-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'upstream-0.8' into upstream
* upstream-0.8: BF: proftpd filter -- if login failed -- count regardless of the reason for failure BF: Allow for trailing spaces in proftpd logs BF: escaping () in pure-ftpd filter. Thanks Teodor BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314 ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599 NF: Adding found on a drive filter.d/dovecot.conf ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182 ENH: dropbear filter: see http://bugs.debian.org/546913 BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
- Loading branch information
Showing
15 changed files
with
127 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Fail2Ban configuration file for dovcot | ||
# | ||
# Author: | ||
# | ||
# $Revision: $ | ||
# | ||
|
||
[Definition] | ||
|
||
# Option: failregex | ||
# Notes.: regex to match the password failures messages in the logfile. The | ||
# host must be matched by a group named "host". The tag "<HOST>" can | ||
# be used for standard IP/hostname matching and is only an alias for | ||
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) | ||
# Values: TEXT | ||
# | ||
failregex = .*(?: pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.* | ||
|
||
# Option: ignoreregex | ||
# Notes.: regex to ignore. If this regex matches, the line is ignored. | ||
# Values: TEXT | ||
# | ||
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
# Fail2Ban configuration file | ||
# | ||
# Author: Francis Russell | ||
# Zak B. Elep | ||
# | ||
# $Revision$ | ||
# | ||
# More information: http://bugs.debian.org/546913 | ||
|
||
[INCLUDES] | ||
|
||
# Read common prefixes. If any customizations available -- read them from | ||
# common.local | ||
before = common.conf | ||
|
||
|
||
[Definition] | ||
|
||
_daemon = dropbear | ||
|
||
# Option: failregex | ||
# Notes.: regex to match the password failures messages in the logfile. The | ||
# host must be matched by a group named "host". The tag "<HOST>" can | ||
# be used for standard IP/hostname matching and is only an alias for | ||
# (?:::f{4,6}:)?(?P<host>\S+) | ||
# Values: TEXT | ||
|
||
# These match the unmodified dropbear messages. It isn't possible to | ||
# match the source of the 'exit before auth' messages from dropbear. | ||
# | ||
failregex = ^%(__prefix_line)slogin attempt for nonexistent user ('.*' )?from <HOST>:.*\s*$ | ||
^%(__prefix_line)sbad password attempt for .+ from <HOST>:.*\s*$ | ||
|
||
# The only line we need to match with the modified dropbear. | ||
|
||
# NOTE: The failregex below is ONLY intended to work with a patched | ||
# version of Dropbear as described here: | ||
# http://www.unchartedbackwaters.co.uk/pyblosxom/static/patches | ||
# | ||
# The standard Dropbear output doesn't provide enough information to | ||
# ban all types of attack. The Dropbear patch adds IP address | ||
# information to the 'exit before auth' message which is always | ||
# produced for any form of non-successful login. It is that message | ||
# which this file matches. | ||
|
||
# failregex = ^%(__prefix_line)sexit before auth from <HOST>.*\s*$ | ||
|
||
# Option: ignoreregex | ||
# Notes.: regex to ignore. If this regex matches, the line is ignored. | ||
# Values: TEXT | ||
# | ||
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters