BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232

It should be robust since /var/run/fail2ban is guaranteed to exist to carry the socket file, and it will be owned by root (or some other dedicated fail2ban user) thus avoiding possibility for the exploit git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-03-23 20:35:56 +00:00 · 2011-03-23 20:35:56 +00:00 · 638bb66523
parent 7b54c7b33b
commit 638bb66523
4 changed files with 4 additions and 4 deletions
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@ -206,5 +206,5 @@ dest = reports@dshield.org
 # Notes.:  Base name of temporary files used for buffering
 # Values:  [ STRING ]  Default: /tmp/fail2ban-dshield
 #
-tmpfile = /tmp/fail2ban-dshield
+tmpfile = /var/run/fail2ban/tmp-dshield

--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@ -81,7 +81,7 @@ lines = 5

 # Default temporary file
 #
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt

 # Destination/Addressee of the mail
 #
--- a/config/action.d/mynetwatchman.conf
+++ b/config/action.d/mynetwatchman.conf
@ -141,4 +141,4 @@ mnwurl = http://mynetwatchman.com/insertwebreport.asp
 # Notes.:  Base name of temporary files
 # Values:  [ STRING ]  Default: /tmp/fail2ban-mynetwatchman
 #
-tmpfile = /tmp/fail2ban-mynetwatchman
+tmpfile = /var/run/fail2ban/tmp-mynetwatchman
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@ -101,5 +101,5 @@ lines = 5

 # Default temporary file
 #
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt