diff --git a/ChangeLog b/ChangeLog index f3e13719..86b6447b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,7 @@ ver. 0.8.4 (2008/??/??) - stable - Try to match the regex even if the line does not contain a valid date/time. Described in Debian #491253. Thanks to Yaroslav Halchenko. +- Added/improved filters and date formats. ver. 0.8.3 (2008/07/17) - stable ---------- diff --git a/MANIFEST b/MANIFEST index 11ed92af..f2bfa255 100644 --- a/MANIFEST +++ b/MANIFEST @@ -59,6 +59,7 @@ config/jail.conf config/filter.d/common.conf config/filter.d/apache-auth.conf config/filter.d/apache-badbots.conf +config/filter.d/apache-nohome.conf config/filter.d/apache-noscript.conf config/filter.d/apache-overflows.conf config/filter.d/courierlogin.conf diff --git a/config/filter.d/apache-nohome.conf b/config/filter.d/apache-nohome.conf new file mode 100644 index 00000000..2673c2f4 --- /dev/null +++ b/config/filter.d/apache-nohome.conf @@ -0,0 +1,23 @@ +# Fail2Ban configuration file +# +# Author: Yaroslav O. Halchenko +# +# $Revision: 569 $ +# + +[Definition] + +# Option: failregex +# Notes.: regex to match failures to find a home directory on a server, which +# became popular last days. Most often attacker just uses IP instead of +# domain name -- so expect to see them in generic error.log if you have +# per-domain log files. +# Values: TEXT +# +failregex = [[]client []] File does not exist: .*/~.* + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex =