fail2ban/config/filter.d
sebres ab3a7fc6d2 filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect 2020-02-17 16:24:42 +01:00
..
ignorecommands amend for 3036ed18893b6aae6619e53201aa53deb701b94f: eliminate "invalid sequence" warnings 2019-05-14 21:40:33 +02:00
3proxy.conf added possibility to specify more precise default date pattern: 2016-10-17 11:18:30 +02:00
apache-auth.conf filter.d/apache-auth.conf: 2019-10-18 11:26:19 +02:00
apache-badbots.conf Merge remote-tracking branch 'upstream/master' into 0.10 2017-09-08 11:11:05 +02:00
apache-botsearch.conf Merge branch 'master' into 0.10 2017-10-18 19:00:23 +02:00
apache-common.conf filter.d/apache-auth.conf: 2019-10-18 11:26:19 +02:00
apache-fakegooglebot.conf more precise date template handling (WARNING: this commit creates possible incompatibilities): 2016-10-17 11:20:27 +02:00
apache-modsecurity.conf updated 2019-04-24 21:35:19 +02:00
apache-nohome.conf DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-31 00:02:59 +11:00
apache-noscript.conf filter.d/apache-noscript.conf: closes #2466 - matches "Primary script unknown" without "\n" (optional now) 2019-07-10 12:45:53 +02:00
apache-overflows.conf filter.d/apache-overflows.conf: rewritten without end-anchor ($), because apache-log could contain very long URLs (and/or referrer), the parsing of it anchored way may be very vulnerable (at least as regards the system resources, see gh-1790). 2017-06-15 11:16:19 +02:00
apache-pass.conf more precise date template handling (WARNING: this commit creates possible incompatibilities): 2016-10-17 11:20:27 +02:00
apache-shellshock.conf Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-12-01 15:53:11 +01:00
assp.conf Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10) 2017-01-10 11:25:41 +01:00
asterisk.conf filter.d/asterisk.conf: relaxing protocol RE-part before IP in RemoteAddress (gh-2531) 2019-09-26 21:46:26 +02:00
bitwarden.conf Let's get back to WRN 2019-11-27 00:32:10 +01:00
botsearch-common.conf Update botsearch-common.conf (#1759) 2017-04-26 20:14:39 +02:00
centreon.conf Add Centreon jail 2019-10-24 14:37:18 +02:00
common.conf amend to #2387: 2019-07-09 21:48:43 +02:00
counter-strike.conf added possibility to specify more precise default date pattern: 2016-10-17 11:18:30 +02:00
courier-auth.conf Make courier-auth regexp a non-captured group 2017-04-28 16:58:24 +02:00
courier-smtp.conf Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 15:54:59 +01:00
cyrus-imap.conf filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address 2017-03-09 16:13:45 +01:00
directadmin.conf added possibility to specify more precise default date pattern: 2016-10-17 11:18:30 +02:00
domino-smtp.conf filter.d/domino-smtp.conf: 2018-09-21 14:14:00 +02:00
dovecot.conf filter.d/dovecot.conf: failregex enhancement to catch disconnected with "proxy dest auth failed"; 2018-07-17 15:06:42 +02:00
dropbear.conf Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 15:54:59 +01:00
drupal-auth.conf Add drupal-auth filter and jail 2015-04-27 13:10:27 -04:00
ejabberd-auth.conf small amend to gh-1850: removed greedy catch-all at end. 2017-08-07 15:24:16 +02:00
exim-common.conf filter.d/exim.conf: cherry-picked from 0.10, match complex time like `D=2m42s` (closes gh-1766) 2017-05-07 13:02:32 +02:00
exim-spam.conf MRG: from 0.9 2014-01-07 16:11:40 +11:00
exim.conf filter.d/exim.conf: failregex extended with SMTP call dropped: too many syntax or protocol errors. 2018-02-19 09:50:46 +01:00
freeswitch.conf filter.d/freeswitch.conf: provide mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)` (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter how to set it to mode `normal`. 2018-08-03 11:42:15 +02:00
froxlor-auth.conf Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 15:54:59 +01:00
groupoffice.conf ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934) 2015-01-30 10:38:28 -05:00
gssftpd.conf DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-31 00:02:59 +11:00
guacamole.conf more precise date template handling (WARNING: this commit creates possible incompatibilities): 2016-10-17 11:20:27 +02:00
haproxy-http-auth.conf Update haproxy-http-auth.conf 2017-04-11 09:11:08 +02:00
horde.conf MRG: horde filter from master 2014-01-03 10:34:59 +11:00
kerio.conf Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-06-12 13:11:45 +02:00
lighttpd-auth.conf regex updated using non-capturing groups 2018-01-16 14:23:47 +01:00
mongodb-auth.conf code review, makes the test cases workable, added dev-notes 2016-11-28 18:39:07 +01:00
monit.conf added possibility to specify more precise default date pattern: 2016-10-17 11:18:30 +02:00
murmur.conf filter.d/murmur.conf: fixed detection of failures reading from journal (systemd-backend only): 2018-02-09 11:43:55 +01:00
