github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
2,846 Commits
34 Branches
229 Tags
21 MiB
Commit Graph

895 Commits (fe72a5585c3a9970036b15d7957e8d064d9bdefa)

Author SHA1 Message Date
Lee Clemens fe72a5585c Create Jail for Postfix based on RBL 
Use RBL blocks to ban addresses, unique Jail so maxretry can be set to 1 (vs postfix.conf)
 2014-12-30 19:06:17 -05:00
Viktor Szépe 81b3dbde1d postfix-sasl failregex case insensitive 2014-12-11 00:10:37 +01:00
bes-internal ccc986b7d8 exim filter: correct failregex for exim with extended log options 
incoming_interface, incoming_port, outgoing_port
 2014-12-04 13:34:44 +03:00
Orion Poplawski d8867807f5 Separate php-url-fopen logpath by newline 2014-11-28 22:04:09 -07:00
Guillaume FRANCOIS a6a2dc868b Add ignoreregex to avoid warning on start 2014-11-12 11:05:56 +01:00
Guillaume FRANCOIS 9269664350 Add ignoreregex to avoid warning on start 2014-11-12 10:30:28 +01:00
Yaroslav Halchenko 967485c2d0 improving grepping 2014-10-29 23:14:47 -04:00
Yaroslav Halchenko efbf5064a1 Merge pull request #807 from xslidian/patch-1 
grep IP at the start of lines
 2014-10-29 23:07:10 -04:00
Orion Poplawski 01b2673e34 Use multiport for firewallcmd-new 2014-10-29 16:27:37 -06:00
Yaroslav Halchenko 36abb5ed96 BF: fix $ for % in jail.conf. Debian bug #767255 2014-10-29 13:08:51 -04:00
pacop e3a037ee3f merge master 2014-10-25 18:15:34 +02:00
pacop ce4f2d1c88 added filter for PortSentry with jail and samples 2014-10-04 15:08:12 +02:00
SlowRiot fc5f729f01 adding jail conf for shellshock filter 2014-09-26 16:37:50 +01:00
SlowRiot 4f636eb0e3 adding filter to detect Shellshock attack attempts against bash scripts through apache. See http://seclists.org/oss-sec/2014/q3/650 2014-09-26 16:25:07 +01:00
Nick Weeds 2c158fe168 Add apache filter for AH01630 client denied by server configuration 2014-09-14 21:54:05 +01:00
Yaroslav Halchenko 0e1f8f7f39 RF: remove those two additional failregexes for the postfix 
see comment
https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426
 2014-09-13 10:25:27 -04:00
Yaroslav Halchenko 96c20c8379 Merge pull request #804 from pleasantone/master 
Add support for postfix/submission/smtpd matching.
 2014-09-13 10:24:06 -04:00
Yaroslav Halchenko c58c4de9bc ENH: add empty ignoreregex to avoid a warning (Close #805) 2014-09-13 10:18:37 -04:00
Dean Lee ba44ff312b grep IP at the start of lines 
I'm not sure if this regex works best, so I'm patching this single file as a sample.

Don't forget to update `mail-whois-lines.conf` after this patch got merged.

