* Currrent snapshot of trunk

* Removed outdated (applied in 0.7.4 or specific for 0.6.?) patches
  from debian/patches
debian-releases/etch
Yaroslav Halchenko 2006-10-23 04:45:34 +00:00
parent 923d2214d9
commit 37d2abc8ea
15 changed files with 10 additions and 481 deletions

8
debian/changelog vendored
View File

@ -1,3 +1,11 @@
fail2ban (0.7.4~pre2006102-1) experimental; urgency=low
* Currrent snapshot of trunk
* Removed outdated (applied in 0.7.4 or specific for 0.6.?) patches
from debian/patches
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 23 Oct 2006 00:17:55 -0400
fail2ban (0.7.3-2) experimental; urgency=low fail2ban (0.7.3-2) experimental; urgency=low
* Added wuftpd section * Added wuftpd section

View File

@ -1,22 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_empty_ip.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Filter out empty IPs for ignoreip
@DPATCH@
diff -x '*~' -Naur fail2ban-0.6.1.pre/fail2ban.py fail2ban-0.6.1.post/fail2ban.py
--- fail2ban-0.6.1.pre/fail2ban.py 2006-03-19 00:20:44.000000000 -0500
+++ fail2ban-0.6.1.post/fail2ban.py 2006-07-03 21:56:10.000000000 -0400
@@ -356,7 +356,9 @@
"ONLY DISPLAYED IN THE LOG MESSAGES")
# Ignores IP list
- ignoreIPList = conf["ignoreip"].split(' ')
+ # and filter out empty entries. Otherwise
+ # WARNING: is not a valid IP address
+ ignoreIPList = filter(None, conf["ignoreip"].split(' '))
# Checks for root user. This is necessary because log files
# are owned by root and firewall needs root access.

View File

@ -1,160 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_proftpd_section.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: New section for proftpd
@DPATCH@
diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.hostsdeny fail2ban-0.6.1.post/config/fail2ban.conf.hostsdeny
--- fail2ban-0.6.1.pre/config/fail2ban.conf.hostsdeny 2006-05-27 22:57:03.000000000 -0400
+++ fail2ban-0.6.1.post/config/fail2ban.conf.hostsdeny 2006-05-27 23:01:11.000000000 -0400
@@ -291,6 +291,47 @@
failregex = FAIL LOGIN
+[PROFTPD]
+# Option: enabled
+# Notes.: enable monitoring for this section.
+# Values: [true | false] Default: false
+#
+enabled = false
+
+# Option: logfile
+# Notes.: logfile to monitor.
+# Values: FILE Default: /var/log/proftpd/proftpd.log
+# Other.: /var/log/auth.log
+#
+logfile = /var/log/proftpd/proftpd.log
+
+# Option: port
+# Notes.: specifies port to monitor
+# Values: [ NUM | STRING ] Default: ftp
+#
+port = ftp
+
+# Option: timeregex
+# Notes.: regex to match timestamp in VSFTPD logfile.
+# Values: [Mar 7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option: timepattern
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default:
+#
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
+
+
[SSH]
# Option: enabled
# Notes.: enable monitoring for this section.
diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.iptables fail2ban-0.6.1.post/config/fail2ban.conf.iptables
--- fail2ban-0.6.1.pre/config/fail2ban.conf.iptables 2006-05-27 22:57:03.000000000 -0400
+++ fail2ban-0.6.1.post/config/fail2ban.conf.iptables 2006-05-27 23:01:20.000000000 -0400
@@ -385,6 +385,48 @@
#
failregex = FAIL LOGIN
+
+[PROFTPD]
+# Option: enabled
+# Notes.: enable monitoring for this section.
+# Values: [true | false] Default: false
+#
+enabled = false
+
+# Option: logfile
+# Notes.: logfile to monitor.
+# Values: FILE Default: /var/log/proftpd/proftpd.log
+# Other.: /var/log/auth.log
+#
+logfile = /var/log/proftpd/proftpd.log
+
+# Option: port
+# Notes.: specifies port to monitor
+# Values: [ NUM | STRING ] Default: ftp
+#
+port = ftp
+
+# Option: timeregex
+# Notes.: regex to match timestamp in VSFTPD logfile.
+# Values: [Mar 7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option: timepattern
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default:
+#
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
+
+
[SSH]
# Option: enabled
# Notes.: enable monitoring for this section.
diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.shorewall fail2ban-0.6.1.post/config/fail2ban.conf.shorewall
--- fail2ban-0.6.1.pre/config/fail2ban.conf.shorewall 2006-05-27 22:57:03.000000000 -0400
+++ fail2ban-0.6.1.post/config/fail2ban.conf.shorewall 2006-05-27 23:00:32.000000000 -0400
@@ -277,6 +277,45 @@
#
failregex = FAIL LOGIN
+[PROFTPD]
+# Option: enabled
+# Notes.: enable monitoring for this section.
+# Values: [true | false] Default: false
+#
+enabled = false
+
+# Option: logfile
+# Notes.: logfile to monitor.
+# Values: FILE Default: /var/log/proftpd/proftpd.log
+# Other.: /var/log/auth.log
+#
+logfile = /var/log/proftpd/proftpd.log
+
+# Option: port
+# Notes.: specifies port to monitor
+# Values: [ NUM | STRING ] Default: ftp
+#
+port = ftp
+
+# Option: timeregex
+# Notes.: regex to match timestamp in VSFTPD logfile.
+# Values: [Mar 7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option: timepattern
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default:
+#
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
[SSH]
# Option: enabled

