Commit graph

1130 commits

Author SHA1 Message Date
Yaroslav Halchenko
0e1f8f7f39 RF: remove those two additional failregexes for the postfix
see comment
https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426
2014-09-13 10:25:27 -04:00
Yaroslav Halchenko
96c20c8379 Merge pull request #804 from pleasantone/master
Add support for postfix/submission/smtpd matching.
2014-09-13 10:24:06 -04:00
Yaroslav Halchenko
c58c4de9bc ENH: add empty ignoreregex to avoid a warning (Close #805) 2014-09-13 10:18:37 -04:00
Dean Lee
ba44ff312b grep IP at the start of lines
I'm not sure if this regex works best, so I'm patching this single file as a sample.

Don't forget to update `mail-whois-lines.conf` after this patch got merged.

For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
2014-09-09 14:55:34 +08:00
Paul Traina
249e169d8e Update test cases and also suport smtps per request. 2014-09-08 11:53:51 -07:00
Daniel Black
1864f75b3b Credits and notes from #806 2014-09-08 19:02:37 +10:00
weberho
d2c086b187 fixed encoding 2014-09-08 10:26:08 +02:00
weberho
218ffe862e fixed encoding 2014-09-08 10:23:07 +02:00
Paul Traina
544cfaff2c Add support for postfix/submission/smtpd matching. 2014-09-06 10:23:38 -07:00
Yaroslav Halchenko
0d9cfb84e3 Merge pull request #778 from yarikoptic/enh/symbiosis
ENH: symbiosis-blacklist-allports action
2014-08-20 23:00:11 -04:00
Yaroslav Halchenko
426ed7ff2f Merge pull request #780 from opoplawski/logpath
Fxi jail.conf to use more syslog macros
2014-08-20 22:59:23 -04:00
Yaroslav Halchenko
93243e7d57 ENH: Ignore errors while unbaning in symbiosis firewall
Fail2Ban at times "interfers" with the firewall reflashing thus leading
to the sporadic errors.  IMHO should be safe to ignore
2014-08-12 11:57:07 -04:00
Luc Maisonobe
763115b1eb added systemd configuration for postfix-sasl.conf 2014-08-11 21:54:27 +02:00
Yaroslav Halchenko
aee560b1c6 Merge branch 'master' of git://github.com/fail2ban/fail2ban
* 'master' of git://github.com/fail2ban/fail2ban:
  1.5 version of Fail2ban logwatch file
  Fix typos.
2014-08-11 13:10:02 -04:00
Yaroslav Halchenko
6fc04c2256 Merge branch 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban (with some tune up to Changelog entry)
* 'bf+enh/cyrus-imap' of https://github.com/yarikoptic/fail2ban:
  ENH: cyrus-imap -- catch also 'user not found' attempts
  BF: cyrus-imaps -- catch also for secured daemons

Conflicts:
	ChangeLog
2014-08-11 13:09:43 -04:00
Yaroslav Halchenko
f403bad0ab Merge pull request #775 from alimony/patch-1
Fix typos.
2014-08-11 13:08:30 -04:00
Yaroslav Halchenko
b79a82ebdd minor typo 2014-08-08 15:57:41 -04:00
Orion Poplawski
6b554fbe98 Fxi jail.conf to use more syslog macros 2014-08-08 13:27:32 -06:00
Yaroslav Halchenko
818dd59d65 ENH: symbiosis-blacklist-allports action 2014-08-08 11:57:30 -04:00
Markus Amalthea Magnuson
7b76322898 Fix typos. 2014-08-02 12:21:59 +02:00
Yaroslav Halchenko
4a23a7dcf1 Merge pull request #766 from leftyfb/master
Added cloudflare action
2014-07-28 15:34:09 -04:00
leftyfb
6dbd449f77 Changed to Cloudflare JSON API 2014-07-28 11:10:50 -04:00
Jisoo Park
2e7b8adb3b Fix sieve filter to use correct option 2014-07-28 23:42:02 +09:00
Yaroslav Halchenko
f19c5fc939 Merge pull request #770 from eltrai/master
Forwards bantime to action scripts
2014-07-28 10:17:08 -04:00
Yaroslav Halchenko
f9cfbd66e6 Merge pull request #771 from szepeviktor/patch-1
named users + smtp auth probes
2014-07-28 10:14:18 -04:00
Szépe Viktor
143a55bf26 Update courier-smtp.conf 2014-07-28 12:51:38 +02:00
Yaroslav Halchenko
2d7f2fa33f Merge pull request #756 from marclaporte/patch-1
typo
2014-07-27 21:49:24 -04:00
Yaroslav Halchenko
45c1095606 Merge pull request #750 from niorg/master
Added Directadmin filter, jail and log test
2014-07-27 21:47:07 -04:00
Yaroslav Halchenko
3339dc8d84 ENH: cyrus-imap -- catch also 'user not found' attempts 2014-07-25 10:13:04 -04:00
Yaroslav Halchenko
3e5c598b79 BF: cyrus-imaps -- catch also for secured daemons 2014-07-25 10:02:40 -04:00
Szépe Viktor
d757ef584f Update courier-smtp.conf 2014-07-20 21:09:10 +02:00
Szépe Viktor
a786e8a29b named users + smtp atuh probes 2014-07-20 19:59:54 +02:00
Pierre-Alain Dupont
3d7504c19e Forwards bantime to action scripts
That way, ipset and afctl will use a real timeout and not default to a fixed value for all jails
2014-07-20 16:25:59 +02:00
leftyfb
cba570cabd Updated comments 2014-07-17 23:49:35 -04:00
leftyfb
5471e99ebe Added cloudflare action 2014-07-17 22:54:30 -04:00
Yaroslav Halchenko
6cddc65cee BF: path to exim's mainlog on Fedora (Thanks Frantisek Sumsal) + changelog entry 2014-07-14 12:16:12 -04:00
Yaroslav Halchenko
43950d8b7e BF: fix path to the exim log on Debian systems (/var/log/exim4) 2014-07-08 11:09:25 -04:00
Marc Laporte
3777591ab0 typo 2014-07-05 11:55:57 -04:00
Cyril Roos
add8e61036 Added Directadmin filter, jail and log test 2014-07-02 13:52:06 +02:00
Yaroslav Halchenko
0adb10f653 Merge branch 'ainfo-copy' of https://github.com/kwirk/fail2ban
* 'ainfo-copy' of https://github.com/kwirk/fail2ban:
  TST: actions modifying aInfo test more robust
  TST: Test for actions modifying (un)ban aInfo
  BF: aInfo could be modified by actions, causing unexpected behaviour
2014-06-22 10:53:30 -04:00
Steven Hiscocks
2d54161696 Merge branch 'kwirk/harmonize-log-msgs'
Conflicts:
	ChangeLog - Keep all additions
2014-06-22 12:57:49 +01:00
Steven Hiscocks
76a5633ff9 Merge pull request #739 from ranvis/enh-iptables-ipsets
ENH: Add <chain> to iptables-ipsets.
2014-06-21 22:48:49 +01:00
SATO Kentaro
65ff3e9604 ENH: Introduce iptables-common.conf. 2014-06-18 19:04:57 +09:00
Steven Hiscocks
94232d7c31 Merge pull request #726 from pmarrapese/master
Minor improvement to sshd filter
2014-06-17 23:43:42 +01:00
Steven Hiscocks
8268c1641f BF: aInfo could be modified by actions, causing unexpected behaviour
A separate copy of aInfo is passed to each action
2014-06-17 23:24:23 +01:00
Yaroslav Halchenko
93d5c363ca Merge branch 'enh/oracle_msg_server'
* enh/oracle_msg_server:
  ENH: make oracleims failregex better anchored (more explicit)
  Update oracleims.conf to be 'less greedy'
  Update THANKS
  Update jail.conf for oracleims filter.
  Create test for oracleims filter
  Create oracleims.conf in filter.d for new filter
2014-06-16 09:22:42 -04:00
SATO Kentaro
1e1c4ac62a ENH: Add <chain> to iptables-ipsets. 2014-06-16 21:30:13 +09:00
Yaroslav Halchenko
994fe77e59 ENH: make oracleims failregex better anchored (more explicit) 2014-06-10 03:52:16 -04:00
JoelSnyder
5165d2f6ea Update oracleims.conf to be 'less greedy'
This assumes that the protocol is always a string, which it always is, and that the other four fields in the "tr" are always numeric (which they always are).  See port_access documentation at http://docs.oracle.com/cd/E19563-01/819-4428/bgaur/index.html
2014-06-09 18:44:27 -07:00
JoelSnyder
70ed93d8cc Update jail.conf for oracleims filter.
This is the jail.conf update.  Hopefully this will go into pull request #734.
2014-06-09 18:37:31 -07:00
Steven Hiscocks
e8131475cd ENH: Realign and harmonise log messages with getF2BLogger helper 2014-06-09 22:17:00 +01:00
Steven Hiscocks
db023be09b BF: Fix bad syntax in badips.py action
Taken from https://bugzilla.redhat.com/attachment.cgi?id=895966&action=diff
2014-06-07 20:51:53 +01:00
JoelSnyder
9b7c35810a Create oracleims.conf in filter.d for new filter
Created oracleims.conf to catch messages from Sun/Oracle Communications Messaging Server v6.3 and above (including v7)
2014-06-02 22:55:59 -07:00
pmarrapese
96918acee4 more explicit match for sshd filter & added test 2014-05-19 20:47:16 -07:00
pmarrapese
46d6e93800 adjusted sshd filter regex to catch more verbose lines 2014-05-18 22:12:54 -07:00
Steven Hiscocks
77ba065571 Merge pull request #697 from jhmartin/monit_admin_hack
Block brute-force attempts against the Monit gui
2014-05-07 22:23:01 +01:00
Steven Hiscocks
bc10b64c69 ENH: Match non "Bye Bye" for sshd locked accounts failregex 2014-04-27 13:35:55 +01:00
Yaroslav Halchenko
596b819bdc DOC: minor -- tabify docstring in badips.py action 2014-04-23 10:04:17 -04:00
Jason Martin
9c3cb31862 Even stricter monit regex, now covers entire line 2014-04-22 21:29:52 -07:00
Jason Martin
72bfd14330 Tidy up filter.d/monit.conf, make regex more complete.
Add ChangeLog / THANKS entry.
Add test cases.
2014-04-19 13:04:03 -07:00
Steven Hiscocks
03d90c2f42 BF: recidive filter and samples at wrong log level: WARNING->NOTICE 2014-04-19 18:07:23 +01:00
Jason Martin
7d112430ca Block brute-force attempts against the Monit gui 2014-04-16 21:21:41 -07:00
Steven Hiscocks
d4427e5a76 Merge pull request #683 from yarikoptic/fix/682
Fix typos referencing  paths-common, provide empty defaults for syslog_ log files (Partial fix to #682)
2014-04-15 17:14:28 +01:00
Steven Hiscocks
9fcb92524e BF: badips.py action logging of exc_info on debug typo 2014-04-12 11:21:52 +01:00
Yaroslav Halchenko
8bcb25c3a2 defining empty defaults for syslog_ log targets for common (Thanks @chtheis, partial fix to #682) 2014-04-10 23:17:39 -04:00
Yaroslav Halchenko
7dcea0d48d typos of paths-common (Thanks @chtheis, partial fix to #682) 2014-04-10 23:17:30 -04:00
Yaroslav Halchenko
5bccec61e4 ENH: adding pruned with previous merge trailing \s* in nginx filter 2014-04-03 21:31:46 -04:00
Yung-Chin Oei
941a38ea8e nginx-http-auth: match when "referrer" is present
A sample log-line is provided.  The updated regex successfully matches
this line.

Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>
2014-04-04 01:27:39 +01:00
shawn
d7e888238c Correct grammar 2014-04-03 10:44:49 -04:00
yungchin
6e8c1b2871 nginx-http-auth filter: match server_name = ""
As documented at
http://nginx.org/en/docs/http/server_names.html#miscellaneous_names "If
no server_name is defined in a server block then nginx uses the empty
name as the server name."  This regex change allows us to match error
output for such a configuration.

