github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
1,503 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

153 Commits (dd10eaa5c0ab4ef65661ddc68585573132febabc)

Author SHA1 Message Date
Steven Hiscocks 37f240bef0 TST: Add sample log for php-url-fopen filter 2013-07-21 22:13:37 +01:00
Steven Hiscocks cf1e5bdbc2 ENH: Tweak proftpd regex and add sample logs 
Needed to add optional ":" post __pid_re, and for consistency, decided
to make use of __prefix_line instead which includes this.
 2013-07-21 22:03:49 +01:00
Steven Hiscocks e59a4960a3 TST: Add additional sample log line for apache-noscript 2013-07-21 16:48:12 +01:00
Steven Hiscocks 8b9bafda79 ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples 
suhosin is hardened php implmentation, which will log the alerts (as
seen in samples) to stderr, which is picked up by fastcgi webserver
(e.g. lighttpd, apache, nginx)
 2013-07-21 16:35:37 +01:00
Steven Hiscocks 4033857f63 ENH: Improve xinetd-fail regex and add sample logs 2013-07-21 15:44:09 +01:00
Steven Hiscocks b5ffbced37 TST: Sample test cases now handle ignoreregex and add recidive samples 2013-07-21 15:31:32 +01:00
Steven Hiscocks e7b7815de3 TST: Add additional sshd sample logs 2013-07-21 15:22:44 +01:00
Steven Hiscocks a11f91b835 ENH: Improve cyrus-imap regex and add extra sample line 2013-07-20 17:28:28 +01:00
Steven Hiscocks 534be189dc ENH: Improve sieve regex and add sample line 2013-07-20 17:26:09 +01:00
Steven Hiscocks d791ba12ba TST: Add sample log for dropbear filter 2013-07-20 16:54:28 +01:00
Steven Hiscocks ab671b0b1a ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample 
For wu-ftpd configured to use pam, the pam filter used be used, as regex
is more robust.
 2013-07-20 16:34:24 +01:00
Steven Hiscocks 57a6c11260 ENH: Improve courierlogin regex and add sample logs 2013-07-20 15:53:18 +01:00
Steven Hiscocks bd175f0267 ENH: Improve cyrus-imap regex and add sample log file 2013-07-20 15:38:29 +01:00
Steven Hiscocks 83a80a29ea ENH: Improve couriersmtp and add sample logs 2013-07-20 15:34:00 +01:00
Steven Hiscocks eb2f0c9272 ENH: Improve postfix regex and add more samples 2013-07-20 15:31:21 +01:00
Daniel Black 5cfe108186 ENH: filter enhancements (with test cases) for apache-auth (httpd-2.4.4) 2013-07-20 22:21:08 +10:00
Daniel Black bdcde678d1 TST: fix year 2013-07-20 15:15:02 +10:00
Daniel Black fcf79b475f ENH: new filter perdition.conf 2013-07-19 20:14:53 +10:00
Steven Hiscocks a012b54117 TST: Add additional postfix filter sample 2013-07-18 22:17:31 +01:00
Steven Hiscocks 2a3a627322 TST: Add sample for sieve regex 2013-07-18 22:17:14 +01:00
Daniel Black fa85be2eea DOC/TST: fix configuration path for apache-auth test cases 2013-07-18 08:37:05 +10:00
Daniel Black 8ce9c78474 TST: apache-auth digest logs 2013-07-18 00:36:17 +10:00
Daniel Black 4eca2c0bd5 TST: apache-auth client denied by server configuration 2013-07-17 23:24:19 +10:00
Daniel Black e0292913eb ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner 2013-07-17 23:05:04 +10:00
Daniel Black 40cc336cd5 TST: testcases and logs for apache-auth basic 2013-07-17 22:46:04 +10:00
Yaroslav Halchenko f6a8a04cf3 ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback 
I also used non-greedy .*? for the login portion since not sure if space could
be there and trying to minimize possibility of reacting on injected "from
<HOST>" somewhere within the trailing .*
 2013-07-16 15:07:32 -04:00
Steven Hiscocks 4855cae487 Merge branch 'sample-log-meta-data' 
Conflicts:
    testcases/files/logs/dovecot
 2013-07-14 18:29:36 +01:00
Steven Hiscocks 728399c39e Merge pull request #281 from kwirk/dovecot-filter 
ENH: dovecot filter additions for session, time value and blank user
 2013-07-14 05:18:04 -07:00
Steven Hiscocks 40f67c64b8 TST: Test sample logs' entries are matched by filter regexs 2013-07-13 23:03:01 +01:00
Daniel Black 1bb427cc14 TST: remove dup test log entry 2013-07-12 09:09:24 +10:00
Daniel Black 6ce41a611d BF: fix filter on apache-auth. Closes #286 2013-07-11 22:13:51 +10:00
Daniel Black 5412d7336f DOC: ChangeLog confict 2013-07-09 08:23:44 +10:00
Daniel Black 619603fe05 BF: match asterisk InvalidPassword correctly 2013-07-07 17:48:20 +10:00
Steven Hiscocks bfa2b9dec3 ENH: dovecot filter additions for session, time value and blank user 2013-07-05 18:36:02 +01:00
Daniel Black d6dece4900 ENH: Split log and provide jail examples 2013-07-03 07:42:47 +10:00
Yaroslav Halchenko e6ebcf6687 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban 
* 'dovecot' of https://github.com/grooverdan/fail2ban:
  ENH: remove non-capturing groups for readibility
  BF: fix dovecot filter for when no TLS is enabled on pop/imap

Conflicts:
	ChangeLog -- changelog entries.  Also untabified few other spots
 2013-07-02 10:12:51 -04:00
Yaroslav Halchenko f0f237fa05 Merge pull request #269 from grooverdan/asterisk 
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
 2013-07-02 07:04:10 -07:00
Daniel Black 4777cfd4e7 ENH: split out exim-spam into speparate filter 2013-07-02 20:03:16 +10:00
Daniel Black c7d64c3c7f TST: url reference fix 2013-07-01 21:58:03 +10:00
Daniel Black ca996ace5e ENH: remove temporary failures from local_scan in line with comments in gh-258 2013-07-01 21:56:02 +10:00
Daniel Black 72f9e6a51e ENH/TST: more samples and rejection types for sender verify fail and rejected RCPT 2013-07-01 21:50:35 +10:00
Daniel Black 3b76fc79f9 BF: fix dovecot filter for when no TLS is enabled on pop/imap 2013-07-01 21:12:51 +10:00
Yaroslav Halchenko 1b170b2aef BF: support apache 2.4 more detailed error log format. Close #268 2013-06-28 09:49:36 -04:00
Yaroslav Halchenko 6d331bcbea BF: make colon after [daemon] optional. Close #267 2013-06-27 11:44:47 -04:00
Daniel Black fa7a105483 ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages 2013-06-27 09:16:14 +10:00
Daniel Black b8cfda68b8 ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries 2013-06-16 00:19:37 +10:00
Daniel Black d441d61a1e TST/ENH: Improve regex around exim 
rejected by local_scan now has test cases.

Unrouteable address error messages now normalised after looking into
exim code.
 2013-06-15 12:34:16 +10:00
Yaroslav Halchenko 9d4b613ee4 Merge branch '3proxy' of https://github.com/grooverdan/fail2ban 
* '3proxy' of https://github.com/grooverdan/fail2ban:
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
  BF: need to anchor the start to avoid another repeat of DoS injection like Apache
  ENH: stricter regex thanks to Steven Hiscocks (kwirk)
  DOC: credits

Conflicts:
	ChangeLog
 2013-06-14 12:32:51 -04:00
Yaroslav Halchenko 173fe48e77 Merge branch 'exim' of https://github.com/grooverdan/fail2ban 
* 'exim' of https://github.com/grooverdan/fail2ban:
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  ENH/BF: exim improvements with sample

Conflicts:
	ChangeLog
 2013-06-14 12:28:07 -04:00
Yaroslav Halchenko ec629ab4e8 Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban 
* 'proftpd' of https://github.com/grooverdan/fail2ban:
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: proftp regex hardening and log messages

