fail2ban

Commit Graph

Author	SHA1	Message	Date
Yaroslav Halchenko	8c4d4aa7fb	minor: no tripple empty lines	10 years ago
Joern Muehlencord	4296d1a9a9	add froxlor-auth filter and jail	10 years ago
Joern Muehlencord	964cdb5d9b	add froxlor-auth filter and jail	10 years ago
Ivan Poddubny	7a4e6fa6e5	Asterisk security log: add support for websocket protocol events Thanks to @kcormier.	10 years ago
Ivan Poddubny	988d9a08da	Asterisk security log: accept events containing Response/ExpectedResponse Event containing Challenge may come without ReceivedChallenge, but with Response and ExpectedResponse. Also Challenge now accepts '/' character, since it is used at least by PJSIP.	10 years ago
Ivan Poddubny	189265a323	Asterisk security log: accept SessionID of PJSIP events Unlike chan_sip and manager, PJSIP populates SessionID using Call-Id header of a related SIP message. As Call-Id of a SIP message can contain almost anything, the regular expression for SessionID has been loosened.	10 years ago
Ivan Poddubny	ab2ac1a367	Asterisk security log: accept <unknown> in AccountID	10 years ago
Ivan Poddubny	977f9955e7	Asterisk security log: accept EventTV in ISO8601 Asterisk uses ISO8601 dates in security log since version 12. Closes #988	10 years ago
Anton Shestakov	56e5821c06	Match unknown user in dovecot's passwd-file auth database	10 years ago
Aaron Brice	7ae0ef2408	Fix actions in ufw.conf On Ubuntu 15.04 the ufw action was not working. - With empty <application>, receiving errors: 2015-04-24 16:28:35,204 fail2ban.filter [8527]: INFO [sshd] Found 43.255.190.157 2015-04-24 16:28:35,695 fail2ban.actions [8527]: NOTICE [sshd] Ban 43.255.190.157 2015-04-24 16:28:35,802 fail2ban.action [8527]: ERROR [ -n "" ] && app="app " -- stdout: b'' 2015-04-24 16:28:35,803 fail2ban.action [8527]: ERROR [ -n "" ] && app="app " -- stderr: b'' 2015-04-24 16:28:35,803 fail2ban.action [8527]: ERROR [ -n "" ] && app="app " -- returned 1 - With action = ufw[application=OpenSSH], it was silently not doing anything (no errors after "Ban x.x.x.x", but no IP addresses in ufw status). Re-arranged the bash commands on two lines, and it works with or without <application>.	10 years ago
Lee Clemens	8f792f52fb	Add drupal-auth filter and jail	10 years ago
Lee Clemens	b530d88eca	Merge remote-tracking branch 'upstream/master' into bf/1000-asteriskBlocksSelf Conflicts: ChangeLog	10 years ago
Markus Oesterle	f8c7247f42	added \s after host	10 years ago
Markus Oesterle	5f2807b41f	replaced .* before rhost with regex matching all the previous fields	10 years ago
Markus Oesterle	8825a5f31b	updated filter.d/sshd.conf Added line to match sshd auth errors on OpenSuSE systems	10 years ago
Viktor Szépe	e776a4e1ab	Update proftpd.conf	10 years ago
Viktor Szépe	f9e8a99a79	Non-US locale warning for proftpd	10 years ago
Thomas Mayer	923d807ef8	use human-readable variable names (issue #1003 )	10 years ago
Thomas Mayer	675c3a7c95	use printf instead of echo for POSIX compatibility (issue #1003 )	10 years ago
Thomas Mayer	ac1e41ea70	Revert "remove '-ne' option as it's not interpreted any way (issue #1003 )" This reverts commit `4a598070c8`.	10 years ago
Thomas Mayer	4a598070c8	remove '-ne' option as it's not interpreted any way (issue #1003 )	10 years ago
Thomas Mayer	80f11a4d28	Add empty Init Section to pass tests (issue #1003 )	10 years ago
Thomas Mayer	c9b24839e4	Character detection heuristics for whois output via optional setting in mail-whois*.conf (Closes #1003 ) when set by user, - detects character set of whois output (which is undefined by RFC 3912) via heuristics of the file command - converts whois data to UTF-8 character set with iconv - sends the whois output in UTF-8 character set to mail program - avoids that heirloom mailx creates binary attachment for input with unknown character set	10 years ago
Csaba Tóth	0720c831b7	Fix of LC_TIME usage, it should be LC_ALL	10 years ago
Lee Clemens	72f4bcfbff	Match hacking attempt IP instead of asterisk server IP (closes #1000 )	10 years ago
Yaroslav Halchenko	d28880fdca	Merge pull request #997 from yarikoptic/bf/long-purge-for-recidive DOC: make a warning for recidive jail to increase dbpurgeage (Closes #964)	10 years ago
ediazrod	5fdd1d1ded	Update shorewall-ipset-proto6.conf	10 years ago
ediazrod	e26a1ad6b6	Update shorewall-ipset-proto6.conf	10 years ago
Yaroslav Halchenko	56aacf872c	Merge pull request #952 from ache/master Update bsd-ipfw.conf	10 years ago
Yaroslav Halchenko	02836b599c	Added a comment about systemd backend for jails with logs outside of journal (Closes #959 )	10 years ago
Yaroslav Halchenko	320a28a4a4	DOC: make a warning for recidive jail to increase dbpurgeage (Closes #964 )	10 years ago
ediazrod	d0887f3234	This is a especific configuration for shorewall ipset proto6 Use ipset proto6 in shorewall. You must follow the rules to enable ipset in you blacklist if you have a lot of spam (my case) is better use ipset rather than shorewall command line (is my firewall) stop fail2ban with shorewall on one list of 1000 Ips takes 5 min with ipset in shorewall 10 sec.	10 years ago
Yaroslav Halchenko	e788e3823e	Merge pull request #965 from TorontoMedia/master Split output of firewallcmd list into separate lines for grepping (Close #908)	10 years ago
TorontoMedia	b4f1f613bb	Update firewallcmd-allports.conf	10 years ago
TorontoMedia	0fac7e40b6	Update firewallcmd-multiport.conf	10 years ago
Yaroslav Halchenko	07b0ab07ad	Merge branch 'master' of https://github.com/rumple010/fail2ban * 'master' of https://github.com/rumple010/fail2ban: Changed default TTL value to 60 seconds. Added a reminder to create an nsupdate.local file to set required options. Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf. add nsupdate action Conflicts: ChangeLog	10 years ago
Yaroslav Halchenko	d5e68abf95	ENH: check badips.com response on presence of "categories" in it As https://travis-ci.org/fail2ban/fail2ban/jobs/50609529 query might fail in that response would not contain "categories". With this change we will handle it explicitly and will spit out ValueError, providing information about the response so it could be troubleshooted	10 years ago
Ache	ae1451b29f	Update bsd-ipfw.conf Deleting not existent is not error. Adding already present is not error. Otherwise all those entries becomes stale forever, not removed and its number increases over time.	10 years ago
Yaroslav Halchenko	3fb2becddb	Merge pull request #949 from leeclemens/enh/configSyslogSocket Configure Syslog Socket Path (closes #814)	10 years ago
Lee Clemens	6268eb32be	Use syslogsocket value "auto" to determine syslog socket's path	10 years ago
Luke Hollins	549ab24e70	Fixed grammatical error in emails sent	10 years ago
Yaroslav Halchenko	119a7bbb16	Merge pull request #939 from szepeviktor/geoip Added sendmail-geoip-lines.conf	10 years ago
Viktor Szépe	4c88a00c28	Line notes implemented	10 years ago
Lee Clemens	445fd7367f	Configure Syslog Socket Path	10 years ago
František Šumšal	eb0d086ed0	Merge branch 'master' into nginx-botsearch	10 years ago
František Šumšal	1c6d2074fb	Changed default settings for nginx-botseach filter	10 years ago
Orion Poplawski	e7ff7e90b7	[postfix-sasl] update regexes - Add : to match "SASL LOGIN authentication failed: Password:" - Add ignoreregex to ignore system authentication issues: "warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Connection lost to authentication server" - Add test log messages for both	10 years ago
František Šumšal	fb0f463eac	Include consistency	10 years ago
František Šumšal	705718be52	Filter apache-botsearch.conf now loads variables from botsearch-common.conf	10 years ago
František Šumšal	18778d9174	Created botsearch-common.conf File contains variables used in -botsearch filters	10 years ago
Yaroslav Halchenko	73af02ffc6	Merge pull request #940 from leeclemens/ENH/ApacheFakeGoogleBot New jail: apache-fakegooglebot	10 years ago
