- Added named group "host" for "failregex"

- Fixed vulnerability CVE-2006-6302

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_6@484 a942ae1a-1317-0410-a47c-b1dcaea8d605

CHANGELOG

@@ -14,6 +14,8 @@ ver. 0.6.2 (2006/??/??) - ???
   (Yaroslav Halchenko):
   * Made locale configurable
   * Fixed warning if ignoreip is empty
+- Added named group "host" for "failregex". Fixed security
+  vulnerability CVE-2006-6302
 
 ver. 0.6.1 (2006/03/16) - stable
 ----------

README

@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.6.1)                           2006/03/16
+Fail2Ban (version 0.6.2)                           2006/??/??
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -58,8 +58,8 @@ Require: python-2.4 (http://www.python.org)
 
 To install, just do:
 
-> tar xvfj fail2ban-0.6.1.tar.bz2
-> cd fail2ban-0.6.1
+> tar xvfj fail2ban-0.6.2.tar.bz2
+> cd fail2ban-0.6.2
 > python setup.py install
 
 This will install Fail2Ban into /usr/lib/fail2ban. The
@@ -130,10 +130,10 @@ Cyril Jaquier: <lostcontrol@users.sourceforge.net>
 Thanks:
 -------
 
-Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
+Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
 Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
 Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
-Edgington, Patrick Börjesson, kojiro, zugeschmiert
+Edgington, Patrick Börjesson, kojiro, zugeschmiert
 
 License:
 --------

config/fail2ban.conf.hostsdeny

@@ -257,7 +257,7 @@ timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
 # Notes.:  regex to match the password failure messages in the logfile.
 # Values:  TEXT  Default:  authentication failure|user .* not found
 #
-failregex = authentication failure|user .* not found
+failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
 
 
 [VSFTPD]
@@ -297,7 +297,7 @@ timepattern = %%b %%d %%H:%%M:%%S
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT Default: Authentication failure|Failed password|Invalid user
 #
-failregex = FAIL LOGIN
+failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S+)
 
 
 [SSH]
@@ -333,4 +333,4 @@ timepattern = %%b %%d %%H:%%M:%%S
 # Notes.:  regex to match the password failures messages in the logfile.
 # Values:  TEXT  Default:  Authentication failure|Failed password|Invalid user
 #
-failregex = Authentication failure|Failed password|Invalid user
+failregex = : (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)

config/fail2ban.conf.iptables

@@ -285,7 +285,7 @@ timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
 # Notes.:  regex to match the password failure messages in the logfile.
 # Values:  TEXT  Default:  authentication failure|user .* not found
 #
-failregex = authentication failure|user .* not found
+failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
 
 
 [VSFTPD]
@@ -325,7 +325,7 @@ timepattern = %%b %%d %%H:%%M:%%S
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT Default: Authentication failure|Failed password|Invalid user
 #
-failregex = FAIL LOGIN
+failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S+)
 
 
 [SSH]
@@ -367,4 +367,4 @@ timepattern = %%b %%d %%H:%%M:%%S
 # Notes.:  regex to match the password failures messages in the logfile.
 # Values:  TEXT  Default:  Authentication failure|Failed password|Invalid user
 #
-failregex = Authentication failure|Failed password|Invalid user
+failregex = : (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)

config/fail2ban.conf.shorewall

@@ -251,7 +251,8 @@ timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
 # Notes.:  regex to match the password failure messages in the logfile.
 # Values:  TEXT  Default:  authentication failure|user .* not found
 #
-failregex = authentication failure|user .* not found
+failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
+
 
 [VSFTPD]
 # Option: enabled
@@ -284,7 +285,7 @@ timepattern = %%b %%d %%H:%%M:%%S
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT Default: Authentication failure|Failed password|Invalid user
 #
-failregex = FAIL LOGIN
+failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S+)
 
 
 [SSH]
@@ -320,4 +321,4 @@ timepattern = %%b %%d %%H:%%M:%%S
 # Notes.:  regex to match the password failures messages in the logfile.
 # Values:  TEXT  Default:  Authentication failure|Failed password|Invalid user
 #
-failregex = Authentication failure|Failed password|Invalid user
+failregex = : (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)

logreader/logreader.py

@@ -177,7 +177,16 @@ class LogReader:
 			timeMatch = re.search(self.timeregex, match.string)
 			if timeMatch:
 				date = self.getUnixTime(timeMatch.group())
-				ipMatch = textToIp(match.string)
+				try:
+					# Fix for CVE-2006-6302
+					matchString = match.group("host")
+				except IndexError:
+					# However does not break the current configuration
+					logSys.warn("No 'host' group defined. This is a security " +
+								"issue. Please fix your configuration file " +
+								"and look at CVE-2006-6302")
+					matchString = match.string
+				ipMatch = textToIp(matchString)
 				if ipMatch:
 					for ip in ipMatch:
 						failList.append([ip, date])

version.py

@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.6.1-CVS"
+version = "0.6.1-SVN"