mirror of https://github.com/fail2ban/fail2ban
* Currrent snapshot of trunk
* Removed outdated (applied in 0.7.4 or specific for 0.6.?) patches from debian/patchesdebian-releases/etch
parent
923d2214d9
commit
37d2abc8ea
|
@ -1,3 +1,11 @@
|
||||||
|
fail2ban (0.7.4~pre2006102-1) experimental; urgency=low
|
||||||
|
|
||||||
|
* Currrent snapshot of trunk
|
||||||
|
* Removed outdated (applied in 0.7.4 or specific for 0.6.?) patches
|
||||||
|
from debian/patches
|
||||||
|
|
||||||
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 23 Oct 2006 00:17:55 -0400
|
||||||
|
|
||||||
fail2ban (0.7.3-2) experimental; urgency=low
|
fail2ban (0.7.3-2) experimental; urgency=low
|
||||||
|
|
||||||
* Added wuftpd section
|
* Added wuftpd section
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 00_empty_ip.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: Filter out empty IPs for ignoreip
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
|
|
||||||
diff -x '*~' -Naur fail2ban-0.6.1.pre/fail2ban.py fail2ban-0.6.1.post/fail2ban.py
|
|
||||||
--- fail2ban-0.6.1.pre/fail2ban.py 2006-03-19 00:20:44.000000000 -0500
|
|
||||||
+++ fail2ban-0.6.1.post/fail2ban.py 2006-07-03 21:56:10.000000000 -0400
|
|
||||||
@@ -356,7 +356,9 @@
|
|
||||||
"ONLY DISPLAYED IN THE LOG MESSAGES")
|
|
||||||
|
|
||||||
# Ignores IP list
|
|
||||||
- ignoreIPList = conf["ignoreip"].split(' ')
|
|
||||||
+ # and filter out empty entries. Otherwise
|
|
||||||
+ # WARNING: is not a valid IP address
|
|
||||||
+ ignoreIPList = filter(None, conf["ignoreip"].split(' '))
|
|
||||||
|
|
||||||
# Checks for root user. This is necessary because log files
|
|
||||||
# are owned by root and firewall needs root access.
|
|
|
@ -1,160 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 00_proftpd_section.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: New section for proftpd
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
|
|
||||||
diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.hostsdeny fail2ban-0.6.1.post/config/fail2ban.conf.hostsdeny
|
|
||||||
--- fail2ban-0.6.1.pre/config/fail2ban.conf.hostsdeny 2006-05-27 22:57:03.000000000 -0400
|
|
||||||
+++ fail2ban-0.6.1.post/config/fail2ban.conf.hostsdeny 2006-05-27 23:01:11.000000000 -0400
|
|
||||||
@@ -291,6 +291,47 @@
|
|
||||||
failregex = FAIL LOGIN
|
|
||||||
|
|
||||||
|
|
||||||
+[PROFTPD]
|
|
||||||
+# Option: enabled
|
|
||||||
+# Notes.: enable monitoring for this section.
|
|
||||||
+# Values: [true | false] Default: false
|
|
||||||
+#
|
|
||||||
+enabled = false
|
|
||||||
+
|
|
||||||
+# Option: logfile
|
|
||||||
+# Notes.: logfile to monitor.
|
|
||||||
+# Values: FILE Default: /var/log/proftpd/proftpd.log
|
|
||||||
+# Other.: /var/log/auth.log
|
|
||||||
+#
|
|
||||||
+logfile = /var/log/proftpd/proftpd.log
|
|
||||||
+
|
|
||||||
+# Option: port
|
|
||||||
+# Notes.: specifies port to monitor
|
|
||||||
+# Values: [ NUM | STRING ] Default: ftp
|
|
||||||
+#
|
|
||||||
+port = ftp
|
|
||||||
+
|
|
||||||
+# Option: timeregex
|
|
||||||
+# Notes.: regex to match timestamp in VSFTPD logfile.
|
|
||||||
+# Values: [Mar 7 17:53:28]
|
|
||||||
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
|
|
||||||
+#
|
|
||||||
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
|
|
||||||
+
|
|
||||||
+# Option: timepattern
|
|
||||||
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
|
|
||||||
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
|
|
||||||
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
|
|
||||||
+#
|
|
||||||
+timepattern = %%b %%d %%H:%%M:%%S
|
|
||||||
+
|
|
||||||
+# Option: failregex
|
|
||||||
+# Notes.: regex to match the password failures messages in the logfile.
|
|
||||||
+# Values: TEXT Default:
|
|
||||||
+#
|
|
||||||
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
|
|
||||||
+
|
|
||||||
+
|
|
||||||
[SSH]
|
|
||||||
# Option: enabled
|
|
||||||
# Notes.: enable monitoring for this section.
|
|
||||||
diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.iptables fail2ban-0.6.1.post/config/fail2ban.conf.iptables
|
|
||||||
--- fail2ban-0.6.1.pre/config/fail2ban.conf.iptables 2006-05-27 22:57:03.000000000 -0400
|
|
||||||
+++ fail2ban-0.6.1.post/config/fail2ban.conf.iptables 2006-05-27 23:01:20.000000000 -0400
|
|
||||||
@@ -385,6 +385,48 @@
|
|
||||||
#
|
|
||||||
failregex = FAIL LOGIN
|
|
||||||
|
|
||||||
+
|
|
||||||
+[PROFTPD]
|
|
||||||
+# Option: enabled
|
|
||||||
+# Notes.: enable monitoring for this section.
|
|
||||||
+# Values: [true | false] Default: false
|
|
||||||
+#
|
|
||||||
+enabled = false
|
|
||||||
+
|
|
||||||
+# Option: logfile
|
|
||||||
+# Notes.: logfile to monitor.
|
|
||||||
+# Values: FILE Default: /var/log/proftpd/proftpd.log
|
|
||||||
+# Other.: /var/log/auth.log
|
|
||||||
+#
|
|
||||||
+logfile = /var/log/proftpd/proftpd.log
|
|
||||||
+
|
|
||||||
+# Option: port
|
|
||||||
+# Notes.: specifies port to monitor
|
|
||||||
+# Values: [ NUM | STRING ] Default: ftp
|
|
||||||
+#
|
|
||||||
+port = ftp
|
|
||||||
+
|
|
||||||
+# Option: timeregex
|
|
||||||
+# Notes.: regex to match timestamp in VSFTPD logfile.
|
|
||||||
+# Values: [Mar 7 17:53:28]
|
|
||||||
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
|
|
||||||
+#
|
|
||||||
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
|
|
||||||
+
|
|
||||||
+# Option: timepattern
|
|
||||||
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
|
|
||||||
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
|
|
||||||
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
|
|
||||||
+#
|
|
||||||
+timepattern = %%b %%d %%H:%%M:%%S
|
|
||||||
+
|
|
||||||
+# Option: failregex
|
|
||||||
+# Notes.: regex to match the password failures messages in the logfile.
|
|
||||||
+# Values: TEXT Default:
|
|
||||||
+#
|
|
||||||
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
|
|
||||||
+
|
|
||||||
+
|
|
||||||
[SSH]
|
|
||||||
# Option: enabled
|
|
||||||
# Notes.: enable monitoring for this section.
|
|
||||||
diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.shorewall fail2ban-0.6.1.post/config/fail2ban.conf.shorewall
|
|
||||||
--- fail2ban-0.6.1.pre/config/fail2ban.conf.shorewall 2006-05-27 22:57:03.000000000 -0400
|
|
||||||
+++ fail2ban-0.6.1.post/config/fail2ban.conf.shorewall 2006-05-27 23:00:32.000000000 -0400
|
|
||||||
@@ -277,6 +277,45 @@
|
|
||||||
#
|
|
||||||
failregex = FAIL LOGIN
|
|
||||||
|
|
||||||
+[PROFTPD]
|
|
||||||
+# Option: enabled
|
|
||||||
+# Notes.: enable monitoring for this section.
|
|
||||||
+# Values: [true | false] Default: false
|
|
||||||
+#
|
|
||||||
+enabled = false
|
|
||||||
+
|
|
||||||
+# Option: logfile
|
|
||||||
+# Notes.: logfile to monitor.
|
|
||||||
+# Values: FILE Default: /var/log/proftpd/proftpd.log
|
|
||||||
+# Other.: /var/log/auth.log
|
|
||||||
+#
|
|
||||||
+logfile = /var/log/proftpd/proftpd.log
|
|
||||||
+
|
|
||||||
+# Option: port
|
|
||||||
+# Notes.: specifies port to monitor
|
|
||||||
+# Values: [ NUM | STRING ] Default: ftp
|
|
||||||
+#
|
|
||||||
+port = ftp
|
|
||||||
+
|
|
||||||
+# Option: timeregex
|
|
||||||
+# Notes.: regex to match timestamp in VSFTPD logfile.
|
|
||||||
+# Values: [Mar 7 17:53:28]
|
|
||||||
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
|
|
||||||
+#
|
|
||||||
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
|
|
||||||
+
|
|
||||||
+# Option: timepattern
|
|
||||||
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
|
|
||||||
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
|
|
||||||
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
|
|
||||||
+#
|
|
||||||
+timepattern = %%b %%d %%H:%%M:%%S
|
|
||||||
+
|
|
||||||
+# Option: failregex
|
|
||||||
+# Notes.: regex to match the password failures messages in the logfile.
|
|
||||||
+# Values: TEXT Default:
|
|
||||||
+#
|
|
||||||
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
|
|
||||||
|
|
||||||
[SSH]
|
|
||||||
# Option: enabled
|
|
|
@ -1,44 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 00_vsftpd_regexp.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: Fix of debian bug #366687: strict regexp for vsftpd
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
|
|
||||||
diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.iptables fail2ban-0.6.1.fixed/config/fail2ban.conf.iptables
|
|
||||||
--- fail2ban-0.6.1.orig/config/fail2ban.conf.iptables 2006-03-27 12:56:38.000000000 -0500
|
|
||||||
+++ fail2ban-0.6.1.fixed/config/fail2ban.conf.iptables 2006-05-10 13:47:40.000000000 -0400
|
|
||||||
@@ -383,7 +383,7 @@
|
|
||||||
# Notes.: regex to match the password failures messages in the logfile.
|
|
||||||
# Values: TEXT Default: Authentication failure|Failed password|Invalid user
|
|
||||||
#
|
|
||||||
-failregex = FAIL LOGIN
|
|
||||||
+failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
|
|
||||||
|
|
||||||
[PROFTPD]
|
|
||||||
# Option: enabled
|
|
||||||
diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.shorewall fail2ban-0.6.1.fixed/config/fail2ban.conf.shorewall
|
|
||||||
--- fail2ban-0.6.1.orig/config/fail2ban.conf.shorewall 2006-03-27 12:56:38.000000000 -0500
|
|
||||||
+++ fail2ban-0.6.1.fixed/config/fail2ban.conf.shorewall 2006-05-10 13:47:40.000000000 -0400
|
|
||||||
@@ -383,7 +383,7 @@
|
|
||||||
# Notes.: regex to match the password failures messages in the logfile.
|
|
||||||
# Values: TEXT Default: Authentication failure|Failed password|Invalid user
|
|
||||||
#
|
|
||||||
-failregex = FAIL LOGIN
|
|
||||||
+failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
|
|
||||||
|
|
||||||
[PROFTPD]
|
|
||||||
# Option: enabled
|
|
||||||
diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.hostsdeny fail2ban-0.6.1.fixed/config/fail2ban.conf.hostsdeny
|
|
||||||
--- fail2ban-0.6.1.orig/config/fail2ban.conf.hostsdeny 2006-03-27 12:56:38.000000000 -0500
|
|
||||||
+++ fail2ban-0.6.1.fixed/config/fail2ban.conf.hostsdeny 2006-05-10 13:47:40.000000000 -0400
|
|
||||||
@@ -383,7 +383,7 @@
|
|
||||||
# Notes.: regex to match the password failures messages in the logfile.
|
|
||||||
# Values: TEXT Default: Authentication failure|Failed password|Invalid user
|
|
||||||
#
|
|
||||||
-failregex = FAIL LOGIN
|
|
||||||
+failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
|
|
||||||
|
|
||||||
[PROFTPD]
