github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

2nd attempt to make a branch for etch

debian-releases/etch
Yaroslav Halchenko 2007-05-02 02:54:38 +00:00
parent 6437998a10 14a2a45dbc
commit d08010c7a5
15 changed files with 431 additions and 376 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
debian/README.Debian vendored
View File

@ -66,7 +66,7 @@ actionstop = iptables -D <fwchain> -j <whitelist>
iptables -D <fwchain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
actioncheck = iptables -n -L <fwchain> | grep -q fail2ban-<name>
actioncheck = iptables -L <fwchain> | grep -q fail2ban-<name>
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
[Init]
@ -79,32 +79,27 @@ protocol = tcp
* Multiport banning: Comment for the wishlist #373592.
Default iptables rules for banning use --dport statement which allows
to ban just a single port. For multiport banning you would need to use
iptables-multiport action (just override banaction in jail.local),
which is present in fail2ban shipped in Debian since 0.7.6-1.
If you would like to ban all ports for that host, just redefine
fwban/fwunban commands to don't have --dport %(port)s statement at
all, or use shorewall, where actionban bans whole IP.
iptables-multiport action is not default banaction since multiport
module might not be compiled for some hand compiled kernels.
Default iptables rules for banning use --dport statement which allows to
ban just a single port. For multiport banning you would need to adjust iptables
rules to use multiport module ( -m multiport --dports %(port)s ). If you would
like to ban all ports for that host, just redefine fwban/fwunban commands to
don't have --dport %(port)s statement at all (can be redefined on per-section
basis as well)
Such option is not enabled by default since multiport module might not be
compiled for some hand compiled kernels.
* Blocking of NEW connections only
Comment for the wishlist #350746.
It might be benefitial in some cases to ban only new connections. For
that just use iptables-new action instead of default banaction
that just use iptables-new action instead of default iptables:
/etc/fail2ban/jail.local:
[DEFAULT]
banaction=iptables-new
action = iptables-new[name=%(__name__)s, port=%(port)s]
(you can override banaction within interesting for you section).
Also you can redefine the whole action parameter if you like.
or override action within interesting for you section
Troubleshooting:
@ -205,4 +200,4 @@ P.S. Anyone is welcome to recommend proper security solution to this
issue, such as an alternative to sysklogd which allows better control
over users logging to specific facilities (such as AUTH)
-- Yaroslav Halchenko <debian@onerussian.com>, Thu, 4 Jan 2007 15:18:39 -0500
-- Yaroslav O. Halchenko <debian@onerussian.com>, Thu, 7 Dec 2006 18:09:36 -0500

