github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
1,945 Commits
34 Branches
229 Tags
22 MiB
Commit Graph

1945 Commits (c03a50b44be9c55347508335af42b7671e9e0352)

Author SHA1 Message Date
Steven Hiscocks c03a50b44b BF: Allow handle case when SKIPLINES lines is not matched 
Example is when one or more SKIPLINES is optional in a regex
 2013-12-04 23:13:27 +00:00
Steven Hiscocks c886414e2e ENH+BF: Capture multiline matched lines into fail ticket 
Previously only the last line of the match was being saved, not all
lines involved in matching.

Log lines are now broken into 3 part tuple, with the line pre-datetime,
the datetime, and post-datetime. Allows reformation of full line, but
also use of the line without the datetime present.
Attempting to use the term "tupleLine(s)" where possible, to avoid
confusion with normal read lines.

May also wish to consider that regexs could be made to capture more
lines of interest if some form of unique reference is available. This
may allow more lines of interest to be captured, which may not be picked
up by the traditional "grep <ip>" approach i.e. ones which do not have
the ip address in.

This also simplified the fail2ban-regex statistics for missed lines.
Also resolved bug with missed lines time extracted for debuggex having
some lines present which were captured in a multiline regex.
Also resolved independent issue with ignored line check including the
datetime, which raised assertion error in the rare case the datetime
matched the ignore regex, and the rest of line only matched a failregex
 2013-12-04 22:26:22 +00:00
Yaroslav Halchenko 2c1199cce0 Let's progress and mark a2 release toward 0.9.0 2013-11-30 12:25:17 -05:00
Daniel Black f7504d5b64 MRG: conflict in THANKS 2013-11-30 10:39:19 +11:00
Daniel Black 4d86a17641 Merge pull request #453 from grooverdan/master_to_0.9 
MRG: merge Master to 0.9
 2013-11-29 15:37:44 -08:00
Daniel Black 04438cd1a1 BF/ENH: mysql jail - rename to mysql-syslog to be consistent with 0.8.13. Add port to syslog defination. Document mysql configuration required for mysql jails 2013-11-30 10:00:59 +11:00
Daniel Black 3f4d179612 BF: smtps not an IANA port - from #447 2013-11-30 09:52:32 +11:00
Daniel Black fe9e077acf BF: correct spelling of port for solid-pop3 jail in jail.conf 2013-11-30 09:51:30 +11:00
Daniel Black 2bcc6c66b1 TST: remove python 2.5 from TravisCI 2013-11-29 21:54:36 +11:00
Daniel Black b157be22d2 TST: pids don't match test case for sshd filter 2013-11-29 16:02:28 +11:00
Daniel Black 227f27ce6b ENH: added multiline filter for sshd filter 2013-11-25 14:55:41 +11:00
Daniel Black 98eacdf333 MRG/BF: merge from master. Fix bugs in iso8601 2013-11-24 16:36:06 +11:00
Daniel Black 28d8aec511 DOC: Arch Linux link 2013-11-21 07:05:21 +11:00
Daniel Black 24c143b411 Merge pull request #445 from grooverdan/suhosin 
TST: more test cases for suhosin
 2013-11-19 15:23:59 -08:00
Daniel Black 015b403df0 TST: more test cases for suhosin 2013-11-20 10:01:06 +11:00
Yaroslav Halchenko 629e9ae445 Merge pull request #443 from grooverdan/apache-authfix 
BF: apache filters using error log weren't matched when referer existed ...
 2013-11-18 15:53:39 -08:00
Daniel Black 284f811c91 BF: apache filters using error log weren't matched when referer existed in HTTP header 2013-11-19 10:27:55 +11:00
Yaroslav Halchenko 491165c929 Merge pull request #438 from grooverdan/solid-pop3d 
ENH: filter for Solid-pop3d
 2013-11-17 17:34:46 -08:00
Daniel Black 1ea68b2d0c DOC: filter.d/solid-pop3d - document lack of PAM support. Thanks to Jacques for the log messages 2013-11-18 09:44:26 +11:00
Daniel Black 0eea0a35db ENH: filter.d/solid-pop3d - added log messages and regexes 2013-11-18 08:58:23 +11:00
