mirror of https://github.com/fail2ban/fail2ban
Merge branches 'debian', 'deb/specifics', 'up/0.9-0.8', 'up/apache_noscript_extend', 'up/ipmasq', 'up/log_examples', 'up/mail_whois_lines', 'up/named_refused_fixed', 'up/pam_generic', 'up/proftpd_fix+extend', 'up/sshd_refused_connect' and 'up/vsftpd_optional_user' into build
* debian: Confirms to policy 3.7.3 (no changes) Bye Bye dpatch: now everything is handled in git branches removing patches from dpatch system since they are in branches now added a comment to README.Debian and to the list of examples for ipmasq example file Fixed == bashism (Closes: #464647). Thanks Raphael Geisser * deb/specifics: slight tune ups in upstream sources destined only for debian are kept in this branch * up/0.9-0.8: * up/apache_noscript_extend: Extended apache-noscript filter with more file extensions and to react to "script not found or unable to stat" log message (closes: #456565). Thanks Tim Connors * up/ipmasq: Added ipmasq rule file to restart fail2ban when iptables are wiped out (closes: #461417). Thanks Guido Bozzetto * up/log_examples: up/log_examples: moved vsftpd log from up/vsftpd_optional_user added examples of log lines (for named-refused, pam-generic, sshd) under files/logs for easy testing * up/mail_whois_lines: mail-whois-lines: moved fix for proper names from dpatch * up/named_refused_fixed: named_refused: moved fix for proper config+filters from dpatch * up/pam_generic: added pam-generic from dpatch * up/proftpd_fix+extend: Fix/extension of proftpd failrexes (Closes: #461412). Thanks Guido Bozzetto * up/sshd_refused_connect: * up/vsftpd_optional_user: up/vsftpd_optional_user: moving examples into up/examples branch BF: vsftp anchoringdebian-releases/squeeze
parent
24d8b44c2a
fc3a57b6c1
5f30cb0898
2d8df22cf1
af81bac456
9907401483
1da878481f
a9ee3c0b47
86072e3d55
af29b27693
5c5c07fed6
commit
b8d97d0983
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
[Definition]
|
[Definition]
