Commit Graph

867 Commits (da86ebca31e6ec2a45d46d9177599b97010881b1)

Author SHA1 Message Date
Yaroslav Halchenko 46510948a7 DOC: rudimentary manpage for fail2ban-testcases (+updated other mans for consistency) 2015-07-05 21:48:14 -04:00
Yaroslav Halchenko 38f8e1a82a DOC: added changelog for LC_ALL fix, tuned up other ChangeLog entries 2015-07-05 21:39:17 -04:00
Yaroslav Halchenko e38b4b8cb3 Merge pull request #1051 from leeclemens/bf/roundcube
Update regex to work with roundcube 1.0.5 and 1.1.1
2015-07-05 21:35:49 -04:00
Lee Clemens 423d5b761e Add changelog reference for socket error logging message 2015-07-04 12:37:52 -04:00
Lee Clemens f7444f16b8 Add optional session id prefix for roundcube 1.1.1 2015-07-04 11:06:51 -04:00
Lee Clemens 2796534a5d Update regex to work with roundcube 1.0.5 on CentOS 6 2015-07-04 11:02:04 -04:00
Yaroslav Halchenko e9e00d7599 DOC: ChangeLog -- a better description for cloudflare changes 2015-07-04 10:04:45 -04:00
Viktor Szépe a00ee15c06 Added Changelog entry 2015-07-04 14:12:38 +02:00
sebres f2d0230a67 reload in interactive mode appends all the jails twice (#825) 2015-06-22 17:57:01 +02:00
sebres 2f283079f8 reload server/jail failed if database used (but was not changed) and some jail active (#1072) 2015-06-22 17:56:39 +02:00
Yaroslav Halchenko 345820d2aa Merge pull request #1056 from ipoddubny/asterisk_security_log
Fix support for Asterisk security log
2015-05-25 12:50:13 -04:00
Yaroslav Halchenko eb091d9b8c Merge remote-tracking branch 'origin/master' into pr-1039
* origin/master:
  minor: no tripple empty lines
  add froxlor-auth filter and jail
  add froxlor-auth filter and jail 0
  add froxlor-auth filter and jail
  BF: Fix fail2ban-regex not parsing journalmatch correctly
2015-05-25 10:50:34 -04:00
Joern Muehlencord 4296d1a9a9 add froxlor-auth filter and jail 2015-05-25 13:51:06 +02:00
Ivan Poddubny 38d9f3e609 Asterisk security log: add tests and update ChangeLog 2015-05-25 08:32:49 +03:00
Steven Hiscocks 0c869910ea BF: Fix fail2ban-regex not parsing journalmatch correctly 2015-05-09 10:26:14 +01:00
Anton Shestakov 56e5821c06 Match unknown user in dovecot's passwd-file auth database 2015-04-30 16:53:10 +08:00
Yaroslav Halchenko fb336276d4 post-release tune ups
Conflicts:
	ChangeLog
	README.md
2015-04-29 09:02:48 -04:00
Yaroslav Halchenko acc4c2d104 Hope for release tomorrow 2015-04-28 23:52:48 -04:00
Yaroslav Halchenko 840fea9f71 Merge commit '0f75ed5e2ab1159e45a7771a7a4e90c877ec848e'
* commit '0f75ed5e2ab1159e45a7771a7a4e90c877ec848e':
  Just use a system wide python in the tests digest.py
  DOC: Slight tune up to RELEASE doc -- no need for PYTHONPATH to run tests
  MANIFEST: updated for some new files, sorted all entries, removed some duplicates
  Initial changes for the release -- simplified ChangeLog header etc
2015-04-28 23:51:32 -04:00
Aaron Brice 7ae0ef2408 Fix actions in ufw.conf
On Ubuntu 15.04 the ufw action was not working.
- With empty <application>, receiving errors:

2015-04-24 16:28:35,204 fail2ban.filter         [8527]: INFO    [sshd] Found 43.255.190.157
2015-04-24 16:28:35,695 fail2ban.actions        [8527]: NOTICE  [sshd] Ban 43.255.190.157
2015-04-24 16:28:35,802 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stdout: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stderr: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- returned 1

- With action = ufw[application=OpenSSH], it was silently not doing
  anything (no errors after "Ban x.x.x.x", but no IP addresses in ufw
  status).

Re-arranged the bash commands on two lines, and it works with or without
<application>.
2015-04-28 11:39:00 -07:00
Lee Clemens 8f792f52fb Add drupal-auth filter and jail 2015-04-27 13:10:27 -04:00
Yaroslav Halchenko ca849b93dc Initial changes for the release -- simplified ChangeLog header etc 2015-04-26 21:39:54 -04:00
Lee Clemens b530d88eca Merge remote-tracking branch 'upstream/master' into bf/1000-asteriskBlocksSelf
Conflicts:
	ChangeLog
2015-04-26 15:13:59 -04:00
Markus Oesterle b9a09af914 Added changes to ChangeLog & updated sample test cases 2015-04-16 21:33:57 +02:00
Thomas Mayer c0cf3daac8 Add myself to the changelog 2015-03-27 18:20:25 +01:00
Thomas Mayer c9b24839e4 Character detection heuristics for whois output via optional setting in mail-whois*.conf (Closes #1003)
when set by user,
 - detects character set of whois output (which is undefined by RFC 3912) via heuristics of the file command
 - converts whois data to UTF-8 character set with iconv
 - sends the whois output in UTF-8 character set to mail program
 - avoids that heirloom mailx creates binary attachment for input with unknown character set
2015-03-27 14:27:41 +01:00
Lee Clemens 72f4bcfbff Match hacking attempt IP instead of asterisk server IP (closes #1000) 2015-03-24 19:03:26 -04:00
Yaroslav Halchenko 320a28a4a4 DOC: make a warning for recidive jail to increase dbpurgeage (Closes #964) 2015-03-21 20:50:03 -04:00
Yaroslav Halchenko 31d107d181 BF: asyncore.loop poll=True for recent (>=3.4) pythons too
should avoid
  File /usr/lib/python3.4/asyncore.py, line 208, in loop
    poll_fun(timeout, map)
  File /usr/lib/python3.4/asyncore.py, line 145, in poll
    r, w, e = select.select(r, w, e, timeout)
OSError: [Errno 9] Bad file descriptor
2015-03-05 22:52:40 -05:00
Yaroslav Halchenko daa2a9e5d8 Merge pull request #975 from sebres/gh-973-fix
BF: binding parameter error (unsupported type) (closes gh-973) ...
2015-03-05 22:47:45 -05:00
Teubel György 0254cbf7fb Flush logs at USR1 signal 2015-02-26 23:23:10 +01:00
sebres 2bfe22aa66 makes test case more precise; 2015-02-25 15:05:32 +01:00
sebres 6c788a32ee BF: binding parameter error (unsupported type) by writing json with invalid encoded lines into sqlite database (gh-973);
especially python < 3.0; try to prevent occurring such errors in the future;
2015-02-25 11:56:11 +01:00
Yaroslav Halchenko 83805ee5dc Changelog for preceding merge 2015-02-14 16:07:28 -05:00
Yaroslav Halchenko 54e182e017 Merge pull request #955 from sebres/fail2ban-regex-gh-954
BF: fail2ban-regex does not read '.local' file of given filter (Close #954)
2015-02-14 09:44:54 -05:00
Yaroslav Halchenko ae2af0d51b Minor tune up to changelog (we should eventually just make it into .md format) 2015-02-14 09:37:13 -05:00
Yaroslav Halchenko 07b0ab07ad Merge branch 'master' of https://github.com/rumple010/fail2ban
* 'master' of https://github.com/rumple010/fail2ban:
  Changed default TTL value to 60 seconds.
  Added a reminder to create an nsupdate.local file to set required options.
  Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf.
  add nsupdate action

Conflicts:
	ChangeLog
2015-02-14 09:32:05 -05:00
sebres 74c6f6ac4b BF: fail2ban-regex does not read '.local' file of given filter (gh-954) 2015-02-13 15:36:00 +01:00
Yaroslav Halchenko 3fb2becddb Merge pull request #949 from leeclemens/enh/configSyslogSocket
Configure Syslog Socket Path (closes #814)
2015-02-06 20:08:15 -05:00
Yaroslav Halchenko 119a7bbb16 Merge pull request #939 from szepeviktor/geoip
Added sendmail-geoip-lines.conf
2015-02-06 11:32:41 -05:00
Lee Clemens d676a9fd4f update ChangeLog with syslogsocket config enhancement 2015-02-05 23:48:18 -05:00
Yaroslav Halchenko 40068f5f31 Merge pull request #933 from mrc0mmand/nginx-botsearch
Add jail nginx-botsearch and refactor common with apache-botsearch regexes into botsearch-common
2015-02-04 09:27:43 -05:00
Yaroslav Halchenko eaca33e227 Merge branch 'enh/clarifyDnsUtilsMethods' of https://github.com/leeclemens/fail2ban
* 'enh/clarifyDnsUtilsMethods' of https://github.com/leeclemens/fail2ban:
  Update ChangeLog
  Clarify filter.DNSUtils functions' terminology and add unittests

Conflicts:
	ChangeLog -- rephrased a bit as well
2015-02-03 20:29:03 -05:00
Lee Clemens ed71a7cd22 Update ChangeLog 2015-02-03 20:23:25 -05:00
František Šumšal 9bd25f51c1 Added ChangeLog and THANKS entry 2015-02-04 02:19:15 +01:00
Lee Clemens 4091fdde27 Update ChangeLog from PR 930 2015-02-03 19:54:23 -05:00
Orion Poplawski e7ff7e90b7 [postfix-sasl] update regexes
- Add : to match "SASL LOGIN authentication failed: Password:"
- Add ignoreregex to ignore system authentication issues:
  "warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Connection lost to authentication server"
- Add test log messages for both
2015-02-03 11:30:16 -07:00
Yaroslav Halchenko 646c799231 Changelog for above merge 2015-02-02 21:46:38 -05:00
Yaroslav Halchenko 73af02ffc6 Merge pull request #940 from leeclemens/ENH/ApacheFakeGoogleBot
New jail: apache-fakegooglebot
2015-02-02 21:44:04 -05:00
Yaroslav Halchenko 7f2d1a7269 minor changelog entry reformatting 2015-02-02 21:37:24 -05:00
Yaroslav Halchenko 7ada96b4e9 Merge pull request #932 from opoplawski/dovecot
Dovecot - dovecot auth failure from EL7
2015-02-02 21:37:28 -05:00
Yaroslav Halchenko 8f6d9c6a5a Merge branch 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban
* 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban:
  fixed typos, thanks szepeviktor for review
  ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)

Conflicts:
	ChangeLog
2015-02-02 21:21:44 -05:00
Yaroslav Halchenko 96ae041132 fixed typos, thanks szepeviktor for review 2015-02-02 21:21:37 -05:00
Lee Clemens 00961d5281 Remove ignorecommand addition from ChangeLog 2015-02-02 11:36:21 -05:00
Lee Clemens af078532ac New jail: apache-fakegooglebot
Detects fake googlebot user agents in apache access log
2015-02-02 00:42:01 -05:00
Viktor Szépe 0430e0dacc Changelog entry for sendmail-geoip-lines 2015-02-01 00:24:40 +01:00
Yaroslav Halchenko ec6a30efcf ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934) 2015-01-30 10:38:28 -05:00
Orion Poplawski b4776a1ba0 Match dovecot unknown user line 2015-01-29 09:37:37 -07:00
Orion Poplawski ee5c5b34d6 Add ChangeLog and THANKS entry 2015-01-29 09:14:41 -07:00
Yaroslav Halchenko 64feb0fd16 Merge pull request #924 from leeclemens/ENH/StatusExtendedInfo
Add extended info to status output using Cymru
2015-01-26 22:55:12 -05:00
Lee Clemens 486214585e Update extended status to accept additional argument, flavor
Default to as-in behavior, or flavor=="basic"
2015-01-26 19:38:06 -05:00
Andrew St. Jean e0f11ae722 Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf. 2015-01-26 11:30:41 -05:00
Yaroslav Halchenko 085d0f72ed ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z) 2015-01-26 09:19:44 -05:00
Yaroslav Halchenko 65980a70fc Merge branch 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban
* 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban:
  use iptables-allports for recidive

Conflicts:
	ChangeLog
2015-01-26 09:04:42 -05:00
Lee Clemens 60ac0a1a17 Add extended info to status output using Cyrmu 2015-01-24 12:45:42 -05:00
sebres 33e9e2174a recursive/embedded version of issue/907;
test cases merged from remote-tracking branch 'yarikoptic:enh/embedded_tags' into issue/907
infinite busy loop on _escapedTags match in substituteRecursiveTags gh-907
2015-01-20 17:18:25 +01:00
sebres b04a51246f infinite busy loop on _escapedTags match in substituteRecursiveTags gh-907 2015-01-20 11:32:15 +01:00
sebres 12e3cca3f2 port[s] typo fixed in jail.conf/nginx-http-auth, issue gh-913 2015-01-19 10:28:53 +01:00
Yaroslav Halchenko c7edd9e67f Merge pull request #901 from leeclemens/ENH/PostfixRBL
Create Jail for Postfix based on RBL
2015-01-07 21:45:36 -05:00
Yaroslav Halchenko 995b1d18df Merge pull request #906 from leeclemens/BF/755-strptime
Fix strptime thread safety issue
2015-01-07 20:40:14 -05:00
Lee Clemens 77677e43df Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL 2015-01-07 20:39:04 -05:00
sebres d5ebe542f9 Merge branch 'master' into 'sebres:ban-time-incr' 2015-01-05 19:14:51 +01:00
Lee Clemens 4714028c69 Change case and tense for consistency 2015-01-03 16:16:23 -05:00
Lee Clemens bda8dc1926 Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL 2015-01-03 15:29:42 -05:00
Lee Clemens 2f360ce447 Update Changelog with strptime fix 2015-01-03 15:26:34 -05:00
Lee Clemens 38641e741a Merge branch 'master' of github.com:fail2ban/fail2ban into BF/755-strptime
Conflicts:
	ChangeLog
2015-01-03 15:25:54 -05:00
Lee Clemens 541a747d79 Update Changelog with strptime fix 2015-01-03 15:19:58 -05:00
TorontoMedia 74c3d5d96c Updated ChangeLog 2015-01-01 13:26:11 -05:00
TorontoMedia 948eec6425 Upd 2015-01-01 12:56:17 -05:00
TorontoMedia a47001ea0e Updated ChangeLog 2015-01-01 12:41:31 -05:00
TorontoMedia c2bb3253ad Update ChangeLog 2015-01-01 05:27:18 -05:00
Yaroslav Halchenko acfa83229b Merge branch 'master' of git://github.com/fail2ban/fail2ban
* 'master' of git://github.com/fail2ban/fail2ban:
  Update year in postfix logs test file
  Add 'Client host rejected error message' regex Not sure if it was reworded (using Postfix 2.6) or a slightly different error, but I only have "Client host rejected: cannot find your hostname"
2014-12-31 01:12:56 -05:00
Lee Clemens fe72a5585c Create Jail for Postfix based on RBL
Use RBL blocks to ban addresses, unique Jail so maxretry can be set to 1 (vs postfix.conf)
2014-12-30 19:06:17 -05:00
Lee Clemens 2d7429c47c Add 'Client host rejected error message' regex
Not sure if it was reworded (using Postfix 2.6) or a slightly different error, but I only have "Client host rejected: cannot find your hostname"
2014-12-30 18:05:19 -05:00
Yaroslav Halchenko d65c4f8f5d moved debian's initd file to files/debian-initd from debian branch 2014-12-30 16:45:35 -05:00
Yaroslav Halchenko bcfcefa203 Merge branch 'patch-2' of https://github.com/szepeviktor/fail2ban
* 'patch-2' of https://github.com/szepeviktor/fail2ban:
  downcase example
  Added an item to "Fixes"
  postfix-sasl failregex case insensitive
2014-12-30 16:35:09 -05:00
Viktor Szépe 10f68f4946 Update ChangeLog 2014-12-24 15:00:25 +01:00
Viktor Szépe 190f55b06e Added an item to "Fixes" 2014-12-11 01:34:20 +01:00
sebres 27bc2e012d Merge remote-tracking branch 'master' into sebres:ban-time-incr 2014-12-05 17:41:45 +01:00
bes-internal ccc986b7d8 exim filter: correct failregex for exim with extended log options
incoming_interface, incoming_port, outgoing_port
2014-12-04 13:34:44 +03:00
sebres 5ca275876b Merge remote-tracking branch 'remotes/upstream/master' into sebres:ban-time-incr 2014-12-01 23:28:58 +01:00
sebres 5dc1a583b4 Merge remote-tracking branch 'remotes/upstream/master' into sebres:ban-time-incr
Conflicts:
	fail2ban/server/actions.py
	fail2ban/server/database.py
	fail2ban/tests/databasetestcase.py
	fail2ban/tests/servertestcase.py
2014-12-01 13:57:51 +01:00
sebres 80fb48c5b0 Merge remote-tracking branch 'remotes/upstream/master' into sebres:addfailregex-gh-867 2014-12-01 13:14:42 +01:00
sebres effdb450fc better and scalable solution for gh-867 (and gh-868), using only name convention like %(known/failregex)s to add custom expressions, so no interface changes in jail.conf are necessary (for example see test-known-interp in test cases); 2014-11-29 20:33:32 +01:00
Yaroslav Halchenko 9bab6d0009 Changelog entry for preceding fix 2014-11-29 09:52:25 -05:00
sebres d63b125877 interpolation of config readers extended with `%(known/parameter)s`.
(means last known option with name `parameter`).
2014-11-28 19:06:17 +01:00
sebres 1439152121 test cases extended (now correct) 2014-11-28 14:52:12 +01:00
sebres cad09d2df3 BF: failregex declared direct in jail was joined to single line, (specifying of multiple expressions was not possible);
feature request (gh-867): new options for jail introduced addfailregex/addignoreregex: extends regex specified in filter (opposite to failregex/ignoreregex that overwrites it);
2014-11-28 03:17:47 +01:00
Yaroslav Halchenko 2a3790f8e8 use iptables-allports for recidive 2014-11-04 13:24:54 -05:00
Yaroslav Halchenko a44cfba9ae Merge pull request #841 from opoplawski/firewallcmd-multiport
ChangeLog for firewallcmd-new multiport support
2014-10-30 18:32:26 -04:00
Orion Poplawski 21be983620 ChangeLog for firewallcmd-new multiport support 2014-10-30 16:11:34 -06:00
Yaroslav Halchenko 967485c2d0 improving grepping 2014-10-29 23:14:47 -04:00
Yaroslav Halchenko 36abb5ed96 BF: fix $ for % in jail.conf. Debian bug #767255 2014-10-29 13:08:51 -04:00
sebres c1db282fcd Merge remote-tracking branch 'remotes/upstream/master' into sebres:ban-time-incr 2014-10-28 16:38:26 +01:00
Yaroslav Halchenko 7acddcbe4a Post-release boost to .dev 2014-10-27 23:45:51 -04:00
Yaroslav Halchenko 987356d6c0 Changes for the 0.9.1 release versioning 2014-10-27 21:43:17 -04:00
sebres 361c220846 Merge remote-tracking branch 'remotes/upstream/master' into sebres:ban-time-incr;
normalize code to python >= 2.6;
2014-10-25 19:05:53 +02:00
pacop b60e2bf42f Add portsentry to changelog 2014-10-25 18:17:57 +02:00
sebres 48cd1262fe Merge 'upstream/master' into sebres:ban-time-incr 2014-10-23 23:34:43 +02:00
Yaroslav Halchenko e2f49b7334 DOC: very minor (tabs/spaces) 2014-10-23 14:44:10 -04:00
sebres 8f2561e289 Merge remote-tracking branch 'remotes/origin/_tent/cache-config-read' into ban-time-incr 2014-10-20 01:37:36 +02:00
sebres 7d3e6e9935 code review, change log entries added; 2014-10-10 20:06:58 +02:00
sebres 20e6989c73 Merge 'upstream/master' into ban-time-incr:
Merge remote-tracking branch 'sebres:cache-config-read-820' into ban-time-incr:
config cache optimized - prevent to read the same config file inside different resources multiple times;
test case: read jail file only once;
+ optimized merge: use OrderedDict.update instead of merge in cycle;
2014-10-08 16:37:07 +02:00
SlowRiot 7b5dc9f24f adding test case, changelog and thanks entries for apache shellshock filter 2014-09-26 18:48:56 +01:00
sebres 930678cc0e Merge remote-tracking branch 'remotes/upstream/master' into ban-time-incr 2014-09-16 13:53:15 +02:00
Nick Weeds 2c158fe168 Add apache filter for AH01630 client denied by server configuration 2014-09-14 21:54:05 +01:00
Yaroslav Halchenko 8f521b8551 DOC: Changelog and THANKS for previous changes 2014-09-13 10:27:37 -04:00
Daniel Black 1864f75b3b Credits and notes from #806 2014-09-08 19:02:37 +10:00
Yaroslav Halchenko 0d9cfb84e3 Merge pull request #778 from yarikoptic/enh/symbiosis
ENH: symbiosis-blacklist-allports action
2014-08-20 23:00:11 -04:00
sebres 62c755c1d5 Merge remote-tracking branch 'upstream/master' into ban-time-incr
Conflicts resolved:
	fail2ban/server/database.py
	fail2ban/tests/servertestcase.py
delBan modified (if manually unban):
	delete from "bips" also (bad ips)
	delete all tickets of this ip, also if currently not banned
2014-08-15 11:39:55 +02:00
Yaroslav Halchenko 3576c509f5 changelog entry for postfix-sasl fix 2014-08-12 11:08:39 -04:00
Yaroslav Halchenko 6fc04c2256 Merge branch 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban (with some tune up to Changelog entry)
* 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban:
  ENH: cyrus-imap -- catch also 'user not found' attempts
  BF: cyrus-imaps -- catch also for secured daemons

Conflicts:
	ChangeLog
2014-08-11 13:09:43 -04:00
Yaroslav Halchenko 818dd59d65 ENH: symbiosis-blacklist-allports action 2014-08-08 11:57:30 -04:00
Yaroslav Halchenko 4a23a7dcf1 Merge pull request #766 from leftyfb/master
Added cloudflare action
2014-07-28 15:34:09 -04:00
Yaroslav Halchenko 2756bbe12a changelog and thanks for the preceding fix
Conflicts:
	ChangeLog
	THANKS
2014-07-28 12:48:50 -04:00
leftyfb 2179c8293c ChangeLog Added and entry about Cloudflare action 2014-07-28 11:24:38 -04:00
Yaroslav Halchenko a35b62500f changelog entries for already merged and upcoming merge 2014-07-28 10:18:33 -04:00
Yaroslav Halchenko effa1bc757 Merge branch 'master' of github.com:fail2ban/fail2ban
* 'master' of github.com:fail2ban/fail2ban:
  Update courier-smtp.conf
  I don't understand those years.
  added Jul 3 & Jul 4
  Update courier-smtp.conf
  named users + smtp atuh probes
  BF: Remove manually unbanned IPs from persistent database
  typo
2014-07-28 10:14:40 -04:00
Yaroslav Halchenko edfdeecfe6 DOC: Changelog for recent merge 2014-07-27 21:48:55 -04:00
Yaroslav Halchenko 3339dc8d84 ENH: cyrus-imap -- catch also 'user not found' attempts 2014-07-25 10:13:04 -04:00
Yaroslav Halchenko 3e5c598b79 BF: cyrus-imaps -- catch also for secured daemons 2014-07-25 10:02:40 -04:00
Steven Hiscocks 01d02ca5e6 BF: Remove manually unbanned IPs from persistent database
Stops them being restored when Fail2Ban is restarted. Particularly this
is an issue with bantime < 0

Fixes gh-768
2014-07-19 15:17:32 +01:00
Steven Hiscocks e301d6c840 DOC: Update ChangeLog for change in b73ed9b 2014-07-19 15:15:38 +01:00
Yaroslav Halchenko 78d8ea2e50 Merge pull request #760 from yarikoptic/enh/exim4_debian_path
BF: fix path to the exim log on Debian and Fedora systems
2014-07-18 09:59:08 -04:00
Sean DuBois 84b7e93a47 ENH: Add version command to protocol
TST: Add test for version server command
2014-07-15 06:19:13 +00:00
Yaroslav Halchenko 6cddc65cee BF: path to exim's mainlog on Fedora (Thanks Frantisek Sumsal) + changelog entry 2014-07-14 12:16:12 -04:00
sebres 00b7205a3c Merge remote-tracking branch 'remotes/upstream/master', fix test cases (see bellow)
Conflicts resolved:
	ChangeLog
	fail2ban/server/filter.py
	fail2ban/server/jail.py
	fail2ban/tests/actionstestcase.py
Test cases fixed:
	testBanActionsAInfo - fail ticket with current time (otherwise ticket will be ignored - ban time too old)
	testFail2BanExceptHook - use local sys.__excepthook__ to check was really executed and prevent write error in stderr.
2014-06-24 14:02:24 +02:00
Yaroslav Halchenko c7de888cd3 DOC: Changelog for previous merge (pass a copy of aInfo) 2014-06-22 10:59:43 -04:00
Yaroslav Halchenko 305b31ae1c DOC: ChangeLog -- Added an entry about iptables-common.conf 2014-06-22 10:29:23 -04:00
Steven Hiscocks 2d54161696 Merge branch 'kwirk/harmonize-log-msgs'
Conflicts:
	ChangeLog - Keep all additions
2014-06-22 12:57:49 +01:00
Steven Hiscocks 76a5633ff9 Merge pull request #739 from ranvis/enh-iptables-ipsets
ENH: Add <chain> to iptables-ipsets.
2014-06-21 22:48:49 +01:00
sebres ccf2521a6d Merge branch 'master' of https://github.com/fail2ban/fail2ban into ban-time-incr;
Conflicts in ChangeLog resolved;
obsolete imports removed;
2014-06-19 17:40:00 +02:00
Yaroslav Halchenko 4190a4030c Merge branch 'sebres-strptime-bug' of https://github.com/kwirk/fail2ban
* 'sebres-strptime-bug' of https://github.com/kwirk/fail2ban:
  DOC: Tweak ChangeLog and THANKS
  DOC: Update docs in reference to time zone related fix
  TST: Fix tests due to @sebres fix and based from gh-349 reverts
  strptime bug fix: if gmtoff is None we have 1 hour increment of time (through utctimetuple), compare: >>>> datetime.datetime.fromtimestamp(time.mktime(datetime.datetime.now().timetuple())).strftime("%Y-%m-%d %H:%M:%S") '2014-04-29 17:26:31' >>>> datetime.datetime.fromtimestamp(time.mktime(datetime.datetime.now().utctimetuple())).strftime("%Y-%m-%d %H:%M:%S") '2014-04-29 18:26:37'

Conflicts:
	ChangeLog
2014-06-16 09:28:41 -04:00
SATO Kentaro 1e1c4ac62a ENH: Add <chain> to iptables-ipsets. 2014-06-16 21:30:13 +09:00
Steven Hiscocks f7da091437 ENH: Log unhandled exceptions to Fail2Ban log 2014-06-09 22:27:51 +01:00
Steven Hiscocks e8131475cd ENH: Realign and harmonise log messages with getF2BLogger helper 2014-06-09 22:17:00 +01:00
sebres 70080b112a Merge branch 'master' of https://github.com/fail2ban/fail2ban into ban-time-incr 2014-06-06 19:46:38 +02:00
Steven Hiscocks 1fa8f9fa70 DOC: Tweak ChangeLog and THANKS 2014-05-15 22:18:07 +01:00
Steven Hiscocks fc4b69a282 DOC: Update ChangeLog fix for ip{,jail}failures action tags 2014-05-15 22:15:12 +01:00
Steven Hiscocks 1c20fd88d4 DOC: Update docs in reference to time zone related fix 2014-05-14 23:04:48 +01:00
Yaroslav Halchenko 2526dbae92 Merge branch 'recursive-tag-fix' of https://github.com/kwirk/fail2ban
* 'recursive-tag-fix' of https://github.com/kwirk/fail2ban:
  ENH: explicitly define tags which should be escaped
  DOC: ChangeLog update for recursive tag bug fix
  BF: Tags not fully recursively substituted

Conflicts:
	ChangeLog -- kept all as is
2014-05-13 11:23:30 -04:00
Yaroslav Halchenko c619202d6f Merge branch 'master' of github.com:fail2ban/fail2ban
* 'master' of github.com:fail2ban/fail2ban:
  ENH: Match non "Bye Bye" for sshd locked accounts failregex
  Even stricter monit regex, now covers entire line
  Tidy up filter.d/monit.conf, make regex more complete. Add ChangeLog / THANKS entry. Add test cases.
  ENH: Move traceback formatter to from tests.utils to helpers
  Block brute-force attempts against the Monit gui
2014-05-10 20:02:47 -04:00
Steven Hiscocks 904b362215 DOC: ChangeLog update for recursive tag bug fix
Also minor typo fixes in comments
2014-05-09 20:25:44 +01:00
Steven Hiscocks 77ba065571 Merge pull request #697 from jhmartin/monit_admin_hack
Block brute-force attempts against the Monit gui
2014-05-07 22:23:01 +01:00
Yaroslav Halchenko 1f8b554d31 Merge branch 'database-persistent-bans' of https://github.com/kwirk/fail2ban
* 'database-persistent-bans' of https://github.com/kwirk/fail2ban:
  BF: bantime < 0 database should return all bans, as they are persistent

