sebres
dae4988aea
filter.d/roundcube-auth.conf: fixes failregex not working with `X-Real-IP` or/and `X-Forwarded-For` (gh-1303)
8 years ago
sebres
00456b8270
review: documentation, small enhancement of `fail2ban-client` to test time abbreviation format:
...
fail2ban-client --str2sec 1d12h30m
8 years ago
sebres
89f2dbb97b
small bug fix (missing `-` by option `--timeout`, wrong module reference)
8 years ago
Serg G. Brester
d334a36a60
Merge pull request #1825 from sebres/_0.10/postfix-filter-opti
...
0.10 - postfix filter optimizations
8 years ago
sebres
cf3b8f63f6
coverage fix
8 years ago
sebres
e26cc5de45
restore backwards compatibility (jail postfix-sasl); changelog update
8 years ago
sebres
aa92b68d4a
filter.d/postfix.conf: normalized several postfix-filters using parameter `mode` (as discussed in gh-1813);
...
introduced parameter `mode`: more (default, combines normal and rbl), auth, normal, rbl, ddos, extra or aggressive (combines all)
replacement for gh-1239, gh-1697, gh-1764; closes gh-1245, gh-1297.
8 years ago
sebres
36d42d7f0b
SampleRegexsFactory: introduce opportunity to supply multiple options combinations (check lines using filters with several options), see for example filter sshd.conf
8 years ago
sebres
d32a3913cf
postfix postscreen (resp. other RBL's compatibility fix) / gh-1764
8 years ago
Serg G. Brester
57ea38c342
Update paths-debian.conf
...
Fixed mail.log path since in the default rsyslog configuration of debians the `mail.warn` is commented now (see `/etc/rsyslog.d/50-default.conf`: `#mail.warn -/var/log/mail.warn`).
Closes gh-1687
8 years ago
sebres
546cd55342
Merge branch 'master' into 0.10
8 years ago
Serg G. Brester
d05d9f4c28
Merge pull request #1816 from sebres/fix-gh-1302
...
filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed
8 years ago
sebres
a1d0633e69
filter.d/asterisk.conf - fixed failregex AMI Asterisk authentification failed (see gh-1302):
...
- optional space between NOTICE and pid;
- optional part "Host " before IP-address;
8 years ago
sebres
33fcf8d809
Merge branch 'master' into 0.10
8 years ago
sebres
9f55ed86df
fixed testCymruInfoNxdomain (since cymru does not provide ASN mapping info for "10.0.0.0" anymore)
8 years ago
Serg G. Brester
1307e0a5b9
Merge pull request #1760 from szepeviktor/patch-12
...
Courier may complain about the method only
8 years ago
Serg G. Brester
205edff65d
Merge pull request #1690 from chtheis/master
...
#1689 : Make lowest rule number in action.d/bsd-ipfw.conf configurable
8 years ago
Serg G. Brester
f27e053592
Update bsd-ipfw.conf
...
increased starting rule number (lowest_rule_num = 111)
8 years ago
Serg G. Brester
001c0898d6
Merge branch 'master' into master
8 years ago
Serg G. Brester
6110ba9cc3
filter.d/proftpd.conf: added option `journalmatch` for systemd backend (closes gh-1613)
8 years ago
sebres
5974b0fb35
amend to merge PR gh-1783: restores lost entry `journalmatch` for `filter.d/roundcube-auth.conf`
8 years ago
sebres
37ca4f17c2
filter.d/roundcube-auth.conf: added missing entry `journalmatch` from original gh-1783.
8 years ago
Serg G. Brester
986dd3107d
Merge branch '0.10' into patch-12
8 years ago
Serg G. Brester
f3ba66d1c6
Merge pull request #1783 from weberhofer/0.10
...
filter.d/roundcube-auth.conf: Fixed failregex when logging errors to journal instead to a local file.
Additionally fixes more complex injections on username.
8 years ago
sebres
9b0f39a17d
ChangeLog updated
8 years ago
sebres
d3ae70beb6
filter.d/roundcube-auth.conf: Use the same filter-file and jail also when logging errors to journal instead to a local file.
...
Additionally fixes more complex injections on username.
8 years ago
Johannes Weberhofer
691c080dc7
Added roundcube authentication filter, new jail and log-examples
8 years ago
Serg G. Brester
3294840c2a
Merge pull request #1801 from jeaye/postfix-updates
...
filter.d/postfix.conf: update to the latest postfix logging format
8 years ago
Serg G. Brester
efeca8fdeb
postfix.conf: removes unneeded end-anchoring like `.*$`, etc.
...
also removes several dynamic content at end, which are of no avail there.
Additionally normalizes optional part (mail-ID) after reason number.
8 years ago
Serg G. Brester
bb283776d7
Merge pull request #1807 from sebres/fix-gh-1806
...
bug-fix: restoring of tickets from database for jails with persistent ban
8 years ago
sebres
fd32e908e3
fixes restoring of tickets from database for jails with persistent ban (if `bantime = -1`)
8 years ago
sebres
dcdf677438
Merge remote-tracking branch 'master' into 0.10
8 years ago
Serg G. Brester
d54c40bba5
Merge pull request #1805 from sebres/fix-gh-1790
...
filter.d/apache-overflows.conf: rewritten without end-anchor ($)...
8 years ago
sebres
e1234a5249
ChangeLog update
8 years ago
sebres
2b358bc1a4
filter.d/apache-overflows.conf: rewritten without end-anchor ($), because apache-log could contain very long URLs (and/or referrer), the parsing of it anchored way may be very vulnerable (at least as regards the system resources, see gh-1790).
8 years ago
jeaye
6f3d425c4d
Update postfix filters and tests
8 years ago
sebres
bbea73d79d
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
8 years ago
Serg G. Brester
1e5e0722f3
Merge pull request #1792 from gracinet/1773_logtimezone
...
New logtimezone jail option, zone abbreviations, new date-pattern tokens %Exz, %ExZ
8 years ago
Serg G. Brester
23c2d05250
Update changelog (new enhancements from gh-1792)
8 years ago
Georges Racinet
12259bb3c7
man and ChangeLog for logtimezone
8 years ago
sebres
030f89bf7a
Implemented zone abbreviations (DST, etc.) and abbr+-offset functionality (accept zones like 'CET+0100'), for the list of abbreviations see strptime.TZ_STR;
...
Tokens `%z` and `%Z` are more precise now;
Introduced new tokens `%Exz` and `%ExZ` that fully support zone abbreviations and/or offset-based zones;
# TODO: because python currently does not support mixing of case-sensitive with case-insensitive matching,
# check how TZ (in uppercase) can be combined with %a/%b etc. (that are currently case-insensitive),
# to avoid invalid date-time recognition in strings like '11-Aug-2013 03:36:11.372 error ...'
# with wrong TZ "error", which is at least not backwards compatible.
# Hence %z currently match literal Z|UTC|GMT only (and offset-based), and %Exz - all zone abbreviations.
8 years ago
sebres
39c4acf6bd
small amend white-spaces (no functional changes) + a bit optimized `zone2offset`
8 years ago
sebres
9f41d1e381
Normalize zone2offset (usable within reGroupDictStrptime), tests simplified and extended with more cases (covers precedence of input-zone over default, etc.)
8 years ago
sebres
8cb4ae0242
Code review and small optimizations, prepared to provide offset-based time zones for date-detectors (parsing of input-string)
8 years ago
Serg G. Brester
d56554ecf3
Merge pull request #1688 from felixonmars/arch-config
...
Add a path configuration for Arch Linux
8 years ago
Serg G. Brester
5482e0bbe7
Merge pull request #1794 from szepeviktor/patch-15
...
fixed grep pattern: escape dot-char in search-IP and more restrictive boundaries (IPv6-capability)
8 years ago
Serg G. Brester
08591a52a4
Merge pull request #1796 from peternowee/fix-dovecot-empty-user
...
dovecot: revert `<[^>]+>` back to `<[^>]*>` - allows empty user again [mistakenly changed in 5678d08
]
8 years ago
Peter Nowee
b93e47b12f
dovecot: Match also when user field is empty
...
Commit 5678d08
of 2016-11-26 changed:
( user=<\S*>,)?
to:
( user=<[^>]+>,)?
The change from `*` (zero or more times) to `+` (one or more times) may
not have been intended. It will miss lines containing, for example:
Aborted login (tried to use disallowed plaintext auth): user=<>
This commit reverts the `+` back to `*`.
8 years ago
Serg G. Brester
5214c1c5d1
Update changelog (gh-1455)
8 years ago
Marcel Bischoff
228d25c548
Update Kerio Connect filter ( #1455 )
...
* Update Kerio Connect filter
Fixed regex for some log entries that did not get recognized and some additional error formats are added.
* Add missing colon, GitHub address
* Add filter tests
* Add missing test
8 years ago