github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
1,378 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

226 Commits (cfb7dba26850b770c3ccb9c0b564a564033745df)

Author SHA1 Message Date
Daniel Black cfb7dba268 DOC: merge ChangeLog 2013-08-25 21:26:13 +10:00
Daniel Black b589533d69 Merge branch 'master' into kwirk-merge 
Conflicts:
	ChangeLog
	testcases/files/logs/dropbear
 2013-08-25 21:21:14 +10:00
Daniel Black fd7cc5bda7 BF: duplicate regex match fixed 2013-08-25 21:13:11 +10:00
Daniel Black 6a56727669 BF: apache-common regex - datetime could be entirely consumed 2013-08-25 18:30:30 +10:00
Daniel Black a9eb8a76c6 merge of change log and apache-auth differences 2013-08-25 16:51:35 +10:00
Steven Hiscocks 4e5feed7fc Merge pull request #8 from grooverdan/gh-303-merge-2 
training space on wuftp
 2013-08-21 12:21:09 -07:00
Daniel Black aad7d08451 BF: disable filter expressions without tests 2013-08-20 07:33:35 +10:00
Daniel Black c44328b1a3 ENH: new "realm mismatch" message from https://issues.apache.org/bugzilla/show_bug.cgi?id=55284#c8 2013-08-19 22:04:55 +10:00
Daniel Black ea7cba4205 ENH: trailing space as per discussion on gh-303 2013-08-19 21:42:43 +10:00
Daniel Black 61d43608ae ENH: filter.d/postfix - add filter for VRFY. Closes gh-322 2013-08-19 18:42:39 +10:00
Daniel Black 5d451bc4d6 ENH: add refused zone tranfer to named-refused filter. closes #323 2013-08-18 22:19:31 +10:00
Steven Hiscocks 53e16e07ad ENH: Minor tweak on previous commit proftpd regex changes 2013-08-09 19:04:26 +01:00
Steven Hiscocks 9002de069e ENH: Improve proftpd regex. 
Taken from @yarikoptic comment:
https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500
 2013-08-09 18:54:08 +01:00
Yaroslav Halchenko 4e0ddc5f67 ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in '' 2013-08-08 09:58:36 -04:00
Yaroslav Halchenko 9487ee5562 minor: consistent indentation in dropbear.conf 2013-08-08 09:54:15 -04:00
Daniel Black d8883f4346 DOC: Notes about 401 responses and how apache logs this 2013-07-29 08:59:25 +10:00
Daniel Black 7b2773889d TST: apache-auth filter - nonce timetravel tests + other expression fixes 2013-07-29 02:29:04 +10:00
Daniel Black 0fb04cb2f0 ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4) 2013-07-28 22:00:55 +10:00
Jamyn Shanley a355fab91b https://github.com/fail2ban/fail2ban/issues/306 
Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles.

Signed-off-by: Jamyn Shanley <jshanley@gmail.com>
 2013-07-27 03:43:32 +00:00
Jamyn Shanley 8936f2cd02 fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11 2013-07-27 00:06:06 +00:00
Steven Hiscocks 2f4aaa9fb9 ENH: Simplify sieve filter failregex 2013-07-26 12:01:09 +01:00
Steven Hiscocks b5639a8672 ENH: Simplify cyrus-imap filter fail regex 2013-07-26 11:55:09 +01:00
Daniel Black 7d7ef08145 ENH: authentication_id can be an imap4 quoted string, whatever that is, so using .+ as its id 2013-07-24 10:44:52 +10:00
Daniel Black abc4146079 ENH: perdition proxies other types hence daemon can include (perdidtion.(imap|pop)s?|managesieve). Also support local authentication resulting in the log message: local authentication failure 2013-07-24 10:27:12 +10:00
Steven Hiscocks cf1e5bdbc2 ENH: Tweak proftpd regex and add sample logs 
Needed to add optional ":" post __pid_re, and for consistency, decided
to make use of __prefix_line instead which includes this.
 2013-07-21 22:03:49 +01:00
Steven Hiscocks 8b9bafda79 ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples 
suhosin is hardened php implmentation, which will log the alerts (as
seen in samples) to stderr, which is picked up by fastcgi webserver
(e.g. lighttpd, apache, nginx)
 2013-07-21 16:35:37 +01:00
Steven Hiscocks 4033857f63 ENH: Improve xinetd-fail regex and add sample logs 2013-07-21 15:44:09 +01:00
Steven Hiscocks a11f91b835 ENH: Improve cyrus-imap regex and add extra sample line 2013-07-20 17:28:28 +01:00
Steven Hiscocks 534be189dc ENH: Improve sieve regex and add sample line 2013-07-20 17:26:09 +01:00
Steven Hiscocks ab671b0b1a ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample 
For wu-ftpd configured to use pam, the pam filter used be used, as regex
is more robust.
 2013-07-20 16:34:24 +01:00
Steven Hiscocks 57a6c11260 ENH: Improve courierlogin regex and add sample logs 2013-07-20 15:53:18 +01:00
Steven Hiscocks bd175f0267 ENH: Improve cyrus-imap regex and add sample log file 2013-07-20 15:38:29 +01:00
Steven Hiscocks 83a80a29ea ENH: Improve couriersmtp and add sample logs 2013-07-20 15:34:00 +01:00
Steven Hiscocks eb2f0c9272 ENH: Improve postfix regex and add more samples 2013-07-20 15:31:21 +01:00
Daniel Black 5cfe108186 ENH: filter enhancements (with test cases) for apache-auth (httpd-2.4.4) 2013-07-20 22:21:08 +10:00
Daniel Black fcf79b475f ENH: new filter perdition.conf 2013-07-19 20:14:53 +10:00
Daniel Black 03ec7c211b ENH: could not find a way to trigger filter ^%(_apache_error_client)s authorization failure \(no authenticated user\): \S*\s*$ 2013-07-18 00:37:33 +10:00
Daniel Black 8ce9c78474 TST: apache-auth digest logs 2013-07-18 00:36:17 +10:00
Daniel Black f8b5b3a1ef ENH: apache-auth - quite a lot of authorization failure messages depending on module. Make a wildcard 2013-07-17 23:31:44 +10:00
Daniel Black 4eca2c0bd5 TST: apache-auth client denied by server configuration 2013-07-17 23:24:19 +10:00
Daniel Black e0292913eb ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner 2013-07-17 23:05:04 +10:00
Yaroslav Halchenko f6a8a04cf3 ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback 
I also used non-greedy .*? for the login portion since not sure if space could
be there and trying to minimize possibility of reacting on injected "from
<HOST>" somewhere within the trailing .*
 2013-07-16 15:07:32 -04:00
Yaroslav Halchenko 8add63c733 ENH: anchor roundcube-auth at the beginning as well 2013-07-16 14:16:23 -04:00
Steven Hiscocks 728399c39e Merge pull request #281 from kwirk/dovecot-filter 
ENH: dovecot filter additions for session, time value and blank user
 2013-07-14 05:18:04 -07:00
Daniel Black 975999591f ENH/DOC: more realm mismatch errors. Documented filter design criteria 2013-07-12 07:39:18 +10:00
Daniel Black 10e3be857a ENH: apache-auth filter added mod_auth_digest message 2013-07-11 23:08:46 +10:00
Daniel Black 384b72a535 ENH: apache-auth filter - client wrong auth 2013-07-11 22:58:36 +10:00
Daniel Black fce431add8 ENH: add mod_authz_core failures to apache-auth 2013-07-11 22:28:27 +10:00
Daniel Black 6ce41a611d BF: fix filter on apache-auth. Closes #286 2013-07-11 22:13:51 +10:00
Daniel Black 5412d7336f DOC: ChangeLog confict 2013-07-09 08:23:44 +10:00