4729e943 ENH: filter.d/exim.conf - add authentication failures for "plain" authentication 2013-08-25 23:02:10 +10:00
Daniel Black ef903db3c9 ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333 2013-08-25 22:44:30 +10:00
Daniel Black cfb7dba268 DOC: merge ChangeLog 2013-08-25 21:26:13 +10:00
Daniel Black b589533d69 Merge branch 'master' into kwirk-merge 
Conflicts:
	ChangeLog
	testcases/files/logs/dropbear
 2013-08-25 21:21:14 +10:00
Daniel Black fd7cc5bda7 BF: duplicate regex match fixed 2013-08-25 21:13:11 +10:00
Daniel Black 6a56727669 BF: apache-common regex - datetime could be entirely consumed 2013-08-25 18:30:30 +10:00
Daniel Black a9eb8a76c6 merge of change log and apache-auth differences 2013-08-25 16:51:35 +10:00
Steven Hiscocks 4e5feed7fc Merge pull request #8 from grooverdan/gh-303-merge-2 
training space on wuftp
 2013-08-21 12:21:09 -07:00
Daniel Black aad7d08451 BF: disable filter expressions without tests 2013-08-20 07:33:35 +10:00
Yaroslav Halchenko 42f3aa9f62 Merge pull request #329 from grooverdan/bind-unauth-zonetransfer 
Bind unauth zonetransfer.  Closes #323
 2013-08-19 06:48:13 -07:00
Daniel Black 6a36ff1a4a BF: order mailx arguments with dest email address last - redhat bugzilla 998020. Closes gh-328 2013-08-19 22:36:58 +10:00
Daniel Black c44328b1a3 ENH: new "realm mismatch" message from https://issues.apache.org/bugzilla/show_bug.cgi?id=55284#c8 2013-08-19 22:04:55 +10:00
Daniel Black ea7cba4205 ENH: trailing space as per discussion on gh-303 2013-08-19 21:42:43 +10:00
Daniel Black 61d43608ae ENH: filter.d/postfix - add filter for VRFY. Closes gh-322 2013-08-19 18:42:39 +10:00
Daniel Black 5d451bc4d6 ENH: add refused zone tranfer to named-refused filter. closes #323 2013-08-18 22:19:31 +10:00
Steven Hiscocks 53e16e07ad ENH: Minor tweak on previous commit proftpd regex changes 2013-08-09 19:04:26 +01:00
Steven Hiscocks 9002de069e ENH: Improve proftpd regex. 
Taken from @yarikoptic comment:
https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500
 2013-08-09 18:54:08 +01:00
Orion Poplawski 31a78b2711 Use /var/run/fail2ban in config/action.d/dummy.conf 2013-08-08 20:41:44 -06:00
Yaroslav Halchenko e7d5e466b9 Merge branch 'enh/asterisk_and_dropbear_filters' 
* enh/asterisk_and_dropbear_filters:
  ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
  minor: consistent indentation in dropbear.conf
  https://github.com/fail2ban/fail2ban/issues/306
  fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
 2013-08-08 09:59:24 -04:00
Yaroslav Halchenko 4e0ddc5f67 ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in '' 2013-08-08 09:58:36 -04:00
Yaroslav Halchenko 9487ee5562 minor: consistent indentation in dropbear.conf 2013-08-08 09:54:15 -04:00
Daniel Black d8883f4346 DOC: Notes about 401 responses and how apache logs this 2013-07-29 08:59:25 +10:00
Daniel Black 7b2773889d TST: apache-auth filter - nonce timetravel tests + other expression fixes 2013-07-29 02:29:04 +10:00
Daniel Black 0fb04cb2f0 ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4) 2013-07-28 22:00:55 +10:00
Daniel Black d5291517a7 MISC: merge from master 2013-07-28 19:43:54 +10:00
Daniel Black 56faf7f5ad DOC: fix ChangeLog merge 2013-07-28 18:02:38 +10:00
Jamyn Shanley a355fab91b https://github.com/fail2ban/fail2ban/issues/306 
Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles.

