Commit graph

1130 commits

Author SHA1 Message Date
Simon Brown
de14946542 Added new path variable for system.log
Logging location for the majority of Mac OS daemons.
2015-10-26 18:02:07 -07:00
Simon Brown
80546c6164 Added in settings for screensharingd filter 2015-10-26 17:50:49 -07:00
Simon Brown
3ec725a2ba Created file
From https://github.com/beezwax/filemaker-fail2ban/blob/master/fail2ban/filter.d/screensharingd.conf
2015-10-26 17:35:38 -07:00
1technophile
2861a957a9 filter for openhab domotic software authentication failure with the rest api and web interface + test cases;
closes gh-1223
2015-10-26 15:48:23 +01:00
Pablo Rodriguez Fernandez
2c576c64f8 Change domain filter regex
Change domain filter regex since there are other Google crawlers.
See "Google crawlers"
<https://support.google.com/webmasters/answer/1061943?hl=en>
2015-10-20 10:46:00 +02:00
Pablo Rodriguez Fernandez
74fcb219ab Enhanced Google domain detection in apache-fakegooglebot
Previously, an attacker could fake a domain like
crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change
avoids to resolve fake Google domains.
2015-10-20 10:45:53 +02:00
Orion Poplawski
3a9cf2b3da Add and use default_backend to set individual backend defaults to auto 2015-10-19 19:50:03 -06:00
Orion Poplawski
ced7be94b2 Fix postfix_log typo 2015-10-19 19:43:10 -06:00
Orion Poplawski
75d33c0f09 Add *_backend options for services to allow distros to set the default backend
per service.
Set default to systemd for Fedora as appropriate.
2015-10-18 20:18:50 -06:00
Pablo Rodriguez Fernandez
a28e6b442e Add check in apache-fakegooglebot to protect against PTR fake record
An attacker may return a PTR record which fakes a Googlebot's domain
name. This modification resolves the PTR records to verify it.

See "Verifying Googlebot":
<https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>
2015-10-13 17:11:49 +02:00
agentmoller001
617302fcc2 Updated route.conf to clear warnings
Does not throw warnings when starting/restarting by adding three lines of code.
2015-10-09 18:16:36 -07:00
sebres
2696ede251 mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later
closes gh-1211
2015-10-07 14:34:13 +02:00
Kevin Locke
36919d9f97 ssh.conf: Fix disconnect "Auth fail" matching
The regex for matching against "Auth fail" disconnect log message does
not match against current versions of ssh.  OpenSSH 5.9 introduced
privilege separation of the pre-auth process, which included
[logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114)
which adds " [preauth]" to the end of each message and causes the log
level to be prepended to each message.

It also fails to match against clients which send a disconnect message
with a description that is either empty or includes a space, since this
is the content in the log message after the disconnect code, per
[packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215),
which was matched by \S+.  Although I have not observed this yet, I
couldn't find anything which would preclude it in [RFC
4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the
message is attacker-controlled it provides a way to avoid getting
banned.

This commit fixes both issues.

Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
2015-10-02 15:46:29 -07:00
Viktor Szépe
0d8968daa9 Added CloudFlare API error codes URL 2015-09-30 16:07:45 +02:00
Yaroslav Halchenko
ff06176e9e Merge remote-tracking branch 'origin/master' into enh-split-comma
* origin/master:
  DOC: changelog for the timeout change
  Set Timeout at urlopen to 3 seconds
  README :: init/service example mentions debian based systems as the example
  README :: fitted paragraph style
  BF: disable testing on python 3.2 until coverage gets a fix
  README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
  Set Timeout at urlopen to 3 seconds
2015-09-27 00:52:14 -04:00
M. Maraun
2895d981fa Set Timeout at urlopen to 3 seconds 2015-09-26 21:26:55 +02:00
Yaroslav Halchenko
8cf614e221 ENH: allow to split ignoreip by space and/or comma (Closes #1197)
Way too many people ran into this gotcha, so lets just do it
2015-09-23 12:13:52 -04:00
Yaroslav Halchenko
55e542b273 Merge remote-tracking branch 'pr/1170/head' -- opensuse paths
* pr/1170/head:
  Updated ChangeLog regarding openSUSE's path config
  Added configuration for opensuse path
2015-09-17 21:59:45 -04:00
Edward Beckett
835b3ff483 Update apache-badbots.conf
Useragent strings including `+http` need to be escaped to be valid.
2015-09-05 00:12:28 -04:00
weberho
f7af93a677 Added configuration for opensuse path 2015-08-26 15:25:59 +02:00
weberho
d278fbca30 Fixed line suspected to be faulty 2015-08-26 14:48:55 +02:00
Yaroslav Halchenko
c37009aec7 Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban
* 'grep-m1k' of github.com:szepeviktor/fail2ban:
  Limit the number of log lines in *-lines.conf actions

