Commit Graph

826 Commits (dd75d35420170048a9bbea6bb607a2edf1a7d801)

Author SHA1 Message Date
Daniel Black e5f1a7f050 Merge pull request #344 from grooverdan/osx
ENH: OSX ipfw based on Andy Fragen's work
2013-09-04 16:16:16 -07:00
Daniel Black 4face1f3e7 MRG: resolve conficts in action.d/osx-ipfw design 2013-09-05 09:07:10 +10:00
Andy Fragen d258a51a23 after some research it looks like setting to unreachable better than deny 2013-09-04 11:28:03 -07:00
Andy Fragen fe557e5900 more specific actionunban 2013-09-01 13:09:51 -07:00
Andy Fragen a4884f82cd add mods from grooverdan and fix actionunban
actionunban still not working in grooverdan's mod. I made this one grep both <ip> and <port>. It should be more specific if the same <ip> is banned on multiple ports.
2013-08-31 08:39:19 -07:00
Daniel Black 6b0e2289d4 Merge pull request #335 from grooverdan/gh-333-bind
ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333
2013-08-30 21:34:22 -07:00
Daniel Black f2bcf84893 BF: action.d/bsd-ipfw - use blocktype instead of unused action for icmp rejecting blocked packets 2013-08-31 11:40:04 +10:00
Daniel Black 749f215089 ENH: port optional 2013-08-31 11:07:15 +10:00
Daniel Black 8b22fa15b5 BF: reverted to simplier random rulenum. If your machine is handling 1000s of block the addition complexity isnt what you want 2013-08-31 11:03:01 +10:00
Daniel Black b31799a322 ENH: add action.d/osx-afctl anonymously contributed on f2b wiki 2013-08-31 10:51:04 +10:00
Daniel Black 808aa1a792 ENH: added jail.conf example. closes gh-340 2013-08-31 09:39:21 +10:00
Daniel Black 5741348f45 ENH: more options and ruggedness to prevent unintensional consequences 2013-08-31 09:38:18 +10:00
Daniel Black 52bd0f86a8 Merge branch 'osx-ipfw' of https://github.com/afragen/fail2ban into osx 2013-08-31 09:09:04 +10:00
Daniel Black 7cc3e8a8c0 BF: Invert expression on actionstop in bsd-ipfw.conf to ensure exit status 0 on success. Closes gh-343 2013-08-31 08:59:02 +10:00
Daniel Black 15f2f38972 ENH: anchor regex at start 2013-08-28 12:32:40 +10:00
Daniel Black d5684a0834 BF: filter.d/routecube-auth - time offset can be positive or negative 2013-08-28 11:57:38 +10:00
Daniel Black a401d11644 ENH: add regex for bad zone transfer request/ TST: add test for bind-9.9 zone transfer denied 2013-08-28 00:53:08 +10:00
Andy Fragen ef504c869f added osx specific ipfw action with random rulenum 2013-08-26 16:06:23 -07:00
Yaroslav Halchenko 265a85ec1f RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis 2013-08-26 09:48:56 -04:00
Daniel Black b8e7d0b867 ENH: further tighten lighttpd basic auth regex 2013-08-26 08:51:40 +10:00
Daniel Black a7ebb84a7d ENH: tighted up lighttpd regex 2013-08-26 08:42:45 +10:00
François Boulogne e133b9f1d1 MAINT: add support for lightty1.4.31 2013-08-25 21:29:43 +02:00
Daniel Black ca4729e943 ENH: filter.d/exim.conf - add authentication failures for "plain" authentication 2013-08-25 23:02:10 +10:00
Daniel Black ef903db3c9 ENH: filter.d/named-refused.conf - BIND 9.9.3 regex changes. Closes gh-333 2013-08-25 22:44:30 +10:00
Daniel Black cfb7dba268 DOC: merge ChangeLog 2013-08-25 21:26:13 +10:00
Daniel Black b589533d69 Merge branch 'master' into kwirk-merge
Conflicts:
	ChangeLog
	testcases/files/logs/dropbear
2013-08-25 21:21:14 +10:00
Daniel Black fd7cc5bda7 BF: duplicate regex match fixed 2013-08-25 21:13:11 +10:00
Daniel Black 6a56727669 BF: apache-common regex - datetime could be entirely consumed 2013-08-25 18:30:30 +10:00
Daniel Black a9eb8a76c6 merge of change log and apache-auth differences 2013-08-25 16:51:35 +10:00
Steven Hiscocks 4e5feed7fc Merge pull request #8 from grooverdan/gh-303-merge-2
training space on wuftp
2013-08-21 12:21:09 -07:00
Daniel Black aad7d08451 BF: disable filter expressions without tests 2013-08-20 07:33:35 +10:00
Yaroslav Halchenko 42f3aa9f62 Merge pull request #329 from grooverdan/bind-unauth-zonetransfer
Bind unauth zonetransfer.  Closes #323
2013-08-19 06:48:13 -07:00
Daniel Black 6a36ff1a4a BF: order mailx arguments with dest email address last - redhat bugzilla 998020. Closes gh-328 2013-08-19 22:36:58 +10:00
Daniel Black c44328b1a3 ENH: new "realm mismatch" message from https://issues.apache.org/bugzilla/show_bug.cgi?id=55284#c8 2013-08-19 22:04:55 +10:00
Daniel Black ea7cba4205 ENH: trailing space as per discussion on gh-303 2013-08-19 21:42:43 +10:00
Daniel Black 61d43608ae ENH: filter.d/postfix - add filter for VRFY. Closes gh-322 2013-08-19 18:42:39 +10:00
Daniel Black 5d451bc4d6 ENH: add refused zone tranfer to named-refused filter. closes #323 2013-08-18 22:19:31 +10:00
Steven Hiscocks 53e16e07ad ENH: Minor tweak on previous commit proftpd regex changes 2013-08-09 19:04:26 +01:00
Steven Hiscocks 9002de069e ENH: Improve proftpd regex.
Taken from @yarikoptic comment:
https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500
2013-08-09 18:54:08 +01:00
Orion Poplawski 31a78b2711 Use /var/run/fail2ban in config/action.d/dummy.conf 2013-08-08 20:41:44 -06:00
Yaroslav Halchenko e7d5e466b9 Merge branch 'enh/asterisk_and_dropbear_filters'
* enh/asterisk_and_dropbear_filters:
  ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''
  minor: consistent indentation in dropbear.conf
  https://github.com/fail2ban/fail2ban/issues/306
  fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11
2013-08-08 09:59:24 -04:00
Yaroslav Halchenko 4e0ddc5f67 ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in '' 2013-08-08 09:58:36 -04:00
Yaroslav Halchenko 9487ee5562 minor: consistent indentation in dropbear.conf 2013-08-08 09:54:15 -04:00
Daniel Black d8883f4346 DOC: Notes about 401 responses and how apache logs this 2013-07-29 08:59:25 +10:00
Daniel Black 7b2773889d TST: apache-auth filter - nonce timetravel tests + other expression fixes 2013-07-29 02:29:04 +10:00
Daniel Black 0fb04cb2f0 ENH: filter enhancements on mod-digest (with test cases) for apache-auth (httpd-2.4.4) 2013-07-28 22:00:55 +10:00
Daniel Black d5291517a7 MISC: merge from master 2013-07-28 19:43:54 +10:00
Daniel Black 56faf7f5ad DOC: fix ChangeLog merge 2013-07-28 18:02:38 +10:00
Jamyn Shanley a355fab91b https://github.com/fail2ban/fail2ban/issues/306
Fix regex for latest dropbear (keep backwards compatibility). Add test case logfiles.

Signed-off-by: Jamyn Shanley <jshanley@gmail.com>
2013-07-27 03:43:32 +00:00
Jamyn Shanley 8936f2cd02 fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11 2013-07-27 00:06:06 +00:00
Steven Hiscocks 2f4aaa9fb9 ENH: Simplify sieve filter failregex 2013-07-26 12:01:09 +01:00
Steven Hiscocks b5639a8672 ENH: Simplify cyrus-imap filter fail regex 2013-07-26 11:55:09 +01:00
Steven Hiscocks 27feb57e80 Merge pull request #299 from kwirk/datepatterns-dateregex
Custom date templates and date detector changes
2013-07-26 03:53:40 -07:00
Daniel Black 8f532f9148 NIT: space remove 2013-07-24 11:29:58 +10:00
Daniel Black 7d7ef08145 ENH: authentication_id can be an imap4 quoted string, whatever that is, so using .+ as its id 2013-07-24 10:44:52 +10:00
Daniel Black abc4146079 ENH: perdition proxies other types hence daemon can include (perdidtion.(imap|pop)s?|managesieve). Also support local authentication resulting in the log message: local authentication failure 2013-07-24 10:27:12 +10:00
Steven Hiscocks cf1e5bdbc2 ENH: Tweak proftpd regex and add sample logs
Needed to add optional ":" post __pid_re, and for consistency, decided
to make use of __prefix_line instead which includes this.
2013-07-21 22:03:49 +01:00
Steven Hiscocks 8b9bafda79 ENH: Change lighttpd-fastcgi to suhosin, and improve regex and samples
suhosin is hardened php implmentation, which will log the alerts (as
seen in samples) to stderr, which is picked up by fastcgi webserver
(e.g. lighttpd, apache, nginx)
2013-07-21 16:35:37 +01:00
Steven Hiscocks 4033857f63 ENH: Improve xinetd-fail regex and add sample logs 2013-07-21 15:44:09 +01:00
Steven Hiscocks a11f91b835 ENH: Improve cyrus-imap regex and add extra sample line 2013-07-20 17:28:28 +01:00
Steven Hiscocks 534be189dc ENH: Improve sieve regex and add sample line 2013-07-20 17:26:09 +01:00
Steven Hiscocks ab671b0b1a ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample
For wu-ftpd configured to use pam, the pam filter used be used, as regex
is more robust.
2013-07-20 16:34:24 +01:00
Steven Hiscocks 57a6c11260 ENH: Improve courierlogin regex and add sample logs 2013-07-20 15:53:18 +01:00
Steven Hiscocks bd175f0267 ENH: Improve cyrus-imap regex and add sample log file 2013-07-20 15:38:29 +01:00
Steven Hiscocks 83a80a29ea ENH: Improve couriersmtp and add sample logs 2013-07-20 15:34:00 +01:00
Steven Hiscocks eb2f0c9272 ENH: Improve postfix regex and add more samples 2013-07-20 15:31:21 +01:00
Daniel Black 5cfe108186 ENH: filter enhancements (with test cases) for apache-auth (httpd-2.4.4) 2013-07-20 22:21:08 +10:00
Daniel Black 6fdfd8d356 BF: fix port 2013-07-20 15:09:25 +10:00
Daniel Black eea5b071e6 ENH: jail for perdition 2013-07-19 20:27:15 +10:00
Daniel Black fcf79b475f ENH: new filter perdition.conf 2013-07-19 20:14:53 +10:00
Steven Hiscocks 26b472f70f ENH: Add ejabberd-auth filter and sample log lines 2013-07-18 21:31:51 +01:00
Steven Hiscocks d661b8c046 BF: Apache regex and sample fail data update due to date pattern changes 2013-07-17 21:09:30 +01:00
Daniel Black 03ec7c211b ENH: could not find a way to trigger filter ^%(_apache_error_client)s authorization failure \(no authenticated user\): \S*\s*$ 2013-07-18 00:37:33 +10:00
Daniel Black 8ce9c78474 TST: apache-auth digest logs 2013-07-18 00:36:17 +10:00
Daniel Black f8b5b3a1ef ENH: apache-auth - quite a lot of authorization failure messages depending on module. Make a wildcard 2013-07-17 23:31:44 +10:00
Daniel Black 4eca2c0bd5 TST: apache-auth client denied by server configuration 2013-07-17 23:24:19 +10:00
Daniel Black e0292913eb ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner 2013-07-17 23:05:04 +10:00
Steven Hiscocks 1eea0dcec8 Merge branch 'master' into 0.9
Conflicts:
	ChangeLog
	bin/fail2ban-regex
	bin/fail2ban-testcases
	config/jail.conf
	fail2ban/server/failregex.py
	fail2ban/server/filter.py
	fail2ban/tests/files/logs/lighttpd
	fail2ban/tests/files/logs/mysqld.log
	fail2ban/tests/files/logs/wu-ftpd
	fail2ban/tests/filtertestcase.py
	fail2ban/tests/utils.py
	testcases/files/logs/lighttpd
	testcases/files/logs/lighttpd-auth
	testcases/files/logs/mysqld-auth
	testcases/files/logs/mysqld.log
	testcases/files/logs/wu-ftpd
	testcases/files/logs/wuftpd
2013-07-16 23:16:22 +01:00
Yaroslav Halchenko f6a8a04cf3 ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback
I also used non-greedy .*? for the login portion since not sure if space could
be there and trying to minimize possibility of reacting on injected "from
<HOST>" somewhere within the trailing .*
2013-07-16 15:07:32 -04:00
Yaroslav Halchenko 8add63c733 ENH: anchor roundcube-auth at the beginning as well 2013-07-16 14:16:23 -04:00
Steven Hiscocks 728399c39e Merge pull request #281 from kwirk/dovecot-filter
ENH: dovecot filter additions for session, time value and blank user
2013-07-14 05:18:04 -07:00
Daniel Black ab10664b57 ENH: action.d/hostsdeny to take daemon_list arguement as suggested in README.Solaris 2013-07-14 16:20:21 +10:00
Steven Hiscocks 606e97683b BF: jail.conf multiport actions previously using single port iptables 2013-07-12 23:34:04 +01:00
Daniel Black 975999591f ENH/DOC: more realm mismatch errors. Documented filter design criteria 2013-07-12 07:39:18 +10:00
Daniel Black 10e3be857a ENH: apache-auth filter added mod_auth_digest message 2013-07-11 23:08:46 +10:00
Daniel Black 384b72a535 ENH: apache-auth filter - client wrong auth 2013-07-11 22:58:36 +10:00
Daniel Black fce431add8 ENH: add mod_authz_core failures to apache-auth 2013-07-11 22:28:27 +10:00
Daniel Black 6ce41a611d BF: fix filter on apache-auth. Closes #286 2013-07-11 22:13:51 +10:00
Daniel Black 1d6d5a7aae DOC: ChangeLog merge confict 2013-07-09 08:41:28 +10:00
Daniel Black 5412d7336f DOC: ChangeLog confict 2013-07-09 08:23:44 +10:00
Daniel Black 619603fe05 BF: match asterisk InvalidPassword correctly 2013-07-07 17:48:20 +10:00
Steven Hiscocks bfa2b9dec3 ENH: dovecot filter additions for session, time value and blank user 2013-07-05 18:36:02 +01:00
Yaroslav Halchenko 04b8069cee ENH: adjust sendmail-whois 'active' example to have also sendername in it 2013-07-05 10:12:29 -04:00
Alexander Dietrich 2155f6bfa5 Update ChangeLog and jail.conf example 2013-07-04 08:57:52 +02:00
Daniel Black d6dece4900 ENH: Split log and provide jail examples 2013-07-03 07:42:47 +10:00
Alexander Dietrich da594075f3 Move sendmail settings to common file, make sender name configurable 2013-07-02 20:30:41 +02:00
Yaroslav Halchenko e6ebcf6687 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
* 'dovecot' of https://github.com/grooverdan/fail2ban:
  ENH: remove non-capturing groups for readibility
  BF: fix dovecot filter for when no TLS is enabled on pop/imap

Conflicts:
	ChangeLog -- changelog entries.  Also untabified few other spots
2013-07-02 10:12:51 -04:00
Yaroslav Halchenko f0f237fa05 Merge pull request #269 from grooverdan/asterisk
ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages
2013-07-02 07:04:10 -07:00
Daniel Black e6823149a1 ENH: remove non-capturing groups for readibility 2013-07-02 20:16:43 +10:00
Daniel Black aebd24ec54 BF: replace with ed so its cross platform, fixes permission problem gh-266, and Yaroslav doesn't revert to perl 2013-07-02 20:09:27 +10:00
Daniel Black 4777cfd4e7 ENH: split out exim-spam into speparate filter 2013-07-02 20:03:16 +10:00
Yaroslav Halchenko 70ae1ed68b ENH: ban also submission port (587) for all smtp-related jails
see http://www.rfc-editor.org/rfc/rfc4409.txt
and http://en.wikipedia.org/wiki/Mail_submission_agent

Users of advanced setups might like to split those into multiple jails anyways
to have separate control over submission agents and incoming mail servers.
2013-07-01 14:50:02 -04:00
Daniel Black ca996ace5e ENH: remove temporary failures from local_scan in line with comments in gh-258 2013-07-01 21:56:02 +10:00
Daniel Black 9757e1df2b ENH: make groupings non-capturing 2013-07-01 21:53:05 +10:00
Daniel Black 72f9e6a51e ENH/TST: more samples and rejection types for sender verify fail and rejected RCPT 2013-07-01 21:50:35 +10:00
Daniel Black 3b76fc79f9 BF: fix dovecot filter for when no TLS is enabled on pop/imap 2013-07-01 21:12:51 +10:00
Steven Hiscocks 1dbba35cd9 Merge branch 'master' into 0.9
Conflicts:
	fail2ban/client/jailreader.py
	fail2ban/tests/clientreadertestcase.py
	fail2ban/tests/files/logs/sshd
2013-06-29 20:31:26 +01:00
Steven Hiscocks 5ca6a9aeb6 Merge branch 'systemd-journal' into 0.9
Conflicts:
	bin/fail2ban-regex
	config/filter.d/sshd.conf

Closes github #224
2013-06-29 13:00:40 +01:00
Daniel Black 0086a7edab ENH: missed a $ 2013-06-29 11:30:37 +10:00
Yaroslav Halchenko 1b170b2aef BF: support apache 2.4 more detailed error log format. Close #268 2013-06-28 09:49:36 -04:00
Yaroslav Halchenko 6d331bcbea BF: make colon after [daemon] optional. Close #267 2013-06-27 11:44:47 -04:00
Daniel Black fa7a105483 ENH: filter.d/asterisk - consolidate log prefix regex and add a few fail messages 2013-06-27 09:16:14 +10:00
Yaroslav Halchenko 8487cb2e90 Merge commit '0.8.10-31-g1ab0f0f' into 0.9
* commit '0.8.10-31-g1ab0f0f': (24 commits)
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  DOC: Changelog for fail2ban-regex RF
  DOC: Changelog for asterisk hardening
  ENH: fail2ban-regex -- add specification of loglevels to enable
  RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs
  ENH: 'heavydebug' level == 5 for even more debugging in tricky cases
  ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
  BF: missed a space
  BF: [SSL-out] is optional in assp
  ENH: regex hardening on assp
  ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
  TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: dovecot regexs rewritten and extra failures
  ENH: proftp regex hardening and log messages
  ENH/BF: exim improvements with sample
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  ...

Conflicts: -- it was a messy merge/resolution.
	ChangeLog
	bin/fail2ban-regex
	fail2ban-testcases
	fail2ban/server/filter.py
2013-06-18 20:21:23 -04:00
Daniel Black 25c3bbfc2f DOC: credits/blame to me for changes to exim 2013-06-16 00:25:24 +10:00
Daniel Black b8cfda68b8 ENH: new exim filter regexs. Also note a begining PID in this format. Thanks to ftoppi for the log entries 2013-06-16 00:19:37 +10:00
Daniel Black d441d61a1e TST/ENH: Improve regex around exim
rejected by local_scan now has test cases.

Unrouteable address error messages now normalised after looking into
exim code.
2013-06-15 12:34:16 +10:00
Yaroslav Halchenko 9d4b613ee4 Merge branch '3proxy' of https://github.com/grooverdan/fail2ban
* '3proxy' of https://github.com/grooverdan/fail2ban:
  BF: fix to proxy port in 3proxy example
  ENH: sample log + more specific regex
  BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon
  BF: need to anchor the start to avoid another repeat of DoS injection like Apache
  ENH: stricter regex thanks to Steven Hiscocks (kwirk)
  DOC: credits

Conflicts:
	ChangeLog
2013-06-14 12:32:51 -04:00
Yaroslav Halchenko 173fe48e77 Merge branch 'exim' of https://github.com/grooverdan/fail2ban
* 'exim' of https://github.com/grooverdan/fail2ban:
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  ENH/BF: exim improvements with sample

Conflicts:
	ChangeLog
2013-06-14 12:28:07 -04:00
Yaroslav Halchenko ec629ab4e8 Merge branch 'proftpd' of https://github.com/grooverdan/fail2ban
* 'proftpd' of https://github.com/grooverdan/fail2ban:
  ENH: proftpd chan accept usernames with spaces
  ENH: injection of fail data into USER field
  ENH: proftp regex hardening and log messages

Conflicts:
	ChangeLog
2013-06-14 12:16:59 -04:00
Yaroslav Halchenko ab2c738b43 Merge branch 'dovecot' of https://github.com/grooverdan/fail2ban
* 'dovecot' of https://github.com/grooverdan/fail2ban:
  TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
  ENH: dovecot regexs rewritten and extra failures

Conflicts:
	ChangeLog -- merged entries
2013-06-14 12:14:40 -04:00
Daniel Black 8cc13b5b40 BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address 2013-06-14 18:12:53 +10:00
Daniel Black a433a8ea5f ENH: readibility thanks to Yaroslav 2013-06-14 15:21:50 +10:00
Yaroslav Halchenko 948be73115 Merge branch 'assp' of https://github.com/grooverdan/fail2ban
* 'assp' of https://github.com/grooverdan/fail2ban:
  BF: missed a space
  BF: [SSL-out] is optional in assp
  ENH: regex hardening on assp

Conflicts:
	ChangeLog -- merged the two entries into 1
2013-06-13 23:32:45 -04:00
Yaroslav Halchenko 09302c5c25 ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
2013-06-13 23:15:48 -04:00
Daniel Black 7018d81244 BF: missed a space 2013-06-14 12:35:44 +10:00
Daniel Black a447aa615d BF: [SSL-out] is optional in assp 2013-06-14 12:27:35 +10:00
Daniel Black d4940563d3 ENH: regex hardening on assp 2013-06-14 08:55:25 +10:00
Daniel Black 6a09ecff5c ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal . 2013-06-14 08:41:50 +10:00
Daniel Black 9940cd1b6b ENH: proftpd chan accept usernames with spaces 2013-06-14 00:29:43 +10:00
Daniel Black dbe7ffe050 ENH: dovecot regexs rewritten and extra failures 2013-06-13 23:52:15 +10:00
Daniel Black 4c67a269bf ENH: proftp regex hardening and log messages 2013-06-13 22:11:05 +10:00
Daniel Black 3e3802512a ENH/BF: exim improvements with sample 2013-06-13 17:44:18 +10:00
Daniel Black 88b4598ed8 BF: fix to proxy port in 3proxy example 2013-06-13 14:43:15 +10:00
Yaroslav Halchenko f6cb981fc0 Merge commit '0.8.10-1-g460e09a' into 0.9
* commit '0.8.10-1-g460e09a':
  it was not the end of the world and we should continue
  DOC: add information on where to report vulnerabilities + pointer to HOWTO_Seek_Help
  Changes for 0.8.10 release (changelog, version, etc)
  BF: anchor apache- filters.  Close #248
  DOC: credits for gh-244
  Filter Asterisk: Add sample log entry to testcase.
  Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
  ENH: purge a few more .*
  DOC: credits
  DOC: how to do filter enhancements
  TST: normalize logs to use example.com and 1.2.3.4 as IP
  ENH/BF: constrain regex. Fix ACL error regex
  ENH: port optional
  Update asterisk
  Update asterisk.conf

Conflicts:
	ChangeLog
	DEVELOP
	README.md
	fail2ban/version.py
2013-06-12 21:30:47 -04:00
Daniel Black 9dbaec0894 ENH: sample log + more specific regex 2013-06-13 10:23:14 +10:00
Daniel Black 8faf84b7f7 BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon 2013-06-13 08:34:10 +10:00
Yaroslav Halchenko 6ccd57813c BF: anchor apache- filters. Close #248
See https://vndh.net/note:fail2ban-089-denial-service for more information
2013-06-11 19:19:25 -04:00
Daniel Black fd9f9f16e0 BF: need to anchor the start to avoid another repeat of DoS injection like Apache 2013-06-12 08:48:30 +10:00
Daniel Black f2fa4d53a8 ENH: stricter regex thanks to Steven Hiscocks (kwirk) 2013-06-12 08:30:59 +10:00
Daniel Black 16d63434ef DOC: credits 2013-06-11 23:56:09 +10:00
Carlos Alberto Lopez Perez 47b063b022 Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
* I have been seeing bruteforcing attempts where asterisk fails with
   AUTH_UNKNOWN_DOMAIN (Not a local domain)
2013-06-10 19:50:35 +02:00
Daniel Black 05c88bd85d ENH: purge a few more .* 2013-05-30 11:34:04 +10:00
Daniel Black 4cf402d60e ENH/BF: constrain regex. Fix ACL error regex 2013-05-30 10:15:58 +10:00
Daniel Black 0f7b609336 ENH: port optional 2013-05-30 09:43:39 +10:00
Daniel Black 278fd43429 Merge branch 'patch-1' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:39:12 +10:00
Yaroslav Halchenko a3161f59fa Merge commit '0.8.9-13-g39d32e0' into 0.9
* commit '0.8.9-13-g39d32e0':
  Changelog for previous PR
  DOC: Changelog entry fro preceeding merge from Terence
  TST: Fix fail2ban.conf reader test for unreliable dictionary order
  failregex when roundcube log driver is set to 'syslog'
  fixed failregex line for roundcube 0.9+
  TST: test all stock jails to have actions and correctly specifying blocktype
  CFG: assure actions for all the jails
  BF: blocktype must be defined within [Init] -- adding [Init] section.  Close #232
  ENH: since it seems the default is to use file based logging, $syslog is in Should-{Start|Stop} like Debian https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.init
  ENH: opensuse script from opensuse: https://build.opensuse.org/package/view_file?expand=1&file=fail2ban.init&package=fail2ban&project=openSUSE%3AFactory

Conflicts:
	ChangeLog
	config/jail.conf
	testcases/clientreadertestcase.py -- had to "git show XXX | patch -p2" under tests/ 2 commits: 8a57ffd 7a4db4b
2013-05-29 11:32:35 -04:00
Steven Hiscocks 49261925d7 ENH: Add new regex for locked accounts for sshd 2013-05-27 22:06:49 +01:00
Terence Namusonge 244a96f9b3 fixed failregex line for roundcube 0.9+
# Only works only if  log driver: is set to  'syslog'. this is becoz fail2ban fails to 'read' the line due to the
 brackets around the date timestamp on logline when log driver is set to file
2013-05-25 19:26:13 +02:00
Yaroslav Halchenko d2b1c73b92 CFG: assure actions for all the jails 2013-05-24 14:33:08 -04:00
Yaroslav Halchenko 89e06bba15 BF: blocktype must be defined within [Init] -- adding [Init] section. Close #232 2013-05-24 11:15:46 -04:00
silviogarbes 5c8fb68a2c Update asterisk.conf
Para ficar compatível com asterisk 11
2013-05-14 08:04:11 -03:00
Yaroslav Halchenko f5a8a8ac7c Release 0.8.9
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iEYEABECAAYFAlGRBZ8ACgkQjRFFY3XAJMhqzwCgvUsrv6cSjo1d8YCQUA8Na0Kk
 44QAoKk7X2sqFM+wvj2vK3stsHa/80qm
 =iBfR
 -----END PGP SIGNATURE-----

Merge tag '0.8.9' into 0.9 (quite a bit of conflicts "resolved")

Release 0.8.9

* tag '0.8.9':
  BF: add missing files to MANIFEST (I think we shoult not rely on sdist anyways -- 'git tag' tarballs are more thorough ;) )
  All the (version) updates for the release of 0.8.9
  BF: (travis) relax the test for needed to be presented installed directories -- allow new
  BF: (travis) if tests ran under coverage -- there is a traceback parts to report (thus > would be present)
  ENH: also print the failing traceback line in case of failure
  ENH: include explicit list of new files which should not be there upon "install --root"
  ENH: now we know that logging handlers closing was still buggy in 2.6.2
  ENH: issue a warning if jail name is longer than 19 symbols (Close #222)
  DOC: inline commends with ';' are in effect only if ';' follows as space
  BF: Fix for filterpoll incorrectly checking for jailless state
  ENH: strengthen detection of working pyinotify
  ENH: use the same python executable for setup.py test
  ENH: actually tune up TraceBack to determine "unittest" portions of the stack across all python  releases
  TST: Some primarily smoke tests for tests utils
  TST: cover few more lines in fail2banreader.py
  ENH: basic test for setup.py itself (when applicable, should greatly improve coverage ;) )
  ENH: consistent operation of formatExceptionInfo + unittest for it
  ENH: point to the status of master branch on travis

Conflicts:
	ChangeLog
	MANIFEST
	README.md
	fail2ban/version.py -- all of the above obvious version changes

   below files primarily  needed just a bit of help in resolution
	config/jail.conf
	fail2ban/server/filterpoll.py
	fail2ban/server/server.py
	fail2ban/tests/servertestcase.py

   and following were more difficult -- git wasn't able to track renames/moves of the code
    fail2ban-testcases -- needed to introduce those changes to tests/utils.py
	testcases/clientreadertestcase.py -- manually applied patch from master
	testcases/utils.py -- manually applied patch from master
2013-05-13 12:29:41 -04:00
Yaroslav Halchenko 90b8433ac5 DOC: inline commends with ';' are in effect only if ';' follows as space 2013-05-12 21:42:59 -04:00
Steven Hiscocks f7d328195f NF: Add systemd journal backend 2013-05-10 00:15:07 +01:00
Yaroslav Halchenko f1b6806eb4 Merge branch 'master' into 0.9
* master: (51 commits)
  ENH: Use real (resolving) example.com instead of test.example.com
  DOC: Slight tune ups to ChangeLog -- we must release!
  Changelog entries for the latest merges
  BF: add bash-completion to MANIFEST
  DOC: ChangeLog for default action type change
  ENH: consolidate where blocktype is defined for iptables rules
  BF: default type to unreachable
  ENH: separate out regex and escape a .
  ENH: logs/sshd -- have ":" after [daemon] (other uses are uncommon)
  ENH: logs/sshd -- use example.com as the resolved hostname in sample log lines
  ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
  DOC: Drop sudo from bash-completion
  DOC: Added bash-completion script
  ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
  ENH: Removed unused log line
  ENH: logrotate file
  BF: missed MANIFEST include
  BF: missed MANIFEST include
  BF: missed MANIFEST include
  ENH: some form of logrotate based on what distros are doing
  ...

Conflicts:
	ChangeLog
	MANIFEST
	client/actionreader.py
	config/jail.conf
	fail2ban/server/datedetector.py
	fail2ban/tests/datedetectortestcase.py
2013-05-08 13:53:38 -04:00
Yaroslav Halchenko 2b1e19933f Merge branch 'master' of git://github.com/fail2ban/fail2ban
* 'master' of git://github.com/fail2ban/fail2ban:
  BF: missed MANIFEST include
  DOC: credits for bsd-ipfw
  ENH: add ipfw rule for bsd using the tables.
2013-05-08 10:32:18 -04:00
Yaroslav Halchenko 976a65bb89 Merge branch 'bsd_logs' of https://github.com/grooverdan/fail2ban
* 'bsd_logs' of https://github.com/grooverdan/fail2ban:
  ENH: separate out regex and escape a .
  BF: missed MANIFEST include
  DOC: credits for bsd log
  DOC: bsd syslog files thanks to Nick Hilliard
  BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD

Conflicts:
	config/filter.d/common.conf
2013-05-08 10:30:04 -04:00
Yaroslav Halchenko 5accc10a47 Merge pull request #206 from grooverdan/bsd_ipfw
NF: BSD ipfw
2013-05-08 07:24:56 -07:00
Yaroslav Halchenko 0ae49ab11e Merge branch 'bsd_pf' of https://github.com/grooverdan/fail2ban
* 'bsd_pf' of https://github.com/grooverdan/fail2ban:
  BF: missed MANIFEST include
  DOC: add jail.conf entry for pf
  DOC: credit for pf action. Origin: http://svnweb.freebsd.org/ports/head/security/py-fail2ban/files/patch-pf.conf?view=log
  ENH: pf action thanks to Nick Hilliard <nick@foobar.org>.