The log line added to the tests was lifted from our logs verbatim; it
did not match without the patched regex.

Signed-off-by: Yung-Chin Oei <yungchin@yungchin.nl>
2014-04-03 11:04:21 +01:00
yungchin
3a155ed2e0 Update comments in shorewall.conf for new settings 2014-04-01 16:52:21 +01:00
Ruben Kerkhof
1c36da9df9 Fix 2 more typos that codespell didn't catch 2014-03-25 10:57:20 +00:00
Ruben Kerkhof
1695d5c076 Fix a few typos
Found with https://github.com/lucasdemarchi/codespell

Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
2014-03-24 13:16:52 +00:00
Manuel Rüger
5a1ad75114 Fix typo in comment 2014-03-18 03:07:19 +01:00
Steven Hiscocks
41cbbbc248 BF: Remove unused imports and variables.
All highlighted by using pyflakes.
2014-03-16 14:31:34 +00:00
Steven Hiscocks
16125ec81a BF: badips.py action methods not static due to use of self._logSys 2014-03-16 14:18:19 +00:00
Steven Hiscocks
6c5a978d6f BF: journalmatch for recidive should be NOTICE level not WARNING 2014-03-15 13:29:44 +00:00
Daniel Black
7611096162 Merge branch '0.9' of https://github.com/fail2ban/fail2ban into 0.9 2014-03-14 22:31:16 +11:00
Daniel Black
aa7e8fb9ce DOC: Credits. close gh-644 2014-03-14 22:30:44 +11:00
Steven Hiscocks
9e374b159e ENH: Allow setting of badips.py key for reporting and blacklisting 2014-03-13 22:45:10 +00:00
Steven Hiscocks
de43d1d6d5 ENH: Change badips.py default score to "3"
As per recommendation from Amy from badips.com
2014-03-13 22:05:50 +00:00
Daniel Black
476d79d3cc ENH: asterisk filter to support syslog format 2014-03-14 09:03:27 +11:00
Daniel Black
415f187644 ENH: sendmail-reject for all smtp ports. 2014-03-14 07:12:12 +11:00
Steven Hiscocks
a78a9d282c DOC: Document that badips.py action should be last action for jail 2014-03-13 20:04:30 +00:00
Steven Hiscocks
0222ff4677 Merge branch 'badips-blacklist' into 0.9
Conflicts:
	ChangeLog
        - entires added in both branches.