Conflicts:
  ChangeLog -- took both versions and adjusted the new one
  for -n 1000 change
2015-07-27 22:37:46 -04:00
Yaroslav Halchenko
38c320798d Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122
WIP ENH Add <lockingopt> (Close: #1122) and <iptables> to define the iptables call
2015-07-27 22:30:54 -04:00
Yaroslav Halchenko
0041bc3770 DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description 2015-07-26 23:10:08 -04:00
Yaroslav Halchenko
de2f9504c0 Merge pull request #978 from ediazrod/patch-2
shorewall-ipset-proto6.conf for shorewall
2015-07-26 23:00:58 -04:00
Yaroslav Halchenko
65cd218e10 Merge remote-tracking branch 'origin/master'
* origin/master:
  ipjailmatches is on one line with its description in man jail.conf
  Added a space between IP address and the following colon
2015-07-26 22:47:43 -04:00
Viktor Szépe
c8b3ee10a0 Limit the number of log lines in *-lines.conf actions 2015-07-27 02:35:21 +02:00
Thomas Mayer
a19cb1b2b9 Merge 923d807ef8 into cf2feea987 2015-07-25 01:23:39 +00:00
Yaroslav Halchenko
3c0d7f5a4c BF: do not wrap iptables into itself. Thanks Lee 2015-07-24 11:59:53 -04:00
Viktor Szépe
ebdfbae559 Added a space between IP address and the following colon 2015-07-24 09:33:47 +02:00
Yaroslav Halchenko
749d3c160c BF: symbiosis-blacklist-allports now also requires iptables-common.conf 2015-07-23 21:53:37 -04:00
Yaroslav Halchenko
916937bb6a RF: use <iptables> to take effect of it being a parameter 2015-07-23 21:38:10 -04:00
Yaroslav Halchenko
31dc4e2263 ENH: added lockingopt option for iptables actions, made iptables cmd itself a parameter 2015-07-23 21:34:20 -04:00
Yaroslav Halchenko
7a011fca1b DOC: adjusted comment in pass2allow-ftp to my suggested wording 2015-07-16 21:55:20 -04:00
Viktor Szépe
948b12e5df Fixed definition of knocking_url for pass2allow 2015-07-14 18:35:51 +02:00
Viktor Szépe
b638e807ad Explicitly stating that knocking_url needs to be customized 2015-07-13 18:12:04 +02:00
Viktor Szépe
586703dcc2 Test, changelog and fixes to pass2allow 2015-07-13 16:46:04 +02:00
Viktor Szépe
5b7e1de2f4 Instead of allow-iptables-multiport actions swap blocktype and (new) returntype 2015-07-11 18:20:09 +02:00
Viktor Szépe
5d60700c0c Added pass2allow (knocking with fail2ban) 2015-07-10 16:22:43 +02:00
Viktor Szépe
a3b8257b73 Add HEAD method verb to apache-badbots, nginx-badbots 2015-07-07 17:45:40 +02:00
Yaroslav Halchenko
8c4c17a880 Merge pull request #1004 from tsabi/fix-lc_time
Fix of LC_TIME usage, it should be LC_ALL
2015-07-05 21:36:37 -04:00
Yaroslav Halchenko
e38b4b8cb3 Merge pull request #1051 from leeclemens/bf/roundcube
Update regex to work with roundcube 1.0.5 and 1.1.1
2015-07-05 21:35:49 -04:00
Lee Clemens
3e902d7b3a Define roundcube_errors_log in paths-common.conf
Remove from paths-debian
2015-07-04 14:46:31 -04:00
Lee Clemens
fdc3172aec Fix PEP8 E302 expected 2 blank lines, found X 2015-07-04 13:47:40 -04:00
Lee Clemens
f7444f16b8 Add optional session id prefix for roundcube 1.1.1 2015-07-04 11:06:51 -04:00
Lee Clemens
2796534a5d Update regex to work with roundcube 1.0.5 on CentOS 6 2015-07-04 11:02:04 -04:00
Viktor Szépe
b65a8b065d Other actions do not dive into this gory descriptions, but we do. 2015-07-03 19:17:50 +02:00
Viktor Szépe
2063ce4b23 All the arguments must be listed in [Init] 2015-07-01 14:48:44 +02:00
Viktor Szépe
79457112e9 Updated CF action 2015-07-01 09:38:36 +02:00
Yaroslav Halchenko
345820d2aa Merge pull request #1056 from ipoddubny/asterisk_security_log
Fix support for Asterisk security log
2015-05-25 12:50:13 -04:00
Yaroslav Halchenko
f41872f034 Merge pull request #1013 from szepeviktor/patch-4
Non-US locale warning for proftpd
2015-05-25 10:51:51 -04:00
Yaroslav Halchenko
eb091d9b8c Merge remote-tracking branch 'origin/master' into pr-1039
* origin/master:
  minor: no tripple empty lines
  add froxlor-auth filter and jail
  add froxlor-auth filter and jail 0
  add froxlor-auth filter and jail
  BF: Fix fail2ban-regex not parsing journalmatch correctly
2015-05-25 10:50:34 -04:00
Yaroslav Halchenko
8c4d4aa7fb minor: no tripple empty lines 2015-05-25 10:42:19 -04:00
Joern Muehlencord
4296d1a9a9 add froxlor-auth filter and jail 2015-05-25 13:51:06 +02:00
Joern Muehlencord
964cdb5d9b add froxlor-auth filter and jail 2015-05-25 13:44:50 +02:00
Ivan Poddubny
7a4e6fa6e5 Asterisk security log: add support for websocket protocol events
Thanks to @kcormier.
2015-05-25 08:13:30 +03:00
Ivan Poddubny
988d9a08da Asterisk security log: accept events containing Response/ExpectedResponse
Event containing Challenge may come without ReceivedChallenge, but with
Response and ExpectedResponse.
Also Challenge now accepts '/' character, since it is used at least by PJSIP.
2015-05-25 08:12:51 +03:00
Ivan Poddubny
189265a323 Asterisk security log: accept SessionID of PJSIP events
Unlike chan_sip and manager, PJSIP populates SessionID using
Call-Id header of a related SIP message.
As Call-Id of a SIP message can contain almost anything,
the regular expression for SessionID has been loosened.
2015-05-25 08:11:34 +03:00
Ivan Poddubny
ab2ac1a367 Asterisk security log: accept <unknown> in AccountID 2015-05-24 12:47:55 +03:00
Ivan Poddubny
977f9955e7 Asterisk security log: accept EventTV in ISO8601
Asterisk uses ISO8601 dates in security log since version 12.

Closes #988
2015-05-24 12:46:54 +03:00
Anton Shestakov
56e5821c06 Match unknown user in dovecot's passwd-file auth database 2015-04-30 16:53:10 +08:00
Aaron Brice
7ae0ef2408 Fix actions in ufw.conf
On Ubuntu 15.04 the ufw action was not working.
- With empty <application>, receiving errors:

2015-04-24 16:28:35,204 fail2ban.filter         [8527]: INFO    [sshd] Found 43.255.190.157
2015-04-24 16:28:35,695 fail2ban.actions        [8527]: NOTICE  [sshd] Ban 43.255.190.157
2015-04-24 16:28:35,802 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stdout: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stderr: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- returned 1

- With action = ufw[application=OpenSSH], it was silently not doing
  anything (no errors after "Ban x.x.x.x", but no IP addresses in ufw
  status).

Re-arranged the bash commands on two lines, and it works with or without
<application>.
2015-04-28 11:39:00 -07:00
Lee Clemens
8f792f52fb Add drupal-auth filter and jail 2015-04-27 13:10:27 -04:00
Lee Clemens
b530d88eca Merge remote-tracking branch 'upstream/master' into bf/1000-asteriskBlocksSelf
Conflicts:
	ChangeLog
2015-04-26 15:13:59 -04:00
Markus Oesterle
f8c7247f42 added \s after host 2015-04-17 10:22:01 +02:00
Markus Oesterle
5f2807b41f replaced .* before rhost with regex matching all the previous fields 2015-04-17 10:04:35 +02:00
Markus Oesterle
8825a5f31b updated filter.d/sshd.conf
Added line to match sshd auth errors on OpenSuSE systems
2015-04-16 19:48:28 +02:00
Viktor Szépe
e776a4e1ab Update proftpd.conf 2015-04-08 15:57:39 +02:00
Viktor Szépe
f9e8a99a79 Non-US locale warning for proftpd 2015-04-06 17:04:41 +02:00
Thomas Mayer
923d807ef8 use human-readable variable names (issue #1003) 2015-03-29 18:18:30 +02:00
Thomas Mayer
675c3a7c95 use printf instead of echo for POSIX compatibility (issue #1003) 2015-03-29 18:08:47 +02:00
Thomas Mayer
ac1e41ea70 Revert "remove '-ne' option as it's not interpreted any way (issue #1003)"
This reverts commit 4a598070c8.
2015-03-29 17:54:25 +02:00
Thomas Mayer
4a598070c8 remove '-ne' option as it's not interpreted any way (issue #1003) 2015-03-28 06:58:01 +01:00
Thomas Mayer
80f11a4d28 Add empty Init Section to pass tests (issue #1003) 2015-03-27 18:36:09 +01:00
Thomas Mayer
c9b24839e4 Character detection heuristics for whois output via optional setting in mail-whois*.conf (Closes #1003)
when set by user,
 - detects character set of whois output (which is undefined by RFC 3912) via heuristics of the file command
 - converts whois data to UTF-8 character set with iconv
 - sends the whois output in UTF-8 character set to mail program
 - avoids that heirloom mailx creates binary attachment for input with unknown character set
2015-03-27 14:27:41 +01:00
Csaba Tóth
0720c831b7 Fix of LC_TIME usage, it should be LC_ALL 2015-03-26 03:02:02 +01:00
Lee Clemens
72f4bcfbff Match hacking attempt IP instead of asterisk server IP (closes #1000) 2015-03-24 19:03:26 -04:00
Yaroslav Halchenko
d28880fdca Merge pull request #997 from yarikoptic/bf/long-purge-for-recidive
DOC: make a warning for recidive jail to increase dbpurgeage (Closes #964)
2015-03-23 21:30:04 -04:00
ediazrod
5fdd1d1ded Update shorewall-ipset-proto6.conf 2015-03-23 00:56:37 +01:00
ediazrod
e26a1ad6b6 Update shorewall-ipset-proto6.conf 2015-03-23 00:55:06 +01:00
Yaroslav Halchenko
56aacf872c Merge pull request #952 from ache/master
Update bsd-ipfw.conf
2015-03-21 21:46:54 -04:00
Yaroslav Halchenko
02836b599c Added a comment about systemd backend for jails with logs outside of journal (Closes #959) 2015-03-21 21:25:50 -04:00
Yaroslav Halchenko
320a28a4a4 DOC: make a warning for recidive jail to increase dbpurgeage (Closes #964) 2015-03-21 20:50:03 -04:00
ediazrod
d0887f3234 This is a especific configuration for shorewall ipset proto6
Use ipset proto6 in shorewall. You must follow the rules to enable ipset in you blacklist

if you have a lot of spam (my case) is better use ipset rather than shorewall command line (is my firewall)
stop fail2ban with shorewall on one list of 1000 Ips takes 5 min with ipset in shorewall 10 sec.
2015-02-26 18:48:31 +01:00
Yaroslav Halchenko
e788e3823e Merge pull request #965 from TorontoMedia/master
Split output of firewallcmd list into separate lines for grepping (Close #908)
2015-02-14 16:06:10 -05:00
TorontoMedia
b4f1f613bb Update firewallcmd-allports.conf 2015-02-14 12:32:36 -05:00
TorontoMedia
0fac7e40b6 Update firewallcmd-multiport.conf 2015-02-14 12:31:33 -05:00
Yaroslav Halchenko
07b0ab07ad Merge branch 'master' of https://github.com/rumple010/fail2ban
* 'master' of https://github.com/rumple010/fail2ban:
  Changed default TTL value to 60 seconds.
  Added a reminder to create an nsupdate.local file to set required options.
  Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf.
  add nsupdate action

Conflicts:
	ChangeLog
2015-02-14 09:32:05 -05:00
Yaroslav Halchenko
d5e68abf95 ENH: check badips.com response on presence of "categories" in it
As https://travis-ci.org/fail2ban/fail2ban/jobs/50609529 query might fail in
that response would not contain "categories".  With this change we will handle
it explicitly and will spit out ValueError, providing information about
the response so it could be troubleshooted
2015-02-13 08:55:35 -05:00
Ache
ae1451b29f Update bsd-ipfw.conf
Deleting not existent is not error.
Adding already present is not error.
Otherwise all those entries becomes stale forever, not removed and its number increases over time.
2015-02-08 15:55:32 +03:00
Yaroslav Halchenko
3fb2becddb Merge pull request #949 from leeclemens/enh/configSyslogSocket
Configure Syslog Socket Path (closes #814)
2015-02-06 20:08:15 -05:00
Lee Clemens
6268eb32be Use syslogsocket value "auto" to determine syslog socket's path 2015-02-06 19:14:09 -05:00
Luke Hollins
549ab24e70 Fixed grammatical error in emails sent 2015-02-06 11:47:03 -05:00
Yaroslav Halchenko
119a7bbb16 Merge pull request #939 from szepeviktor/geoip
Added sendmail-geoip-lines.conf
2015-02-06 11:32:41 -05:00
Viktor Szépe
4c88a00c28 Line notes implemented 2015-02-06 17:22:30 +01:00
Lee Clemens
445fd7367f Configure Syslog Socket Path 2015-02-05 23:44:57 -05:00
František Šumšal
eb0d086ed0 Merge branch 'master' into nginx-botsearch 2015-02-04 02:13:33 +01:00
František Šumšal
1c6d2074fb Changed default settings for nginx-botseach filter 2015-02-04 01:48:59 +01:00
Orion Poplawski
e7ff7e90b7 [postfix-sasl] update regexes
- Add : to match "SASL LOGIN authentication failed: Password:"
- Add ignoreregex to ignore system authentication issues:
  "warning: unknown[1.1.1.1]: SASL LOGIN authentication failed: Connection lost to authentication server"
- Add test log messages for both
2015-02-03 11:30:16 -07:00
František Šumšal
fb0f463eac Include consistency 2015-02-03 15:54:05 +01:00
František Šumšal
705718be52 Filter apache-botsearch.conf now loads variables from botsearch-common.conf 2015-02-03 04:44:33 +01:00
František Šumšal
18778d9174 Created botsearch-common.conf
File contains variables used in -botsearch filters
2015-02-03 04:25:47 +01:00
Yaroslav Halchenko
73af02ffc6 Merge pull request #940 from leeclemens/ENH/ApacheFakeGoogleBot
New jail: apache-fakegooglebot
2015-02-02 21:44:04 -05:00
Yaroslav Halchenko
df581fe6e2 Merge pull request #929 from opoplawski/pam_auth
Add filter variable __pam_auth to allow customize for setups with multiple authorization schemes (Close #928)
2015-02-02 21:42:10 -05:00
Yaroslav Halchenko
7ada96b4e9 Merge pull request #932 from opoplawski/dovecot
Dovecot - dovecot auth failure from EL7
2015-02-02 21:37:28 -05:00
František Šumšal
f8fe165cd2 Switched from tabs to spaces for indents 2015-02-03 03:35:22 +01:00
Yaroslav Halchenko
8f6d9c6a5a Merge branch 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban
* 'enh/local_time_zone' of https://github.com/yarikoptic/fail2ban:
  fixed typos, thanks szepeviktor for review
  ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)

