github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

removing patches from dpatch system since they are in branches now

pull/3/head
Yaroslav Halchenko 2008-02-08 00:45:23 -05:00
parent 996da9a3f0
commit a832ede291
7 changed files with 0 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
debian/patches/00_mail-whois-lines.dpatch vendored
View File

@ -1,55 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_mail-whois-lines.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: New action which mails not only whois but the result of grep using the
## DP: abuser IP over the log files
@DPATCH@
diff -urNad trunk~/config/action.d/mail-whois-lines.conf trunk/config/action.d/mail-whois-lines.conf
--- trunk~/config/action.d/mail-whois-lines.conf 2007-08-14 19:12:48.000000000 -0400
+++ trunk/config/action.d/mail-whois-lines.conf 2007-08-14 19:24:17.000000000 -0400
@@ -7,7 +7,7 @@
[Definition]
-# Option: fwstart
+# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
@@ -16,7 +16,7 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
-# Option: fwend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
@@ -25,13 +25,13 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
-# Option: fwcheck
-# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
-# Option: fwban
+# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
@@ -50,7 +50,7 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
-# Option: fwunban
+# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address

79
debian/patches/00_named_refused.dpatch vendored
View File

@ -1,79 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_named_refused.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad trunk~/config/filter.d/named-refused.conf trunk/config/filter.d/named-refused.conf
--- trunk~/config/filter.d/named-refused.conf 2007-08-14 19:42:35.000000000 -0400
+++ trunk/config/filter.d/named-refused.conf 2007-08-17 12:36:28.000000000 -0400
@@ -9,10 +9,8 @@
[Definition]
-# if you want to catch only login erros from specific daemons, use smth like
-#_named_rcodes=(?:REFUSED|SERVFAIL)
-# To catch all REFUSED queries only
-_named_rcodes=REFUSED
+#
+# Daemon name
_daemon=named
#
@@ -28,7 +26,6 @@
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT
#
-failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
- %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
+failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
diff -urNad trunk~/config/filter.d/named-refused.examples trunk/config/filter.d/named-refused.examples
--- trunk~/config/filter.d/named-refused.examples 1969-12-31 19:00:00.000000000 -0500
+++ trunk/config/filter.d/named-refused.examples 2007-08-17 12:36:00.000000000 -0400
@@ -0,0 +1,5 @@
+Jul 24 14:16:55 raid5 named[3935]: client 194.145.196.18#4795: query 'ricreig.com/NS/IN' denied
+Jul 24 14:16:56 raid5 named[3935]: client 62.123.164.113#32768: query 'ricreig.com/NS/IN' denied
+Jul 24 14:17:13 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'geo-mueller.de/NS/IN' denied
+Jul 24 14:20:25 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'shivaree.de/NS/IN' denied
+Jul 24 14:23:36 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'mietberatung.de/NS/IN' denied
diff -urNad trunk~/config/jail.conf trunk/config/jail.conf
--- trunk~/config/jail.conf 2007-08-14 19:12:48.000000000 -0400
+++ trunk/config/jail.conf 2007-08-17 12:36:00.000000000 -0400
@@ -170,13 +170,13 @@
# with bind9 installation. You will need something like this:
#
# logging {
-# channel lame-servers_file {
-# file "/var/log/named/lame-servers.log" versions 3 size 30m;
+# channel security_file {
+# file "/var/log/named/security.log" versions 3 size 30m;
# severity dynamic;
# print-time yes;
# };
-# category lame-servers {
-# lame-servers_file;
+# category security {
+# security_file;
# };
# }
#
@@ -189,7 +189,7 @@
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
sendmail-whois[name=Named, dest=you@mail.com]
-logpath = /var/log/named/lame-servers.log
+logpath = /var/log/named/security.log
ignoreip = 168.192.0.1
# This jail blocks TCP traffic for DNS requests.
@@ -200,6 +200,6 @@
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
sendmail-whois[name=Named, dest=you@mail.com]
-logpath = /var/log/named/lame-servers.log
+logpath = /var/log/named/security.log
ignoreip = 168.192.0.1

