CERBERUS/fail2ban
1
0
Fork 0
mirror of https://github.com/fail2ban/fail2ban.git synced 2026-05-13 14:36:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
fail2ban/config/filter.d
History
Exact
sebres 8d3f5048ef filter.d/postfix.conf - extended prefregex to capture username in postfix SASL failures; 
closes gh-4165
2026-04-11 14:42:57 +02:00
..
ignorecommands filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast); 2021-03-02 19:35:27 +01:00
3proxy.conf
apache-auth.conf [DATALAD RUNCMD] run codespell throughout fixing typo automagically 2023-11-18 10:04:04 -05:00
apache-badbots.conf filter.d/apache-badbots.conf, filter.d/apache-fakegooglebot.conf - regexs fixed to match lines with vhost in accesslog; 2025-11-28 22:27:06 +01:00
apache-botsearch.conf Merge branch 'master' into 0.10 2017-10-18 19:00:23 +02:00
apache-common.conf filter.d/apache-common.conf: remote besides client, gh-3622 2024-03-15 22:36:40 +01:00
apache-fakegooglebot.conf filter.d/apache-badbots.conf, filter.d/apache-fakegooglebot.conf - regexs fixed to match lines with vhost in accesslog; 2025-11-28 22:27:06 +01:00
apache-modsecurity.conf updated 2019-04-24 21:35:19 +02:00
apache-nohome.conf
apache-noscript.conf filter.d/apache-noscript.conf - consider new log-format with "AH02811: stderr from /..."; 2025-03-28 22:52:51 +01:00
apache-overflows.conf filter.d/apache-overflows.conf - consider AH10244: invalid URI path; 2024-06-28 12:50:14 +02:00
apache-pass.conf
apache-shellshock.conf Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10 2017-12-01 15:53:11 +01:00
assp.conf
asterisk.conf revert RE back, but relive the end-anchor a bit (ignore any text without single quote, so also preventing false match by injection on foreign data) 2025-07-20 15:04:15 +02:00
bitwarden.conf review and small tweaks (more precise and safe RE) 2020-11-09 13:43:59 +01:00
botsearch-common.conf
centreon.conf Add Centreon jail 2019-10-24 14:37:18 +02:00
common.conf common.conf: fixed typo in comment (rfc5424 for logtype) 2022-05-12 18:09:09 +02:00
counter-strike.conf
courier-auth.conf filter.d/courier-auth.conf: consider optional port after IP, regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now; 2022-02-09 12:18:23 +01:00
courier-smtp.conf filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697) 2020-04-21 13:32:17 +02:00
cyrus-imap.conf
dante.conf IPv6 fix (second IP logged in form for IPv6); pam authentication failure (part of gh-3410) 2023-12-30 15:10:37 +01:00
directadmin.conf
domino-smtp.conf filter.d/domino-smtp.conf: 2018-09-21 14:14:00 +02:00
dovecot.conf filter.d/dovecot.conf: new matches in aggressive mode: 2025-08-23 20:16:40 +02:00
dropbear.conf filter.d/dropbear.conf: failregex extended to match different format of "Exit before auth" message; 2024-12-27 16:43:33 +01:00
drupal-auth.conf more precise RE (avoids weakness with catch-all's and is injection safe) 2021-02-11 18:32:32 +01:00
ejabberd-auth.conf small amend to gh-1850: removed greedy catch-all at end. 2017-08-07 15:24:16 +02:00
exim-common.conf bypass additional pid in prefix (may be logged by syslog-ng, gh-3060); matches protocol error with authentication mechanism not supported 2024-03-25 15:52:06 +01:00
exim-spam.conf filter.d/exim.conf: 2024-03-25 15:31:23 +01:00
exim.conf filter.d/exim.conf: colon must be outside of F-RCPT group 2025-04-27 23:00:09 +02:00
freeswitch.conf filter.d/freeswitch.conf: bypass some new info in prefix before [WARNING] (changed default _pref_line); 2024-12-04 16:56:23 +01:00
froxlor-auth.conf combine both REs to single RE, no prefregex needed here 2025-09-24 16:23:05 +02:00
gitlab.conf New Gitlab jail 2020-04-09 16:42:08 +02:00
grafana.conf no catch-alls, user name and error message stored in ticket 2020-11-09 15:36:30 +01:00
groupoffice.conf
gssftpd.conf
guacamole.conf Enhance Guacamole jail 2020-08-25 13:01:50 +02:00
haproxy-http-auth.conf
horde.conf
kerio.conf
lighttpd-auth.conf 2nd RE unneeded, fix single RE - bypass everything before open parenthesis 2025-03-04 13:02:50 +01:00
mongodb-auth.conf [DATALAD RUNCMD] run codespell throughout fixing typo automagically 2023-11-18 10:04:04 -05:00
monit.conf filter.d/common.conf: closes gh-2650, avoid substitute of default values in related lt_* section, __prefix_line should be interpolated in definition section (after the config considers all sections that can overwrite it); 2020-03-05 13:47:11 +01:00
monitorix.conf more precise anchored RE (also combining all 3 REs in a single regex) 2021-04-14 13:06:58 +02:00
mssql-auth.conf precise regex (left anchor and fewer catch-all's); fixed tests (added failJSON and more tests for some corner-cases around new RE) 2021-04-03 20:16:47 +02:00
