Commit Graph

144 Commits (dd10eaa5c0ab4ef65661ddc68585573132febabc)

Author SHA1 Message Date
Daniel Black 23dd734aa9 Merge pull request #366 from grooverdan/dovecot
ENH: dovecot regex to match failure reported by Bob Cohen on mailing lis...
2013-10-01 15:50:39 -07:00
Daniel Black f998e01590 Merge pull request #359 from grooverdan/pureftpd
ENH: Pureftpd syslog prefixing and filter achoring
2013-10-01 15:14:33 -07:00
Daniel Black ba8183b116 Merge pull request #372 from grooverdan/uw-imap
ENH: filter.d/uwimap-auth added. Closes #18
2013-10-01 15:13:11 -07:00
Daniel Black 262616f7a7 ENH: filter.d/uwimap-auth - failure of an admin override to regex 2013-10-01 22:32:57 +10:00
Daniel Black 9211179d30 ENH: filter.d/uwimap-auth - add "disabled" to regex 2013-10-01 22:10:33 +10:00
Daniel Black cbdf4ceedd TST: test cases for uw-imapd thanks to Internet 2013-10-01 10:21:11 +10:00
Daniel Black b3b62d65bf ENH: filter.d/uwimap-auth added. Closes #18 2013-09-29 18:06:27 +10:00
Daniel Black 1eeb6e94bd BF: fix regex for openssh-6.3 2013-09-29 17:28:33 +10:00
Daniel Black 8c2a5612ed DOC: resolve ChangeLog conflicts 2013-09-19 19:38:28 +10:00
Daniel Black 3be7dcd701 DOC: resolve ChangeLog conflicts 2013-09-19 19:23:02 +10:00
Daniel Black 89e0520675 ENH: dovecot regex to match failure reported by Bob Cohen on mailing list 2013-09-19 08:25:50 +10:00
Daniel Black 9ce1e33313 TST: pureftpd - everything I've seen suggests that pureftpd only does syslog - even back to 2004. Not sure how this second example came into existance 2013-09-17 22:24:28 +10:00
Daniel Black ad5fb81f4b TST: failJSON set match to false on longer supported pam version 2013-09-17 21:18:24 +10:00
Daniel Black bec723b21d TST: failJSON date fix 2013-09-17 10:51:48 +10:00
Daniel Black 7e756dfada TST: correct failJSON for www3.google.com -> www.google.com changes. Disable test case for pre-0.99.2.0 version of linux-pam failure messages 2013-09-17 10:48:09 +10:00
Daniel Black 8f41422262 TST: domains need to exist for fail2ban-regex to work 2013-09-17 10:09:19 +10:00
Daniel Black ee497ff1cb ENH: filter mysqld-auth can be a is a syslog based service so anchor it using syslog prefix 2013-09-17 07:57:19 +10:00
Daniel Black 504111b0b1 ENH: filter.d/recidive - anchor regex at start and support f2b SYSLOG target 2013-09-16 01:22:42 +10:00
Daniel Black 317e82e144 TST: one more exim test case 2013-09-02 17:10:49 +10:00
Daniel Black 6b0e2289d4 Merge pull request #335 from grooverdan/gh-333-bind
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
2013-08-30 21:34:22 -07:00
Daniel Black cbed57bffd TST: fix year in named-bind test case 2013-08-28 08:52:56 +10:00
Daniel Black a401d11644 ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied 2013-08-28 00:53:08 +10:00
Yaroslav Halchenko 265a85ec1f RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis 2013-08-26 09:48:56 -04:00
François Boulogne e133b9f1d1 MAINT: add support for lightty1.4.31 2013-08-25 21:29:43 +02:00
Daniel Black ca4729e943 ENH: filter.d/exim.conf - add authentication failures for "plain" authentication 2013-08-25 23:02:10 +10:00
Daniel Black ef903db3c9 ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333 2013-08-25 22:44:30 +10:00
Daniel Black cfb7dba268 DOC: merge ChangeLog 2013-08-25 21:26:13 +10:00
Daniel Black b589533d69 Merge branch 'master' into kwirk-merge
Conflicts:
	ChangeLog
	testcases/files/logs/dropbear
2013-08-25 21:21:14 +10:00
Daniel Black 8e467437b2 TST: fix year on asctime 2013-08-25 18:09:39 +10:00
Yaroslav Halchenko c84a2e595a ENH(BF): put 'standard' template after more detailed ones with day of week and year
otherwise years present in the freshly contributed by Dan apache regexes do not match
although should have.  I had also to adjust failing now vsftpd test
2013-08-25 17:52:12 +10:00
Daniel Black 21914d155e TST: add failJSON data 2013-08-25 17:49:09 +10:00
Daniel Black a9eb8a76c6 merge of change log and apache-auth differences 2013-08-25 16:51:35 +10:00
Steven Hiscocks 53d8a46e8a Merge pull request #7 from grooverdan/gh-303-merge
Gh 303 merge
2013-08-21 12:20:48 -07:00
Daniel Black ed42b08789 TST: merge dropbear log samples 2013-08-19 21:25:33 +10:00
Daniel Black 61d43608ae ENH: filter.d/postfix - add filter for VRFY. Closes gh-322 2013-08-19 18:42:39 +10:00
Daniel Black 4f39d2b1fd TST: fix failJson year 2013-08-18 23:04:53 +10:00
Daniel Black 444e989dd5 TST: another zone transfer refused example for file named-refused 2013-08-18 22:49:59 +10:00
Daniel Black 5d451bc4d6 ENH: add refused zone tranfer to named-refused filter. closes #323 2013-08-18 22:19:31 +10:00
Daniel Black 7b2773889d TST: apache-auth filter - nonce timetravel tests + other expression fixes 2013-07-29 02:29:04 +10:00
Daniel Black 0fb04cb2f0 ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4) 2013-07-28 22:00:55 +10:00
Jamyn Shanley a355fab91b https://github.com/fail2ban/fail2ban/issues/306
Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles.

Signed-off-by: Jamyn Shanley <jshanley@gmail.com>
2013-07-27 03:43:32 +00:00
Jamyn Shanley 8936f2cd02 fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11 2013-07-27 00:06:06 +00:00
Steven Hiscocks 1c7d28d1ea TST: Add qmail sample log 2013-07-26 17:03:14 +01:00
Steven Hiscocks 5437f5fe90 TST: Add gssftpd sample log 2013-07-26 17:02:53 +01:00
Steven Hiscocks f7d8e68738 TST: Add apache-badbots sample log 2013-07-26 12:32:29 +01:00
Steven Hiscocks 37f240bef0 TST: Add sample log for php-url-fopen filter 2013-07-21 22:13:37 +01:00
Steven Hiscocks cf1e5bdbc2 ENH: Tweak proftpd regex and add sample logs
Needed to add optional ":" post __pid_re, and for consistency, decided
to make use of __prefix_line instead which includes this.
2013-07-21 22:03:49 +01:00
Steven Hiscocks e59a4960a3 TST: Add additional sample log line for apache-noscript 2013-07-21 16:48:12 +01:00
Steven Hiscocks 8b9bafda79 ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples
suhosin is hardened php implmentation, which will log the alerts (as
seen in samples) to stderr, which is picked up by fastcgi webserver
(e.g. lighttpd, apache, nginx)
2013-07-21 16:35:37 +01:00
Steven Hiscocks 4033857f63 ENH: Improve xinetd-fail regex and add sample logs 2013-07-21 15:44:09 +01:00