github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
fail2ban/config/filter.d
History
Daniel Black c3f9c9aa60 BF: filter.d/dropbear 
Add PAM failures which is in dropbear-2013.60 in srv-authpam.c

Patch
http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch
obviously has exit with lower case e so adjust regex for both.

svr-authpasswd.c in 2013.60 (at bottom) for second regex ends after the
IP so the regex was altered.

.*\s* can be compressed to .*
 		2013-10-31 00:21:30 +11:00
..
3proxy.conf ENH: sample log + more specific regex 2013-06-13 10:23:14 +10:00
apache-auth.conf RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis 2013-08-26 09:48:56 -04:00
apache-badbots.conf DOC: purge of svn tags 2013-05-03 16:03:38 +10:00
apache-common.conf BF: duplicate regex match fixed 2013-08-25 21:13:11 +10:00
apache-nohome.conf BF: duplicate regex match fixed 2013-08-25 21:13:11 +10:00
apache-noscript.conf BF: anchor apache- filters. Close #248 2013-06-11 19:19:25 -04:00
apache-overflows.conf BF: anchor apache- filters. Close #248 2013-06-11 19:19:25 -04:00
assp.conf BF: missed a space 2013-06-14 12:35:44 +10:00
asterisk.conf fail2ban-users: Sebastian Arcus - Detect device auth failures on Asterisk 11 2013-07-27 00:06:06 +00:00
common.conf DOC/ENH: __md5hex regex defination to common.conf. Document debian bug # 2013-10-01 09:03:33 +10:00
courierlogin.conf ENH: Improve courierlogin regex and add sample logs 2013-07-20 15:53:18 +01:00
couriersmtp.conf ENH: Improve couriersmtp and add sample logs 2013-07-20 15:34:00 +01:00
cyrus-imap.conf ENH: Simplify cyrus-imap filter fail regex 2013-07-26 11:55:09 +01:00
dovecot.conf ENH: additional tweek to dovecot regex based on http://chrisgilligan.com/portfolio/fail2ban-regex/ 2013-10-29 10:15:54 +11:00
dropbear.conf BF: filter.d/dropbear 2013-10-31 00:21:30 +11:00
exim-common.conf ENH: split out exim-spam into speparate filter 2013-07-02 20:03:16 +10:00
exim-spam.conf ENH: split out exim-spam into speparate filter 2013-07-02 20:03:16 +10:00
exim.conf ENH: filter.d/exim.conf - add authentication failures for "plain" authentication 2013-08-25 23:02:10 +10:00
gssftpd.conf ENH: filter gssftpd is a syslog based service so anchor it using syslog prefix 2013-09-17 07:25:23 +10:00
lighttpd-auth.conf ENH: further tighten lighttpd basic auth regex 2013-08-26 08:51:40 +10:00
mysqld-auth.conf DOC: move named and mysql instructions into the filters from jail.conf 2013-10-30 21:12:16 +11:00
named-refused.conf DOC: move named and mysql instructions into the filters from jail.conf 2013-10-30 21:12:16 +11:00
pam-generic.conf ENH: added syslog prefix to pam-generic filter. Disable regex match for pre 2006 (< 0.99.2.0) versions on linux-pam 2013-09-17 10:50:46 +10:00
perdition.conf ENH: authentication_id can be an imap4 quoted string, whatever that is, so using .+ as its id 2013-07-24 10:44:52 +10:00
php-url-fopen.conf added two new filter files (PHP url_fopen, lighttpd fastcgi alerts), updated MANIFEST and jail.conf accordingly 2009-08-30 14:17:29 +00:00
postfix-sasl.conf ENH: rename filter.d/sasl -> filter.d/postfix-sasl 2013-10-22 22:40:29 +11:00
postfix.conf ENH: filter.d/postfix - add filter for VRFY. Closes gh-322 2013-08-19 18:42:39 +10:00
proftpd.conf BF: fix daemon name typo for filter proftpd 2013-09-18 07:32:26 +10:00
pure-ftpd.conf TST: pureftpd - syslog therefore use syslog prefixes in filter 2013-09-17 22:24:56 +10:00
qmail.conf ENH: filter.d/qmail - anchor at start. Add another regex for http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd 2013-10-09 16:44:48 +11:00
recidive.conf ENH: filter.d/recidive - replace ignore regex with a negative lookahead assertion 2013-10-10 07:13:37 +11:00
roundcube-auth.conf BF: filter.d/routecube-auth - time offset can be positive or negative 2013-08-28 11:57:38 +10:00
selinux-common.conf BF: fix selinux 2013-10-30 20:05:49 +11:00
selinux-ssh.conf BF: fix selinux 2013-10-30 20:05:49 +11:00
sieve.conf ENH: Simplify sieve filter failregex 2013-07-26 12:01:09 +01:00
sogo-auth.conf ENH: filter.d/sogo-auth - anchor regex at start 2013-10-05 19:27:07 +10:00
sshd-ddos.conf BF: filter.d/sshd "Did not receive identification string" relates to an exploit so document this in sshd-ddos.conf but leave it out of authentication based blocks in sshd.conf 2013-04-18 04:38:03 +10:00
sshd.conf DOC/ENH: __md5hex regex defination to common.conf. Document debian bug # 2013-10-01 09:03:33 +10:00
suhosin.conf ENH: filter.d/suhosin - anchor regex at start 2013-10-05 19:39:39 +10:00
uwimap-auth.conf ENH: filter.d/uwimap-auth - failure of an admin override to regex 2013-10-01 22:32:57 +10:00
vsftpd.conf FIX: vsftp improvements from Rich Mellor on mailing list 2013-10-26 09:51:25 +11:00
webmin-auth.conf ENH: filter.d/webmin anchor at start and use syslog 2013-10-05 19:18:44 +10:00
wuftpd.conf ENH: trailing space as per discussion on gh-303 2013-08-19 21:42:43 +10:00
xinetd-fail.conf ENH: Improve xinetd-fail regex and add sample logs 2013-07-21 15:44:09 +01:00