murmur.conf filter.d/murmur.conf: fixed detection of failures reading from journal (systemd-backend only): 2018-02-09 11:43:55 +01:00
mysqld-auth.conf paths-common.conf: changed default mysql_log path (default logpath of mysqld-auth jail without maintainer overrides); adjusted comments (log_error_verbosity = 3 instead of log-warnings = 2) 2025-01-30 14:00:43 +01:00
nagios.conf
named-refused.conf loosening for denied suffix (would match no matter which reason in parenthesis); 2024-03-25 16:35:20 +01:00
nginx-bad-request.conf fix: add journalmatch to nginx filters 2021-04-03 19:20:50 +02:00
nginx-botsearch.conf fix: add journalmatch to nginx filters 2021-04-03 19:20:50 +02:00
nginx-error-common.conf more filters for nginx error-log supporting journal format now, added generalized include and __prefix_line 2023-12-10 15:21:20 +01:00
nginx-forbidden.conf more filters for nginx error-log supporting journal format now, added generalized include and __prefix_line 2023-12-10 15:21:20 +01:00
nginx-http-auth.conf filter.d/nginx-http-auth.conf: modes fallback and aggressive extended to match more SSL failures, see gh-4142 (amend to gh-2881) 2026-02-12 13:53:57 +01:00
nginx-limit-req.conf update nginx limit-req filter again (#4048) 2025-08-04 21:16:26 +02:00
nsd.conf restore anchor (e. g. catch all in the middle), dot is optional now, RE rewritten a bit more precise 2021-04-03 21:00:14 +02:00
openhab.conf
openvpn.conf combine several regexes to single RE 2025-01-30 01:13:49 +01:00
openwebmail.conf
oracleims.conf
pam-generic.conf quick optimization: normalizes pam-generic prefregex (more similar to the same regex within sshd-filter) + datepattern anchored now; 2018-03-20 16:00:21 +01:00
perdition.conf
php-url-fopen.conf
phpmyadmin-syslog.conf typo 2020-11-23 18:08:38 +01:00
portsentry.conf
postfix.conf filter.d/postfix.conf - extended prefregex to capture username in postfix SASL failures; 2026-04-11 14:42:57 +02:00
proftpd.conf typo 2020-11-23 18:07:49 +01:00
proxmox.conf review (anchoring RE, etc) 2024-07-30 19:16:40 +02:00
pure-ftpd.conf
qmail.conf
recidive.conf filter.d/recidive.conf - restore possibility to set jail name in the filter, _jailname is positive now (but by default it uses now negative lookahead to exclude recidive jail); 2024-06-21 13:24:46 +02:00
roundcube-auth.conf Fixes unmatched tag (caused unmatched brace); review: combined to single regex, simple case without injection attempts faster, <HOST> replaced with <ADDR> (faster and fewer vulnerable on complex cases, since doesn't match text as hostname) etc. 2024-08-10 13:20:18 +02:00
routeros-auth.conf New filter: routeros-auth.conf (Closes #3469) 2023-03-02 09:25:24 +01:00
scanlogd.conf small amend: sport after saddr is optional 2021-04-03 23:29:16 +02:00
screensharingd.conf
selinux-common.conf small amend (non capturing group) 2022-11-14 18:56:01 +01:00
selinux-ssh.conf [DATALAD RUNCMD] run codespell throughout fixing typo automagically 2023-11-18 10:04:04 -05:00
sendmail-auth.conf filter.d/sendmail-auth.conf: detect failures without user part 2022-08-01 09:20:28 +02:00
sendmail-reject.conf introduces a parameter mta_dname (default \S+) to allow more complex REs to match custom MTA daemon names (e.g. with spaces etc) 2025-09-02 19:41:40 +02:00
sieve.conf
slapd.conf gh-3604: filter.d/slapd.conf - switched to single-line processing 2023-10-18 16:06:56 +02:00
softethervpn.conf small tweaks (both 2nd time and facility are optional, avoid catch-all, etc) 2020-11-09 13:19:25 +01:00
sogo-auth.conf [DATALAD RUNCMD] run codespell throughout fixing typo automagically 2023-11-18 10:04:04 -05:00
solid-pop3d.conf
squid.conf
squirrelmail.conf
sshd.conf filter.d/sshd.conf: ddos and aggressive modes, regex extended for timeout before authentication (optional connection from part); 2024-12-26 14:24:15 +01:00
stunnel.conf
suhosin.conf
tine20.conf
traefik-auth.conf [DATALAD RUNCMD] run codespell throughout fixing typo automagically 2023-11-18 10:04:04 -05:00
uwimap-auth.conf
vaultwarden.conf amend to #3979: removed mistaken double pipes in group matches 2025-07-31 17:38:28 +02:00
vsftpd.conf more fixes, capture user names, more tests... 2025-03-04 14:13:07 +01:00
webmin-auth.conf
wuftpd.conf
xinetd-fail.conf
xrdp.conf Use potentially faster regex for username match 2022-04-08 09:52:52 -05:00
znc-adminlog.conf filter.d/znc-adminlog.conf: support logging format of systemd-journal, bypass port after address (optional, removed end-anchor, see gh-2520) 2019-09-10 21:02:26 +02:00
zoneminder.conf padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name) 2021-05-21 13:00:24 +02:00