fail2ban

sebres 314e402fe0 filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)	2018-01-10 14:49:06 +01:00
..
ignorecommands	introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located);	2016-08-12 17:58:37 +02:00
3proxy.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
apache-auth.conf	Add apache filter for AH01630 client denied by server configuration	2014-09-14 21:54:05 +01:00
apache-badbots.conf	optimized regex	2017-09-05 10:59:16 +02:00
apache-botsearch.conf	typo	2017-10-16 01:15:58 +01:00
apache-common.conf	MRG: from master again 2014-01-01	2014-01-01 19:28:38 +11:00
apache-fakegooglebot.conf	New jail: apache-fakegooglebot	2015-02-02 00:42:01 -05:00
apache-modsecurity.conf	`filter.d/apache-modsecurity.conf`	2016-11-28 11:28:27 +01:00
apache-nohome.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
apache-noscript.conf	DOC: fix comment regarding apache version in apache-noscript	2014-01-10 08:35:37 +11:00
apache-overflows.conf	filter.d/apache-overflows.conf: rewritten without end-anchor ($), because apache-log could contain very long URLs (and/or referrer), the parsing of it anchored way may be very vulnerable (at least as regards the system resources, see gh-1790).	2017-06-15 11:16:19 +02:00
apache-pass.conf	Added pass2allow (knocking with fail2ban)	2015-07-10 16:22:43 +02:00
apache-shellshock.conf	updating my email address	2017-11-29 10:43:15 +01:00
assp.conf	minor typos (thanks Vincent Lefevre, Debian #847785 )	2016-12-11 15:13:11 -05:00
asterisk.conf	Allow faster parsing of hosts without ' characters in them	2018-01-08 14:54:32 +01:00
botsearch-common.conf	added wp-admin	2016-03-02 16:52:03 +01:00
common.conf	back to mandatory space, ungrouping of sub parameters in `__prefix_line` + small code review;	2016-05-19 17:57:48 +02:00
counter-strike.conf	ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )	2015-01-30 10:38:28 -05:00
courier-auth.conf	MRG: 0.8.11 to 0.9	2013-11-02 15:59:05 +11:00
courier-smtp.conf	ENH: courier-smtp -- allow for trailing username (no spaces) in the logline	2016-05-21 22:17:09 -04:00
cyrus-imap.conf	filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address	2017-03-09 16:13:45 +01:00
directadmin.conf	Added Directadmin filter, jail and log test	2014-07-02 13:52:06 +02:00
domino-smtp.conf	Support for IBM Domino SMTP task (#1603 )	2017-01-20 08:44:20 +01:00
dovecot.conf	filter.d/dovecot.conf: fixed failregex to recognize pam_authenticate failures with "Permission denied" (gh-1897)	2017-10-04 09:55:37 +02:00
dropbear.conf	ENH: DoS resistant dropbear filter	2013-11-12 18:06:16 +11:00
drupal-auth.conf	Add drupal-auth filter and jail	2015-04-27 13:10:27 -04:00
ejabberd-auth.conf	MRG: complete merge	2014-01-12 21:16:55 +11:00
exim-common.conf	filter.d/exim.conf: cherry-picked from 0.10, match complex time like `D=2m42s` (closes gh-1766)	2017-05-07 13:02:32 +02:00
exim-spam.conf	MRG: from 0.9	2014-01-07 16:11:40 +11:00
exim.conf	Avoid injection using quotes after `auth` command;	2017-11-30 12:32:24 +01:00
freeswitch.conf	update doc url	2016-04-24 21:35:18 -07:00
froxlor-auth.conf	add froxlor-auth filter and jail	2015-05-25 13:44:50 +02:00
groupoffice.conf	ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )	2015-01-30 10:38:28 -05:00
gssftpd.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
guacamole.conf	…
haproxy-http-auth.conf	Update haproxy-http-auth.conf	2016-01-12 08:37:33 +10:00
horde.conf	MRG: horde filter from master	2014-01-03 10:34:59 +11:00
kerio.conf	Update Kerio Connect filter (#1455 )	2017-05-30 20:27:44 +02:00
lighttpd-auth.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
mongodb-auth.conf	code review, makes the test cases workable, added dev-notes	2016-11-28 18:39:07 +01:00
monit.conf	fixed monit filter: failregex find now both previous and new versions:	2016-03-09 20:06:14 +01:00
murmur.conf	Updated 'murmur' filter to use new double-anchored regex based on @yarikoptic's suggestions.	2015-12-17 17:45:24 +00:00
mysqld-auth.conf	Update mysqld-auth.conf	2017-03-24 19:03:17 +01:00
nagios.conf	removing the second failregex	2014-02-06 00:22:05 +01:00
named-refused.conf	Add ignoreregex to avoid warning on start	2014-11-12 10:30:28 +01:00
nginx-botsearch.conf	Add HEAD method verb to apache-badbots, nginx-badbots	2015-07-07 17:45:40 +02:00
