github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,475 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

607 Commits (cee09e29eccdfe7546169bd0c50e58be0a08bc07)

Author SHA1 Message Date
Yaroslav Halchenko 28a0605f69 Merge pull request #1478 from gips0n/master 
adding openldap slapd filter
 2016-07-14 08:30:42 -04:00
Andrii Melnyk 7433b353ee another variant of regex 2016-07-14 10:19:21 +03:00
Andrii Melnyk 7c5828dd2a add trailing anchor to failregex 2016-07-13 21:09:42 +03:00
Andrii Melnyk 48c094f612 improved failregex according to @sebres recomendations 2016-07-08 13:45:10 +03:00
sebres f5f204ca7c Improved changes of gh-1458: 
`[^']*` after callid was wrong, changed to `[^\)]*`;
  regexp anchored at the end;
  almost the same regex grouped to one;

Closes #1458
 2016-07-08 11:45:25 +02:00
nturcksin 72a157b8f2 Improve PJSIP log support for asterisk 13+ with different callID (Squash gh-1458) 
Change the asterisk pjsip filter to don't take the callId part
Add optional part between "Request" and "from"
Listed all log message from asterisk
 2016-07-08 11:45:22 +02:00
Andrii Melnyk dcb69b0242 * add `__prefix_line` to regex 
* fix time in log file
 2016-07-08 05:29:51 +03:00
Andrii Melnyk b2e3affaa0 adding openldap slapd filter 2016-07-08 04:50:57 +03:00
Yaroslav Halchenko 636a93f58b Merge pull request #1438 from yarikoptic/bf-exim 
exim filters -- make wider use of host_info helper str susbstitution + fix for #1430
 2016-06-07 21:35:52 -04:00
Ludovic Gasc f85fb45b29 Asterisk pjsip (#1456) 
* Improve PJSIP log support for Asterisk 13+

* Update changelog: filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+

* Change pjsip regexp with sebres observation, thanks to @nturcksin
 2016-06-07 11:40:35 +02:00
Yaroslav Halchenko 6434661480 RF: for consistency use (?:XXX)? instead of (?:|XXX) 2016-05-30 12:12:53 -04:00
Yaroslav Halchenko 48a8324662 ENH: use non-capturing regex groups in exim-common and exim filters 2016-05-30 11:02:12 -04:00
Yaroslav Halchenko 9bb869b8d4 ENH: courier-smtp -- allow for trailing username (no spaces) in the logline 
Closes #1440
 2016-05-21 22:17:09 -04:00
Yaroslav Halchenko 8b8cf2a660 ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible 2016-05-21 10:29:09 -04:00
Yaroslav Halchenko 743a531eb5 BF: make :port and I=[ip]:port optional for a "AUTH command used when not advertised" 
Closes #1430
 2016-05-21 10:29:01 -04:00
sebres 52377984cd back to mandatory space, ungrouping of sub parameters in `__prefix_line` + small code review; 2016-05-19 17:57:48 +02:00
sebres 25af11215b test case for generic common moved to `./fail2ban/tests/config/filter.d/zzz-generic-example.conf` to prevent shipping it with fail2ban installations 2016-05-17 20:08:46 +02:00
sebres cb4f9be8b2 the date brackets removed from filters using `__prefix_line`, because `__prefix_line` already contains the date ambit; 2016-05-17 11:55:02 +02:00
sebres de813acf51 extends generic `__prefix_line` with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` + test case added; 2016-05-17 11:54:43 +02:00
sebres 3e49522b7a fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405, misleadingly committed in d2a9537568); 
all optional spaces normalized in generic include `common.conf` + test cases are extended (using new example pseudo-filter and test log `zzz-generic-example`);
 2016-05-13 20:26:37 +02:00
jungle-boogie d889918f19 update doc url 
direct to confluence page. no code changes.
 2016-04-24 21:35:18 -07:00
Yaroslav Halchenko aa303acfd6 Merge pull request #1381 from theDogOfPavlov/patch-3 
Tightened up exim regexes to catch rDNS entries
 2016-04-23 18:27:38 -04:00
Alexandre Perrin 7712310d2d Be more backward compatible on matching postfix/smtps/smtpd 
Support trailing smtps also and not only smtpd.

suggested by @sebres
 2016-04-14 13:54:58 +02:00
Alexandre Perrin 1a299409e5 Fix postfix/smtps/smtpd matching. 2016-04-14 12:10:58 +02:00
theDogOfPavlov 1eb51b1bc2 Tightened up regexes to catch rDNS entries 2016-04-01 18:07:01 +01:00
Serg G. Brester b9b7ecbf6b Merge pull request #1357 from sebres/monit-new-fltr 
monit filter fixup for the new version (gh-1355)
 2016-03-26 11:39:26 +01:00
sebres ac27c9cb96 Merge branch 'patch-2' (gh-1371) 2016-03-25 17:05:23 +01:00
Serg G. Brester 0effe76971 Merge pull request #1370 from theDogOfPavlov/patch-1 
Added regex for LDAP authentication failures
 2016-03-25 15:30:39 +01:00
jblachly e9202fa0b2 Placed failure (illumos) at end of regex 2016-03-24 00:43:15 -04:00
theDogOfPavlov fe1475be95 Additional exim regexes to cover common attacks... 2016-03-21 05:59:59 +00:00
theDogOfPavlov cf2aa9c1c0 Added regex for LDAP authentication failures 2016-03-21 05:53:23 +00:00
jblachly 25c2334bc8 SmartOS PAM Authentication failed (not failURE) 
SmartOS (and likely other Illumos platforms) enter log entries for failed sshd logins of the form:
`Authentication failed for USER from HOST`
The current sshd.conf regex matches `failure` -- add to this a match for `failed` to support Illumos
 2016-03-16 13:52:01 -04:00
Johannes Weberhofer bd25a43417 define journalmatch setting for pure-ftps 2016-03-11 18:19:53 +01:00
sebres 37c9075fad fixed monit filter: failregex find now both previous and new versions: 
- failregex of previous monit version merged as single expression;
- extended failregex with new monit "access denied" version;
 2016-03-09 20:06:14 +01:00
Yaroslav Halchenko 385b50e4a9 Merge pull request #1343 from denics/master 
adding wp-admin to bot search
 2016-03-07 10:23:37 -05:00
Denix ed0e572bfc added wp-admin 
bot are very annoying and I am getting a lot of checks on wp-admin. This should calm them.
 2016-03-02 16:52:03 +01:00
Yaroslav Halchenko 6ffbc1ffad ENH: revert back to having detailed suffix anchored at the end for mysqld-auto.conf 
As discussed in https://github.com/fail2ban/fail2ban/pull/1333#discussion_r54100127
 2016-02-28 12:07:46 -05:00
Yaroslav Halchenko 3e31145c33 Merge pull request #1331 from whyscream/postfix-multi-instance-support 
Add support for matching postfix multi-instance daemon names by default
 2016-02-28 12:00:24 -05:00
sebres 667785b608 mysqld: failregex fixed (accepts different log level, more secure expression now); 
closes #1332
 2016-02-24 17:17:51 +01:00
Tom Hendrikx 6c606cf98f Add support for matching postfix multi-instance daemon names by default 2016-02-23 20:23:04 +01:00
Yaroslav Halchenko 905c87ca4a Merge pull request #1310 from yarikoptic/pr-1288 
NF: HAProxy HTTP Auth filter
 2016-02-11 08:35:48 -05:00
sebres d8e81eb417 regexp rewritten (few vulnerable as previous) + test case added 2016-02-08 12:01:25 +01:00
3eBoP 257b7049d8 Update asterisk filter: changed regex for "Call from ...". Sometimes extension can have a plus symbol (+) because they can be phone number. 
Closes #1309
 2016-02-08 11:51:37 +01:00
Pierre GINDRAUD b5a07741c8 Add new regex into postfix filter. The new regexp is able to detect bad formatted SMTP EHLO command 2016-02-08 11:11:59 +01:00
Jordan Moeser d7b46509d8 Update haproxy-http-auth.conf 
Updated failregex to be more strict
 2016-01-12 08:37:33 +10:00
Jordan Moeser e133762a28 Added HAProxy HTTP Auth filter 2015-12-31 11:16:23 +10:00
Yaroslav Halchenko 69aa1feac0 Merge "Mac OS Screen Sharing filter" PR 1232 
* pr/1232/head:
  removed system.log
  Removed old svn revision comment
  removed false matches
  Removed includes comment for screensharing jail
  Now using a literal logpath for screensharing jail
  Fixed blatant typo in regex
  clarified comments on sample log format
  Fixed name (again?)
  Made screensharing jail off by default
  Changed regex prequel
  added entry for new screensharingd filter
  name change & new sample data
  Added json metadata
  Sample log for test case
  Replaced .* with literal
  Update jail.conf
  Added new path variable for system.log
  Added in settings for screensharingd filter
  Created file

Conflicts:
	ChangeLog - moved to New Features
	config/jail.conf  - kept at the end
 2015-12-29 19:36:59 -05:00
Yaroslav Halchenko 26dd6d7425 Merge pull request #1258 from aleksandrs-ledovskis/feature/postfix-domain-not-found-failregex 
Add 'Sender address rejected: Domain not found' Postfix failregex
 2015-12-18 09:23:54 -05:00
Ross Brown 8d12dba245 Merge remote-tracking branch 'upstream/master' 2015-12-17 18:01:17 +00:00
Ross Brown ead2d509dc Updated 'murmur' filter to use new double-anchored regex based on @yarikoptic's suggestions. 2015-12-17 17:45:24 +00:00