47
debian/patches/00_pam_generic.dpatch vendored
View File

@ -1,47 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_pam_generic.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Filter and examples for a filter generic for any login errors reported with pam_unix.so
@DPATCH@
diff -urNad trunk~/config/filter.d/pam-generic.conf trunk/config/filter.d/pam-generic.conf
--- trunk~/config/filter.d/pam-generic.conf 1969-12-31 19:00:00.000000000 -0500
+++ trunk/config/filter.d/pam-generic.conf 2007-07-24 13:25:12.000000000 -0400
@@ -0,0 +1,25 @@
+# Fail2Ban configuration file for generic PAM authentication errors
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: $
+#
+
+[Definition]
+
+# if you want to catch only login erros from specific daemons, use smth like
+#_ttys_re=(?:ssh|pure-ftpd|ftp)
+# To catch all failed logins
+_ttys_re=\S*
+
+#
+# Shortcuts for easier comprehension of the failregex
+__pid_re=(?:\[\d+\])
+__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
+__pam_combs_re=(?:%(__pid_re)s?:\s+%(__pam_re)s|%(__pam_re)s%(__pid_re)s?:)
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT
+#
+failregex = \s\S+ \S+%(__pam_combs_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
diff -urNad trunk~/config/filter.d/pam-generic.examples trunk/config/filter.d/pam-generic.examples
--- trunk~/config/filter.d/pam-generic.examples 1969-12-31 19:00:00.000000000 -0500
+++ trunk/config/filter.d/pam-generic.examples 2007-07-24 13:24:49.000000000 -0400
@@ -0,0 +1,7 @@
+Feb 7 15:10:42 example pure-ftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=sample-user rhost=192.168.1.1
+May 12 09:47:54 vaio sshd[16004]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com user=root
+May 12 09:48:03 vaio sshd[16021]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com
+May 15 18:02:12 localhost proftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=66.232.129.62 user=mark
+Nov 25 17:12:13 webmail pop(pam_unix)[4920]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.10.3 user=mailuser
+Jul 19 18:11:26 srv2 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com
+Jul 19 18:11:26 srv2 vsftpd: pam_unix: authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com

33
debian/patches/00_ssh_strong_re.dpatch vendored
View File

@ -1,33 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_ssh_strong_re.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban~/config/filter.d/sshd.examples fail2ban/config/filter.d/sshd.examples
--- fail2ban~/config/filter.d/sshd.examples 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban/config/filter.d/sshd.examples 2007-11-23 08:59:47.000000000 -0500
@@ -0,0 +1,22 @@
+#1
+Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6
+May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from www.onerussian.com
+
+#2
+Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.69 port 50273 ssh2
+Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.70 port 12345
+
+#3
+Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4
+Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM ::ffff:1.2.3.4
+
+#4
+Jul 20 14:42:11 localhost sshd[22708]: Invalid user ftp from 211.114.51.213
+
+
+#5 new filter introduced after looking at 44087D8C.9090407@bluewin.ch
+Mar 3 00:17:22 [sshd] User root from 210.188.220.49 not allowed because not listed in AllowUsers
+Feb 25 14:34:11 belka sshd[31607]: User root from ferrari.inescn.pt not allowed because not listed in AllowUsers
+
+#6 ew filter introduced thanks to report Guido Bozzetto <reportbug@G-B.it>
+Nov 11 23:33:27 Server sshd[5174]: refused connect from _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161 (::ffff:218.249.210.161)

20
debian/patches/00_var_run_socket.dpatch vendored
View File

@ -1,20 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_var_run_socket.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: to close 425746: move socket under /var/run
@DPATCH@
diff -urNad trunk~/config/fail2ban.conf trunk/config/fail2ban.conf
--- trunk~/config/fail2ban.conf 2007-05-05 21:30:21.000000000 -0400
+++ trunk/config/fail2ban.conf 2007-07-03 18:21:52.000000000 -0400
@@ -28,7 +28,7 @@
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
# communicate with the server afterwards.
-# Values: FILE Default: /tmp/fail2ban.sock
+# Values: FILE Default: /var/run/fail2ban.sock
#
-socket = /tmp/fail2ban.sock
+socket = /var/run/fail2ban.sock

6
debian/patches/00list vendored
View File

@ -1,6 +0,0 @@
00_mail-whois-lines
00_var_run_socket
10_dbts_manpages
00_ssh_strong_re
00_pam_generic
00_named_refused

33
debian/patches/10_dbts_manpages.dpatch vendored
View File

@ -1,33 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_dbts_manpages.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.3~/man/fail2ban-client.1 fail2ban-0.7.3/man/fail2ban-client.1
--- fail2ban-0.7.3~/man/fail2ban-client.1 2006-09-28 15:34:06.000000000 -0400
+++ fail2ban-0.7.3/man/fail2ban-client.1 2006-09-28 22:58:38.000000000 -0400
@@ -82,7 +82,8 @@
Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
.SH "REPORTING BUGS"
-Report bugs to <lostcontrol@users.sourceforge.net>
+Please report bugs via Debian bug tracking system
+http://www.debian.org/Bugs/.
.SH COPYRIGHT
Copyright \(co 2004-2006 Cyril Jaquier
.br
diff -urNad fail2ban-0.7.3~/man/fail2ban-server.1 fail2ban-0.7.3/man/fail2ban-server.1
--- fail2ban-0.7.3~/man/fail2ban-server.1 2006-09-28 15:34:06.000000000 -0400
+++ fail2ban-0.7.3/man/fail2ban-server.1 2006-09-28 22:59:25.000000000 -0400
@@ -33,7 +33,8 @@
Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
.SH "REPORTING BUGS"
-Report bugs to <lostcontrol@users.sourceforge.net>
+Please report bugs via Debian bug tracking system
+http://www.debian.org/Bugs/.
.SH COPYRIGHT
Copyright \(co 2004-2006 Cyril Jaquier
.br