Yaroslav Halchenko	df581fe6e2	Merge pull request #929 from opoplawski/pam_auth Add filter variable __pam_auth to allow customize for setups with multiple authorization schemes (Close #928)	10 years ago
Yaroslav Halchenko	7ada96b4e9	Merge pull request #932 from opoplawski/dovecot Dovecot - dovecot auth failure from EL7	10 years ago
František Šumšal	f8fe165cd2	Switched from tabs to spaces for indents	10 years ago
Yaroslav Halchenko	8f6d9c6a5a	Merge branch 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban * 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban: fixed typos, thanks szepeviktor for review ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z) Conflicts: ChangeLog	10 years ago
Lee Clemens	841c476045	Merge branch 'enh/fakegooglebot' of https://github.com/yarikoptic/fail2ban into yarikoptic-enh/fakegooglebot Conflicts: config/filter.d/ignorecommands/apache-fakegooglebot	10 years ago
Yaroslav Halchenko	15b65c7ad2	NF: apache-fakegooglebot ignorecommand + DNSUtils.ipToName	10 years ago
Lee Clemens	7e94ba6f0c	Remove implementation specific suffix	10 years ago
Lee Clemens	854915920f	Remove implementation specific suffix	10 years ago
Lee Clemens	af078532ac	New jail: apache-fakegooglebot Detects fake googlebot user agents in apache access log	10 years ago
Viktor Szépe	1619ab3145	Added sendmail-geoip-lines.conf	10 years ago
Yaroslav Halchenko	ec6a30efcf	ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )	10 years ago
František Šumšal	c8e82f18b6	Add jail nginx-botsearch Jail blocks requests for predefined non-existent folders. Based on apache-botsearch jail.	10 years ago
Orion Poplawski	b4776a1ba0	Match dovecot unknown user line	10 years ago
Orion Poplawski	3bc92610f7	Add dovecot auth failure from EL7	10 years ago
Andrew St. Jean	6bdfe756cf	Changed default TTL value to 60 seconds.	10 years ago
Orion Poplawski	79b5a2617f	Add filter variable __pam_auth to allow easier changing of pam auth backend	10 years ago
Andrew St. Jean	43732acae1	Added a reminder to create an nsupdate.local file to set required options.	10 years ago
Yaroslav Halchenko	085d0f72ed	ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)	10 years ago
Yaroslav Halchenko	65980a70fc	Merge branch 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban * 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban: use iptables-allports for recidive Conflicts: ChangeLog	10 years ago
rumple010	eb76dcd5a0	add nsupdate action Adds a new action file that uses nsupdate to dynamically update a BIND zone file with a TXT resource record representing a banned IP address. Resource record is deleted from the zone when the ban expires.	10 years ago
sebres	12e3cca3f2	port[s] typo fixed in jail.conf/nginx-http-auth, issue gh-913	10 years ago
Yaroslav Halchenko	083031524d	BF: adding missing Definition section header to firewallcmd-allports	10 years ago
TorontoMedia	d7b7f4bc91	Update firewallcmd-allports.conf	10 years ago
Lee Clemens	77677e43df	Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL	10 years ago
Lee Clemens	bda8dc1926	Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL	10 years ago
TorontoMedia	7eed55266b	Created firewallcmd-multiport	10 years ago
TorontoMedia	9f91cb2fd8	Created firewallcmd-allports	10 years ago
TorontoMedia	50e5fd9ed7	Create firewallcmd-multiport.conf	10 years ago
TorontoMedia	591e444753	Create firewallcmd-allports.conf	10 years ago
Lee Clemens	0f48cf4284	loosen up regex for spamhaus (spamcop says "Blocked" as part of url)	10 years ago
Lee Clemens	fe72a5585c	Create Jail for Postfix based on RBL Use RBL blocks to ban addresses, unique Jail so maxretry can be set to 1 (vs postfix.conf)	10 years ago
Lee Clemens	2d7429c47c	Add 'Client host rejected error message' regex Not sure if it was reworded (using Postfix 2.6) or a slightly different error, but I only have "Client host rejected: cannot find your hostname"	10 years ago
Viktor Szépe	81b3dbde1d	postfix-sasl failregex case insensitive	10 years ago