|
||||||
|
|
||||||
# Option: fwstart
|
# Option: actionstart
|
||||||
# Notes.: command executed once at the start of Fail2Ban.
|
# Notes.: command executed once at the start of Fail2Ban.
|
||||||
# Values: CMD
|
# Values: CMD
|
||||||
#
|
#
|
||||||
|
@ -16,7 +16,7 @@ actionstart = echo -en "Hi,\n
|
||||||
Regards,\n
|
Regards,\n
|
||||||
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
|
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
|
||||||
|
|
||||||
# Option: fwend
|
# Option: actionstop
|
||||||
# Notes.: command executed once at the end of Fail2Ban
|
# Notes.: command executed once at the end of Fail2Ban
|
||||||
# Values: CMD
|
# Values: CMD
|
||||||
#
|
#
|
||||||
|
@ -25,13 +25,13 @@ actionstop = echo -en "Hi,\n
|
||||||
Regards,\n
|
Regards,\n
|
||||||
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
|
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
|
||||||
|
|
||||||
# Option: fwcheck
|
# Option: actioncheck
|
||||||
# Notes.: command executed once before each fwban command
|
# Notes.: command executed once before each actionban command
|
||||||
# Values: CMD
|
# Values: CMD
|
||||||
#
|
#
|
||||||
actioncheck =
|
actioncheck =
|
||||||
|
|
||||||
# Option: fwban
|
# Option: actionban
|
||||||
# Notes.: command executed when banning an IP. Take care that the
|
# Notes.: command executed when banning an IP. Take care that the
|
||||||
# command is executed with Fail2Ban user rights.
|
# command is executed with Fail2Ban user rights.
|
||||||
# Tags: <ip> IP address
|
# Tags: <ip> IP address
|
||||||
|
@ -50,7 +50,7 @@ actionban = echo -en "Hi,\n
|
||||||
Regards,\n
|
Regards,\n
|
||||||
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
|
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
|
||||||
|
|
||||||
# Option: fwunban
|
# Option: actionunban
|
||||||
# Notes.: command executed when unbanning an IP. Take care that the
|
# Notes.: command executed when unbanning an IP. Take care that the
|
||||||
# command is executed with Fail2Ban user rights.
|
# command is executed with Fail2Ban user rights.
|
||||||
# Tags: <ip> IP address
|
# Tags: <ip> IP address
|
||||||
|
|
|
@ -28,7 +28,7 @@ logtarget = /var/log/fail2ban.log
|
||||||
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
|
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
|
||||||
# not remove this file when Fail2ban runs. It will not be possible to
|
# not remove this file when Fail2ban runs. It will not be possible to
|
||||||
# communicate with the server afterwards.
|
# communicate with the server afterwards.
|
||||||
# Values: FILE Default: /tmp/fail2ban.sock
|
# Values: FILE Default: /var/run/fail2ban.sock
|
||||||
#
|
#
|
||||||
socket = /tmp/fail2ban.sock
|
socket = /var/run/fail2ban.sock
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
# (?:::f{4,6}:)?(?P<host>\S+)
|
# (?:::f{4,6}:)?(?P<host>\S+)
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = [[]client <HOST>[]] File does not exist: .*(\.php|\.asp)
|
failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*(\.php|\.asp|\.exe|\.pl)
|
||||||
|
|
||||||
# Option: ignoreregex
|
# Option: ignoreregex
|
||||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
|
|
@ -9,10 +9,8 @@
|
||||||
|
|
||||||
[Definition]
|
[Definition]
|
||||||
|
|
||||||
# if you want to catch only login erros from specific daemons, use smth like
|
#
|
||||||
#_named_rcodes=(?:REFUSED|SERVFAIL)
|
# Daemon name
|
||||||
# To catch all REFUSED queries only
|
|
||||||
_named_rcodes=REFUSED
|
|
||||||
_daemon=named
|
_daemon=named
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -28,7 +26,6 @@ __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
|
||||||
# Notes.: regex to match the password failures messages in the logfile.
|
# Notes.: regex to match the password failures messages in the logfile.
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
|
failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
|
||||||
%(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
# Fail2Ban configuration file for generic PAM authentication errors
|
||||||
|
#
|
||||||
|
# Author: Yaroslav Halchenko
|
||||||
|
#
|
||||||
|
# $Revision: $
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# if you want to catch only login erros from specific daemons, use smth like
|
||||||
|
#_ttys_re=(?:ssh|pure-ftpd|ftp)
|
||||||
|
# To catch all failed logins
|
||||||
|
_ttys_re=\S*
|
||||||
|
|
||||||
|
#
|
||||||
|
# Shortcuts for easier comprehension of the failregex
|
||||||
|
__pid_re=(?:\[\d+\])
|
||||||
|
__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
|
||||||
|
__pam_combs_re=(?:%(__pid_re)s?:\s+%(__pam_re)s|%(__pam_re)s%(__pid_re)s?:)
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
failregex = \s\S+ \S+%(__pam_combs_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
|
|
@ -14,8 +14,10 @@
|
||||||
# (?:::f{4,6}:)?(?P<host>\S+)
|
# (?:::f{4,6}:)?(?P<host>\S+)
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
|
failregex = \(\S+\[<HOST>\]\): USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$
|
||||||
\(\S*\[<HOST>\]\) - USER \S+ \(Login failed\): Incorrect password.$
|
\(\S+\[<HOST>\]\): USER \S+ \(Login failed\): Incorrect password\.$
|
||||||
|
\(\S+\[<HOST>\]\): SECURITY VIOLATION: \S+ login attempted\.$
|
||||||
|
\(\S+\[<HOST>\]\): Maximum login attempts \(\d+\) exceeded$
|
||||||
|
|
||||||
# Option: ignoreregex
|
# Option: ignoreregex
|
||||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
# (?:::f{4,6}:)?(?P<host>\S+)
|
# (?:::f{4,6}:)?(?P<host>\S+)
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>\s*$
|
failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$
|
||||||
\[.+\] FAIL LOGIN: Client "<HOST>"\s*$
|
\[.+\] FAIL LOGIN: Client "<HOST>"\s*$
|
||||||
|
|
||||||
# Option: ignoreregex
|
# Option: ignoreregex
|
||||||
|
|
|
@ -170,13 +170,13 @@ ignoreip = 168.192.0.1
|
||||||
# with bind9 installation. You will need something like this:
|
# with bind9 installation. You will need something like this:
|
||||||
#
|
#
|
||||||
# logging {
|
# logging {
|
||||||
# channel lame-servers_file {
|
# channel security_file {
|
||||||
# file "/var/log/named/lame-servers.log" versions 3 size 30m;
|
# file "/var/log/named/security.log" versions 3 size 30m;
|
||||||
# severity dynamic;
|
# severity dynamic;
|
||||||
# print-time yes;
|
# print-time yes;
|
||||||
# };
|
# };
|
||||||
# category lame-servers {
|
# category security {
|
||||||
# lame-servers_file;
|
# security_file;
|
||||||
# };
|
# };
|
||||||
# }
|
# }
|
||||||
#
|
#
|
||||||
|
@ -189,7 +189,7 @@ enabled = false
|
||||||
filter = named-refused
|
filter = named-refused
|
||||||
action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
|
action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
|
||||||
sendmail-whois[name=Named, dest=you@mail.com]
|
sendmail-whois[name=Named, dest=you@mail.com]
|
||||||
logpath = /var/log/named/lame-servers.log
|
logpath = /var/log/named/security.log
|
||||||
ignoreip = 168.192.0.1
|
ignoreip = 168.192.0.1
|
||||||
|
|
||||||
# This jail blocks TCP traffic for DNS requests.
|
# This jail blocks TCP traffic for DNS requests.
|
||||||
|
@ -200,6 +200,6 @@ enabled = false
|
||||||
filter = named-refused
|
filter = named-refused
|
||||||
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
|
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
|
||||||
sendmail-whois[name=Named, dest=you@mail.com]
|
sendmail-whois[name=Named, dest=you@mail.com]
|
||||||
logpath = /var/log/named/lame-servers.log
|
logpath = /var/log/named/security.log
|
||||||
ignoreip = 168.192.0.1
|
ignoreip = 168.192.0.1
|
||||||
|
|
||||||
|
|
|
@ -107,6 +107,16 @@ banaction=iptables-new
|
||||||
Also you can redefine the whole action parameter if you like.
