Merge branch '_tent/gentoo+recidive'

* _tent/gentoo+recidive: ENH: moved jail definition for recidive into jail.conf + swapped/commented durations + non-groupping ?: gentoo init scipt: $opts variable is deprecated See http://forums.gentoo.org/viewtopic-t-899018.html Fix for https://github.com/fail2ban/fail2ban/issues/19
2012-01-26 23:29:04 -05:00 · 2012-01-26 23:29:04 -05:00 · 221210404c
parent 56261fe67a 1807be5a8c
commit 221210404c
3 changed files with 51 additions and 1 deletions
--- a/config/filter.d/recidive.conf
+++ b/config/filter.d/recidive.conf
@ -0,0 +1,38 @@
+# Fail2Ban configuration file
+#
+# Author: Tom Hendrikx, modifications by Amir Caspi 
+# 
+# This filter monitors the fail2ban log file, and enables you to add long 
+# time bans for ip addresses that get banned by fail2ban multiple times.
+# Reasons to use this: block very persistent attackers for a longer time, 
+# stop receiving email notifications about the same attacker over and 
+# over again.
+#
+# This jail is only useful if you set the 'findtime' and 'bantime' parameters 
+# in jail.conf to a higher value than the other jails. Also, this jail has its
+# drawbacks, namely in that it works only with iptables, or if you use a 
+# different blocking mechanism for this jail versus others (e.g. hostsdeny 
+# for most jails, and shorewall for this one).
+#
+
+[Definition]
+
+# The name of the jail that this filter is used for. In jail.conf, name the 
+# jail using this filter 'recidive', or change this line!
+_jailname = recidive
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = fail2ban.actions:\s+WARNING\s+\[(?:.*)\]\s+Ban\s+<HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+# Ignore our own bans, to keep our counts exact.
+ignoreregex = fail2ban.actions:\s+WARNING\s+\[%(_jailname)s\]\s+Ban\s+<HOST>
--- a/config/jail.conf
+++ b/config/jail.conf
@ -264,3 +264,14 @@ action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
 logpath  = /var/log/named/security.log
 ignoreip = 168.192.0.1

+# Jail for more extended banning of persistent abusers
+[recidive]
+
+enabled  = false
+filter   = recidive
+logpath  = /var/log/fail2ban.log
+action   = iptables-allports[name=recidive]
+           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
+bantime  = 604800  # 1 week
+findtime = 86400   # 1 day
+maxretry = 5
--- a/files/gentoo-initd
+++ b/files/gentoo-initd
@ -19,7 +19,8 @@
 # 
 # $Revision$

-opts="reload showlog"
+extra_commands="showlog"
+extra_started_commands="reload"

 FAIL2BAN="/usr/bin/fail2ban-client ${FAIL2BAN_OPTIONS}"