* (NOT RELEASED YET) New upstream release.

Patches absorbed upstream: 00_daemon_pids.dpatch 00_iptables_allports.dpatch 00_vsftp_filter_spaces.dpatch 00_resolve_all_names.dpatch 00_HOST_ignoreregex.dpatch Patches which needed some tune-up: 00_ssh_strong_re.dpatch 00_mail-whois-lines.dpatch 00_named_refused.dpatch
18 years ago · 0012f9ff92
parent e10a8616b4
commit 0012f9ff92
10 changed files with 19 additions and 297 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,6 +1,16 @@
 fail2ban (0.8.1-1) UNRELEASED; urgency=low

-  * (NOT RELEASED YET) New upstream release
+  * (NOT RELEASED YET) New upstream release.
+     Patches absorbed upstream:
+      00_daemon_pids.dpatch
+      00_iptables_allports.dpatch
+      00_vsftp_filter_spaces.dpatch
+      00_resolve_all_names.dpatch
+      00_HOST_ignoreregex.dpatch
+     Patches which needed some tune-up:
+      00_ssh_strong_re.dpatch
+      00_mail-whois-lines.dpatch
+      00_named_refused.dpatch

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 14 Aug 2007 19:12:53 -0400

--- a/debian/patches/00_HOST_ignoreregex.dpatch
+++ b/debian/patches/00_HOST_ignoreregex.dpatch
@ -1,34 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 00_HOST_ignoreregex.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad trunk~/server/failregex.py trunk/server/failregex.py
--- trunk~/server/failregex.py	2007-05-05 21:30:22.000000000 -0400
-+++ trunk/server/failregex.py	2007-06-19 23:00:45.000000000 -0400
-@@ -40,9 +40,7 @@
- 	# avoid construction of invalid object.
- 	# @param value the regular expression
- 	
-	def __init__(self, value):
-		# Replace "<HOST>" with default regular expression for host.
-		regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
-+	def __init__(self, regex):
- 		# Initializes the parent.
- 		Regex.__init__(self, regex)
- 		# Check for group "host"
-diff -urNad trunk~/server/regex.py trunk/server/regex.py
--- trunk~/server/regex.py	2007-05-05 21:30:22.000000000 -0400
-+++ trunk/server/regex.py	2007-06-19 23:00:21.000000000 -0400
-@@ -42,6 +42,9 @@
- 	
- 	def __init__(self, regex):
- 		self._matchCache = None
-+		# Perform shortcuts expansions
-+		# Replace "<HOST>" with default regular expression for host.
-+		regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
- 		if regex.lstrip() == '':
- 			raise RegexException("Cannot add empty regex")
- 		try:
--- a/debian/patches/00_daemon_pids.dpatch
+++ b/debian/patches/00_daemon_pids.dpatch
@ -1,52 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 00_daemon_pids.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Optional PID entry which might not be present due to configuration. Also failregex for wu-ftpd got hardened with $ at the end.
-
-@DPATCH@
-diff -urNad trunk~/config/filter.d/pure-ftpd.conf trunk/config/filter.d/pure-ftpd.conf
--- trunk~/config/filter.d/pure-ftpd.conf	2007-05-05 21:30:21.000000000 -0400
-+++ trunk/config/filter.d/pure-ftpd.conf	2007-06-19 23:08:40.000000000 -0400
-@@ -19,7 +19,7 @@
- #         (?:::f{4,6}:)?(?P<host>\S+)
- # Values: TEXT
- #
-failregex = pure-ftpd: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
-+failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
- 
- # Option:  ignoreregex
- # Notes.:  regex to ignore. If this regex matches, the line is ignored.
-diff -urNad trunk~/config/filter.d/sshd-ddos.conf trunk/config/filter.d/sshd-ddos.conf
--- trunk~/config/filter.d/sshd-ddos.conf	2007-05-05 21:30:21.000000000 -0400
-+++ trunk/config/filter.d/sshd-ddos.conf	2007-06-19 23:09:56.000000000 -0400
-@@ -14,7 +14,7 @@
- #          (?:::f{4,6}:)?(?P<host>\S+)
- # Values:  TEXT
- #
-failregex = sshd\[\S*\]: Did not receive identification string from <HOST>
-+failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
- 
