github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

- Fixed named filter. Thanks to Yaroslav Halchenko 

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@616 a942ae1a-1317-0410-a47c-b1dcaea8d605
_tent/ipv6_via_aInfo
Cyril Jaquier 2007-08-27 21:03:33 +00:00
parent e40468dfd3
commit 938297138b
3 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG
View File

@ -4,9 +4,13 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_| |_| \__,_|_|_/___|_.__/\__,_|_||_|
============================================================= =============================================================
Fail2Ban (version 0.8.1) 2007/08/14 Fail2Ban (version 0.8.2) 2007/??/??
============================================================= =============================================================
ver. 0.8.2 (2007/??/??) - stable
----------
- Fixed named filter. Thanks to Yaroslav Halchenko
ver. 0.8.1 (2007/08/14) - stable ver. 0.8.1 (2007/08/14) - stable
---------- ----------
- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid

9
config/filter.d/named-refused.conf
View File

@ -9,10 +9,8 @@
[Definition] [Definition]
# if you want to catch only login erros from specific daemons, use smth like #
#_named_rcodes=(?:REFUSED|SERVFAIL) # Daemon name
# To catch all REFUSED queries only
_named_rcodes=REFUSED
_daemon=named _daemon=named
# #
@ -28,7 +26,6 @@ __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
# Notes.: regex to match the password failures messages in the logfile. # Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT # Values: TEXT
# #
failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$ failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
%(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$

12
config/jail.conf
View File

@ -170,13 +170,13 @@ ignoreip = 168.192.0.1
# with bind9 installation. You will need something like this: # with bind9 installation. You will need something like this:
# #
# logging { # logging {
# channel lame-servers_file { # channel security_file {
# file "/var/log/named/lame-servers.log" versions 3 size 30m; # file "/var/log/named/security.log" versions 3 size 30m;
# severity dynamic; # severity dynamic;
# print-time yes; # print-time yes;
# }; # };
# category lame-servers { # category security {
# lame-servers_file; # security_file;
# }; # };
# } # }
# #
@ -189,7 +189,7 @@ enabled = false
filter = named-refused filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=udp] action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
sendmail-whois[name=Named, dest=you@mail.com] sendmail-whois[name=Named, dest=you@mail.com]
logpath = /var/log/named/lame-servers.log logpath = /var/log/named/security.log
ignoreip = 168.192.0.1 ignoreip = 168.192.0.1
# This jail blocks TCP traffic for DNS requests. # This jail blocks TCP traffic for DNS requests.
@ -200,6 +200,6 @@ enabled = false
filter = named-refused filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp] action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
sendmail-whois[name=Named, dest=you@mail.com] sendmail-whois[name=Named, dest=you@mail.com]
logpath = /var/log/named/lame-servers.log logpath = /var/log/named/security.log
ignoreip = 168.192.0.1 ignoreip = 168.192.0.1