From 0012f9ff921c9ab1725574abc40fe1ffb4c364c3 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Wed, 15 Aug 2007 02:17:44 +0000
Subject: [PATCH] * (NOT RELEASED YET) New upstream release.    Patches
 absorbed upstream:     00_daemon_pids.dpatch     00_iptables_allports.dpatch 
    00_vsftp_filter_spaces.dpatch     00_resolve_all_names.dpatch    
 00_HOST_ignoreregex.dpatch    Patches which needed some tune-up:    
 00_ssh_strong_re.dpatch     00_mail-whois-lines.dpatch    
 00_named_refused.dpatch

---
 debian/changelog                             | 12 ++-
 debian/patches/00_HOST_ignoreregex.dpatch    | 34 --------
 debian/patches/00_daemon_pids.dpatch         | 52 -------------
 debian/patches/00_iptables_allports.dpatch   | 82 --------------------
 debian/patches/00_mail-whois-lines.dpatch    | 14 +---
 debian/patches/00_named_refused.dpatch       | 40 +---------
 debian/patches/00_resolve_all_names.dpatch   | 30 -------
 debian/patches/00_ssh_strong_re.dpatch       | 25 +-----
 debian/patches/00_vsftp_filter_spaces.dpatch | 21 -----
 debian/patches/00list                        |  6 --
 10 files changed, 19 insertions(+), 297 deletions(-)
 delete mode 100755 debian/patches/00_HOST_ignoreregex.dpatch
 delete mode 100755 debian/patches/00_daemon_pids.dpatch
 delete mode 100755 debian/patches/00_iptables_allports.dpatch
 delete mode 100755 debian/patches/00_resolve_all_names.dpatch
 delete mode 100755 debian/patches/00_vsftp_filter_spaces.dpatch

diff --git a/debian/changelog b/debian/changelog
index 513c3575..f318102d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,16 @@
 fail2ban (0.8.1-1) UNRELEASED; urgency=low
 
-  * (NOT RELEASED YET) New upstream release
+  * (NOT RELEASED YET) New upstream release.
+     Patches absorbed upstream:
+      00_daemon_pids.dpatch
+      00_iptables_allports.dpatch
+      00_vsftp_filter_spaces.dpatch
+      00_resolve_all_names.dpatch
+      00_HOST_ignoreregex.dpatch
+     Patches which needed some tune-up:
+      00_ssh_strong_re.dpatch
+      00_mail-whois-lines.dpatch
+      00_named_refused.dpatch
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 14 Aug 2007 19:12:53 -0400
 