- # Option:  ignoreregex
- # Notes.:  regex to ignore. If this regex matches, the line is ignored.
-diff -urNad trunk~/config/filter.d/vsftpd.conf trunk/config/filter.d/vsftpd.conf
--- trunk~/config/filter.d/vsftpd.conf	2007-05-05 21:30:21.000000000 -0400
-+++ trunk/config/filter.d/vsftpd.conf	2007-06-19 23:10:26.000000000 -0400
-@@ -14,7 +14,7 @@
- #          (?:::f{4,6}:)?(?P<host>\S+)
- # Values: TEXT
- #
-failregex = vsftpd: .* authentication failure; .* rhost=<HOST>$
-+failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>$
-             \[.+\] FAIL LOGIN: Client "<HOST>"$
- 
- # Option:  ignoreregex
-diff -urNad trunk~/config/filter.d/wuftpd.conf trunk/config/filter.d/wuftpd.conf
--- trunk~/config/filter.d/wuftpd.conf	2007-05-05 21:30:21.000000000 -0400
-+++ trunk/config/filter.d/wuftpd.conf	2007-06-19 23:11:59.000000000 -0400
-@@ -11,4 +11,4 @@
- # Notes.: regex to match the password failures messages in the logfile.
- # Values: TEXT
- #
-failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>
-+failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>$
--- a/debian/patches/00_iptables_allports.dpatch
+++ b/debian/patches/00_iptables_allports.dpatch
@ -1,82 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 00_iptables_allports.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad trunk~/config/action.d/iptables-allports.conf trunk/config/action.d/iptables-allports.conf
--- trunk~/config/action.d/iptables-allports.conf	1969-12-31 19:00:00.000000000 -0500
-+++ trunk/config/action.d/iptables-allports.conf	2007-06-25 12:49:34.000000000 -0400
-@@ -0,0 +1,71 @@
-+# Fail2Ban configuration file
-+#
-+# Author: Cyril Jaquier
-+# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
-+# 			made active on all ports from original iptables.conf
-+#
-+# $Revision: $
-+#
-+
-+[Definition]
-+
-+# Option:  actionstart
-+# Notes.:  command executed once at the start of Fail2Ban.
-+# Values:  CMD
-+#
-+actionstart = iptables -N fail2ban-<name>
-+              iptables -A fail2ban-<name> -j RETURN
-+              iptables -I INPUT -p <protocol> -j fail2ban-<name>
-+
-+# Option:  actionend
-+# Notes.:  command executed once at the end of Fail2Ban
-+# Values:  CMD
-+#
-+actionstop = iptables -D INPUT -p <protocol> -j fail2ban-<name>
-+             iptables -F fail2ban-<name>
-+             iptables -X fail2ban-<name>
-+
-+# Option:  actioncheck
-+# Notes.:  command executed once before each actionban command
-+# Values:  CMD
-+#
-+actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
-+
-+# Option:  actionban
-+# Notes.:  command executed when banning an IP. Take care that the
-+#          command is executed with Fail2Ban user rights.
-+# Tags:    <ip>  IP address
-+#          <failures>  number of failures
-+#          <time>  unix timestamp of the ban time
-+# Values:  CMD
-+#
-+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
-+
-+# Option:  actionunban
-+# Notes.:  command executed when unbanning an IP. Take care that the
-+#          command is executed with Fail2Ban user rights.
-+# Tags:    <ip>  IP address
-+#          <failures>  number of failures
-+#          <time>  unix timestamp of the ban time
-+# Values:  CMD
-+#
-+actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
-+
-+[Init]
-+
-+# Defaut name of the chain
-+#
-+name = default
-+
-+# Option:  port
-+# Notes.:  specifies port to monitor
-+# Values:  [ NUM | STRING ]  Default:
-+#
-+port = ssh
-+
-+# Option:  protocol
-+# Notes.:  internally used by config reader for interpolations.
-+# Values:  [ tcp | udp | icmp | all ] Default: tcp
-+#
-+protocol = tcp
-+
--- a/debian/patches/00_mail-whois-lines.dpatch
+++ b/debian/patches/00_mail-whois-lines.dpatch
@ -6,16 +6,10 @@
 ## DP: abuser IP over the log files

