added few sections (patches + adjusted jail.conf shipped with Debian)

debian-releases/etch
Yaroslav Halchenko 2006-09-29 04:21:16 +00:00
parent 641cd14a40
commit cd46343d11
4 changed files with 87 additions and 8 deletions

43
debian/jail.conf vendored
View File

@ -40,6 +40,7 @@ action = iptables[name=%(__name__)s, port=%(port)s]
#
# in /etc/fail2ban/jail.local
#
[ssh-iptables]
enabled = true
@ -48,6 +49,10 @@ filter = sshd
logpath = /var/log/auth.log
maxretry = 6
#
# HTTP servers
#
[apache-iptables]
enabled = false
@ -56,14 +61,9 @@ filter = apache-auth
logpath = /var/log/apache*/*access.log
maxretry = 6
[postfix-iptables]
enabled = false
port = smtp
filter = postfix
logpath = /var/log/postfix.log
#
# FTP servers
#
[vsftpd-iptables]
@ -74,6 +74,26 @@ logpath = /var/log/auth.log
maxretry = 6
[proftpd-iptables]
enabled = false
port = ftp
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
#
# Mail servers
#
[postfix-iptables]
enabled = false
port = smtp
filter = postfix
logpath = /var/log/postfix.log
[couriersmtp-iptables]
enabled = false
@ -81,3 +101,10 @@ port = smtp
filter = couriersmtp
logpath = /var/log/mail.log
[sasl-iptables]
enabled = false
port = smtp
filter = sasl
logpath = /var/log/mail.log

View File

@ -1,3 +1,5 @@
X00_rigid_python24
X00_apache_log_failregex
10_dbts_manpages
10_proftpd_section
10_sasl_section

25
debian/patches/10_proftpd_section.dpatch vendored Executable file
View File

@ -0,0 +1,25 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_proftpd_section.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.3~/config/filter.d/proftpd.conf fail2ban-0.7.3/config/filter.d/proftpd.conf
--- fail2ban-0.7.3~/config/filter.d/proftpd.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.3/config/filter.d/proftpd.conf 2006-09-29 00:11:33.000000000 -0400
@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: 331 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default: Authentication failure|Failed password|Invalid user
+#
+failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$

25
debian/patches/10_sasl_section.dpatch vendored Executable file
View File

@ -0,0 +1,25 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_sasl_section.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.3~/config/filter.d/sasl.conf fail2ban-0.7.3/config/filter.d/sasl.conf
--- fail2ban-0.7.3~/config/filter.d/sasl.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.3/config/filter.d/sasl.conf 2006-09-29 00:18:19.000000000 -0400
@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: 331 $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default: Authentication failure|Failed password|Invalid user
+#
+failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$