a2431158f6
implements new interpolation variable `%(fail2ban_confpath)s` (automatically substituted from config-reader path, default `/etc/fail2ban` or `/usr/local/etc/fail2ban` depending on distribution); `ignorecommands_dir` is unneeded anymore, thus removed from `paths-common.conf`;
...
fixes gh-3005
2022-02-09 17:10:19 +01:00
13520a0494
Merge branch '0.11'
2022-02-09 15:45:17 +01:00
8ac49b5858
Merge branch '0.10' into 0.11
2022-02-09 15:44:35 +01:00
f380d6202d
cherry pick #3210 from master
2022-02-09 15:43:21 +01:00
498e473a10
filter.d/courier-auth.conf: consider optional port after IP, regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now;
...
closes #3211
2022-02-09 12:18:23 +01:00
810386a265
filter.d/dovecot.conf: parse everything in parenthesis by auth-worker info, e. g. can match (pid=...,uid=...) too
...
(amend to 92f90038fa
2022-02-08 19:21:37 +01:00
dfc866ea41
improve RE to solve conflict with expected another open parenthesis
2022-01-27 17:50:28 +01:00
0f1706d4a1
Adjusting for updated dovecot log format
...
This should now match:
`Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=<sales@karolyi.hu>, rip=183.111.188.94, lip=127.0.0.19, session=<Lsz0Oo7WXti3b7xe>`
the issue is the `read(size=1003)` that probably has been added lately and which causes the rule not to discover the log message.
2022-01-27 11:28:20 +00:00
06d2623c5e
iptables and iptables-ipset actions extended to support multiple protocols with single action for multiport or oneport type (back-ported from nftables action);
...
amend to gh-980 fixing several actions (correctly supporting new enhancements now)
2022-01-26 21:51:11 +01:00
b639c8869c
make several iptables actions more breakdown-safe: start wouldn't fail if chain or rule already exists (e. g. created by previous instance and doesn't get purged properly);
...
ultimately closes gh-980
2022-01-25 00:35:14 +01:00
3d7e3bc2fb
make ipset actions more breakdown-safe: start wouldn't fail if set with this name already exists (e. g. created by previous instance and don't deleted properly)
2022-01-24 22:56:16 +01:00
7db1c97a3e
Merge remote-tracking branch 'remotes/sebres/1.0-breakdown-safe-actions' with master;
...
conflicts resolved
2022-01-24 22:31:51 +01:00
970573d1cb
Merge branch '0.11'
2022-01-18 16:17:49 +01:00
35d73d9758
Merge branch '0.10' into 0.11
2022-01-18 16:17:07 +01:00
bf689c27b8
filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of f77398c49d);
...
closes gh-3086
2022-01-18 15:42:35 +01:00
8bf15db688
filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port;
...
closes gh-3169
2022-01-18 15:41:27 +01:00
80805cabfc
Merge branch '0.11'
2021-11-03 16:01:00 +01:00
0b3ad780fe
Merge branch '0.10' into 0.11
2021-11-03 15:48:21 +01:00
4b54a07d71
Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;"
...
This reverts the incompatibility #3047 introduced by commit a038fd5dfe#2821 ).
2021-11-01 11:45:40 +01:00
3245b8018b
Add the Debian path to roundcube error logs
2021-10-23 17:38:20 +02:00
ba839af8ad
filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116)
2021-10-01 15:03:24 +02:00
10cd815525
merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm)
2021-07-07 12:06:06 +02:00
c03fe6682c
merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm)
2021-07-07 12:04:46 +02:00
410a6ce5c8
fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence
2021-06-21 17:12:53 +02:00
579c6a94af
filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040)
2021-06-10 15:23:24 +02:00
43f2923fbd
filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user";
...
both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters
2021-06-10 15:06:54 +02:00
bbfff18280
action.d/ufw.conf: amend to #3018 : parameter `kill-mode` extended with conntrack
2021-06-03 12:02:08 +02:00
c7a86b4616
action.d/firewallcmd-ipset.conf: amend to #2620 :
...
- combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`);
- IPv6-capability for firewalld ipset;
- no internal timeout handling by default;
- no permanent rules yet
2021-05-29 22:59:55 +02:00
2a508da5a0
Merge pull request #2620 from mspolitaev/master
...
Using native firewalld ipset implementation
2021-05-29 21:30:55 +02:00
38535b0cca
Merge branch '0.11' into master
2021-05-29 21:25:24 +02:00
d2f5c7de09
Merge branch '0.10' into 0.11
2021-05-29 21:24:11 +02:00
92f90038fa
filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553
2021-05-29 21:12:34 +02:00
8b984a0135
filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553)
2021-05-29 20:47:56 +02:00
6be1a5a0b1
filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)
2021-05-29 20:25:28 +02:00
8afea37494
filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757)
2021-05-29 20:09:57 +02:00
c5f1598a21
filter.d/postfix.conf: extended to cover new vectors:
...
- reject: BDAT/DATA from (gh-2927)
- (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else)
- matches "Command rejected" and "Data command rejected" now
2021-05-29 19:48:24 +02:00
ae3e9b9149
filter.d/postfix.conf: extended to cover 2 new vectors:
...
- RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995
- 550 5.7.25 Client host rejected, gh-2996
review combining several regex to single one
2021-05-29 19:21:27 +02:00
87f717e0e0
filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012)
2021-05-29 18:45:59 +02:00
3d52fe3e4e
Merge pull request #2679 from mikaku/updated-to-latest-jail.conf
...
Add new jail (and filter) Monitorix
2021-05-27 12:17:16 +02:00
0a05dbdbfc
Merge branch '0.11' into master
2021-05-25 23:19:25 +02:00
3312b8cb95
Merge branch '0.10' into 0.11
2021-05-25 23:18:33 +02:00
1627d4f573
filter.d/sendmail-auth.conf: user not found, closes gh-3030
2021-05-25 23:16:29 +02:00
f07e0f7ade
Merge pull request #2984 from j-marz/zoneminder_filter_update
...
Zoneminder filter update
2021-05-21 13:03:33 +02:00
ec4e0dd65b
padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name)
2021-05-21 13:00:24 +02:00
2367ad115c
fixed typo in comment
2021-05-20 09:15:45 +10:00
3f9cf27853
filter.d/apache-fakegooglebot.conf: better, more precise regex and datepattern (closes possible weakness like #3013 )
2021-05-11 13:47:48 +02:00
4f8427178a
Missing comment "#" ( #3022 )
...
Missed this ... but the logs showed it.
2021-05-07 18:23:40 +02:00
88f779ed24
ufw.conf, amend to #3018 - add missing option for comment ( #3019 )
2021-05-06 23:23:39 +02:00
8f6a8df3a4
added new options `kill-mode` and `kill`, which makes the drop of all connections optional
2021-05-06 21:47:06 +02:00
5debaa4cac
option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat)
2021-05-06 20:23:58 +02:00
sebres