@DPATCH@
-diff -urNad fail2ban-0.7.7~/config/action.d/mail-whois-lines.conf fail2ban-0.7.7/config/action.d/mail-whois-lines.conf
--- fail2ban-0.7.7~/config/action.d/mail-whois-lines.conf	2007-01-08 16:40:40.000000000 -0500
-+++ fail2ban-0.7.7/config/action.d/mail-whois-lines.conf	2007-02-08 22:07:12.000000000 -0500
-@@ -2,12 +2,12 @@
- #
- # Author: Cyril Jaquier
- # Modified-By: Yaroslav Halchenko to include grepping on IP over log files
-# $Revision: 520 $
-+# $Revision: 254 $
- #
+diff -urNad trunk~/config/action.d/mail-whois-lines.conf trunk/config/action.d/mail-whois-lines.conf
+--- trunk~/config/action.d/mail-whois-lines.conf	2007-08-14 19:12:48.000000000 -0400
+++ trunk/config/action.d/mail-whois-lines.conf	2007-08-14 19:24:17.000000000 -0400
+@@ -7,7 +7,7 @@
 
 [Definition]
 
--- a/debian/patches/00_named_refused.dpatch
+++ b/debian/patches/00_named_refused.dpatch
@ -5,47 +5,9 @@
 ## DP: No description.

@DPATCH@
-diff -urNad trunk~/config/filter.d/named-refused.conf trunk/config/filter.d/named-refused.conf
--- trunk~/config/filter.d/named-refused.conf	1969-12-31 19:00:00.000000000 -0500
-+++ trunk/config/filter.d/named-refused.conf	2007-07-29 22:31:22.000000000 -0400
-@@ -0,0 +1,34 @@
-+# Fail2Ban configuration file for named (bind9). Trying to generalize the
-+#          structure which is general to capture general patterns in log
-+#          lines to cover different configurations/distributions
-+#
-+# Author: Yaroslav Halchenko
-+#
-+# $Revision:  $
-+#
-+
-+[Definition]
-+
-+# if you want to catch only login erros from specific daemons, use smth like
-+#_named_rcodes=(?:REFUSED|SERVFAIL)
-+# To catch all REFUSED queries only
-+_named_rcodes=REFUSED
-+_daemon=named
-+
-+#
-+# Shortcuts for easier comprehension of the failregex
-+__pid_re=(?:\[\d+\])
-+__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
-+__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
-+#       hostname       daemon_id         spaces
-+# this can be optional (for instance if we match named native log files)
-+__line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
-+
-+# Option: failregex
-+# Notes.: regex to match the password failures messages in the logfile.
-+# Values: TEXT
-+#
-+failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
-+		    %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
-+
-+
 diff -urNad trunk~/config/filter.d/named-refused.examples trunk/config/filter.d/named-refused.examples
 --- trunk~/config/filter.d/named-refused.examples	1969-12-31 19:00:00.000000000 -0500
-+++ trunk/config/filter.d/named-refused.examples	2007-07-29 22:30:29.000000000 -0400
+++ trunk/config/filter.d/named-refused.examples	2007-08-14 19:44:13.000000000 -0400
@@ -0,0 +1,13 @@
 +Jul 15 18:42:00 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.14.208.5#53
 +Jul 15 18:42:01 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.14.208.4#53
--- a/debian/patches/00_resolve_all_names.dpatch
+++ b/debian/patches/00_resolve_all_names.dpatch
@ -1,30 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 00_resolve_all_names.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad trunk~/server/filter.py trunk/server/filter.py
--- trunk~/server/filter.py	2007-04-18 16:44:07.000000000 -0400
-+++ trunk/server/filter.py	2007-08-06 14:20:11.000000000 -0400
-@@ -538,11 +538,14 @@
- 				ipList.append(plainIPStr)
- 		if not ipList:
- 			# Try to get IP from possible DNS
-			dns = DNSUtils.textToDns(text)
-			if not dns == None:
-				ip = DNSUtils.dnsToIp(dns.group(0))
-				for e in ip:
-					ipList.append(e)
-+			# yoh: this way would not work for reported
-+			# hosts with only top part of the address
-+			# Since we have now <HOST> it is safe and
-+			# efficient to simply try to resolve it
-+			# dns = DNSUtils.textToDns(text)
-+			ip = DNSUtils.dnsToIp(text)
-+			for e in ip:
-+				ipList.append(e)
- 		return ipList
- 	
- 	@staticmethod
--- a/debian/patches/00_ssh_strong_re.dpatch
+++ b/debian/patches/00_ssh_strong_re.dpatch
@ -5,28 +5,9 @@
 ## DP: No description.

