From fe9e85c71d73d7ec57048113768f2a02fa110ba6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Allan=20Nordh=C3=B8y?= Date: Fri, 10 Nov 2017 23:56:10 +0100 Subject: [PATCH 01/13] "Fail2Ban", other language improvements --- README.md | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 1138a3ac..71997c98 100644 --- a/README.md +++ b/README.md @@ -6,45 +6,45 @@ ## Fail2Ban: ban hosts that cause multiple authentication errors -Fail2Ban scans log files like `/var/log/auth.log` and bans IP addresses having +Fail2Ban scans log files like `/var/log/auth.log` and bans IP addresses conducting too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, -such as those for sshd and Apache, and is easy to configure to read any log -file you choose, for any error you choose. +such as those for sshd and Apache, and is easily configured to read any log +file of your choosing, for any error you wish. -Though Fail2Ban is able to reduce the rate of incorrect authentications -attempts, it cannot eliminate the risk that weak authentication presents. -Configure services to use only two factor or public/private authentication +Though Fail2Ban is able to reduce the rate of incorrect authentication +attempts, it cannot eliminate the risk presented by weak authentication. +Set up services to use only two factor, or public/private authentication mechanisms if you really want to protect services. -This README is a quick introduction to Fail2ban. More documentation, FAQ, HOWTOs -are available in fail2ban(1) manpage and on the website http://www.fail2ban.org +This README is a quick introduction to Fail2Ban. More documentation, FAQ, and HOWTOs +available in the fail2ban(1) manpage and on the website https://www.fail2ban.org Installation: ------------- -**It is possible that Fail2ban is already packaged for your distribution. In -this case, you should use it instead.** +**It is possible that Fail2Ban is already packaged for your distribution. In +this case, you should use that instead.** Required: -- [Python2 >= 2.6 or Python >= 3.2](http://www.python.org) or [PyPy](http://pypy.org) +- [Python2 >= 2.6 or Python >= 3.2](https://www.python.org) or [PyPy](https://pypy.org) Optional: - [pyinotify >= 0.8.3](https://github.com/seb-m/pyinotify) - - Linux >= 2.6.13 -- [gamin >= 0.0.21](http://www.gnome.org/~veillard/gamin) -- [systemd >= 204](http://www.freedesktop.org/wiki/Software/systemd) +- Linux >= 2.6.13 +- [gamin >= 0.0.21](https://www.gnome.org/~veillard/gamin) +- [systemd >= 204](https://www.freedesktop.org/wiki/Software/systemd) - [dnspython](http://www.dnspython.org/) -To install, just do: +To install: tar xvfj fail2ban-0.9.7.tar.bz2 cd fail2ban-0.9.7 python setup.py install This will install Fail2Ban into the python library directory. The executable -scripts are placed into `/usr/bin`, and configuration under `/etc/fail2ban`. +scripts are placed into `/usr/bin`, and configuration in `/etc/fail2ban`. Fail2Ban should be correctly installed now. Just type: @@ -86,7 +86,7 @@ Contact: See [CONTRIBUTING.md](https://github.com/fail2ban/fail2ban/blob/master/CONTRIBUTING.md) ### You just appreciate this program: -send kudos to the original author ([Cyril Jaquier](mailto: Cyril Jaquier )) +Send kudos to the original author ([Cyril Jaquier](mailto: Cyril Jaquier )) or *better* to the [mailing list](https://lists.sourceforge.net/lists/listinfo/fail2ban-users) since Fail2Ban is "community-driven" for years now. From 855f5d0ced70247ec80823ae4c8507adbd14554b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Allan=20Nordh=C3=B8y?= Date: Sat, 11 Nov 2017 14:03:15 +0100 Subject: [PATCH 02/13] to be found --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 71997c98..d97cdf38 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ Set up services to use only two factor, or public/private authentication mechanisms if you really want to protect services. This README is a quick introduction to Fail2Ban. More documentation, FAQ, and HOWTOs -available in the fail2ban(1) manpage and on the website https://www.fail2ban.org +to be found on fail2ban(1) manpage and the website: https://www.fail2ban.org Installation: ------------- From d7e320b96d1339d19331d4cad05e77493e1ce669 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Allan=20Nordh=C3=B8y?= Date: Tue, 23 Jan 2018 21:09:53 +0100 Subject: [PATCH 03/13] reverting linux indentation --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d97cdf38..0f08b3e6 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ Required: Optional: - [pyinotify >= 0.8.3](https://github.com/seb-m/pyinotify) -- Linux >= 2.6.13 +- ↓ Linux >= 2.6.13 - [gamin >= 0.0.21](https://www.gnome.org/~veillard/gamin) - [systemd >= 204](https://www.freedesktop.org/wiki/Software/systemd) - [dnspython](http://www.dnspython.org/) From e8ffab28fb8c50c576f0422c726b0b1c04829397 Mon Sep 17 00:00:00 2001 From: sebres Date: Mon, 19 Mar 2018 13:18:55 +0100 Subject: [PATCH 04/13] filter.d/apache-noscript.conf: extended to match "Primary script unknown", got from php-fpm module. --- config/filter.d/apache-noscript.conf | 9 +++++++-- fail2ban/tests/files/logs/apache-noscript | 2 ++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/config/filter.d/apache-noscript.conf b/config/filter.d/apache-noscript.conf index fbc1af64..abc083a6 100644 --- a/config/filter.d/apache-noscript.conf +++ b/config/filter.d/apache-noscript.conf @@ -17,8 +17,13 @@ before = apache-common.conf [Definition] -failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)(, referer: \S+)?\s*$ - ^%(_apache_error_client)s script '/\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)\S*' not found or unable to stat(, referer: \S+)?\s*$ +script = /\S*(?:php(?:[45]|[.-]cgi)?|\.asp|\.exe|\.pl) + +prefregex = ^%(_apache_error_client)s .+$ + +failregex = ^(?:(?:AH001(?:28|30): )?File does not exist|(AH01264: )?script not found or unable to stat):