Conflicts:
	ChangeLog
2015-02-02 21:21:44 -05:00
Lee Clemens
841c476045 Merge branch 'enh/fakegooglebot' of https://github.com/yarikoptic/fail2ban into yarikoptic-enh/fakegooglebot
Conflicts:
	config/filter.d/ignorecommands/apache-fakegooglebot
2015-02-02 13:01:23 -05:00
Yaroslav Halchenko
15b65c7ad2 NF: apache-fakegooglebot ignorecommand + DNSUtils.ipToName 2015-02-02 12:19:20 -05:00
Lee Clemens
7e94ba6f0c Remove implementation specific suffix 2015-02-02 11:43:05 -05:00
Lee Clemens
854915920f Remove implementation specific suffix 2015-02-02 11:38:23 -05:00
Lee Clemens
af078532ac New jail: apache-fakegooglebot
Detects fake googlebot user agents in apache access log
2015-02-02 00:42:01 -05:00
Viktor Szépe
1619ab3145 Added sendmail-geoip-lines.conf 2015-02-01 00:06:56 +01:00
Yaroslav Halchenko
ec6a30efcf ENH: define ignoreregex for all filters explicitly, to avoid warnings (Closes #934) 2015-01-30 10:38:28 -05:00
František Šumšal
c8e82f18b6 Add jail nginx-botsearch
Jail blocks requests for predefined non-existent folders. Based on
apache-botsearch jail.
2015-01-29 17:57:52 +01:00
Orion Poplawski
b4776a1ba0 Match dovecot unknown user line 2015-01-29 09:37:37 -07:00
Orion Poplawski
3bc92610f7 Add dovecot auth failure from EL7 2015-01-29 09:11:59 -07:00
Andrew St. Jean
6bdfe756cf Changed default TTL value to 60 seconds. 2015-01-28 22:46:43 -05:00
Orion Poplawski
79b5a2617f Add filter variable __pam_auth to allow easier changing of pam auth backend 2015-01-27 14:34:27 -07:00
Andrew St. Jean
43732acae1 Added a reminder to create an nsupdate.local file to set required options. 2015-01-26 21:48:16 -05:00
Yaroslav Halchenko
085d0f72ed ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z) 2015-01-26 09:19:44 -05:00
Yaroslav Halchenko
65980a70fc Merge branch 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban
* 'enh/recidive-allports' of https://github.com/yarikoptic/fail2ban:
  use iptables-allports for recidive