|
Also you can redefine the whole action parameter if you like.
|
||||||
|
|
||||||
|
|
||||||
|
* Interaction with ipmasq
|
||||||
|
Comment to #461417
|
||||||
|
|
||||||
|
Although fail2ban should detect and recreate missing chains if the external
|
||||||
|
command wipes out iptables, it is better to explicitely to force-reload
|
||||||
|
fail2ban. For this reason there is examples/ipmasq-ZZZzzz|fail2ban.rul file is
|
||||||
|
shipped along to be installed under name ZZZzzz|fail2ban.rul within
|
||||||
|
/etc/ipmasq.
|
||||||
|
|
||||||
|
|
||||||
Troubleshooting:
|
Troubleshooting:
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
|
|
|
@ -2,13 +2,13 @@ Source: fail2ban
|
||||||
Section: net
|
Section: net
|
||||||
Priority: optional
|
Priority: optional
|
||||||
Maintainer: Yaroslav Halchenko <debian@onerussian.com>
|
Maintainer: Yaroslav Halchenko <debian@onerussian.com>
|
||||||
Build-Depends: debhelper (>= 5.0.37.2), dpatch, python
|
Build-Depends: debhelper (>= 5.0.37.2), python
|
||||||
Build-Depends-Indep: python-central (>= 0.5.6)
|
Build-Depends-Indep: python-central (>= 0.5.6)
|
||||||
XS-Python-Version: current, >= 2.4
|
XS-Python-Version: current, >= 2.4
|
||||||
Homepage: http://www.fail2ban.org
|
Homepage: http://www.fail2ban.org
|
||||||
Vcs-Browser: http://git.onerussian.com/?p=fail2ban
|
Vcs-Browser: http://git.onerussian.com/?p=fail2ban
|
||||||
Vcs-git: http://git.onerussian.com/vcs/fail2ban
|
Vcs-git: http://git.onerussian.com/vcs/fail2ban
|
||||||
Standards-Version: 3.7.2
|
Standards-Version: 3.7.3
|
||||||
|
|
||||||
|
|
||||||
Package: fail2ban
|
Package: fail2ban
|
||||||
|
|
|
@ -94,7 +94,7 @@ do_start()
|
||||||
|
|
||||||
if [ -e "$SOCKFILE" ]; then
|
if [ -e "$SOCKFILE" ]; then
|
||||||
log_failure_msg "Socket file $SOCKFILE is present"
|
log_failure_msg "Socket file $SOCKFILE is present"
|
||||||
[ "$1" == "force-start" ] \
|
[ "$1" = "force-start" ] \
|
||||||
&& log_success_msg "Starting anyway as requested" \
|
&& log_success_msg "Starting anyway as requested" \
|
||||||
|| return 2
|
|| return 2
|
||||||
DAEMON_ARGS="$DAEMON_ARGS -x"
|
DAEMON_ARGS="$DAEMON_ARGS -x"
|
||||||
|
|
|
@ -1,55 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 00_mail-whois-lines.dpatch by Yaroslav Halchenko <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: New action which mails not only whois but the result of grep using the
|
|
||||||
## DP: abuser IP over the log files
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad trunk~/config/action.d/mail-whois-lines.conf trunk/config/action.d/mail-whois-lines.conf
|
|
||||||
--- trunk~/config/action.d/mail-whois-lines.conf 2007-08-14 19:12:48.000000000 -0400
|
|
||||||
+++ trunk/config/action.d/mail-whois-lines.conf 2007-08-14 19:24:17.000000000 -0400
|
|
||||||
@@ -7,7 +7,7 @@
|
|
||||||
|
|
||||||
[Definition]
|
|
||||||
|
|
||||||
-# Option: fwstart
|
|
||||||
+# Option: actionstart
|
|
||||||
# Notes.: command executed once at the start of Fail2Ban.
|
|
||||||
# Values: CMD
|
|
||||||
#
|
|
||||||
@@ -16,7 +16,7 @@
|
|
||||||
Regards,\n
|
|
||||||
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
|
|
||||||
|
|
||||||
-# Option: fwend
|
|
||||||
+# Option: actionstop
|
|
||||||
# Notes.: command executed once at the end of Fail2Ban
|
|
||||||
# Values: CMD
|
|
||||||
#
|
|
||||||
@@ -25,13 +25,13 @@
|
|
||||||
Regards,\n
|
|
||||||
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
|
|
||||||
|
|
||||||
-# Option: fwcheck
|
|
||||||
-# Notes.: command executed once before each fwban command
|
|
||||||
+# Option: actioncheck
|
|
||||||
+# Notes.: command executed once before each actionban command
|
|
||||||
# Values: CMD
|
|
||||||
#
|
|
||||||
actioncheck =
|
|
||||||
|
|
||||||
-# Option: fwban
|
|
||||||
+# Option: actionban
|
|
||||||
# Notes.: command executed when banning an IP. Take care that the
|
|
||||||
# command is executed with Fail2Ban user rights.
|
|
||||||
# Tags: <ip> IP address
|
|
||||||
@@ -50,7 +50,7 @@
|
|
||||||
Regards,\n
|
|
||||||
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
|
|
||||||
|
|
||||||
-# Option: fwunban
|
|
||||||
+# Option: actionunban
|
|
||||||
# Notes.: command executed when unbanning an IP. Take care that the
|
|
||||||
# command is executed with Fail2Ban user rights.
|
|
||||||
# Tags: <ip> IP address
|
|
|
@ -1,23 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 00_named_logtimeformat.dpatch by Yaroslav Halchenko <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: No description.