Signed-off-by: Jamyn Shanley <jshanley@gmail.com>
 2013-07-27 03:43:32 +00:00
Jamyn Shanley 8936f2cd02 fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11 2013-07-27 00:06:06 +00:00
Steven Hiscocks 2f4aaa9fb9 ENH: Simplify sieve filter failregex 2013-07-26 12:01:09 +01:00
Steven Hiscocks b5639a8672 ENH: Simplify cyrus-imap filter fail regex 2013-07-26 11:55:09 +01:00
Steven Hiscocks 27feb57e80 Merge pull request #299 from kwirk/datepatterns-dateregex 
Custom date templates and date detector changes
 2013-07-26 03:53:40 -07:00
Daniel Black 8f532f9148 NIT: space remove 2013-07-24 11:29:58 +10:00
Daniel Black 7d7ef08145 ENH: authentication_id can be an imap4 quoted string, whatever that is, so using .+ as its id 2013-07-24 10:44:52 +10:00
Daniel Black abc4146079 ENH: perdition proxies other types hence daemon can include (perdidtion.(imap|pop)s?|managesieve). Also support local authentication resulting in the log message: local authentication failure 2013-07-24 10:27:12 +10:00
Steven Hiscocks cf1e5bdbc2 ENH: Tweak proftpd regex and add sample logs 
Needed to add optional ":" post __pid_re, and for consistency, decided
to make use of __prefix_line instead which includes this.
 2013-07-21 22:03:49 +01:00
Steven Hiscocks 8b9bafda79 ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples 
suhosin is hardened php implmentation, which will log the alerts (as
seen in samples) to stderr, which is picked up by fastcgi webserver
(e.g. lighttpd, apache, nginx)
 2013-07-21 16:35:37 +01:00
Steven Hiscocks 4033857f63 ENH: Improve xinetd-fail regex and add sample logs 2013-07-21 15:44:09 +01:00
Steven Hiscocks a11f91b835 ENH: Improve cyrus-imap regex and add extra sample line 2013-07-20 17:28:28 +01:00
Steven Hiscocks 534be189dc ENH: Improve sieve regex and add sample line 2013-07-20 17:26:09 +01:00
Steven Hiscocks ab671b0b1a ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample 
For wu-ftpd configured to use pam, the pam filter used be used, as regex
is more robust.
 2013-07-20 16:34:24 +01:00
Steven Hiscocks 57a6c11260 ENH: Improve courierlogin regex and add sample logs 2013-07-20 15:53:18 +01:00
Steven Hiscocks bd175f0267 ENH: Improve cyrus-imap regex and add sample log file 2013-07-20 15:38:29 +01:00
Steven Hiscocks 83a80a29ea ENH: Improve couriersmtp and add sample logs 2013-07-20 15:34:00 +01:00
Steven Hiscocks eb2f0c9272 ENH: Improve postfix regex and add more samples 2013-07-20 15:31:21 +01:00
Daniel Black 5cfe108186 ENH: filter enhancements (with test cases) for apache-auth (httpd-2.4.4) 2013-07-20 22:21:08 +10:00
Daniel Black 6fdfd8d356 BF: fix port 2013-07-20 15:09:25 +10:00
Daniel Black eea5b071e6 ENH: jail for perdition 2013-07-19 20:27:15 +10:00
Daniel Black fcf79b475f ENH: new filter perdition.conf 2013-07-19 20:14:53 +10:00
Steven Hiscocks 26b472f70f ENH: Add ejabberd-auth filter and sample log lines 2013-07-18 21:31:51 +01:00
Steven Hiscocks d661b8c046 BF: Apache regex and sample fail data update due to date pattern changes 2013-07-17 21:09:30 +01:00
Daniel Black 03ec7c211b ENH: could not find a way to trigger filter ^%(_apache_error_client)s authorization failure \(no authenticated user\): \S*\s*$ 2013-07-18 00:37:33 +10:00
Daniel Black 8ce9c78474 TST: apache-auth digest logs 2013-07-18 00:36:17 +10:00