Conflicts:
	ChangeLog
 2013-06-14 12:16:59 -04:00
Daniel Black 8cc13b5b40 BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address 2013-06-14 18:12:53 +10:00
Daniel Black e8b6acfa65 TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15 2013-06-14 00:53:03 +10:00
Daniel Black 2e2ec5d1f5 ENH: injection of fail data into USER field 2013-06-14 00:17:41 +10:00
Daniel Black dbe7ffe050 ENH: dovecot regexs rewritten and extra failures 2013-06-13 23:52:15 +10:00
Daniel Black 4c67a269bf ENH: proftp regex hardening and log messages 2013-06-13 22:11:05 +10:00
Daniel Black 3e3802512a ENH/BF: exim improvements with sample 2013-06-13 17:44:18 +10:00
Daniel Black 9dbaec0894 ENH: sample log + more specific regex 2013-06-13 10:23:14 +10:00
Yaroslav Halchenko 6ccd57813c BF: anchor apache- filters. Close #248 
See https://vndh.net/note:fail2ban-089-denial-service for more information
 2013-06-11 19:19:25 -04:00
Daniel Black 16d63434ef DOC: credits 2013-06-11 23:56:09 +10:00
Carlos Alberto Lopez Perez 7248ef4564 Filter Asterisk: Add sample log entry to testcase. 
* Sample log entry for AUTH_UNKNOWN_DOMAIN (Not a local domain)
 2013-06-11 02:13:37 +02:00
Daniel Black 916b5a7c23 TST: normalize logs to use example.com and 1.2.3.4 as IP 2013-05-30 10:24:48 +10:00
Daniel Black eceede175a Merge branch 'patch-4' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:37:00 +10:00
Terence Namusonge 098c88a67b failregex when roundcube log driver is set to 'syslog' 2013-05-26 07:46:29 +02:00
silviogarbes 52fa5f19b0 Update asterisk 2013-05-14 12:58:43 -03:00
Yaroslav Halchenko 571cadd80c ENH: Use real (resolving) example.com instead of test.example.com 2013-05-08 10:30:38 -04:00
Yaroslav Halchenko 976a65bb89 Merge branch 'bsd_logs' of https://github.com/grooverdan/fail2ban 
* 'bsd_logs' of https://github.com/grooverdan/fail2ban:
  ENH: separate out regex and escape a .
  BF: missed MANIFEST include
  DOC: credits for bsd log
  DOC: bsd syslog files thanks to Nick Hilliard
  BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD

Conflicts:
	config/filter.d/common.conf
 2013-05-08 10:30:04 -04:00
Yaroslav Halchenko 5e1d8b07e8 ENH: logs/sshd -- have ":" after [daemon] (other uses are uncommon) 
See https://github.com/fail2ban/fail2ban/issues/216\#issuecomment-17535577
for the analysis
 2013-05-07 12:30:05 -04:00
Yaroslav Halchenko ffcac2ccee ENH: logs/sshd -- use example.com as the resolved hostname in sample log lines 2013-05-07 12:26:13 -04:00
Yaroslav Halchenko 2143cdff39 Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups 
Origin: from https://github.com/jamesstout/fail2ban

* 'OpenSolaris' of https://github.com/jamesstout/fail2ban:
  ENH: Removed unused log line
  BF: fail2ban.local needs section headers
  ENH: Use .local config files for logtarget and jail
  ENH+TST: ssh failure messages for OpenSolaris and OS X
  ENH: fail message matching for OpenSolaris and OS X
  ENH: extra daemon info regex
  ENH: actionunban back to a sed command
  Readme for config on Solaris
  create socket/pid dir if needed
  Extra patterns for Solaris
  change sed to perl for Solaris

Conflicts:
	config/filter.d/sshd.conf
 2013-05-06 11:11:12 -04:00
jamesstout 932bd102fe ENH: Removed unused log line 
removed #9 per
https://github.com/fail2ban/fail2ban/pull/182#discussion_r4068885
 2013-05-04 18:38:05 +08:00
Daniel Black cde7108033 DOC: bsd syslog files thanks to Nick Hilliard 2013-05-03 16:12:19 +10:00
Enrico Labedzki 24a8d07c20 added new date format support for ASSP SMTP Proxy 2013-05-03 00:56:46 -04:00
jamesstout 018913db6a ENH+TST: ssh failure messages for OpenSolaris and OS X 2013-04-30 04:24:56 +08:00
Daniel Black 0ac8746d05 ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458 2013-04-28 11:03:44 +10:00
Yaroslav Halchenko ffaa9697ee Adjusting previous PR (MySQL logs) according to my comments 2013-04-09 18:00:40 -04:00
Yaroslav Halchenko 3e6be243bf Merge branch 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban 
* 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban:
  Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
  Added support for MySQL logfiles