View File

@ -1,44 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_vsftpd_regexp.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fix of debian bug #366687: strict regexp for vsftpd
@DPATCH@
diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.iptables fail2ban-0.6.1.fixed/config/fail2ban.conf.iptables
--- fail2ban-0.6.1.orig/config/fail2ban.conf.iptables 2006-03-27 12:56:38.000000000 -0500
+++ fail2ban-0.6.1.fixed/config/fail2ban.conf.iptables 2006-05-10 13:47:40.000000000 -0400
@@ -383,7 +383,7 @@
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: Authentication failure|Failed password|Invalid user
#
-failregex = FAIL LOGIN
+failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
[PROFTPD]
# Option: enabled
diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.shorewall fail2ban-0.6.1.fixed/config/fail2ban.conf.shorewall
--- fail2ban-0.6.1.orig/config/fail2ban.conf.shorewall 2006-03-27 12:56:38.000000000 -0500
+++ fail2ban-0.6.1.fixed/config/fail2ban.conf.shorewall 2006-05-10 13:47:40.000000000 -0400
@@ -383,7 +383,7 @@
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: Authentication failure|Failed password|Invalid user
#
-failregex = FAIL LOGIN
+failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
[PROFTPD]
# Option: enabled
diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.hostsdeny fail2ban-0.6.1.fixed/config/fail2ban.conf.hostsdeny
--- fail2ban-0.6.1.orig/config/fail2ban.conf.hostsdeny 2006-03-27 12:56:38.000000000 -0500
+++ fail2ban-0.6.1.fixed/config/fail2ban.conf.hostsdeny 2006-05-10 13:47:40.000000000 -0400
@@ -383,7 +383,7 @@
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: Authentication failure|Failed password|Invalid user
#
-failregex = FAIL LOGIN
+failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
[PROFTPD]
# Option: enabled

View File

@ -1,6 +1,3 @@
X00_rigid_python24 X00_rigid_python24
X00_apache_log_failregex
10_dbts_manpages 10_dbts_manpages
10_proftpd_section
10_wuftpd_section 10_wuftpd_section
10_sasl_section

View File

@ -12,7 +12,7 @@ diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.iptables fail2ban-0.6
@@ -270,6 +270,7 @@ @@ -270,6 +270,7 @@
# Option: logfile # Option: logfile
# Notes.: logfile to monitor. # Notes.: logfile to monitor.
# Values: FILE Default: /var/log/apache/error.log # Values: FILE
+# Other.: /var/log/apache2/error.log +# Other.: /var/log/apache2/error.log
# #
logfile = /var/log/apache/error.log logfile = /var/log/apache/error.log

View File

@ -1,58 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 02_sasl_config.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Added saslauthd section from martin f krafft <madduck@debian.org>
@DPATCH@
diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.iptables fail2ban-0.6.1.post/config/fail2ban.conf.iptables
--- fail2ban-0.6.1.pre/config/fail2ban.conf.iptables 2006-05-30 10:03:16.000000000 -0400
+++ fail2ban-0.6.1.post/config/fail2ban.conf.iptables 2006-05-30 10:13:56.000000000 -0400
@@ -260,6 +260,46 @@
# failregex.
+[SASL]
+# Option: enabled
+# Notes.: enable monitoring for this section.
+# Values: [true | false] Default: true
+#
+enabled = false
+
+# Option: port
+# Notes.: specifies port to monitor
+# Values: [ NUM | STRING ] Default:
+#
+port = smtp
+
+# Option: logfile
+# Notes.: logfile to monitor.
+# Values: FILE Default: /var/log/auth.log
+#
+logfile = /var/log/mail.log
+
+# Option: timeregex
+# Notes.: regex to match timestamp
+# Values: [Mar 7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option: timepattern
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default:
+#
+failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
+
+
[Apache]
# Option: enabled
# Notes.: enable monitoring for this section.

View File

@ -1,39 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## fail2ban_conf_5_manpage.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Adjusts manpage for configuration file to reflect Debian specific
## DP: changes
@DPATCH@
diff -Naur fail2ban-0.6.1.orig/man/fail2ban.conf.5 fail2ban-0.6.1.mod/man/fail2ban.conf.5
--- fail2ban-0.6.1.orig/man/fail2ban.conf.5 2006-08-16 00:30:19.000000000 +0300
+++ fail2ban-0.6.1.mod/man/fail2ban.conf.5 2006-08-16 00:28:44.000000000 +0300
@@ -5,7 +5,7 @@
.SH "DESCRIPTION"
\fB/etc/fail2ban.conf\fR contains data about the general configuration of fail2ban, the mail notification and services to monitor.
.SH "VARIABLES"
-Please look at the file itself
+Please look at the file itself. Had you modified it and kept modified version during upgrades, please look at fail2ban.conf.iptables.gz file at /usr/share/doc/fail2ban/examples, which provides full version of the shipped configuration file.
.SH "FILES"
.I /etc/fail2ban.conf
.SH "REPORTING BUGS"
@@ -13,8 +13,16 @@
via bug tracker
.SH "AUTHOR"
Cyril Jaquier <lostcontrol@users.sourceforge.net>
+.br
+Modified by
+.br
+ - Yaroslav O. Halchenko <debian@onerussian.com>.
+.br
+Sponsored for Debian by
+.br
+ - Barak A. Pearlmutter <barak@cs.nuim.ie>.
.SH "SEE ALSO"
-.BR fail2ban (8)
+.BR fail2ban(8)
.TP
See
.BR "http://fail2ban.sourceforge.net/".

View File

@ -1,25 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_proftpd_section.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.3~/config/filter.d/proftpd.conf fail2ban-0.7.3/config/filter.d/proftpd.conf
--- fail2ban-0.7.3~/config/filter.d/proftpd.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.3/config/filter.d/proftpd.conf 2006-09-29 00:11:33.000000000 -0400
@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: 331 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default: Authentication failure|Failed password|Invalid user
+#
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$

View File

@ -1,25 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_sasl_section.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.3~/config/filter.d/sasl.conf fail2ban-0.7.3/config/filter.d/sasl.conf
--- fail2ban-0.7.3~/config/filter.d/sasl.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.3/config/filter.d/sasl.conf 2006-09-29 00:18:19.000000000 -0400
@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: 331 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default: Authentication failure|Failed password|Invalid user
+#
+failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$