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad trunk~/server/datedetector.py trunk/server/datedetector.py
|
|
||||||
--- trunk~/server/datedetector.py 2007-04-01 16:42:08.000000000 -0400
|
|
||||||
+++ trunk/server/datedetector.py 2007-07-29 22:28:52.000000000 -0400
|
|
||||||
@@ -80,6 +80,12 @@
|
|
||||||
template.setRegex("\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}")
|
|
||||||
template.setPattern("%Y-%m-%d %H:%M:%S")
|
|
||||||
self.__templates.append(template)
|
|
||||||
+ # named 26-Jul-2007 15:20:52.252
|
|
||||||
+ template = DateStrptime()
|
|
||||||
+ template.setName("Day-Month-Year Hour:Minute:Second[.Millisecond]")
|
|
||||||
+ template.setRegex("\d{2}-\S{3}-\d{4} \d{2}:\d{2}:\d{2}")
|
|
||||||
+ template.setPattern("%d-%b-%Y %H:%M:%S")
|
|
||||||
+ self.__templates.append(template)
|
|
||||||
# TAI64N
|
|
||||||
template = DateTai64n()
|
|
||||||
template.setName("TAI64N")
|
|
|
@ -1,79 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 00_named_refused.dpatch by Yaroslav Halchenko <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: No description.
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad trunk~/config/filter.d/named-refused.conf trunk/config/filter.d/named-refused.conf
|
|
||||||
--- trunk~/config/filter.d/named-refused.conf 2007-08-14 19:42:35.000000000 -0400
|
|
||||||
+++ trunk/config/filter.d/named-refused.conf 2007-08-17 12:36:28.000000000 -0400
|
|
||||||
@@ -9,10 +9,8 @@
|
|
||||||
|
|
||||||
[Definition]
|
|
||||||
|
|
||||||
-# if you want to catch only login erros from specific daemons, use smth like
|
|
||||||
-#_named_rcodes=(?:REFUSED|SERVFAIL)
|
|
||||||
-# To catch all REFUSED queries only
|
|
||||||
-_named_rcodes=REFUSED
|
|
||||||
+#
|
|
||||||
+# Daemon name
|
|
||||||
_daemon=named
|
|
||||||
|
|
||||||
#
|
|
||||||
@@ -28,7 +26,6 @@
|
|
||||||
# Notes.: regex to match the password failures messages in the logfile.
|
|
||||||
# Values: TEXT
|
|
||||||
#
|
|
||||||
-failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
|
|
||||||
- %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
|
|
||||||
+failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
|
|
||||||
|
|
||||||
|
|
||||||
diff -urNad trunk~/config/filter.d/named-refused.examples trunk/config/filter.d/named-refused.examples
|
|
||||||
--- trunk~/config/filter.d/named-refused.examples 1969-12-31 19:00:00.000000000 -0500
|
|
||||||
+++ trunk/config/filter.d/named-refused.examples 2007-08-17 12:36:00.000000000 -0400
|
|
||||||
@@ -0,0 +1,5 @@
|
|
||||||
+Jul 24 14:16:55 raid5 named[3935]: client 194.145.196.18#4795: query 'ricreig.com/NS/IN' denied
|
|
||||||
+Jul 24 14:16:56 raid5 named[3935]: client 62.123.164.113#32768: query 'ricreig.com/NS/IN' denied
|
|
||||||
+Jul 24 14:17:13 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'geo-mueller.de/NS/IN' denied
|
|
||||||
+Jul 24 14:20:25 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'shivaree.de/NS/IN' denied
|
|
||||||
+Jul 24 14:23:36 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'mietberatung.de/NS/IN' denied
|
|
||||||
diff -urNad trunk~/config/jail.conf trunk/config/jail.conf
|
|
||||||
--- trunk~/config/jail.conf 2007-08-14 19:12:48.000000000 -0400
|
|
||||||
+++ trunk/config/jail.conf 2007-08-17 12:36:00.000000000 -0400
|
|
||||||
@@ -170,13 +170,13 @@
|
|
||||||
# with bind9 installation. You will need something like this:
|
|
||||||
#
|
|
||||||
# logging {
|
|
||||||
-# channel lame-servers_file {
|
|
||||||
-# file "/var/log/named/lame-servers.log" versions 3 size 30m;
|
|
||||||
+# channel security_file {
|
|
||||||
+# file "/var/log/named/security.log" versions 3 size 30m;
|
|
||||||
# severity dynamic;
|
|
||||||
# print-time yes;
|
|
||||||
# };
|
|
||||||
-# category lame-servers {
|
|
||||||
-# lame-servers_file;
|
|
||||||
+# category security {
|
|
||||||
+# security_file;
|
|
||||||
# };
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
@@ -189,7 +189,7 @@
|
|
||||||
filter = named-refused
|
|
||||||
action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
|
|
||||||
sendmail-whois[name=Named, dest=you@mail.com]