Daniel Black f8b5b3a1ef ENH: apache-auth - quite a lot of authorization failure messages depending on module. Make a wildcard 2013-07-17 23:31:44 +10:00
Daniel Black 4eca2c0bd5 TST: apache-auth client denied by server configuration 2013-07-17 23:24:19 +10:00
Daniel Black e0292913eb ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner 2013-07-17 23:05:04 +10:00
Steven Hiscocks 1eea0dcec8 Merge branch 'master' into 0.9 
Conflicts:
	ChangeLog
	bin/fail2ban-regex
	bin/fail2ban-testcases
	config/jail.conf
	fail2ban/server/failregex.py
	fail2ban/server/filter.py
	fail2ban/tests/files/logs/lighttpd
	fail2ban/tests/files/logs/mysqld.log
	fail2ban/tests/files/logs/wu-ftpd
	fail2ban/tests/filtertestcase.py
	fail2ban/tests/utils.py
	testcases/files/logs/lighttpd
	testcases/files/logs/lighttpd-auth
	testcases/files/logs/mysqld-auth
	testcases/files/logs/mysqld.log
	testcases/files/logs/wu-ftpd
	testcases/files/logs/wuftpd
 2013-07-16 23:16:22 +01:00
Yaroslav Halchenko f6a8a04cf3 ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback 
I also used non-greedy .*? for the login portion since not sure if space could
be there and trying to minimize possibility of reacting on injected "from
<HOST>" somewhere within the trailing .*
 2013-07-16 15:07:32 -04:00
Yaroslav Halchenko 8add63c733 ENH: anchor roundcube-auth at the beginning as well 2013-07-16 14:16:23 -04:00
Steven Hiscocks 728399c39e Merge pull request #281 from kwirk/dovecot-filter 
ENH: dovecot filter additions for session, time value and blank user
 2013-07-14 05:18:04 -07:00
Daniel Black ab10664b57 ENH: action.d/hostsdeny to take daemon_list arguement as suggested in README.Solaris 2013-07-14 16:20:21 +10:00
Steven Hiscocks 606e97683b BF: jail.conf multiport actions previously using single port iptables 2013-07-12 23:34:04 +01:00
Daniel Black 975999591f ENH/DOC: more realm mismatch errors. Documented filter design criteria 2013-07-12 07:39:18 +10:00
Daniel Black 10e3be857a ENH: apache-auth filter added mod_auth_digest message 2013-07-11 23:08:46 +10:00
Daniel Black 384b72a535 ENH: apache-auth filter - client wrong auth 2013-07-11 22:58:36 +10:00
Daniel Black fce431add8 ENH: add mod_authz_core failures to apache-auth 2013-07-11 22:28:27 +10:00
Daniel Black 6ce41a611d BF: fix filter on apache-auth. Closes #286 2013-07-11 22:13:51 +10:00
Daniel Black 1d6d5a7aae DOC: ChangeLog merge confict 2013-07-09 08:41:28 +10:00
Daniel Black 5412d7336f DOC: ChangeLog confict 2013-07-09 08:23:44 +10:00
Daniel Black 619603fe05 BF: match asterisk InvalidPassword correctly 2013-07-07 17:48:20 +10:00
Steven Hiscocks bfa2b9dec3 ENH: dovecot filter additions for session, time value and blank user 2013-07-05 18:36:02 +01:00
Yaroslav Halchenko 04b8069cee ENH: adjust sendmail-whois 'active' example to have also sendername in it 2013-07-05 10:12:29 -04:00
Alexander Dietrich 2155f6bfa5 Update ChangeLog and jail.conf example 2013-07-04 08:57:52 +02:00
Daniel Black d6dece4900 ENH: Split log and provide jail examples 2013-07-03 07:42:47 +10:00
Alexander Dietrich da594075f3 Move sendmail settings to common file, make sender name configurable 2013-07-02 20:30:41 +02:00
Yaroslav Halchenko e6ebcf6687 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban 
* 'dovecot' of https://github.com/grooverdan/fail2ban:
  ENH: remove non-capturing groups for readibility
  BF: fix dovecot filter for when no TLS is enabled on pop/imap

Conflicts:
	ChangeLog -- changelog entries.  Also untabified few other spots
 2013-07-02 10:12:51 -04:00
Yaroslav Halchenko f0f237fa05 Merge pull request #269 from grooverdan/asterisk 
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
 2013-07-02 07:04:10 -07:00
Daniel Black e6823149a1 ENH: remove non-capturing groups for readibility 2013-07-02 20:16:43 +10:00
Daniel Black aebd24ec54 BF: replace with ed so its cross platform, fixes permission problem gh-266, and Yaroslav doesn't revert to perl 2013-07-02 20:09:27 +10:00
Daniel Black 4777cfd4e7 ENH: split out exim-spam into speparate filter 2013-07-02 20:03:16 +10:00
Yaroslav Halchenko 70ae1ed68b ENH: ban also submission port (587) for all smtp-related jails 
see http://www.rfc-editor.org/rfc/rfc4409.txt
and http://en.wikipedia.org/wiki/Mail_submission_agent

Users of advanced setups might like to split those into multiple jails anyways
to have separate control over submission agents and incoming mail servers.
 2013-07-01 14:50:02 -04:00
Daniel Black ca996ace5e ENH: remove temporary failures from local_scan in line with comments in gh-258 2013-07-01 21:56:02 +10:00
Daniel Black 9757e1df2b ENH: make groupings non-capturing 2013-07-01 21:53:05 +10:00
Daniel Black 72f9e6a51e ENH/TST: more samples and rejection types for sender verify fail and rejected RCPT 2013-07-01 21:50:35 +10:00
Daniel Black 3b76fc79f9 BF: fix dovecot filter for when no TLS is enabled on pop/imap 2013-07-01 21:12:51 +10:00
Steven Hiscocks 1dbba35cd9 Merge branch 'master' into 0.9 
Conflicts:
	fail2ban/client/jailreader.py
	fail2ban/tests/clientreadertestcase.py
	fail2ban/tests/files/logs/sshd
 2013-06-29 20:31:26 +01:00
Steven Hiscocks 5ca6a9aeb6 Merge branch 'systemd-journal' into 0.9 
Conflicts:
	bin/fail2ban-regex
	config/filter.d/sshd.conf

Closes github #224
 2013-06-29 13:00:40 +01:00
Daniel Black 0086a7edab ENH: missed a $ 2013-06-29 11:30:37 +10:00
Yaroslav Halchenko 1b170b2aef BF: support apache 2.4 more detailed error log format. Close #268 2013-06-28 09:49:36 -04:00
Yaroslav Halchenko 6d331bcbea BF: make colon after [daemon] optional. Close #267 2013-06-27 11:44:47 -04:00
Daniel Black fa7a105483 ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages 2013-06-27 09:16:14 +10:00
Yaroslav Halchenko 8487cb2e90 Merge commit '0.8.10-31-g1ab0f0f' into 0.9 
* commit '0.8.10-31-g1ab0f0f': (24 commits)
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  DOC: Changelog for fail2ban-regex RF
  DOC: Changelog for asterisk hardening
  ENH: fail2ban-regex -- add specification of loglevels to enable
  RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs
  ENH: 'heavydebug' level == 5 for even more debugging in tricky cases
  ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
  BF: missed a space
  BF: [SSL-out] is optional in assp
  ENH: regex hardening on assp
  ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
  TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: dovecot regexs rewritten and extra failures
  ENH: proftp regex hardening and log messages
  ENH/BF: exim improvements with sample
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  ...

Conflicts: -- it was a messy merge/resolution.
	ChangeLog
	bin/fail2ban-regex
	fail2ban-testcases
	fail2ban/server/filter.py
 2013-06-18 20:21:23 -04:00
Daniel Black 25c3bbfc2f DOC: credits/blame to me for changes to exim 2013-06-16 00:25:24 +10:00
Daniel Black b8cfda68b8 ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries 2013-06-16 00:19:37 +10:00
Daniel Black d441d61a1e TST/ENH: Improve regex around exim 
rejected by local_scan now has test cases.

Unrouteable address error messages now normalised after looking into
exim code.
 2013-06-15 12:34:16 +10:00
Yaroslav Halchenko 9d4b613ee4 Merge branch '3proxy' of https://github.com/grooverdan/fail2ban 
* '3proxy' of https://github.com/grooverdan/fail2ban:
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
  BF: need to anchor the start to avoid another repeat of DoS injection like Apache
  ENH: stricter regex thanks to Steven Hiscocks (kwirk)
  DOC: credits

Conflicts:
	ChangeLog
 2013-06-14 12:32:51 -04:00
Yaroslav Halchenko 173fe48e77 Merge branch 'exim' of https://github.com/grooverdan/fail2ban 
* 'exim' of https://github.com/grooverdan/fail2ban:
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  ENH/BF: exim improvements with sample

Conflicts:
	ChangeLog
 2013-06-14 12:28:07 -04:00
Yaroslav Halchenko ec629ab4e8 Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban 
* 'proftpd' of https://github.com/grooverdan/fail2ban:
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: proftp regex hardening and log messages

Conflicts:
	ChangeLog
 2013-06-14 12:16:59 -04:00
Yaroslav Halchenko ab2c738b43 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban 
* 'dovecot' of https://github.com/grooverdan/fail2ban:
  TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
  ENH: dovecot regexs rewritten and extra failures

Conflicts:
	ChangeLog -- merged entries
 2013-06-14 12:14:40 -04:00
Daniel Black 8cc13b5b40 BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address 2013-06-14 18:12:53 +10:00
Daniel Black a433a8ea5f ENH: readibility thanks to Yaroslav 2013-06-14 15:21:50 +10:00
Yaroslav Halchenko 948be73115 Merge branch 'assp' of https://github.com/grooverdan/fail2ban 
* 'assp' of https://github.com/grooverdan/fail2ban:
  BF: missed a space
  BF: [SSL-out] is optional in assp
  ENH: regex hardening on assp

Conflicts:
	ChangeLog -- merged the two entries into 1
 2013-06-13 23:32:45 -04:00
Yaroslav Halchenko 09302c5c25 ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[ 
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
 2013-06-13 23:15:48 -04:00
Daniel Black 7018d81244 BF: missed a space 2013-06-14 12:35:44 +10:00
Daniel Black a447aa615d BF: [SSL-out] is optional in assp 2013-06-14 12:27:35 +10:00
Daniel Black d4940563d3 ENH: regex hardening on assp 2013-06-14 08:55:25 +10:00
Daniel Black 6a09ecff5c ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal . 2013-06-14 08:41:50 +10:00
Daniel Black 9940cd1b6b ENH: proftpd chan accept usernames with spaces 2013-06-14 00:29:43 +10:00
Daniel Black dbe7ffe050 ENH: dovecot regexs rewritten and extra failures 2013-06-13 23:52:15 +10:00
Daniel Black 4c67a269bf ENH: proftp regex hardening and log messages 2013-06-13 22:11:05 +10:00
Daniel Black 3e3802512a ENH/BF: exim improvements with sample 2013-06-13 17:44:18 +10:00
Daniel Black 88b4598ed8 BF: fix to proxy port in 3proxy example 2013-06-13 14:43:15 +10:00
Yaroslav Halchenko f6cb981fc0 Merge commit '0.8.10-1-g460e09a' into 0.9 
* commit '0.8.10-1-g460e09a':
  it was not the end of the world and we should continue
  DOC: add information on where to report vulnerabilities + pointer to HOWTO_Seek_Help
  Changes for 0.8.10 release (changelog, version, etc)
  BF: anchor apache- filters.  Close #248
  DOC: credits for gh-244
  Filter Asterisk: Add sample log entry to testcase.
  Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
  ENH: purge a few more .*
  DOC: credits
  DOC: how to do filter enhancements
  TST: normalize logs to use example.com and 1.2.3.4 as IP
  ENH/BF: constrain regex. Fix ACL error regex
  ENH: port optional
  Update asterisk
  Update asterisk.conf

