* NEWS.Debian confusions - the latest NEWS entry and postinst message were

rephrased (Closes: #402350)
* Added mail-whois-lines action, which emails log lines containing abuser
  IP. Those lines are often required for proper abuse reports sent to the
  Internet providers.  Forwarding of such received emails to the email
  addresses of abuse departments present in the output of whois is a
  tentative solution for semi-automatic abuse reporting (Closes: #358810)

debian/changelog

@@ -1,9 +1,14 @@
 fail2ban (0.7.5-2) UNRELEASED; urgency=low
 
-  * NEWS.Debian confusions - the latest NEWS entry and postinst message
-    were rephrased (Closes: #402350)
+  * NEWS.Debian confusions - the latest NEWS entry and postinst message were
+    rephrased (Closes: #402350)
+  * Added mail-whois-lines action, which emails log lines containing abuser
+    IP. Those lines are often required for proper abuse reports sent to the
+    Internet providers.  Forwarding of such received emails to the email
+    addresses of abuse departments present in the output of whois is a
+    tentative solution for semi-automatic abuse reporting (Closes: #358810)
 
- -- Yaroslav Halchenko <debian@onerussian.com>  Sat,  9 Dec 2006 14:12:43 -0500
+ -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 10 Dec 2006 18:29:23 -0500
 
 fail2ban (0.7.5-1) unstable; urgency=low
 

debian/jail.conf

@@ -36,20 +36,27 @@ destemail = root@localhost
 # Default action to take: ban only
 action = iptables[name=%(__name__)s, port=%(port)s]
 
-# Default action to take: ban & send an e-mail with whois report
-# to the destemail. Copy/paste+uncomment next 2 lines into jail.local
-# to activate
-#action = iptables[name=%(__name__)s, port=%(port)s]
-#		  mail-whois[name=%(__name__)s, dest=%(destemail)s]
+# Following actions can be chosen as an alternatives to the above action.
+# To activate, just copy/paste+uncomment chosen 2 (excluding comments) lines
+# into jail.local
+
+# Default action to take: ban & send an e-mail with whois report
+# to the destemail.
+# action = iptables[name=%(__name__)s, port=%(port)s]
+#          mail-whois[name=%(__name__)s, dest=%(destemail)s]
+
+# Default action to take: ban & send an e-mail with whois report 
+# and relevant log lines to the destemail.
+# action = iptables[name=%(__name__)s, port=%(port)s]
+#          mail-whois-lines[name=%(__name__)s, dest=%(destemail)s, logpath=%(logpath)s]
  
-#
 # Next jails corresponds to the standard configuration in Fail2ban 0.6
-# which was shipped in Debian. Please enable them by including
+# which was shipped in Debian. Please enable any defined here jail by including
 #
 # [SECTION_NAME]
 # enabled = true
 #
-# in /etc/fail2ban/jail.local
+# in /etc/fail2ban/jail.local.
 #
 
 [ssh]

debian/patches/00_mail-whois-lines.dpatch

@@ -0,0 +1,87 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_mail-whois-lines.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: New action which mails not only whois but the result of grep using the 
+## DP: abuser IP over the log files
+
+@DPATCH@
+diff -urNad fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf fail2ban-0.7.5/config/action.d/mail-whois-lines.conf
+--- fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf	1969-12-31 19:00:00.000000000 -0500
++++ fail2ban-0.7.5/config/action.d/mail-whois-lines.conf	2006-12-10 18:27:46.000000000 -0500
+@@ -0,0 +1,75 @@
++# Fail2Ban configuration file
++#
++# Author: Cyril Jaquier
++# Modified-By: Yaroslav Halchenko to include grepping on IP over log files
++# $Revision: 254 $
++#
++
++[Definition]
++
++# Option:  fwstart
++# Notes.:  command executed once at the start of Fail2Ban.
++# Values:  CMD
++#
++actionstart = echo -en "Hi,\n
++              The jail <name> has been started successfuly.\n
++              Regards,\n
++              Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
++
++# Option:  fwend
++# Notes.:  command executed once at the end of Fail2Ban
++# Values:  CMD
++#
++actionstop = echo -en "Hi,\n
++             The jail <name> has been stopped.\n
++             Regards,\n
++             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
++
++# Option:  fwcheck
++# Notes.:  command executed once before each fwban command
++# Values:  CMD
++#
++actioncheck = 
++
++# Option:  fwban
++# Notes.:  command executed when banning an IP. Take care that the
++#          command is executed with Fail2Ban user rights.
++# Tags:    <ip>  IP address
++#          <failures>  number of failures
++#          <failtime>  unix timestamp of the last failure
++#          <bantime>  unix timestamp of the ban time
++# Values:  CMD
++#
++actionban = echo -en "Hi,\n
++            The IP <ip> has just been banned by Fail2Ban after
++            <failures> attempts against <name>.\n\n
++            Here are more information about <ip>:\n
++            `whois <ip>`\n\n
++            Lines containing IP:<ip> in <logpath>\n
++            `grep '\<<ip>\>' <logpath>`\n\n
++            Regards,\n
++            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
++
++# Option:  fwunban
++# Notes.:  command executed when unbanning an IP. Take care that the
++#          command is executed with Fail2Ban user rights.
++# Tags:    <ip>  IP address
++#          <bantime>  unix timestamp of the ban time
++#          <unbantime>  unix timestamp of the unban time
++# Values:  CMD
++#
++actionunban = 
++
++[Init]
++
++# Defaut name of the chain
++#
++name = default
++
++# Destinataire of the mail
++#
++dest = root
++
++# Path to the log files which contain relevant lines for the abuser IP
++#
++logpath = /dev/null

debian/patches/00list

@@ -3,3 +3,4 @@ X00_rigid_python24
 00_iptables_NEW
 10_dbts_manpages
 10_wuftpd_section
+00_mail-whois-lines