From ae96eaa40cca5647f1c2567487dc8672c4b8e0e9 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Fri, 22 Dec 2006 04:54:14 +0000 Subject: [PATCH] made failregex universal for both PAM and native vsftpd logging --- debian/changelog | 2 +- debian/jail.conf | 4 ++++ debian/patches/10_vsftpd_regex.dpatch | 4 ++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 403697f7..cfa365ea 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -fail2ban (0.7.5-3~pre1) unstable; urgency=low +fail2ban (0.7.5-3~pre2) unstable; urgency=low * Fail2ban now bans vsftpd logins (corrected logfile path and failregex) (Closes: #404060) diff --git a/debian/jail.conf b/debian/jail.conf index d4a2804f..15f4ad65 100644 --- a/debian/jail.conf +++ b/debian/jail.conf @@ -98,6 +98,10 @@ enabled = false port = ftp filter = vsftpd logpath = /var/log/vsftpd.log +# or overwrite it in jails.local to be +# logpath = /var/log/auth.log +# if you want to rely on PAM failed login attempts +# vsftpd's failregex should match both of those formats maxretry = 6 diff --git a/debian/patches/10_vsftpd_regex.dpatch b/debian/patches/10_vsftpd_regex.dpatch index b2c09e28..820fb089 100755 --- a/debian/patches/10_vsftpd_regex.dpatch +++ b/debian/patches/10_vsftpd_regex.dpatch @@ -7,13 +7,13 @@ @DPATCH@ diff -urNad fail2ban-0.7.5~/config/filter.d/vsftpd.conf fail2ban-0.7.5/config/filter.d/vsftpd.conf --- fail2ban-0.7.5~/config/filter.d/vsftpd.conf 2006-11-19 16:34:49.000000000 -0500 -+++ fail2ban-0.7.5/config/filter.d/vsftpd.conf 2006-12-21 11:46:30.000000000 -0500 ++++ fail2ban-0.7.5/config/filter.d/vsftpd.conf 2006-12-21 23:50:14.000000000 -0500 @@ -13,7 +13,7 @@ # be used for standard IP/hostname matching. # Values: TEXT # -failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost= -+failregex = \[.+\] FAIL LOGIN: Client "(?P\S+)"$ ++failregex = (?:vsftpd: \(pam_unix\) authentication failure; .* rhost=|\[.+\] FAIL LOGIN: Client "")$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored.