github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
1,336 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

345 Commits (ced271b908d13f35951a7997bb0b5645eb21191e)

Author SHA1 Message Date
Daniel Black aebd24ec54 BF: replace with ed so its cross platform, fixes permission problem gh-266, and Yaroslav doesn't revert to perl 2013-07-02 20:09:27 +10:00
Daniel Black 4777cfd4e7 ENH: split out exim-spam into speparate filter 2013-07-02 20:03:16 +10:00
Daniel Black ca996ace5e ENH: remove temporary failures from local_scan in line with comments in gh-258 2013-07-01 21:56:02 +10:00
Daniel Black 9757e1df2b ENH: make groupings non-capturing 2013-07-01 21:53:05 +10:00
Daniel Black 72f9e6a51e ENH/TST: more samples and rejection types for sender verify fail and rejected RCPT 2013-07-01 21:50:35 +10:00
Daniel Black 3b76fc79f9 BF: fix dovecot filter for when no TLS is enabled on pop/imap 2013-07-01 21:12:51 +10:00
Daniel Black 0086a7edab ENH: missed a $ 2013-06-29 11:30:37 +10:00
Yaroslav Halchenko 1b170b2aef BF: support apache 2.4 more detailed error log format. Close #268 2013-06-28 09:49:36 -04:00
Yaroslav Halchenko 6d331bcbea BF: make colon after [daemon] optional. Close #267 2013-06-27 11:44:47 -04:00
Daniel Black fa7a105483 ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages 2013-06-27 09:16:14 +10:00
Daniel Black 25c3bbfc2f DOC: credits/blame to me for changes to exim 2013-06-16 00:25:24 +10:00
Daniel Black b8cfda68b8 ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries 2013-06-16 00:19:37 +10:00
Daniel Black d441d61a1e TST/ENH: Improve regex around exim 
rejected by local_scan now has test cases.

Unrouteable address error messages now normalised after looking into
exim code.
 2013-06-15 12:34:16 +10:00
Yaroslav Halchenko 9d4b613ee4 Merge branch '3proxy' of https://github.com/grooverdan/fail2ban 
* '3proxy' of https://github.com/grooverdan/fail2ban:
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
  BF: need to anchor the start to avoid another repeat of DoS injection like Apache
  ENH: stricter regex thanks to Steven Hiscocks (kwirk)
  DOC: credits

Conflicts:
	ChangeLog
 2013-06-14 12:32:51 -04:00
Yaroslav Halchenko 173fe48e77 Merge branch 'exim' of https://github.com/grooverdan/fail2ban 
* 'exim' of https://github.com/grooverdan/fail2ban:
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  ENH/BF: exim improvements with sample

Conflicts:
	ChangeLog
 2013-06-14 12:28:07 -04:00
Yaroslav Halchenko ec629ab4e8 Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban 
* 'proftpd' of https://github.com/grooverdan/fail2ban:
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: proftp regex hardening and log messages

Conflicts:
	ChangeLog
 2013-06-14 12:16:59 -04:00
Yaroslav Halchenko ab2c738b43 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban 
* 'dovecot' of https://github.com/grooverdan/fail2ban:
  TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
  ENH: dovecot regexs rewritten and extra failures

Conflicts:
	ChangeLog -- merged entries
 2013-06-14 12:14:40 -04:00
Daniel Black 8cc13b5b40 BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address 2013-06-14 18:12:53 +10:00
Daniel Black a433a8ea5f ENH: readibility thanks to Yaroslav 2013-06-14 15:21:50 +10:00
Yaroslav Halchenko 948be73115 Merge branch 'assp' of https://github.com/grooverdan/fail2ban 
* 'assp' of https://github.com/grooverdan/fail2ban:
  BF: missed a space
  BF: [SSL-out] is optional in assp
  ENH: regex hardening on assp

Conflicts:
	ChangeLog -- merged the two entries into 1
 2013-06-13 23:32:45 -04:00
Yaroslav Halchenko 09302c5c25 ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[ 
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
 2013-06-13 23:15:48 -04:00
Daniel Black 7018d81244 BF: missed a space 2013-06-14 12:35:44 +10:00
Daniel Black a447aa615d BF: [SSL-out] is optional in assp 2013-06-14 12:27:35 +10:00
Daniel Black d4940563d3 ENH: regex hardening on assp 2013-06-14 08:55:25 +10:00
Daniel Black 6a09ecff5c ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal . 2013-06-14 08:41:50 +10:00
Daniel Black 9940cd1b6b ENH: proftpd chan accept usernames with spaces 2013-06-14 00:29:43 +10:00
Daniel Black dbe7ffe050 ENH: dovecot regexs rewritten and extra failures 2013-06-13 23:52:15 +10:00
Daniel Black 4c67a269bf ENH: proftp regex hardening and log messages 2013-06-13 22:11:05 +10:00
Daniel Black 3e3802512a ENH/BF: exim improvements with sample 2013-06-13 17:44:18 +10:00
Daniel Black 88b4598ed8 BF: fix to proxy port in 3proxy example 2013-06-13 14:43:15 +10:00
Daniel Black 9dbaec0894 ENH: sample log + more specific regex 2013-06-13 10:23:14 +10:00
Daniel Black 8faf84b7f7 BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon 2013-06-13 08:34:10 +10:00
Yaroslav Halchenko 6ccd57813c BF: anchor apache- filters. Close #248 
See https://vndh.net/note:fail2ban-089-denial-service for more information
 2013-06-11 19:19:25 -04:00
Daniel Black fd9f9f16e0 BF: need to anchor the start to avoid another repeat of DoS injection like Apache 2013-06-12 08:48:30 +10:00
Daniel Black f2fa4d53a8 ENH: stricter regex thanks to Steven Hiscocks (kwirk) 2013-06-12 08:30:59 +10:00
Daniel Black 16d63434ef DOC: credits 2013-06-11 23:56:09 +10:00
Carlos Alberto Lopez Perez 47b063b022 Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list 
* I have been seeing bruteforcing attempts where asterisk fails with
   AUTH_UNKNOWN_DOMAIN (Not a local domain)
 2013-06-10 19:50:35 +02:00
Daniel Black 05c88bd85d ENH: purge a few more .* 2013-05-30 11:34:04 +10:00
Daniel Black 4cf402d60e ENH/BF: constrain regex. Fix ACL error regex 2013-05-30 10:15:58 +10:00
Daniel Black 0f7b609336 ENH: port optional 2013-05-30 09:43:39 +10:00
Daniel Black 278fd43429 Merge branch 'patch-1' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:39:12 +10:00
Terence Namusonge 244a96f9b3 fixed failregex line for roundcube 0.9+ 
# Only works only if  log driver: is set to  'syslog'. this is becoz fail2ban fails to 'read' the line due to the
 brackets around the date timestamp on logline when log driver is set to file
 2013-05-25 19:26:13 +02:00
Yaroslav Halchenko d2b1c73b92 CFG: assure actions for all the jails 2013-05-24 14:33:08 -04:00
Yaroslav Halchenko 89e06bba15 BF: blocktype must be defined within [Init] -- adding [Init] section. Close #232 2013-05-24 11:15:46 -04:00
silviogarbes 5c8fb68a2c Update asterisk.conf 
Para ficar compatível com asterisk 11
 2013-05-14 08:04:11 -03:00
Yaroslav Halchenko 90b8433ac5 DOC: inline commends with ';' are in effect only if ';' follows as space 2013-05-12 21:42:59 -04:00
Yaroslav Halchenko 2b1e19933f Merge branch 'master' of git://github.com/fail2ban/fail2ban 
* 'master' of git://github.com/fail2ban/fail2ban:
  BF: missed MANIFEST include
  DOC: credits for bsd-ipfw
  ENH: add ipfw rule for bsd using the tables.
 2013-05-08 10:32:18 -04:00
Yaroslav Halchenko 976a65bb89 Merge branch 'bsd_logs' of https://github.com/grooverdan/fail2ban 
* 'bsd_logs' of https://github.com/grooverdan/fail2ban:
  ENH: separate out regex and escape a .
  BF: missed MANIFEST include
  DOC: credits for bsd log
  DOC: bsd syslog files thanks to Nick Hilliard
  BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD

Conflicts:
	config/filter.d/common.conf
 2013-05-08 10:30:04 -04:00
Yaroslav Halchenko 5accc10a47 Merge pull request #206 from grooverdan/bsd_ipfw 
NF: BSD ipfw
 2013-05-08 07:24:56 -07:00
Yaroslav Halchenko 0ae49ab11e Merge branch 'bsd_pf' of https://github.com/grooverdan/fail2ban 
* 'bsd_pf' of https://github.com/grooverdan/fail2ban:
  BF: missed MANIFEST include
  DOC: add jail.conf entry for pf
  DOC: credit for pf action. Origin: http://svnweb.freebsd.org/ports/head/security/py-fail2ban/files/patch-pf.conf?view=log
  ENH: pf action thanks to Nick Hilliard <nick@foobar.org>.

