github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
1,636 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

1636 Commits (e8aa676cf549ee45b00c1e68093c1d8467e2a8e5)

Author SHA1 Message Date
Yaroslav Halchenko 9b351350dd DOC: Changelog for asterisk hardening 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko e91419d361 ENH: fail2ban-regex -- add specification of loglevels to enable 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko ffe381d91c RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko 97f9cfc0b0 ENH: 'heavydebug' level == 5 for even more debugging in tricky cases 
I mocked logging library directly -- seems to be Ok.
 2013-06-13 23:19:28 -04:00
Yaroslav Halchenko 09302c5c25 ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[ 
detected date portion is stripped from the string to be matched, so it is not only
the right ] is left, but also the left one ;-)
 2013-06-13 23:15:48 -04:00
Daniel Black 7018d81244 BF: missed a space 2013-06-14 12:35:44 +10:00
Daniel Black a447aa615d BF: [SSL-out] is optional in assp 2013-06-14 12:27:35 +10:00
Daniel Black d4940563d3 ENH: regex hardening on assp 2013-06-14 08:55:25 +10:00
Daniel Black 6a09ecff5c ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal . 2013-06-14 08:41:50 +10:00
Daniel Black e8b6acfa65 TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15 2013-06-14 00:53:03 +10:00
Daniel Black 9940cd1b6b ENH: proftpd chan accept usernames with spaces 2013-06-14 00:29:43 +10:00
Daniel Black 2e2ec5d1f5 ENH: injection of fail data into USER field 2013-06-14 00:17:41 +10:00
Daniel Black dbe7ffe050 ENH: dovecot regexs rewritten and extra failures 2013-06-13 23:52:15 +10:00
Daniel Black 4c67a269bf ENH: proftp regex hardening and log messages 2013-06-13 22:11:05 +10:00
Daniel Black 3e3802512a ENH/BF: exim improvements with sample 2013-06-13 17:44:18 +10:00
Daniel Black 88b4598ed8 BF: fix to proxy port in 3proxy example 2013-06-13 14:43:15 +10:00
Yaroslav Halchenko 460e09af66 it was not the end of the world and we should continue 2013-06-12 21:22:26 -04:00
Daniel Black 9dbaec0894 ENH: sample log + more specific regex 2013-06-13 10:23:14 +10:00
Daniel Black 8faf84b7f7 BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon 2013-06-13 08:34:10 +10:00
Yaroslav Halchenko 921d9a8e4b DOC: add information on where to report vulnerabilities + pointer to HOWTO_Seek_Help 
originally following command was used to add header to all config files:

  sed -ie '/# Author/ i\# Please report vulnerabilities to fail2ban-vulnerabilities at lists dot sourceforge dot net\n# and see http://www.fail2ban.org/wiki/index.php/HOWTO_Seek_Help for generic bug-reports.\n#' action.d/* filter.d/*

but it would be overkill ATM causing havoc in user-tuned configs -- postponed for now