Change:
        config/action.d/badips.py
        - jail.getName() changed to jail.name
2014-03-13 20:01:15 +00:00
Steven Hiscocks
0c63d0061a DOC: Add documentation for badips.py action 2014-03-13 19:58:32 +00:00
Steven Hiscocks
dfb46cfda6 BF: Require Python 2.7+ for badips.py action 2014-03-12 21:54:15 +00:00
Daniel Black
df882feb16 ENH: expand sendmail-reject jail to 465,submission 2014-03-13 07:44:02 +11:00
Daniel Black
ef29d7bd29 ENH: paths-{common,distro} normalisation 2014-03-12 20:32:41 +11:00
Daniel Black
50d938e0bf MRG: merge filter sendmail-spam into sendmail-reject 2014-03-02 16:28:23 +11:00
Daniel Black
666fd5eceb ENH: purge excessive jail variations 2014-03-02 16:11:53 +11:00
Daniel Black
69f5baae36 ENH: jail.conf to use syslog_mail 2014-03-02 15:18:41 +11:00
Daniel Black
2d45becb0e Merge branch '0.9' into distro-paths-gh-315 2014-03-02 15:17:21 +11:00
Daniel Black
2d8c497ce5 ENH: highlight missing osx paths 2014-03-02 15:16:53 +11:00
Daniel Black
cc8ec826c5 MRG: from master 2014-03-02 2014-03-02 14:33:45 +11:00
Daniel Black
853bed8e4f ENH: more sendmail-reject filter items thanks to fab23 2014-03-02 14:04:27 +11:00
Daniel Black
d0ec09a3b5 BF: move to right location 2014-03-01 15:50:30 +11:00
Daniel Black
c10cc20928 ENH: rename sendmail-spam to sendmail-reject 2014-02-28 08:41:04 +11:00
Daniel Black
d34569fb8d BF: email address as arg1 in sendmail filters 2014-02-27 11:38:23 +11:00
Daniel Black
72c84fe9b0 ENH: wider regex for RBL and sendmail-spam 2014-02-27 10:02:34 +11:00
Daniel Black
fe1725c603 BF: add jail.conf definitions for sendmail* filters 2014-02-26 19:31:09 +11:00
Daniel Black
3d776afbb0 ENH: add filter for sendmail-{auth,spam}. Closes gh-20 2014-02-26 19:16:49 +11:00
Steven Hiscocks
a9b9c6ea03 Merge branch 'logging' into 0.9
Conflicts:
	fail2ban/server/actions.py
                jail getName()->name
	fail2ban/server/filter.py
                jail getName()->name
2014-02-23 23:03:56 +00:00
Steven Hiscocks
df8d700d17 RF: Refactor Jail and JailThread
Includes:
    - documentation to new format and use of properties
    - change isActive->is_active as former no longer documented for
      python3, and later introduction and documented in python2.6
    - status formatter in beautifier somewhat more automatically
      formatted; no changes are required for additional status elements
    - JailThread now set to active within `start` method, complimenting
      `stop` method
2014-02-23 17:41:14 +00:00
Steven Hiscocks
a4731ef988 DOC: Correct log levels 2014-02-20 23:09:45 +00:00
Steven Hiscocks
5630c56c75 ENH: Change logging levels and make info more verbose 2014-02-20 23:01:40 +00:00
Daniel Black
9be22a96a6 Merge pull request #614 from kwirk/complain-abusix
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
2014-02-20 09:17:23 +11:00
Daniel Black
cc463aa60d Merge pull request #620 from kwirk/xarf-tweaks
BF: Fix misplaced ";", and duplicate {ip,}matches
2014-02-20 09:16:11 +11:00
Daniel Black
b6f9b9161d BF: remove self reference 2014-02-20 09:01:05 +11:00
Daniel Black
a044517cb7 MRG: from master to 0.9 2014-02-20 2014-02-20 08:35:24 +11:00
Daniel Black
79e6543eca Merge branch '0.9' into distro-paths-gh-315 2014-02-20 08:20:47 +11:00
Daniel Black
83266eb668 ENH: framework for distro paths 2014-02-20 08:20:02 +11:00
Steven Hiscocks
8c5525163b BF: Fix misplaced ";", and duplicate {ip,}matches 2014-02-18 15:13:02 +00:00
Steven Hiscocks
997729e274 BF: Fix complain action for multiple recipients and misplaced ";" 2014-02-18 15:05:06 +00:00
Steven Hiscocks
7c76f7f204 BF: $EUID not avilable in all shells, replaced with id -u in xt_recent 2014-02-16 17:56:06 +00:00
Steven Hiscocks
2a37ee2fb7 ENH: Add root user check in xt_recent, and add missing actionstop
Thanks to Helmut Grohne on IRC for suggestion
2014-02-16 16:52:30 +00:00
Steven Hiscocks
5c7630c4be ENH: Allow separate blacklist category for badips.py action 2014-02-14 17:45:08 +00:00
Steven Hiscocks
cf81ddd8e2 BF: Add error handling in badips.py action 2014-02-14 17:10:34 +00:00
Steven Hiscocks
31f4ea59cb BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
Taken from xarf-login-attack action from 0.9 branch by Daniel Black
2014-02-13 22:00:33 +00:00
Steven Hiscocks
f68d85a6ac Merge branch 'master' into 0.9
Conflicts:
	ChangeLog
                Spelling correction of 0.8.13 fixed in master
	config/jail.conf
                Added nagios and duplicate php-url removal in master
                Just nagios added, duplicate not issue in 0.9
2014-02-13 20:14:40 +00:00
Daniel Black
c701ac9276 DOC: document LogLevel requirement for "Connection from" regex" 2014-02-13 16:20:36 +11:00
Daniel Black
5f4d0ed576 ENH: ssh filter - "Disconnecting: Too many authentication failures.." matching Connection log message 2014-02-13 09:13:46 +11:00
Aarón Nieves Fernández
993b7d3dfb Duplicate jail "php-url-fopen" 2014-02-10 21:41:50 +01:00
Steven Hiscocks
dff8909473 ENH: Add badips.com reporting and blacklisting action (python based) 2014-02-09 12:23:14 +00:00
Ivo Truxa
c207ad6058 removing ignoreip at [nagios]
I removed the ignoreip setting from the nagios section. As pointed out, it is redundant here. Nagios server, under normal circumstances should not trigger any access errors, and would be included in the global ignoreips anyway.
2014-02-06 00:27:38 +01:00
Ivo Truxa
f5f434f846 removing the second failregex
The second failregex was supposed to catch an error concerning an ACL denial over IPv6, but this message is no more generated by the nrpe version (v2.15) that introduced the IPv6 support, so the first failregex seems to be sufficient.
2014-02-06 00:22:05 +01:00
Ivo Truxa
a71bb89ccd removing a dot (typo)
The dot at the ignoregex did not belong there. Somehow it was added during the copying and pasting. Thanks for reporting it, I did not see it. Otherwise, empty ignoregexes are in all filters, and if they are missing, fail2ban client shows warnings when starting the filter, which I prefer avoiding.
2014-02-03 23:12:56 +01:00
Ivo Truxa
dac4dd465e ENH: Nagios filter
added typical configuration settings for the nagios filter
2014-02-03 21:51:49 +01:00
Ivo Truxa
c91fda8619 ENH: Nagios filter
Sample log for the first failregex is available in the testcases. No example available for the IPv6 denial yet.
2014-02-03 21:46:07 +01:00
Daniel Black
ef82eac790 DOC: openssh real protection is pubkey 2014-02-02 15:16:40 +11:00
Daniel Black
59b9045e88 MRG: from master 2014-02-02 2014-02-02 13:21:16 +11:00
Daniel Black
273b2f45a3 MRG: remove the "no auth attempts" as per aseques gh-600 2014-01-29 20:43:51 +11:00
Daniel Black
9b614ce486 ENH: dovecot filter enhancements 2014-01-29 20:27:45 +11:00
Joan
84617fa6da Fixed a failing case 2014-01-28 16:19:35 +01:00
Joan
08171ba52f Removed the -no auth attempts- from the triggers because of lots of FP 2014-01-28 12:44:46 +01:00
Daniel Black
a749a2780e Merge pull request #593 from grooverdan/tine
ENH: Tine20 filter
2014-01-26 18:50:42 -08:00
Daniel Black
1a1e3bec86 ENH: framework for distro paths 2014-01-25 23:25:54 +11:00
Daniel Black
256c732bcd BF/ENH: filter pure-ftpd - re-add _daemon. Add translations
_daemon was accidently removed in
89fd792dfb

