Daniel Black
50d938e0bf
MRG: merge filter sendmail-spam into sendmail-reject
11 years ago
Daniel Black
666fd5eceb
ENH: purge excessive jail variations
11 years ago
Daniel Black
69f5baae36
ENH: jail.conf to use syslog_mail
11 years ago
Daniel Black
2d45becb0e
Merge branch '0.9' into distro-paths-gh-315
11 years ago
Daniel Black
2d8c497ce5
ENH: highlight missing osx paths
11 years ago
Daniel Black
cc8ec826c5
MRG: from master 2014-03-02
11 years ago
Daniel Black
853bed8e4f
ENH: more sendmail-reject filter items thanks to fab23
11 years ago
Daniel Black
d0ec09a3b5
BF: move to right location
11 years ago
Daniel Black
c10cc20928
ENH: rename sendmail-spam to sendmail-reject
11 years ago
Daniel Black
d34569fb8d
BF: email address as arg1 in sendmail filters
11 years ago
Daniel Black
72c84fe9b0
ENH: wider regex for RBL and sendmail-spam
11 years ago
Daniel Black
fe1725c603
BF: add jail.conf definitions for sendmail* filters
11 years ago
Daniel Black
3d776afbb0
ENH: add filter for sendmail-{auth,spam}. Closes gh-20
11 years ago
Steven Hiscocks
a9b9c6ea03
Merge branch 'logging' into 0.9
...
Conflicts:
fail2ban/server/actions.py
jail getName()->name
fail2ban/server/filter.py
jail getName()->name
11 years ago
Steven Hiscocks
df8d700d17
RF: Refactor Jail and JailThread
...
Includes:
- documentation to new format and use of properties
- change isActive->is_active as former no longer documented for
python3, and later introduction and documented in python2.6
- status formatter in beautifier somewhat more automatically
formatted; no changes are required for additional status elements
- JailThread now set to active within `start` method, complimenting
`stop` method
11 years ago
Steven Hiscocks
a4731ef988
DOC: Correct log levels
11 years ago
Steven Hiscocks
5630c56c75
ENH: Change logging levels and make info more verbose
11 years ago
Daniel Black
9be22a96a6
Merge pull request #614 from kwirk/complain-abusix
...
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
11 years ago
Daniel Black
cc463aa60d
Merge pull request #620 from kwirk/xarf-tweaks
...
BF: Fix misplaced ";", and duplicate {ip,}matches
11 years ago
Daniel Black
b6f9b9161d
BF: remove self reference
11 years ago
Daniel Black
a044517cb7
MRG: from master to 0.9 2014-02-20
11 years ago
Daniel Black
79e6543eca
Merge branch '0.9' into distro-paths-gh-315
11 years ago
Daniel Black
83266eb668
ENH: framework for distro paths
11 years ago
Steven Hiscocks
8c5525163b
BF: Fix misplaced ";", and duplicate {ip,}matches
11 years ago
Steven Hiscocks
997729e274
BF: Fix complain action for multiple recipients and misplaced ";"
11 years ago
Steven Hiscocks
7c76f7f204
BF: $EUID not avilable in all shells, replaced with `id -u` in xt_recent
11 years ago
Steven Hiscocks
2a37ee2fb7
ENH: Add root user check in xt_recent, and add missing actionstop
...
Thanks to Helmut Grohne on IRC for suggestion
11 years ago
Steven Hiscocks
5c7630c4be
ENH: Allow separate blacklist category for badips.py action
11 years ago
Steven Hiscocks
cf81ddd8e2
BF: Add error handling in badips.py action
11 years ago
Steven Hiscocks
31f4ea59cb
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
...
Taken from xarf-login-attack action from 0.9 branch by Daniel Black
11 years ago
Steven Hiscocks
f68d85a6ac
Merge branch 'master' into 0.9
...
Conflicts:
ChangeLog
Spelling correction of 0.8.13 fixed in master
config/jail.conf
Added nagios and duplicate php-url removal in master
Just nagios added, duplicate not issue in 0.9
11 years ago
Daniel Black
c701ac9276
DOC: document LogLevel requirement for "Connection from" regex"
11 years ago
Daniel Black
5f4d0ed576
ENH: ssh filter - "Disconnecting: Too many authentication failures.." matching Connection log message
11 years ago
Aarón Nieves Fernández
993b7d3dfb
Duplicate jail "php-url-fopen"
11 years ago
Steven Hiscocks
dff8909473
ENH: Add badips.com reporting and blacklisting action (python based)
11 years ago
Ivo Truxa
c207ad6058
removing ignoreip at [nagios]
...
I removed the ignoreip setting from the nagios section. As pointed out, it is redundant here. Nagios server, under normal circumstances should not trigger any access errors, and would be included in the global ignoreips anyway.
