Commit graph

3494 commits

Author SHA1 Message Date
Yaroslav Halchenko
ea8fce6308 Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection
openssh 6.3 regex injection vectors:  inject into ruser and/or exploiting pre-specified limits set for user provided data
2013-11-08 14:35:18 -08:00
Yaroslav Halchenko
bf245f9640 DOC: adding DEV Notes for for non-greedy matchin within sshd.conf 2013-11-08 14:34:31 -08:00
Daniel Black
d6bbe03861 Merge pull request #424 from grooverdan/nginx-auth
ENH: add filter.d/nginx-http-auth. Partially forfils #405
2013-11-08 14:24:02 -08:00
Yaroslav Halchenko
a169badb95 Merge pull request #423 from yarikoptic/enh/gen_badbots
badbots filter: adding the script which was used + updated filter
2013-11-08 10:10:46 -08:00
Yaroslav Halchenko
750e0c1e3d BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input
since daemon might eventually change reported length and we would need to adjust anyways.  So limiting
in length does not provide additional security but allows for a possible injection vector
2013-11-08 10:10:33 -08:00
Yaroslav Halchenko
abb012ae5c BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy 2013-11-08 10:00:37 -08:00
Daniel Black
a8a1310098 ENH: sendmail-spam - loose regex on email and domain bits so more likely to match. Added dev notes and author attribution/blame 2013-11-08 10:54:10 +11:00
Yaroslav Halchenko
eace931c19 Changelog for prior changes (gen_buildbots) 2013-11-07 15:47:25 -08:00
Daniel Black
d7560d4041 ENH: condense asterisk regexs for speed 2013-11-08 10:24:50 +11:00
Daniel Black
ab9d921162 BF: missed action in nginx-http-auth 2013-11-08 10:09:19 +11:00
Daniel Black
a148d35d70 ENH: add filter.d/nginx-http-auth. Partially forfills #405 2013-11-08 10:06:40 +11:00
Yaroslav Halchenko
4522308354 ENH: regenerated config/filter.d/apache-badbots.conf 2013-11-07 14:26:18 -08:00
Yaroslav Halchenko
6f321068f1 NF: gen_badbots script to (re)generate/update config/filter.d/apache-badbots.conf 2013-11-07 14:25:57 -08:00
Daniel Black
cb982ef921 ENH: multiline filter for sendmail-spam. Closes gh-418 2013-11-08 08:55:45 +11:00
Daniel Black
e91d40ee34 Merge pull request #420 from yarikoptic/enh/release-0.8.11
DOC: release 0.8.11 - ChangeLog tidy
2013-11-06 12:48:09 -08:00
Yaroslav Halchenko
28ee7ba123 DOC: keeping Changelog release-phrases uniform, simplified intro, unified 2013-11-06 14:04:30 -05:00
Yaroslav Halchenko
f26fba9c19 DOC: Untabifying and reindenting a bit ChangeLog 2013-11-06 13:47:45 -05:00
Daniel Black
0730db9b2b Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam
BF:  wuftpd pam filter fix (Debian bug 665925)
2013-11-05 18:39:01 -08:00
Daniel Black
20693ffb8e Merge pull request #417 from grooverdan/debian-bug-709324-dovecot
BF: dovecot allow for newer fail message - Debian bug 709324
2013-11-05 18:38:29 -08:00
Daniel Black
5ebc386833 DOC: few more links for DEVELOP 2013-11-06 13:35:04 +11:00
Daniel Black
e55b24c533 BF: fix dovecot filter for newer failure message. Closes Debian bug #709324 2013-11-06 12:51:21 +11:00
Daniel Black
8b54523316 BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925 2013-11-06 12:13:37 +11:00
Daniel Black
d22214da79 Add Fedora git repo of fail2ban package to DEVELOP 2013-11-06 12:03:19 +11:00
Daniel Black
ac1f45d18c Merge pull request #412 from grooverdan/firewalld
ENH: enhance firewall-cmd to use firewall-0.8.3's --remove-rules
2013-11-05 16:46:18 -08:00
Daniel Black
87f68d7564 firewalld-0.3.8 release that support --remove-rules out so documenting this. 2013-11-06 11:37:56 +11:00
Daniel Black
1405188bcc Merge pull request #414 from grooverdan/0.8.11-merge-to-0.9
MRG: 0.8.11 merge to 0.9
2013-11-05 16:04:37 -08:00
Daniel Black
2f79e7cd49 TST: fix test case for testVariousTimes 2013-11-06 11:01:35 +11:00
Daniel Black
5189fa4c11 MRG: pruge moved test cases actionstestcase and clientreadertestcase 2013-11-06 10:40:11 +11:00
Daniel Black
ee1edfbf0c BF: remove duplication definition secion in webmin-auth 2013-11-04 17:54:36 +11:00
Daniel Black
60006bd70f BF: remove duplication definition secion in webmin-auth 2013-11-04 17:51:41 +11:00
Daniel Black
47d35c9d80 MRG: 0.8.11 to 0.9
Epnoc of selinux is now true UTC

Merge multiline support and date detection in filter
2013-11-02 15:59:05 +11:00
Daniel Black
a9fe3d5df9 DOC: alter release notes a bit more and versions in README.md 2013-10-31 14:44:14 +11:00
Daniel Black
5cefb8aff9 BF/DOC: fix hopefully final MANIFEST and release instructions 2013-10-31 11:30:07 +11:00
Daniel Black
6db9e64934 DOC: final updates to release doco 2013-10-31 10:56:45 +11:00
Daniel Black
4ec0e3f087 DOC: version 0.8.11.pre1 2013-10-31 10:51:37 +11:00
Daniel Black
3b2083b06d DOC: ChangeLog header and merge 2013-10-31 10:44:40 +11:00
Daniel Black
f860307b57 DOC: update man pages. Add references to jail.conf from fail2ban-client man page 2013-10-31 10:27:30 +11:00
Daniel Black
fff996c8df ENH: fix fail2ban-regex output to generate a man page with copyright notices 2013-10-31 10:26:49 +11:00
Daniel Black
a38be3f9ab Merge branch 'master' of https://github.com/fail2ban/fail2ban 2013-10-31 09:13:57 +11:00
Daniel Black
b5c10488c1 Merge pull request #409 from grooverdan/filter-doco
DOC: in filters, put user relevant doc at top, and developer info at bot...
2013-10-30 15:11:46 -07:00
Daniel Black
5eddd5d12d DOC: document required firewalld version as > 0.3.7.1 2013-10-31 09:10:59 +11:00
Daniel Black
2810f97fe5 DOC: merge ChangeLog 2013-10-31 09:07:06 +11:00
Daniel Black
27d257d5a6 Merge pull request #408 from grooverdan/dropbear
BF: filter.d/dropbear
2013-10-30 14:43:07 -07:00
Daniel Black
8ac6081555 ENH: fix to use upstream --remove-rules
https://fedorahosted.org/firewalld/ticket/10
2013-10-31 01:23:00 +11:00
Daniel Black
a5ac0a49e7 DOC: Version number changes in DEVELOP 2013-10-31 01:12:04 +11:00
Daniel Black
3a4ba2dba6 DOC: ChangeLog - TODO top summary before final release 2013-10-31 01:11:42 +11:00
Daniel Black
363d53e8d7 update man pages for release 2013-10-31 01:00:38 +11:00
Daniel Black
c19a685ee3 DOC: version 0.8.11.pre 2013-10-31 00:58:48 +11:00
Daniel Black
93de46ac72 BF: maxretry=5 for ssh as per DEVELOP. align = in jail.conf 2013-10-31 00:52:47 +11:00
Daniel Black
8441539988 DOC: reorder bits of changelog
The enhancements list was too long an maybe not always appropriate.

Reclassified changes to filters to catch new versions as bug fixes
since the new version of the application is effectively broken.

Moved large enhancements to New Features.
2013-10-31 00:43:02 +11:00