Conflicts:
	ChangeLog - kept all ;)
2014-05-05 23:29:35 -04:00
Yaroslav Halchenko 3eabf4a7bd Merge pull request #708 from kwirk/ssh-bye-bye
ENH: Match non "Bye Bye" for sshd locked accounts failregex
2014-05-05 23:22:57 -04:00
Yaroslav Halchenko 65269365ee minor 2014-05-05 23:16:18 -04:00
Steven Hiscocks 1e8402cb99 DOC: ChangeLog entry for Python 3.4.0 persistent "/dev/urandom" fix 2014-05-03 12:51:15 +01:00
Steven Hiscocks bc10b64c69 ENH: Match non "Bye Bye" for sshd locked accounts failregex 2014-04-27 13:35:55 +01:00
Steven Hiscocks 7cc64a14e0 BF: fail2ban-regex assertion error caused by miscounted "missed" lines
Caused when removing lines as part of multiline regex, which had been
previously considered missed.
2014-04-27 13:27:11 +01:00
Steven Hiscocks bbcbefd494 BF: bantime < 0 database should return all bans, as they are persistent 2014-04-22 19:20:44 +01:00
Jason Martin 72bfd14330 Tidy up filter.d/monit.conf, make regex more complete.
Add ChangeLog / THANKS entry.
Add test cases.
2014-04-19 13:04:03 -07:00
Steven Hiscocks 03d90c2f42 BF: recidive filter and samples at wrong log level: WARNING->NOTICE 2014-04-19 18:07:23 +01:00
Yaroslav Halchenko af07b2edf8 very minor 2014-04-18 23:59:24 -04:00
Steven Hiscocks abfa7fa7e3 DOC: Update ChangeLog 2014-04-03 18:47:38 +01:00
Daniel Black e3be822245 DOC: nginx-http-auth filter 2014-04-03 21:30:45 +11:00
Steven Hiscocks dc24d3d494 BF: On jail restart reinstatement of bans, fetch one ticket per IP
Closes gh-664
2014-03-29 21:44:39 +00:00
Ruben Kerkhof 1695d5c076 Fix a few typos
Found with https://github.com/lucasdemarchi/codespell

Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
2014-03-24 13:16:52 +00:00
Steven Hiscocks 7046388291 Merge branch 'database-no-sqlite'
Conflicts:
	ChangeLog
        - Entries added in both branches, both kept
2014-03-22 17:34:38 +00:00
Steven Hiscocks 1470e3c01d BF: fail2ban.conf reader expected "int" type for `loglevel`
Closes #657
2014-03-19 19:09:07 +00:00
Steven Hiscocks 8c129cc283 DOC: Update ChangeLog fixes 2014-03-19 18:59:00 +00:00
Daniel Black e3839777d1 DOC: ChangeLog for gh-652 2014-03-18 08:02:39 +11:00
Yaroslav Halchenko 65628e303c Merge commit '0.8.13-1-ga8d0cc9'
* commit '0.8.13-1-ga8d0cc9':
  DOC: remove duplicate update of Fail2ban_Version
  DOC: DEVELOP release note changes
  PKG: version release
  PKG: include nagios filter/log
  DOC/ENH: update man pages for release

Conflicts:
	ChangeLog
	DEVELOP
	MANIFEST
	fail2ban/version.py
	man/fail2ban-client.1
	man/fail2ban-regex.1
	man/fail2ban-server.1
2014-03-17 10:25:12 -04:00
Steven Hiscocks 8f4a99f81f DOC: Document recent changes 2014-03-16 21:59:50 +00:00
Steven Hiscocks b89d05c57d DOC: Document recent fixes 2014-03-16 21:55:41 +00:00
Daniel Black 755e35fdfe DOC: syntax 2014-03-17 08:43:34 +11:00
Daniel Black c602dea3c3 DOC: new ChangeLog header 2014-03-17 08:43:00 +11:00
Daniel Black cee3414029 PKG: version release 2014-03-15 19:06:37 +11:00
Daniel Black 9bee8b3257 Merge branch '0.9' 2014-03-15 18:41:34 +11:00
Daniel Black 77fda9498c ENH: pull asterisk filter change to support syslog from 0.9 branch 2014-03-14 23:15:46 +11:00
Daniel Black 8671b73958 DOC: versioning and release/readme notes 2014-03-14 23:08:25 +11:00
Daniel Black aa7e8fb9ce DOC: Credits. close gh-644 2014-03-14 22:30:44 +11:00
Daniel Black 476d79d3cc ENH: asterisk filter to support syslog format 2014-03-14 09:03:27 +11:00
Steven Hiscocks 0222ff4677 Merge branch 'badips-blacklist' into 0.9
Conflicts:
	ChangeLog
        - entires added in both branches.

