github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

* Added filter ssh-ddos to fight DDOS attacks. Must be used with caution if 

there is a possibility of clients accessing through unreliable connection 
  (Closes: #404487)
pull/3/head
Yaroslav Halchenko 2006-12-28 07:28:53 +00:00
parent 832a8a4346
commit 4d5ec804f5
4 changed files with 67 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
debian/changelog vendored
View File

@ -5,8 +5,11 @@ fail2ban (0.7.5-3~pre4) unstable; urgency=low
* Made fail2ban-server tollerate multiple <HOST> entries in failregex
* Moved call to dh_pycentral before dh_installinit
* Removed unnecessary call of dh_shlibdeps
* Added filter ssh-ddos to fight DDOS attacks. Must be used with caution if
there is a possibility of clients accessing through unreliable connection
(Closes: #404487)
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 21 Dec 2006 11:53:22 -0500
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 26 Dec 2006 21:56:58 -0500
fail2ban (0.7.5-2) unstable; urgency=low

9
debian/jail.conf vendored
View File

@ -67,6 +67,15 @@ filter = sshd
logpath = /var/log/auth.log
maxretry = 6
[ssh-ddos]
enabled = false
port = ssh
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 6
#
# HTTP servers
#

3
debian/patches/00list vendored
View File

@ -1,8 +1,9 @@
X00_rigid_python24
00_share_insteadof_lib
00_iptables_NEW
00_mail-whois-lines
10_dbts_manpages
10_wuftpd_section
00_mail-whois-lines
10_vsftpd_regex
10_ssh-ddos_section
10_multiple_HOST_regexp

52
debian/patches/10_ssh-ddos_section.dpatch vendored Executable file
View File

@ -0,0 +1,52 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_ssh-ddos_section.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.4~/config/filter.d/sshd-ddos.conf fail2ban-0.7.4/config/filter.d/sshd-ddos.conf
--- fail2ban-0.7.4~/config/filter.d/sshd-ddos.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.4/config/filter.d/sshd-ddos.conf 2006-12-26 21:59:03.000000000 -0500
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: 471 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = sshd\[\S*\]: Did not receive identification string from <HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
diff -urNad fail2ban-0.7.4~/config/jail.conf fail2ban-0.7.4/config/jail.conf
--- fail2ban-0.7.4~/config/jail.conf 2006-10-19 16:13:01.000000000 -0400
+++ fail2ban-0.7.4/config/jail.conf 2006-12-26 22:00:03.000000000 -0500
@@ -33,6 +33,15 @@
logpath = /var/log/sshd.log
maxretry = 5
+[ssh-ddos-iptables]
+
+enabled = false
+filter = sshd-ddos
+action = iptables[name=SSH, port=ssh, protocol=tcp]
+ mail-whois[name=SSH, dest=yourmail@mail.com]
+logpath = /var/log/sshd.log
+maxretry = 5
+
[proftpd-iptables]
enabled = false