* Fail2ban now bans vsftpd logins (corrected logfile path and failregex)

(Closes: #404060)

debian/changelog

@@ -1,3 +1,10 @@
+fail2ban (0.7.5-3~pre1) unstable; urgency=low
+
+  * Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
+    (Closes: #404060)
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 21 Dec 2006 11:53:22 -0500
+
 fail2ban (0.7.5-2) unstable; urgency=low
 
   * NEWS.Debian confusions - the latest NEWS entry and postinst message were

debian/jail.conf

@@ -97,7 +97,7 @@ maxretry = 6
 enabled  = false
 port	 = ftp
 filter   = vsftpd
-logpath  = /var/log/auth.log
+logpath  = /var/log/vsftpd.log
 maxretry = 6
 
 

debian/patches/00list

@@ -4,3 +4,4 @@ X00_rigid_python24
 10_dbts_manpages
 10_wuftpd_section
 00_mail-whois-lines
+10_vsftpd_regex

debian/patches/10_vsftpd_regex.dpatch

@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 10_vsftpd_regex.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad fail2ban-0.7.5~/config/filter.d/vsftpd.conf fail2ban-0.7.5/config/filter.d/vsftpd.conf
+--- fail2ban-0.7.5~/config/filter.d/vsftpd.conf	2006-11-19 16:34:49.000000000 -0500
++++ fail2ban-0.7.5/config/filter.d/vsftpd.conf	2006-12-21 11:46:30.000000000 -0500
+@@ -13,7 +13,7 @@
+ #          be used for standard IP/hostname matching.
+ # Values: TEXT
+ #
+-failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
++failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
+ 
+ # Option:  ignoreregex
+ # Notes.:  regex to ignore. If this regex matches, the line is ignored.