Conflicts:
	ChangeLog
 2013-05-08 10:24:01 -04:00
Yaroslav Halchenko e85914cef8 Merge pull request #215 from grooverdan/reject_no_drop_by_default 
ENH: add blocktype to all relevant actions and change default action to reject
 2013-05-08 07:20:14 -07:00
Daniel Black 9c03ee6d9e ENH: consolidate where blocktype is defined for iptables rules 2013-05-08 07:52:08 +10:00
Daniel Black c7fd777966 BF: default type to unreachable 2013-05-08 07:31:31 +10:00
Daniel Black de56347619 ENH: separate out regex and escape a . 2013-05-08 06:32:27 +10:00
Yaroslav Halchenko e7cb0f8b8c ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs 2013-05-07 12:22:49 -04:00
Yaroslav Halchenko 2143cdff39 Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups 
Origin: from https://github.com/jamesstout/fail2ban

* 'OpenSolaris' of https://github.com/jamesstout/fail2ban:
  ENH: Removed unused log line
  BF: fail2ban.local needs section headers
  ENH: Use .local config files for logtarget and jail
  ENH+TST: ssh failure messages for OpenSolaris and OS X
  ENH: fail message matching for OpenSolaris and OS X
  ENH: extra daemon info regex
  ENH: actionunban back to a sed command
  Readme for config on Solaris
  create socket/pid dir if needed
  Extra patterns for Solaris
  change sed to perl for Solaris

Conflicts:
	config/filter.d/sshd.conf
 2013-05-06 11:11:12 -04:00
Yaroslav Halchenko 822a01018f Merge pull request #205 from grooverdan/bsd_ssh 
BSD ssh improvements (casing, msg)
 2013-05-06 07:54:58 -07:00
Daniel Black 3b4a7b7926 ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop 2013-05-05 15:43:18 +10:00
Daniel Black aa52743f52 DOC: add jail.conf entry for pf 2013-05-03 16:42:10 +10:00
Daniel Black 0c5a9c53e1 ENH: pf action thanks to Nick Hilliard <nick@foobar.org>. 2013-05-03 16:34:54 +10:00
Daniel Black b6d0e8ad9c ENH: add ipfw rule for bsd using the tables. 2013-05-03 16:31:45 +10:00
Daniel Black 40c56b10a0 EHN: enhance sshd filter for bsd. 2013-05-03 16:17:35 +10:00
Daniel Black b3bd877d23 BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD 2013-05-03 16:12:13 +10:00
Daniel Black 495f2dd877 DOC: purge of svn tags 2013-05-03 16:03:38 +10:00
Yaroslav Halchenko 89adcd7ff7 Merge branch PR #193 ASSP SMTP Proxy support (with some manual squashing) 
Origin: https://github.com/lenrico/fail2ban

Squashing was done via rebase -i 1524b076d6
to eliminate massive assp sample log file originally added

  fixed test date thx to steven
  tight control of the filter for ASSP
  as yaroslav wishes
  as daniel desires
  changed from DateASSPlike class to DateStrptime
  fixed little things
  added new date format support for ASSP SMTP Proxy
 2013-05-03 00:57:49 -04:00
Enrico Labedzki 36b0d78ff8 tight control of the filter for ASSP 2013-05-03 00:56:53 -04:00
Enrico Labedzki 07aee8cd33 as daniel desires 2013-05-03 00:56:53 -04:00
Enrico Labedzki 24a8d07c20 added new date format support for ASSP SMTP Proxy 2013-05-03 00:56:46 -04:00
jamesstout 3367dbd987 ENH: fail message matching for OpenSolaris and OS X 
- OpenSolaris keyboard message matched by new regex 3
- Removed Bye Bye regex per
https://github.com/fail2ban/fail2ban/issues/175#issuecomment-16538036
- PAM auth failure or error and first char case-insensitive, can also
have chars after the hostname. e.g.

Apr 29 16:53:38 Jamess-iMac.local sshd[47831]: error: PAM:
authentication error for james from 205.186.180.101 via 192.168.1.201
 2013-04-30 04:23:13 +08:00
jamesstout d2a9537568 ENH: extra daemon info regex 
for matching log lines like:
Mar 29 05:20:09 dusky sshd[19558]: [ID 800047 auth.info] Failed
keyboard-interactive for james from 205.186.180.30 port 54520 ssh2

