fail2ban/debian/README.Debian

77 lines
2.8 KiB
Plaintext
Raw Normal View History

fail2ban for Debian
-------------------
2005-11-21 02:50:08 +00:00
This package is ~96% identical to the upstream version. Few feature
could have been added but not yet propagated into upstream
version. Due to tight collaboration with upstream author most of the
Debian modifications penetrate into the next upstream.
Currently the main difference with upstream: python libraries are
2005-11-21 02:50:08 +00:00
placed under /usr/share/fail2ban instead of /usr/lib/fail2ban to
comply with policy regarding architecture independent resources.
2005-09-27 15:45:26 +00:00
Default behavior:
-----------------
Only handling of ssh files is enabled by default. If you want to use
fail2ban with apache, please enable apache section manually in
2005-11-21 02:50:08 +00:00
/etc/fail2ban.conf or enable section using command line parameter -e
in /etc/default/fail2ban to avoid conflicts during upgrade of the
config file.
2005-09-27 15:45:26 +00:00
Troubleshooting:
---------------
2005-10-01 06:53:51 +00:00
Updated failregex:
To resolve the security bug #330827 [1] failregex expressions must
provide a named group (?P<host>...) as a placeholder of the abuser's
host. The naming of the group was introduced to capture possible
future generalizations of failregex to provide even more
information. At a current point, all named groups are considered as
possible locations of the host addresses, but usually you should need
just a single group (?P<host>...)
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330827
"Interpolations" in the config file:
Since version 0.6.0-3 to reduce duplication, thus to improve
readability of the config file, interpolations provided by the module
ConfigParser are used. If you had custom sections defined before, you
might benefit from updating config file and adding appropriate
information for the new sections.
N.B. If you have some nice additional sections defined, I would really
appreciate if you share them with me, so they could be eventually
included in the fail2ban package for general use by the rest of the
community.
2005-09-27 15:45:26 +00:00
Mailing:
As it was reported (bug #329722) you might need to provide a full
e-mail address in fail2ban.conf option MAIL:from to make your mail
server accept that email. I've added @localhost to both MAIL:from and
MAIL:to in the default configuration shipped with Debian. It seems to
work nicely now
See TODO.Debian for more details, as well as the Debian Bug Tracking
system.
Dirty exit:
If firewall rules gets cleaned out before fail2ban exits (like was
happening with firestarter), errors get reported during the exit of
fail2ban, but they are "safe" and can be ignored.
2005-11-21 02:50:08 +00:00
Ban time:
An IP is banned for "bantime" not since the last failed login attempt
from the IP, but rather since the moment when failed login was
detected by fail2ban. Thus, if fail2ban gets [re]started, any IP which
had enough of failed logins within "findtime" will be banned for
"bantime" since [re]start moment, not since the last failed login
time.
-- Yaroslav O. Halchenko <debian@onerussian.com>, Sun Jan 15 15:18:13 2006