Conflicts:
	ChangeLog
2015-01-26 09:04:42 -05:00
rumple010
eb76dcd5a0 add nsupdate action
Adds a new action file that uses nsupdate to dynamically update a BIND
zone file with a TXT resource record representing a banned IP address.
Resource record is deleted from the zone when the ban expires.
2015-01-25 23:15:07 -05:00
sebres
12e3cca3f2 port[s] typo fixed in jail.conf/nginx-http-auth, issue gh-913 2015-01-19 10:28:53 +01:00
Yaroslav Halchenko
083031524d BF: adding missing Definition section header to firewallcmd-allports 2015-01-08 21:14:50 -05:00
TorontoMedia
d7b7f4bc91 Update firewallcmd-allports.conf 2015-01-08 21:06:43 -05:00
Lee Clemens
77677e43df Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL 2015-01-07 20:39:04 -05:00
Lee Clemens
bda8dc1926 Merge branch 'master' of github.com:fail2ban/fail2ban into ENH/PostfixRBL 2015-01-03 15:29:42 -05:00
TorontoMedia
7eed55266b Created firewallcmd-multiport 2015-01-01 12:46:48 -05:00
TorontoMedia
9f91cb2fd8 Created firewallcmd-allports 2015-01-01 12:44:34 -05:00
TorontoMedia
50e5fd9ed7 Create firewallcmd-multiport.conf 2015-01-01 05:32:41 -05:00
TorontoMedia
591e444753 Create firewallcmd-allports.conf 2015-01-01 05:32:06 -05:00
Lee Clemens
0f48cf4284 loosen up regex for spamhaus (spamcop says "Blocked" as part of url) 2014-12-30 19:14:39 -05:00
Lee Clemens
fe72a5585c Create Jail for Postfix based on RBL
Use RBL blocks to ban addresses, unique Jail so maxretry can be set to 1 (vs postfix.conf)
2014-12-30 19:06:17 -05:00
Lee Clemens
2d7429c47c Add 'Client host rejected error message' regex
Not sure if it was reworded (using Postfix 2.6) or a slightly different error, but I only have "Client host rejected: cannot find your hostname"
2014-12-30 18:05:19 -05:00
Viktor Szépe
81b3dbde1d postfix-sasl failregex case insensitive 2014-12-11 00:10:37 +01:00
bes-internal
ccc986b7d8 exim filter: correct failregex for exim with extended log options
incoming_interface, incoming_port, outgoing_port
2014-12-04 13:34:44 +03:00
Orion Poplawski
d8867807f5 Separate php-url-fopen logpath by newline 2014-11-28 22:04:09 -07:00
Guillaume FRANCOIS
a6a2dc868b Add ignoreregex to avoid warning on start 2014-11-12 11:05:56 +01:00
Guillaume FRANCOIS
9269664350 Add ignoreregex to avoid warning on start 2014-11-12 10:30:28 +01:00
Yaroslav Halchenko
2a3790f8e8 use iptables-allports for recidive 2014-11-04 13:24:54 -05:00
Yaroslav Halchenko
967485c2d0 improving grepping 2014-10-29 23:14:47 -04:00
Yaroslav Halchenko
efbf5064a1 Merge pull request #807 from xslidian/patch-1
grep IP at the start of lines
2014-10-29 23:07:10 -04:00
Orion Poplawski
01b2673e34 Use multiport for firewallcmd-new 2014-10-29 16:27:37 -06:00
Yaroslav Halchenko
36abb5ed96 BF: fix $ for % in jail.conf. Debian bug #767255 2014-10-29 13:08:51 -04:00
pacop
e3a037ee3f merge master 2014-10-25 18:15:34 +02:00
pacop
ce4f2d1c88 added filter for PortSentry with jail and samples 2014-10-04 15:08:12 +02:00
SlowRiot
fc5f729f01 adding jail conf for shellshock filter 2014-09-26 16:37:50 +01:00
SlowRiot
4f636eb0e3 adding filter to detect Shellshock attack attempts against bash scripts through apache. See http://seclists.org/oss-sec/2014/q3/650 2014-09-26 16:25:07 +01:00
Nick Weeds
2c158fe168 Add apache filter for AH01630 client denied by server configuration 2014-09-14 21:54:05 +01:00