fail2ban

Commit Graph

Author	SHA1	Message	Date
Joan	9c6aab37d6	As suggested by @grooverdan, grouping the tests and making them false to avoid accidentally reenabling them in the future	11 years ago
Joan	aaa86cd10f	As suggested by @grooverdan, grouping the tests and making them false to avoid accidentally reenabling them in the future	11 years ago
Joan	84617fa6da	Fixed a failing case	11 years ago
Joan	08171ba52f	Removed the -no auth attempts- from the triggers because of lots of FP	11 years ago
Daniel Black	7476ebabbd	Merge pull request #596 from grooverdan/pureftpd BF: Pureftpd	11 years ago
Daniel Black	3c48e3f035	DOC: changelog for pure-ftpd filter fixes	11 years ago
Daniel Black	256c732bcd	BF/ENH: filter pure-ftpd - re-add _daemon. Add translations _daemon was accidently removed in `89fd792dfb` Added translations from source code	11 years ago
Daniel Black	ca57427080	BF: firewallcmd-ipset had non-working actioncheck	11 years ago
Daniel Black	499b33f8a6	DOC: post release versioning	11 years ago
Daniel Black	33dd1733fb	DOC: version and release date to 0.8.12 on 2014-01-22	11 years ago
Steven Hiscocks	0b4dd6272c	Merge pull request #589 from grooverdan/one-bad-regex-gh-585 fault tolerance when pushing multiple configurations	11 years ago
Daniel Black	59b1e225e9	DOC/ENH: update man pages for release	11 years ago
Daniel Black	5ade6a13af	DOC: ChangeLog dateing and normalisation	11 years ago
Daniel Black	058621f9bd	ENH: continue with rest of fail2ban config even if errors. Closes gh-585	11 years ago
Daniel Black	2647461a3c	DOC: ChangeLog. Note incompatible changes and group new filters and actions under New Features	11 years ago
Daniel Black	c6c75dd19e	BF: complete MANIFEST	11 years ago
Daniel Black	224e795f4c	DOC: note in man page about "last message repeated" syslog compression. Closes Debian bug #620364	11 years ago
Daniel Black	1452be4a3a	Merge pull request #588 from grooverdan/badips ENH: Badips action (reporting)	11 years ago
Daniel Black	f5d6f384f7	Merge pull request #587 from grooverdan/dovecot-586 BF: Dovecot filter fix	11 years ago
Daniel Black	93613e82f0	DOC: credits for action.d/badips	11 years ago
Daniel Black	f566cab766	Merge branch 'master' into badips	11 years ago
Daniel Black	657da2041c	BF: dovecot filters, session characters and order of session/tls in log messages	11 years ago
Ivo Truxa	4765bc757c	BF Dovecot auth failures I am sorry, I installed the Win GIT, but still did not learn how to work with it, so am posting here again. This time, I'll avoid posting two pull requests, so please fix the dovecot.filter for me, if you don't mind. This current filter does not match authentication errors in my Dovecot logs (two different lines attached). First of all the session string is at the end (after the optional TLS string), and not before it as it is now in the filter. I don't see it anywhere in the other logs here in the opposite order, hence I assume it is the rule for all installations. And then, the session ID can include also other characters than those matched by \w+ (i.e. the slash and the plus signs in my case), hence it needs to be \S+ instead. Personally, I'd do the regex much less restrictive than it is, but if I follow the current logics, the following form works: <pre>^%(__prefix_line)s(pop3\|imap)-login: (Info: )?(Aborted login\|Disconnected)(: Inactivity)? $((no auth attempts\|auth failed, \d+ attempts)( in \d+ secs)?\|tried to use disabled \S+ auth)$:( user=<\S>,)?( method=\S+,)? rip=<HO ST>, lip=(\d{1,3}\.){3}\d{1,3}(, TLS( handshaking)?(: Disconnected)?)?(, session=<\S+>)?\s$</pre>	11 years ago
Daniel Black	01e5ae1234	Merge pull request #584 from grooverdan/exim-auth ENH: Exim auth	11 years ago
Daniel Black	812463003d	Merge pull request #582 from grooverdan/postfix ENH: add improper command pipelining postfix filter	11 years ago
Daniel Black	08b4f3e5f2	Merge branch 'patch-5' of https://github.com/truxoft/fail2ban into exim-auth	11 years ago
Daniel Black	353b84a648	Merge branch 'patch-4' of https://github.com/truxoft/fail2ban into exim-auth	11 years ago
Ivo Truxa	2d8c0b26e4	Matching any Exim authentication name As explained in https://github.com/grooverdan/fail2ban/pull/4, in Exim there can be used plenty of other standard authentication names, and in fact the names can be custom. The failregex in Exim filter should catch authentication errors regardless of the name of the authentication. Hence replacing the plain\|login with the general \w+	11 years ago
Ivo Truxa	9f107403e8	Update exim When using Dovecot authentication for Exim, which is relatively common, the current regex for catching authentication failures needs a small tweak. The current plain\|login options are too limiting and will only work in the cases when only the Exim's rudimentary built-in authentication is used. There can be not only the dovecot_login shown in this log example, but also dovecot_plain, ntlm, cram, cyrus, md5, and plenty of others. In fact many admins may opt for their own authentication labels, when setting up Exim. For this reason the regex should catch any label. I suggest modifying the regex in the following way: <pre>^%(pid)s \w+ authenticator failed for (\S+ )?$\S+$ \[<HOST>\]: 535 Incorrect authentication data( $set_id=.$\|: \d+ Time$s$)?\s$</pre>	11 years ago
Daniel Black	6b0e6b9bca	ENH: add improper command pipelining postfix filter	11 years ago
Daniel Black	5deb1f8ddc	Merge pull request #578 from dozepih/asterisk-acl ENH: Support ACL-events without AccountID. Typically happens when a registration from unknown domain	11 years ago
Tomas Pihl	b52a4441fd	Support ACL-events without AccountID. Typically happens when a registration from an unknown domain is performed. Add credits	11 years ago
Steven Hiscocks	0dd6533680	BF: Add ejabberd-auth to jail.conf	11 years ago
Daniel Black	928f566d19	Merge pull request #576 from kwirk/ejabberd-filter ENH: ejabberd filter	11 years ago
Steven Hiscocks	6a6139f1e1	Merge pull request #574 from grooverdan/master-tag-subst TST: for tag substition, multiple on same line	11 years ago
Steven Hiscocks	128112d51c	ENH: ejabberd filter	11 years ago
Daniel Black	cd5aab5ff1	TST: for tag substition, multiple on same line	11 years ago
Daniel Black	4d4060930b	DOC: spelling + GPL2+ for license	11 years ago
Daniel Black	932a952096	Merge branch 'enh/jail-manpage' of https://github.com/yarikoptic/fail2ban into y-man-fix	11 years ago
Yaroslav Halchenko	e6627185b0	DOC: fixing formatting in the section names of the manpage - \fB to return into bold	11 years ago
Yaroslav Halchenko	9a8b449086	DOC: some typos, fixes from Vincent Lefevre	11 years ago
Yaroslav Halchenko	16f55d2d56	DOC: pass through jail.conf.5 -- unification and some restructuring/shortening	11 years ago
Daniel Black	5bd8ba0c6f	Merge pull request #561 from grooverdan/more-jail-man-page-content DOC: add more content to jail.conf man page	11 years ago
Daniel Black	0b6c9b52d2	DOC: man page description shorting and clarification	11 years ago
Daniel Black	755af0a51e	Merge pull request #562 from grooverdan/jail.conf-complete_and_correct ENH: Jail.conf now has all filters and TST: a mechanism to test this is truee	11 years ago
Daniel Black	614f43effb	Merge branch 'master' of https://github.com/fail2ban/fail2ban	11 years ago
Daniel Black	90fdf5fc21	ENH: jail.conf entry for groupoffice	11 years ago
Steven Hiscocks	bb11c29667	Merge pull request #567 from grooverdan/groupoffice-filter ENH: add filter groupoffice. Closes gh-566	11 years ago
Daniel Black	b9cd492e9f	Merge pull request #555 from grooverdan/nagios_fix BF: nagios fix	11 years ago
Daniel Black	3ee6e993c6	MRG: merge ChangeLog for nagios fix	11 years ago

1 2 3 4 5 ...

1953 Commits (cee341402990b8dc2f9e2544ba44185bce7922af) All Branches Search

1953 Commits (cee341402990b8dc2f9e2544ba44185bce7922af)

All Branches