Conflicts:
	ChangeLog
	DEVELOP
	README.md
	fail2ban/version.py
 2013-06-12 21:30:47 -04:00
Daniel Black 9dbaec0894 ENH: sample log + more specific regex 2013-06-13 10:23:14 +10:00
Daniel Black 8faf84b7f7 BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon 2013-06-13 08:34:10 +10:00
Yaroslav Halchenko 6ccd57813c BF: anchor apache- filters. Close #248 
See https://vndh.net/note:fail2ban-089-denial-service for more information
 2013-06-11 19:19:25 -04:00
Daniel Black fd9f9f16e0 BF: need to anchor the start to avoid another repeat of DoS injection like Apache 2013-06-12 08:48:30 +10:00
Daniel Black f2fa4d53a8 ENH: stricter regex thanks to Steven Hiscocks (kwirk) 2013-06-12 08:30:59 +10:00
Daniel Black 16d63434ef DOC: credits 2013-06-11 23:56:09 +10:00
Carlos Alberto Lopez Perez 47b063b022 Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list 
* I have been seeing bruteforcing attempts where asterisk fails with
   AUTH_UNKNOWN_DOMAIN (Not a local domain)
 2013-06-10 19:50:35 +02:00
Daniel Black 05c88bd85d ENH: purge a few more .* 2013-05-30 11:34:04 +10:00
Daniel Black 4cf402d60e ENH/BF: constrain regex. Fix ACL error regex 2013-05-30 10:15:58 +10:00
Daniel Black 0f7b609336 ENH: port optional 2013-05-30 09:43:39 +10:00
Daniel Black 278fd43429 Merge branch 'patch-1' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:39:12 +10:00
Yaroslav Halchenko a3161f59fa Merge commit '0.8.9-13-g39d32e0' into 0.9 
* commit '0.8.9-13-g39d32e0':
  Changelog for previous PR
  DOC: Changelog entry fro preceeding merge from Terence
  TST: Fix fail2ban.conf reader test for unreliable dictionary order
  failregex when roundcube log driver is set to 'syslog'
  fixed failregex line for roundcube 0.9+
  TST: test all stock jails to have actions and correctly specifying blocktype
  CFG: assure actions for all the jails
  BF: blocktype must be defined within [Init] -- adding [Init] section.  Close #232
  ENH: since it seems the default is to use file based logging, $syslog is in Should-{Start|Stop} like Debian https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.init
  ENH: opensuse script from opensuse: https://build.opensuse.org/package/view_file?expand=1&file=fail2ban.init&package=fail2ban&project=openSUSE%3AFactory

Conflicts:
	ChangeLog
	config/jail.conf
	testcases/clientreadertestcase.py -- had to "git show XXX | patch -p2" under tests/ 2 commits: 8a57ffd 7a4db4b
 2013-05-29 11:32:35 -04:00
Steven Hiscocks 49261925d7 ENH: Add new regex for locked accounts for sshd 2013-05-27 22:06:49 +01:00
Terence Namusonge 244a96f9b3 fixed failregex line for roundcube 0.9+ 
# Only works only if  log driver: is set to  'syslog'. this is becoz fail2ban fails to 'read' the line due to the
 brackets around the date timestamp on logline when log driver is set to file
 2013-05-25 19:26:13 +02:00
Yaroslav Halchenko d2b1c73b92 CFG: assure actions for all the jails 2013-05-24 14:33:08 -04:00
Yaroslav Halchenko 89e06bba15 BF: blocktype must be defined within [Init] -- adding [Init] section. Close #232 2013-05-24 11:15:46 -04:00
silviogarbes 5c8fb68a2c Update asterisk.conf 
Para ficar compatível com asterisk 11
 2013-05-14 08:04:11 -03:00
Yaroslav Halchenko f5a8a8ac7c Release 0.8.9 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iEYEABECAAYFAlGRBZ8ACgkQjRFFY3XAJMhqzwCgvUsrv6cSjo1d8YCQUA8Na0Kk
 44QAoKk7X2sqFM+wvj2vK3stsHa/80qm
 =iBfR
 -----END PGP SIGNATURE-----