|
|
||||||
-logpath = /var/log/named/lame-servers.log
|
|
||||||
+logpath = /var/log/named/security.log
|
|
||||||
ignoreip = 168.192.0.1
|
|
||||||
|
|
||||||
# This jail blocks TCP traffic for DNS requests.
|
|
||||||
@@ -200,6 +200,6 @@
|
|
||||||
filter = named-refused
|
|
||||||
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
|
|
||||||
sendmail-whois[name=Named, dest=you@mail.com]
|
|
||||||
-logpath = /var/log/named/lame-servers.log
|
|
||||||
+logpath = /var/log/named/security.log
|
|
||||||
ignoreip = 168.192.0.1
|
|
||||||
|
|
|
@ -1,47 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 00_pam_generic.dpatch by Yaroslav Halchenko <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: Filter and examples for a filter generic for any login errors reported with pam_unix.so
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad trunk~/config/filter.d/pam-generic.conf trunk/config/filter.d/pam-generic.conf
|
|
||||||
--- trunk~/config/filter.d/pam-generic.conf 1969-12-31 19:00:00.000000000 -0500
|
|
||||||
+++ trunk/config/filter.d/pam-generic.conf 2007-07-24 13:25:12.000000000 -0400
|
|
||||||
@@ -0,0 +1,25 @@
|
|
||||||
+# Fail2Ban configuration file for generic PAM authentication errors
|
|
||||||
+#
|
|
||||||
+# Author: Yaroslav Halchenko
|
|
||||||
+#
|
|
||||||
+# $Revision: $
|
|
||||||
+#
|
|
||||||
+
|
|
||||||
+[Definition]
|
|
||||||
+
|
|
||||||
+# if you want to catch only login erros from specific daemons, use smth like
|
|
||||||
+#_ttys_re=(?:ssh|pure-ftpd|ftp)
|
|
||||||
+# To catch all failed logins
|
|
||||||
+_ttys_re=\S*
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+# Shortcuts for easier comprehension of the failregex
|
|
||||||
+__pid_re=(?:\[\d+\])
|
|
||||||
+__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
|
|
||||||
+__pam_combs_re=(?:%(__pid_re)s?:\s+%(__pam_re)s|%(__pam_re)s%(__pid_re)s?:)
|
|
||||||
+
|
|
||||||
+# Option: failregex
|
|
||||||
+# Notes.: regex to match the password failures messages in the logfile.
|
|
||||||
+# Values: TEXT
|
|
||||||
+#
|
|
||||||
+failregex = \s\S+ \S+%(__pam_combs_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
|
|
||||||
diff -urNad trunk~/config/filter.d/pam-generic.examples trunk/config/filter.d/pam-generic.examples
|
|
||||||
--- trunk~/config/filter.d/pam-generic.examples 1969-12-31 19:00:00.000000000 -0500
|
|
||||||
+++ trunk/config/filter.d/pam-generic.examples 2007-07-24 13:24:49.000000000 -0400
|
|
||||||
@@ -0,0 +1,7 @@
|
|
||||||
+Feb 7 15:10:42 example pure-ftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=sample-user rhost=192.168.1.1
|
|
||||||
+May 12 09:47:54 vaio sshd[16004]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com user=root
|
|
||||||
+May 12 09:48:03 vaio sshd[16021]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com
|
|
||||||
+May 15 18:02:12 localhost proftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=66.232.129.62 user=mark
|
|
||||||
+Nov 25 17:12:13 webmail pop(pam_unix)[4920]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.10.3 user=mailuser
|
|
||||||
+Jul 19 18:11:26 srv2 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com
|
|
||||||
+Jul 19 18:11:26 srv2 vsftpd: pam_unix: authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com
|
|
|
@ -1,33 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 00_ssh_strong_re.dpatch by Yaroslav Halchenko <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: No description.