Conflicts:
	ChangeLog
2013-05-08 10:24:01 -04:00
Yaroslav Halchenko e85914cef8 Merge pull request #215 from grooverdan/reject_no_drop_by_default
ENH: add blocktype to all relevant actions and change default action to reject
2013-05-08 07:20:14 -07:00
Daniel Black 9c03ee6d9e ENH: consolidate where blocktype is defined for iptables rules 2013-05-08 07:52:08 +10:00
Daniel Black c7fd777966 BF: default type to unreachable 2013-05-08 07:31:31 +10:00
Daniel Black de56347619 ENH: separate out regex and escape a . 2013-05-08 06:32:27 +10:00
Yaroslav Halchenko e7cb0f8b8c ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs 2013-05-07 12:22:49 -04:00
Yaroslav Halchenko 2143cdff39 Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups
Origin: from https://github.com/jamesstout/fail2ban

* 'OpenSolaris' of https://github.com/jamesstout/fail2ban:
  ENH: Removed unused log line
  BF: fail2ban.local needs section headers
  ENH: Use .local config files for logtarget and jail
  ENH+TST: ssh failure messages for OpenSolaris and OS X
  ENH: fail message matching for OpenSolaris and OS X
  ENH: extra daemon info regex
  ENH: actionunban back to a sed command
  Readme for config on Solaris
  create socket/pid dir if needed
  Extra patterns for Solaris
  change sed to perl for Solaris

Conflicts:
	config/filter.d/sshd.conf
2013-05-06 11:11:12 -04:00
Yaroslav Halchenko 822a01018f Merge pull request #205 from grooverdan/bsd_ssh
BSD ssh improvements (casing, msg)
2013-05-06 07:54:58 -07:00
Daniel Black 3b4a7b7926 ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop 2013-05-05 15:43:18 +10:00
Daniel Black aa52743f52 DOC: add jail.conf entry for pf 2013-05-03 16:42:10 +10:00
Daniel Black 0c5a9c53e1 ENH: pf action thanks to Nick Hilliard <nick@foobar.org>. 2013-05-03 16:34:54 +10:00
Daniel Black b6d0e8ad9c ENH: add ipfw rule for bsd using the tables. 2013-05-03 16:31:45 +10:00
Daniel Black 40c56b10a0 EHN: enhance sshd filter for bsd. 2013-05-03 16:17:35 +10:00
Daniel Black b3bd877d23 BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD 2013-05-03 16:12:13 +10:00
Daniel Black 495f2dd877 DOC: purge of svn tags 2013-05-03 16:03:38 +10:00
Yaroslav Halchenko 89adcd7ff7 Merge branch PR #193 ASSP SMTP Proxy support (with some manual squashing)
Origin: https://github.com/lenrico/fail2ban

Squashing was done via rebase -i 1524b076d6
to eliminate massive assp sample log file originally added

  fixed test date thx to steven
  tight control of the filter for ASSP
  as yaroslav wishes
  as daniel desires
  changed from DateASSPlike class to DateStrptime
  fixed little things
  added new date format support for ASSP SMTP Proxy
2013-05-03 00:57:49 -04:00
Enrico Labedzki 36b0d78ff8 tight control of the filter for ASSP 2013-05-03 00:56:53 -04:00
Enrico Labedzki 07aee8cd33 as daniel desires 2013-05-03 00:56:53 -04:00
Enrico Labedzki 24a8d07c20 added new date format support for ASSP SMTP Proxy 2013-05-03 00:56:46 -04:00
Yaroslav Halchenko b65205d4ad Merge branch 'master' into 0.9
* master:
  ENH: "is None" instead of "== None" + tune ups in headers
  BF: log error only if there were missed config files that couldn't be read
  DOC: missing cinfo tags are ok. Log error for self referencing definitions
  DOC: s/defination/definition/g learn to spell
  Changelog entry for the previous commit and some untabify
  BF: pyinotify backend should also handle IN_MOVED_TO events
  ENH: remove stats of config files and use results of SafeConfigParserWithIncludes.read to facilitate meaningful error messages
  DOC: credits for gh-70 fix
  BF: ensure dates in email are in the C locale. Thanks iGeorgeX
  DOC: ChangeLog for recursive tag substition
  ENH: allow recursive tag substitution in action files.
  DOC: document <br> tag
  DOC: ChangeLog for named-refused entry
  ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458
  DOC: release documentation and distributor contacts
  DOC: changelog entry for enhanced ssh filter
  BF: Rename mentioning of README to README.md (Fixes #187)
  updated README.md to hyperlink, add travis and coversall
  Moving README into a markup README.md for github's goodnesses

Conflicts:
	DEVELOP
	README.md
	fail2ban/client/configreader.py
	fail2ban/server/datedetector.py
2013-05-02 23:55:26 -04:00
Steven Hiscocks f196709be1 ENH: Update asterisk example jail.conf entry for multiaction 2013-04-29 23:40:18 +01:00
jamesstout 3367dbd987 ENH: fail message matching for OpenSolaris and OS X
- OpenSolaris keyboard message matched by new regex 3
- Removed Bye Bye regex per
https://github.com/fail2ban/fail2ban/issues/175#issuecomment-16538036
- PAM auth failure or error and first char case-insensitive, can also
have chars after the hostname. e.g.

Apr 29 16:53:38 Jamess-iMac.local sshd[47831]: error: PAM:
authentication error for james from 205.186.180.101 via 192.168.1.201
2013-04-30 04:23:13 +08:00
jamesstout d2a9537568 ENH: extra daemon info regex
for matching log lines like:
Mar 29 05:20:09 dusky sshd[19558]: [ID 800047 auth.info] Failed
keyboard-interactive for james from 205.186.180.30 port 54520 ssh2

this matches  [ID 800047 auth.info]
2013-04-30 04:14:36 +08:00
jamesstout b7795addd0 ENH: actionunban back to a sed command
per https://github.com/fail2ban/fail2ban/pull/182#discussion_r3999128
2013-04-30 04:10:32 +08:00
Daniel Black 945ad3d9e6 BF: ensure dates in email are in the C locale. Thanks iGeorgeX 2013-04-29 14:10:23 +10:00
Daniel Black 0ac8746d05 ENH: Account for views in named filter. By Romain Riviere in gentoo bug #259458 2013-04-28 11:03:44 +10:00
Yaroslav Halchenko 62602a9ed0 Revert "ENH: by default enable a single jail -- sshd"
This reverts commit 47a62b6072.

Enabling any jail by default should be a prerogative of particular
distributions (thanks Fabian Wenk for the discussion)

Conflicts:
	config/jail.conf
2013-04-23 13:58:58 -04:00
Yaroslav Halchenko 1d72a8265d Merge branch '0.9' into _tent/jail.conf
* 0.9:
  BF: usedns deals with forward (not reverse) DNS lookups (thanks Steven Hiscocks)

Conflicts:
	config/jail.conf
2013-04-23 13:57:52 -04:00
Yaroslav Halchenko 2a48b0ab54 Merge branch 'master' into 0.9
* master:
  BF: usedns deals with forward (not reverse) DNS lookups (thanks Steven Hiscocks)
2013-04-23 13:57:07 -04:00
Yaroslav Halchenko 22f04677b6 BF: usedns deals with forward (not reverse) DNS lookups (thanks Steven Hiscocks) 2013-04-23 13:56:51 -04:00
Yaroslav Halchenko 87bac37139 ENH: default port to all ports (0:65535) + remove where thus not needed + typos 2013-04-23 13:55:26 -04:00
Yaroslav Halchenko f4a74d8d8b RF: rename/unify naming of courier filters/jails 2013-04-22 22:42:09 -04:00
Yaroslav Halchenko 47a62b6072 ENH: by default enable a single jail -- sshd 2013-04-22 22:35:01 -04:00
Yaroslav Halchenko 3ba540eca3 ENH+BF: use %(__name__) by default for filter, defined enabled = false by DEFAULT
Now jail.conf is really neat.

BF: tests
2013-04-22 22:23:23 -04:00
Yaroslav Halchenko 24e4cfe1b7 Merge branch '0.9' into _tent/jail.conf
* 0.9: (45 commits)
  Beef up changelog for 0.9
  ENH: make fail2ban-regex aware of possible maxlines in the filter config file
  BF+TST: Correctly reset time in tearDownMyTime
  ENH: Reimplement warning suppression of setup.py test --quiet
  ENH: Renamed OptionConfigReader to DefinitionInitConfigReader
  ENH: Rename splitAction to extractOptions in jailreader
  ENH: Use os.path.join for filter/action config readers
  BF: Remove warnings handler which breaks setup.py python2<2.7 and python3<3.2
  ENH: For python3.2+ use ConfigPaser which replaces SafeConfigParser
  TST: Change depreciated unittest assertEquals method to assertEqual
  TST: Ensure files are closed in tests to remove ResourceWarnings
  BF: Change logging instance logSys `warn` method to `warning`
  ENH: use os.path.join for consistency -- add "Contributors" to authors
  RF: setup.py now imports version number again
  DOC: tune up formatting (spaces) and prelude for the changelog entry
  TST+RF: Add ability to execute test from setup.py with setuptools
  TST: Move test gathering to function is test utils
  TST: Move test TZ changes to setUp and tearDown methods
  ENH: Remove redundant `maxlines` option from jail reader
  TST: Add test for FilterReader [Init] `maxlines` override
  ...

Conflicts:
	config/jail.conf
2013-04-22 10:21:13 -04:00
Yaroslav Halchenko 698c74d9ed Merge commit '0.8.8-212-gf6f30f1' into 0.9
* commit '0.8.8-212-gf6f30f1': (24 commits)
  DOC: tune up formatting (spaces) and prelude for the changelog entry
  DOC: more ChangeLog entries all the way back to 0.8.8
  DOC: move new actions and filters to New Features in ChangeLog
  DOC: tomcat and Guacmole are next release
  DOC: credit man page edits
  DOC: developers please rebase and use a single commit
  DOC: post release ChangeLog entry
  DOC: ChangeLog - current HEAD back to ce3ab34
  DOC: begining of ChangeLog
  DOC: version/date of release
  DOC: ChangeLog versions and dates for Releasing
  DOC: guidance for pull requests
  BF:  filter.d/sshd "Did not receive identification string" relates to an exploit so document this in sshd-ddos.conf but leave it out of authentication based blocks in sshd.conf
  DOC: a plugin to thanks for the community support
  Add After, PIDFile, and change WantedBy to multi-user.target in fail2ban.server
  DOC: slight tune ups to README (we are no longer compatible with python 2.3 ;) )
  ENH: more openssh fail messages from openssh source code (CVS 20121205)
  Add systemd unit file and tmpfiles.d configuration files
  BF: do not rely on scripts being under /usr -- might differ eg on Fedora -- rely on import of common.version (Closes gh-112)
  RF: move exceptions used by both client and server into common/exceptions.py
  ...