Also adjusted the release date for today (by mistake in 1 commit ... sorry)
 2013-06-12 13:21:12 -04:00
Yaroslav Halchenko 728b5e8bf4 Changes for 0.8.10 release (changelog, version, etc) 2013-06-11 19:20:50 -04:00
Yaroslav Halchenko 6ccd57813c BF: anchor apache- filters. Close #248 
See https://vndh.net/note:fail2ban-089-denial-service for more information
 2013-06-11 19:19:25 -04:00
Daniel Black fd9f9f16e0 BF: need to anchor the start to avoid another repeat of DoS injection like Apache 2013-06-12 08:48:30 +10:00
Daniel Black f2fa4d53a8 ENH: stricter regex thanks to Steven Hiscocks (kwirk) 2013-06-12 08:30:59 +10:00
Daniel Black 16d63434ef DOC: credits 2013-06-11 23:56:09 +10:00
Daniel Black 4787777cee DOC: credits for gh-244 2013-06-11 10:30:56 +10:00
Daniel Black 66d8210f80 Merge pull request #244 from clopez/filter-asterisk 
Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list
 2013-06-10 17:28:35 -07:00
Carlos Alberto Lopez Perez 7248ef4564 Filter Asterisk: Add sample log entry to testcase. 
* Sample log entry for AUTH_UNKNOWN_DOMAIN (Not a local domain)
 2013-06-11 02:13:37 +02:00
Carlos Alberto Lopez Perez 47b063b022 Filter Asterisk: Add AUTH_UNKNOWN_DOMAIN error to list 
* I have been seeing bruteforcing attempts where asterisk fails with
   AUTH_UNKNOWN_DOMAIN (Not a local domain)
 2013-06-10 19:50:35 +02:00
JP Espinosa 32b271c36e Update redhat-initd 
- Using `-x` to remove previous socket on start
- Using Should- to wait for iptables and wrappers
 2013-06-03 12:34:47 -04:00
JP Espinosa 3736d7ddbf Rewrite to use native init.d functions 
- There was a bug with the old "getpid" function, when running linux containers you can see multiple fail2ban instances on hardware node and could stop one on a random virtual environment
- Added reload and status options
 2013-06-03 06:29:36 -05:00
Yaroslav Halchenko b53612cb10 Merge pull request #237 from grooverdan/asterisk-227 
Asterisk enhancements
 2013-05-29 18:38:15 -07:00
Daniel Black 05c88bd85d ENH: purge a few more .* 2013-05-30 11:34:04 +10:00
Daniel Black 28fc14d010 DOC: credits 2013-05-30 10:27:30 +10:00
Daniel Black e54498f6fe DOC: how to do filter enhancements 2013-05-30 10:25:03 +10:00
Daniel Black 916b5a7c23 TST: normalize logs to use example.com and 1.2.3.4 as IP 2013-05-30 10:24:48 +10:00
Daniel Black 4cf402d60e ENH/BF: constrain regex. Fix ACL error regex 2013-05-30 10:15:58 +10:00
Daniel Black 0f7b609336 ENH: port optional 2013-05-30 09:43:39 +10:00
Daniel Black 278fd43429 Merge branch 'patch-1' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:39:12 +10:00
Daniel Black eceede175a Merge branch 'patch-4' of https://github.com/silviogarbes/fail2ban into asterisk-227 2013-05-30 09:37:00 +10:00
Yaroslav Halchenko 39d32e0352 Changelog for previous PR 2013-05-29 09:56:15 -04:00
Yaroslav Halchenko 374e7c6fc9 Merge pull request #208 from grooverdan/opensuse_init 
Opensuse init -- from stock suse distribution
 2013-05-29 06:54:25 -07:00
Yaroslav Halchenko 567cd353a1 DOC: Changelog entry fro preceeding merge from Terence 2013-05-29 09:41:20 -04:00
Yaroslav Halchenko fae2d5c0ce Merge branch 'patch-3' extending roundcube failregex to support v0.9+ (from https://github.com/teroz/fail2ban) 
* 'patch-3' of https://github.com/teroz/fail2ban:
  failregex when roundcube log driver is set to 'syslog'
  fixed failregex line for roundcube 0.9+
 2013-05-29 09:38:35 -04:00
Steven Hiscocks 7a4db4b4b9 TST: Fix fail2ban.conf reader test for unreliable dictionary order 2013-05-26 14:36:51 +01:00
Terence Namusonge 098c88a67b failregex when roundcube log driver is set to 'syslog' 2013-05-26 07:46:29 +02:00
Terence Namusonge 244a96f9b3 fixed failregex line for roundcube 0.9+ 
# Only works only if  log driver: is set to  'syslog'. this is becoz fail2ban fails to 'read' the line due to the
 brackets around the date timestamp on logline when log driver is set to file
 2013-05-25 19:26:13 +02:00
Yaroslav Halchenko 8a57ffd2fb TST: test all stock jails to have actions and correctly specifying blocktype 2013-05-24 14:33:48 -04:00
Yaroslav Halchenko d2b1c73b92 CFG: assure actions for all the jails 2013-05-24 14:33:08 -04:00
Yaroslav Halchenko 89e06bba15 BF: blocktype must be defined within [Init] -- adding [Init] section. Close #232 2013-05-24 11:15:46 -04:00