From ab10664b57630fcf012ee5cf8cc1f00c2eadf7b4 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Sun, 14 Jul 2013 16:20:21 +1000 Subject: [PATCH 1/2] ENH: action.d/hostsdeny to take daemon_list arguement as suggested in README.Solaris --- ChangeLog | 2 +- README.Solaris | 6 ++---- config/action.d/hostsdeny.conf | 11 +++++++++-- config/jail.conf | 2 +- 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5b9ec79e..2fba9401 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,7 +29,7 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests Daniel Black * action.d/hostsdeny -- NOTE: new dependancy 'ed'. Switched to use 'ed' across all platforms to ensure permissions are the same before and after a ban - - closes gh-266 + closes gh-266. hostsdeny supports daemon_list now too. - New Features: Daniel Black & ykimon * filter.d/3proxy.conf -- filter added diff --git a/README.Solaris b/README.Solaris index 10a5f88c..6a3335d7 100644 --- a/README.Solaris +++ b/README.Solaris @@ -99,7 +99,7 @@ REQ: Create /etc/fail2ban/jail.local containing: enabled = true filter = sshd -action = hostsdeny +action = hostsdeny[sshd] sendmail-whois[name=SSH, dest=you@example.com] ignoreregex = for myuser from logpath = /var/adm/auth.log @@ -136,6 +136,4 @@ GOTCHAS AND FIXMES * Fail2ban adds lines like these to /etc/hosts.deny: - ALL: 1.2.3.4 - - wouldn't it be better to just block sshd? + sshd: 1.2.3.4 diff --git a/config/action.d/hostsdeny.conf b/config/action.d/hostsdeny.conf index 36e34948..d74f498d 100644 --- a/config/action.d/hostsdeny.conf +++ b/config/action.d/hostsdeny.conf @@ -1,6 +1,7 @@ # Fail2Ban configuration file # # Author: Cyril Jaquier +# Edited for cross platform by: James Stout, Yaroslav Halchenko and Daniel Black # # @@ -31,7 +32,7 @@ actioncheck = # Values: CMD # actionban = IP= && - printf %%b "ALL: $IP\n" >> + printf %%b ": $IP\n" >> # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the @@ -39,7 +40,7 @@ actionban = IP= && # Tags: See jail.conf(5) man page # Values: CMD # -actionunban = echo "/ALL: $/
d
w
q" | ed +actionunban = echo "/^: $/
d
w
q" | ed [Init] @@ -48,3 +49,9 @@ actionunban = echo "/ALL: $/
d
w
q" | ed # Values: STR Default: /etc/hosts.deny # file = /etc/hosts.deny + +# Option: daemon_list +# Notes: The list of services that this action will deny. See the man page +# for hosts.deny/hosts_access. Default is all services. +# Values: STR Default: ALL +daemon_list = ALL diff --git a/config/jail.conf b/config/jail.conf index e3b92038..ccc1ae9a 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -103,7 +103,7 @@ logpath = /root/path/to/assp/logs/maillog.txt enabled = false filter = sshd -action = hostsdeny +action = hostsdeny[daemon_list=sshd] sendmail-whois[name=SSH, dest=you@example.com] ignoreregex = for myuser from logpath = /var/log/sshd.log From 6e4b1441644c2399a30c6cc311a52d79a5f22d83 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Sun, 14 Jul 2013 21:43:14 +1000 Subject: [PATCH 2/2] DOC: fix for README.Solaris. Thanks Steven. --- README.Solaris | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.Solaris b/README.Solaris index 6a3335d7..5157c099 100644 --- a/README.Solaris +++ b/README.Solaris @@ -99,7 +99,7 @@ REQ: Create /etc/fail2ban/jail.local containing: enabled = true filter = sshd -action = hostsdeny[sshd] +action = hostsdeny[daemon_list=sshd] sendmail-whois[name=SSH, dest=you@example.com] ignoreregex = for myuser from logpath = /var/adm/auth.log