github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,711 Commits
34 Branches
230 Tags
20 MiB
Commit Graph

5711 Commits (d6896eb26d81355b3e0eac0da7153f44b2a98c44)

Author SHA1 Message Date
Sergey G. Brester c40e4c7bad
Merge pull request #2279 from sebres/sshd-filter-gh-2239 
sshd filter enhancements (gh-2239)
 2018-11-21 11:50:32 +01:00
Sergey G. Brester 0ac5c8941c
Update ChangeLog 2018-11-20 12:39:38 +01:00
sebres 1c1d2cc435 introduces new failregex-flag tag `<F-MLFGAINED>` signaled that the access to service was gained (ATM used similar to <F-NOFAIL>, but does not added to matches); 
filter.d/sshd.conf: extended with new rules:
- Disconnecting ...: Change of username or service not allowed
- Disconnected from ... [preauth] (extra/aggressive mode only)
 2018-11-19 21:19:57 +01:00
Sergey G. Brester 189c3f964b
Merge pull request #2276 from dienteperro/patch-1 
"be" instead of "me" in shorewall.conf
 2018-11-15 21:47:33 +01:00
dienteperro 0df221b54b
"be" instead of "me" in shorewall.conf 2018-11-15 14:34:51 -05:00
sebres 657b147c0d fixed dependency issue if setup invoked using python 3.x: invocation of 2to3 takes place after setup (and __init__.py) loaded; 
closes gh-2255.
 2018-10-10 12:25:53 +02:00
sebres d518868691 Merge branch '0.10' into 0.11 2018-10-09 22:13:43 +02:00
sebres e99635650a dnsToIp and other DNSUtils primitives uses sets instead of lists now (speed-up search of ip, e. g. ignoreself/ignoreip check process) 2018-10-09 18:24:50 +02:00
sebres f9f7e29295 Merge branch '0.10' into 0.11 (version bump after r.0.10.4) 2018-10-04 13:08:25 +02:00
sebres 0ae02ba2a1 version bump (back to dev-version) 2018-10-04 11:57:56 +02:00
sebres aa565eb80e release 0.10.4 - ten-four-on-due-date-ten-four 2018-10-04 11:26:22 +02:00
Shane Forsythe 8614ca8c41
Update proftpd.conf 
proftpd 1.3.5e can leave inconsistent error message if ftp or mod_sftp is used

Oct  2 15:45:31 ftp01 proftpd[5516]: 10.10.2.13 (10.10.2.189[10.10.2.189]) - SECURITY VIOLATION: Root login attempted
Oct  2 15:45:44 ftp01 proftpd[5517]: 10.10.2.13 (10.10.2.189[10.10.2.189]) - SECURITY VIOLATION: Root login attempted.

Fix regex to make trailing period optional, otherwise brute force attacks against root account using ftp are not blocked correctly.
 2018-10-02 17:24:33 -04:00
Sergey G. Brester 1752c19b6f
Merge pull request #2205 from benrubson/patch-1 
Add loglevel option to badips.py
 2018-10-02 13:12:03 +02:00
Sergey G. Brester 65676baf8c fixed py3 incompatibility (for some reasons this file seems to be excluded from 2to3), anyway not needed, because int-type is already checked in str2LogLevel 2018-10-02 13:00:20 +02:00
Sergey G. Brester 4b751c84c3
badips.py: Rewrite new bool option "log" as "loglevel" and revert default to log-level (DEBUG). 2018-10-02 12:32:15 +02:00
sebres a462966cf6 Merge branch '0.10' into 0.11 2018-09-27 13:13:28 +02:00
sebres 6067579464 Fixed action parameter `timeout`: it is a time (integer), so avoid to convert it to string (for replacement); fix substituteRecursiveTags using auto-convert to string. 
Closes gh-2241.
 2018-09-27 12:51:57 +02:00
sebres 17da4943df use short log-names for special pure numeric log-level (e.g. "Level 25" could be truncated by short formats) 2018-09-26 21:00:51 +02:00
sebres 6b52f90ad6 Merge branch '0.10' into 0.11 2018-09-21 15:54:16 +02:00
sebres 2a4c47ea32 .travis.yml: coveralls doesn't support python 2.6 now 2018-09-21 15:31:37 +02:00
sebres 58b510a5be filter.d/domino-smtp.conf: 
- recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
  - failregex extended to catch connections rejected for policy reasons (gh-2228);
 2018-09-21 14:14:00 +02:00
sebres 8a0c06ba9e Merge branch '0.10' into 0.11 2018-09-14 11:01:40 +02:00
sebres 08f3f12f10 fix sporadic test-cases fails: change debug transmitter-message (sometimes confused with expected "Server ready" of server), better syntax for internal subst _use_flush; 2018-09-14 10:59:59 +02:00
sebres d01fe9d22a action.d/*.conf: correct comments for actionstart/actionstop 2018-09-12 16:01:57 +02:00
Ben RUBSON 9d7c0e00c1
Also log number of IPs removed/added 2018-09-08 09:28:42 +02:00
Sergey G. Brester 5b0c3e75d3
Merge pull request #2189 from yarikoptic/bf-initd-exit 
debian-initd: exit with non-0 if fail, account that 255 is "Ok" exit code, use 255 explicitly instead of -1
 2018-09-06 13:54:16 +02:00
Ben RUBSON 70e53b55c5
Typo 2018-08-19 22:39:18 +02:00
Ben RUBSON ec4c4b12c1
Add yes/no log option to badips.py 2018-08-19 22:35:09 +02:00
sebres 714fd8c915 Merge branch '0.10' into 0.11 2018-08-14 16:01:00 +02:00
sebres e392f510e2 fix sporadic time-related (multi-threaded) assertion errors (message was not found in the log). 2018-08-14 15:37:23 +02:00
Sergey G. Brester ee207d8c31
Merge pull request #2151 from benrubson/merge 
Apache SNI error / misredirect attempts rules are combined in one regex
 2018-08-14 14:56:49 +02:00
Ben RUBSON 77b35b8db7
Improvement 2018-08-14 14:07:32 +02:00
sebres addd26ae55 Merge branch '0.10' into 0.11 2018-08-14 11:13:15 +02:00
sebres e2a255d104 fixed typo in comments by "ignoreself" parameter 2018-08-14 11:11:19 +02:00
sebres 606761b3c7 Merge branch '0.10' into 0.11 2018-08-03 12:06:13 +02:00
sebres 6ad9bb56a0 Update ChangeLog 2018-08-03 12:05:40 +02:00
sebres e995d5a0b6 filter.d/freeswitch.conf: provide mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)` (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter how to set it to mode `normal`. 2018-08-03 11:42:15 +02:00
sebres bc2dbacc9a filter.d/freeswitch.conf: provide compatibility for log-format from gh-2193: 
- extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover
    `YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional);
  - more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);
 2018-08-03 11:22:30 +02:00
Yaroslav Halchenko ae359f6f05 BF: $value not $code 2018-07-24 14:29:43 -04:00
Yaroslav Halchenko 298f2c066a BF: account that now code 255 is the one to say "it is Ok, we are already running/stopped" 2018-07-24 13:24:29 -04:00
Yaroslav Halchenko f323eceec7 BF: debian-initd, exit with exit code in logend_msg_wrapper 
and do it unconditionally on the verbosity level
 2018-07-24 13:24:29 -04:00
Yaroslav Halchenko d9b9b6ba22 RF: exit codes are positive, so exit(255) instead of exit(-1) 2018-07-24 13:24:24 -04:00
sebres eb1156b099 Merge branch '0.10' into 0.11 2018-07-18 15:57:39 +02:00
sebres 22d37cdce2 sshd: fixed failregex for ddos (resp. aggressive) mode, to cover "authenticating user" case in log-message: 
Connection closed by authenticating user root 192.0.2.10 ... [preauth]
tests extended (also with few injection tries).
closes gh-2185.
 2018-07-18 15:31:04 +02:00
sebres 64d9e164cf extends samples test-case factory to see the matched regex number and expression in assert message (helps if some similar regexp's available in filter) 2018-07-18 15:30:06 +02:00
sebres d92381aaa9 fail2ban-regex: ignore lines having not empty match of `<F-NOFAIL>` from failregex (not a failure, so count as ignored and not as matched). 2018-07-18 15:23:56 +02:00
sebres 6a81cc9d8c Merge branch '0.10' into 0.11 2018-07-17 15:18:44 +02:00
sebres 8fe07e29ad filter.d/dovecot.conf: failregex enhancement to catch disconnected with "proxy dest auth failed"; 
closes gh-2184
 2018-07-17 15:06:42 +02:00
Michael Orlitzky c8ed0e0d91 files/fail2ban-openrc.init: use the standard OpenRC "retry" variable. 
If the "retry" variable is set in the service script, we don't have to
pass it to start-stop-daemon explicitly. While we can't immediately
eliminate any code with this change, it will be necessary later to
adopt the default OpenRC stop() function.
 2018-07-15 18:22:48 -04:00
Michael Orlitzky e0097aefb9 files/fail2ban-openrc.init: use RC_SVCNAME instead of hard-coding the name. 
If our service is installed under some other name, then we don't want
the service script to say things like "Starting fail2ban..." because
the name "fail2ban" won't make any sense at that point. Instead, we
use the $RC_SVCNAME variable to ensure that the service name matches
what we tell the user. Typically, however, $RC_SVCNAME will still be
"fail2ban".
 2018-07-15 18:20:55 -04:00