Added translations from source code
2014-01-25 12:19:46 +11:00
Daniel Black
1e1261ccb4 MRG: from master 2014-01-23 2014-01-23 17:45:18 +11:00
Daniel Black
ca57427080 BF: firewallcmd-ipset had non-working actioncheck 2014-01-23 17:41:13 +11:00
Daniel Black
c8ae064b79 ENH: tighten regex and change failJSON to support timezone. Closes gh-583 2014-01-22 22:16:03 +11:00
Daniel Black
2063d96e59 MRG: import Lars' PR for tine20 2014-01-22 18:12:19 +11:00
Steven Hiscocks
8221c7ca71 TST+BF: Add tests for python actions, including test for smtp.py
Also fix bug when specifying multiple recipients for smtp.py action
2014-01-20 23:10:43 +00:00
Steven Hiscocks
a0f39255bc BF: Kerio log datepattern fix for recent datepattern full regex merge 2014-01-20 23:00:38 +00:00
Daniel Black
a650178bd1 MRG: merge from master 2014-01-19 2014-01-19 14:48:29 +11:00
Daniel Black
263ac32730 ENH: test log samples for kerio thanks to
Tony Lawrence
2014-01-18 23:18:33 +11:00
Daniel Black
1452be4a3a Merge pull request #588 from grooverdan/badips
ENH: Badips action (reporting)
2014-01-17 23:10:29 -08:00
Daniel Black
f566cab766 Merge branch 'master' into badips 2014-01-15 09:37:11 +11:00
Daniel Black
657da2041c BF: dovecot filters, session characters and order of session/tls in log messages 2014-01-15 08:02:47 +11:00
Daniel Black
2333b2d5d9 MRG: from 0.9 2014-01-13 22:17:14 +11:00
Daniel Black
c7f887642d Merge branch '0.9' into master_to_0.9 2014-01-13 21:23:42 +11:00
Daniel Black
3de80545e0 MRG: from master 2014/01/13 2014-01-13 21:23:39 +11:00
Daniel Black
01e5ae1234 Merge pull request #584 from grooverdan/exim-auth
ENH: Exim auth
2014-01-13 02:20:47 -08:00
Daniel Black
08b4f3e5f2 Merge branch 'patch-5' of https://github.com/truxoft/fail2ban into exim-auth 2014-01-13 19:26:12 +11:00
Lars Kneschke
47dd8fb897 ENH: filter for Tine 2.0 2014-01-13 06:04:59 +01:00
Ivo Truxa
2d8c0b26e4 Matching any Exim authentication name
As explained in https://github.com/grooverdan/fail2ban/pull/4, in Exim there can be used plenty of other standard authentication names, and in fact the names can be custom. The failregex in Exim filter should catch authentication errors regardless of the name of the authentication. Hence replacing the plain|login with the general \w+
2014-01-13 01:38:49 +01:00
Daniel Black
6b0e6b9bca ENH: add improper command pipelining postfix filter 2014-01-13 06:59:59 +11:00
Daniel Black
a443b8b4d3 BF: remove second jail definition 2014-01-12 21:45:39 +11:00
Daniel Black
cd3e94140c MRG: complete merge 2014-01-12 21:16:55 +11:00
Daniel Black
f2e55e8499 ENH: add filter for squirrelmail. Closes gh-261 2014-01-12 20:27:36 +11:00
Daniel Black
1e8ed55a36 MRG: from 0.9 2014-01-12 20:15:34 +11:00
Tomas Pihl
b52a4441fd Support ACL-events without AccountID. Typically happens when a registration
from an unknown domain is performed.

