From 2e992c23534f712f6ada6ba8ab61ff243d5137bc Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Thu, 21 Dec 2006 16:54:39 +0000 Subject: [PATCH] * Fail2ban now bans vsftpd logins (corrected logfile path and failregex) (Closes: #404060) --- debian/changelog | 7 +++++++ debian/jail.conf | 2 +- debian/patches/00list | 1 + debian/patches/10_vsftpd_regex.dpatch | 19 +++++++++++++++++++ 4 files changed, 28 insertions(+), 1 deletion(-) create mode 100755 debian/patches/10_vsftpd_regex.dpatch diff --git a/debian/changelog b/debian/changelog index 3d757864..403697f7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +fail2ban (0.7.5-3~pre1) unstable; urgency=low + + * Fail2ban now bans vsftpd logins (corrected logfile path and failregex) + (Closes: #404060) + + -- Yaroslav Halchenko Thu, 21 Dec 2006 11:53:22 -0500 + fail2ban (0.7.5-2) unstable; urgency=low * NEWS.Debian confusions - the latest NEWS entry and postinst message were diff --git a/debian/jail.conf b/debian/jail.conf index 5b46267e..d4a2804f 100644 --- a/debian/jail.conf +++ b/debian/jail.conf @@ -97,7 +97,7 @@ maxretry = 6 enabled = false port = ftp filter = vsftpd -logpath = /var/log/auth.log +logpath = /var/log/vsftpd.log maxretry = 6 diff --git a/debian/patches/00list b/debian/patches/00list index 66ed4e58..9e3c1627 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -4,3 +4,4 @@ X00_rigid_python24 10_dbts_manpages 10_wuftpd_section 00_mail-whois-lines +10_vsftpd_regex diff --git a/debian/patches/10_vsftpd_regex.dpatch b/debian/patches/10_vsftpd_regex.dpatch new file mode 100755 index 00000000..b2c09e28 --- /dev/null +++ b/debian/patches/10_vsftpd_regex.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10_vsftpd_regex.dpatch by Yaroslav Halchenko +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad fail2ban-0.7.5~/config/filter.d/vsftpd.conf fail2ban-0.7.5/config/filter.d/vsftpd.conf +--- fail2ban-0.7.5~/config/filter.d/vsftpd.conf 2006-11-19 16:34:49.000000000 -0500 ++++ fail2ban-0.7.5/config/filter.d/vsftpd.conf 2006-12-21 11:46:30.000000000 -0500 +@@ -13,7 +13,7 @@ + # be used for standard IP/hostname matching. + # Values: TEXT + # +-failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost= ++failregex = \[.+\] FAIL LOGIN: Client "(?P\S+)"$ + + # Option: ignoreregex + # Notes.: regex to ignore. If this regex matches, the line is ignored.