Merge tag '0.8.9' into 0.9 (quite a bit of conflicts "resolved")

Release 0.8.9

* tag '0.8.9':
  BF: add missing files to MANIFEST (I think we shoult not rely on sdist anyways -- 'git tag' tarballs are more thorough ;) )
  All the (version) updates for the release of 0.8.9
  BF: (travis) relax the test for needed to be presented installed directories -- allow new
  BF: (travis) if tests ran under coverage -- there is a traceback parts to report (thus > would be present)
  ENH: also print the failing traceback line in case of failure
  ENH: include explicit list of new files which should not be there upon "install --root"
  ENH: now we know that logging handlers closing was still buggy in 2.6.2
  ENH: issue a warning if jail name is longer than 19 symbols (Close #222)
  DOC: inline commends with ';' are in effect only if ';' follows as space
  BF: Fix for filterpoll incorrectly checking for jailless state
  ENH: strengthen detection of working pyinotify
  ENH: use the same python executable for setup.py test
  ENH: actually tune up TraceBack to determine "unittest" portions of the stack across all python  releases
  TST: Some primarily smoke tests for tests utils
  TST: cover few more lines in fail2banreader.py
  ENH: basic test for setup.py itself (when applicable, should greatly improve coverage ;) )
  ENH: consistent operation of formatExceptionInfo + unittest for it
  ENH: point to the status of master branch on travis

Conflicts:
	ChangeLog
	MANIFEST
	README.md
	fail2ban/version.py -- all of the above obvious version changes

   below files primarily  needed just a bit of help in resolution
	config/jail.conf
	fail2ban/server/filterpoll.py
	fail2ban/server/server.py
	fail2ban/tests/servertestcase.py

   and following were more difficult -- git wasn't able to track renames/moves of the code
    fail2ban-testcases -- needed to introduce those changes to tests/utils.py
	testcases/clientreadertestcase.py -- manually applied patch from master
	testcases/utils.py -- manually applied patch from master
 2013-05-13 12:29:41 -04:00
Yaroslav Halchenko 90b8433ac5 DOC: inline commends with ';' are in effect only if ';' follows as space 2013-05-12 21:42:59 -04:00
Steven Hiscocks f7d328195f NF: Add systemd journal backend 2013-05-10 00:15:07 +01:00
Yaroslav Halchenko f1b6806eb4 Merge branch 'master' into 0.9 
* master: (51 commits)
  ENH: Use real (resolving) example.com instead of test.example.com
  DOC: Slight tune ups to ChangeLog -- we must release!
  Changelog entries for the latest merges
  BF: add bash-completion to MANIFEST
  DOC: ChangeLog for default action type change
  ENH: consolidate where blocktype is defined for iptables rules
  BF: default type to unreachable
  ENH: separate out regex and escape a .
  ENH: logs/sshd -- have ":" after [daemon] (other uses are uncommon)
  ENH: logs/sshd -- use example.com as the resolved hostname in sample log lines
  ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
  DOC: Drop sudo from bash-completion
  DOC: Added bash-completion script
  ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
  ENH: Removed unused log line
  ENH: logrotate file
  BF: missed MANIFEST include
  BF: missed MANIFEST include
  BF: missed MANIFEST include
  ENH: some form of logrotate based on what distros are doing
  ...

Conflicts:
	ChangeLog
	MANIFEST
	client/actionreader.py
	config/jail.conf
	fail2ban/server/datedetector.py
	fail2ban/tests/datedetectortestcase.py
 2013-05-08 13:53:38 -04:00