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad fail2ban~/config/filter.d/sshd.examples fail2ban/config/filter.d/sshd.examples
|
|
||||||
--- fail2ban~/config/filter.d/sshd.examples 1969-12-31 19:00:00.000000000 -0500
|
|
||||||
+++ fail2ban/config/filter.d/sshd.examples 2007-11-23 08:59:47.000000000 -0500
|
|
||||||
@@ -0,0 +1,22 @@
|
|
||||||
+#1
|
|
||||||
+Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6
|
|
||||||
+May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from www.onerussian.com
|
|
||||||
+
|
|
||||||
+#2
|
|
||||||
+Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.69 port 50273 ssh2
|
|
||||||
+Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.70 port 12345
|
|
||||||
+
|
|
||||||
+#3
|
|
||||||
+Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4
|
|
||||||
+Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM ::ffff:1.2.3.4
|
|
||||||
+
|
|
||||||
+#4
|
|
||||||
+Jul 20 14:42:11 localhost sshd[22708]: Invalid user ftp from 211.114.51.213
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+#5 new filter introduced after looking at 44087D8C.9090407@bluewin.ch
|
|
||||||
+Mar 3 00:17:22 [sshd] User root from 210.188.220.49 not allowed because not listed in AllowUsers
|
|
||||||
+Feb 25 14:34:11 belka sshd[31607]: User root from ferrari.inescn.pt not allowed because not listed in AllowUsers
|
|
||||||
+
|
|
||||||
+#6 ew filter introduced thanks to report Guido Bozzetto <reportbug@G-B.it>
|
|
||||||
+Nov 11 23:33:27 Server sshd[5174]: refused connect from _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161 (::ffff:218.249.210.161)
|
|
|
@ -1,20 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 00_var_run_socket.dpatch by Yaroslav Halchenko <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: to close 425746: move socket under /var/run
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad trunk~/config/fail2ban.conf trunk/config/fail2ban.conf
|
|
||||||
--- trunk~/config/fail2ban.conf 2007-05-05 21:30:21.000000000 -0400
|
|
||||||
+++ trunk/config/fail2ban.conf 2007-07-03 18:21:52.000000000 -0400
|
|
||||||
@@ -28,7 +28,7 @@
|
|
||||||
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
|
|
||||||
# not remove this file when Fail2ban runs. It will not be possible to
|
|
||||||
# communicate with the server afterwards.
|
|
||||||
-# Values: FILE Default: /tmp/fail2ban.sock
|
|
||||||
+# Values: FILE Default: /var/run/fail2ban.sock
|
|
||||||
#
|
|
||||||
-socket = /tmp/fail2ban.sock
|
|
||||||
+socket = /var/run/fail2ban.sock
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
00_mail-whois-lines
|
|
||||||
00_var_run_socket
|
|
||||||
10_dbts_manpages
|
|
||||||
00_ssh_strong_re
|
|
||||||
00_pam_generic
|
|
||||||
00_named_refused
|
|
|
@ -1,33 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 10_dbts_manpages.dpatch by <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: No description.
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad fail2ban-0.7.3~/man/fail2ban-client.1 fail2ban-0.7.3/man/fail2ban-client.1
|
|
||||||
--- fail2ban-0.7.3~/man/fail2ban-client.1 2006-09-28 15:34:06.000000000 -0400
|
|
||||||
+++ fail2ban-0.7.3/man/fail2ban-client.1 2006-09-28 22:58:38.000000000 -0400
|
|
||||||
@@ -82,7 +82,8 @@
|
|
||||||
Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>.
|
|
||||||
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
|
|
||||||
.SH "REPORTING BUGS"
|
|
||||||
-Report bugs to <lostcontrol@users.sourceforge.net>
|
|
||||||
+Please report bugs via Debian bug tracking system
|
|
||||||
+http://www.debian.org/Bugs/.
|
|
||||||
.SH COPYRIGHT
|
|
||||||
Copyright \(co 2004-2006 Cyril Jaquier
|
|
||||||
.br
|
|
||||||
diff -urNad fail2ban-0.7.3~/man/fail2ban-server.1 fail2ban-0.7.3/man/fail2ban-server.1
|
|
||||||
--- fail2ban-0.7.3~/man/fail2ban-server.1 2006-09-28 15:34:06.000000000 -0400
|
|
||||||
+++ fail2ban-0.7.3/man/fail2ban-server.1 2006-09-28 22:59:25.000000000 -0400
|
|
||||||
@@ -33,7 +33,8 @@
|
|
||||||
Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>.
|
|
||||||
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
|
|
||||||
.SH "REPORTING BUGS"
|
|
||||||
-Report bugs to <lostcontrol@users.sourceforge.net>
|
|
||||||
+Please report bugs via Debian bug tracking system
|
|
||||||
+http://www.debian.org/Bugs/.
|
|
||||||
.SH COPYRIGHT
|
|
||||||
Copyright \(co 2004-2006 Cyril Jaquier
|
|
||||||
.br
|
|
|
@ -1,54 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 10_multiple_HOST_regexp.dpatch by Yaroslav Halchenko <debian@onerussian.com>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: No description.
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad fail2ban-0.7.5~/server/filter.py fail2ban-0.7.5/server/filter.py
|
|
||||||
--- fail2ban-0.7.5~/server/filter.py 2006-11-26 15:37:31.000000000 -0500
|
|
||||||
+++ fail2ban-0.7.5/server/filter.py 2006-12-22 13:30:25.000000000 -0500
|
|
||||||
@@ -170,8 +170,17 @@
|
|
||||||
self.__failRegex = value
|
|
||||||
self.__failRegexObj = None
|
|
||||||
else:
|
|
||||||
- # Replace "<HOST>" with default regular expression for host.