diff --git a/debian/patches/00_HOST_ignoreregex.dpatch b/debian/patches/00_HOST_ignoreregex.dpatch
deleted file mode 100755
index 3284738b..00000000
--- a/debian/patches/00_HOST_ignoreregex.dpatch
+++ /dev/null
@@ -1,34 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 00_HOST_ignoreregex.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad trunk~/server/failregex.py trunk/server/failregex.py
---- trunk~/server/failregex.py	2007-05-05 21:30:22.000000000 -0400
-+++ trunk/server/failregex.py	2007-06-19 23:00:45.000000000 -0400
-@@ -40,9 +40,7 @@
- 	# avoid construction of invalid object.
- 	# @param value the regular expression
- 	
--	def __init__(self, value):
--		# Replace "<HOST>" with default regular expression for host.
--		regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
-+	def __init__(self, regex):
- 		# Initializes the parent.
- 		Regex.__init__(self, regex)
- 		# Check for group "host"
-diff -urNad trunk~/server/regex.py trunk/server/regex.py
---- trunk~/server/regex.py	2007-05-05 21:30:22.000000000 -0400
-+++ trunk/server/regex.py	2007-06-19 23:00:21.000000000 -0400
-@@ -42,6 +42,9 @@
- 	
- 	def __init__(self, regex):
- 		self._matchCache = None
-+		# Perform shortcuts expansions
-+		# Replace "<HOST>" with default regular expression for host.
-+		regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
- 		if regex.lstrip() == '':
- 			raise RegexException("Cannot add empty regex")
- 		try:
diff --git a/debian/patches/00_daemon_pids.dpatch b/debian/patches/00_daemon_pids.dpatch
deleted file mode 100755
index 8a36f5be..00000000
--- a/debian/patches/00_daemon_pids.dpatch
+++ /dev/null
@@ -1,52 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 00_daemon_pids.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Optional PID entry which might not be present due to configuration. Also failregex for wu-ftpd got hardened with $ at the end.
-
-@DPATCH@
-diff -urNad trunk~/config/filter.d/pure-ftpd.conf trunk/config/filter.d/pure-ftpd.conf
---- trunk~/config/filter.d/pure-ftpd.conf	2007-05-05 21:30:21.000000000 -0400
-+++ trunk/config/filter.d/pure-ftpd.conf	2007-06-19 23:08:40.000000000 -0400
-@@ -19,7 +19,7 @@
- #         (?:::f{4,6}:)?(?P<host>\S+)
- # Values: TEXT
- #
--failregex = pure-ftpd: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
-+failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
- 
- # Option:  ignoreregex
- # Notes.:  regex to ignore. If this regex matches, the line is ignored.
-diff -urNad trunk~/config/filter.d/sshd-ddos.conf trunk/config/filter.d/sshd-ddos.conf
---- trunk~/config/filter.d/sshd-ddos.conf	2007-05-05 21:30:21.000000000 -0400
-+++ trunk/config/filter.d/sshd-ddos.conf	2007-06-19 23:09:56.000000000 -0400
-@@ -14,7 +14,7 @@
- #          (?:::f{4,6}:)?(?P<host>\S+)
- # Values:  TEXT
- #
--failregex = sshd\[\S*\]: Did not receive identification string from <HOST>
-+failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
- 
- # Option:  ignoreregex
- # Notes.:  regex to ignore. If this regex matches, the line is ignored.
-diff -urNad trunk~/config/filter.d/vsftpd.conf trunk/config/filter.d/vsftpd.conf
---- trunk~/config/filter.d/vsftpd.conf	2007-05-05 21:30:21.000000000 -0400
-+++ trunk/config/filter.d/vsftpd.conf	2007-06-19 23:10:26.000000000 -0400
-@@ -14,7 +14,7 @@
- #          (?:::f{4,6}:)?(?P<host>\S+)
- # Values: TEXT
- #
--failregex = vsftpd: .* authentication failure; .* rhost=<HOST>$
-+failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>$
-             \[.+\] FAIL LOGIN: Client "<HOST>"$
- 
- # Option:  ignoreregex
-diff -urNad trunk~/config/filter.d/wuftpd.conf trunk/config/filter.d/wuftpd.conf
---- trunk~/config/filter.d/wuftpd.conf	2007-05-05 21:30:21.000000000 -0400
-+++ trunk/config/filter.d/wuftpd.conf	2007-06-19 23:11:59.000000000 -0400
-@@ -11,4 +11,4 @@
- # Notes.: regex to match the password failures messages in the logfile.
- # Values: TEXT
- #
--failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>
-+failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>$
diff --git a/debian/patches/00_iptables_allports.dpatch b/debian/patches/00_iptables_allports.dpatch
deleted file mode 100755
index 82157fd3..00000000
--- a/debian/patches/00_iptables_allports.dpatch
+++ /dev/null
@@ -1,82 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 00_iptables_allports.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad trunk~/config/action.d/iptables-allports.conf trunk/config/action.d/iptables-allports.conf
---- trunk~/config/action.d/iptables-allports.conf	1969-12-31 19:00:00.000000000 -0500
-+++ trunk/config/action.d/iptables-allports.conf	2007-06-25 12:49:34.000000000 -0400
-@@ -0,0 +1,71 @@
-+# Fail2Ban configuration file
-+#
-+# Author: Cyril Jaquier
-+# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
-+# 			made active on all ports from original iptables.conf
-+#
-+# $Revision: $
-+#
-+
-+[Definition]
-+
-+# Option:  actionstart
-+# Notes.:  command executed once at the start of Fail2Ban.
-+# Values:  CMD
-+#
-+actionstart = iptables -N fail2ban-<name>
-+              iptables -A fail2ban-<name> -j RETURN
-+              iptables -I INPUT -p <protocol> -j fail2ban-<name>
-+
-+# Option:  actionend
-+# Notes.:  command executed once at the end of Fail2Ban
-+# Values:  CMD
-+#
-+actionstop = iptables -D INPUT -p <protocol> -j fail2ban-<name>
-+             iptables -F fail2ban-<name>
-+             iptables -X fail2ban-<name>
-+
-+# Option:  actioncheck
-+# Notes.:  command executed once before each actionban command
-+# Values:  CMD
-+#
-+actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
-+
-+# Option:  actionban
-+# Notes.:  command executed when banning an IP. Take care that the
-+#          command is executed with Fail2Ban user rights.
-+# Tags:    <ip>  IP address
-+#          <failures>  number of failures
-+#          <time>  unix timestamp of the ban time
-+# Values:  CMD
-+#
-+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
-+
-+# Option:  actionunban
-+# Notes.:  command executed when unbanning an IP. Take care that the
-+#          command is executed with Fail2Ban user rights.
-+# Tags:    <ip>  IP address
-+#          <failures>  number of failures
-+#          <time>  unix timestamp of the ban time
-+# Values:  CMD
-+#
-+actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
-+
-+[Init]
-+
-+# Defaut name of the chain
-+#
-+name = default
-+
-+# Option:  port
-+# Notes.:  specifies port to monitor
-+# Values:  [ NUM | STRING ]  Default:
-+#
-+port = ssh
-+
-+# Option:  protocol
-+# Notes.:  internally used by config reader for interpolations.
-+# Values:  [ tcp | udp | icmp | all ] Default: tcp
-+#
-+protocol = tcp
-+
diff --git a/debian/patches/00_mail-whois-lines.dpatch b/debian/patches/00_mail-whois-lines.dpatch
index 8c9d5d0b..33ad6bef 100755
--- a/debian/patches/00_mail-whois-lines.dpatch
+++ b/debian/patches/00_mail-whois-lines.dpatch
@@ -6,16 +6,10 @@
 ## DP: abuser IP over the log files
 