|
|
||||||
# Option: enabled
|
|
|
@ -1,6 +1,3 @@
|
||||||
X00_rigid_python24
|
X00_rigid_python24
|
||||||
X00_apache_log_failregex
|
|
||||||
10_dbts_manpages
|
10_dbts_manpages
|
||||||
10_proftpd_section
|
|
||||||
10_wuftpd_section
|
10_wuftpd_section
|
||||||
10_sasl_section
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.iptables fail2ban-0.6
|
||||||
@@ -270,6 +270,7 @@
|
@@ -270,6 +270,7 @@
|
||||||
# Option: logfile
|
# Option: logfile
|
||||||
# Notes.: logfile to monitor.
|
# Notes.: logfile to monitor.
|
||||||
# Values: FILE Default: /var/log/apache/error.log
|
# Values: FILE
|
||||||
+# Other.: /var/log/apache2/error.log
|
+# Other.: /var/log/apache2/error.log
|
||||||
#
|
#
|
||||||
logfile = /var/log/apache/error.log
|
logfile = /var/log/apache/error.log
|
||||||
|
|
|
@ -1,58 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 02_sasl_config.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: Added saslauthd section from martin f krafft <madduck@debian.org>
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
|
|
||||||
diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.iptables fail2ban-0.6.1.post/config/fail2ban.conf.iptables
|
|
||||||
--- fail2ban-0.6.1.pre/config/fail2ban.conf.iptables 2006-05-30 10:03:16.000000000 -0400
|
|
||||||
+++ fail2ban-0.6.1.post/config/fail2ban.conf.iptables 2006-05-30 10:13:56.000000000 -0400
|
|
||||||
@@ -260,6 +260,46 @@
|
|
||||||
# failregex.
|
|
||||||
|
|
||||||
|
|
||||||
+[SASL]
|
|
||||||
+# Option: enabled
|
|
||||||
+# Notes.: enable monitoring for this section.
|
|
||||||
+# Values: [true | false] Default: true
|
|
||||||
+#
|
|
||||||
+enabled = false
|
|
||||||
+
|
|
||||||
+# Option: port
|
|
||||||
+# Notes.: specifies port to monitor
|
|
||||||
+# Values: [ NUM | STRING ] Default:
|
|
||||||
+#
|
|
||||||
+port = smtp
|
|
||||||
+
|
|
||||||
+# Option: logfile
|
|
||||||
+# Notes.: logfile to monitor.
|
|
||||||
+# Values: FILE Default: /var/log/auth.log
|
|
||||||
+#
|
|
||||||
+logfile = /var/log/mail.log
|
|
||||||
+
|
|
||||||
+# Option: timeregex
|
|
||||||
+# Notes.: regex to match timestamp
|
|
||||||
+# Values: [Mar 7 17:53:28]
|
|
||||||
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
|
|
||||||
+#
|
|
||||||
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
|
|
||||||
+
|
|
||||||
+# Option: timepattern
|
|
||||||
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
|
|
||||||
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
|
|
||||||
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
|
|
||||||
+#
|
|
||||||
+timepattern = %%b %%d %%H:%%M:%%S
|
|
||||||
+
|
|
||||||
+# Option: failregex
|
|
||||||
+# Notes.: regex to match the password failures messages in the logfile.
|
|
||||||
+# Values: TEXT Default:
|
|
||||||
+#
|
|
||||||
+failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
|
|
||||||
+
|
|
||||||
+
|
|
||||||
[Apache]
|
|
||||||
# Option: enabled
|
|
||||||
# Notes.: enable monitoring for this section.
|
|
|
@ -1,39 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## fail2ban_conf_5_manpage.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: Adjusts manpage for configuration file to reflect Debian specific
|
|
||||||
## DP: changes
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
|
|
||||||
diff -Naur fail2ban-0.6.1.orig/man/fail2ban.conf.5 fail2ban-0.6.1.mod/man/fail2ban.conf.5
|
|
||||||
--- fail2ban-0.6.1.orig/man/fail2ban.conf.5 2006-08-16 00:30:19.000000000 +0300
|
|
||||||
+++ fail2ban-0.6.1.mod/man/fail2ban.conf.5 2006-08-16 00:28:44.000000000 +0300
|
|
||||||
@@ -5,7 +5,7 @@
|
|
||||||
.SH "DESCRIPTION"
|
|
||||||
\fB/etc/fail2ban.conf\fR contains data about the general configuration of fail2ban, the mail notification and services to monitor.
|
|
||||||
.SH "VARIABLES"
|
|
||||||
-Please look at the file itself
|
|
||||||
+Please look at the file itself. Had you modified it and kept modified version during upgrades, please look at fail2ban.conf.iptables.gz file at /usr/share/doc/fail2ban/examples, which provides full version of the shipped configuration file.
|
|
||||||
.SH "FILES"
|
|
||||||
.I /etc/fail2ban.conf
|
|
||||||
.SH "REPORTING BUGS"
|
|
||||||
@@ -13,8 +13,16 @@
|
|
||||||
via bug tracker
|
|
||||||
.SH "AUTHOR"
|
|
||||||
Cyril Jaquier <lostcontrol@users.sourceforge.net>
|
|
||||||
+.br
|
|
||||||
+Modified by
|
|
||||||
+.br
|
|
||||||
+ - Yaroslav O. Halchenko <debian@onerussian.com>.
|
|
||||||
+.br
|
|
||||||
+Sponsored for Debian by
|
|
||||||
+.br
|
|
||||||
+ - Barak A. Pearlmutter <barak@cs.nuim.ie>.
|
|
||||||
.SH "SEE ALSO"
|
|
||||||
-.BR fail2ban (8)
|
|
||||||
+.BR fail2ban(8)
|
|
||||||
.TP
|
|
||||||
See
|
|
||||||
.BR "http://fail2ban.sourceforge.net/".
|
|
|
@ -1,25 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 10_proftpd_section.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: No description.