11 years ago
Ivo Truxa
f5f434f846
removing the second failregex
...
The second failregex was supposed to catch an error concerning an ACL denial over IPv6, but this message is no more generated by the nrpe version (v2.15) that introduced the IPv6 support, so the first failregex seems to be sufficient.
11 years ago
Ivo Truxa
a71bb89ccd
removing a dot (typo)
...
The dot at the ignoregex did not belong there. Somehow it was added during the copying and pasting. Thanks for reporting it, I did not see it. Otherwise, empty ignoregexes are in all filters, and if they are missing, fail2ban client shows warnings when starting the filter, which I prefer avoiding.
11 years ago
Ivo Truxa
dac4dd465e
ENH: Nagios filter
...
added typical configuration settings for the nagios filter
11 years ago
Ivo Truxa
c91fda8619
ENH: Nagios filter
...
Sample log for the first failregex is available in the testcases. No example available for the IPv6 denial yet.
11 years ago
Daniel Black
ef82eac790
DOC: openssh real protection is pubkey
11 years ago
Daniel Black
59b9045e88
MRG: from master 2014-02-02
11 years ago
Daniel Black
273b2f45a3
MRG: remove the "no auth attempts" as per aseques gh-600
11 years ago
Daniel Black
9b614ce486
ENH: dovecot filter enhancements
11 years ago
Joan
84617fa6da
Fixed a failing case
11 years ago
Joan
08171ba52f
Removed the -no auth attempts- from the triggers because of lots of FP
11 years ago
Daniel Black
a749a2780e
Merge pull request #593 from grooverdan/tine
...
ENH: Tine20 filter
11 years ago
Daniel Black
1a1e3bec86
ENH: framework for distro paths
11 years ago
Daniel Black
256c732bcd
BF/ENH: filter pure-ftpd - re-add _daemon. Add translations
...
_daemon was accidently removed in
89fd792dfb
Added translations from source code
11 years ago
Daniel Black
1e1261ccb4
MRG: from master 2014-01-23
11 years ago
Daniel Black
ca57427080
BF: firewallcmd-ipset had non-working actioncheck
11 years ago
Daniel Black
c8ae064b79
ENH: tighten regex and change failJSON to support timezone. Closes gh-583
11 years ago
Daniel Black
2063d96e59
MRG: import Lars' PR for tine20
11 years ago
Steven Hiscocks
8221c7ca71
TST+BF: Add tests for python actions, including test for smtp.py
...
Also fix bug when specifying multiple recipients for smtp.py action
11 years ago
Steven Hiscocks
a0f39255bc
BF: Kerio log datepattern fix for recent datepattern full regex merge
11 years ago
Daniel Black
a650178bd1
MRG: merge from master 2014-01-19
11 years ago
Daniel Black
263ac32730
ENH: test log samples for kerio thanks to
...
Tony Lawrence
11 years ago
Daniel Black
1452be4a3a
Merge pull request #588 from grooverdan/badips
...
ENH: Badips action (reporting)
11 years ago
Daniel Black
f566cab766
Merge branch 'master' into badips
11 years ago
Daniel Black
657da2041c
BF: dovecot filters, session characters and order of session/tls in log messages
11 years ago
Daniel Black
2333b2d5d9
MRG: from 0.9
11 years ago
Daniel Black
c7f887642d
Merge branch '0.9' into master_to_0.9
11 years ago
Daniel Black
3de80545e0
MRG: from master 2014/01/13
11 years ago
Daniel Black
01e5ae1234
Merge pull request #584 from grooverdan/exim-auth
...
ENH: Exim auth
11 years ago
Daniel Black
08b4f3e5f2
Merge branch 'patch-5' of https://github.com/truxoft/fail2ban into exim-auth
11 years ago
Lars Kneschke
47dd8fb897
ENH: filter for Tine 2.0
11 years ago
Ivo Truxa
2d8c0b26e4
Matching any Exim authentication name
...
As explained in https://github.com/grooverdan/fail2ban/pull/4 , in Exim there can be used plenty of other standard authentication names, and in fact the names can be custom. The failregex in Exim filter should catch authentication errors regardless of the name of the authentication. Hence replacing the plain|login with the general \w+
11 years ago
Daniel Black
6b0e6b9bca
ENH: add improper command pipelining postfix filter
11 years ago
Daniel Black
a443b8b4d3
BF: remove second jail definition
11 years ago
Daniel Black
cd3e94140c
MRG: complete merge
11 years ago
Daniel Black
f2e55e8499
ENH: add filter for squirrelmail. Closes gh-261
11 years ago
Daniel Black
1e8ed55a36
MRG: from 0.9
11 years ago
Tomas Pihl
b52a4441fd
Support ACL-events without AccountID. Typically happens when a registration
...
from an unknown domain is performed.