Change:
        config/action.d/badips.py
        - jail.getName() changed to jail.name
2014-03-13 20:01:15 +00:00
Steven Hiscocks 0c63d0061a DOC: Add documentation for badips.py action 2014-03-13 19:58:32 +00:00
Steven Hiscocks 406fe0f5b6 DOC: Additional entries to ChangeLog 2014-03-12 21:20:24 +00:00
Steven Hiscocks 742e52269a DOC: Added jail.conf(5) and ChangeLog for "logencoding" 2014-03-12 21:00:25 +00:00
Steven Hiscocks 725a8261fe DOC: Add items to ChangeLog and readded jail.conf(5) for logpath tail
jail.conf change merged from 6a395f4cf7
2014-03-12 20:48:52 +00:00
Daniel Black cc8ec826c5 MRG: from master 2014-03-02 2014-03-02 14:33:45 +11:00
Daniel Black c10cc20928 ENH: rename sendmail-spam to sendmail-reject 2014-02-28 08:41:04 +11:00
Daniel Black 3d776afbb0 ENH: add filter for sendmail-{auth,spam}. Closes gh-20 2014-02-26 19:16:49 +11:00
Steven Hiscocks f68d85a6ac Merge branch 'master' into 0.9
Conflicts:
	ChangeLog
                Spelling correction of 0.8.13 fixed in master
	config/jail.conf
                Added nagios and duplicate php-url removal in master
                Just nagios added, duplicate not issue in 0.9
2014-02-13 20:14:40 +00:00
Daniel Black 5f4d0ed576 ENH: ssh filter - "Disconnecting: Too many authentication failures.." matching Connection log message 2014-02-13 09:13:46 +11:00
Yaroslav Halchenko c424e4032d DOC: minor - replace tabs with spaces for consistent formatting 2014-02-07 00:41:22 -05:00
Daniel Black 1c740636e3 Merge pull request #603 from truxoft/master
ENH: Nagios filter
2014-02-06 11:09:49 +11:00
Chris Markle 20886288e5 Correct spelling error in changelog
I know it's a nit but still... ;)
2014-02-05 10:44:46 -08:00
Ivo Truxa a8a43e8f38 ENH: Nagios filter
new filter Nagios added
2014-02-03 22:01:22 +01:00
Daniel Black 59b9045e88 MRG: from master 2014-02-02 2014-02-02 13:21:16 +11:00
Daniel Black 9b614ce486 ENH: dovecot filter enhancements 2014-01-29 20:27:45 +11:00
Daniel Black a749a2780e Merge pull request #593 from grooverdan/tine
ENH: Tine20 filter
2014-01-26 18:50:42 -08:00
Daniel Black 3c48e3f035 DOC: changelog for pure-ftpd filter fixes 2014-01-25 12:22:27 +11:00
Daniel Black 1e1261ccb4 MRG: from master 2014-01-23 2014-01-23 17:45:18 +11:00
Daniel Black ca57427080 BF: firewallcmd-ipset had non-working actioncheck 2014-01-23 17:41:13 +11:00
Daniel Black 2063d96e59 MRG: import Lars' PR for tine20 2014-01-22 18:12:19 +11:00
Daniel Black 499b33f8a6 DOC: post release versioning 2014-01-22 08:37:51 +11:00
Daniel Black 33dd1733fb DOC: version and release date to 0.8.12 on 2014-01-22 2014-01-19 16:25:23 +11:00
Daniel Black a650178bd1 MRG: merge from master 2014-01-19 2014-01-19 14:48:29 +11:00
Daniel Black 10edd994d1 DOC: ChangeLog for kerio filters 2014-01-18 23:21:44 +11:00
Steven Hiscocks 0b4dd6272c Merge pull request #589 from grooverdan/one-bad-regex-gh-585
fault tolerance when pushing multiple configurations
2014-01-18 03:27:52 -08:00
Daniel Black 5ade6a13af DOC: ChangeLog dateing and normalisation 2014-01-18 21:00:24 +11:00
Daniel Black 058621f9bd ENH: continue with rest of fail2ban config even if errors. Closes gh-585 2014-01-18 20:16:38 +11:00
Daniel Black 2647461a3c DOC: ChangeLog. Note incompatible changes and group new filters and actions under New Features 2014-01-18 19:38:25 +11:00
Daniel Black 1452be4a3a Merge pull request #588 from grooverdan/badips
ENH: Badips action (reporting)
2014-01-17 23:10:29 -08:00
Daniel Black 93613e82f0 DOC: credits for action.d/badips 2014-01-15 09:40:18 +11:00
Daniel Black 657da2041c BF: dovecot filters, session characters and order of session/tls in log messages 2014-01-15 08:02:47 +11:00
Daniel Black c7f887642d Merge branch '0.9' into master_to_0.9 2014-01-13 21:23:42 +11:00
Daniel Black 3de80545e0 MRG: from master 2014/01/13 2014-01-13 21:23:39 +11:00
Lars Kneschke 47dd8fb897 ENH: filter for Tine 2.0 2014-01-13 06:04:59 +01:00
Daniel Black 6b0e6b9bca ENH: add improper command pipelining postfix filter 2014-01-13 06:59:59 +11:00
Daniel Black cd3e94140c MRG: complete merge 2014-01-12 21:16:55 +11:00
Daniel Black f2e55e8499 ENH: add filter for squirrelmail. Closes gh-261 2014-01-12 20:27:36 +11:00
Tomas Pihl b52a4441fd Support ACL-events without AccountID. Typically happens when a registration
from an unknown domain is performed.

Add credits
2014-01-12 01:28:55 +01:00
Steven Hiscocks 128112d51c ENH: ejabberd filter 2014-01-09 22:47:17 +00:00
Daniel Black 8333abe420 Merge pull request #557 from grooverdan/apache-botsearch
ENH: Apache botsearch + BF: tag substition
2014-01-09 14:11:00 -08:00
Steven Hiscocks 7e8da15fc6 Merge pull request #572 from grooverdan/counterstrike
ENH: Counter Strike filter
2014-01-08 12:47:10 -08:00
Daniel Black b6676dbadc DOC: spelling of Counter Strike 2014-01-08 07:45:26 +11:00
Yaroslav Halchenko 6532a2e2f7 Merge pull request #548 from grooverdan/exim-honeypot
Exim honeypot
2014-01-07 06:14:42 -08:00
Daniel Black 0fb6bc7188 ENH: add filter for Counter Strike 1.6. Closes gh-347 2014-01-07 20:33:57 +11:00
Daniel Black 9e087b508d MRG: from 0.9 2014-01-07 16:11:40 +11:00
Daniel Black 58ebf659e4 MRG: from 0.9 to make history cleaner 2014-01-07 16:07:58 +11:00
Daniel Black 76468942f9 MRG: complete merge from master 2014-01-07 10:24:23 +11:00
Steven Hiscocks bb11c29667 Merge pull request #567 from grooverdan/groupoffice-filter
ENH: add filter groupoffice. Closes gh-566
2014-01-06 10:31:32 -08:00
Daniel Black b9cd492e9f Merge pull request #555 from grooverdan/nagios_fix
BF: nagios fix
2014-01-06 03:12:26 -08:00
Daniel Black 3ee6e993c6 MRG: merge ChangeLog for nagios fix 2014-01-06 22:09:10 +11:00
Daniel Black fecb07f36d MRG: filter substition 2014-01-06 22:07:49 +11:00
Daniel Black db7b7bfefa Credits for groupoffice 2014-01-06 22:00:12 +11:00
alasdairdc 67c44a5001 Update ChangeLog 2014-01-06 10:44:21 +00:00
Daniel Black a8e0498389 BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHANGE_FAILED. closes gh-289 2014-01-05 21:26:26 +11:00
Daniel Black 23f0b854da MRG: merge in freeswitch 2014-01-04 12:24:40 +11:00
Daniel Black 05b159c74b Merge pull request #464 from grooverdan/increase-jail-name-length
ENH: Actions to have f2b- as prefix instead of fail2ban- as per #462
2014-01-03 14:48:56 -08:00
Daniel Black 3d1a1afca4 MRG: to more recent 0.9 2014-01-04 09:31:05 +11:00
Daniel Black 7c09a61ca5 ENH: add apache-botsearch. Closes gh-544 2014-01-03 23:12:58 +11:00
Daniel Black b8536490ef ENH: filter for stunnel from fail2ban wiki 2014-01-03 19:32:29 +11:00
Daniel Black 04d28fd2e1 ENH: add filter freeswitch - as raised on mailing list 2014-01-03 13:00:37 +11:00
Daniel Black 117d3b0466 MRG: horde filter from master 2014-01-03 10:34:59 +11:00
Daniel Black 83f3aeb308 ENH: filter for horde 2014-01-02 23:12:36 +11:00
Daniel Black 9c7bb3b97e ENH: exim-spam to take honeypot email address as argument. Closes #541 2014-01-01 22:45:13 +11:00
Daniel Black 391b5fc883 MRG: from master again 2014-01-01 2014-01-01 19:28:38 +11:00
Daniel Black 1b037a6f29 DOC: document addition of filter options substitution into failregex/ignoreregex 2013-12-31 19:15:11 +11:00
Daniel Black 856407379b ENH: add filter openwebmail. Closes gh-543. 2013-12-31 08:09:00 +11:00
Daniel Black 332d37f363 DOC: python-2.6 minimium now. Closes gh-526
Clean up ChangeLog and README.md to reflect these changes.
Remove credit from developers for individual changes to be consistent
with the 0.8.12 ChangeLog. Update summary and priority of items listed
in ChangeLog.
2013-12-30 04:57:16 +00:00
Daniel Black e220210dc4 DOC: fix ChangeLog entry for exim-spam 2013-12-29 21:55:04 +00:00
Daniel Black dbca949e5e DOC: typo in ChangeLog 2013-12-29 21:26:30 +00:00
Daniel Black d727ba639a ENH: exim-spam to include spamassassin log entry. Closes gh-533 2013-12-29 20:16:37 +00:00
Daniel Black 4a0e428563 DOC: change log for asynchat.push change 2013-12-29 07:11:57 +00:00
Daniel Black c074773805 ENH: apache modsecurity from 0.9 branch 2013-12-29 07:06:13 +00:00
Daniel Black be382dae4d MRG: ufw changelog conflicts 2013-12-29 05:45:06 +00:00
Daniel Black 1f6ece2a40 Merge pull request #490 from grooverdan/firewallcmd-ipset
ENH: add firewallcmd-ipset
2013-12-28 21:43:49 -08:00
Daniel Black ea2a13946e TST: more test of filters 2013-12-29 05:29:59 +00:00
Daniel Black c9cfdca396 ENH: add filter for apache-modsecurity 2013-12-28 22:28:11 +00:00
Daniel Black d3c065bf76 ENH: add PyPy compatibility 2013-12-27 05:15:33 +00:00
Daniel Black 1b7df1181f BF: apache-2.4 log format fix. Closes gh-516 2013-12-23 08:28:40 +00:00
Yaroslav Halchenko 7af58b9984 Merge branch 'apache-noscripts' of https://github.com/grooverdan/fail2ban
* 'apache-noscripts' of https://github.com/grooverdan/fail2ban:
  ENH: apache-noscript now matched php-cgi scripts. Closes gh-503

