Commit graph

374 commits

Author SHA1 Message Date
Daniel Black
77fda9498c ENH: pull asterisk filter change to support syslog from 0.9 branch 2014-03-14 23:15:46 +11:00
Daniel Black
853bed8e4f ENH: more sendmail-reject filter items thanks to fab23 2014-03-02 14:04:27 +11:00
Daniel Black
d0ec09a3b5 BF: move to right location 2014-03-01 15:50:30 +11:00
Daniel Black
c10cc20928 ENH: rename sendmail-spam to sendmail-reject 2014-02-28 08:41:04 +11:00
Daniel Black
d34569fb8d BF: email address as arg1 in sendmail filters 2014-02-27 11:38:23 +11:00
Daniel Black
72c84fe9b0 ENH: wider regex for RBL and sendmail-spam 2014-02-27 10:02:34 +11:00
Daniel Black
3d776afbb0 ENH: add filter for sendmail-{auth,spam}. Closes gh-20 2014-02-26 19:16:49 +11:00
Ivo Truxa
f5f434f846 removing the second failregex
The second failregex was supposed to catch an error concerning an ACL denial over IPv6, but this message is no more generated by the nrpe version (v2.15) that introduced the IPv6 support, so the first failregex seems to be sufficient.
2014-02-06 00:22:05 +01:00
Ivo Truxa
a71bb89ccd removing a dot (typo)
The dot at the ignoregex did not belong there. Somehow it was added during the copying and pasting. Thanks for reporting it, I did not see it. Otherwise, empty ignoregexes are in all filters, and if they are missing, fail2ban client shows warnings when starting the filter, which I prefer avoiding.
2014-02-03 23:12:56 +01:00
Ivo Truxa
c91fda8619 ENH: Nagios filter
Sample log for the first failregex is available in the testcases. No example available for the IPv6 denial yet.
2014-02-03 21:46:07 +01:00
Daniel Black
273b2f45a3 MRG: remove the "no auth attempts" as per aseques gh-600 2014-01-29 20:43:51 +11:00
Daniel Black
9b614ce486 ENH: dovecot filter enhancements 2014-01-29 20:27:45 +11:00
Joan
84617fa6da Fixed a failing case 2014-01-28 16:19:35 +01:00
Joan
08171ba52f Removed the -no auth attempts- from the triggers because of lots of FP 2014-01-28 12:44:46 +01:00
Daniel Black
256c732bcd BF/ENH: filter pure-ftpd - re-add _daemon. Add translations
_daemon was accidently removed in
89fd792dfb

Added translations from source code
2014-01-25 12:19:46 +11:00
Daniel Black
657da2041c BF: dovecot filters, session characters and order of session/tls in log messages 2014-01-15 08:02:47 +11:00
Daniel Black
01e5ae1234 Merge pull request #584 from grooverdan/exim-auth
ENH: Exim auth
2014-01-13 02:20:47 -08:00
Daniel Black
08b4f3e5f2 Merge branch 'patch-5' of https://github.com/truxoft/fail2ban into exim-auth 2014-01-13 19:26:12 +11:00
Ivo Truxa
2d8c0b26e4 Matching any Exim authentication name
As explained in https://github.com/grooverdan/fail2ban/pull/4, in Exim there can be used plenty of other standard authentication names, and in fact the names can be custom. The failregex in Exim filter should catch authentication errors regardless of the name of the authentication. Hence replacing the plain|login with the general \w+
2014-01-13 01:38:49 +01:00
Daniel Black
6b0e6b9bca ENH: add improper command pipelining postfix filter 2014-01-13 06:59:59 +11:00
Tomas Pihl
b52a4441fd Support ACL-events without AccountID. Typically happens when a registration
from an unknown domain is performed.