96
debian/changelog vendored
View File

@ -1,99 +1,3 @@
fail2ban (0.7.9-1) unstable; urgency=low
* New upstream release
* Updated copyright to include current year
* Removed patches absorbed upstream
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 19 Apr 2007 21:44:28 -0400
fail2ban (0.7.8-1) unstable; urgency=low
* New upstream release
* Applied post-release upstream changes to resolve issues with
- Fix to close opened handlers to log file
- Tentative incomplete gamin fix
- Fix to "reload" bug
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 26 Mar 2007 17:52:23 -0400
fail2ban (0.7.7-1) unstable; urgency=low
* New upstream release (included most of the debian-provided patches -- new
filters and actions)
* Refreshed and made verbatim homepage in description
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 8 Feb 2007 22:20:49 -0500
fail2ban (0.7.6-3) unstable; urgency=low
* Synchronized action.d/iptables-* rules from upstream SVN (closes:
#407561)
* Minor: options renames in the comments to be in sync with upstream
* Use /usr/bin/python interpreter instead of wrapped call to python by
/usr/bin/env
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 19 Jan 2007 10:43:59 -0500
fail2ban (0.7.6-2) unstable; urgency=low
* iptables-multiport is default action to take since Debian kernel arrives
with multiport module. That is to address the fact that most services
listen on multiple port (for encrypted and non-encrypted connections)
* Added [courierauth] jail (First 2 items are to partially address #407404
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 18 Jan 2007 10:35:36 -0500
fail2ban (0.7.6-1) unstable; urgency=low
* New upstream release, which incorporates fixes introduced in 3~pre
non-released versions (which were suggested to the users to overcome
problems reported in bug reports). In particular attention should be paid
to upstream changelog entries
- Several "failregex" and "ignoreregex" are now accepted.
Creation of rules should be easier now.
This is an alternative solution to 'multiple <HOST>' entries fix,
which is not applied to this shipped version - pay caution if upgrading
from 0.7.5-3~pre?
- Allow comma in action options. The value of the option must
be escaped with " or '.
That allowed to implement requested ability to ban multiple ports
at once (See 373592). README.Debian and jail.conf adjusted to reflect
possible use of iptables-mport
- Now Fail2ban goes in /usr/share/fail2ban instead of
/usr/lib/fail2ban. This is more compliant with FHS.
Patch 00_share_insteadof_lib no longer applied
* Refactored installed by debian package jail.conf:
- Added option banaction which is to incorporate banning agent
(usually some flavor of iptables rule), which can then be easily
overriden globally or per section
- Multiple actions are defined as action_* to serve as shortcuts
* Initd script was modified to inform about present socket file which
would forbid fail2ban-server from starting
* Adjusted default log file for postfix to be /var/log/mail.log
(Closes: #404921)
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 4 Jan 2007 15:24:52 -0500
fail2ban (0.7.5-3~pre6) unstable; urgency=low
* Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
(Closes: #404060)
* Made fail2ban-server tollerate multiple <HOST> entries in failregex
* Moved call to dh_pycentral before dh_installinit
* Removed unnecessary call of dh_shlibdeps
* Added filter ssh-ddos to fight DDOS attacks. Must be used with caution
if there is a possibility of valid clients accessing through
unreliable connection or faulty firewall (Closes: #404487)
* Not applying patch any more for rigid python2.4 - it is default now in
sid/etch
* Moving waiting loop for fail2ban-server to stop under do_stop
function, so it gets invoked by both 'restart' and 'stop' commands
* do_status action of init script is now using 'fail2ban-client ping'
instead of '... status' since we don't really use returned status
information, besides the return error code
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 26 Dec 2006 21:56:58 -0500
fail2ban (0.7.5-2) unstable; urgency=low
* NEWS.Debian confusions - the latest NEWS entry and postinst message were

2
debian/control vendored
View File

@ -25,5 +25,5 @@ Description: bans IPs that cause multiple authentication errors
fail2ban can be adopted to be used with a variety of files and
firewalls.
.
Homepage: http://www.fail2ban.org
Homepage: http://www.sourceforge.net/projects/fail2ban

2
debian/copyright vendored
View File

@ -6,7 +6,7 @@ It was downloaded from http://www.sourceforge.net/projects/fail2ban
Author: Cyril Jaquier: <lostcontrol@users.sourceforge.net>
http://fail2ban.sourceforge.net
Copyright: 2004, 2005, 2006, 2007 Cyril Jaquier
Copyright: 2004, 2005, 2006 Cyril Jaquier
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by

118
debian/fail2ban.init vendored
View File

@ -23,13 +23,9 @@ NAME=fail2ban
# fail2ban-client is not a daemon itself but starts a daemon and
# loads its with configuration
DAEMON=/usr/bin/$NAME-client
SOCKFILE=/tmp/$NAME.sock
SCRIPTNAME=/etc/init.d/$NAME
# Ad-hoc way to parse out socket file name
SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.local 2>/dev/null \
| tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
[ -z "$SOCKFILE" ] && SOCKFILE='/tmp/fail2ban.sock'
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
@ -54,6 +50,21 @@ log_daemon_msg () {
# so we must be ok
. /lib/lsb/init-functions
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
do_status && return 1
start-stop-daemon --start --quiet --chuid root --exec $DAEMON -- \
$DAEMON_ARGS start > /dev/null\
|| return 2
}
#
# Shortcut function for abnormal init script interruption
#
@ -64,55 +75,30 @@ report_bug()
exit 1
}
#
# Helper function to check if socket is present, which is often left after
# abnormal exit of fail2ban and needs to be removed
#
check_socket()
{
# Return
# 0 if socket is present and readable
# 1 if socket file is not present
# 2 if socket file is present but not readable
# 3 if socket file is present but is not a socket
[ -e "$SOCKFILE" ] || return 1
[ -r "$SOCKFILE" ] || return 2
[ -S "$SOCKFILE" ] || return 3
return 0
}
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
do_status && return 1
if [ -e "$SOCKFILE" ]; then
log_failure_msg "Socket file $SOCKFILE is present"
return 2
fi
start-stop-daemon --start --quiet --chuid root --exec $DAEMON -- \
$DAEMON_ARGS start > /dev/null\
|| return 2
return 0
}
#
# Function that checks the status of fail2ban and returns
# corresponding code
#
do_status()
{
$DAEMON ping > /dev/null
return $?
$DAEMON status > /dev/null
case $? in
0) return 0
;;
255)
if [ -S $SOCKFILE ]; then
if [ -r $SOCKFILE ]; then
return 1
else
return 4
fi
else
return 3
fi
;;
*)
report_bug "Unknown return code from fail2ban."
esac
}
#
@ -127,17 +113,6 @@ do_stop()
# other if a failure occurred
$DAEMON status > /dev/null || return 1
$DAEMON stop > /dev/null || return 2
# now we need actually to wait a bit since it might take time
# for server to react on client's stop request. Especially
# important for restart command on slow boxes
count=1
while do_status && [ $count -lt 60 ]; do
sleep 1
count=$(($count+1))
done
[ $count -lt 60 ] || return 3 # failed to stop
return 0
}
@ -175,6 +150,16 @@ case "$1" in
do_stop
case "$?" in
0|1)
# now we need actually to wait a bit since it might take time
# for server to react on client's stop request
count=1
while do_status && [ $count -lt 10 ]; do
sleep 1
count=$(($count+1))
done
[ $count -lt 10 ] || log_end_msg 1 # failed to stop
do_start
log_end_msg_wrapper $? 1
;;
@ -196,17 +181,10 @@ case "$1" in
do_status
case $? in
0) log_success_msg " $NAME is running" ;;
255)
check_socket
case $? in
1) log_warning_msg " $NAME is not running" ;;
0) log_failure_msg " $NAME is not running but $SOCKFILE exists" ;;
2) log_failure_msg " $SOCKFILE not readable, status of $NAME is unknown";;
3) log_failure_msg " $SOCKFILE exists but not a socket, status of $NAME is unknown";;
*) report_bug "Unknown return code from $NAME:check_socket.";;
esac
;;
*) report_bug "Unknown $NAME status code"
1) log_failure_msg " $NAME is not running but $SOCKFILE exists" ;;
3) log_warning_msg " $NAME is not running" ;;
4) log_failure_msg " $SOCKFILE not readable, status of $NAME unknown";;
*) report_bug "Unknown status code"
esac
;;
*)

109
debian/jail.conf vendored
View File

@ -33,69 +33,40 @@ backend = polling
# jail.{conf,local} configuration files.
destemail = root@localhost
#
# ACTIONS
#
# Default action to take: ban only
action = iptables[name=%(__name__)s, port=%(port)s]
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overriden globally or per
# section within jail.local file
banaction = iptables-multiport
# Following actions can be chosen as an alternatives to the above action.
# To activate, just copy/paste+uncomment chosen 2 (excluding comments) lines
# into jail.local
#
# Action shortcuts. To be used to define action parameter
# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s"]
# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s"]
mail-whois[name=%(__name__)s, dest="%(destemail)s"]
# ban & send an e-mail with whois report and relevant log lines
# Default action to take: ban & send an e-mail with whois report
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s"]
mail-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s]
# action = iptables[name=%(__name__)s, port=%(port)s]
# mail-whois[name=%(__name__)s, dest=%(destemail)s]
# Default action to take: ban & send an e-mail with whois report
# and relevant log lines to the destemail.
# action = iptables[name=%(__name__)s, port=%(port)s]
# mail-whois-lines[name=%(__name__)s, dest=%(destemail)s, logpath=%(logpath)s]
# Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s
# Next jails corresponds to the standard configuration in Fail2ban 0.6
# which was shipped in Debian. Please enable any defined here jail by including
#
# JAILS
#
# Next jails corresponds to the standard configuration in Fail2ban 0.6 which
# was shipped in Debian. Please enable any defined here jail by including
#
# [SECTION_NAME]
# [SECTION_NAME]
# enabled = true
#
# in /etc/fail2ban/jail.local.
#
# Optionally you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local
[ssh]
enabled = true
port = ssh,sftp
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
[ssh-ddos]
enabled = false
port = ssh,sftp
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 6
#
# HTTP servers
#
@ -103,25 +74,16 @@ maxretry = 6
[apache]
enabled = false
port = http,https
port = http
filter = apache-auth
logpath = /var/log/apache*/*access.log
maxretry = 6
# default action is now multiport, so apache-multiport jail was left
# for compatibility with previous (<0.7.6-2) releases
[apache-multiport]
enabled = false
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*access.log
maxretry = 6
[apache-noscript]
enabled = false
port = http,https
port = http
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 6
@ -133,20 +95,16 @@ maxretry = 6
[vsftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
port = ftp
filter = vsftpd
logpath = /var/log/vsftpd.log
# or overwrite it in jails.local to be
# logpath = /var/log/auth.log
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
logpath = /var/log/auth.log
maxretry = 6
[proftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
port = ftp
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
@ -155,7 +113,7 @@ maxretry = 6
[wuftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
port = ftp
filter = wuftpd
logpath = /var/log/auth.log
maxretry = 6
@ -168,35 +126,22 @@ maxretry = 6
[postfix]
enabled = false
port = smtp,ssmtp
port = smtp
filter = postfix
logpath = /var/log/mail.log
logpath = /var/log/postfix.log
[couriersmtp]
enabled = false
port = smtp,ssmtp
port = smtp
filter = couriersmtp
logpath = /var/log/mail.log
#
# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned
#
[courierauth]
enabled = false
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = courierlogin
logpath = /var/log/mail.log
[sasl]
enabled = false
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
port = smtp
filter = sasl
logpath = /var/log/mail.log

83
debian/patches/00_iptables_NEW.dpatch vendored Executable file
View File

@ -0,0 +1,83 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_iptables_NEW.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.4~/config/action.d/iptables-new.conf fail2ban-0.7.4/config/action.d/iptables-new.conf
--- fail2ban-0.7.4~/config/action.d/iptables-new.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.4/config/action.d/iptables-new.conf 2006-11-10 18:01:27.000000000 -0500
@@ -0,0 +1,72 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Copied from iptables.conf and modified by Yaroslav Halchenko
+# to fullfill the needs of bugreporter dbts#350746.
+#
+# $Revision: 394 $
+#
+
+[Definition]
+
+# Option: fwstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = iptables -N fail2ban-<name>
+ iptables -A fail2ban-<name> -j RETURN
+ iptables -I INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+
+# Option: fwend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = iptables -D INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+ iptables -F fail2ban-<name>
+ iptables -X fail2ban-<name>
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Values: CMD
+#
+actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
+
+# Option: fwban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <failtime> unix timestamp of the last failure
+# <bantime> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+
+# Option: fwunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <bantime> unix timestamp of the ban time
+# <unbantime> unix timestamp of the unban time
+# Values: CMD
+#
+actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option: port
+# Notes.: specifies port to monitor
+# Values: [ NUM | STRING ] Default:
+#
+port = ssh
+
+# Option: protocol
+# Notes.: internally used by config reader for interpolations.
+# Values: [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+