For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
 2014-09-09 14:55:34 +08:00
Paul Traina 249e169d8e Update test cases and also suport smtps per request. 2014-09-08 11:53:51 -07:00
Daniel Black 1864f75b3b Credits and notes from #806 2014-09-08 19:02:37 +10:00
weberho d2c086b187 fixed encoding 2014-09-08 10:26:08 +02:00
weberho 218ffe862e fixed encoding 2014-09-08 10:23:07 +02:00
Paul Traina 544cfaff2c Add support for postfix/submission/smtpd matching. 2014-09-06 10:23:38 -07:00
Yaroslav Halchenko 0d9cfb84e3 Merge pull request #778 from yarikoptic/enh/symbiosis 
ENH: symbiosis-blacklist-allports action
 2014-08-20 23:00:11 -04:00
Yaroslav Halchenko 426ed7ff2f Merge pull request #780 from opoplawski/logpath 
Fxi jail.conf to use more syslog macros
 2014-08-20 22:59:23 -04:00
Yaroslav Halchenko 93243e7d57 ENH: Ignore errors while unbaning in symbiosis firewall 
Fail2Ban at times "interfers" with the firewall reflashing thus leading
to the sporadic errors.  IMHO should be safe to ignore
 2014-08-12 11:57:07 -04:00
Luc Maisonobe 763115b1eb added systemd configuration for postfix-sasl.conf 2014-08-11 21:54:27 +02:00
Yaroslav Halchenko aee560b1c6 Merge branch 'master' of git://github.com/fail2ban/fail2ban 
* 'master' of git://github.com/fail2ban/fail2ban:
  1.5 version of Fail2ban logwatch file
  Fix typos.
 2014-08-11 13:10:02 -04:00
Yaroslav Halchenko 6fc04c2256 Merge branch 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban (with some tune up to Changelog entry) 
* 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban:
  ENH: cyrus-imap -- catch also 'user not found' attempts
  BF: cyrus-imaps -- catch also for secured daemons

Conflicts:
	ChangeLog
 2014-08-11 13:09:43 -04:00
Yaroslav Halchenko f403bad0ab Merge pull request #775 from alimony/patch-1 
Fix typos.
 2014-08-11 13:08:30 -04:00
Yaroslav Halchenko b79a82ebdd minor typo 2014-08-08 15:57:41 -04:00
Orion Poplawski 6b554fbe98 Fxi jail.conf to use more syslog macros 2014-08-08 13:27:32 -06:00
Yaroslav Halchenko 818dd59d65 ENH: symbiosis-blacklist-allports action 2014-08-08 11:57:30 -04:00
Markus Amalthea Magnuson 7b76322898 Fix typos. 2014-08-02 12:21:59 +02:00
Yaroslav Halchenko 4a23a7dcf1 Merge pull request #766 from leftyfb/master 
Added cloudflare action
 2014-07-28 15:34:09 -04:00
leftyfb 6dbd449f77 Changed to Cloudflare JSON API 2014-07-28 11:10:50 -04:00
Jisoo Park 2e7b8adb3b Fix sieve filter to use correct option 2014-07-28 23:42:02 +09:00
Yaroslav Halchenko f19c5fc939 Merge pull request #770 from eltrai/master 
Forwards bantime to action scripts
 2014-07-28 10:17:08 -04:00
Yaroslav Halchenko f9cfbd66e6 Merge pull request #771 from szepeviktor/patch-1 
named users + smtp auth probes
 2014-07-28 10:14:18 -04:00
Szépe Viktor 143a55bf26 Update courier-smtp.conf 2014-07-28 12:51:38 +02:00
Yaroslav Halchenko 2d7f2fa33f Merge pull request #756 from marclaporte/patch-1 
typo
 2014-07-27 21:49:24 -04:00
Yaroslav Halchenko 45c1095606 Merge pull request #750 from niorg/master 
Added Directadmin filter, jail and log test
 2014-07-27 21:47:07 -04:00
Yaroslav Halchenko 3339dc8d84 ENH: cyrus-imap -- catch also 'user not found' attempts 2014-07-25 10:13:04 -04:00
Yaroslav Halchenko 3e5c598b79 BF: cyrus-imaps -- catch also for secured daemons 2014-07-25 10:02:40 -04:00
Szépe Viktor d757ef584f Update courier-smtp.conf 2014-07-20 21:09:10 +02:00
Szépe Viktor a786e8a29b named users + smtp atuh probes 2014-07-20 19:59:54 +02:00
Pierre-Alain Dupont 3d7504c19e Forwards bantime to action scripts 
That way, ipset and afctl will use a real timeout and not default to a fixed value for all jails
 2014-07-20 16:25:59 +02:00
leftyfb cba570cabd Updated comments 2014-07-17 23:49:35 -04:00
leftyfb 5471e99ebe Added cloudflare action 2014-07-17 22:54:30 -04:00