Add credits
2014-01-12 01:28:55 +01:00
Steven Hiscocks
128112d51c ENH: ejabberd filter 2014-01-09 22:47:17 +00:00
Yaroslav Halchenko
9a8b449086 DOC: some typos, fixes from Vincent Lefevre 2014-01-06 23:38:52 -05:00
Daniel Black
50eab4df81 ENH: add filter groupoffice. Closes gh-566 2014-01-06 21:56:22 +11:00
Steven Hiscocks
6c301ae210 Merge pull request #563 from grooverdan/gh-289-ssh
BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHAN...
2014-01-05 09:55:05 -08:00
Daniel Black
a8e0498389 BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHANGE_FAILED. closes gh-289 2014-01-05 21:26:26 +11:00
Daniel Black
c37ee4cc52 DOC: filter.d/vsftpd doco from wiki 2014-01-05 11:30:56 +11:00
Daniel Black
6602937ee1 DOC: filter.d./pure-ftpd doco from wiki 2014-01-05 11:24:20 +11:00
Daniel Black
d7666c8942 DOC: bit more on how to use freeswitch 2014-01-04 12:39:48 +11:00
Daniel Black
23f0b854da MRG: merge in freeswitch 2014-01-04 12:24:40 +11:00
Daniel Black
69b3a1cf64 BF: catchin DEBUG messages will result in duplicates 2014-01-04 12:10:51 +11:00
Daniel Black
477f30665a DOC: ignoreip for internal ips on freeswitch 2014-01-04 08:31:42 +11:00
Daniel Black
36533de6bc ENH: more filter expressions for freeswitch. Anchored existing one at end too 2014-01-04 08:21:22 +11:00
Daniel Black
04d28fd2e1 ENH: add filter freeswitch - as raised on mailing list 2014-01-03 13:00:37 +11:00
Daniel Black
83f3aeb308 ENH: filter for horde 2014-01-02 23:12:36 +11:00
Daniel Black
e8710b679d ENH: stronger regex for failregex 2013-12-31 08:22:52 +11:00
Daniel Black
856407379b ENH: add filter openwebmail. Closes gh-543. 2013-12-31 08:09:00 +11:00
Daniel Black
ccb64e68b4 DOC: for exim-spam to say how to enable the log lines for the latest regex 2013-12-29 21:53:26 +00:00
Daniel Black
b5f5ddf123 ENH: end anchor for exim-spam 2013-12-29 20:56:25 +00:00
Daniel Black
d727ba639a ENH: exim-spam to include spamassassin log entry. Closes gh-533 2013-12-29 20:16:37 +00:00
Daniel Black
c074773805 ENH: apache modsecurity from 0.9 branch 2013-12-29 07:06:13 +00:00
Daniel Black
382d68f0fe DOC: perfork model for apache log format 2013-12-23 09:09:48 +00:00
Daniel Black
1b7df1181f BF: apache-2.4 log format fix. Closes gh-516 2013-12-23 08:28:40 +00:00
Yaroslav Halchenko
7af58b9984 Merge branch 'apache-noscripts' of https://github.com/grooverdan/fail2ban
* 'apache-noscripts' of https://github.com/grooverdan/fail2ban:
  ENH: apache-noscript now matched php-cgi scripts. Closes gh-503

Conflicts:
	ChangeLog -- two new entries collided,  Reformatted the merged one a bit
2013-12-22 22:28:57 -05:00
Daniel Black
a9b7d33c51 ENH: apache-noscript now matched php-cgi scripts. Closes gh-503 2013-12-19 10:01:24 +00:00
Steven Hiscocks
d22716ab63 ENH: Add nsd filter and amend DateEpoch to match date format 2013-12-18 22:31:54 +00:00
Daniel Black
9d532828fc BF: multiple _ separated values according to http://wiki.squid-cache.org/SquidFaq/SquidLogs#Squid_result_codes. Thanks Steven 2013-12-11 07:44:41 +11:00
Daniel Black
66374913ec ENH: add squid filter 2013-12-10 21:24:37 +11:00
Daniel Black
db4c21acde BF/DOC: fix filename in documentation for filter.d/proftpd 2013-12-09 14:46:01 +11:00
Daniel Black
e8eab11615 DOC: proftp - turn off ReverseDNS 2013-12-09 14:45:09 +11:00