From 938297138b4e7c84567c1507bbdd478ac28c3f76 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 27 Aug 2007 21:03:33 +0000
Subject: [PATCH] - Fixed named filter. Thanks to Yaroslav Halchenko

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@616 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG                          |  6 +++++-
 config/filter.d/named-refused.conf |  9 +++------
 config/jail.conf                   | 12 ++++++------
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 6d05c5c8..5ec92d0c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,9 +4,13 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.8.1)                           2007/08/14
+Fail2Ban (version 0.8.2)                           2007/??/??
 =============================================================
 
+ver. 0.8.2 (2007/??/??) - stable
+----------
+- Fixed named filter. Thanks to Yaroslav Halchenko
+
 ver. 0.8.1 (2007/08/14) - stable
 ----------
 - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
diff --git a/config/filter.d/named-refused.conf b/config/filter.d/named-refused.conf
index d70e8732..74014644 100644
--- a/config/filter.d/named-refused.conf
+++ b/config/filter.d/named-refused.conf
@@ -9,10 +9,8 @@
 
 [Definition]
 
-# if you want to catch only login erros from specific daemons, use smth like
-#_named_rcodes=(?:REFUSED|SERVFAIL)
-# To catch all REFUSED queries only
-_named_rcodes=REFUSED
+# 
+# Daemon name
 _daemon=named
 
 #
@@ -28,7 +26,6 @@ __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT
 #
-failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
-		    %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
+failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
 
 
diff --git a/config/jail.conf b/config/jail.conf
index d61e7b6f..fbd10481 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -170,13 +170,13 @@ ignoreip = 168.192.0.1
 # with bind9 installation. You will need something like this:
 #
 # logging {
-#     channel lame-servers_file {
-#         file "/var/log/named/lame-servers.log" versions 3 size 30m;
+#     channel security_file {
+#         file "/var/log/named/security.log" versions 3 size 30m;
 #         severity dynamic;
 #         print-time yes;
 #     };
-#     category lame-servers {
-#         lame-servers_file;
+#     category security {
+#         security_file;
 #     };
 # }
 #
@@ -189,7 +189,7 @@ enabled  = false
 filter   = named-refused
 action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
            sendmail-whois[name=Named, dest=you@mail.com]
-logpath  = /var/log/named/lame-servers.log
+logpath  = /var/log/named/security.log
 ignoreip = 168.192.0.1
 
 # This jail blocks TCP traffic for DNS requests.
@@ -200,6 +200,6 @@ enabled  = false
 filter   = named-refused
 action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
            sendmail-whois[name=Named, dest=you@mail.com]
-logpath  = /var/log/named/lame-servers.log
+logpath  = /var/log/named/security.log
 ignoreip = 168.192.0.1