fail2ban/debian/README.Debian

fail2ban for Debian
-------------------

This package is nearly 100% identical to the upstream version. It was
merely packaged to be installed on a Debian system and due to tight
collaboration with upstream author most of the Debian modifications
penetrate into the next upstream.

Currently the main difference with upstream: python libraries are
placed under /usr/share/fail2ban insteadh of /usr/lib/fail2ban to
comply with policy regarding architecture independent resources.

Default behavior:
-----------------

Only handling of ssh files is enabled by default. If you want to use
fail2ban with apache, please enable apache section manually in
/etc/fail2ban.conf.

Troubleshooting:
---------------

Updated failregex:

To resolve the security bug #330827 [1] failregex expressions must
provide a named group (?P<host>...) as a placeholder of the abuser's
host. The naming of the group was introduced to capture possible
future generalizations of failregex to provide even more
information. At a current point, all named groups are considered as
possible locations of the host addresses, but usually you should need
just a single group (?P<host>...)

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330827

Mailing:

As it was reported (bug #329722) you might need to provide a full
e-mail address in fail2ban.conf option MAIL:from to make your mail
server accept that email. I've added @localhost to both MAIL:from and
MAIL:to in the default configuration shipped with Debian. It seems to
work nicely now

See TODO.Debian for more details, as well as the Debian Bug Tracking
system.

Dirty exit:

If firewall rules gets cleaned out before fail2ban exits (like was
happening with firestarter), errors get reported during the exit of
fail2ban, but they are "safe" and can be ignored.

 -- Yaroslav O. Halchenko <debian@onerussian.com>, Thu Oct 20 13:24:56 2005
Load fail2ban-0.4.1 into debs/fail2ban/trunk. 2005-07-06 23:10:26 +00:00			`fail2ban for Debian`
			`-------------------`

Merged with 0.5.0 upstream release 2005-07-13 10:01:01 +00:00			`This package is nearly 100% identical to the upstream version. It was`
* Merged with upstream * Changed debian/watch to run svn-upgrade 2005-07-23 19:15:22 +00:00			`merely packaged to be installed on a Debian system and due to tight`
			`collaboration with upstream author most of the Debian modifications`
			`penetrate into the next upstream.`
Load fail2ban-0.4.1 into debs/fail2ban/trunk. 2005-07-06 23:10:26 +00:00
* Merged with upstream * Changed debian/watch to run svn-upgrade 2005-07-23 19:15:22 +00:00			`Currently the main difference with upstream: python libraries are`
			`placed under /usr/share/fail2ban insteadh of /usr/lib/fail2ban to`
			`comply with policy regarding architecture independent resources.`

fixed Debian bugs 329722, 330311 2005-09-27 15:45:26 +00:00			`Default behavior:`
			`-----------------`

fixed man pages - cross referenced them, placed fail2ban into section 8 added upstream README and TODO, patched with SYSLOG (160:166) 2005-08-19 07:14:17 +00:00			`Only handling of ssh files is enabled by default. If you want to use`
			`fail2ban with apache, please enable apache section manually in`
			`/etc/fail2ban.conf.`

fixed Debian bugs 329722, 330311 2005-09-27 15:45:26 +00:00			`Troubleshooting:`
			`---------------`

fixed security bug #330827 2005-10-01 06:53:51 +00:00			`Updated failregex:`

			`To resolve the security bug #330827 [1] failregex expressions must`
			`provide a named group (?P<host>...) as a placeholder of the abuser's`
			`host. The naming of the group was introduced to capture possible`
			`future generalizations of failregex to provide even more`
			`information. At a current point, all named groups are considered as`
			`possible locations of the host addresses, but usually you should need`
			`just a single group (?P<host>...)`

			`[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330827`

fixed Debian bugs 329722, 330311 2005-09-27 15:45:26 +00:00			`Mailing:`

			`As it was reported (bug #329722) you might need to provide a full`
			`e-mail address in fail2ban.conf option MAIL:from to make your mail`
			`server accept that email. I've added @localhost to both MAIL:from and`
			`MAIL:to in the default configuration shipped with Debian. It seems to`
			`work nicely now`

			`See TODO.Debian for more details, as well as the Debian Bug Tracking`
			`system.`
Load fail2ban-0.4.1 into debs/fail2ban/trunk. 2005-07-06 23:10:26 +00:00
* Fixed typos (thanx to Ross Boylan). * Robust startup: if iptables module gets fully initialized after startup of fail2ban, fail2ban will do "maxreinit" attempts to initialize its own firewall. It will sleep between attempts for "polltime" number of seconds (closes: #334272). * To overcome possible conflict with other firewall solutions and as a secondary solution for the bug 334272, fail2ban startup is moved during bootup to the latest (S99) sequenece position. That should not cause any discomfort I believe. 2005-10-20 17:33:53 +00:00			`Dirty exit:`

			`If firewall rules gets cleaned out before fail2ban exits (like was`
			`happening with firestarter), errors get reported during the exit of`
			`fail2ban, but they are "safe" and can be ignored.`

			`-- Yaroslav O. Halchenko <debian@onerussian.com>, Thu Oct 20 13:24:56 2005`