View File

@ -20,6 +20,6 @@ diff -urNad fail2ban-0.7.3~/config/filter.d/wuftpd.conf fail2ban-0.7.3/config/fi
+ +
+# Option: failregex +# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. +# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default: +# Values: TEXT
+# +#
+failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=(?P<host>\S*) +failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=(?P<host>\S*)

View File

@ -1,17 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## apache_log_failregex.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fixed apache failregex
@DPATCH@
diff -Naur -x '*~' fail2ban-0.7.1/config/filter.d/apache-auth.conf fail2ban-0.7.1.modified/config/filter.d/apache-auth.conf
--- fail2ban-0.7.1/config/filter.d/apache-auth.conf 2006-09-05 11:13:54.000000000 -0400
+++ fail2ban-0.7.1.modified/config/filter.d/apache-auth.conf 2006-09-05 11:12:19.000000000 -0400
@@ -39,4 +39,4 @@
# Notes.: regex to match the password failure messages in the logfile.
# Values: TEXT Default: authentication failure|user .* not found
#
-failregex = authentication failure|user .* not found
+failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)

View File

@ -1,20 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## apache_log_path.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fixed apache path to the default in debian
@DPATCH@
diff -Naur -x '*~' fail2ban-0.7.1/config/filter.d/apache-auth.conf fail2ban-0.7.1.modified/config/filter.d/apache-auth.conf
--- fail2ban-0.7.1/config/filter.d/apache-auth.conf 2006-07-17 15:25:03.000000000 -0400
+++ fail2ban-0.7.1.modified/config/filter.d/apache-auth.conf 2006-09-05 10:59:07.000000000 -0400
@@ -17,7 +17,7 @@
# Notes.: logfile to monitor.
# Values: FILE Default: /var/log/httpd/access_log
#
-logfile = /var/log/httpd/access_log
+logfile = /var/log/apache/error.log
# Option: timeregex
# Notes.: regex to match timestamp in Apache logfile. For TAI64N format,

View File

@ -1,38 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## debian_jail.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Default debian jails
@DPATCH@
diff -Naur -x '*~' fail2ban-0.7.1/config/jail.conf fail2ban-0.7.1.modified/config/jail.conf
--- fail2ban-0.7.1/config/jail.conf 2006-08-20 17:33:11.000000000 -0400
+++ fail2ban-0.7.1.modified/config/jail.conf 2006-09-05 11:27:50.000000000 -0400
@@ -5,11 +5,20 @@
# $Revision: 281 $
#
-[dummy]
+[SSH]
-enabled = false
+enabled = true
filter = sshd
-action = hostsdeny[file=/tmp/hosts.deny]
- mail[name=SSH, dest=cyril.jaquier@bluewin.ch]
-maxretry = 2
-bantime = 10
+action = iptables
+ mail[name=SSH, dest=root@localhost]
+maxretry = 5
+bantime = 600
+
+[Apache]
+
+enabled = false
+filter = apache-auth
+action = iptables
+ mail[name=Apache, dest=root@localhost]
+maxretry = 5
+bantime = 600

View File

@ -1,28 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## ssh_path.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Debian specific ssh path
@DPATCH@
diff -urNad fail2ban-0.7.3~/config/jail.conf fail2ban-0.7.3/config/jail.conf
--- fail2ban-0.7.3~/config/jail.conf 2006-09-27 16:30:27.000000000 -0400
+++ fail2ban-0.7.3/config/jail.conf 2006-09-28 22:26:35.000000000 -0400
@@ -26,7 +26,7 @@
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
mail-whois[name=SSH, dest=yourmail@mail.com]
-logpath = /var/log/sshd.log
+logpath = /var/log/auth.log
maxretry = 5
# This one behaves like the previous and sends a report when the jail
@@ -39,7 +39,7 @@
action = iptables[name=SSH, port=ssh, protocol=tcp]
mail-whois[name=SSH, dest=yourmail@mail.com]
mail-report[dest=yourmail@mail.com]
-logpath = /var/log/sshd.log
+logpath = /var/log/auth.log
maxretry = 5
# Here we use TCP-Wrappers instead of Netfilter/Iptables.