bes-internal	ccc986b7d8	exim filter: correct failregex for exim with extended log options incoming_interface, incoming_port, outgoing_port	10 years ago
Orion Poplawski	d8867807f5	Separate php-url-fopen logpath by newline	10 years ago
Guillaume FRANCOIS	a6a2dc868b	Add ignoreregex to avoid warning on start	10 years ago
Guillaume FRANCOIS	9269664350	Add ignoreregex to avoid warning on start	10 years ago
Yaroslav Halchenko	2a3790f8e8	use iptables-allports for recidive	10 years ago
Yaroslav Halchenko	967485c2d0	improving grepping	10 years ago
Yaroslav Halchenko	efbf5064a1	Merge pull request #807 from xslidian/patch-1 grep IP at the start of lines	10 years ago
Orion Poplawski	01b2673e34	Use multiport for firewallcmd-new	10 years ago
Yaroslav Halchenko	36abb5ed96	BF: fix $ for % in jail.conf. Debian bug #767255	10 years ago
pacop	e3a037ee3f	merge master	10 years ago
pacop	ce4f2d1c88	added filter for PortSentry with jail and samples	10 years ago
SlowRiot	fc5f729f01	adding jail conf for shellshock filter	10 years ago
SlowRiot	4f636eb0e3	adding filter to detect Shellshock attack attempts against bash scripts through apache. See http://seclists.org/oss-sec/2014/q3/650	10 years ago
Nick Weeds	2c158fe168	Add apache filter for AH01630 client denied by server configuration	10 years ago
Yaroslav Halchenko	0e1f8f7f39	RF: remove those two additional failregexes for the postfix see comment https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426	10 years ago
Yaroslav Halchenko	96c20c8379	Merge pull request #804 from pleasantone/master Add support for postfix/submission/smtpd matching.	10 years ago
Yaroslav Halchenko	c58c4de9bc	ENH: add empty ignoreregex to avoid a warning (Close #805 )	10 years ago
Dean Lee	ba44ff312b	grep IP at the start of lines I'm not sure if this regex works best, so I'm patching this single file as a sample. Don't forget to update `mail-whois-lines.conf` after this patch got merged. For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '$[^0-9]\\|^$199.48.161.87[^0-9]'` works: <pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com 199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>	10 years ago
Paul Traina	249e169d8e	Update test cases and also suport smtps per request.	10 years ago
Daniel Black	1864f75b3b	Credits and notes from #806	10 years ago
weberho	d2c086b187	fixed encoding	10 years ago
weberho	218ffe862e	fixed encoding	10 years ago
Paul Traina	544cfaff2c	Add support for postfix/submission/smtpd matching.	10 years ago
Yaroslav Halchenko	0d9cfb84e3	Merge pull request #778 from yarikoptic/enh/symbiosis ENH: symbiosis-blacklist-allports action	10 years ago
Yaroslav Halchenko	426ed7ff2f	Merge pull request #780 from opoplawski/logpath Fxi jail.conf to use more syslog macros	10 years ago
Yaroslav Halchenko	93243e7d57	ENH: Ignore errors while unbaning in symbiosis firewall Fail2Ban at times "interfers" with the firewall reflashing thus leading to the sporadic errors. IMHO should be safe to ignore	10 years ago
Luc Maisonobe	763115b1eb	added systemd configuration for postfix-sasl.conf	10 years ago
Yaroslav Halchenko	aee560b1c6	Merge branch 'master' of git://github.com/fail2ban/fail2ban * 'master' of git://github.com/fail2ban/fail2ban: 1.5 version of Fail2ban logwatch file Fix typos.	10 years ago
Yaroslav Halchenko	6fc04c2256	Merge branch 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban (with some tune up to Changelog entry) * 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban: ENH: cyrus-imap -- catch also 'user not found' attempts BF: cyrus-imaps -- catch also for secured daemons Conflicts: ChangeLog	10 years ago
Yaroslav Halchenko	f403bad0ab	Merge pull request #775 from alimony/patch-1 Fix typos.	10 years ago
Yaroslav Halchenko	b79a82ebdd	minor typo	10 years ago
Orion Poplawski	6b554fbe98	Fxi jail.conf to use more syslog macros	10 years ago
Yaroslav Halchenko	818dd59d65	ENH: symbiosis-blacklist-allports action	10 years ago
