fail2ban/config/filter.d
sebres 1c1d2cc435 introduces new failregex-flag tag `<F-MLFGAINED>` signaled that the access to service was gained (ATM used similar to <F-NOFAIL>, but does not added to matches);
filter.d/sshd.conf: extended with new rules:
- Disconnecting ...: Change of username or service not allowed
- Disconnected from ... [preauth] (extra/aggressive mode only)
2018-11-19 21:19:57 +01:00
..
ignorecommands
3proxy.conf
apache-auth.conf Improvement 2018-08-14 14:07:32 +02:00
apache-badbots.conf Merge remote-tracking branch 'upstream/master' into 0.10 2017-09-08 11:11:05 +02:00
apache-botsearch.conf Merge branch 'master' into 0.10 2017-10-18 19:00:23 +02:00
apache-common.conf be more precise using common `__prefix_line` expression (set `_daemon` to recognize apache and httpd only) 2017-07-12 11:59:02 +02:00
apache-fakegooglebot.conf
apache-modsecurity.conf Update botsearch-common.conf (#1759) 2017-04-26 20:14:39 +02:00
apache-nohome.conf
apache-noscript.conf amend to 185cb998e7c7f2509830bed4a9f2fe6179f77e7b: capture error prefix outside of the failure content; 2018-03-19 14:53:56 +01:00
apache-overflows.conf filter.d/apache-overflows.conf: rewritten without end-anchor ($), because apache-log could contain very long URLs (and/or referrer), the parsing of it anchored way may be very vulnerable (at least as regards the system resources, see gh-1790). 2017-06-15 11:16:19 +02:00
apache-pass.conf
apache-shellshock.conf Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-12-01 15:53:11 +01:00
assp.conf Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10) 2017-01-10 11:25:41 +01:00
asterisk.conf filter.d/asterisk.conf: fixed failregex prefix by log over remote syslog server (gh-2060) 2018-03-02 09:17:04 +01:00
botsearch-common.conf Update botsearch-common.conf (#1759) 2017-04-26 20:14:39 +02:00
common.conf
counter-strike.conf
courier-auth.conf Make courier-auth regexp a non-captured group 2017-04-28 16:58:24 +02:00
courier-smtp.conf Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 15:54:59 +01:00
cyrus-imap.conf filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address 2017-03-09 16:13:45 +01:00
directadmin.conf
domino-smtp.conf filter.d/domino-smtp.conf: 2018-09-21 14:14:00 +02:00
dovecot.conf filter.d/dovecot.conf: failregex enhancement to catch disconnected with "proxy dest auth failed"; 2018-07-17 15:06:42 +02:00
dropbear.conf Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 15:54:59 +01:00
drupal-auth.conf
ejabberd-auth.conf small amend to gh-1850: removed greedy catch-all at end. 2017-08-07 15:24:16 +02:00
exim-common.conf filter.d/exim.conf: cherry-picked from 0.10, match complex time like `D=2m42s` (closes gh-1766) 2017-05-07 13:02:32 +02:00
exim-spam.conf
exim.conf filter.d/exim.conf: failregex extended with SMTP call dropped: too many syntax or protocol errors. 2018-02-19 09:50:46 +01:00
freeswitch.conf filter.d/freeswitch.conf: provide mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)` (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter how to set it to mode `normal`. 2018-08-03 11:42:15 +02:00
froxlor-auth.conf Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 15:54:59 +01:00
groupoffice.conf
gssftpd.conf
guacamole.conf
haproxy-http-auth.conf Update haproxy-http-auth.conf 2017-04-11 09:11:08 +02:00
horde.conf
kerio.conf Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-06-12 13:11:45 +02:00
lighttpd-auth.conf regex updated using non-capturing groups 2018-01-16 14:23:47 +01:00
mongodb-auth.conf code review, makes the test cases workable, added dev-notes 2016-11-28 18:39:07 +01:00
monit.conf
murmur.conf filter.d/murmur.conf: fixed detection of failures reading from journal (systemd-backend only): 2018-02-09 11:43:55 +01:00
mysqld-auth.conf Update mysqld-auth.conf (#1725) 2017-03-24 19:03:20 +01:00
nagios.conf
named-refused.conf Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 15:54:59 +01:00
nginx-botsearch.conf
nginx-http-auth.conf Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-01-17 16:42:56 +01:00
nginx-limit-req.conf Merge remote-tracking branch 'master' into 0.10 2017-12-06 00:09:52 +01:00
nsd.conf
openhab.conf
openwebmail.conf
oracleims.conf
pam-generic.conf quick optimization: normalizes pam-generic prefregex (more similar to the same regex within sshd-filter) + datepattern anchored now; 2018-03-20 16:00:21 +01:00
perdition.conf
php-url-fopen.conf
phpmyadmin-syslog.conf phpmyadmin-syslog: removed excess file, fixed test, updated failregex 2017-08-23 16:56:18 +03:00
portsentry.conf
postfix.conf Merge branch 'master' into 0.10 2017-10-02 15:41:30 +02:00
proftpd.conf Merge branch 'master' into 0.10 2017-07-03 12:43:48 +02:00
pure-ftpd.conf
qmail.conf
recidive.conf filter.d/recidive.conf: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069 2018-03-09 13:56:38 +01:00
roundcube-auth.conf filter.d/roundcube-auth.conf: fixes failregex not working with `X-Real-IP` or/and `X-Forwarded-For` (gh-1303) 2017-07-11 14:59:24 +02:00
screensharingd.conf
selinux-common.conf
selinux-ssh.conf
sendmail-auth.conf Update sendmail-auth.conf 2018-04-04 18:52:35 +02:00
sendmail-reject.conf Update sendmail-reject.conf 2018-04-04 18:52:36 +02:00
sieve.conf
slapd.conf
sogo-auth.conf
solid-pop3d.conf
squid.conf
squirrelmail.conf
sshd.conf introduces new failregex-flag tag `<F-MLFGAINED>` signaled that the access to service was gained (ATM used similar to <F-NOFAIL>, but does not added to matches); 2018-11-19 21:19:57 +01:00
stunnel.conf
suhosin.conf suhosin.conf: removed greedy match 2017-01-21 16:26:07 +01:00
tine20.conf
uwimap-auth.conf
vsftpd.conf
webmin-auth.conf
wuftpd.conf
xinetd-fail.conf Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 15:54:59 +01:00
zoneminder.conf small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include 2017-09-04 11:48:01 +02:00