github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

* Anchored sshd and vsftpd failregex at the end of line to prevent DoS on 

those services, which is related to CVE-2007-4321 and closed in sid
  438187.
debian-releases/etch
Yaroslav Halchenko 2007-11-07 01:17:16 -05:00
parent 398ae233b5
commit 143e53a764
3 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
debian/changelog vendored
View File

@ -1,4 +1,4 @@
fail2ban (0.7.5-2etch1~pre3) stable-security; urgency=low fail2ban (0.7.5-2etch1~pre4) stable-security; urgency=low
* NOT RELEASED YET * NOT RELEASED YET
* Propagated fix for asctime pattern from 0.7.8 release (closes: #421848) * Propagated fix for asctime pattern from 0.7.8 release (closes: #421848)
@ -12,6 +12,9 @@ fail2ban (0.7.5-2etch1~pre3) stable-security; urgency=low
possible DoS possible DoS
* Rigid call to python2.4 instead of via /usr/bin/env to prevent * Rigid call to python2.4 instead of via /usr/bin/env to prevent
in-the-middle attack via environment poisoning in-the-middle attack via environment poisoning
* Anchored sshd and vsftpd failregex at the end of line to prevent DoS on
those services, which is related to CVE-2007-4321 and closed in sid
438187.
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 01 May 2007 22:18:03 -0400 -- Yaroslav Halchenko <debian@onerussian.com> Tue, 01 May 2007 22:18:03 -0400

31
debian/patches/00_stronger_failregex.dpatch vendored Executable file
View File

@ -0,0 +1,31 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_stronger_failregex.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban~/config/filter.d/sshd.conf fail2ban/config/filter.d/sshd.conf
--- fail2ban~/config/filter.d/sshd.conf 2007-11-06 17:57:04.000000000 -0500
+++ fail2ban/config/filter.d/sshd.conf 2007-11-07 01:04:17.000000000 -0500
@@ -13,7 +13,7 @@
# be used for standard IP/hostname matching.
# Values: TEXT
#
-failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>
+failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>(?: port \d*)?(?: ssh\d*)\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
diff -urNad fail2ban~/config/filter.d/vsftpd.conf fail2ban/config/filter.d/vsftpd.conf
--- fail2ban~/config/filter.d/vsftpd.conf 2007-11-06 17:57:04.000000000 -0500
+++ fail2ban/config/filter.d/vsftpd.conf 2007-11-07 01:06:31.000000000 -0500
@@ -13,7 +13,7 @@
# be used for standard IP/hostname matching.
# Values: TEXT
#
-failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
+failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.

1
debian/patches/00list vendored
View File

@ -10,3 +10,4 @@ X00_rigid_python24
s00_asctime-0.7.8 s00_asctime-0.7.8
00_hostsdeny 00_hostsdeny
X00_rigid_usrbinpython X00_rigid_usrbinpython
00_stronger_failregex