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad fail2ban-0.7.3~/config/filter.d/proftpd.conf fail2ban-0.7.3/config/filter.d/proftpd.conf
|
|
||||||
--- fail2ban-0.7.3~/config/filter.d/proftpd.conf 1969-12-31 19:00:00.000000000 -0500
|
|
||||||
+++ fail2ban-0.7.3/config/filter.d/proftpd.conf 2006-09-29 00:11:33.000000000 -0400
|
|
||||||
@@ -0,0 +1,14 @@
|
|
||||||
+# Fail2Ban configuration file
|
|
||||||
+#
|
|
||||||
+# Author: Yaroslav Halchenko
|
|
||||||
+#
|
|
||||||
+# $Revision: 331 $
|
|
||||||
+#
|
|
||||||
+
|
|
||||||
+[Definition]
|
|
||||||
+
|
|
||||||
+# Option: failregex
|
|
||||||
+# Notes.: regex to match the password failures messages in the logfile.
|
|
||||||
+# Values: TEXT Default: Authentication failure|Failed password|Invalid user
|
|
||||||
+#
|
|
||||||
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
|
|
|
@ -1,25 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 10_sasl_section.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: No description.
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad fail2ban-0.7.3~/config/filter.d/sasl.conf fail2ban-0.7.3/config/filter.d/sasl.conf
|
|
||||||
--- fail2ban-0.7.3~/config/filter.d/sasl.conf 1969-12-31 19:00:00.000000000 -0500
|
|
||||||
+++ fail2ban-0.7.3/config/filter.d/sasl.conf 2006-09-29 00:18:19.000000000 -0400
|
|
||||||
@@ -0,0 +1,14 @@
|
|
||||||
+# Fail2Ban configuration file
|
|
||||||
+#
|
|
||||||
+# Author: Yaroslav Halchenko
|
|
||||||
+#
|
|
||||||
+# $Revision: 331 $
|
|
||||||
+#
|
|
||||||
+
|
|
||||||
+[Definition]
|
|
||||||
+
|
|
||||||
+# Option: failregex
|
|
||||||
+# Notes.: regex to match the password failures messages in the logfile.
|
|
||||||
+# Values: TEXT Default: Authentication failure|Failed password|Invalid user
|
|
||||||
+#
|
|
||||||
+failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
|
|
|
@ -20,6 +20,6 @@ diff -urNad fail2ban-0.7.3~/config/filter.d/wuftpd.conf fail2ban-0.7.3/config/fi
|
||||||
+
|
+
|
||||||
+# Option: failregex
|
+# Option: failregex
|
||||||
+# Notes.: regex to match the password failures messages in the logfile.
|
+# Notes.: regex to match the password failures messages in the logfile.
|
||||||
+# Values: TEXT Default:
|
+# Values: TEXT
|
||||||
+#
|
+#
|
||||||
+failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=(?P<host>\S*)
|
+failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=(?P<host>\S*)
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## apache_log_failregex.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: Fixed apache failregex
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
|
|
||||||
diff -Naur -x '*~' fail2ban-0.7.1/config/filter.d/apache-auth.conf fail2ban-0.7.1.modified/config/filter.d/apache-auth.conf
|
|
||||||
--- fail2ban-0.7.1/config/filter.d/apache-auth.conf 2006-09-05 11:13:54.000000000 -0400
|
|
||||||
+++ fail2ban-0.7.1.modified/config/filter.d/apache-auth.conf 2006-09-05 11:12:19.000000000 -0400
|
|
||||||
@@ -39,4 +39,4 @@
|
|
||||||
# Notes.: regex to match the password failure messages in the logfile.
|
|
||||||
# Values: TEXT Default: authentication failure|user .* not found
|
|
||||||
#
|
|
||||||
-failregex = authentication failure|user .* not found
|
|
||||||
+failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
|
|
|
@ -1,20 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## apache_log_path.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: Fixed apache path to the default in debian
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
|
|
||||||
diff -Naur -x '*~' fail2ban-0.7.1/config/filter.d/apache-auth.conf fail2ban-0.7.1.modified/config/filter.d/apache-auth.conf
|
|
||||||
--- fail2ban-0.7.1/config/filter.d/apache-auth.conf 2006-07-17 15:25:03.000000000 -0400
|
|
||||||
+++ fail2ban-0.7.1.modified/config/filter.d/apache-auth.conf 2006-09-05 10:59:07.000000000 -0400
|
|
||||||
@@ -17,7 +17,7 @@
|
|
||||||
# Notes.: logfile to monitor.
|
|
||||||
# Values: FILE Default: /var/log/httpd/access_log
|
|
||||||
#
|
|
||||||
-logfile = /var/log/httpd/access_log
|
|
||||||
+logfile = /var/log/apache/error.log
|
|
||||||
|
|
||||||
# Option: timeregex
|
|
||||||
# Notes.: regex to match timestamp in Apache logfile. For TAI64N format,
|
|
|
@ -1,38 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## debian_jail.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: Default debian jails
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
|
|
||||||
diff -Naur -x '*~' fail2ban-0.7.1/config/jail.conf fail2ban-0.7.1.modified/config/jail.conf
|
|
||||||
--- fail2ban-0.7.1/config/jail.conf 2006-08-20 17:33:11.000000000 -0400
|
|
||||||
+++ fail2ban-0.7.1.modified/config/jail.conf 2006-09-05 11:27:50.000000000 -0400
|
|
||||||
@@ -5,11 +5,20 @@
|
|
||||||
# $Revision: 281 $
|
|
||||||
#
|
|
||||||
|
|
||||||
-[dummy]
|
|
||||||
+[SSH]
|
|
||||||
|
|
||||||
-enabled = false
|
|
||||||
+enabled = true
|
|
||||||
filter = sshd
|
|
||||||
-action = hostsdeny[file=/tmp/hosts.deny]
|
|
||||||
- mail[name=SSH, dest=cyril.jaquier@bluewin.ch]
|
|
||||||
-maxretry = 2
|
|
||||||
-bantime = 10
|
|
||||||
+action = iptables
|
|
||||||
+ mail[name=SSH, dest=root@localhost]
|
|
||||||
+maxretry = 5
|
|
||||||
+bantime = 600
|
|
||||||
+
|
|
||||||
+[Apache]
|
|
||||||
+
|
|
||||||
+enabled = false
|
|
||||||
+filter = apache-auth
|
|
||||||
+action = iptables
|
|
||||||
+ mail[name=Apache, dest=root@localhost]
|
|
||||||
+maxretry = 5
|
|
||||||
+bantime = 600
|
|
|
@ -1,28 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## ssh_path.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: Debian specific ssh path
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad fail2ban-0.7.3~/config/jail.conf fail2ban-0.7.3/config/jail.conf
|
|
||||||
--- fail2ban-0.7.3~/config/jail.conf 2006-09-27 16:30:27.000000000 -0400
|
|
||||||
+++ fail2ban-0.7.3/config/jail.conf 2006-09-28 22:26:35.000000000 -0400
|
|
||||||
@@ -26,7 +26,7 @@
|
|
||||||
filter = sshd
|
|
||||||
action = iptables[name=SSH, port=ssh, protocol=tcp]
|
|
||||||
mail-whois[name=SSH, dest=yourmail@mail.com]
|
|
||||||
-logpath = /var/log/sshd.log
|
|
||||||
+logpath = /var/log/auth.log
|
|
||||||
maxretry = 5
|
|
||||||
|
|
||||||
# This one behaves like the previous and sends a report when the jail
|
|
||||||
@@ -39,7 +39,7 @@
|
|
||||||
action = iptables[name=SSH, port=ssh, protocol=tcp]
|
|
||||||
mail-whois[name=SSH, dest=yourmail@mail.com]
|
|
||||||
mail-report[dest=yourmail@mail.com]
|
|
||||||
-logpath = /var/log/sshd.log
|
|
||||||
+logpath = /var/log/auth.log
|
|
||||||
maxretry = 5
|
|
||||||
|
|
||||||
# Here we use TCP-Wrappers instead of Netfilter/Iptables.
|
|
Loading…
Reference in New Issue