nginx-http-auth.conf	ENH: adding pruned with previous merge trailing \s* in nginx filter	2014-04-03 21:31:46 -04:00
nginx-limit-req.conf	filter.d/nginx-limit-req.conf: nginx limit-req log-level can be set to warn or error therefore having this regex will include both of them.	2017-12-05 22:31:54 +01:00
nsd.conf	the date brackets removed from filters using `__prefix_line`, because `__prefix_line` already contains the date ambit;	2016-05-17 11:55:02 +02:00
openhab.conf	filter for openhab domotic software authentication failure with the rest api and web interface + test cases;	2015-10-26 15:48:23 +01:00
openwebmail.conf	ENH: stronger regex for failregex	2013-12-31 08:22:52 +11:00
oracleims.conf	ENH: make oracleims failregex better anchored (more explicit)	2014-06-10 03:52:16 -04:00
pam-generic.conf	Add filter variable __pam_auth to allow easier changing of pam auth backend	2015-01-27 14:34:27 -07:00
perdition.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
php-url-fopen.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
phpmyadmin-syslog.conf	phpmyadmin-syslog: removed excess file, fixed test, updated failregex	2017-08-23 16:56:18 +03:00
portsentry.conf	ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )	2015-01-30 10:38:28 -05:00
postfix-rbl.conf	filter.d/postfix-*.conf - added optional port regex (closes gh-1902)	2017-10-02 15:31:55 +02:00
postfix-sasl.conf	filter.d/postfix-*.conf - added optional port regex (closes gh-1902)	2017-10-02 15:31:55 +02:00
postfix.conf	filter.d/postfix-*.conf - added optional port regex (closes gh-1902)	2017-10-02 15:31:55 +02:00
proftpd.conf	filter.d/proftpd.conf: added option `journalmatch` for systemd backend (closes gh-1613)	2017-06-30 18:00:01 +02:00
pure-ftpd.conf	define journalmatch setting for pure-ftps	2016-03-11 18:19:53 +01:00
qmail.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
recidive.conf	Add ignoreregex to avoid warning on start	2014-11-12 11:05:56 +01:00
roundcube-auth.conf	Add optional session id prefix for roundcube 1.1.1	2015-07-04 11:06:51 -04:00
screensharingd.conf	Removed old svn revision comment	2015-11-02 09:08:47 -08:00
selinux-common.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
selinux-ssh.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
sendmail-auth.conf	filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)	2018-01-10 14:49:06 +01:00
sendmail-reject.conf	Add sendmail journalmatch options	2017-08-09 16:03:34 +02:00
sieve.conf	Fix sieve filter to use correct option	2014-07-28 23:42:02 +09:00
slapd.conf	another variant of regex	2016-07-14 10:19:21 +03:00
sogo-auth.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
solid-pop3d.conf	Fix a few typos	2014-03-24 13:16:52 +00:00
squid.conf	ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )	2015-01-30 10:38:28 -05:00
squirrelmail.conf	ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )	2015-01-30 10:38:28 -05:00
sshd-aggressive.conf	sshd: conditional parameter "mode" for sshd jail (normal, ddos, aggressive)	2017-01-21 15:54:49 +01:00
sshd-ddos.conf	sshd: conditional parameter "mode" for sshd jail (normal, ddos, aggressive)	2017-01-21 15:54:49 +01:00
sshd.conf	sshd-amend: optional space after port part	2017-01-23 08:56:47 +01:00
stunnel.conf	ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )	2015-01-30 10:38:28 -05:00
suhosin.conf	suhosin.conf: removed greedy match	2017-01-21 16:26:07 +01:00
tine20.conf	ENH: tighten regex and change failJSON to support timezone. Closes gh-583	2014-01-22 22:16:03 +11:00
uwimap-auth.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
vsftpd.conf	filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543	2016-09-09 09:20:15 +02:00
webmin-auth.conf	BF: remove duplication definition secion in webmin-auth	2013-11-04 17:54:36 +11:00
wuftpd.conf	Add filter variable __pam_auth to allow easier changing of pam auth backend	2015-01-27 14:34:27 -07:00
xinetd-fail.conf	DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page	2013-10-31 00:02:59 +11:00
zoneminder.conf	small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include	2017-09-04 11:48:01 +02:00

ignorecommands

introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located);