|
|
||||||
- regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
|
|
||||||
+ # Replace "<HOST>"s with regular expression for a hostname,
|
|
||||||
+ # naming groups hostX where X is a number starting with 1
|
|
||||||
+ regex = value
|
|
||||||
+ oldregex = ''; k = 0
|
|
||||||
+ while ( regex != oldregex ):
|
|
||||||
+ oldregex = regex
|
|
||||||
+ k += 1
|
|
||||||
+ regex = regex.replace("<HOST>",
|
|
||||||
+ "(?:::f{4,6}:)?(?P<host%d>\S+)" % k,
|
|
||||||
+ 1)
|
|
||||||
+
|
|
||||||
self.__failRegex = regex
|
|
||||||
self.__failRegexObj = re.compile(regex)
|
|
||||||
logSys.info("Set failregex = %s" % self.__failRegex)
|
|
||||||
@@ -435,12 +444,18 @@
|
|
||||||
+ "this format")
|
|
||||||
else:
|
|
||||||
try:
|
|
||||||
- ipMatch = DNSUtils.textToIp(match.group("host"))
|
|
||||||
- if ipMatch:
|
|
||||||
- for ip in ipMatch:
|
|
||||||
- failList.append([ip, date])
|
|
||||||
+ allGroups = match.groupdict()
|
|
||||||
+ hostRe = re.compile('host\d*$')
|
|
||||||
+ # Select only groups named host\d*
|
|
||||||
+ hostGroups = filter(lambda x: hostRe.match(x[0]) and x[1],
|
|
||||||
+ allGroups.iteritems())
|
|
||||||
+ for hostGroup, hostEntry in hostGroups:
|
|
||||||
+ ipMatch = DNSUtils.textToIp(hostEntry)
|
|
||||||
+ if ipMatch:
|
|
||||||
+ for ip in ipMatch:
|
|
||||||
+ failList.append([ip, date])
|
|
||||||
except IndexError:
|
|
||||||
- logSys.error("There is no 'host' group in the rule. " +
|
|
||||||
+ logSys.error("There is no 'hostX' group in the rule. " +
|
|
||||||
"Please correct your configuration.")
|
|
||||||
return failList
|
|
||||||
|
|
|
@ -11,19 +11,14 @@
|
||||||
|
|
||||||
DESTDIR=$(CURDIR)/debian/fail2ban
|
DESTDIR=$(CURDIR)/debian/fail2ban
|
||||||
|
|
||||||
# no parallel execution -- required for dpatch
|
|
||||||
.NOTPARALLEL:
|
|
||||||
|
|
||||||
include /usr/share/dpatch/dpatch.make
|
|
||||||
|
|
||||||
configure: configure-stamp
|
configure: configure-stamp
|
||||||
configure-stamp:
|
configure-stamp:
|
||||||
dh_testdir
|
dh_testdir
|
||||||
touch configure-stamp
|
touch configure-stamp
|
||||||
|
|
||||||
build: patch
|
build:
|
||||||
|
|
||||||
clean: clean-inits unpatch
|
clean: clean-inits
|
||||||
dh_testdir
|
dh_testdir
|
||||||
dh_testroot
|
dh_testroot
|
||||||
rm -f build-stamp configure-stamp
|
rm -f build-stamp configure-stamp
|
||||||
|
@ -57,7 +52,7 @@ binary-indep: install
|
||||||
dh_testroot
|
dh_testroot
|
||||||
dh_installchangelogs CHANGELOG
|
dh_installchangelogs CHANGELOG
|
||||||
dh_installdocs
|
dh_installdocs
|
||||||
dh_installexamples config/jail.conf
|
dh_installexamples config/jail.conf files/ipmasq-*
|
||||||
dh_installlogrotate
|
dh_installlogrotate
|
||||||
dh_pycentral
|
dh_pycentral
|
||||||
dh_installinit -- defaults 99
|
dh_installinit -- defaults 99
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# ZZZzzz|fail2ban.rul
|
||||||
|
#
|
||||||
|
# Ultima modifica: 20060112 <Nauta@G-B.it> Creazione
|
||||||
|
# Ultima modifica: 20071205 <Nauta@G-B.it> Verifica sia in esecuzione
|
||||||
|
#
|
||||||
|
# Riconfigura le regole di filtraggio relative a fail2ban alla fine
|
||||||
|
# dell'inizializzazione delle regole.
|
||||||
|
# Solo all'avvio del sistema mostra la (ri)esecuzione dello script
|
||||||
|
|
||||||
|
_NAME=fail2ban
|
||||||
|
_INITSCRIPT=/etc/init.d/$_NAME
|
||||||
|
_CONFIG="/etc/$_NAME/$_NAME.local /etc/$_NAME/$_NAME.conf"
|
||||||
|
|
||||||
|
if [ -s $_INITSCRIPT ]; then
|
||||||
|
SOCKFILE=`sed -n -e '/^[^#]*socket\s*=/{
|
||||||
|
s/.*socket\s*=\s*\(\S\+\).*/\1/p;q}' $_CONFIG 2>/dev/null`
|
||||||
|
[ -z "$SOCKFILE" ] && SOCKFILE="/tmp/$_NAME.sock"
|
||||||
|
if [ -S "$SOCKFILE" ]; then # Is daemon running ?
|
||||||
|
if [ "$SHOWRULES" == "yes" ]; then
|
||||||
|
echo "#: Reinitializing $_NAME"
|
||||||
|
echo $_INITSCRIPT force-reload
|
||||||
|
else
|
||||||
|
[ ! $runlevel ] && HIDEOUTPUT=true
|
||||||
|
fi
|
||||||
|
if [ "$NOACT" != "yes" ]; then
|
||||||
|
eval $_INITSCRIPT force-reload ${HIDEOUTPUT:+\>/dev/null 2\>&1}
|
||||||
|
fi
|
||||||
|
fi # SOCKFILE is a socket
|
||||||
|
fi # _INITSCRIPT exist
|
|
@ -0,0 +1,5 @@
|
||||||
|
Jul 24 14:16:55 raid5 named[3935]: client 194.145.196.18#4795: query 'ricreig.com/NS/IN' denied
|
||||||
|
Jul 24 14:16:56 raid5 named[3935]: client 62.123.164.113#32768: query 'ricreig.com/NS/IN' denied
|
||||||
|
Jul 24 14:17:13 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'geo-mueller.de/NS/IN' denied
|
||||||
|
Jul 24 14:20:25 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'shivaree.de/NS/IN' denied
|
||||||
|
Jul 24 14:23:36 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'mietberatung.de/NS/IN' denied
|
|
@ -0,0 +1,7 @@
|
||||||
|
Feb 7 15:10:42 example pure-ftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=sample-user rhost=192.168.1.1
|
||||||
|
May 12 09:47:54 vaio sshd[16004]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com user=root
|
||||||
|
May 12 09:48:03 vaio sshd[16021]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com
|
||||||
|
May 15 18:02:12 localhost proftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=66.232.129.62 user=mark
|
||||||
|
Nov 25 17:12:13 webmail pop(pam_unix)[4920]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.10.3 user=mailuser
|
||||||
|
Jul 19 18:11:26 srv2 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com
|
||||||
|
Jul 19 18:11:26 srv2 vsftpd: pam_unix: authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com
|
|
@ -0,0 +1,22 @@
|
||||||
|
#1
|
||||||
|
Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6
|
||||||
|
May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from www.onerussian.com
|
||||||
|
|
||||||
|
#2
|
||||||
|
Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.69 port 50273 ssh2
|
||||||
|
Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.70 port 12345
|
||||||
|
|
||||||
|
#3
|
||||||
|
Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4
|
||||||
|
Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM ::ffff:1.2.3.4
|
||||||
|
|
||||||
|
#4
|
||||||
|
Jul 20 14:42:11 localhost sshd[22708]: Invalid user ftp from 211.114.51.213
|
||||||
|
|
||||||
|
|
||||||
|
#5 new filter introduced after looking at 44087D8C.9090407@bluewin.ch
|
||||||
|
Mar 3 00:17:22 [sshd] User root from 210.188.220.49 not allowed because not listed in AllowUsers
|
||||||
|
Feb 25 14:34:11 belka sshd[31607]: User root from ferrari.inescn.pt not allowed because not listed in AllowUsers
|
||||||
|
|
||||||
|
#6 ew filter introduced thanks to report Guido Bozzetto <reportbug@G-B.it>
|
||||||
|
Nov 11 23:33:27 Server sshd[5174]: refused connect from _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161 (::ffff:218.249.210.161)
|
|
@ -0,0 +1,7 @@
|
||||||
|
#1 PAM based
|
||||||
|
Oct 11 01:06:47 ServerJV vsftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=209.67.1.67
|
||||||
|
Feb 6 12:02:29 server vsftpd(pam_unix)[15522]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=64.168.103.1 user=user1
|
||||||
|
|
||||||
|
#2 Internal
|
||||||
|
Fri Jan 19 12:20:33 2007 [pid 27202] [anonymous] FAIL LOGIN: Client "64.106.46.98"
|
||||||
|
|
|
@ -259,7 +259,8 @@ action <ACT> for <JAIL>
|
||||||
Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>.
|
Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>.
|
||||||
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
|
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
|
||||||
.SH "REPORTING BUGS"
|
.SH "REPORTING BUGS"
|
||||||
Report bugs to <lostcontrol@users.sourceforge.net>
|
Please report bugs via Debian bug tracking system
|
||||||
|
http://www.debian.org/Bugs/.
|
||||||
.SH COPYRIGHT
|
.SH COPYRIGHT
|
||||||
Copyright \(co 2004-2006 Cyril Jaquier
|
Copyright \(co 2004-2006 Cyril Jaquier
|
||||||
.br
|
.br
|
||||||
|
|
|
@ -35,7 +35,8 @@ print the version
|
||||||
Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>.
|
Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>.
|
||||||
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
|
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
|
||||||
.SH "REPORTING BUGS"
|
.SH "REPORTING BUGS"
|
||||||
Report bugs to <lostcontrol@users.sourceforge.net>
|
Please report bugs via Debian bug tracking system
|
||||||
|
http://www.debian.org/Bugs/.
|
||||||
.SH COPYRIGHT
|
.SH COPYRIGHT
|
||||||
Copyright \(co 2004-2006 Cyril Jaquier
|
Copyright \(co 2004-2006 Cyril Jaquier
|
||||||
.br
|
.br
|
||||||
|
|
Loading…
Reference in New Issue