Markus Amalthea Magnuson	7b76322898	Fix typos.	10 years ago
Yaroslav Halchenko	4a23a7dcf1	Merge pull request #766 from leftyfb/master Added cloudflare action	10 years ago
leftyfb	6dbd449f77	Changed to Cloudflare JSON API	10 years ago
Jisoo Park	2e7b8adb3b	Fix sieve filter to use correct option	10 years ago
Yaroslav Halchenko	f19c5fc939	Merge pull request #770 from eltrai/master Forwards bantime to action scripts	10 years ago
Yaroslav Halchenko	f9cfbd66e6	Merge pull request #771 from szepeviktor/patch-1 named users + smtp auth probes	10 years ago
Szépe Viktor	143a55bf26	Update courier-smtp.conf	10 years ago
Yaroslav Halchenko	2d7f2fa33f	Merge pull request #756 from marclaporte/patch-1 typo	10 years ago
Yaroslav Halchenko	45c1095606	Merge pull request #750 from niorg/master Added Directadmin filter, jail and log test	10 years ago
Yaroslav Halchenko	3339dc8d84	ENH: cyrus-imap -- catch also 'user not found' attempts	10 years ago
Yaroslav Halchenko	3e5c598b79	BF: cyrus-imaps -- catch also for secured daemons	10 years ago
Szépe Viktor	d757ef584f	Update courier-smtp.conf	11 years ago
Szépe Viktor	a786e8a29b	named users + smtp atuh probes	11 years ago
Pierre-Alain Dupont	3d7504c19e	Forwards bantime to action scripts That way, ipset and afctl will use a real timeout and not default to a fixed value for all jails	11 years ago
leftyfb	cba570cabd	Updated comments	11 years ago
leftyfb	5471e99ebe	Added cloudflare action	11 years ago
Yaroslav Halchenko	6cddc65cee	BF: path to exim's mainlog on Fedora (Thanks Frantisek Sumsal) + changelog entry	11 years ago
Yaroslav Halchenko	43950d8b7e	BF: fix path to the exim log on Debian systems (/var/log/exim4)	11 years ago
Marc Laporte	3777591ab0	typo	11 years ago
Cyril Roos	add8e61036	Added Directadmin filter, jail and log test	11 years ago
Yaroslav Halchenko	0adb10f653	Merge branch 'ainfo-copy' of https://github.com/kwirk/fail2ban * 'ainfo-copy' of https://github.com/kwirk/fail2ban: TST: actions modifying aInfo test more robust TST: Test for actions modifying (un)ban aInfo BF: aInfo could be modified by actions, causing unexpected behaviour	11 years ago
Steven Hiscocks	2d54161696	Merge branch 'kwirk/harmonize-log-msgs' Conflicts: ChangeLog - Keep all additions	11 years ago
Steven Hiscocks	76a5633ff9	Merge pull request #739 from ranvis/enh-iptables-ipsets ENH: Add <chain> to iptables-ipsets.	11 years ago
SATO Kentaro	65ff3e9604	ENH: Introduce iptables-common.conf.	11 years ago
Steven Hiscocks	94232d7c31	Merge pull request #726 from pmarrapese/master Minor improvement to sshd filter	11 years ago
Steven Hiscocks	8268c1641f	BF: aInfo could be modified by actions, causing unexpected behaviour A separate copy of aInfo is passed to each action	11 years ago
Yaroslav Halchenko	93d5c363ca	Merge branch 'enh/oracle_msg_server' * enh/oracle_msg_server: ENH: make oracleims failregex better anchored (more explicit) Update oracleims.conf to be 'less greedy' Update THANKS Update jail.conf for oracleims filter. Create test for oracleims filter Create oracleims.conf in filter.d for new filter	11 years ago
SATO Kentaro	1e1c4ac62a	ENH: Add <chain> to iptables-ipsets.	11 years ago
Yaroslav Halchenko	994fe77e59	ENH: make oracleims failregex better anchored (more explicit)	11 years ago
JoelSnyder	5165d2f6ea	Update oracleims.conf to be 'less greedy' This assumes that the protocol is always a string, which it always is, and that the other four fields in the "tr" are always numeric (which they always are). See port_access documentation at http://docs.oracle.com/cd/E19563-01/819-4428/bgaur/index.html	11 years ago
JoelSnyder	70ed93d8cc	Update jail.conf for oracleims filter. This is the jail.conf update. Hopefully this will go into pull request #734.	11 years ago
Steven Hiscocks	e8131475cd	ENH: Realign and harmonise log messages with getF2BLogger helper	11 years ago
Steven Hiscocks	db023be09b	BF: Fix bad syntax in badips.py action Taken from https://bugzilla.redhat.com/attachment.cgi?id=895966&action=diff	11 years ago