mysqld-auth.conf filter.d/mysqld-auth.conf: capture user name in filter (can be more strict if user switched, used in action or fail2ban-regex output); 2020-01-22 17:24:40 +01:00
nagios.conf removing the second failregex 2014-02-06 00:22:05 +01:00
named-refused.conf don't need to match identifier exactly (@ is precise enough as prefix), not capturing group; 2019-07-29 13:21:00 +02:00
nginx-botsearch.conf more precise date template handling (WARNING: this commit creates possible incompatibilities): 2016-10-17 11:20:27 +02:00
nginx-http-auth.conf Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2018-01-17 16:42:56 +01:00
nginx-limit-req.conf Merge remote-tracking branch 'master' into 0.10 2017-12-06 00:09:52 +01:00
nsd.conf more precise date template handling (WARNING: this commit creates possible incompatibilities): 2016-10-17 11:20:27 +02:00
openhab.conf added possibility to specify more precise default date pattern: 2016-10-17 11:18:30 +02:00
openwebmail.conf ENH: stronger regex for failregex 2013-12-31 08:22:52 +11:00
oracleims.conf added possibility to specify more precise default date pattern: 2016-10-17 11:18:30 +02:00
pam-generic.conf quick optimization: normalizes pam-generic prefregex (more similar to the same regex within sshd-filter) + datepattern anchored now; 2018-03-20 16:00:21 +01:00
perdition.conf DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-31 00:02:59 +11:00
php-url-fopen.conf more precise date template handling (WARNING: this commit creates possible incompatibilities): 2016-10-17 11:20:27 +02:00
phpmyadmin-syslog.conf phpmyadmin-syslog: removed excess file, fixed test, updated failregex 2017-08-23 16:56:18 +03:00
portsentry.conf more precise date template handling (WARNING: this commit creates possible incompatibilities): 2016-10-17 11:20:27 +02:00
postfix.conf filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth 2020-02-10 13:29:16 +01:00
proftpd.conf Merge branch 'master' into 0.10 2017-07-03 12:43:48 +02:00
pure-ftpd.conf define journalmatch setting for pure-ftps 2016-03-11 18:19:53 +01:00
qmail.conf DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-31 00:02:59 +11:00
recidive.conf filter.d/recidive.conf: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069 2018-03-09 13:56:38 +01:00
roundcube-auth.conf filter.d/roundcube-auth.conf: fixes failregex not working with `X-Real-IP` or/and `X-Forwarded-For` (gh-1303) 2017-07-11 14:59:24 +02:00
screensharingd.conf Removed old svn revision comment 2015-11-02 09:08:47 -08:00
selinux-common.conf added possibility to specify more precise default date pattern: 2016-10-17 11:18:30 +02:00
selinux-ssh.conf DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-31 00:02:59 +11:00
sendmail-auth.conf filter.d/sendmail-*.conf: both filters have same `__prefix_line` now (and same RE for ID, 14-20 chars long, optional) + adjusted test cases (gh-2563) 2019-11-08 13:15:40 +01:00
sendmail-reject.conf filter.d/sendmail-*.conf: both filters have same `__prefix_line` now (and same RE for ID, 14-20 chars long, optional) + adjusted test cases (gh-2563) 2019-11-08 13:15:40 +01:00
sieve.conf Fix sieve filter to use correct option 2014-07-28 23:42:02 +09:00
slapd.conf another variant of regex 2016-07-14 10:19:21 +03:00
sogo-auth.conf Merge branch 'master-0.9' into 0.10 2019-03-12 16:58:08 +01:00
solid-pop3d.conf Fix a few typos 2014-03-24 13:16:52 +00:00
squid.conf more precise date template handling (WARNING: this commit creates possible incompatibilities): 2016-10-17 11:20:27 +02:00
squirrelmail.conf added possibility to specify more precise default date pattern: 2016-10-17 11:18:30 +02:00
sshd.conf filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect 2020-02-17 16:24:42 +01:00
stunnel.conf ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934) 2015-01-30 10:38:28 -05:00
suhosin.conf suhosin.conf: removed greedy match 2017-01-21 16:26:07 +01:00
tine20.conf more precise date template handling (WARNING: this commit creates possible incompatibilities): 2016-10-17 11:20:27 +02:00
traefik-auth.conf regex rewritten (more secure now, resolves catch-all vulni) 2019-02-21 22:19:04 +01:00
uwimap-auth.conf DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-31 00:02:59 +11:00
vsftpd.conf filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543 2016-09-09 09:20:15 +02:00
webmin-auth.conf BF: remove duplication definition secion in webmin-auth 2013-11-04 17:54:36 +11:00
wuftpd.conf Add filter variable __pam_auth to allow easier changing of pam auth backend 2015-01-27 14:34:27 -07:00
xinetd-fail.conf Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 15:54:59 +01:00
znc-adminlog.conf filter.d/znc-adminlog.conf: support logging format of systemd-journal, bypass port after address (optional, removed end-anchor, see gh-2520) 2019-09-10 21:02:26 +02:00
zoneminder.conf small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include 2017-09-04 11:48:01 +02:00