2016-08-12 17:58:37 +02:00

3proxy.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

apache-auth.conf

Add apache filter for AH01630 client denied by server configuration

2014-09-14 21:54:05 +01:00

apache-badbots.conf

optimized regex

2017-09-05 10:59:16 +02:00

apache-botsearch.conf

typo

2017-10-16 01:15:58 +01:00

apache-common.conf

MRG: from master again 2014-01-01

2014-01-01 19:28:38 +11:00

apache-fakegooglebot.conf

New jail: apache-fakegooglebot

2015-02-02 00:42:01 -05:00

apache-modsecurity.conf

`filter.d/apache-modsecurity.conf`

2016-11-28 11:28:27 +01:00

apache-nohome.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

apache-noscript.conf

DOC: fix comment regarding apache version in apache-noscript

2014-01-10 08:35:37 +11:00

apache-overflows.conf

filter.d/apache-overflows.conf: rewritten without end-anchor ($), because apache-log could contain very long URLs (and/or referrer), the parsing of it anchored way may be very vulnerable (at least as regards the system resources, see gh-1790).

2017-06-15 11:16:19 +02:00

apache-pass.conf

Added pass2allow (knocking with fail2ban)

2015-07-10 16:22:43 +02:00

apache-shellshock.conf

updating my email address

2017-11-29 10:43:15 +01:00

assp.conf

minor typos (thanks Vincent Lefevre, Debian #847785 )

2016-12-11 15:13:11 -05:00

asterisk.conf

Allow faster parsing of hosts without ' characters in them

2018-01-08 14:54:32 +01:00

botsearch-common.conf

added wp-admin

2016-03-02 16:52:03 +01:00

common.conf

back to mandatory space, ungrouping of sub parameters in `__prefix_line` + small code review;

2016-05-19 17:57:48 +02:00

counter-strike.conf

ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )

2015-01-30 10:38:28 -05:00

courier-auth.conf

MRG: 0.8.11 to 0.9

2013-11-02 15:59:05 +11:00

courier-smtp.conf

ENH: courier-smtp -- allow for trailing username (no spaces) in the logline

2016-05-21 22:17:09 -04:00

cyrus-imap.conf

filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address

2017-03-09 16:13:45 +01:00

directadmin.conf

Added Directadmin filter, jail and log test

2014-07-02 13:52:06 +02:00

domino-smtp.conf

Support for IBM Domino SMTP task (#1603 )

2017-01-20 08:44:20 +01:00

dovecot.conf

filter.d/dovecot.conf: fixed failregex to recognize pam_authenticate failures with "Permission denied" (gh-1897)

2017-10-04 09:55:37 +02:00

dropbear.conf

ENH: DoS resistant dropbear filter

2013-11-12 18:06:16 +11:00

drupal-auth.conf

Add drupal-auth filter and jail

2015-04-27 13:10:27 -04:00

ejabberd-auth.conf

MRG: complete merge

2014-01-12 21:16:55 +11:00

exim-common.conf

filter.d/exim.conf: cherry-picked from 0.10, match complex time like `D=2m42s` (closes gh-1766)

2017-05-07 13:02:32 +02:00

exim-spam.conf

MRG: from 0.9

2014-01-07 16:11:40 +11:00

exim.conf

Avoid injection using quotes after `auth` command;

2017-11-30 12:32:24 +01:00

freeswitch.conf

update doc url

2016-04-24 21:35:18 -07:00

froxlor-auth.conf

add froxlor-auth filter and jail

2015-05-25 13:44:50 +02:00

groupoffice.conf

ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )

2015-01-30 10:38:28 -05:00

gssftpd.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

haproxy-http-auth.conf

Update haproxy-http-auth.conf

2016-01-12 08:37:33 +10:00

horde.conf

MRG: horde filter from master

2014-01-03 10:34:59 +11:00

kerio.conf

Update Kerio Connect filter (#1455 )

2017-05-30 20:27:44 +02:00

lighttpd-auth.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

mongodb-auth.conf

code review, makes the test cases workable, added dev-notes

2016-11-28 18:39:07 +01:00

monit.conf

fixed monit filter: failregex find now both previous and new versions:

2016-03-09 20:06:14 +01:00

murmur.conf

Updated 'murmur' filter to use new double-anchored regex based on @yarikoptic's suggestions.

