From cd46343d118f21de3b208a75e9baa5ad597df8e4 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Fri, 29 Sep 2006 04:21:16 +0000 Subject: [PATCH] added few sections (patches + adjusted jail.conf shipped with Debian) --- debian/jail.conf | 43 +++++++++++++++++++----- debian/patches/00list | 2 ++ debian/patches/10_proftpd_section.dpatch | 25 ++++++++++++++ debian/patches/10_sasl_section.dpatch | 25 ++++++++++++++ 4 files changed, 87 insertions(+), 8 deletions(-) create mode 100755 debian/patches/10_proftpd_section.dpatch create mode 100755 debian/patches/10_sasl_section.dpatch diff --git a/debian/jail.conf b/debian/jail.conf index cc285a03..fa03811c 100644 --- a/debian/jail.conf +++ b/debian/jail.conf @@ -40,6 +40,7 @@ action = iptables[name=%(__name__)s, port=%(port)s] # # in /etc/fail2ban/jail.local # + [ssh-iptables] enabled = true @@ -48,6 +49,10 @@ filter = sshd logpath = /var/log/auth.log maxretry = 6 +# +# HTTP servers +# + [apache-iptables] enabled = false @@ -56,14 +61,9 @@ filter = apache-auth logpath = /var/log/apache*/*access.log maxretry = 6 - -[postfix-iptables] - -enabled = false -port = smtp -filter = postfix -logpath = /var/log/postfix.log - +# +# FTP servers +# [vsftpd-iptables] @@ -74,6 +74,26 @@ logpath = /var/log/auth.log maxretry = 6 +[proftpd-iptables] + +enabled = false +port = ftp +filter = proftpd +logpath = /var/log/proftpd/proftpd.log +maxretry = 6 + +# +# Mail servers +# + +[postfix-iptables] + +enabled = false +port = smtp +filter = postfix +logpath = /var/log/postfix.log + + [couriersmtp-iptables] enabled = false @@ -81,3 +101,10 @@ port = smtp filter = couriersmtp logpath = /var/log/mail.log + +[sasl-iptables] + +enabled = false +port = smtp +filter = sasl +logpath = /var/log/mail.log diff --git a/debian/patches/00list b/debian/patches/00list index f72a6019..2110f79f 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -1,3 +1,5 @@ X00_rigid_python24 X00_apache_log_failregex 10_dbts_manpages +10_proftpd_section +10_sasl_section diff --git a/debian/patches/10_proftpd_section.dpatch b/debian/patches/10_proftpd_section.dpatch new file mode 100755 index 00000000..f0db4497 --- /dev/null +++ b/debian/patches/10_proftpd_section.dpatch @@ -0,0 +1,25 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10_proftpd_section.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad fail2ban-0.7.3~/config/filter.d/proftpd.conf fail2ban-0.7.3/config/filter.d/proftpd.conf +--- fail2ban-0.7.3~/config/filter.d/proftpd.conf 1969-12-31 19:00:00.000000000 -0500 ++++ fail2ban-0.7.3/config/filter.d/proftpd.conf 2006-09-29 00:11:33.000000000 -0400 +@@ -0,0 +1,14 @@ ++# Fail2Ban configuration file ++# ++# Author: Yaroslav Halchenko ++# ++# $Revision: 331 $ ++# ++ ++[Definition] ++ ++# Option: failregex ++# Notes.: regex to match the password failures messages in the logfile. ++# Values: TEXT Default: Authentication failure|Failed password|Invalid user ++# ++failregex = USER \S+: no such user found from \S* ?\[(?P\S+)\] to \S+\s*$ diff --git a/debian/patches/10_sasl_section.dpatch b/debian/patches/10_sasl_section.dpatch new file mode 100755 index 00000000..89f5443f --- /dev/null +++ b/debian/patches/10_sasl_section.dpatch @@ -0,0 +1,25 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10_sasl_section.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad fail2ban-0.7.3~/config/filter.d/sasl.conf fail2ban-0.7.3/config/filter.d/sasl.conf +--- fail2ban-0.7.3~/config/filter.d/sasl.conf 1969-12-31 19:00:00.000000000 -0500 ++++ fail2ban-0.7.3/config/filter.d/sasl.conf 2006-09-29 00:18:19.000000000 -0400 +@@ -0,0 +1,14 @@ ++# Fail2Ban configuration file ++# ++# Author: Yaroslav Halchenko ++# ++# $Revision: 331 $ ++# ++ ++[Definition] ++ ++# Option: failregex ++# Notes.: regex to match the password failures messages in the logfile. ++# Values: TEXT Default: Authentication failure|Failed password|Invalid user ++# ++failregex = : warning: [-._\w]+\[(?P[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$