Conflicts:
	ChangeLog
	README
2013-04-22 09:55:27 -04:00
jamesstout 10fcfb925d Extra patterns for Solaris 2013-04-21 07:30:21 +08:00
jamesstout de98e3dabd change sed to perl for Solaris 2013-04-21 07:29:48 +08:00
Steven Hiscocks 9672e44d39 ENH: Move jail `maxlines` to filter config 2013-04-18 22:11:41 +01:00
Daniel Black 41b9f7b6ac BF: filter.d/sshd "Did not receive identification string" relates to an exploit so document this in sshd-ddos.conf but leave it out of authentication based blocks in sshd.conf 2013-04-18 04:38:03 +10:00
Yaroslav Halchenko 4665ac6b27 RF: jail.conf with entries from Debian's copy and changing existing ones to conform the "template"
our unittests fail now -- will BF later
2013-04-17 01:05:04 -04:00
Yaroslav Halchenko 9a14cf8b7b Merge branch 'master' into 0.9
* master:
  DOC: initiated changelog (but not juice left to actually fill it up ;-))
  TST: test all valid loglevels in server testcases
  TST: Add tag replace and escape test for actions
  ENH: Minor change to action for consistency of execStart/Stop
  TST: Coverage for coveralls.io should only be run on success
  TST: no cover additions to server, primarily daemon creation
  DOC: thanks @kwirk for spotting the typos in exception message
  FD_CLOEXEC support
  Typo in default pidfile in fail2ban.conf

Conflicts:
	.travis.yml   -- after_success
	ChangeLog     -- added perspective changelog for 0.8.9
	fail2ban/server/asyncserver.py -- imports
	fail2ban/server/server.py -- no pragma (if I got it right ;-) )
2013-04-16 23:50:43 -04:00
Yaroslav Halchenko 4869186c8f Merge branch 'py3' of https://github.com/kwirk/fail2ban into 0.9
* 'py3' of https://github.com/kwirk/fail2ban: (38 commits)
  DOC: Add python3 to requirements
  ENH: Clarify use of bytes in csocket and asyncserver for python3
  DOC: Revert dnsToIp error change, seperate log message for socket.error
  TST: Tweak python3 open statement to resolve python2.5 SyntaxError
  TST: Revert changes for filter testcase open statement
  DOC: Revert setup.py messages to use print statement
  Add *.bak files generated by 2to3 to gitignore
  TST: Fix up fail2ban python3 scripts
  TST: Fix issues in tests which assumed dictionary's order
  ENH: setup.py now automatically runs 2to3 for python3.x
  TST: Remove Travis CI unsupported versions of python from Travis config
  add fail2ban-2to3 to MANIFEST file
  ENH: Add python3 versions to Travis CI config
  BF: Handle expected errors for python3.{0,1} when changing log target
  Minor tweaks to fail2ban-regex for encoding
  Added ability to set log file encoding with fail2ban-regex
  Add ability to set log encoding for jail
  Move handling of unicode decoding to FileContainer readline
  Fix incorrect exit code from fail2ban-2to3
  Remove redundant reassignment of variable
  ...

Conflicts:
	fail2ban/tests/servertestcase.py -- both branches added a new unittest at the same point
2013-04-16 23:24:49 -04:00
Yaroslav Halchenko f5572c8ade Merge pull request #173 from kwirk/maxlines
Maxlines jail setting tweaks
2013-04-16 19:50:00 -07:00
Steven Hiscocks 4d80fad874 ENH+DOC: Add Guacamole filter, example log and jail 2013-04-16 21:13:31 +01:00
Daniel Black 32d10e904a ENH: more openssh fail messages from openssh source code (CVS 20121205) 2013-04-17 00:03:36 +10:00
Steven Hiscocks 183cfa6e00 ENH: Default maxlines value in jail.conf, and verify value is int >0 2013-04-15 21:21:19 +01:00
Steven Hiscocks fa0f8f9e6d Merge branch '0.9' into py3
Conflicts:
	.travis.yml
	MANIFEST
	bin/fail2ban-regex
	fail2ban/server/filter.py
	fail2ban/tests/servertestcase.py
	setup.py
2013-04-13 16:54:22 +01:00
Yaroslav Halchenko 59192a5585 Merge remote-tracking branch 'github_kwirk_fail2ban/pidfile'
* github_kwirk_fail2ban/pidfile:
  Typo in default pidfile in fail2ban.conf
2013-04-09 23:48:46 -04:00
Yaroslav Halchenko 99a5d78e37 ENH: for consistency (and future expansion ;)) -- rename to mysqld-auth 2013-04-09 18:03:34 -04:00
Yaroslav Halchenko ffaa9697ee Adjusting previous PR (MySQL logs) according to my comments 2013-04-09 18:00:40 -04:00
Yaroslav Halchenko 3e6be243bf Merge branch 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban
* 'Support_for_mysql_log_example' of https://github.com/arto-p/fail2ban:
  Added testcase for MySQL date format to testcases/datedetectortestcase.py and example of MySQL log file.
  Added support for MySQL logfiles

Conflicts:
	testcases/datedetectortestcase.py -- conflictde with other added test cases
2013-04-09 17:55:14 -04:00
Steven Hiscocks 77aa523f22 Merge branch 'master' into py3
Conflicts:
	.travis.yml
	server/datetemplate.py
	server/server.py
	testcases/filtertestcase.py
2013-03-30 22:51:36 +00:00
Yaroslav Halchenko 72b06479a5 ENH: Slight tune ups for fresh SOGo filter + comment into the sample log file 2013-03-27 11:09:54 -04:00
Yaroslav Halchenko 105306e1a8 Merge remote-tracking branch 'pr/117/head' -- SOGo filters
* pr/117/head:
  An example of failed logins against sogo
  Update sogo-auth.conf
  Update config/filter.d/sogo-auth.conf
  Create sogo-auth.conf
  Update config/jail.conf
2013-03-27 11:09:35 -04:00
Yaroslav Halchenko 91d5736c12 ENH: postfix filter -- react also on (450 4.7.1) with empty from/to. fixes #126 2013-03-26 09:40:04 -04:00
ArndRa bba3fd8568 Update sogo-auth.conf
included hint by user  yarikoptic
2013-03-25 08:43:13 +01:00
Artur Penttinen 29d0df58be Added support for MySQL logfiles 2013-03-24 16:52:58 +02:00
Daniel Black 67544d1dd6 DOC: tags are documented in the jail.conf(5) man page 2013-03-17 10:52:49 +11:00
Yaroslav Halchenko 5e5eaaf838 Merge pull request #134 from grooverdan/misc-fixes
BF: fail2ban client can't handle multi word setcinfo or action[*] values
2013-03-10 18:01:17 -07:00
Pascal Borreli a2b29b4875 Fixed typos 2013-03-10 22:05:33 +00:00
Daniel Black a0f088be25 ENH: typo + head -1 has been deprecated for 10+ years. 2013-03-10 16:28:45 +11:00
Steven Hiscocks 66367876bb Add ability to set log encoding for jail 2013-02-27 18:09:55 +00:00
Yaroslav Halchenko a8bd9c20a0 Merge branch 'master' of git://github.com/fail2ban/fail2ban
* 'master' of git://github.com/fail2ban/fail2ban:
  add blocking type
  add example jail.conf for blocking through blackhole routes for ssh
  add support for blocking through blackhole routes
2013-02-18 23:12:06 -05:00
Yaroslav Halchenko d5ae28facf Merge pull request #104 from gebi/t/route
add support for blocking through blackhole routes
2013-02-18 08:01:34 -08:00
Steven Hiscocks 294f073741 Typo in default pidfile in fail2ban.conf 2013-02-17 22:42:24 +00:00
Steven Hiscocks ce3ab34dd8 Added ability to specify PID file 2013-02-17 22:14:01 +00:00
Daniel Black 47b1ee39d8 add blocking type 2013-02-17 12:44:15 +11:00
Yaroslav Halchenko 8cf006827e BF: remove path from grep call in sendmail-whois-lines.conf Closes: gh-118 2013-02-12 08:48:05 -05:00
ArndRa 6cd358ee95 Update config/filter.d/sogo-auth.conf
Comment line in the top altered to fit file name. My local file was named differently...
2013-02-12 10:45:37 +01:00
ArndRa 35bf84abad Create sogo-auth.conf
Regexp works with SOGo 2.0.5 or newer, following new feature implemented here: http://www.sogo.nu/bugs/view.php?id=2229
2013-02-11 08:19:48 -08:00
ArndRa 52f952e645 Update config/jail.conf
Update to use the new sogo-auth filter
2013-02-11 17:14:29 +01:00
Yaroslav Halchenko 5f2d3832f7 NF: roundcube-auth filter (to close Debian #699442, needing debian/jail.conf section) 2013-01-31 14:41:34 -05:00
Orion Poplawski bb7628591c Update config/filter.d/sshd.conf
Do not trigger sshd bans on pam_unix authentication failures, this will trigger on successful logins on systems that use non-pam_unix authentication (sssd, ldap, etc.).
2013-01-18 14:44:49 -07:00
Yaroslav Halchenko 9a39292813 ENH: Added login authenticator failed regexp for exim filter 2013-01-04 15:23:05 -05:00
Yaroslav Halchenko b3d8ba146b DOC: Mention that logrotate configuration needs to be adjusted if logtarget is changed (Closes: #697333) 2013-01-04 15:23:05 -05:00
Michael Gebetsroither 03433f79cd add example jail.conf for blocking through blackhole routes for ssh 2013-01-04 16:09:04 +01:00
Michael Gebetsroither f9b78ba927 add support for blocking through blackhole routes 2013-01-03 18:46:31 +01:00
Daniel Black da0ba8ab4c ENH: add example jail for ipset 2012-12-31 14:38:51 +11:00
Daniel Black 9221886df6 more documentation and optimisations/fixes based on testing 2012-12-31 14:31:37 +11:00
Daniel Black abd5984234 base ipset support 2012-12-31 14:31:37 +11:00
pigsyn f336d9f876 Update config/filter.d/webmin-auth.conf
Added '\s*$' to the regular expression to match the space written by webmin logs at line-endings
2012-12-13 08:14:49 +01:00
pigsyn dc67b24270 Update config/filter.d/webmin-auth.conf
Added a trailing '.*$' to each regex so they can find expressions in targeted log files.
2012-12-12 23:07:39 +01:00
Yaroslav Halchenko 3969e3f77b ENH: dovecot.conf - require space(s) before rip/rhost log entry 2012-12-12 09:16:52 -05:00
hamilton5 266cdc29a6 Update config/filter.d/dovecot.conf
even tho not on the fail2ban site..
suggested to not be greedy by yarikoptic
2012-12-11 12:09:28 -05:00
hamilton5 e040c6d8a3 Update config/filter.d/dovecot.conf
site actually needs updated because of <HOST> alias 
per Notes above.
2012-12-11 03:26:14 -05:00
hamilton5 7ede1e8518 Update config/filter.d/dovecot.conf
added failregex line for debian and centos per 
http://www.fail2ban.org/wiki/index.php/Talk:Dovecot
2012-12-10 19:17:04 -05:00
Yaroslav Halchenko fc27e00290 ENH: tune up sshd-ddos to use common.conf and allow training spaces 2012-12-07 15:24:34 -05:00
Yaroslav Halchenko 6ecf4fd80a Merge pull request #64 from sourcejedi/remove_sshd_rdns
Misconfigured DNS should not ban *successful* ssh logins

Per our discussion indeed better (and still as "safe") to not punish users behind bad DNS
2012-11-05 18:20:37 -08:00
Mark McKinstry 95de9c1a97 add support for the APF firewall 2012-10-18 11:17:04 -04:00
Yaroslav Halchenko 282724a7f9 ENH: join both failregex for lighttpd-auth into a single one
they are close in meaning
should provide a slight run-time performance benefit
2012-09-30 11:30:24 -04:00
François Boulogne 958a1b0a40 Lighttpd: support auth.backend = "htdigest" 2012-09-30 13:27:21 +02:00
Yaroslav Halchenko 2a225aa6ee Added a warning within "complaint.conf" action about care with enabling it 2012-08-13 23:03:52 -04:00
Yaroslav Halchenko 2082fee7b1 ENH: match possibly present "pam_unix(sshd:auth):" portion for sshd (Closes: #648020) 2012-07-31 15:53:41 -04:00
Yaroslav Halchenko 6ad55f64b3 ENH: add wu-ftpd failregex for use against syslog (Closes: #514239) 2012-07-31 15:43:13 -04:00
Yaroslav Halchenko 80b191c7fd BF: anchor chain name in actioncheck's for iptables actions (Closes: #672228) 2012-07-31 15:27:05 -04:00
Yaroslav Halchenko a3b242d6dd BF: inline comments must use ; not # -- recidive jail 2012-07-31 14:05:42 -04:00
Alan Jenkins 8c38907016 Misconfigured DNS should not ban *successful* ssh logins
Noticed while looking at the source (to see the point of ssh-ddos).

POSSIBLE BREAK-IN ATTEMPT - sounds scary?  But keep reading
the message.  It's not a login failure.  It's a warning about
reverse-DNS.  The login can still succeed, and if it _does_ fail,
that will be logged as normal.

<exhibit n="1">
Jul  9 05:43:00 brick sshd[18971]: Address 200.41.233.234 maps to host234.advance.com.
ar, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jul  9 05:43:00 brick sshd[18971]: Invalid user html from 200.41.233.234
</exhibit>

The problem (in my mind) is that some users are stuck with bad dns.
The warning won't stop them from logging in.  I'm pretty sure they can't
even see it.  But when they exceed a threshold number of logins -
which could be all successful logins - fail2ban will trigger.

fail2ban shouldn't adding additional checks to successful logins
 - it goes against the name fail2ban :)
 - the first X "POSSIBLE BREAK-IN ATTEMPT"s would be permitted anyway
 - if you want to ban bad DNS, the right way is PARANOID in /etc/hosts.deny

I've checked the source of OpenSSH, and this will only affect the
reverse-DNS error.  (I won't be offended if you want to check
for yourself though ;)

<exhibit n="2">
$ grep -r -h -C1 'ATTEMPT' openssh-5.5p1/
                logit("reverse mapping checking getaddrinfo for %.700s "
                    "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
                return xstrdup(ntop);
--
                logit("Address %.100s maps to %.600s, but this does not "
                    "map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
                    ntop, name);
$
</exhibit>
2012-07-13 21:41:58 +01:00
Yaroslav Halchenko b4099dae57 DOC: Adjusted header for config/*.conf to mention .local and way to comment
thanks to Stefano Forli for reminding about comments
see Debian Bug#676146
2012-06-04 22:41:28 -04:00
Petr Voralek 4007751191 ENH: catch failed ssh logins due to being listed in DenyUsers. Close gh-47 (Closes: #669063) 2012-04-16 20:36:53 -04:00
Yaroslav Halchenko 7b77beee0e DOC: comment in jail.conf for the need of multiple jails for asterisk 2012-02-28 12:04:24 -05:00
Yaroslav Halchenko 71a3fb17e2 Merge remote-tracking branch 'gh-magicrhesus/master'
* gh-magicrhesus/master:
  Add the INCLUDE section to use __pid_re feature
  Disable asterisk jail by default
  Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports
  Change NOTICE by NOTICE%(__pid_re)s
  Remove custom bantime
  Add sample log file for asterisk
  Add $ at the end of the failregex
  Add asterisk support

Conflicts:
	config/jail.conf -- placed asterisk jails before recidive and added blank lines after the jail headers
2012-02-28 12:03:16 -05:00
Xavier Devlamynck 8c00ce0a65 Add the INCLUDE section to use __pid_re feature 2012-02-28 17:28:06 +01:00
Xavier Devlamynck 180c17bede Disable asterisk jail by default 2012-02-27 16:14:18 +01:00
Xavier Devlamynck df0e0fdc07 Change jail for asterisk, add support for SIP and SIP-TLS on TCP and UDP ports 2012-02-21 18:53:44 +01:00
Xavier Devlamynck c679a1a588 Change NOTICE by NOTICE%(__pid_re)s 2012-02-21 18:05:53 +01:00
Yaroslav Halchenko 42dd05210a Added a warning for the recidive jail 2012-02-18 20:15:42 -05:00
Xavier Devlamynck d7ca754980 Merge branch 'master' of github.com:magicrhesus/fail2ban 2012-02-15 19:47:04 +01:00
Xavier Devlamynck c7613ce311 Remove custom bantime 2012-02-15 18:55:35 +01:00
Xavier D d98cdb25d6 Add $ at the end of the failregex 2012-02-13 17:11:32 +01:00
Yaroslav Halchenko 25f1e8d98c BF: allow trailing whitespace in few missing it regexes for sshd.conf 2012-02-10 21:14:51 -05:00
Yaroslav Halchenko 1807be5a8c ENH: moved jail definition for recidive into jail.conf + swapped/commented durations + non-groupping ?:
thanks @cepheid666 for the useful comments
2012-01-26 23:28:44 -05:00
Tom Hendrikx f94a121663 Fix for https://github.com/fail2ban/fail2ban/issues/19
Based on previous work as documented in the bug by Amir and myself,
plus some enhancements and documentation added to the file itself rather
than a URL (they rot).
2012-01-26 23:33:01 +01:00
Lee Clemens d73a71f5cf ENH: Add usedns parameter for the jails
following commits were squashed from feature branch use_dns

commit 068c105eb5
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 22:19:04 2012 -0500

    Prevent warning when IP is read from log

commit 635ed36a8c
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 22:17:08 2012 -0500

    Removed logDebug

commit 24656d2812
Merge: 7957fbe c429f5c
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 21:13:11 2012 -0500

    Merge branch 'enh/use_dns' of github:leeclemens/fail2ban into enh/use_dns

    Conflicts:
    	testcases/filtertestcase.py

commit 7957fbe821
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 21:09:58 2012 -0500

    filtertestcase fixes from yarikoptic

commit 6ce9d04640
Author: Yaroslav Halchenko <debian@onerussian.com>
Date:   Tue Jan 10 19:26:05 2012 -0500

    RF: for consistency use_dns -> usedns

    I guess it was might fault of inconsistency suggesting that name.
    Other options/commands do not have _ in the names, so let it be
    consistent with the rest for now

commit cfb2c75b49
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 19:18:41 2012 -0500

    Updated DNSUtilsTests to test use_dns and added positive test to testTextToIp

commit f6186eff14
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 19:02:04 2012 -0500

    Changed wording of 'DNS Reverse lookup used' message

commit 82c62d29dc
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 18:53:17 2012 -0500

    Removed extraneous "n"

commit dc0ae21932
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 23:07:59 2012 -0500

    ENH: use_dns - removed debugging statements

commit 594e25818c
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 22:53:39 2012 -0500

    Added use_dns protocol to set and get per jail during runtime

commit 48ff80ffac
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 22:41:18 2012 -0500

    Completed use_dns for initial startup - with debugging statements

commit 0bdab4c2d7
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 20:05:35 2012 -0500

    ENH: Added use_dns option

commit 6d6b734ea5
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 20:01:34 2012 -0500

    ENH: Added use_dns option

commit 11ad2b6125
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 19:17:30 2012 -0500

    Added useDns flag to testcase

commit b48fa9b6af
Author: Lee Clemens <java@leeclemens.net>
Date:   Sun Jan 8 15:13:27 2012 -0500

    Added use_dns option in jail.conf

commit c429f5c91a
Merge: 4b18afb 0021906
Author: leeclemens <java@leeclemens.net>
Date:   Tue Jan 10 16:32:22 2012 -0800

    Merge pull request #3 from yarikoptic/enh/use_dns

    let's be consistent ;-)

commit 0021906358
Author: Yaroslav Halchenko <debian@onerussian.com>
Date:   Tue Jan 10 19:26:05 2012 -0500

    RF: for consistency use_dns -> usedns

    I guess it was might fault of inconsistency suggesting that name.
    Other options/commands do not have _ in the names, so let it be
    consistent with the rest for now

commit 4b18afb28a
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 19:18:41 2012 -0500

    Updated DNSUtilsTests to test use_dns and added positive test to testTextToIp

commit 4fae37e46f
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 19:02:04 2012 -0500

    Changed wording of 'DNS Reverse lookup used' message

commit e94806ce48
Author: Lee Clemens <java@leeclemens.net>
Date:   Tue Jan 10 18:53:17 2012 -0500

    Removed extraneous "n"

commit 4d30c52907
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 23:07:59 2012 -0500

    ENH: use_dns - removed debugging statements

commit 76696d452a
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 22:53:39 2012 -0500

    Added use_dns protocol to set and get per jail during runtime

commit 0631618087
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 22:41:18 2012 -0500

    Completed use_dns for initial startup - with debugging statements

commit d23d495547
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 20:05:35 2012 -0500

    ENH: Added use_dns option

commit 9538553bc5
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 20:01:34 2012 -0500

    ENH: Added use_dns option

commit ae1e857e53
Author: Lee Clemens <java@leeclemens.net>
Date:   Mon Jan 9 19:17:30 2012 -0500

    Added useDns flag to testcase

commit ace43eb941
Author: Lee Clemens <java@leeclemens.net>
Date:   Sun Jan 8 15:13:27 2012 -0500

    Added use_dns option in jail.conf
2012-01-12 23:23:41 -05:00
Xavier Devlamynck 7d465f98c1 Add asterisk support 2012-01-11 16:35:40 +01:00
Yaroslav Halchenko 9559fcd3a0 Merge pull request #25 from leeclemens/enh/pyinotify
ENH: pyinotify
2012-01-09 18:17:41 -08:00
Yaroslav Halchenko 35201f6690 Merge remote-tracking branch 'gh-keszybz/master'
* gh-keszybz/master:
  NF: xt_recent-echo action
2012-01-07 20:59:50 -05:00
Zbigniew Jędrzejewski-Szmek 321670487e NF: xt_recent-echo action
The default configuration can only be run by root. To actually support
running as a different user, the setup action must be disabled.
2012-01-06 00:51:03 +01:00
Lee Clemens 8a2e26403a Merge remote-tracking branch 'upstream/master' 2011-12-31 01:57:55 -05:00
Leonardo Chiquitto 4502adfe69 Fix comments to reflect code
Commit 638bb6652 changed some defaults but the comments still point
to the previous values.
2011-12-30 12:41:46 -05:00
Lee Clemens e442503133 Added pyinotify backend 2011-12-30 00:18:52 -05:00
Yaroslav Halchenko 4c76fb3b54 ENH: allow trailing white-spaces in lighttpd-auth.conf
now catches the one in testcases/files/logs/lighttpd
2011-12-25 10:00:50 -05:00
François Boulogne 683d4f269d modifications suggested by a referee (log ex+regexp) 2011-12-24 22:24:08 +01:00
François Boulogne a7cb20edac add lighttpd-auth jail 2011-12-24 21:56:38 +01:00
François Boulogne b6d9f795dc add filter for lighttpd mod_auth failure 2011-12-24 21:51:18 +01:00
Tom Hendrikx 9fa54cf233 Add Date: header for sendmail*.conf actions
According to rfc2822, Date: headers are not optional.
Added these to all sendmail action templates, format specification
should conform to rfc and be portable across multiple platforms.
2011-11-18 16:52:44 -05:00
Yaroslav Halchenko a9be451079 ENH: removed expansion for few Date and Revision SVN keywords
For consistency of appearance... eventually we might just remove them
altogether
2011-11-18 10:14:39 -05:00
Yaroslav Halchenko dad91f7969 ENH: sshd.conf -- allow user names to have spaces and trailing spaces in the line
absorbed from patches carried by Debian distribution of f2b
2011-11-18 10:07:13 -05:00
Yaroslav Halchenko ed0bf3ad96 Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557) 2011-11-18 09:40:56 -05:00
Adam Spiers 3152afbdc2 Recognise time-stamped kernel messages
e.g.

Sep 25 12:51:04 myhost kernel: [773580.832329] sshd[25557]: Invalid user pgsql from 91.203.223.206

This fixes the sshd filter on Fedora 15, and probably other filters on
other newish distros too.
2011-09-28 12:46:28 -04:00
Yaroslav Halchenko 3eb5e3b876 BF: Allow for trailing spaces in sasl logs
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@783 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-08-07 02:41:08 +00:00
Yaroslav Halchenko 02be7d03b2 BF: use standard/reserved example.com instead of mail.com
Adapted from fail2ban-0.8.4-examplemail.patch in Fedora:
http://sophie.zarb.org/sources/fail2ban/fail2ban-0.8.4-examplemail.patch

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@777 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-05-07 03:16:40 +00:00
Yaroslav Halchenko 6d25310e28 ENH: Adding author for dovecot filter and prunning unneeded space in the regexp
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@776 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 21:38:26 +00:00
Yaroslav Halchenko eab9af9caa BF: proftpd filter -- if login failed -- count regardless of the reason for failure
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@775 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:37:19 +00:00
Yaroslav Halchenko d4b89d8404 BF: Allow for trailing spaces in proftpd logs
See http://bugs.debian.org/507986

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@774 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:37:10 +00:00
Yaroslav Halchenko 1cb48bbc96 BF: escaping () in pure-ftpd filter. Thanks Teodor
See http://bugs.debian.org/544744

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@773 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:37:00 +00:00
Yaroslav Halchenko 02e7dfb099 BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@772 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:50 +00:00
Yaroslav Halchenko 3831fbf98b ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@771 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:41 +00:00
Yaroslav Halchenko 6558c03f8e NF: Adding found on a drive filter.d/dovecot.conf
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@770 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:28 +00:00
Yaroslav Halchenko 10faba5163 ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@769 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:17 +00:00
Yaroslav Halchenko 0073ba3838 ENH: dropbear filter: see http://bugs.debian.org/546913
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@768 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:36:08 +00:00
Yaroslav Halchenko 638bb66523 BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
It should be robust since /var/run/fail2ban is guaranteed to exist to carry the
socket file, and it will be owned by root (or some other dedicated fail2ban
user) thus avoiding possibility for the exploit

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:35:56 +00:00
Yaroslav Halchenko 7b54c7b33b spellcheck jail.conf. Thanks Christoph Anton Mitterer
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@766 a942ae1a-1317-0410-a47c-b1dcaea8d605
2010-09-27 13:18:32 +00:00
Yaroslav Halchenko 521631cfcc default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@765 a942ae1a-1317-0410-a47c-b1dcaea8d605
2010-09-27 13:10:48 +00:00
Yaroslav Halchenko dabe3aeae1 disabling entirely named-refused-udp jail with a big fat warning
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@761 a942ae1a-1317-0410-a47c-b1dcaea8d605
2010-06-29 01:34:08 +00:00
Arturo 'Buanzo' Busleiman b91595dd11 Disabled jail lighttpd-fastcgi by default.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@747 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-08-31 13:57:32 +00:00
Arturo 'Buanzo' Busleiman dde7afe1f3 added two new filter files (PHP url_fopen, lighttpd fastcgi alerts), updated MANIFEST and jail.conf accordingly
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@742 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-08-30 14:17:29 +00:00
Cyril Jaquier 55fd21ec4b - Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@730 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-09 20:27:35 +00:00
Cyril Jaquier abd061bad8 - Changed <HOST> template to be more restrictive. Debian bug #514163.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@728 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-08 17:31:24 +00:00
Cyril Jaquier 7fd0300a73 - Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@727 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-03 22:37:46 +00:00
Cyril Jaquier 376f348823 - Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log (closes: #512193).
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@726 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-03 21:56:03 +00:00
Cyril Jaquier e86e7d002e - Added missing semi-colon in the bind9 example. Thanks to Yaroslav Halchenko.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@725 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-03 21:51:32 +00:00
Cyril Jaquier e16c18d091 - Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@724 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-01-27 23:39:38 +00:00
Cyril Jaquier e46e8ed32e - Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@723 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-01-27 23:35:46 +00:00
Cyril Jaquier 6cd56802bb - Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to Russell Odom.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@717 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-13 14:56:54 +00:00
Cyril Jaquier 622218271d - Added svn:keywords property.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@716 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-13 14:38:41 +00:00
Cyril Jaquier bb8e610795 - Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@715 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-13 14:37:25 +00:00
Cyril Jaquier 391a38a7a8 - Added new regex. Thanks to Tobias Offermann.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@713 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-10-10 16:00:10 +00:00
Cyril Jaquier 3615c8ec81 - Improved pattern. Thanks to Yaroslav Halchenko.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@707 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-08-12 19:20:02 +00:00
Cyril Jaquier 155c4652a4 - Merged patches from Debian package. Thanks to Yaroslav Halchenko.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@706 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-07-22 22:29:57 +00:00
Cyril Jaquier 9ed39a4387 - Send file if the number of lines is greater or equal and not only equal to the limit.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@701 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-07-16 21:11:42 +00:00
Cyril Jaquier 11c8c71014 - Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@699 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-05-21 22:17:00 +00:00
Cyril Jaquier 7dde8d6694 - Added svn:keywords.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@684 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-04-07 22:45:37 +00:00
Cyril Jaquier a32f04b0cb - Added gssftpd filter. Thanks to Kevin Zembower.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@683 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-04-07 22:41:19 +00:00
Cyril Jaquier d9f9a31802 - Added "pam-generic" filter and more configuration fixes. Thanks to Yaroslav Halchenko.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@677 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-10 22:03:34 +00:00
Cyril Jaquier 55d6baa66d - Added svn:keywords
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@668 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 22:37:20 +00:00
Cyril Jaquier e7eaf5c488 - Fixed Debian bug #461426
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@667 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 22:35:09 +00:00
Cyril Jaquier f77057d3dd - Fixed Debian bug #462060
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@666 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 22:23:41 +00:00
Cyril Jaquier 06f8a1a8ca - Fixed Debian bug #468477
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@665 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 21:53:33 +00:00
Cyril Jaquier ead3e50c97 - Fixed Debian bug #456567
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@664 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 21:47:59 +00:00
Cyril Jaquier 6db1212152 - Added revision.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@663 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 21:47:14 +00:00
Cyril Jaquier 17e31b167e - Replaced "reject" with "drop" in shorwall action. Fix #1854875
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@661 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 23:20:10 +00:00
Cyril Jaquier 0afa6fb2be - Replaced "echo" with "printf" in actions. Fix #1839673
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@660 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 23:11:28 +00:00
Cyril Jaquier f0399ca5a4 - Absorbed some Debian patches. Thanks to Yaroslav Halchenko.
- Renamed actionend to actionstop.

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@658 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 22:41:28 +00:00
Cyril Jaquier 174ce7027a - Fixed fail2ban-regex. It support "includes" in configuration files.
- Modified "includes" to be more generic. We will probably support URL in the future.
- Small refactoring.

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@656 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 00:17:56 +00:00
Cyril Jaquier e66d9eee41 - Moved socket to /var/run/fail2ban.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@629 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-12-14 21:33:33 +00:00
Cyril Jaquier c40534123c - Fixed ipfw action script. Thanks to Nick Munger
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@623 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-10-23 22:06:31 +00:00
Cyril Jaquier 66063d2731 - Added "full line failregex" patch. Thanks to Yaroslav Halchenko. It will be possible to create stronger failregex against log injection
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@621 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-09-12 21:38:51 +00:00
Cyril Jaquier d885fc786e - Fixed wrong path for apache-auth in jail.conf. Thanks to Vincent Deffontaines
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@617 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-27 21:25:56 +00:00
Cyril Jaquier 938297138b - Fixed named filter. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@616 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-27 21:03:33 +00:00
Cyril Jaquier 732c66215f - Improved regular expressions
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@613 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-13 21:39:26 +00:00
Cyril Jaquier 5fd5a8112a - Added named (bind9) example. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@611 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:49:58 +00:00
Cyril Jaquier 49b2e40682 - Fixed vsftpd filter. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@610 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:31:47 +00:00
Cyril Jaquier 3ef8fbe2e3 - Modified failregex again. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@609 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:29:13 +00:00
Cyril Jaquier a3ace8040b - Added filter file for named (bind9). Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@608 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:21:15 +00:00
Cyril Jaquier 26c54c4538 - Added new action iptables-allports. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@606 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-08 22:13:09 +00:00
Cyril Jaquier 711f936ed0 - Corrected subject
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@604 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-08-05 19:33:15 +00:00
Cyril Jaquier e841209f1b - Added new regex for proftpd. Thanks to Vaclav Misek
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@603 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-17 20:41:00 +00:00
Cyril Jaquier 9ac663a121 - Added webmin authentication filter. Thanks to Guillaume Delvit
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@601 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-11 22:27:16 +00:00
Cyril Jaquier f714c96d0e - Updated regular expressions
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@598 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-10 20:24:44 +00:00
Cyril Jaquier 08c2c55742 - Added sendmail actions. The action started with "mail" are now deprecated. Thanks to Raphaël Marichez
- Fixed a small typo