Add credits
2014-01-12 01:28:55 +01:00
Steven Hiscocks
0dd6533680 BF: Add ejabberd-auth to jail.conf 2014-01-09 23:22:12 +00:00
Steven Hiscocks
128112d51c ENH: ejabberd filter 2014-01-09 22:47:17 +00:00
Daniel Black
8333abe420 Merge pull request #557 from grooverdan/apache-botsearch
ENH: Apache botsearch + BF: tag substition
2014-01-09 14:11:00 -08:00
Daniel Black
b0baab3a0e ENH: more test cases and wider regex 2014-01-10 08:40:24 +11:00
Daniel Black
4b33f96db4 DOC: fix comment regarding apache version in apache-noscript 2014-01-10 08:35:37 +11:00
Daniel Black
8e5366a7e9 DOC: for apache-botsearch and apache-botsearch 2014-01-10 07:34:01 +11:00
Steven Hiscocks
7e8da15fc6 Merge pull request #572 from grooverdan/counterstrike
ENH: Counter Strike filter
2014-01-08 12:47:10 -08:00
Yaroslav Halchenko
6532a2e2f7 Merge pull request #548 from grooverdan/exim-honeypot
Exim honeypot
2014-01-07 06:14:42 -08:00
Daniel Black
d94efe719d ENH: jail.conf for counter-strike 2014-01-07 20:50:50 +11:00
Daniel Black
0fb6bc7188 ENH: add filter for Counter Strike 1.6. Closes gh-347 2014-01-07 20:33:57 +11:00
Daniel Black
aabdc51e87 BF: revert separate jail for exim-honeypot as only exim-spam exists. 2014-01-07 16:26:29 +11:00
Daniel Black
9e087b508d MRG: from 0.9 2014-01-07 16:11:40 +11:00
Daniel Black
58ebf659e4 MRG: from 0.9 to make history cleaner 2014-01-07 16:07:58 +11:00
Yaroslav Halchenko
9a8b449086 DOC: some typos, fixes from Vincent Lefevre 2014-01-06 23:38:52 -05:00
Daniel Black
9e390d6549 ENH: jail.conf for exim-honeypot 2014-01-07 11:53:20 +11:00
Daniel Black
809581ae99 ENH: jail.conf for apache-botsearch 2014-01-07 11:52:21 +11:00
Daniel Black
ed9ed6d0cb TST/ENH: fix test case for ReadStockJailFilterComplete and add missing jails 2014-01-07 11:27:54 +11:00
Daniel Black
10fa5e3439 BF: fix jails for gssftpd and qmail 2014-01-07 10:49:11 +11:00
Daniel Black
549f64e86c BF: remove imap2 - not an IANA and probably not used 2014-01-07 10:25:29 +11:00
Daniel Black
320861b7dc Merge branch 'more-jails-0.9' into master_to_0.9 2014-01-07 10:24:27 +11:00
Daniel Black
76468942f9 MRG: complete merge from master 2014-01-07 10:24:23 +11:00
Daniel Black
fa6a183e94 BF: typos in jail.conf corrected 2014-01-07 09:49:27 +11:00
Daniel Black
a31c76f126 ENH: jail cleanup and fill in missing for 0.9 2014-01-07 09:34:39 +11:00
Daniel Black
755af0a51e Merge pull request #562 from grooverdan/jail.conf-complete_and_correct
ENH: Jail.conf now has all filters and TST: a mechanism to test this is truee
2014-01-06 12:08:45 -08:00
Daniel Black
90fdf5fc21 ENH: jail.conf entry for groupoffice 2014-01-07 06:55:38 +11:00
Daniel Black
ab3ded2205 Merge pull request #549 from kwirk/python-actions
ENH: Python actions
2014-01-06 02:58:45 -08:00
Daniel Black
50eab4df81 ENH: add filter groupoffice. Closes gh-566 2014-01-06 21:56:22 +11:00
Daniel Black
f137c7b107 BF: stunnel doesnt need datepattern as its inbuilt 2014-01-06 09:53:54 +11:00
Daniel Black
1687505995 BF: Fix datepattern 2014-01-06 09:06:05 +11:00
Steven Hiscocks
6c301ae210 Merge pull request #563 from grooverdan/gh-289-ssh
BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHAN...
2014-01-05 09:55:05 -08:00
Daniel Black
03aba92238 ENH: add kerio filter 2014-01-05 23:41:49 +11:00
Daniel Black
1c5787174f BF: escape . in stunnel filter 2014-01-05 23:25:49 +11:00
Daniel Black
a8e0498389 BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHANGE_FAILED. closes gh-289 2014-01-05 21:26:26 +11:00
Daniel Black
a9f804e443 ENH: complete stock jail.conf to contain all filters 2014-01-05 21:03:16 +11:00
Daniel Black
6ce2ba2895 ENH: additional phpmyadmin tips from Tom on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal. Block is now a prefix of a path 2014-01-05 11:48:35 +11:00
Daniel Black
c37ee4cc52 DOC: filter.d/vsftpd doco from wiki 2014-01-05 11:30:56 +11:00
Daniel Black
6602937ee1 DOC: filter.d./pure-ftpd doco from wiki 2014-01-05 11:24:20 +11:00
Steven Hiscocks
69a850d226 DOC: Update docstrings for smtp.py action 2014-01-04 22:46:57 +00:00
Steven Hiscocks
6e63f0ea5a RF: Change Jails and Actions to Mapping types 2014-01-04 16:57:08 +00:00
Daniel Black
d7666c8942 DOC: bit more on how to use freeswitch 2014-01-04 12:39:48 +11:00
Daniel Black
23f0b854da MRG: merge in freeswitch 2014-01-04 12:24:40 +11:00
Daniel Black
69b3a1cf64 BF: catchin DEBUG messages will result in duplicates 2014-01-04 12:10:51 +11:00
Daniel Black
05b159c74b Merge pull request #464 from grooverdan/increase-jail-name-length
ENH: Actions to have f2b- as prefix instead of fail2ban- as per #462
2014-01-03 14:48:56 -08:00
Daniel Black
3d1a1afca4 MRG: to more recent 0.9 2014-01-04 09:31:05 +11:00
Daniel Black
5fe75436cc DOC: DEV NOTES before author names 2014-01-04 08:53:45 +11:00
Daniel Black
477f30665a DOC: ignoreip for internal ips on freeswitch 2014-01-04 08:31:42 +11:00
Daniel Black
36533de6bc ENH: more filter expressions for freeswitch. Anchored existing one at end too 2014-01-04 08:21:22 +11:00
Daniel Black
d1faae3b3b BF: port not used in jail definition for freeswitch 2014-01-04 08:01:42 +11:00
Daniel Black
938ef689de DOC: dev notes on stunnel 2014-01-04 07:55:26 +11:00
Steven Hiscocks
80d6f74ee8 RF: Refactor actions further, include removing server proxy interface
This allows direct setting of action properties and calling of methods
from the fail2ban-client if so required.
2014-01-03 17:04:49 +00:00
Daniel Black
7c09a61ca5 ENH: add apache-botsearch. Closes gh-544 2014-01-03 23:12:58 +11:00
Daniel Black
b8536490ef ENH: filter for stunnel from fail2ban wiki 2014-01-03 19:32:29 +11:00
Daniel Black
a0c2de3e4d DOC: document incompatiblity between APF and iptables-* actions. Closes gh-510 2014-01-03 16:51:38 +11:00
Daniel Black
04d28fd2e1 ENH: add filter freeswitch - as raised on mailing list 2014-01-03 13:00:37 +11:00
Daniel Black
117d3b0466 MRG: horde filter from master 2014-01-03 10:34:59 +11:00
Daniel Black
83f3aeb308 ENH: filter for horde 2014-01-02 23:12:36 +11:00
Steven Hiscocks
98bf511443 BF: Incorrect number of arguments in smtp.py action connect log 2014-01-01 23:50:44 +00:00
Steven Hiscocks
5b2b59d752 ENH: python actions use initOpts as **kwargs
Adds an easy way to handle case where mandatory arguments are missed, or
not valid arguments are passed
2014-01-01 23:18:11 +00:00
Steven Hiscocks
6ef911185d ENH: Add matches to smtp.py action 2014-01-01 12:27:49 +00:00
Daniel Black
55688395fb DOC: doco for exim-spam 2014-01-01 22:56:08 +11:00
Daniel Black
9c7bb3b97e ENH: exim-spam to take honeypot email address as argument. Closes #541 2014-01-01 22:45:13 +11:00
Daniel Black
391b5fc883 MRG: from master again 2014-01-01 2014-01-01 19:28:38 +11:00
Steven Hiscocks
f37c90cdba ENH: Python based actions
Python actions are imported from action.d config folder, which have .py
file extension. This imports and creates an instance of the Action class
(Action can be a variable that points to a class of another name).
fail2ban.server.action.ActionBase is a base class which can be inherited
from or as a minimum has a subclass hook which is used to ensure any
imported actions implements the methods required.
All calls to the execAction are also wrapped in a try except such that
any errors won't cripple the jail.
Action is renamed CommandAction, to clearly distinguish it from other
actions.

Include is an example smtp.py python action for sending emails via smtp.
This is work in progress, as looking to add the <matches> and whois
elements, and also SSL/TLS support.
2013-12-31 18:54:34 +00:00
Daniel Black
e8710b679d ENH: stronger regex for failregex 2013-12-31 08:22:52 +11:00
Daniel Black
856407379b ENH: add filter openwebmail. Closes gh-543. 2013-12-31 08:09:00 +11:00
Daniel Black
ccb64e68b4 DOC: for exim-spam to say how to enable the log lines for the latest regex 2013-12-29 21:53:26 +00:00
Daniel Black
b5f5ddf123 ENH: end anchor for exim-spam 2013-12-29 20:56:25 +00:00
Daniel Black
d727ba639a ENH: exim-spam to include spamassassin log entry. Closes gh-533 2013-12-29 20:16:37 +00:00
Daniel Black
c074773805 ENH: apache modsecurity from 0.9 branch 2013-12-29 07:06:13 +00:00
Daniel Black
be382dae4d MRG: ufw changelog conflicts 2013-12-29 05:45:06 +00:00
Daniel Black
1f6ece2a40 Merge pull request #490 from grooverdan/firewallcmd-ipset
ENH: add firewallcmd-ipset
2013-12-28 21:43:49 -08:00
Daniel Black
ea2a13946e TST: more test of filters 2013-12-29 05:29:59 +00:00
Daniel Black
c9cfdca396 ENH: add filter for apache-modsecurity 2013-12-28 22:28:11 +00:00
Daniel Black
ddac79c15c TST: include blank ignorecommand in jail.conf to indicate default value and to raise test coverage 2013-12-25 11:01:31 +00:00
bes.internal
ebd89ec077 New ignorecommand that is added to the ignoreip list from output of an external program
ignorecommand update man and fix protocol help

ENH: run ignore command only after internal list has been examined. Change interface on ignorecommand to take IP as environment variable and return true if it is to be banned

ENH: ignore IP command to take tagged command

DOC: man pages for ingorecommand

TST: add test cases for ignorecommand
2013-12-24 23:55:35 +03:00
Daniel Black
382d68f0fe DOC: perfork model for apache log format 2013-12-23 09:09:48 +00:00
Daniel Black
1b7df1181f BF: apache-2.4 log format fix. Closes gh-516 2013-12-23 08:28:40 +00:00
Yaroslav Halchenko
7af58b9984 Merge branch 'apache-noscripts' of https://github.com/grooverdan/fail2ban
* 'apache-noscripts' of https://github.com/grooverdan/fail2ban:
  ENH: apache-noscript now matched php-cgi scripts. Closes gh-503

Conflicts:
	ChangeLog -- two new entries collided,  Reformatted the merged one a bit
2013-12-22 22:28:57 -05:00
Daniel Black
a9b7d33c51 ENH: apache-noscript now matched php-cgi scripts. Closes gh-503 2013-12-19 10:01:24 +00:00
Daniel Black
a1a219189f Merge pull request #493 from grooverdan/xarf-ipmatch
ENH: use ipmatches for action xarf-login-attack
2013-12-19 01:28:49 -08:00
Daniel Black
ed2f46759c MRG: restore accidently deleted pam comment in jail.conf 2013-12-19 09:21:12 +00:00
Daniel Black
44a0981495 MRG: fix recidive filter 2013-12-19 09:18:18 +00:00
Steven Hiscocks
d22716ab63 ENH: Add nsd filter and amend DateEpoch to match date format 2013-12-18 22:31:54 +00:00
Daniel Black
7c0efc8ec8 MRG: merge so far - flushLogs not working yet 2013-12-16 15:08:34 +00:00
Daniel Black
4eedf9d4e1 ENH: use ipmatches for action xarf-login-attack 2013-12-15 23:49:38 +00:00
Daniel Black
a398c51d6c ENH: simplify actioncheck on firewallcmd-new a little more 2013-12-15 22:36:47 +00:00
Daniel Black
772def1095 Merge pull request #491 from kwirk/ipmatches
ENH: Add <ipmatches> and <ipjailmatches> tags + sendmail implementations
2013-12-15 14:29:02 -08:00
Steven Hiscocks
40007abc1d ENH: Refactor and add database matches and failures for sendmail actions 2013-12-15 21:41:43 +00:00
Steven Hiscocks
2deb76e3f9 Merge pull request #492 from grooverdan/abusix-disclaimer
ENH: full abusix disclaimer in action xarf-login-attack
2013-12-14 13:35:43 -08:00
Daniel Black
1c6c011154 EHH missed trailing . 2013-12-14 21:22:46 +00:00
Daniel Black
868a4ea470 ENH: full abusix disclaimer in action xarf-login-attack 2013-12-14 21:18:20 +00:00
Daniel Black
9fe0a69852 ENH: add firewallcmd-ipset 2013-12-14 09:06:01 +00:00
Daniel Black
4ffc57e14f ENH: simplify firewallcmd-new actioncheck and provide output samples 2013-12-14 07:11:29 +00:00
Daniel Black
ed816afbcd ENH: add badips action 2013-12-14 01:41:28 +00:00
Daniel Black
1ff52dfe4d DOC: document ufw a bit more. Change insertpos default to 1 to allow it to work if the user run ufw enable 2013-12-14 00:40:47 +00:00
Daniel Black
f35345ecaa ENH: add ufw action based off Guilhem Lettron's work in lp-#701522. Closes gh-455 2013-12-14 00:34:12 +00:00
Daniel Black
13ccebe78f BF: fix actioncheck in firewallcmd 2013-12-13 23:40:51 +00:00
Steven Hiscocks
0bcff771b8 ENH: Add <ipmatches> and <ipjailmatches> tags
Example use filter also added for sendmail-whois with ipmatches rather
than grepped lines
2013-12-13 22:40:11 +00:00
Steven Hiscocks
2c3dbc8046 BF: In 0.9 recidive bans come from fail2ban.server.actions
Also changed journalmatch to limit to WARNING priority to avoid the
recidive + DEBUG combo issue
2013-12-13 21:55:43 +00:00
Steven Hiscocks
b7d1579c9d MRG: branch 'kwirk/database' into 0.9 - gh-480
Conflicts:
	fail2ban/tests/utils.py
        - Another test suite added in separate commit e09b700
2013-12-13 17:15:19 +00:00
Steven Hiscocks
e18af48e34 ENH: Database now optional, by setting dbfile to "None" 2013-12-10 21:16:36 +00:00
Daniel Black
9d532828fc BF: multiple _ separated values according to http://wiki.squid-cache.org/SquidFaq/SquidLogs#Squid_result_codes. Thanks Steven 2013-12-11 07:44:41 +11:00
Daniel Black
66374913ec ENH: add squid filter 2013-12-10 21:24:37 +11:00
Daniel Black
db4c21acde BF/DOC: fix filename in documentation for filter.d/proftpd 2013-12-09 14:46:01 +11:00
Daniel Black
e8eab11615 DOC: proftp - turn off ReverseDNS 2013-12-09 14:45:09 +11:00
Daniel Black
f385439a41 MRG: ChangeLog merge 2013-12-09 09:28:42 +11:00
Daniel Black
36917d7517 BF: action.d/complain - match IP at beginning and end of lines 2013-12-09 09:21:55 +11:00
Steven Hiscocks
d8c7bca9b0 BF: Fix dbpurgeage default value, and change default dbfile extension 2013-12-08 11:35:12 +00:00
Steven Hiscocks
bbadef847b ENH: Add fail2ban persistent data storage 2013-12-07 23:23:28 +00:00
Daniel Black
135c759dbb Merge pull request #477 from kwirk/blocklist.de
ENH: Added blocklist.de reporting API action
2013-12-06 16:16:39 -08:00
Steven Hiscocks
630dd91dcd BF: Add [Init] section to blocklist.de action 2013-12-07 00:09:31 +00:00
Steven Hiscocks
b3c173795e ENH: blocklist.de action error on HTTP response code 4xx 2013-12-06 08:22:21 +00:00
Daniel Black
51f2619878 Merge pull request #473 from grooverdan/whois-missing
ENH: Whois missing in actions? Include output to say so
2013-12-05 12:44:35 -08:00
Daniel Black
e07ba41870 Merge pull request #463 from grooverdan/firewall-cmd-direct-new-length-too-long
BF: firewall-cmd-direct-new was too long. Thanks Joel.
2013-12-05 12:42:55 -08:00
Steven Hiscocks
a19b33cc72 ENH: blocklist.de action added fail2ban version as user agent 2013-12-05 18:12:15 +00:00
Steven Hiscocks
f742ed0e4b DOC: when to use blocklist.de reporting
Taken from commit 1846056606
2013-12-05 18:06:53 +00:00
Steven Hiscocks
e810ec009d ENH: Added blocklist.de reporting API action 2013-12-05 08:22:20 +00:00
Daniel Black
4dc51e5def BF: put notice in email if whois program could not provide more information. Closes gh-471 2013-12-04 22:43:06 +11:00
Daniel Black
97d7f46bb7 DOC: correct grammar - s/Here are more information/Here is more information/ 2013-12-04 22:40:48 +11:00
Daniel Black
8aead9ab79 BF: escape quotes when splitting addresses for xarf 2013-12-04 08:19:05 +11:00
Daniel Black
1846056606 DOC: when to use xarf messages to network owner 2013-12-03 20:40:42 +11:00
Daniel Black
8c37d2e4de ENH: remove dependency on querycontacts 2013-12-03 20:34:21 +11:00
Daniel Black
bfd435091d ENH: jail examples for xarf-login-attack 2013-12-01 20:29:43 +11:00
Daniel Black
dd356c3cef BF: fixed for sendmail and tested the MTA aspects of this action 2013-12-01 19:08:28 +11:00
Daniel Black
9df5f4eec8 BF: remove debugging tee command on xarf-login-attack 2013-12-01 17:53:34 +11:00
Daniel Black
d015f7f4fc BF/ENH: fixed so xarf-login-attack works 2013-12-01 17:49:35 +11:00
Daniel Black
0495aa098e BF: grep matches on <ip> shouldn't include other IPs 2013-11-30 18:01:45 +11:00
Daniel Black
95845b7b65 BF: complain action could match too many IP addresses 2013-11-30 17:47:10 +11:00
Daniel Black
5cc7173fd4 ENH: add xarf email sender for login-attack type 2013-11-30 14:16:26 +11:00
Yaroslav Halchenko
3a5983ab0b Merge branch 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban
* 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban:
  Changelog entries for the last changes
  ENH: added optional [PID] matching in recidive.conf
  ENH: reintroducing levelnameinto syslog msgs, time stamp and indentation in non-syslog msgs
  BF/ENH: include [PID] into logging msgs, remove indentation from syslog messages

Conflicts:
	ChangeLog
2013-11-29 19:58:56 -05:00
Daniel Black
f7504d5b64 MRG: conflict in THANKS 2013-11-30 10:39:19 +11:00
Daniel Black
56b6bf7d25 ENH: reduce firewalld-cmd-new -> firewallcmd-new 2013-11-30 10:30:29 +11:00
Daniel Black
04438cd1a1 BF/ENH: mysql jail - rename to mysql-syslog to be consistent with 0.8.13. Add port to syslog defination. Document mysql configuration required for mysql jails 2013-11-30 10:00:59 +11:00
Daniel Black
3f4d179612 BF: smtps not an IANA port - from #447 2013-11-30 09:52:32 +11:00
Daniel Black
fe9e077acf BF: correct spelling of port for solid-pop3 jail in jail.conf 2013-11-30 09:51:30 +11:00
Daniel Black
86a0a5962a BF: revert to fail2ban- prefix as f2b- was intended for 0.9 2013-11-30 08:05:20 +11:00
Yaroslav Halchenko
25e967f23b Merge branch 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban
* 'mysqld-syslog-iptables-name-too-long' of https://github.com/grooverdan/fail2ban:
  BF: jail name mysqld-syslog-iptables too long. removed -iptables. Thanks Stefan (#447)

Conflicts:
	ChangeLog
2013-11-29 10:02:31 -05:00
Daniel Black
b9b2ddf996 BF: smtps not IANA standard. Closes #447 2013-11-29 21:47:53 +11:00