fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	e71f16f6ba	Merge branch 'master' into 0.10 # Conflicts resolved: # config/filter.d/dovecot.conf	7 years ago
sebres	ea36e1b3fc	filter.d/dovecot.conf: fixed failregex to recognize pam_authenticate failures with "Permission denied" (gh-1897)	7 years ago
sebres	8c804a2290	Merge branch 'master' into 0.10 # Conflicts resolved: # config/filter.d/postfix-rbl.conf # config/filter.d/postfix-sasl.conf # config/filter.d/postfix.conf # fail2ban/tests/files/logs/postfix-sasl	7 years ago
sebres	a2120a9de5	filter.d/postfix-*.conf - added optional port regex (closes gh-1902)	7 years ago
Louis Sautier	152c9d27d5	Fix nftables actions for IPv6 addresses, fixes #1893 * add [Init?family=inet6] to nftables-common.conf and make nftable expressions more modular * change "ip protocol" to "meta l4proto" in nftables-allports.conf since the former only works for IPv4	7 years ago
sebres	b185e7cb04	Merge remote-tracking branch 'upstream/master' into 0.10	7 years ago
Serg G. Brester	fd83260bd8	jail "pass2allow-ftp" should supply blocktype to action closes gh-1884	7 years ago
Serg G. Brester	bb97e66627	Merge pull request #1882 from coderua/patch-1 Add Jorgee Vulnerability Scanner protect	7 years ago
Serg G. Brester	2cd02b731b	filter.d/exim.conf: fixed failregex for case of `D=0s` Closes gh-1886	7 years ago
sebres	4bc226a692	optimized regex	7 years ago
Vladimir Chumak	fafefc0293	Add Jorgee Vulnerability Scanner protect Details for Jorgee Vulnerability Scanner: https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30164	7 years ago
sebres	4163f32968	small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include	7 years ago
john	ac95449bbb	changed zoneminder regex as per Sebres and yarikoptic recommendations	7 years ago
john	7013729a1f	removed redundant options for zoneminder from jail.conf	7 years ago
john	5c3a666380	fixed incomplete regex after adding anchors	7 years ago
john	3d45fd2713	implemented yarikoptic's suggestions in fail2ban pull request #1376	7 years ago
john	08878d22dd	added zoneminder.conf filter	7 years ago
john	a90f6c4ae8	added zoneminder jail and filter # Conflicts: # config/jail.conf	7 years ago
sebres	c312962029	filter.d/dovecot.conf: partially cherry-pick to 0.9 PR #1880 from sebres/0.10-fix-dovecot-regex (`d926e11a5c`) fixed failregex (without new mode aggressive)	7 years ago
sebres	2cfc53c08e	remove capturing groups	7 years ago
sebres	9b8563f35e	- fixes regex for message `imap-login: Disconnected (auth failed, X attempts) ...` has to many variations on additional info after `<HOST>`, leave it end-anchored because variable part `user=<[^>]>` (before `<HOST>`) to avoid injecting, but can be safe rewritten using `[^>]` in opposite to "greedy" `user=<[^>]>`. - introduces mode `aggressive` and extends regex for this mode to match: no auth attempts (previously removed in gh-601, because of lots of false positives on misconfigured MTAs) * disconnected before auth was ready * client didn't finish SASL auth	7 years ago
Serg G. Brester	a287d0a05c	Merge pull request #1872 from kmzby/master Added filter for phpMyAdmin+syslog	7 years ago
Pavel Mihadyuk	4c1abe1cbf	phpmyadmin-syslog: removed excess file, fixed test, updated failregex	7 years ago
Pavel Mihadyuk	d09304b897	phpmyadmin-syslog: added default jail config	7 years ago
Pavel Mihadyuk	5b4bc2aafd	Added filter for phpMyAdmin+syslog (>=4.7.0). Closes #1713	7 years ago
sebres	1d5fbb95ae	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	7 years ago
Serg G. Brester	b0e5efb631	bsd-ipfw.conf: sh-compliant redirect of stderr together with stdout	7 years ago
sebres	3be32adefb	Replace not posix-compliant grep option: fgrep with `-q` option can cause 141 exit code in some cases (see gh-1389).	7 years ago
Jacques Distler	f84e58e769	Tweaks to action.d/pf.conf Document recent changes. Add an option to customize the pf block rule (surely, what the user really wants, here, is "block quick").	7 years ago
sebres	33874d6e53	action.d/pf.conf: anchored call arguments combined as `<pfctl>` parameter; test cases fixed;	7 years ago
Alexander Köppe	f6ccede2f1	Update pf.conf fixing #1863 Fix #1863 Introduce own PF anchors for fail2ban rules.	7 years ago
sebres	30219b54c4	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10	7 years ago
Serg G. Brester	c0eb7752a8	Merge pull request #1651 from szepeviktor/patch-9 Introduce Cloudflare API v4	7 years ago
Serg G. Brester	2ed8a38eca	Update cloudflare.conf Switch to API v1 to API v4 per default	7 years ago
Serg G. Brester	da7072d40e	Merge pull request #1846 from Chocobozzz/patch-3 Fix empty logfile.log in xarf login attack action	7 years ago
sebres	94b163936a	Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 Removed init section (not needed in filter for 0.10). # Conflicts: # config/filter.d/sendmail-reject.conf	7 years ago
Serg G. Brester	af25a9d203	Merge pull request #1566 from opoplawski/journalmatch Add sendmail journalmatch options	7 years ago
Orion Poplawski	84f552881c	Add sendmail journalmatch options	7 years ago
Serg G. Brester	5b7375c614	Merge pull request #1638 from roedie/shorewall-ipv6 Add shorewall IPv6 support	7 years ago
sebres	e52f483557	Config reader's: introduced new syntax `%(section/option)s`, in opposite to extended interpolation of python 3 `${section:option}` work with all supported python version in fail2ban and this syntax is like our another features like `%(known/option)s`, etc.; Variable `default_backend` switched to `%(default/backend)s`, so totally backwards compatible now, but now the setting of parameter `backend` in default section of `jail.local` can overwrite default backend also. Test cases extended: test targeted section options "section/option" (default and cross sections options);	7 years ago
sebres	5ce8d4f741	fixes default backend handling (as default used value of `known/backend`, which can now be overridden in default section of jail.local); introduces fallback for `known/option`: interpolate missing `known/option` as `option` from default section	7 years ago
sebres	2fe1479484	Merge branch '_0.9/gh-1849' into 0.10	7 years ago
sebres	5c538fb658	Recognize "unknown user" for additional auth-methods (pam, passwd-file, ldap, sql, etc); simplifying regular expressions (put "unknown user" and "invalid credentials" together as one regex).	7 years ago
sebres	0ef5b7c4d4	small amend to gh-1850: removed greedy catch-all at end.	7 years ago
Marcel Waldvogel	daf57547c6	Parse ejabberd 17.06 output E.g.: 2017-07-29 08:24:04.773 [info] <0.6668.0>@ejabberd_c2s:handle_auth_failure:433 (http_bind\|ejabberd_bosh) Failed c2s PLAIN authentication for test@example.ch from ::FFFF:192.0.2.3: Invalid username or password	7 years ago
Bigard Florian	f4551d02c9	Fix empty logfile.log in xarf login attack action Fix empty 3rd MIME part which contains the attack evidence (logfile.log).	7 years ago
sebres	1a562bed0f	Merge remote-tracking branch 'master' into 0.10 # Conflicts: # config/filter.d/asterisk.conf	7 years ago
sebres	a5b62a7f36	failregex extended and simplified (partially ported from gh-1409).	7 years ago
sebres	098abae4e6	Remove greedy catch-all before `<HOST>`, make regex more universal, fewer prone to errors (should avoid future changes, if some optional parameters coming again before/after `RemoteAddress`) + non-captured groups now. Test for possible injection (5.6.7.8 in session-id) already available, line 59 (thus already covered).	7 years ago
Kirill	4c0c7b97c0	Update asterisk.conf to new log message I got an issue like this: [2016-05-15 22:53:00] SECURITY[26428] res_security_log.c: SecurityEvent="FailedACL",EventTV="2016-05-15T22:53:00.203+0300",Severity="Error",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x7fb580001518",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/78.129.227.4/62389",SessionTV="1970-01-01T03:00:00.000+0300" # [sebres] rebased to current master and resolving conflicts.	7 years ago

1 2 3 4 5 ...

1356 Commits (ceff489a46396b561d4a890ae75213e266837a04)