2015-12-17 17:45:24 +00:00

mysqld-auth.conf

Update mysqld-auth.conf

2017-03-24 19:03:17 +01:00

nagios.conf

removing the second failregex

2014-02-06 00:22:05 +01:00

named-refused.conf

Add ignoreregex to avoid warning on start

2014-11-12 10:30:28 +01:00

nginx-botsearch.conf

Add HEAD method verb to apache-badbots, nginx-badbots

2015-07-07 17:45:40 +02:00

nginx-http-auth.conf

ENH: adding pruned with previous merge trailing \s* in nginx filter

2014-04-03 21:31:46 -04:00

nginx-limit-req.conf

filter.d/nginx-limit-req.conf: nginx limit-req log-level can be set to warn or error therefore having this regex will include both of them.

2017-12-05 22:31:54 +01:00

nsd.conf

the date brackets removed from filters using `__prefix_line`, because `__prefix_line` already contains the date ambit;

2016-05-17 11:55:02 +02:00

openhab.conf

filter for openhab domotic software authentication failure with the rest api and web interface + test cases;

2015-10-26 15:48:23 +01:00

openwebmail.conf

ENH: stronger regex for failregex

2013-12-31 08:22:52 +11:00

oracleims.conf

ENH: make oracleims failregex better anchored (more explicit)

2014-06-10 03:52:16 -04:00

pam-generic.conf

Add filter variable __pam_auth to allow easier changing of pam auth backend

2015-01-27 14:34:27 -07:00

perdition.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

php-url-fopen.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

phpmyadmin-syslog.conf

phpmyadmin-syslog: removed excess file, fixed test, updated failregex

2017-08-23 16:56:18 +03:00

portsentry.conf

ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )

2015-01-30 10:38:28 -05:00

postfix-rbl.conf

filter.d/postfix-*.conf - added optional port regex (closes gh-1902)

2017-10-02 15:31:55 +02:00

postfix-sasl.conf

filter.d/postfix-*.conf - added optional port regex (closes gh-1902)

2017-10-02 15:31:55 +02:00

postfix.conf

filter.d/postfix-*.conf - added optional port regex (closes gh-1902)

2017-10-02 15:31:55 +02:00

proftpd.conf

filter.d/proftpd.conf: added option `journalmatch` for systemd backend (closes gh-1613)

2017-06-30 18:00:01 +02:00

pure-ftpd.conf

define journalmatch setting for pure-ftps

2016-03-11 18:19:53 +01:00

qmail.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

recidive.conf

Add ignoreregex to avoid warning on start

2014-11-12 11:05:56 +01:00

roundcube-auth.conf

Add optional session id prefix for roundcube 1.1.1

2015-07-04 11:06:51 -04:00

screensharingd.conf

Removed old svn revision comment

2015-11-02 09:08:47 -08:00

selinux-common.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

selinux-ssh.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

sendmail-auth.conf

filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)

2018-01-10 14:49:06 +01:00

sendmail-reject.conf

Add sendmail journalmatch options

2017-08-09 16:03:34 +02:00

sieve.conf

Fix sieve filter to use correct option

2014-07-28 23:42:02 +09:00

slapd.conf

another variant of regex

2016-07-14 10:19:21 +03:00

sogo-auth.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

solid-pop3d.conf

Fix a few typos

2014-03-24 13:16:52 +00:00

squid.conf

ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )

2015-01-30 10:38:28 -05:00

squirrelmail.conf

ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )

2015-01-30 10:38:28 -05:00

sshd-aggressive.conf

sshd: conditional parameter "mode" for sshd jail (normal, ddos, aggressive)

2017-01-21 15:54:49 +01:00

sshd-ddos.conf

sshd: conditional parameter "mode" for sshd jail (normal, ddos, aggressive)

2017-01-21 15:54:49 +01:00

sshd.conf

sshd-amend: optional space after port part

2017-01-23 08:56:47 +01:00

stunnel.conf

ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934 )

2015-01-30 10:38:28 -05:00

suhosin.conf

suhosin.conf: removed greedy match

2017-01-21 16:26:07 +01:00

tine20.conf

ENH: tighten regex and change failJSON to support timezone. Closes gh-583

2014-01-22 22:16:03 +11:00

uwimap-auth.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

vsftpd.conf

filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543

2016-09-09 09:20:15 +02:00

webmin-auth.conf

BF: remove duplication definition secion in webmin-auth

2013-11-04 17:54:36 +11:00

wuftpd.conf

Add filter variable __pam_auth to allow easier changing of pam auth backend

2015-01-27 14:34:27 -07:00

xinetd-fail.conf

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page

2013-10-31 00:02:59 +11:00

zoneminder.conf

small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include

2017-09-04 11:48:01 +02:00