Conflicts:
	testcases/datedetectortestcase.py -- conflictde with other added test cases
 2013-04-09 17:55:14 -04:00
Yaroslav Halchenko 72b06479a5 ENH: Slight tune ups for fresh SOGo filter + comment into the sample log file 2013-03-27 11:09:54 -04:00
Yaroslav Halchenko 105306e1a8 Merge remote-tracking branch 'pr/117/head' -- SOGo filters 
* pr/117/head:
  An example of failed logins against sogo
  Update sogo-auth.conf
  Update config/filter.d/sogo-auth.conf
  Create sogo-auth.conf
  Update config/jail.conf
 2013-03-27 11:09:35 -04:00
Yaroslav Halchenko 91d5736c12 ENH: postfix filter -- react also on (450 4.7.1) with empty from/to. fixes #126 2013-03-26 09:40:04 -04:00
Artur Penttinen edc0eb2a9c Added testcase for MySQL date format to testcases/datedetectortestcase.py 
and example of MySQL log file.
 2013-03-25 16:00:07 +02:00
ArndRa ebb6e5f4eb An example of failed logins against sogo 2013-03-25 09:11:51 +01:00
Yaroslav Halchenko 5f2d3832f7 NF: roundcube-auth filter (to close Debian #699442, needing debian/jail.conf section) 2013-01-31 14:41:34 -05:00
Yaroslav Halchenko 9a39292813 ENH: Added login authenticator failed regexp for exim filter 2013-01-04 15:23:05 -05:00
Yaroslav Halchenko 21e966e4bb example logs should carry the same name as the filter they are devised for 2012-12-13 08:24:02 -05:00
pigsyn 123d457924 Update testcases/files/logs/Webmin 2012-12-13 08:33:07 +01:00
pigsyn 38dd1506cc Sample Webmin logs 2012-12-12 23:25:31 -08:00
Yaroslav Halchenko 68c1defb76 ENH: added dovecot example from Daniel Black + example with DoS attempt via injected rhost 2012-12-12 09:16:27 -05:00
hamilton5 ccc62ddbf3 Update testcases/files/logs/dovecot 2012-12-11 12:05:01 -05:00
hamilton5 c534c1d03d Update testcases/files/logs/dovecot 2012-12-11 11:05:22 -05:00
Yaroslav Halchenko fc27e00290 ENH: tune up sshd-ddos to use common.conf and allow training spaces 2012-12-07 15:24:34 -05:00
Yaroslav Halchenko 1e12c220e6 minor: added a note on now "negative" log entries on "POSSIBLE BREAK-IN ATTEMPT" 2012-11-05 21:22:33 -05:00
François Boulogne 958a1b0a40 Lighttpd: support auth.backend = "htdigest" 2012-09-30 13:27:21 +02:00
Yaroslav Halchenko 2082fee7b1 ENH: match possibly present "pam_unix(sshd:auth):" portion for sshd (Closes: #648020) 2012-07-31 15:53:41 -04:00
Yaroslav Halchenko 6ad55f64b3 ENH: add wu-ftpd failregex for use against syslog (Closes: #514239) 2012-07-31 15:43:13 -04:00
Yaroslav Halchenko 3989d24967 BF: usedns=no was not working at all 
it was not adding any detected address, IP or not to the list of failed attempts
This commit also adds appropriate unittest
 2012-06-15 23:43:11 -04:00
Petr Voralek 4007751191 ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 (Closes: #669063) 2012-04-16 20:36:53 -04:00
Xavier D 7a76838737 Add sample log file for asterisk 2012-02-13 17:57:55 +01:00
François Boulogne 115092956f Correction of the IP in testcase for lighttpd 2011-12-25 20:15:57 +01:00
François Boulogne 683d4f269d modifications suggested by a referee (log ex+regexp) 2011-12-24 22:24:08 +01:00
Yaroslav Halchenko fceff2d5b9 moving log samples under testcases/files 2011-11-18 11:57:20 -05:00