 @DPATCH@
-diff -urNad fail2ban-0.7.7~/config/action.d/mail-whois-lines.conf fail2ban-0.7.7/config/action.d/mail-whois-lines.conf
---- fail2ban-0.7.7~/config/action.d/mail-whois-lines.conf	2007-01-08 16:40:40.000000000 -0500
-+++ fail2ban-0.7.7/config/action.d/mail-whois-lines.conf	2007-02-08 22:07:12.000000000 -0500
-@@ -2,12 +2,12 @@
- #
- # Author: Cyril Jaquier
- # Modified-By: Yaroslav Halchenko to include grepping on IP over log files
--# $Revision: 520 $
-+# $Revision: 254 $
- #
+diff -urNad trunk~/config/action.d/mail-whois-lines.conf trunk/config/action.d/mail-whois-lines.conf
+--- trunk~/config/action.d/mail-whois-lines.conf	2007-08-14 19:12:48.000000000 -0400
++++ trunk/config/action.d/mail-whois-lines.conf	2007-08-14 19:24:17.000000000 -0400
+@@ -7,7 +7,7 @@
  
  [Definition]
  
diff --git a/debian/patches/00_named_refused.dpatch b/debian/patches/00_named_refused.dpatch
index 99152fd8..fab9982b 100755
--- a/debian/patches/00_named_refused.dpatch
+++ b/debian/patches/00_named_refused.dpatch
@@ -5,47 +5,9 @@
 ## DP: No description.
 