JoelSnyder	9b7c35810a	Create oracleims.conf in filter.d for new filter Created oracleims.conf to catch messages from Sun/Oracle Communications Messaging Server v6.3 and above (including v7)	11 years ago
pmarrapese	96918acee4	more explicit match for sshd filter & added test	11 years ago
pmarrapese	46d6e93800	adjusted sshd filter regex to catch more verbose lines	11 years ago
Steven Hiscocks	77ba065571	Merge pull request #697 from jhmartin/monit_admin_hack Block brute-force attempts against the Monit gui	11 years ago
Steven Hiscocks	bc10b64c69	ENH: Match non "Bye Bye" for sshd locked accounts failregex	11 years ago
Yaroslav Halchenko	596b819bdc	DOC: minor -- tabify docstring in badips.py action	11 years ago
Jason Martin	9c3cb31862	Even stricter monit regex, now covers entire line	11 years ago
Jason Martin	72bfd14330	Tidy up filter.d/monit.conf, make regex more complete. Add ChangeLog / THANKS entry. Add test cases.	11 years ago
Steven Hiscocks	03d90c2f42	BF: recidive filter and samples at wrong log level: WARNING->NOTICE	11 years ago
Jason Martin	7d112430ca	Block brute-force attempts against the Monit gui	11 years ago
Steven Hiscocks	d4427e5a76	Merge pull request #683 from yarikoptic/fix/682 Fix typos referencing paths-common, provide empty defaults for syslog_ log files (Partial fix to #682)	11 years ago
Steven Hiscocks	9fcb92524e	BF: badips.py action logging of exc_info on debug typo	11 years ago
Yaroslav Halchenko	8bcb25c3a2	defining empty defaults for syslog_ log targets for common (Thanks @chtheis, partial fix to #682 )	11 years ago
Yaroslav Halchenko	7dcea0d48d	typos of paths-common (Thanks @chtheis, partial fix to #682 )	11 years ago
Yaroslav Halchenko	5bccec61e4	ENH: adding pruned with previous merge trailing \s* in nginx filter	11 years ago
Yung-Chin Oei	941a38ea8e	nginx-http-auth: match when "referrer" is present A sample log-line is provided. The updated regex successfully matches this line. Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>	11 years ago
shawn	d7e888238c	Correct grammar	11 years ago
yungchin	6e8c1b2871	nginx-http-auth filter: match server_name = "" As documented at http://nginx.org/en/docs/http/server_names.html#miscellaneous_names "If no server_name is defined in a server block then nginx uses the empty name as the server name." This regex change allows us to match error output for such a configuration. The log line added to the tests was lifted from our logs verbatim; it did not match without the patched regex. Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>	11 years ago
yungchin	3a155ed2e0	Update comments in shorewall.conf for new settings	11 years ago
Ruben Kerkhof	1c36da9df9	Fix 2 more typos that codespell didn't catch	11 years ago
Ruben Kerkhof	1695d5c076	Fix a few typos Found with https://github.com/lucasdemarchi/codespell Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>	11 years ago
Manuel Rüger	5a1ad75114	Fix typo in comment	11 years ago
Steven Hiscocks	41cbbbc248	BF: Remove unused imports and variables. All highlighted by using pyflakes.	11 years ago
Steven Hiscocks	16125ec81a	BF: badips.py action methods not static due to use of self._logSys	11 years ago
Steven Hiscocks	6c5a978d6f	BF: journalmatch for recidive should be NOTICE level not WARNING	11 years ago
Daniel Black	7611096162	Merge branch '0.9' of https://github.com/fail2ban/fail2ban into 0.9	11 years ago
Daniel Black	aa7e8fb9ce	DOC: Credits. close gh-644	11 years ago
Steven Hiscocks	9e374b159e	ENH: Allow setting of badips.py key for reporting and blacklisting	11 years ago
Steven Hiscocks	de43d1d6d5	ENH: Change badips.py default score to "3" As per recommendation from Amy from badips.com	11 years ago
Daniel Black	476d79d3cc	ENH: asterisk filter to support syslog format	11 years ago
Daniel Black	415f187644	ENH: sendmail-reject for all smtp ports.	11 years ago
Steven Hiscocks	a78a9d282c	DOC: Document that badips.py action should be last action for jail	11 years ago
