-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added regex for LDAP authentication failures #1370
Conversation
Please merge |
Each failregex expression (line) should have at least one test case, so please extend tests/files/logs/dovecot with corresponding lines (json with match true and example line after it)... You can test if it has success with following command:
BTW. I miss changelog entry also... |
Ah, sorry, missed that. N00b error. ;) I'll run up the test cases etc when I get a few spare minutes this week. |
Current coverage is
|
ok, added in the tests and updated the changelog. Should be ready to commit... |
I don't really like such not exact expressions, |
ver. 0.9.5 (2016/07/15) - old-not-obsolete ----------- 0.9.x line is no longer heavily developed. If you are interested in new features (e.g. IPv6 support), please consider 0.10 branch and its releases. * `filter.d/monit.conf` - Extended failregex with new monit "access denied" version (fail2bangh-1355) - failregex of previous monit version merged as single expression * `filter.d/postfix.conf`, `filter.d/postfix-sasl.conf` - Extended failregex daemon part, matching also `postfix/smtps/smtpd` now (fail2bangh-1391) * Fixed a grave bug within tags substitutions because of incorrect detection of recursion in case of multiple inline substitutions of the same tag (affected actions: `bsd-ipfw`, etc). Now tracks the actual list of the already substituted tags (per tag instead of single list) * `filter.d/common.conf` - Unexpected extra regex-space in generic `__prefix_line` (fail2bangh-1405) - All optional spaces normalized in `common.conf`, test covered now - Generic `__prefix_line` extended with optional brackets for the date ambit (fail2bangh-1421), added new parameter `__date_ambit` * `gentoo-initd` fixed `--pidfile` bug: `--pidfile` is option of `start-stop-daemon`, not argument of fail2ban (see fail2bangh-1434) * `filter.d/asterisk.conf` - Fixed security log support for PJSIP and Asterisk 13+ (fail2bangh-1456) - Improved log support for PJSIP and Asterisk 13+ with different callID (fail2bangh-1458) * New Actions: - `action.d/firewallcmd-rich-rules` and `action.d/firewallcmd-rich-logging` (fail2bangh-1367) * New filters: - slapd - ban hosts, that were failed to connect with invalid credentials: error code 49 (fail2bangh-1478) * Extreme speedup of all sqlite database operations (fail2bangh-1436), by using of following sqlite options: - (synchronous = OFF) write data through OS without syncing - (journal_mode = MEMORY) use memory for the transaction logging - (temp_store = MEMORY) temporary tables and indices are kept in memory * journald journalmatch for pure-ftpd (fail2bangh-1362) * Added additional regex filter for dovecot ldap authentication failures (fail2bangh-1370) * `filter.d/exim*conf` - Added additional regexes (fail2bangh-1371) - Made port entry optional * tag '0.9.5': (70 commits) DOC: preparations for 0.9.5 release Added missing files to MANIFEST another variant of regex add trailing anchor to failregex DOC: Reformatted ChangeLog into legit Markdown (Closes fail2ban#962) DOC: tuned up ChangeLog entries for 0.9.5 add PR id to ChangeLog improved failregex according to @sebres recomendations Improved changes of fail2bangh-1458: `[^']*` after callid was wrong, changed to `[^\)]*`; regexp anchored at the end; almost the same regex grouped to one; Improve PJSIP log support for asterisk 13+ with different callID (Squash fail2bangh-1458) Change the asterisk pjsip filter to don't take the callId part Add optional part between "Request" and "from" Listed all log message from asterisk * add `__prefix_line` to regex * fix time in log file add info to log file added sample log lines for slapd adding openldap slapd filter badip timeout option introduced, set to 30 seconds in our test cases (fail2ban#1463) DOC: changelog for recent exim filters tune up Asterisk pjsip (fail2ban#1456) BF: finalize that sample log line for exim4 amend for new option of `usedns=raw` - forgotten validation fix inside setUseDns RF: for consistency use (?:XXX)? instead of (?:|XXX) ...
ver. 0.9.5 (2016/07/15) - old-not-obsolete ----------- 0.9.x line is no longer heavily developed. If you are interested in new features (e.g. IPv6 support), please consider 0.10 branch and its releases. * `filter.d/monit.conf` - Extended failregex with new monit "access denied" version (gh-1355) - failregex of previous monit version merged as single expression * `filter.d/postfix.conf`, `filter.d/postfix-sasl.conf` - Extended failregex daemon part, matching also `postfix/smtps/smtpd` now (gh-1391) * Fixed a grave bug within tags substitutions because of incorrect detection of recursion in case of multiple inline substitutions of the same tag (affected actions: `bsd-ipfw`, etc). Now tracks the actual list of the already substituted tags (per tag instead of single list) * `filter.d/common.conf` - Unexpected extra regex-space in generic `__prefix_line` (gh-1405) - All optional spaces normalized in `common.conf`, test covered now - Generic `__prefix_line` extended with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` * `gentoo-initd` fixed `--pidfile` bug: `--pidfile` is option of `start-stop-daemon`, not argument of fail2ban (see gh-1434) * `filter.d/asterisk.conf` - Fixed security log support for PJSIP and Asterisk 13+ (gh-1456) - Improved log support for PJSIP and Asterisk 13+ with different callID (gh-1458) * New Actions: - `action.d/firewallcmd-rich-rules` and `action.d/firewallcmd-rich-logging` (gh-1367) * New filters: - slapd - ban hosts, that were failed to connect with invalid credentials: error code 49 (gh-1478) * Extreme speedup of all sqlite database operations (gh-1436), by using of following sqlite options: - (synchronous = OFF) write data through OS without syncing - (journal_mode = MEMORY) use memory for the transaction logging - (temp_store = MEMORY) temporary tables and indices are kept in memory * journald journalmatch for pure-ftpd (gh-1362) * Added additional regex filter for dovecot ldap authentication failures (gh-1370) * `filter.d/exim*conf` - Added additional regexes (gh-1371) - Made port entry optional * tag '0.9.5': Added missing files to MANIFEST BF: do not rely on long relative path to upstairs config - symlink common.conf
no longer required... |
resolves #1291
Mar 23 06:10:52 auth: Info: ldap(dog,52.37.139.121,): invalid credentials