CERBERUS/fail2ban
1
0
Fork 0
mirror of https://github.com/fail2ban/fail2ban.git synced 2026-05-13 14:36:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
6202 commits 34 branches 230 tags 18 MiB
Commit graph

6202 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gerardo Gonzalez
481be8790a
Update jail.conf.5 documentation for action tags 
Missing tags added:
family - IP address family string
ip-rev - Reverse DNS PTR record
ip-host - Hostname of the IP
fid - Failure/ticket ID
bantime - Effective ban duration
bancount - Number of times IP has been banned
restored - Flag for restored tickets (0 or 1)
F-* - Free-form filter match tags
raw-ticket - Raw ticket representation
jail.banned - Currently banned count
jail.banned_total - Total ban count
jail.found - Current failure count
jail.found_total - Total failure count
 2026-01-07 19:31:21 +01:00
sebres
948e923589 Merge fix for #4126 (branch 'gh-4126--py-3.15') 
refactor module loading to use exec_module: deprecated load_module is removed in py-3.15;
closes gh-4126
 2026-01-01 21:56:15 +01:00
Sergey G. Brester
247667c9c2
refactor loading of SMTP action module in tests (deprecated load_module removed in v.3.15) 2026-01-01 21:49:12 +01:00
Sergey G. Brester
7528fce11b
refactor module loading to use exec_module: load_module is deprecated; 
closes gh-4126
 2026-01-01 21:43:27 +01:00
Sergey G. Brester
edaf8ef19f
GHA-CI: update python 3.14 + added 3.15 2026-01-01 21:26:22 +01:00
Sergey G. Brester
74981e4c13
Merge pull request #3254 from evanlinde/master 
New filter for XRDP
 2025-12-07 01:19:01 +01:00
Sergey G. Brester
45453826a3
small amend with missing newline 2025-12-07 01:18:04 +01:00
Sergey G. Brester
2f0e05a0d7
Merge branch 'master' into master 2025-12-07 01:14:39 +01:00
sebres
ef65652671 filter.d/apache-badbots.conf, filter.d/apache-fakegooglebot.conf - regexs fixed to match lines with vhost in accesslog; 
closes gh-1594
 2025-11-28 22:27:06 +01:00
sebres
bfafd12c59 filter.d/apache-badbots.conf, filter.d/apache-fakegooglebot.conf - rewrite apache access-log REs more strict (remove catch-alls) 2025-11-28 22:16:23 +01:00
Sergey G. Brester
7c2bda4977
Fix image size for IPv6 logo in README 
Updated image tag in README to use 'style' attribute.
 2025-11-24 23:14:47 +01:00
sebres
3f78f1520b fixed typo in comparison by build of stream from filter options (see #4066) 2025-10-28 21:34:00 +01:00
Sergey G. Brester
7bac839603
Merge pull request #4069 from sebres/init-param-to-cond-section 
Setting of blocktype="DROP" via jail doesn't apply for IPv6 chain
 2025-09-24 18:23:44 +02:00
Sergey G. Brester
d0b94c147e
Update ChangeLog 2025-09-24 18:22:06 +02:00
Sergey G. Brester
070d49e09c
man/jail.conf.5 - update docu 2025-09-24 18:18:38 +02:00
Sergey G. Brester
dda4aa7d2d
Merge pull request #4075 from para-do-x/froxlor-auth 
Froxlor auth update
 2025-09-24 16:58:27 +02:00
para-do-x
ad9aba5871
Update ChangeLog gh4075 2025-09-24 18:43:39 +04:00
sebres
13563fd09b combine both REs to single RE, no prefregex needed here 2025-09-24 16:23:05 +02:00
sebres
a9401233dd code review, make it backwards compatible to logging type=1 (as suggested in https://github.com/fail2ban/fail2ban/issues/2926#issuecomment-774780120); use by default type=2 2025-09-24 16:09:42 +02:00
para-do-x
1379a262f6 Update froxlor-auth testfile 2025-09-24 15:59:19 +02:00
para-do-x
abdd0d4b25 Update jail.conf for froxlor-auth 
Changed logpath to syslog_user for froxlor-auth
 2025-09-24 15:59:18 +02:00
para-do-x
897b21a4c5 Update froxlor-auth.conf 
updated the regex to the new logging situation for froxlor.