 @DPATCH@
-diff -urNad trunk~/config/filter.d/named-refused.conf trunk/config/filter.d/named-refused.conf
---- trunk~/config/filter.d/named-refused.conf	1969-12-31 19:00:00.000000000 -0500
-+++ trunk/config/filter.d/named-refused.conf	2007-07-29 22:31:22.000000000 -0400
-@@ -0,0 +1,34 @@
-+# Fail2Ban configuration file for named (bind9). Trying to generalize the
-+#          structure which is general to capture general patterns in log
-+#          lines to cover different configurations/distributions
-+#
-+# Author: Yaroslav Halchenko
-+#
-+# $Revision:  $
-+#
-+
-+[Definition]
-+
-+# if you want to catch only login erros from specific daemons, use smth like
-+#_named_rcodes=(?:REFUSED|SERVFAIL)
-+# To catch all REFUSED queries only
-+_named_rcodes=REFUSED
-+_daemon=named
-+
-+#
-+# Shortcuts for easier comprehension of the failregex
-+__pid_re=(?:\[\d+\])
-+__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
-+__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
-+#       hostname       daemon_id         spaces
-+# this can be optional (for instance if we match named native log files)
-+__line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
-+
-+# Option: failregex
-+# Notes.: regex to match the password failures messages in the logfile.
-+# Values: TEXT
-+#
-+failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
-+		    %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
-+
-+
 diff -urNad trunk~/config/filter.d/named-refused.examples trunk/config/filter.d/named-refused.examples
 --- trunk~/config/filter.d/named-refused.examples	1969-12-31 19:00:00.000000000 -0500
-+++ trunk/config/filter.d/named-refused.examples	2007-07-29 22:30:29.000000000 -0400
++++ trunk/config/filter.d/named-refused.examples	2007-08-14 19:44:13.000000000 -0400
 @@ -0,0 +1,13 @@
 +Jul 15 18:42:00 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.14.208.5#53
 +Jul 15 18:42:01 raid5 named[3888]: unexpected RCODE (SERVFAIL) resolving 'skira.de/NS/IN': 216.14.208.4#53
diff --git a/debian/patches/00_resolve_all_names.dpatch b/debian/patches/00_resolve_all_names.dpatch
deleted file mode 100755
index 962080e6..00000000
--- a/debian/patches/00_resolve_all_names.dpatch
+++ /dev/null
@@ -1,30 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 00_resolve_all_names.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad trunk~/server/filter.py trunk/server/filter.py
---- trunk~/server/filter.py	2007-04-18 16:44:07.000000000 -0400
-+++ trunk/server/filter.py	2007-08-06 14:20:11.000000000 -0400
-@@ -538,11 +538,14 @@
- 				ipList.append(plainIPStr)
- 		if not ipList:
- 			# Try to get IP from possible DNS
--			dns = DNSUtils.textToDns(text)
--			if not dns == None:
--				ip = DNSUtils.dnsToIp(dns.group(0))
--				for e in ip:
--					ipList.append(e)
-+			# yoh: this way would not work for reported
-+			# hosts with only top part of the address
-+			# Since we have now <HOST> it is safe and
-+			# efficient to simply try to resolve it
-+			# dns = DNSUtils.textToDns(text)
-+			ip = DNSUtils.dnsToIp(text)
-+			for e in ip:
-+				ipList.append(e)
- 		return ipList
- 	
- 	@staticmethod
diff --git a/debian/patches/00_ssh_strong_re.dpatch b/debian/patches/00_ssh_strong_re.dpatch
index 6a6ad03c..82e8d305 100755
--- a/debian/patches/00_ssh_strong_re.dpatch
+++ b/debian/patches/00_ssh_strong_re.dpatch
@@ -5,28 +5,9 @@
 ## DP: No description.
 
