github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
3,219 Commits
33 Branches
229 Tags
19 MiB
Commit Graph

541 Commits (d618ee3d90faeaacea1096ac43af36450527d604)

Author SHA1 Message Date
Edward Beckett 835b3ff483 Update apache-badbots.conf 
Useragent strings including `+http` need to be escaped to be valid.
 2015-09-05 00:12:28 -04:00
Viktor Szépe 5d60700c0c Added pass2allow (knocking with fail2ban) 2015-07-10 16:22:43 +02:00
Viktor Szépe a3b8257b73 Add HEAD method verb to apache-badbots, nginx-badbots 2015-07-07 17:45:40 +02:00
Lee Clemens f7444f16b8 Add optional session id prefix for roundcube 1.1.1 2015-07-04 11:06:51 -04:00
Lee Clemens 2796534a5d Update regex to work with roundcube 1.0.5 on CentOS 6 2015-07-04 11:02:04 -04:00
Yaroslav Halchenko 345820d2aa Merge pull request #1056 from ipoddubny/asterisk_security_log 
Fix support for Asterisk security log
 2015-05-25 12:50:13 -04:00
Yaroslav Halchenko f41872f034 Merge pull request #1013 from szepeviktor/patch-4 
Non-US locale warning for proftpd
 2015-05-25 10:51:51 -04:00
Yaroslav Halchenko eb091d9b8c Merge remote-tracking branch 'origin/master' into pr-1039 
* origin/master:
  minor: no tripple empty lines
  add froxlor-auth filter and jail
  add froxlor-auth filter and jail 0
  add froxlor-auth filter and jail
  BF: Fix fail2ban-regex not parsing journalmatch correctly
 2015-05-25 10:50:34 -04:00
Joern Muehlencord 964cdb5d9b add froxlor-auth filter and jail 2015-05-25 13:44:50 +02:00
Ivan Poddubny 7a4e6fa6e5 Asterisk security log: add support for websocket protocol events 
Thanks to @kcormier.
 2015-05-25 08:13:30 +03:00
Ivan Poddubny 988d9a08da Asterisk security log: accept events containing Response/ExpectedResponse 
Event containing Challenge may come without ReceivedChallenge, but with
Response and ExpectedResponse.
Also Challenge now accepts '/' character, since it is used at least by PJSIP.
 2015-05-25 08:12:51 +03:00
Ivan Poddubny 189265a323 Asterisk security log: accept SessionID of PJSIP events 
Unlike chan_sip and manager, PJSIP populates SessionID using
Call-Id header of a related SIP message.
As Call-Id of a SIP message can contain almost anything,
the regular expression for SessionID has been loosened.
 2015-05-25 08:11:34 +03:00
Ivan Poddubny ab2ac1a367 Asterisk security log: accept <unknown> in AccountID 2015-05-24 12:47:55 +03:00
Ivan Poddubny 977f9955e7 Asterisk security log: accept EventTV in ISO8601 
Asterisk uses ISO8601 dates in security log since version 12.

Closes #988
 2015-05-24 12:46:54 +03:00
Anton Shestakov 56e5821c06 Match unknown user in dovecot's passwd-file auth database 2015-04-30 16:53:10 +08:00
Lee Clemens 8f792f52fb Add drupal-auth filter and jail 2015-04-27 13:10:27 -04:00
Lee Clemens b530d88eca Merge remote-tracking branch 'upstream/master' into bf/1000-asteriskBlocksSelf 
Conflicts:
	ChangeLog
 2015-04-26 15:13:59 -04:00
Markus Oesterle f8c7247f42 added \s after host 2015-04-17 10:22:01 +02:00
Markus Oesterle 5f2807b41f replaced .* before rhost with regex matching all the previous fields 2015-04-17 10:04:35 +02:00
Markus Oesterle 8825a5f31b updated filter.d/sshd.conf 
Added line to match sshd auth errors on OpenSuSE systems
 2015-04-16 19:48:28 +02:00
Viktor Szépe e776a4e1ab Update proftpd.conf 2015-04-08 15:57:39 +02:00
Viktor Szépe f9e8a99a79 Non-US locale warning for proftpd 2015-04-06 17:04:41 +02:00
Lee Clemens 72f4bcfbff Match hacking attempt IP instead of asterisk server IP (closes #1000) 2015-03-24 19:03:26 -04:00
František Šumšal eb0d086ed0 Merge branch 'master' into nginx-botsearch 2015-02-04 02:13:33 +01:00
Orion Poplawski e7ff7e90b7 [postfix-sasl] update regexes 
- Add : to match "SASL LOGIN authentication failed: Password:"
- Add ignoreregex to ignore system authentication issues:
  "warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Connection lost to authentication server"
- Add test log messages for both
 2015-02-03 11:30:16 -07:00
František Šumšal fb0f463eac Include consistency 2015-02-03 15:54:05 +01:00
František Šumšal 705718be52 Filter apache-botsearch.conf now loads variables from botsearch-common.conf 2015-02-03 04:44:33 +01:00
František Šumšal 18778d9174 Created botsearch-common.conf 
File contains variables used in -botsearch filters
 2015-02-03 04:25:47 +01:00
Yaroslav Halchenko 73af02ffc6 Merge pull request #940 from leeclemens/ENH/ApacheFakeGoogleBot 
New jail: apache-fakegooglebot
 2015-02-02 21:44:04 -05:00
Yaroslav Halchenko df581fe6e2 Merge pull request #929 from opoplawski/pam_auth 
Add filter variable __pam_auth to allow customize for setups with multiple authorization schemes (Close #928)
 2015-02-02 21:42:10 -05:00
Yaroslav Halchenko 7ada96b4e9 Merge pull request #932 from opoplawski/dovecot 
Dovecot - dovecot auth failure from EL7
 2015-02-02 21:37:28 -05:00
František Šumšal f8fe165cd2 Switched from tabs to spaces for indents 2015-02-03 03:35:22 +01:00
Lee Clemens 841c476045 Merge branch 'enh/fakegooglebot' of https://github.com/yarikoptic/fail2ban into yarikoptic-enh/fakegooglebot 
Conflicts:
	config/filter.d/ignorecommands/apache-fakegooglebot
 2015-02-02 13:01:23 -05:00
Yaroslav Halchenko 15b65c7ad2 NF: apache-fakegooglebot ignorecommand + DNSUtils.ipToName 2015-02-02 12:19:20 -05:00
Lee Clemens 7e94ba6f0c Remove implementation specific suffix 2015-02-02 11:43:05 -05:00
Lee Clemens af078532ac New jail: apache-fakegooglebot 
Detects fake googlebot user agents in apache access log
 2015-02-02 00:42:01 -05:00
Yaroslav Halchenko ec6a30efcf ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934) 2015-01-30 10:38:28 -05:00
František Šumšal c8e82f18b6 Add jail nginx-botsearch 
Jail blocks requests for predefined non-existent folders. Based on
apache-botsearch jail.
 2015-01-29 17:57:52 +01:00
Orion Poplawski b4776a1ba0 Match dovecot unknown user line 2015-01-29 09:37:37 -07:00
Orion Poplawski 3bc92610f7 Add dovecot auth failure from EL7 2015-01-29 09:11:59 -07:00
Orion Poplawski 79b5a2617f Add filter variable __pam_auth to allow easier changing of pam auth backend 2015-01-27 14:34:27 -07:00
Lee Clemens bda8dc1926 Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL 2015-01-03 15:29:42 -05:00
Lee Clemens 0f48cf4284 loosen up regex for spamhaus (spamcop says "Blocked" as part of url) 2014-12-30 19:14:39 -05:00
Lee Clemens fe72a5585c Create Jail for Postfix based on RBL 
Use RBL blocks to ban addresses, unique Jail so maxretry can be set to 1 (vs postfix.conf)
 2014-12-30 19:06:17 -05:00
Lee Clemens 2d7429c47c Add 'Client host rejected error message' regex 
Not sure if it was reworded (using Postfix 2.6) or a slightly different error, but I only have "Client host rejected: cannot find your hostname"
 2014-12-30 18:05:19 -05:00
Viktor Szépe 81b3dbde1d postfix-sasl failregex case insensitive 2014-12-11 00:10:37 +01:00
bes-internal ccc986b7d8 exim filter: correct failregex for exim with extended log options 
incoming_interface, incoming_port, outgoing_port
 2014-12-04 13:34:44 +03:00
Guillaume FRANCOIS a6a2dc868b Add ignoreregex to avoid warning on start 2014-11-12 11:05:56 +01:00
Guillaume FRANCOIS 9269664350 Add ignoreregex to avoid warning on start 2014-11-12 10:30:28 +01:00
pacop e3a037ee3f merge master 2014-10-25 18:15:34 +02:00