Steven Hiscocks	0222ff4677	Merge branch 'badips-blacklist' into 0.9 Conflicts: ChangeLog - entires added in both branches. Change: config/action.d/badips.py - jail.getName() changed to jail.name	11 years ago
Steven Hiscocks	0c63d0061a	DOC: Add documentation for badips.py action	11 years ago
Steven Hiscocks	dfb46cfda6	BF: Require Python 2.7+ for badips.py action	11 years ago
Daniel Black	df882feb16	ENH: expand sendmail-reject jail to 465,submission	11 years ago
Daniel Black	ef29d7bd29	ENH: paths-{common,distro} normalisation	11 years ago
Daniel Black	50d938e0bf	MRG: merge filter sendmail-spam into sendmail-reject	11 years ago
Daniel Black	666fd5eceb	ENH: purge excessive jail variations	11 years ago
Daniel Black	69f5baae36	ENH: jail.conf to use syslog_mail	11 years ago
Daniel Black	2d45becb0e	Merge branch '0.9' into distro-paths-gh-315	11 years ago
Daniel Black	2d8c497ce5	ENH: highlight missing osx paths	11 years ago
Daniel Black	cc8ec826c5	MRG: from master 2014-03-02	11 years ago
Daniel Black	853bed8e4f	ENH: more sendmail-reject filter items thanks to fab23	11 years ago
Daniel Black	d0ec09a3b5	BF: move to right location	11 years ago
Daniel Black	c10cc20928	ENH: rename sendmail-spam to sendmail-reject	11 years ago
Daniel Black	d34569fb8d	BF: email address as arg1 in sendmail filters	11 years ago
Daniel Black	72c84fe9b0	ENH: wider regex for RBL and sendmail-spam	11 years ago
Daniel Black	fe1725c603	BF: add jail.conf definitions for sendmail* filters	11 years ago
Daniel Black	3d776afbb0	ENH: add filter for sendmail-{auth,spam}. Closes gh-20	11 years ago
Steven Hiscocks	a9b9c6ea03	Merge branch 'logging' into 0.9 Conflicts: fail2ban/server/actions.py jail getName()->name fail2ban/server/filter.py jail getName()->name	11 years ago
Steven Hiscocks	df8d700d17	RF: Refactor Jail and JailThread Includes: - documentation to new format and use of properties - change isActive->is_active as former no longer documented for python3, and later introduction and documented in python2.6 - status formatter in beautifier somewhat more automatically formatted; no changes are required for additional status elements - JailThread now set to active within `start` method, complimenting `stop` method	11 years ago
Steven Hiscocks	a4731ef988	DOC: Correct log levels	11 years ago
Steven Hiscocks	5630c56c75	ENH: Change logging levels and make info more verbose	11 years ago
Daniel Black	9be22a96a6	Merge pull request #614 from kwirk/complain-abusix BF: Use abusix Abuse Contact DB to get more accurate abuse addresses	11 years ago
Daniel Black	cc463aa60d	Merge pull request #620 from kwirk/xarf-tweaks BF: Fix misplaced ";", and duplicate {ip,}matches	11 years ago
Daniel Black	b6f9b9161d	BF: remove self reference	11 years ago
Daniel Black	a044517cb7	MRG: from master to 0.9 2014-02-20	11 years ago
Daniel Black	79e6543eca	Merge branch '0.9' into distro-paths-gh-315	11 years ago
Daniel Black	83266eb668	ENH: framework for distro paths	11 years ago
Steven Hiscocks	8c5525163b	BF: Fix misplaced ";", and duplicate {ip,}matches	11 years ago
Steven Hiscocks	997729e274	BF: Fix complain action for multiple recipients and misplaced ";"	11 years ago
Steven Hiscocks	7c76f7f204	BF: $EUID not avilable in all shells, replaced with `id -u` in xt_recent	11 years ago
Steven Hiscocks	2a37ee2fb7	ENH: Add root user check in xt_recent, and add missing actionstop Thanks to Helmut Grohne on IRC for suggestion	11 years ago
Steven Hiscocks	5c7630c4be	ENH: Allow separate blacklist category for badips.py action	11 years ago
Steven Hiscocks	cf81ddd8e2	BF: Add error handling in badips.py action	11 years ago
Steven Hiscocks	31f4ea59cb	BF: Use abusix Abuse Contact DB to get more accurate abuse addresses Taken from xarf-login-attack action from 0.9 branch by Daniel Black	11 years ago
Steven Hiscocks	f68d85a6ac	Merge branch 'master' into 0.9 Conflicts: ChangeLog Spelling correction of 0.8.13 fixed in master config/jail.conf Added nagios and duplicate php-url removal in master Just nagios added, duplicate not issue in 0.9	11 years ago
Daniel Black	c701ac9276	DOC: document LogLevel requirement for "Connection from" regex"	11 years ago
Daniel Black	5f4d0ed576	ENH: ssh filter - "Disconnecting: Too many authentication failures.." matching Connection log message	11 years ago
Aarón Nieves Fernández	993b7d3dfb	Duplicate jail "php-url-fopen"	11 years ago
Steven Hiscocks	dff8909473	ENH: Add badips.com reporting and blacklisting action (python based)	11 years ago
Ivo Truxa	c207ad6058	removing ignoreip at [nagios] I removed the ignoreip setting from the nagios section. As pointed out, it is redundant here. Nagios server, under normal circumstances should not trigger any access errors, and would be included in the global ignoreips anyway.	11 years ago
Ivo Truxa	f5f434f846	removing the second failregex The second failregex was supposed to catch an error concerning an ACL denial over IPv6, but this message is no more generated by the nrpe version (v2.15) that introduced the IPv6 support, so the first failregex seems to be sufficient.	11 years ago
Ivo Truxa	a71bb89ccd	removing a dot (typo) The dot at the ignoregex did not belong there. Somehow it was added during the copying and pasting. Thanks for reporting it, I did not see it. Otherwise, empty ignoregexes are in all filters, and if they are missing, fail2ban client shows warnings when starting the filter, which I prefer avoiding.	11 years ago
Ivo Truxa	dac4dd465e	ENH: Nagios filter added typical configuration settings for the nagios filter	11 years ago
Ivo Truxa	c91fda8619	ENH: Nagios filter Sample log for the first failregex is available in the testcases. No example available for the IPv6 denial yet.	11 years ago
Daniel Black	ef82eac790	DOC: openssh real protection is pubkey	11 years ago
Daniel Black	59b9045e88	MRG: from master 2014-02-02	11 years ago
Daniel Black	273b2f45a3	MRG: remove the "no auth attempts" as per aseques gh-600	11 years ago
Daniel Black	9b614ce486	ENH: dovecot filter enhancements	11 years ago
Joan	84617fa6da	Fixed a failing case	11 years ago
Joan	08171ba52f	Removed the -no auth attempts- from the triggers because of lots of FP	11 years ago
Daniel Black	a749a2780e	Merge pull request #593 from grooverdan/tine ENH: Tine20 filter	11 years ago
Daniel Black	1a1e3bec86	ENH: framework for distro paths	11 years ago
Daniel Black	256c732bcd	BF/ENH: filter pure-ftpd - re-add _daemon. Add translations _daemon was accidently removed in `89fd792dfb` Added translations from source code	11 years ago
Daniel Black	1e1261ccb4	MRG: from master 2014-01-23	11 years ago
Daniel Black	ca57427080	BF: firewallcmd-ipset had non-working actioncheck	11 years ago
Daniel Black	c8ae064b79	ENH: tighten regex and change failJSON to support timezone. Closes gh-583	11 years ago
Daniel Black	2063d96e59	MRG: import Lars' PR for tine20	11 years ago
Steven Hiscocks	8221c7ca71	TST+BF: Add tests for python actions, including test for smtp.py Also fix bug when specifying multiple recipients for smtp.py action	11 years ago
Steven Hiscocks	a0f39255bc	BF: Kerio log datepattern fix for recent datepattern full regex merge	11 years ago
Daniel Black	a650178bd1	MRG: merge from master 2014-01-19	11 years ago
Daniel Black	263ac32730	ENH: test log samples for kerio thanks to Tony Lawrence	11 years ago
Daniel Black	1452be4a3a	Merge pull request #588 from grooverdan/badips ENH: Badips action (reporting)	11 years ago
Daniel Black	f566cab766	Merge branch 'master' into badips	11 years ago
Daniel Black	657da2041c	BF: dovecot filters, session characters and order of session/tls in log messages	11 years ago
Daniel Black	2333b2d5d9	MRG: from 0.9	11 years ago
Daniel Black	c7f887642d	Merge branch '0.9' into master_to_0.9	11 years ago
Daniel Black	3de80545e0	MRG: from master 2014/01/13	11 years ago

... 3 4 5 6 7 ...

1178 Commits (bd1eb70c52f078fea65d1688915487a5dea1f3c7)