 @DPATCH@
-diff -urNad fail2ban-0.8.0~/config/filter.d/sshd.conf fail2ban-0.8.0/config/filter.d/sshd.conf
---- fail2ban-0.8.0~/config/filter.d/sshd.conf	2007-02-22 15:52:37.000000000 -0500
-+++ fail2ban-0.8.0/config/filter.d/sshd.conf	2007-07-29 13:14:50.000000000 -0400
-@@ -14,10 +14,11 @@
- #          (?:::f{4,6}:)?(?P<host>\S+)
- # Values:  TEXT
- #
--failregex = Authentication failure for .* from <HOST>
--            Failed [-/\w]+ for .* from <HOST>
--            ROOT LOGIN REFUSED .* FROM <HOST>
--            [iI](?:llegal|nvalid) user .* from <HOST>
-+failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
-+            Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
-+            ROOT LOGIN REFUSED.* FROM <HOST>\s*$
-+            [iI](?:llegal|nvalid) user .* from <HOST>\s*$
-+            User \S+ from <HOST> not allowed because not listed in AllowUsers$
- 
- # Option:  ignoreregex
- # Notes.:  regex to ignore. If this regex matches, the line is ignored.
-diff -urNad fail2ban-0.8.0~/config/filter.d/sshd.examples fail2ban-0.8.0/config/filter.d/sshd.examples
---- fail2ban-0.8.0~/config/filter.d/sshd.examples	1969-12-31 19:00:00.000000000 -0500
-+++ fail2ban-0.8.0/config/filter.d/sshd.examples	2007-07-29 13:14:22.000000000 -0400
+diff -urNad trunk~/config/filter.d/sshd.examples trunk/config/filter.d/sshd.examples
+--- trunk~/config/filter.d/sshd.examples	1969-12-31 19:00:00.000000000 -0500
++++ trunk/config/filter.d/sshd.examples	2007-08-14 19:40:23.000000000 -0400
 @@ -0,0 +1,19 @@
 +#1
 +Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6
diff --git a/debian/patches/00_vsftp_filter_spaces.dpatch b/debian/patches/00_vsftp_filter_spaces.dpatch
deleted file mode 100755
index de064fc0..00000000
--- a/debian/patches/00_vsftp_filter_spaces.dpatch
+++ /dev/null
@@ -1,21 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 00_vsftp_filter_spaces.dpatch by Yaroslav Halchenko <debian@onerussian.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad trunk~/config/filter.d/vsftpd.conf trunk/config/filter.d/vsftpd.conf
---- trunk~/config/filter.d/vsftpd.conf	2007-01-29 15:51:45.000000000 -0500
-+++ trunk/config/filter.d/vsftpd.conf	2007-08-03 21:55:00.000000000 -0400
-@@ -14,8 +14,8 @@
- #          (?:::f{4,6}:)?(?P<host>\S+)
- # Values: TEXT
- #
--failregex = vsftpd: .* authentication failure; .* rhost=<HOST>$
--            \[.+\] FAIL LOGIN: Client "<HOST>"$
-+failregex = vsftpd: .* authentication failure; .* rhost=<HOST>\s*$
-+            \[.+\] FAIL LOGIN: Client "<HOST>"\s*$
- 
- # Option:  ignoreregex
- # Notes.:  regex to ignore. If this regex matches, the line is ignored.
diff --git a/debian/patches/00list b/debian/patches/00list
index 4c770b12..c8726331 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -1,12 +1,6 @@
 00_mail-whois-lines
-00_vsftp_filter_spaces
 00_var_run_socket
-00_HOST_ignoreregex
-00_daemon_pids
-00_resolve_all_names
 10_dbts_manpages
-00_iptables_allports
 00_ssh_strong_re
 00_pam_generic
 00_named_refused
-00_named_logtimeformat