this matches  [ID 800047 auth.info]
 2013-04-30 04:14:36 +08:00
jamesstout b7795addd0 ENH: actionunban back to a sed command 
per https://github.com/fail2ban/fail2ban/pull/182#discussion_r3999128
 2013-04-30 04:10:32 +08:00
Daniel Black 945ad3d9e6 BF: ensure dates in email are in the C locale. Thanks iGeorgeX 2013-04-29 14:10:23 +10:00
Daniel Black 0ac8746d05 ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458 2013-04-28 11:03:44 +10:00
Yaroslav Halchenko 22f04677b6 BF: usedns deals with forward (not reverse) DNS lookups (thanks Steven Hiscocks) 2013-04-23 13:56:51 -04:00
jamesstout 10fcfb925d Extra patterns for Solaris 2013-04-21 07:30:21 +08:00
jamesstout de98e3dabd change sed to perl for Solaris 2013-04-21 07:29:48 +08:00
Daniel Black 41b9f7b6ac BF: filter.d/sshd "Did not receive identification string" relates to an exploit so document this in sshd-ddos.conf but leave it out of authentication based blocks in sshd.conf 2013-04-18 04:38:03 +10:00
Daniel Black 32d10e904a ENH: more openssh fail messages from openssh source code (CVS 20121205) 2013-04-17 00:03:36 +10:00
Yaroslav Halchenko 59192a5585 Merge remote-tracking branch 'github_kwirk_fail2ban/pidfile' 
* github_kwirk_fail2ban/pidfile:
  Typo in default pidfile in fail2ban.conf
 2013-04-09 23:48:46 -04:00
Yaroslav Halchenko 99a5d78e37 ENH: for consistency (and future expansion ;)) -- rename to mysqld-auth 2013-04-09 18:03:34 -04:00
Yaroslav Halchenko ffaa9697ee Adjusting previous PR (MySQL logs) according to my comments 2013-04-09 18:00:40 -04:00
Yaroslav Halchenko 3e6be243bf Merge branch 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban 
* 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban:
  Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
  Added support for MySQL logfiles

Conflicts:
	testcases/datedetectortestcase.py -- conflictde with other added test cases
 2013-04-09 17:55:14 -04:00
Yaroslav Halchenko 72b06479a5 ENH: Slight tune ups for fresh SOGo filter + comment into the sample log file 2013-03-27 11:09:54 -04:00
Yaroslav Halchenko 105306e1a8 Merge remote-tracking branch 'pr/117/head' -- SOGo filters 
* pr/117/head:
  An example of failed logins against sogo
  Update sogo-auth.conf
  Update config/filter.d/sogo-auth.conf
  Create sogo-auth.conf
  Update config/jail.conf
 2013-03-27 11:09:35 -04:00
Yaroslav Halchenko 91d5736c12 ENH: postfix filter -- react also on (450 4.7.1) with empty from/to. fixes #126 2013-03-26 09:40:04 -04:00
ArndRa bba3fd8568 Update sogo-auth.conf 
included hint by user  yarikoptic
 2013-03-25 08:43:13 +01:00
Artur Penttinen 29d0df58be Added support for MySQL logfiles 2013-03-24 16:52:58 +02:00
Daniel Black 67544d1dd6 DOC: tags are documented in the jail.conf(5) man page 2013-03-17 10:52:49 +11:00
Yaroslav Halchenko 5e5eaaf838 Merge pull request #134 from grooverdan/misc-fixes 
BF: fail2ban client can't handle multi word setcinfo or action[*] values
 2013-03-10 18:01:17 -07:00
Pascal Borreli a2b29b4875 Fixed typos 2013-03-10 22:05:33 +00:00
Daniel Black a0f088be25 ENH: typo + head -1 has been deprecated for 10+ years. 2013-03-10 16:28:45 +11:00
Yaroslav Halchenko a8bd9c20a0 Merge branch 'master' of git://github.com/fail2ban/fail2ban 
* 'master' of git://github.com/fail2ban/fail2ban:
  add blocking type
  add example jail.conf for blocking through blackhole routes for ssh
  add support for blocking through blackhole routes
 2013-02-18 23:12:06 -05:00
Yaroslav Halchenko d5ae28facf Merge pull request #104 from gebi/t/route 
add support for blocking through blackhole routes
 2013-02-18 08:01:34 -08:00
Steven Hiscocks 294f073741 Typo in default pidfile in fail2ban.conf 2013-02-17 22:42:24 +00:00
Steven Hiscocks ce3ab34dd8 Added ability to specify PID file 2013-02-17 22:14:01 +00:00
Daniel Black 47b1ee39d8 add blocking type 2013-02-17 12:44:15 +11:00
Yaroslav Halchenko 8cf006827e BF: remove path from grep call in sendmail-whois-lines.conf Closes: gh-118 2013-02-12 08:48:05 -05:00
ArndRa 6cd358ee95 Update config/filter.d/sogo-auth.conf 
Comment line in the top altered to fit file name. My local file was named differently...
 2013-02-12 10:45:37 +01:00
ArndRa 35bf84abad Create sogo-auth.conf 
Regexp works with SOGo 2.0.5 or newer, following new feature implemented here: http://www.sogo.nu/bugs/view.php?id=2229
 2013-02-11 08:19:48 -08:00
ArndRa 52f952e645 Update config/jail.conf 
Update to use the new sogo-auth filter
 2013-02-11 17:14:29 +01:00