 2025-09-24 15:59:17 +02:00
sebres
65668b8ed8 filter.d/postfix.conf - modes ddos and aggressive extended to match rate limit exceeded for connection or message delivery request rates; 
closes gh-3265;
closes gh-4073;
 2025-09-23 12:18:45 +02:00
sebres
2856092709 filter.d/postfix.conf - use common prefix instead of NOQUEUE for all modes, outside of mdpr-<mode> in prefregex (amend to gh-4072) 2025-09-18 15:01:05 +02:00
Sergey G. Brester
2ac7e1284f
Merge pull request #4072 from ulm/postfix-ddos 
filter.d/postfix.conf: Add optional "NOQUEUE:" to mdpr-ddos
 2025-09-18 14:35:35 +02:00
Ulrich Müller
0fee8dbe92 filter.d/postfix.conf: Add optional "NOQUEUE:" to mdpr-ddos 
The current regex doesn't match the following log entry, seen with
Postfix 3.10.2:

Sep 17 18:19:20 mxhost postfix/smtpd[12345]: NOQUEUE: lost connection after CONNECT from unknown[192.0.2.25]
Sep 17 18:19:20 mxhost postfix/smtpd[12345]: disconnect from unknown[192.0.2.25] commands=0/0
 2025-09-18 08:23:45 +02:00
Sergey G. Brester
6c47bf6461
Merge pull request #4068 from billfor/xarf 
fix `dig` to filter out warnings and prevent them from being injected as emails
 2025-09-15 17:23:32 +02:00
sebres
9534bdac37 filter.d/nginx-http-auth.conf: filter rewritten and extended: 
- with `prefregex` to capture content of error only (bypass common prefix and suffix, like server, request, host, referrer);
  - to match PAM authentication failures (gh-4071)
 2025-09-15 16:14:22 +02:00
Sergey G. Brester
a8875c36b8
Merge pull request #4070 from yizhao1/fix 
clientreadertestcase.py: set correct config dir for testReadStockJailFilterComplete
 2025-09-12 14:51:14 +02:00
Yi Zhao
9f26da3cf8 clientreadertestcase.py: set correct config dir for testReadStockJailFilterComplete 
In test case testReadStockJailFilterComplete, set configuration
directory to CONFIG_DIR (/etc/fail2ban/filter.d on the target) instead
of the hardcoded "config" directory. Otherwise, the config files will
not be found during runtime testing.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2025-09-12 12:53:45 +08:00
sebres
5beee494a3 allow to overwrite conditional parameters only direct from jail, for example 
`banaction = iptables-ipset[blocktype="...", blocktype?family=inet6="..."]`
 2025-09-11 23:11:45 +02:00
sebres
3fd3454146 if parameter supplied to the config, overwrite also conditional init options (from init?... section) 2025-09-11 19:39:06 +02:00
sebres
ce8cc5d261 test illustrating the issue with blocktype="DROP" for IPv6 chain (supplying init parameter to action doesn't overwrite the value in conditional section) 2025-09-11 16:44:06 +02:00
Sergey G. Brester
4539e6719c
Update ChangeLog 2025-09-10 20:19:34 +02:00
Sergey G. Brester
85cfb81782
lets see an error (with debug messages) in debug case 2025-09-10 20:04:10 +02:00
bill
3d23a44bb1 fix dig to filter out warnings from email address capture 2025-09-10 13:27:30 -04:00
Sergey G. Brester
77efe3b40c
Merge pull request #4020 from billfor/sendmail 
Update sendmail-reject.conf
 2025-09-02 19:46:57 +02:00
sebres
26b91862fc introduces a parameter mta_dname (default \S+) to allow more complex REs to match custom MTA daemon names (e.g. with spaces etc) 2025-09-02 19:41:40 +02:00
sebres
10b12e8c57 reorder 2 tests belonging together 2025-09-02 19:11:05 +02:00
sebres
13876e93ad fixes the inconsistency with F-MLFID ("ID" matched by (?:\w{14,20}: )? is optional in message); simplify PR 2025-09-02 19:11:04 +02:00
bill
70d7fd0fdd update the test for lost input channel with real ip 2025-09-02 12:54:42 -04:00
bill
9e72e78f34 filter.d/sendmail-reject.conf: support BSD log format. match user unknown messages. add aggressive mode for lost input channel and relaying denied messages 2025-09-01 22:34:53 -04:00
sebres
912e3c81a2 removes mistaken return in quiet case for set jail attempt command 2025-09-01 20:12:07 +02:00
sebres
c54d505dea small amend (info with date pattern before debug message with regex) 2025-09-01 18:10:43 +02:00
sebres
6ac181f559 improve logging of date pattern (count of default templates added, info if it's filtered or used pre-match) 2025-09-01 18:03:09 +02:00
sebres
52399e6ef1 amend to #2351: providing the attempt via fail2bans protocol (Pickle, client command, etc) must follow ignore facilities (shall be ignored if matches ignoreip, ignoreself, ignorecommand etc) 2025-08-26 18:03:46 +02:00
sebres
c9e1a1b087 silence warning "Unknown distribution option: 'test_suite'", seems not work anymore (2.x only?) - test suite shall be invoked using bin/fail2ban-testcases 2025-08-23 22:22:20 +02:00
sebres
a055568500 GHA: update python 3.14.0-rc.2 2025-08-23 22:10:55 +02:00
sebres
0265df854e silence skipping tests output for python versions that basically can not have the modules 2025-08-23 22:00:03 +02:00
sebres
a3d181c973 filter.d/dovecot.conf: new matches in aggressive mode: 
- new variant for `no auth attempts in X secs` with `Login aborted` and `(no_auth_attempts)`;
- covered `disconnected during TLS handshake` with `no application protocol` and `no shared cipher`.
 2025-08-23 20:22:08 +02:00