130
debian/patches/00_mail-whois-lines.dpatch vendored
View File

@ -6,56 +6,82 @@
## DP: abuser IP over the log files
@DPATCH@
diff -urNad fail2ban-0.7.7~/config/action.d/mail-whois-lines.conf fail2ban-0.7.7/config/action.d/mail-whois-lines.conf
--- fail2ban-0.7.7~/config/action.d/mail-whois-lines.conf 2007-01-08 16:40:40.000000000 -0500
+++ fail2ban-0.7.7/config/action.d/mail-whois-lines.conf 2007-02-08 22:07:12.000000000 -0500
@@ -2,12 +2,12 @@
#
# Author: Cyril Jaquier
# Modified-By: Yaroslav Halchenko to include grepping on IP over log files
-# $Revision: 520 $
diff -urNad fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf fail2ban-0.7.5/config/action.d/mail-whois-lines.conf
--- fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.5/config/action.d/mail-whois-lines.conf 2006-12-10 18:27:46.000000000 -0500
@@ -0,0 +1,75 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified-By: Yaroslav Halchenko to include grepping on IP over log files
+# $Revision: 254 $
#
[Definition]
-# Option: fwstart
+# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
@@ -16,7 +16,7 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
-# Option: fwend
+# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
@@ -25,13 +25,13 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
-# Option: fwcheck
-# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
-# Option: fwban
+# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
@@ -50,7 +50,7 @@
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
-# Option: fwunban
+# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
+#
+
+[Definition]
+
+# Option: fwstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = echo -en "Hi,\n
+ The jail <name> has been started successfuly.\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
+
+# Option: fwend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = echo -en "Hi,\n
+ The jail <name> has been stopped.\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: fwban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <failtime> unix timestamp of the last failure
+# <bantime> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = echo -en "Hi,\n
+ The IP <ip> has just been banned by Fail2Ban after
+ <failures> attempts against <name>.\n\n
+ Here are more information about <ip>:\n
+ `whois <ip>`\n\n
+ Lines containing IP:<ip> in <logpath>\n
+ `grep '\<<ip>\>' <logpath>`\n\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
+
+# Option: fwunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <bantime> unix timestamp of the ban time
+# <unbantime> unix timestamp of the unban time
+# Values: CMD
+#
+actionunban =
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destinataire of the mail
+#
+dest = root
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null

84
debian/patches/00_share_insteadof_lib.dpatch vendored Executable file
View File

@ -0,0 +1,84 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_share_insteadof_lib.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.5~/fail2ban-client fail2ban-0.7.5/fail2ban-client
--- fail2ban-0.7.5~/fail2ban-client 2006-12-07 20:59:15.000000000 -0500
+++ fail2ban-0.7.5/fail2ban-client 2006-12-07 20:59:15.000000000 -0500
@@ -30,7 +30,7 @@
# Inserts our own modules path first in the list
# fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
# Now we can import our modules
from common.version import version
diff -urNad fail2ban-0.7.5~/fail2ban-regex fail2ban-0.7.5/fail2ban-regex
--- fail2ban-0.7.5~/fail2ban-regex 2006-11-16 15:59:47.000000000 -0500
+++ fail2ban-0.7.5/fail2ban-regex 2006-12-07 20:59:15.000000000 -0500
@@ -29,7 +29,7 @@
# Inserts our own modules path first in the list
# fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
from common.version import version
from server.filter import Filter
diff -urNad fail2ban-0.7.5~/fail2ban-server fail2ban-0.7.5/fail2ban-server
--- fail2ban-0.7.5~/fail2ban-server 2006-12-07 20:59:15.000000000 -0500
+++ fail2ban-0.7.5/fail2ban-server 2006-12-07 20:59:15.000000000 -0500
@@ -29,7 +29,7 @@
# Inserts our own modules path first in the list
# fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
from common.version import version
from server.server import Server
diff -urNad fail2ban-0.7.5~/fail2ban-testcases fail2ban-0.7.5/fail2ban-testcases
--- fail2ban-0.7.5~/fail2ban-testcases 2006-12-07 20:59:15.000000000 -0500
+++ fail2ban-0.7.5/fail2ban-testcases 2006-12-07 20:59:15.000000000 -0500
@@ -30,7 +30,7 @@
# Inserts our own modules path first in the list
# fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
from common.version import version
from testcases import banmanagertestcase
diff -urNad fail2ban-0.7.5~/setup.cfg fail2ban-0.7.5/setup.cfg
--- fail2ban-0.7.5~/setup.cfg 2006-11-01 16:08:43.000000000 -0500
+++ fail2ban-0.7.5/setup.cfg 2006-12-07 20:59:15.000000000 -0500
@@ -1,5 +1,5 @@
[install]
-install-purelib=/usr/lib/fail2ban
+install-purelib=/usr/share/fail2ban
[sdist]
formats=bztar
diff -urNad fail2ban-0.7.5~/setup.py fail2ban-0.7.5/setup.py
--- fail2ban-0.7.5~/setup.py 2006-12-07 20:59:15.000000000 -0500
+++ fail2ban-0.7.5/setup.py 2006-12-07 21:10:02.000000000 -0500
@@ -84,13 +84,13 @@
[
"fail2ban.py"
],
- "/usr/lib/fail2ban/firewall/":
+ "/usr/share/fail2ban/firewall/":
[
"iptables.py",
"ipfwadm.py",
"ipfw.py"
],
- "/usr/lib/fail2ban/":
+ "/usr/share/fail2ban/":
[
"version.py",
"protocol.py"

6
debian/patches/00list vendored
View File

@ -1,2 +1,6 @@
00_mail-whois-lines
X00_rigid_python24
00_share_insteadof_lib
00_iptables_NEW
10_dbts_manpages
10_wuftpd_section
00_mail-whois-lines

19
debian/patches/01_apache2_other.dpatch vendored Normal file
View File

@ -0,0 +1,19 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 01_apache2_other.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Tiny patch to mention apache2 possibility
@DPATCH@
diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.iptables fail2ban-0.6.1.post/config/fail2ban.conf.iptables
--- fail2ban-0.6.1.pre/config/fail2ban.conf.iptables 2006-05-27 23:23:51.000000000 -0400
+++ fail2ban-0.6.1.post/config/fail2ban.conf.iptables 2006-05-27 23:27:30.000000000 -0400
@@ -270,6 +270,7 @@
# Option: logfile
# Notes.: logfile to monitor.
# Values: FILE
+# Other.: /var/log/apache2/error.log
#
logfile = /var/log/apache/error.log

54
debian/patches/10_multiple_HOST_regexp.dpatch vendored
View File

@ -1,54 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_multiple_HOST_regexp.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.5~/server/filter.py fail2ban-0.7.5/server/filter.py
--- fail2ban-0.7.5~/server/filter.py 2006-11-26 15:37:31.000000000 -0500
+++ fail2ban-0.7.5/server/filter.py 2006-12-22 13:30:25.000000000 -0500
@@ -170,8 +170,17 @@
self.__failRegex = value
self.__failRegexObj = None
else:
- # Replace "<HOST>" with default regular expression for host.
- regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
+ # Replace "<HOST>"s with regular expression for a hostname,
+ # naming groups hostX where X is a number starting with 1
+ regex = value
+ oldregex = ''; k = 0
+ while ( regex != oldregex ):
+ oldregex = regex
+ k += 1
+ regex = regex.replace("<HOST>",
+ "(?:::f{4,6}:)?(?P<host%d>\S+)" % k,
+ 1)
+
self.__failRegex = regex
self.__failRegexObj = re.compile(regex)
logSys.info("Set failregex = %s" % self.__failRegex)
@@ -435,12 +444,18 @@
+ "this format")
else:
try:
- ipMatch = DNSUtils.textToIp(match.group("host"))
- if ipMatch:
- for ip in ipMatch:
- failList.append([ip, date])
+ allGroups = match.groupdict()
+ hostRe = re.compile('host\d*$')
+ # Select only groups named host\d*
+ hostGroups = filter(lambda x: hostRe.match(x[0]) and x[1],
+ allGroups.iteritems())
+ for hostGroup, hostEntry in hostGroups:
+ ipMatch = DNSUtils.textToIp(hostEntry)
+ if ipMatch:
+ for ip in ipMatch:
+ failList.append([ip, date])
except IndexError:
- logSys.error("There is no 'host' group in the rule. " +
+ logSys.error("There is no 'hostX' group in the rule. " +
"Please correct your configuration.")
return failList

25
debian/patches/10_wuftpd_section.dpatch vendored Executable file
View File

@ -0,0 +1,25 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_wuftpd_section.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.3~/config/filter.d/wuftpd.conf fail2ban-0.7.3/config/filter.d/wuftpd.conf
--- fail2ban-0.7.3~/config/filter.d/wuftpd.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.3/config/filter.d/wuftpd.conf 2006-10-18 01:12:23.000000000 -0400
@@ -0,0 +1,14 @@
+# Fail2Ban configuration file for wuftpd
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT
+#
+failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>

45
debian/patches/X00_rigid_python24.dpatch vendored Executable file
View File

@ -0,0 +1,45 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## rigid_python2.4.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Due to currently default python2.3 we need to hardcode use of python2.4
## DP: for now
@DPATCH@
diff -Naur fail2ban-0.7.1/fail2ban-client fail2ban-0.7.1.modified/fail2ban-client
--- fail2ban-0.7.1/fail2ban-client 2006-08-23 16:56:23.000000000 -0400
+++ fail2ban-0.7.1.modified/fail2ban-client 2006-09-05 00:58:47.000000000 -0400
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.4
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
diff -Naur fail2ban-0.7.1/fail2ban-server fail2ban-0.7.1.modified/fail2ban-server
--- fail2ban-0.7.1/fail2ban-server 2006-08-23 15:51:26.000000000 -0400
+++ fail2ban-0.7.1.modified/fail2ban-server 2006-09-05 00:58:54.000000000 -0400
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.4
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
diff -Naur fail2ban-0.7.1/fail2ban-testcases fail2ban-0.7.1.modified/fail2ban-testcases
--- fail2ban-0.7.1/fail2ban-testcases 2006-08-20 18:53:15.000000000 -0400
+++ fail2ban-0.7.1.modified/fail2ban-testcases 2006-09-05 00:59:18.000000000 -0400
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.4
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
diff -Naur fail2ban-0.7.1/setup.py fail2ban-0.7.1.modified/setup.py
--- fail2ban-0.7.1/setup.py 2006-08-22 18:09:25.000000000 -0400
+++ fail2ban-0.7.1.modified/setup.py 2006-09-05 00:59:06.000000000 -0400
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.4
# This file is part of Fail2Ban.
#

3
debian/rules vendored
View File

@ -60,13 +60,14 @@ binary-indep: install
dh_installdocs
dh_installexamples config/jail.conf
dh_installlogrotate
dh_pycentral
dh_installinit -- defaults 99
dh_installman man/*.1
dh_pycentral
dh_link
dh_compress
dh_fixperms
dh_installdeb
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb