b40c6cbd9a
ENH: .mailmap file to bring some names together for git shortlog -sn
2015-11-01 11:28:58 -05:00
5767191988
fixed misleading documentation of `banaction`
2015-11-01 17:08:00 +01:00
fcf03790f4
fixed misleading documentation of `banaction`
2015-11-01 17:05:02 +01:00
eef7771b4e
Merge pull request #1238 from sebres/fix/gh-1216
...
Fixed directly defined banaction for allports jails like pam-generic, recidive, etc
2015-10-31 13:17:04 +01:00
e825e977cc
Nginx log paths extended (prefixed with "*" wildcard)
...
closes gh-1237
2015-10-30 17:51:30 +01:00
f359ed8c36
Fixed directly defined banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (+ man entries for both variables added);
...
closes gh-1216
2015-10-30 15:36:18 +01:00
5839a3bd80
Removed includes comment for screensharing jail
2015-10-29 16:07:54 -07:00
53b39162a1
Shortly, much faster and stable version of regexp (possible because expression is start-anchored and does not contains closely to catch-all sub expressions)
2015-10-29 23:55:23 +01:00
6884593ab8
New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module)
2015-10-29 23:15:20 +01:00
0661aece46
Merge branch 'master' into journaldefault
...
Conflicts:
ChangeLog
2015-10-29 15:22:37 -06:00
65bc5cf6ba
Now using a literal logpath for screensharing jail
2015-10-29 09:03:01 -07:00
cabd46f069
Fixed blatant typo in regex
...
However, still failing test, even though ```PYTHONPATH=. fail2ban-regex -v fail2ban/tests/files/logs/screensharingd /etc/fail2ban/filter.d/screensharingd.conf``` gives desired result
2015-10-28 20:58:25 -07:00
bed28eaa62
clarified comments on sample log format
2015-10-28 15:32:58 -07:00
c936d19805
Fixed name (again?)
2015-10-28 15:30:31 -07:00
acee68a9ee
Made screensharing jail off by default
...
Also added note about requiring paths-osx.conf.
2015-10-28 15:11:11 -07:00
4b4d5a95b7
Changed regex prequel
...
Use standard prefix macro instead of literal daemon name.
2015-10-27 21:30:20 -07:00
3dd1c305ce
added entry for new screensharingd filter
2015-10-27 21:20:12 -07:00
6a5f10ee72
name change & new sample data
...
changed name to match daemon, log samples with year
2015-10-27 16:27:14 -07:00
3e4a77a568
Added json metadata
2015-10-27 12:31:51 -07:00
b3a18631e2
Sample log for test case
2015-10-27 10:43:43 -07:00
4c3f778b82
Replaced .* with literal
...
Per Serg's suggestions. Possible I'm missing some auth attempt types, but I couldn't find anything where literal wasn't sufficient.
2015-10-27 10:33:30 -07:00
d17d837b8c
Update jail.conf
...
Added logencoding to screensharing jail to avoid encoding error messages in fail2ban log
2015-10-27 10:28:07 -07:00
de14946542
Added new path variable for system.log
...
Logging location for the majority of Mac OS daemons.
2015-10-26 18:02:07 -07:00
80546c6164
Added in settings for screensharingd filter
2015-10-26 17:50:49 -07:00
3ec725a2ba
Created file
...
From https://github.com/beezwax/filemaker-fail2ban/blob/master/fail2ban/filter.d/screensharingd.conf
2015-10-26 17:35:38 -07:00
eb87638ead
ChangeLog entry for OpenHAB home automation filter (gh-1223)
2015-10-26 15:56:01 +01:00
2861a957a9
filter for openhab domotic software authentication failure with the rest api and web interface + test cases;
...
closes gh-1223
2015-10-26 15:48:23 +01:00
26517b0464
Merge pull request #1226 from pablorf-dev/master
...
Minor fix and enhancement (fake google domains)
2015-10-22 14:23:47 +02:00
2c576c64f8
Change domain filter regex
...
Change domain filter regex since there are other Google crawlers.
See "Google crawlers"
<https://support.google.com/webmasters/answer/1061943?hl=en >
2015-10-20 10:46:00 +02:00
74fcb219ab
Enhanced Google domain detection in apache-fakegooglebot
...
Previously, an attacker could fake a domain like
crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change
avoids to resolve fake Google domains.
2015-10-20 10:45:53 +02:00
3a9cf2b3da
Add and use default_backend to set individual backend defaults to auto
2015-10-19 19:50:03 -06:00
81a26266a9
Add changlog entry for postfix-rbl logpath change
2015-10-19 19:46:43 -06:00
ced7be94b2
Fix postfix_log typo
2015-10-19 19:43:10 -06:00
75d33c0f09
Add *_backend options for services to allow distros to set the default backend
...
per service.
Set default to systemd for Fedora as appropriate.
2015-10-18 20:18:50 -06:00
7e6964dd9d
Fix section jail.conf.5 manpage
...
The section of jail.conf manpage is wrong, should be 5, not 10
2015-10-15 10:40:56 +02:00
3a5d4fdd26
Merge pull request #1221 from pablorf-dev/master
...
Add check in apache-fakegooglebot to protect against PTR fake record (gh-1221)
2015-10-14 11:33:06 +02:00
a28e6b442e
Add check in apache-fakegooglebot to protect against PTR fake record
...
An attacker may return a PTR record which fakes a Googlebot's domain
name. This modification resolves the PTR records to verify it.
See "Verifying Googlebot":
<https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919 >
2015-10-13 17:11:49 +02:00
16443f7b05
Merge pull request #1219 from agentmoller001/patch-1
...
Updated route.conf to clear warnings (Closes #1026 )
2015-10-09 21:26:53 -04:00
617302fcc2
Updated route.conf to clear warnings
...
Does not throw warnings when starting/restarting by adding three lines of code.
2015-10-09 18:16:36 -07:00
6fb5e3a494
removed outdated and "problematic" .pydevproject
2015-10-09 14:10:02 -04:00
42598fbf26
Merge pull request #1215 from paulmenzel/strip-trailing-whitespace-from-files-under-files
...
files: Strip trailing whitespace from files
2015-10-08 18:39:40 +02:00
078e2048f2
files: Strip trailing whitespace from files
...
Run the command `StripWhitespace` from the [Vim Better Whitespace
Plugin](https://github.com/ntpeters/vim-better-whitespace ).
2015-10-08 16:18:08 +02:00
2696ede251
mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later
...
closes gh-1211
2015-10-07 14:34:13 +02:00
61ac481703
IpToName test case fixed ('66.249.66.1' resp. 'crawl-66-249-66-1.googlebot.com' seems to be unresolvable)
2015-10-07 13:36:21 +02:00
68db52474d
Merge pull request #1206 from kevinoid/ssh-match-auth-fail
...
ssh.conf: Fix disconnect "Auth fail" matching
2015-10-05 10:15:53 +02:00
2a5c93cfb5
Update ChangeLog and THANKS for "Auth fail" changes
...
Document the changes from 36919d9f
2015-10-05 00:31:13 -07:00
42b0e9258d
Test cases for ssh.conf disconnect "Auth fail"
...
Add test coverage for the new disconnect "Auth fail" matching added in
36919d9f
2015-10-02 15:56:26 -07:00
36919d9f97
ssh.conf: Fix disconnect "Auth fail" matching
...
The regex for matching against "Auth fail" disconnect log message does
not match against current versions of ssh. OpenSSH 5.9 introduced
privilege separation of the pre-auth process, which included
[logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114 )
which adds " [preauth]" to the end of each message and causes the log
level to be prepended to each message.
It also fails to match against clients which send a disconnect message
with a description that is either empty or includes a space, since this
is the content in the log message after the disconnect code, per
[packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215 ),
which was matched by \S+. Although I have not observed this yet, I
couldn't find anything which would preclude it in [RFC
4253](https://tools.ietf.org/html/rfc4253#section-11.1 ) and since the
message is attacker-controlled it provides a way to avoid getting
banned.
This commit fixes both issues.
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
2015-10-02 15:46:29 -07:00
8311bad4ea
Merge pull request #1204 from szepeviktor/patch-8
...
Added CloudFlare API error codes URL
2015-09-30 07:54:30 -07:00
0d8968daa9
Added CloudFlare API error codes URL
2015-09-30 16:07:45 +02:00
Yaroslav Halchenko