@DPATCH@
-diff -urNad fail2ban-0.8.0~/config/filter.d/sshd.conf fail2ban-0.8.0/config/filter.d/sshd.conf
--- fail2ban-0.8.0~/config/filter.d/sshd.conf	2007-02-22 15:52:37.000000000 -0500
-+++ fail2ban-0.8.0/config/filter.d/sshd.conf	2007-07-29 13:14:50.000000000 -0400
-@@ -14,10 +14,11 @@
- #          (?:::f{4,6}:)?(?P<host>\S+)
- # Values:  TEXT
- #
-failregex = Authentication failure for .* from <HOST>
-            Failed [-/\w]+ for .* from <HOST>
-            ROOT LOGIN REFUSED .* FROM <HOST>
-            [iI](?:llegal|nvalid) user .* from <HOST>
-+failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
-+            Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
-+            ROOT LOGIN REFUSED.* FROM <HOST>\s*$
-+            [iI](?:llegal|nvalid) user .* from <HOST>\s*$
-+            User \S+ from <HOST> not allowed because not listed in AllowUsers$
- 
- # Option:  ignoreregex
- # Notes.:  regex to ignore. If this regex matches, the line is ignored.
-diff -urNad fail2ban-0.8.0~/config/filter.d/sshd.examples fail2ban-0.8.0/config/filter.d/sshd.examples
--- fail2ban-0.8.0~/config/filter.d/sshd.examples	1969-12-31 19:00:00.000000000 -0500
-+++ fail2ban-0.8.0/config/filter.d/sshd.examples	2007-07-29 13:14:22.000000000 -0400
+diff -urNad trunk~/config/filter.d/sshd.examples trunk/config/filter.d/sshd.examples
+--- trunk~/config/filter.d/sshd.examples	1969-12-31 19:00:00.000000000 -0500
+++ trunk/config/filter.d/sshd.examples	2007-08-14 19:40:23.000000000 -0400
@@ -0,0 +1,19 @@
 +#1
 +Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6
--- a/debian/patches/00_vsftp_filter_spaces.dpatch
+++ b/debian/patches/00_vsftp_filter_spaces.dpatch
@ -1,21 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 00_vsftp_filter_spaces.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad trunk~/config/filter.d/vsftpd.conf trunk/config/filter.d/vsftpd.conf
--- trunk~/config/filter.d/vsftpd.conf	2007-01-29 15:51:45.000000000 -0500
-+++ trunk/config/filter.d/vsftpd.conf	2007-08-03 21:55:00.000000000 -0400
-@@ -14,8 +14,8 @@
- #          (?:::f{4,6}:)?(?P<host>\S+)
- # Values: TEXT
- #
-failregex = vsftpd: .* authentication failure; .* rhost=<HOST>$
-            \[.+\] FAIL LOGIN: Client "<HOST>"$
-+failregex = vsftpd: .* authentication failure; .* rhost=<HOST>\s*$
-+            \[.+\] FAIL LOGIN: Client "<HOST>"\s*$
- 
- # Option:  ignoreregex
- # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/debian/patches/00list
+++ b/debian/patches/00list
@ -1,12 +1,6 @@
 00_mail-whois-lines
-00_vsftp_filter_spaces
 00_var_run_socket
-00_HOST_ignoreregex
-00_daemon_pids
-00_resolve_all_names
 10_dbts_manpages
-00_iptables_allports
 00_ssh_strong_re
 00_pam_generic
 00_named_refused
-00_named_logtimeformat