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@595 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-05 16:10:33 +00:00
Cyril Jaquier e2334db7a6 - Improved regular expressions. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@592 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-06-25 21:57:10 +00:00
Cyril Jaquier 1e2ddec485 - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@587 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-06-07 21:29:18 +00:00
Cyril Jaquier bfab0409a2 - Replaced -d with -f. We are looking for a file, not a directory
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@570 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-04-19 21:43:45 +00:00
Cyril Jaquier ac54c8b4f1 - Modified filters config. Thanks to Michael C. Haller
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@569 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-04-18 20:22:54 +00:00
Cyril Jaquier b40b9d88d2 - Added a new line before "Regards,"
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@566 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-03-26 21:08:09 +00:00
Cyril Jaquier ee234d424c - Added pure-ftpd filter. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@560 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-03-19 20:32:28 +00:00
Cyril Jaquier 64226d09c0 - Improved failregex a bit
- Added TrackBack/1.02


git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@558 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-03-07 21:32:33 +00:00
Cyril Jaquier 0b9c41c015 - Removed actionstart and actionstop which are now obsolete
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@554 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-03-07 20:47:41 +00:00
Cyril Jaquier f02a915de1 - Added a new example for vsftpd. Thanks to Christian Rauch
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@552 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-02-22 21:11:30 +00:00
Cyril Jaquier 54e4d012d1 - Fixed bug #1664386. Thanks to Harry Rarig
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@551 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-02-22 20:52:35 +00:00
Cyril Jaquier b4caed8c00 - Added new filter for spam bots
- Added new action for buffered mails

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@549 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-02-12 21:50:50 +00:00
Cyril Jaquier d5ededc340 - Updated failregex
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@534 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-29 20:51:43 +00:00
Cyril Jaquier 743ec88eef - Updated failregex
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@532 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-29 20:32:13 +00:00
Cyril Jaquier 45277fff4a - Removed section with mail-report script which does not exist anymore
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@524 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-21 22:22:29 +00:00
Cyril Jaquier 04cd3f5bd5 - Added new filters/actions. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@520 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-08 21:40:37 +00:00
Cyril Jaquier 6cf814245e - Fixed missing regular expression
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@513 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-04 13:07:04 +00:00
Cyril Jaquier 44d75eb54f - Added missing svn:keywords
- Split failregex in sshd.conf
- Added sshd-ddos.conf. Thanks to Yaroslav Halchenko

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@510 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-04 12:21:44 +00:00
Cyril Jaquier 7719c00d37 - Allow comma in action options. The value of the option must be escaped with " or '. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@509 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-04 11:58:58 +00:00
Cyril Jaquier 3a344557ec - Exim4 filter. Thanks to mEDI
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@499 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-23 09:49:19 +00:00
Cyril Jaquier 1ac00d062a - Regular expression should be more correct now
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@498 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-23 09:48:49 +00:00
Cyril Jaquier 2e197487a2 - Fixed removal of host in hosts.deny. Thanks to René Berber
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@496 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-19 21:51:14 +00:00
Cyril Jaquier 840b9fff0f - Fixed some comments
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@495 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-18 22:35:34 +00:00
Cyril Jaquier 0c40adda4b - Fixed some comments
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@494 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-18 22:33:01 +00:00
Cyril Jaquier 6f7df2cc3c - Use numeric output for iptables in "actioncheck"
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@489 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-14 21:20:03 +00:00
Cyril Jaquier 8ca367d609 - Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@488 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-13 23:02:46 +00:00
Yaroslav Halchenko 90fb1d442e slight english adjustment with no good english: Destinataire->Destination/Addressee
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@479 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-07 03:12:28 +00:00
Cyril Jaquier f5d4cb6be2 - Added alias "<HOST>" for failregex
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@471 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-19 21:25:51 +00:00
Cyril Jaquier 911b2b15fc - Merged "maxtime" with "findtime"
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@470 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-18 15:15:58 +00:00
Cyril Jaquier 0fd9865172 - Defined default values in .conf. Should fix Debian bug #398758
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@464 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-15 18:44:28 +00:00
Cyril Jaquier 90359ba523 - Added option "ignoreregex" in filter scripts and jail.conf. Feature Request #1283304
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@458 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-12 14:52:36 +00:00
Cyril Jaquier d6e49f8480 - Fixed rebanned bug
- Clarified available tags

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@455 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-12 10:56:21 +00:00
Cyril Jaquier f74657f4b6 - Added "courierlogin" filter. Thanks to Christoph Haas
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@427 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-22 23:49:10 +00:00
Cyril Jaquier 51fd8fac27 - Added ipfw action script and example. Thanks to Nick Munger
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@421 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-19 20:15:24 +00:00
Cyril Jaquier 15a4634c38 - Added "shorewall" action
- Use glob in setup.py

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@413 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-17 21:13:11 +00:00
Cyril Jaquier 9a96428bd2 - Added "socket" option
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@412 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-17 21:12:22 +00:00
Cyril Jaquier ebae6d70aa - Added "apache-noscript" filter. Thanks to Pander
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@411 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-17 19:05:27 +00:00
Yaroslav Halchenko e39ef65e3a added sections for sasl and proftpd authentications
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@402 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-02 13:42:36 +00:00
Cyril Jaquier 2bcc036cf2 - Improved configuration files
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@394 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-01 21:19:56 +00:00
Cyril Jaquier 7b7d246a19 - Added DNS support for "ignoreip"
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@389 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-27 20:32:30 +00:00
Cyril Jaquier 0d68fc9ef1 - Added "ignoreip" and a few other options in [DEFAULT]
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@365 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-17 22:38:44 +00:00
Cyril Jaquier 5c020b99da - mail-report.conf is not a good idea as the jail is already deleted when creating the report
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@339 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-10 20:41:57 +00:00
Cyril Jaquier 7864bdc953 - Improved jail.conf
- Removed useless parameter in mail-report.conf

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@335 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-06 21:33:18 +00:00
Cyril Jaquier 1c3088b267 - Added new action
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@334 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-06 21:19:58 +00:00
Cyril Jaquier b1160ab7ca - Added qmail and postfix filters
- Updated vsftpd and couriersmtp

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@331 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-06 19:34:03 +00:00
Cyril Jaquier 21b6e76cde - Added date detector
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@325 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-05 21:16:28 +00:00
Cyril Jaquier f1f12518c8 - Moved "logpath" and "maxtime" to "jail.conf"
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@320 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-09-04 19:18:57 +00:00
Cyril Jaquier 131a0a9cb3 - Added a couriersmtpd filter
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@317 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-30 22:16:52 +00:00
Cyril Jaquier d7682360bc - Clean up configuration files
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@281 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-20 21:34:55 +00:00
Cyril Jaquier f752dbe065 - Removed from version control
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@279 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-20 21:20:53 +00:00
Cyril Jaquier 7ed59912f2 - Added *.local as svn:ignore
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@278 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-20 21:18:39 +00:00
Cyril Jaquier 4bc6fe419b - Removed a new line
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@268 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-06 22:15:10 +00:00
Cyril Jaquier 857f6d619b - Fixed bug in failregex
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@267 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-06 22:14:34 +00:00
Cyril Jaquier f248c460f2 - Improved logging in server
- Added logtarget option

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@263 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-06 21:24:06 +00:00
Cyril Jaquier 3d73f45531 - Added 'host' group in failregex
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@262 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-06 21:23:06 +00:00
Cyril Jaquier b5c0f7bae2 - Added whois information to mail. Feature Request #1533626
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@260 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-06 21:20:28 +00:00
Cyril Jaquier 894bcbdbbf - Improved mail script
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@257 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-31 21:48:13 +00:00
Cyril Jaquier be7cc4f81c - Added mail script
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@256 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-19 21:35:22 +00:00
Cyril Jaquier 9aa6a505eb - Added header
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@254 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-17 19:26:14 +00:00
Cyril Jaquier 7048e19995 - 0.7.0 soon
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@251 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-16 21:35:08 +00:00
Cyril Jaquier 12c222bd1c - One step forward to 0.7.0
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@250 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-07-08 16:51:14 +00:00
Cyril Jaquier ea1948eff4 - Initial commit of the new development release 0.7
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@249 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-06-26 20:05:00 +00:00
Cyril Jaquier 7e24b948bf - Added vsftpd support. Thanks to zugeschmiert
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@237 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-02-11 15:29:32 +00:00
Cyril Jaquier de7acd4d6c - Added support for shorewall and hosts.deny
- Renamed fail2ban.conf.default to fail2ban.conf.iptables


git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@233 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-01-22 11:07:22 +00:00
Cyril Jaquier 3e86a8204b - Removed 192.168.0.0/16 from ignoreip
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@232 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-01-12 16:20:00 +00:00
Cyril Jaquier be26cd5b75 - Removed debug option
- Added SMTP authentification support
- Added TAI64N support


git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@226 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-01-03 15:11:57 +00:00
Cyril Jaquier 15806fc3da - Added permanent banning feature
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@222 a942ae1a-1317-0410-a47c-b1dcaea8d605
2005-12-16 23:48:52 +00:00
Cyril Jaquier 840f6cd052 - Merged FAIL2BAN-0_5 with HEAD
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@216 a942ae1a-1317-0410-a47c-b1dcaea8d605
2005-11-20 17:07:47 +00:00
Cyril Jaquier 07d127bebd - Added an initd script for RedHat/Fedora. Thanks to Andrey G. Grozin
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@113 a942ae1a-1317-0410-a47c-b1dcaea8d605
2005-07-01 09:30:52 +00:00
Cyril Jaquier 7b118f42d3 - Initd script for Gentoo
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@109 a942ae1a-1317-0410-a47c-b1dcaea8d605
2005-06-30 09:25:28 +00:00
Cyril Jaquier 9317581b18 - Modified for readability. Thanks to Iain Lea
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@108 a942ae1a-1317-0410-a47c-b1dcaea8d605
2005-06-29 06:17:28 +00:00
Cyril Jaquier b0cae2c43f - Changed all sections to disabled by default
- Add "Invalid user" to SSH failregex


git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@104 a942ae1a-1317-0410-a47c-b1dcaea8d605
2005-04-24 11:03:44 +00:00
Cyril Jaquier 78b32ef3b2 - Added "ipfw-start-rule" option (thanks to Robert Edeker)
- Added "enabled" option


git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@64 a942ae1a-1317-0410-a47c-b1dcaea8d605
2005-02-22 21:08:36 +00:00
Cyril Jaquier 3122f5eeae - Added PID lock file option
- Added more comments


git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@63 a942ae1a-1317-0410-a47c-b1dcaea8d605
2005-02-20 13:38:10 +00:00
Cyril Jaquier ff088ec333 - Added more comments
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@55 a942ae1a-1317-0410-a47c-b1dcaea8d605
2005-02-18 21:51:32 +00:00
Cyril Jaquier 2e5bfe5bb6 - Changed Fail2Ban in order to handle several log files
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@50 a942ae1a-1317-0410-a47c-b1dcaea8d605
2005-02-18 13:30:54 +00:00
Cyril Jaquier fabe6e59b4 - Add firewall and interface options
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@43 a942ae1a-1317-0410-a47c-b1dcaea8d605
2004-11-06 14:03:17 +00:00
Cyril Jaquier aee13b03ee - Default config file
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@33 a942ae1a-1317-0410-a47c-b1dcaea8d605
2004-10-16 22:16:14 +00:00