Daniel Black 2c63b1fe93 Merge pull request #439 from yarikoptic/bf/proftpd-millisec 
ENH: proftpd in Debian (now or forever) has ",milliseconds" in its date format
 2013-11-17 12:44:44 -08:00
Daniel Black b3b9ea4559 ENH: jail for solid-pop3d 2013-11-18 07:42:45 +11:00
Yaroslav Halchenko 82174ea4c4 Changelog for preceding proftpd date format change 2013-11-16 22:18:51 -05:00
Yaroslav Halchenko d4f6ca4f85 ENH: adding custom date format for proftpd when logging in its own log file (default on Debian) -- includes milliseconds 
Should resolve Debian #648276
 2013-11-16 22:15:58 -05:00
Daniel Black 88eff70774 ENH: filter.d/solid-pop3d added 2013-11-16 09:43:15 +11:00
Daniel Black ed212fcdcc DOC: new ChangeLog header 2013-11-16 09:40:05 +11:00
Daniel Black 84f915c1f7 fix nginx-http-auth lof file location and MANIFEST 2013-11-13 09:57:13 +11:00
Daniel Black a7604c899f DOC: list Wiki pages to update after a release 2013-11-13 09:43:36 +11:00
Daniel Black 1ac7b53cad MRG: merge from master 2013-11-13 09:16:45 +11:00
Daniel Black 752ea054db DOC: post release version change 2013-11-13 09:01:52 +11:00
Daniel Black fc213a103e Merge pull request #437 from grooverdan/0.8.11_release 
DOC: finalise 0.8.11 release
 2013-11-12 13:06:54 -08:00
Daniel Black d0498bec69 DOC: finalise 0.8.11 release 2013-11-13 08:05:08 +11:00
Daniel Black 286d78e13c Merge pull request #430 from grooverdan/apache-overflows 
ENH: Apache overflows - httpd-2.4 message IDs + samples
 2013-11-12 12:46:52 -08:00
Daniel Black 50ca16e50e Merge pull request #431 from grooverdan/apache-noscript 
ENH: apache-2.4 message IDs for filter apache-noscript
 2013-11-12 12:46:09 -08:00
Daniel Black 947c6ff9cc Merge pull request #433 from grooverdan/asterisk 
BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from " regex thanks to Jonathan Lanning
 2013-11-12 12:45:52 -08:00
Daniel Black 38503a5848 Merge pull request #434 from grooverdan/dos-resistant-dropbear 
ENH: DoS resistant dropbear filter
 2013-11-12 12:45:12 -08:00
Daniel Black 62b1f98dff Merge pull request #435 from grooverdan/dos-resistant-exim 
BF: exim filter to be DoS resistant
 2013-11-12 12:44:53 -08:00
Daniel Black 0d47ea3348 Merge pull request #436 from grooverdan/dos-resistant-roundcube-auth 
BF/ENH: DoS resistant roundcube-auth with test cases and more variation from IMAP responses
 2013-11-12 12:44:36 -08:00
Daniel Black be60518218 BF/ENH: DoS resistant roundcube-auth with test cases and more variation in IMAP error given 2013-11-12 18:57:01 +11:00
Daniel Black 52972164a2 BF: exim filter to be DoS resistant 2013-11-12 18:13:35 +11:00
Daniel Black c272573fe3 ENH: DoS resistant dropbear filter 2013-11-12 18:06:16 +11:00
Daniel Black eb9663eb4f BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning 2013-11-12 09:22:41 +11:00
Daniel Black 648d48c355 ENH: apache-2.4 message IDs for filter apache-noscript 2013-11-11 10:49:11 +11:00
Daniel Black c81ed53805 TST: change source URL 2013-11-11 10:40:12 +11:00
Daniel Black a4718eb644 ENH: apache-overflow filter to have HTTP-2.4 message IDs and test samples 2013-11-11 10:38:02 +11:00
Daniel Black 87516eb92b ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case 2013-11-11 09:46:40 +11:00
Daniel Black e8aa676cf5 Merge pull request #429 from grooverdan/filter-develop-doco 
DOC: Filter development doco
 2013-11-10 14:10:10 -08:00
Daniel Black 191c4fda1b Merge pull request #428 from grooverdan/ssh-dos 
TST: test case that shows injection into username
 2013-11-10 13:39:03 -08:00
Daniel Black f1c98a799f Merge pull request #421 from grooverdan/sendmail-spam 
ENH: multiline filter for sendmail-spam. Closes gh-418
 2013-11-10 13:37:33 -08:00
Daniel Black d90130234d TST: end of json in sshd sample log 2013-11-11 08:29:54 +11:00