dc67b24270
Update config/filter.d/webmin-auth.conf
...
Added a trailing '.*$' to each regex so they can find expressions in targeted log files.
12 years ago
3969e3f77b
ENH: dovecot.conf - require space(s) before rip/rhost log entry
12 years ago
266cdc29a6
Update config/filter.d/dovecot.conf
...
even tho not on the fail2ban site..
suggested to not be greedy by yarikoptic
12 years ago
e040c6d8a3
Update config/filter.d/dovecot.conf
...
site actually needs updated because of <HOST> alias
per Notes above.
12 years ago
7ede1e8518
Update config/filter.d/dovecot.conf
...
added failregex line for debian and centos per
http://www.fail2ban.org/wiki/index.php/Talk:Dovecot
12 years ago
fc27e00290
ENH: tune up sshd-ddos to use common.conf and allow training spaces
12 years ago
6ecf4fd80a
Merge pull request #64 from sourcejedi/remove_sshd_rdns
...
Misconfigured DNS should not ban *successful* ssh logins
Per our discussion indeed better (and still as "safe") to not punish users behind bad DNS
12 years ago
282724a7f9
ENH: join both failregex for lighttpd-auth into a single one
...
they are close in meaning
should provide a slight run-time performance benefit
12 years ago
958a1b0a40
Lighttpd: support auth.backend = "htdigest"
12 years ago
2082fee7b1
ENH: match possibly present "pam_unix(sshd:auth):" portion for sshd ( Closes : #648020 )
13 years ago
6ad55f64b3
ENH: add wu-ftpd failregex for use against syslog ( Closes : #514239 )
13 years ago
8c38907016
Misconfigured DNS should not ban *successful* ssh logins
...
Noticed while looking at the source (to see the point of ssh-ddos).
POSSIBLE BREAK-IN ATTEMPT - sounds scary? But keep reading
the message. It's not a login failure. It's a warning about
reverse-DNS. The login can still succeed, and if it _does_ fail,
that will be logged as normal.
<exhibit n="1">
Jul 9 05:43:00 brick sshd[18971]: Address 200.41.233.234 maps to host234.advance.com.
ar, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jul 9 05:43:00 brick sshd[18971]: Invalid user html from 200.41.233.234
</exhibit>
The problem (in my mind) is that some users are stuck with bad dns.
The warning won't stop them from logging in. I'm pretty sure they can't
even see it. But when they exceed a threshold number of logins -
which could be all successful logins - fail2ban will trigger.
fail2ban shouldn't adding additional checks to successful logins
- it goes against the name fail2ban :)
- the first X "POSSIBLE BREAK-IN ATTEMPT"s would be permitted anyway
- if you want to ban bad DNS, the right way is PARANOID in /etc/hosts.deny
I've checked the source of OpenSSH, and this will only affect the
reverse-DNS error. (I won't be offended if you want to check
for yourself though ;)
<exhibit n="2">
$ grep -r -h -C1 'ATTEMPT' openssh-5.5p1/
logit("reverse mapping checking getaddrinfo for %.700s "
"[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
return xstrdup(ntop);
--
logit("Address %.100s maps to %.600s, but this does not "
"map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
ntop, name);
$
</exhibit>
13 years ago
4007751191
ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 ( Closes : #669063 )
13 years ago
71a3fb17e2
Merge remote-tracking branch 'gh-magicrhesus/master'
...
* gh-magicrhesus/master:
Add the INCLUDE section to use __pid_re feature
Disable asterisk jail by default
Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
Change NOTICE by NOTICE%(__pid_re)s
Remove custom bantime
Add sample log file for asterisk
Add $ at the end of the failregex
Add asterisk support
Conflicts:
config/jail.conf -- placed asterisk jails before recidive and added blank lines after the jail headers
13 years ago
8c00ce0a65
Add the INCLUDE section to use __pid_re feature
13 years ago
c679a1a588
Change NOTICE by NOTICE%(__pid_re)s
13 years ago
d98cdb25d6
Add $ at the end of the failregex
13 years ago
25f1e8d98c
BF: allow trailing whitespace in few missing it regexes for sshd.conf
13 years ago
1807be5a8c
ENH: moved jail definition for recidive into jail.conf + swapped/commented durations + non-groupping ?:
...
thanks @cepheid666 for the useful comments
13 years ago
f94a121663
Fix for https://github.com/fail2ban/fail2ban/issues/19
...
Based on previous work as documented in the bug by Amir and myself,
plus some enhancements and documentation added to the file itself rather
than a URL (they rot).
13 years ago
7d465f98c1
Add asterisk support
13 years ago
4c76fb3b54
ENH: allow trailing white-spaces in lighttpd-auth.conf
...
now catches the one in testcases/files/logs/lighttpd
13 years ago
683d4f269d
modifications suggested by a referee (log ex+regexp)
13 years ago
b6d9f795dc
add filter for lighttpd mod_auth failure
13 years ago
a9be451079
ENH: removed expansion for few Date and Revision SVN keywords
...
For consistency of appearance... eventually we might just remove them
altogether
13 years ago
dad91f7969
ENH: sshd.conf -- allow user names to have spaces and trailing spaces in the line
...
absorbed from patches carried by Debian distribution of f2b
13 years ago
ed0bf3ad96
Removed duplicate entry for DataCha0s/2\.0 in badbots ( closes : #519557 )
13 years ago
3152afbdc2
Recognise time-stamped kernel messages
...
e.g.
Sep 25 12:51:04 myhost kernel: [773580.832329] sshd[25557]: Invalid user pgsql from 91.203.223.206
This fixes the sshd filter on Fedora 15, and probably other filters on
other newish distros too.
13 years ago
3eb5e3b876
BF: Allow for trailing spaces in sasl logs
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@783 a942ae1a-1317-0410-a47c-b1dcaea8d605
14 years ago
6d25310e28
ENH: Adding author for dovecot filter and prunning unneeded space in the regexp
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@776 a942ae1a-1317-0410-a47c-b1dcaea8d605
14 years ago
eab9af9caa
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@775 a942ae1a-1317-0410-a47c-b1dcaea8d605
14 years ago
d4b89d8404
BF: Allow for trailing spaces in proftpd logs
...
See http://bugs.debian.org/507986
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@774 a942ae1a-1317-0410-a47c-b1dcaea8d605
14 years ago
1cb48bbc96
BF: escaping () in pure-ftpd filter. Thanks Teodor
...
See http://bugs.debian.org/544744
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@773 a942ae1a-1317-0410-a47c-b1dcaea8d605
14 years ago
02e7dfb099
BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@772 a942ae1a-1317-0410-a47c-b1dcaea8d605
14 years ago
6558c03f8e
NF: Adding found on a drive filter.d/dovecot.conf
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@770 a942ae1a-1317-0410-a47c-b1dcaea8d605
14 years ago
10faba5163
ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@769 a942ae1a-1317-0410-a47c-b1dcaea8d605
14 years ago
0073ba3838
ENH: dropbear filter: see http://bugs.debian.org/546913
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@768 a942ae1a-1317-0410-a47c-b1dcaea8d605
14 years ago
dde7afe1f3
added two new filter files (PHP url_fopen, lighttpd fastcgi alerts), updated MANIFEST and jail.conf accordingly
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@742 a942ae1a-1317-0410-a47c-b1dcaea8d605
15 years ago
55fd21ec4b
- Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@730 a942ae1a-1317-0410-a47c-b1dcaea8d605
16 years ago
abd061bad8
- Changed <HOST> template to be more restrictive. Debian bug #514163 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@728 a942ae1a-1317-0410-a47c-b1dcaea8d605
16 years ago
7fd0300a73
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@727 a942ae1a-1317-0410-a47c-b1dcaea8d605
16 years ago
376f348823
- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log ( closes : #512193 ).
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@726 a942ae1a-1317-0410-a47c-b1dcaea8d605
16 years ago
e46e8ed32e
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@723 a942ae1a-1317-0410-a47c-b1dcaea8d605
16 years ago
622218271d
- Added svn:keywords property.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@716 a942ae1a-1317-0410-a47c-b1dcaea8d605
16 years ago
bb8e610795
- Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@715 a942ae1a-1317-0410-a47c-b1dcaea8d605
16 years ago
391a38a7a8
- Added new regex. Thanks to Tobias Offermann.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@713 a942ae1a-1317-0410-a47c-b1dcaea8d605
16 years ago
3615c8ec81
- Improved pattern. Thanks to Yaroslav Halchenko.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@707 a942ae1a-1317-0410-a47c-b1dcaea8d605
17 years ago
155c4652a4
- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@706 a942ae1a-1317-0410-a47c-b1dcaea8d605
17 years ago
11c8c71014
- Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@699 a942ae1a-1317-0410-a47c-b1dcaea8d605
17 years ago
7dde8d6694
- Added svn:keywords.
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@684 a942ae1a-1317-0410-a47c-b1dcaea8d605
17 years ago
pigsyn