Add credits
11 years ago
Steven Hiscocks
0dd6533680
BF: Add ejabberd-auth to jail.conf
11 years ago
Steven Hiscocks
128112d51c
ENH: ejabberd filter
11 years ago
Daniel Black
8333abe420
Merge pull request #557 from grooverdan/apache-botsearch
...
ENH: Apache botsearch + BF: tag substition
11 years ago
Daniel Black
b0baab3a0e
ENH: more test cases and wider regex
11 years ago
Daniel Black
4b33f96db4
DOC: fix comment regarding apache version in apache-noscript
11 years ago
Daniel Black
8e5366a7e9
DOC: for apache-botsearch and apache-botsearch
11 years ago
Steven Hiscocks
7e8da15fc6
Merge pull request #572 from grooverdan/counterstrike
...
ENH: Counter Strike filter
11 years ago
Yaroslav Halchenko
6532a2e2f7
Merge pull request #548 from grooverdan/exim-honeypot
...
Exim honeypot
11 years ago
Daniel Black
d94efe719d
ENH: jail.conf for counter-strike
11 years ago
Daniel Black
0fb6bc7188
ENH: add filter for Counter Strike 1.6. Closes gh-347
11 years ago
Daniel Black
aabdc51e87
BF: revert separate jail for exim-honeypot as only exim-spam exists.
11 years ago
Daniel Black
9e087b508d
MRG: from 0.9
11 years ago
Daniel Black
58ebf659e4
MRG: from 0.9 to make history cleaner
11 years ago
Yaroslav Halchenko
9a8b449086
DOC: some typos, fixes from Vincent Lefevre
11 years ago
Daniel Black
9e390d6549
ENH: jail.conf for exim-honeypot
11 years ago
Daniel Black
809581ae99
ENH: jail.conf for apache-botsearch
11 years ago
Daniel Black
ed9ed6d0cb
TST/ENH: fix test case for ReadStockJailFilterComplete and add missing jails
11 years ago
Daniel Black
10fa5e3439
BF: fix jails for gssftpd and qmail
11 years ago
Daniel Black
549f64e86c
BF: remove imap2 - not an IANA and probably not used
11 years ago
Daniel Black
320861b7dc
Merge branch 'more-jails-0.9' into master_to_0.9
11 years ago
Daniel Black
76468942f9
MRG: complete merge from master
11 years ago
Daniel Black
fa6a183e94
BF: typos in jail.conf corrected
11 years ago
Daniel Black
a31c76f126
ENH: jail cleanup and fill in missing for 0.9
11 years ago
Daniel Black
755af0a51e
Merge pull request #562 from grooverdan/jail.conf-complete_and_correct
...
ENH: Jail.conf now has all filters and TST: a mechanism to test this is truee
11 years ago
Daniel Black
90fdf5fc21
ENH: jail.conf entry for groupoffice
11 years ago
Daniel Black
ab3ded2205
Merge pull request #549 from kwirk/python-actions
...
ENH: Python actions
11 years ago
Daniel Black
50eab4df81
ENH: add filter groupoffice. Closes gh-566
11 years ago
Daniel Black
f137c7b107
BF: stunnel doesnt need datepattern as its inbuilt
11 years ago
Daniel Black
1687505995
BF: Fix datepattern
11 years ago
Steven Hiscocks
6c301ae210
Merge pull request #563 from grooverdan/gh-289-ssh
...
BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHAN...
11 years ago
Daniel Black
03aba92238
ENH: add kerio filter
11 years ago
Daniel Black
1c5787174f
BF: escape . in stunnel filter
11 years ago
Daniel Black
a8e0498389
BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHANGE_FAILED. closes gh-289
11 years ago
Daniel Black
a9f804e443
ENH: complete stock jail.conf to contain all filters
11 years ago
Daniel Black
6ce2ba2895
ENH: additional phpmyadmin tips from Tom on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal . Block is now a prefix of a path
11 years ago
Daniel Black
c37ee4cc52
DOC: filter.d/vsftpd doco from wiki
11 years ago
Daniel Black
6602937ee1
DOC: filter.d./pure-ftpd doco from wiki
11 years ago
Steven Hiscocks
69a850d226
DOC: Update docstrings for smtp.py action
11 years ago
Steven Hiscocks
6e63f0ea5a
RF: Change Jails and Actions to Mapping types
11 years ago
Daniel Black
d7666c8942
DOC: bit more on how to use freeswitch
11 years ago
Daniel Black
23f0b854da
MRG: merge in freeswitch
11 years ago
Daniel Black
69b3a1cf64
BF: catchin DEBUG messages will result in duplicates
11 years ago
Daniel Black
05b159c74b
Merge pull request #464 from grooverdan/increase-jail-name-length
...
ENH: Actions to have f2b- as prefix instead of fail2ban- as per #462
11 years ago
Daniel Black
3d1a1afca4
MRG: to more recent 0.9
11 years ago
Daniel Black
5fe75436cc
DOC: DEV NOTES before author names
11 years ago
Daniel Black
477f30665a
DOC: ignoreip for internal ips on freeswitch
11 years ago
Daniel Black
36533de6bc
ENH: more filter expressions for freeswitch. Anchored existing one at end too
11 years ago
Daniel Black
d1faae3b3b
BF: port not used in jail definition for freeswitch
11 years ago
Daniel Black
938ef689de
DOC: dev notes on stunnel
11 years ago
Steven Hiscocks
80d6f74ee8
RF: Refactor actions further, include removing server proxy interface
...
This allows direct setting of action properties and calling of methods
from the fail2ban-client if so required.
11 years ago
Daniel Black
7c09a61ca5
ENH: add apache-botsearch. Closes gh-544
11 years ago
Daniel Black
b8536490ef
ENH: filter for stunnel from fail2ban wiki
11 years ago
Daniel Black
a0c2de3e4d
DOC: document incompatiblity between APF and iptables-* actions. Closes gh-510
11 years ago
Daniel Black
04d28fd2e1
ENH: add filter freeswitch - as raised on mailing list
11 years ago
Daniel Black
117d3b0466
MRG: horde filter from master
11 years ago
Daniel Black
83f3aeb308
ENH: filter for horde
11 years ago
Steven Hiscocks
98bf511443
BF: Incorrect number of arguments in smtp.py action connect log
11 years ago
Steven Hiscocks
5b2b59d752
ENH: python actions use initOpts as **kwargs
...
Adds an easy way to handle case where mandatory arguments are missed, or
not valid arguments are passed
11 years ago
Steven Hiscocks
6ef911185d
ENH: Add matches to smtp.py action
11 years ago
Daniel Black
55688395fb
DOC: doco for exim-spam
11 years ago
Daniel Black
9c7bb3b97e
ENH: exim-spam to take honeypot email address as argument. Closes #541
11 years ago
Daniel Black
391b5fc883
MRG: from master again 2014-01-01
11 years ago
Steven Hiscocks
f37c90cdba
ENH: Python based actions
...
Python actions are imported from action.d config folder, which have .py
file extension. This imports and creates an instance of the Action class
(Action can be a variable that points to a class of another name).
fail2ban.server.action.ActionBase is a base class which can be inherited
from or as a minimum has a subclass hook which is used to ensure any
imported actions implements the methods required.
All calls to the execAction are also wrapped in a try except such that
any errors won't cripple the jail.
Action is renamed CommandAction, to clearly distinguish it from other
actions.
Include is an example smtp.py python action for sending emails via smtp.
This is work in progress, as looking to add the <matches> and whois
elements, and also SSL/TLS support.
11 years ago
Daniel Black
e8710b679d
ENH: stronger regex for failregex
11 years ago
Daniel Black
856407379b
ENH: add filter openwebmail. Closes gh-543.
11 years ago
Daniel Black
ccb64e68b4
DOC: for exim-spam to say how to enable the log lines for the latest regex
11 years ago
Daniel Black
b5f5ddf123
ENH: end anchor for exim-spam
11 years ago
Daniel Black
d727ba639a
ENH: exim-spam to include spamassassin log entry. Closes gh-533
11 years ago
Daniel Black
c074773805
ENH: apache modsecurity from 0.9 branch
11 years ago
Daniel Black
be382dae4d
MRG: ufw changelog conflicts
11 years ago
Daniel Black
1f6ece2a40
Merge pull request #490 from grooverdan/firewallcmd-ipset
...
ENH: add firewallcmd-ipset
11 years ago
Daniel Black
ea2a13946e
TST: more test of filters
11 years ago
Daniel Black
c9cfdca396
ENH: add filter for apache-modsecurity
11 years ago
Daniel Black
ddac79c15c
TST: include blank ignorecommand in jail.conf to indicate default value and to raise test coverage
11 years ago
bes.internal
ebd89ec077
New ignorecommand that is added to the ignoreip list from output of an external program
...
ignorecommand update man and fix protocol help
ENH: run ignore command only after internal list has been examined. Change interface on ignorecommand to take IP as environment variable and return true if it is to be banned
ENH: ignore IP command to take tagged command
DOC: man pages for ingorecommand
TST: add test cases for ignorecommand
11 years ago
Daniel Black
382d68f0fe
DOC: perfork model for apache log format
11 years ago
Daniel Black
1b7df1181f
BF: apache-2.4 log format fix. Closes gh-516
11 years ago