Conflicts:
	ChangeLog -- two new entries collided,  Reformatted the merged one a bit
2013-12-22 22:28:57 -05:00
Daniel Black a9b7d33c51 ENH: apache-noscript now matched php-cgi scripts. Closes gh-503 2013-12-19 10:01:24 +00:00
Steven Hiscocks d22716ab63 ENH: Add nsd filter and amend DateEpoch to match date format 2013-12-18 22:31:54 +00:00
alasdairdc 04c267c307 Updated Changelog 2013-12-18 08:36:30 +00:00
Daniel Black 7c0efc8ec8 MRG: merge so far - flushLogs not working yet 2013-12-16 15:08:34 +00:00
Steven Hiscocks 66e9f06feb DOC: ChangeLog moved python3 support to refactoring 2013-12-14 17:46:13 +00:00
Steven Hiscocks 401d8aba1f DOC: Update ChangeLog with systemd backend and persistent database 2013-12-14 17:20:21 +00:00
Daniel Black f1e593da67 DOC: Changelog for adding firewallcmd-ipset 2013-12-14 10:27:11 +00:00
Daniel Black f35345ecaa ENH: add ufw action based off Guilhem Lettron's work in lp-#701522. Closes gh-455 2013-12-14 00:34:12 +00:00
Daniel Black 13ccebe78f BF: fix actioncheck in firewallcmd 2013-12-13 23:40:51 +00:00
Daniel Black 66374913ec ENH: add squid filter 2013-12-10 21:24:37 +11:00
Daniel Black f385439a41 MRG: ChangeLog merge 2013-12-09 09:28:42 +11:00
Daniel Black 80df01bf15 Merge pull request #468 from grooverdan/xarf
ENH: action.d/Xarf reporting of messages
2013-12-08 14:26:37 -08:00
Steven Hiscocks 7115f64f83 Merge pull request #470 from grooverdan/flush-logs
BF: create flushlogs command to prevent logrotation clobbering logtarget...
2013-12-06 16:30:16 -08:00
Daniel Black e07ba41870 Merge pull request #463 from grooverdan/firewall-cmd-direct-new-length-too-long
BF: firewall-cmd-direct-new was too long. Thanks Joel.
2013-12-05 12:42:55 -08:00
Daniel Black b5d6310d28 BF: create flushlogs command to prevent logrotation clobbering logtarget. Closes gh-458 2013-12-04 20:51:30 +11:00
Daniel Black 9c1a679b7f DOC: changelog for xarf-login-attack action 2013-12-01 17:51:31 +11:00
Yaroslav Halchenko 2c1199cce0 Let's progress and mark a2 release toward 0.9.0 2013-11-30 12:25:17 -05:00
Daniel Black 95845b7b65 BF: complain action could match too many IP addresses 2013-11-30 17:47:10 +11:00
Yaroslav Halchenko 3a5983ab0b Merge branch 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban
* 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban:
  Changelog entries for the last changes
  ENH: added optional [PID] matching in recidive.conf
  ENH: reintroducing levelnameinto syslog msgs, time stamp and indentation in non-syslog msgs
  BF/ENH: include [PID] into logging msgs, remove indentation from syslog messages

Conflicts:
	ChangeLog
2013-11-29 19:58:56 -05:00
Daniel Black f7504d5b64 MRG: conflict in THANKS 2013-11-30 10:39:19 +11:00
Yaroslav Halchenko 982d5abbef Merge branch 'namelength20' of https://github.com/grooverdan/fail2ban
* 'namelength20' of https://github.com/grooverdan/fail2ban:
  DOC: document rational behind 20 character jail name limit

Conflicts:
	ChangeLog
2013-11-29 10:09:16 -05:00
Yaroslav Halchenko 25e967f23b Merge branch 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban
* 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban:
  BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447)

Conflicts:
	ChangeLog
2013-11-29 10:02:31 -05:00
Daniel Black b9b2ddf996 BF: smtps not IANA standard. Closes #447 2013-11-29 21:47:53 +11:00
Daniel Black cade746307 BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447) 2013-11-29 21:45:11 +11:00
Daniel Black af4feb0c92 Actions to have f2b- as prefix instead of fail2ban- as per #462 2013-11-29 19:08:38 +11:00
Daniel Black fb666b69ff BF: firewall-cmd-direct-new was too long. Thanks Joel. 2013-11-28 23:35:05 +11:00
Daniel Black 99838440c8 DOC: document rational behind 20 character jail name limit 2013-11-28 23:18:34 +11:00
Daniel Black 227f27ce6b ENH: added multiline filter for sshd filter 2013-11-25 14:55:41 +11:00
Daniel Black 13223c33f5 MRG: recidive-protocol-all 2013-11-25 08:22:09 +11:00
Yaroslav Halchenko 085ebbe1de Changelog entries for the last changes 2013-11-24 11:55:58 -05:00
Daniel Black 9a82bc3c61 BF: kernel messages can have space. Thanks ag4ve(shawn). Closes #448 2013-11-24 18:21:02 +11:00
Daniel Black 98eacdf333 MRG/BF: merge from master. Fix bugs in iso8601 2013-11-24 16:36:06 +11:00
Yaroslav Halchenko 629e9ae445 Merge pull request #443 from grooverdan/apache-authfix
BF: apache filters using error log weren't matched when referer existed ...
2013-11-18 15:53:39 -08:00
Daniel Black 284f811c91 BF: apache filters using error log weren't matched when referer existed in HTTP header 2013-11-19 10:27:55 +11:00
Yaroslav Halchenko 491165c929 Merge pull request #438 from grooverdan/solid-pop3d
ENH: filter for Solid-pop3d
2013-11-17 17:34:46 -08:00
Daniel Black 8aa20a7b0e ENH: credits for #440 recidive jail protocol=all 2013-11-18 07:59:56 +11:00
Daniel Black dab2ddb9da ENH: recidive jail to block all protocols. Closes #440 2013-11-18 07:57:16 +11:00
Yaroslav Halchenko 82174ea4c4 Changelog for preceding proftpd date format change 2013-11-16 22:18:51 -05:00
Daniel Black 88eff70774 ENH: filter.d/solid-pop3d added 2013-11-16 09:43:15 +11:00
Daniel Black ed212fcdcc DOC: new ChangeLog header 2013-11-16 09:40:05 +11:00
Daniel Black 1ac7b53cad MRG: merge from master 2013-11-13 09:16:45 +11:00
Daniel Black d0498bec69 DOC: finalise 0.8.11 release 2013-11-13 08:05:08 +11:00
Daniel Black eb9663eb4f BF/ENH: asterisk connection ID is a hex not decimal number. Add "Rejecting unknown SIP connection from <HOST>" regex thanks to Jonathan Lanning 2013-11-12 09:22:41 +11:00
Yaroslav Halchenko 49024fe6ea DOC: minor typos in ChangeLog 2013-11-08 14:36:56 -08:00
Yaroslav Halchenko ea8fce6308 Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection
openssh 6.3 regex injection vectors:  inject into ruser and/or exploiting pre-specified limits set for user provided data
2013-11-08 14:35:18 -08:00
Daniel Black d6bbe03861 Merge pull request #424 from grooverdan/nginx-auth
ENH: add filter.d/nginx-http-auth. Partially forfils #405
2013-11-08 14:24:02 -08:00
Yaroslav Halchenko 750e0c1e3d BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input
since daemon might eventually change reported length and we would need to adjust anyways.  So limiting
in length does not provide additional security but allows for a possible injection vector
2013-11-08 10:10:33 -08:00
Yaroslav Halchenko eace931c19 Changelog for prior changes (gen_buildbots) 2013-11-07 15:47:25 -08:00
Daniel Black a148d35d70 ENH: add filter.d/nginx-http-auth. Partially forfills #405 2013-11-08 10:06:40 +11:00
Daniel Black cb982ef921 ENH: multiline filter for sendmail-spam. Closes gh-418 2013-11-08 08:55:45 +11:00
Yaroslav Halchenko 28ee7ba123 DOC: keeping Changelog release-phrases uniform, simplified intro, unified 2013-11-06 14:04:30 -05:00
Yaroslav Halchenko f26fba9c19 DOC: Untabifying and reindenting a bit ChangeLog 2013-11-06 13:47:45 -05:00
Daniel Black 0730db9b2b Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam
BF:  wuftpd pam filter fix (Debian bug 665925)
2013-11-05 18:39:01 -08:00
Daniel Black e55b24c533 BF: fix dovecot filter for newer failure message. Closes Debian bug #709324 2013-11-06 12:51:21 +11:00
Daniel Black 8b54523316 BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925 2013-11-06 12:13:37 +11:00
Daniel Black ac1f45d18c Merge pull request #412 from grooverdan/firewalld
ENH: enhance firewall-cmd to use firewall-0.8.3's --remove-rules
2013-11-05 16:46:18 -08:00
Daniel Black 87f68d7564 firewalld-0.3.8 release that support --remove-rules out so documenting this. 2013-11-06 11:37:56 +11:00
Daniel Black 47d35c9d80 MRG: 0.8.11 to 0.9
Epnoc of selinux is now true UTC

Merge multiline support and date detection in filter
2013-11-02 15:59:05 +11:00
Daniel Black 4ec0e3f087 DOC: version 0.8.11.pre1 2013-10-31 10:51:37 +11:00
Daniel Black 3b2083b06d DOC: ChangeLog header and merge 2013-10-31 10:44:40 +11:00
Daniel Black 2810f97fe5 DOC: merge ChangeLog 2013-10-31 09:07:06 +11:00
Daniel Black 3a4ba2dba6 DOC: ChangeLog - TODO top summary before final release 2013-10-31 01:11:42 +11:00
Daniel Black c19a685ee3 DOC: version 0.8.11.pre 2013-10-31 00:58:48 +11:00
Daniel Black 8441539988 DOC: reorder bits of changelog
The enhancements list was too long an maybe not always appropriate.

Reclassified changes to filters to catch new versions as bug fixes
since the new version of the application is effectively broken.

Moved large enhancements to New Features.
2013-10-31 00:43:02 +11:00
Daniel Black c3f9c9aa60 BF: filter.d/dropbear
Add PAM failures which is in dropbear-2013.60 in srv-authpam.c

Patch
http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch
obviously has exit with lower case e so adjust regex for both.

svr-authpasswd.c in 2013.60 (at bottom) for second regex ends after the
IP so the regex was altered.

.*\s* can be compressed to .*
2013-10-31 00:21:30 +11:00
Daniel Black 95f3f38682 MRG: merge ChangeLog and jail.conf 2013-10-30 20:19:41 +11:00
Daniel Black c7b6d789ca DOC: add ChangeLog for #392 2013-10-30 20:16:22 +11:00
Daniel Black e3150044fd BF: fix selinux
TST: ignore *common.conf files in test cases as these are included
BF: Remove USER_LOGIN from selinux-ssh as its a duplicate message
ENH: add sample jail.conf
2013-10-30 20:05:49 +11:00
Daniel Black d451c2a231 FIX: vsftp improvements from Rich Mellor on mailing list 2013-10-26 09:51:25 +11:00
Daniel Black 88d8111db1 DOC: changelog for selinux-ssh too 2013-10-22 23:18:10 +11:00
Daniel Black b61fe0f12d Merge pull request #378 from grooverdan/sasl
ENH: filter.d/postfix-sasl - anchor regex at start and rename from filter.d/sasl
2013-10-22 04:51:24 -07:00
Daniel Black 4ecc063bd0 ENH: rename filter.d/sasl -> filter.d/postfix-sasl 2013-10-22 22:40:29 +11:00
Daniel Black 9ca5db7059 DOC: firewalld distro agnostic 2013-10-15 06:51:51 +11:00
Daniel Black 0d8d1ae26c ENH: new action.d/firewall-cmd-direct-new.conf from Redhat Bugzilla #979622 2013-10-14 22:36:01 +11:00
Daniel Black 123ad1cc9c MRG: Merge branch 'asterisk-common-jail' 2013-10-14 22:29:56 +11:00
Daniel Black 6ef33981e3 ENH: new asterisk jail to replace asterisk-(tcp|udp) (now that gh-37 is fixed) 2013-10-10 09:41:05 +11:00
Daniel Black 351eb5ec8f ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd 2013-10-09 16:44:48 +11:00
Daniel Black 2d1bd54439 Merge pull request #379 from grooverdan/webmin
ENH: filter.d/webmin anchor at start and use syslog
2013-10-08 20:13:14 -07:00
Yaroslav Halchenko 500968874e Merge pull request #381 from grooverdan/suhosin
ENH: filter.d/suhosin - anchor regex at start
2013-10-08 19:49:51 -07:00
Yaroslav Halchenko a7b1b802e0 Merge pull request #382 from grooverdan/vsftpd
Vsftpd
2013-10-08 19:47:38 -07:00
Daniel Black 46386412a4 ENH: filter.d/vsftpd - pam regex as syslog and anchored at start 2013-10-05 20:02:40 +10:00
Daniel Black 9637c27873 ENH: filter.d/suhosin - anchor regex at start 2013-10-05 19:39:39 +10:00
Daniel Black 13bcc9aa84 ENH: filter.d/sogo-auth - anchor regex at start 2013-10-05 19:27:07 +10:00
Daniel Black b64bf3fa7b ENH: filter.d/webmin anchor at start and use syslog 2013-10-05 19:18:44 +10:00
Daniel Black f4c7c8f4b3 ENH: sasl - anchor regex at start 2013-10-05 18:59:41 +10:00
Daniel Black c1d1c181ce DOC: document time detector changes more thoroughly 2013-10-02 12:27:54 +10:00
Daniel Black dd10eaa5c0 DOC: improve ChangeLog entry 2013-10-02 12:19:41 +10:00