github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

2nd attempt to make a branch for etch

debian-releases/etch
Yaroslav Halchenko 2007-05-02 02:54:38 +00:00
parent 6437998a10 14a2a45dbc
commit d08010c7a5
15 changed files with 431 additions and 376 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
debian/README.Debian vendored
View File

@ -66,7 +66,7 @@ actionstop = iptables -D <fwchain> -j <whitelist>
iptables -D <fwchain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name> iptables -D <fwchain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name> iptables -F fail2ban-<name>
iptables -X fail2ban-<name> iptables -X fail2ban-<name>
actioncheck = iptables -n -L <fwchain> | grep -q fail2ban-<name> actioncheck = iptables -L <fwchain> | grep -q fail2ban-<name>
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
[Init] [Init]
@ -79,32 +79,27 @@ protocol = tcp
* Multiport banning: Comment for the wishlist #373592. * Multiport banning: Comment for the wishlist #373592.
Default iptables rules for banning use --dport statement which allows Default iptables rules for banning use --dport statement which allows to
to ban just a single port. For multiport banning you would need to use ban just a single port. For multiport banning you would need to adjust iptables
iptables-multiport action (just override banaction in jail.local), rules to use multiport module ( -m multiport --dports %(port)s ). If you would
which is present in fail2ban shipped in Debian since 0.7.6-1. like to ban all ports for that host, just redefine fwban/fwunban commands to
don't have --dport %(port)s statement at all (can be redefined on per-section
If you would like to ban all ports for that host, just redefine basis as well)
fwban/fwunban commands to don't have --dport %(port)s statement at Such option is not enabled by default since multiport module might not be
all, or use shorewall, where actionban bans whole IP. compiled for some hand compiled kernels.
iptables-multiport action is not default banaction since multiport
module might not be compiled for some hand compiled kernels.
* Blocking of NEW connections only * Blocking of NEW connections only
Comment for the wishlist #350746. Comment for the wishlist #350746.
It might be benefitial in some cases to ban only new connections. For It might be benefitial in some cases to ban only new connections. For
that just use iptables-new action instead of default banaction that just use iptables-new action instead of default iptables:
/etc/fail2ban/jail.local: /etc/fail2ban/jail.local:
[DEFAULT] [DEFAULT]
banaction=iptables-new action = iptables-new[name=%(__name__)s, port=%(port)s]
(you can override banaction within interesting for you section). or override action within interesting for you section
Also you can redefine the whole action parameter if you like.
Troubleshooting: Troubleshooting:
@ -205,4 +200,4 @@ P.S. Anyone is welcome to recommend proper security solution to this
issue, such as an alternative to sysklogd which allows better control issue, such as an alternative to sysklogd which allows better control
over users logging to specific facilities (such as AUTH) over users logging to specific facilities (such as AUTH)
-- Yaroslav Halchenko <debian@onerussian.com>, Thu, 4 Jan 2007 15:18:39 -0500 -- Yaroslav O. Halchenko <debian@onerussian.com>, Thu, 7 Dec 2006 18:09:36 -0500

96
debian/changelog vendored
View File

@ -1,99 +1,3 @@
fail2ban (0.7.9-1) unstable; urgency=low
* New upstream release
* Updated copyright to include current year
* Removed patches absorbed upstream
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 19 Apr 2007 21:44:28 -0400
fail2ban (0.7.8-1) unstable; urgency=low
* New upstream release
* Applied post-release upstream changes to resolve issues with
- Fix to close opened handlers to log file
- Tentative incomplete gamin fix
- Fix to "reload" bug
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 26 Mar 2007 17:52:23 -0400
fail2ban (0.7.7-1) unstable; urgency=low
* New upstream release (included most of the debian-provided patches -- new
filters and actions)
* Refreshed and made verbatim homepage in description
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 8 Feb 2007 22:20:49 -0500
fail2ban (0.7.6-3) unstable; urgency=low
* Synchronized action.d/iptables-* rules from upstream SVN (closes:
#407561)
* Minor: options renames in the comments to be in sync with upstream
* Use /usr/bin/python interpreter instead of wrapped call to python by
/usr/bin/env
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 19 Jan 2007 10:43:59 -0500
fail2ban (0.7.6-2) unstable; urgency=low
* iptables-multiport is default action to take since Debian kernel arrives
with multiport module. That is to address the fact that most services
listen on multiple port (for encrypted and non-encrypted connections)
* Added [courierauth] jail (First 2 items are to partially address #407404
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 18 Jan 2007 10:35:36 -0500
fail2ban (0.7.6-1) unstable; urgency=low
* New upstream release, which incorporates fixes introduced in 3~pre
non-released versions (which were suggested to the users to overcome
problems reported in bug reports). In particular attention should be paid
to upstream changelog entries
- Several "failregex" and "ignoreregex" are now accepted.
Creation of rules should be easier now.
This is an alternative solution to 'multiple <HOST>' entries fix,
which is not applied to this shipped version - pay caution if upgrading
from 0.7.5-3~pre?
- Allow comma in action options. The value of the option must
be escaped with " or '.
That allowed to implement requested ability to ban multiple ports
at once (See 373592). README.Debian and jail.conf adjusted to reflect
possible use of iptables-mport
- Now Fail2ban goes in /usr/share/fail2ban instead of
/usr/lib/fail2ban. This is more compliant with FHS.
Patch 00_share_insteadof_lib no longer applied
* Refactored installed by debian package jail.conf:
- Added option banaction which is to incorporate banning agent
(usually some flavor of iptables rule), which can then be easily
overriden globally or per section
- Multiple actions are defined as action_* to serve as shortcuts
* Initd script was modified to inform about present socket file which
would forbid fail2ban-server from starting
* Adjusted default log file for postfix to be /var/log/mail.log
(Closes: #404921)
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 4 Jan 2007 15:24:52 -0500
fail2ban (0.7.5-3~pre6) unstable; urgency=low
* Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
(Closes: #404060)
* Made fail2ban-server tollerate multiple <HOST> entries in failregex
* Moved call to dh_pycentral before dh_installinit
* Removed unnecessary call of dh_shlibdeps
* Added filter ssh-ddos to fight DDOS attacks. Must be used with caution
if there is a possibility of valid clients accessing through
unreliable connection or faulty firewall (Closes: #404487)
* Not applying patch any more for rigid python2.4 - it is default now in
sid/etch
* Moving waiting loop for fail2ban-server to stop under do_stop
function, so it gets invoked by both 'restart' and 'stop' commands
* do_status action of init script is now using 'fail2ban-client ping'
instead of '... status' since we don't really use returned status
information, besides the return error code
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 26 Dec 2006 21:56:58 -0500
fail2ban (0.7.5-2) unstable; urgency=low fail2ban (0.7.5-2) unstable; urgency=low
* NEWS.Debian confusions - the latest NEWS entry and postinst message were * NEWS.Debian confusions - the latest NEWS entry and postinst message were

2
debian/control vendored
View File

@ -25,5 +25,5 @@ Description: bans IPs that cause multiple authentication errors
fail2ban can be adopted to be used with a variety of files and fail2ban can be adopted to be used with a variety of files and
firewalls. firewalls.
. .
Homepage: http://www.fail2ban.org Homepage: http://www.sourceforge.net/projects/fail2ban

2
debian/copyright vendored
View File

@ -6,7 +6,7 @@ It was downloaded from http://www.sourceforge.net/projects/fail2ban
Author: Cyril Jaquier: <lostcontrol@users.sourceforge.net> Author: Cyril Jaquier: <lostcontrol@users.sourceforge.net>
http://fail2ban.sourceforge.net http://fail2ban.sourceforge.net
Copyright: 2004, 2005, 2006, 2007 Cyril Jaquier Copyright: 2004, 2005, 2006 Cyril Jaquier
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by

118
debian/fail2ban.init vendored
View File

@ -23,13 +23,9 @@ NAME=fail2ban
# fail2ban-client is not a daemon itself but starts a daemon and # fail2ban-client is not a daemon itself but starts a daemon and
# loads its with configuration # loads its with configuration
DAEMON=/usr/bin/$NAME-client DAEMON=/usr/bin/$NAME-client
SOCKFILE=/tmp/$NAME.sock
SCRIPTNAME=/etc/init.d/$NAME SCRIPTNAME=/etc/init.d/$NAME
# Ad-hoc way to parse out socket file name
SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.local 2>/dev/null \
| tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
[ -z "$SOCKFILE" ] && SOCKFILE='/tmp/fail2ban.sock'
# Exit if the package is not installed # Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0 [ -x "$DAEMON" ] || exit 0
@ -54,6 +50,21 @@ log_daemon_msg () {
# so we must be ok # so we must be ok
. /lib/lsb/init-functions . /lib/lsb/init-functions
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
do_status && return 1
start-stop-daemon --start --quiet --chuid root --exec $DAEMON -- \
$DAEMON_ARGS start > /dev/null\
|| return 2
}
# #
# Shortcut function for abnormal init script interruption # Shortcut function for abnormal init script interruption
# #
@ -64,55 +75,30 @@ report_bug()
exit 1 exit 1
} }
#
# Helper function to check if socket is present, which is often left after
# abnormal exit of fail2ban and needs to be removed
#
check_socket()
{
# Return
# 0 if socket is present and readable
# 1 if socket file is not present
# 2 if socket file is present but not readable
# 3 if socket file is present but is not a socket
[ -e "$SOCKFILE" ] || return 1
[ -r "$SOCKFILE" ] || return 2
[ -S "$SOCKFILE" ] || return 3
return 0
}
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
do_status && return 1
if [ -e "$SOCKFILE" ]; then
log_failure_msg "Socket file $SOCKFILE is present"
return 2
fi
start-stop-daemon --start --quiet --chuid root --exec $DAEMON -- \
$DAEMON_ARGS start > /dev/null\
|| return 2
return 0
}
# #
# Function that checks the status of fail2ban and returns # Function that checks the status of fail2ban and returns
# corresponding code # corresponding code
# #
do_status() do_status()
{ {
$DAEMON ping > /dev/null $DAEMON status > /dev/null
return $? case $? in
0) return 0
;;
255)
if [ -S $SOCKFILE ]; then
if [ -r $SOCKFILE ]; then
return 1
else
return 4
fi
else
return 3
fi
;;
*)
report_bug "Unknown return code from fail2ban."
esac
} }
# #
@ -127,17 +113,6 @@ do_stop()
# other if a failure occurred # other if a failure occurred
$DAEMON status > /dev/null || return 1 $DAEMON status > /dev/null || return 1
$DAEMON stop > /dev/null || return 2 $DAEMON stop > /dev/null || return 2
# now we need actually to wait a bit since it might take time
# for server to react on client's stop request. Especially
# important for restart command on slow boxes
count=1
while do_status && [ $count -lt 60 ]; do
sleep 1
count=$(($count+1))
done
[ $count -lt 60 ] || return 3 # failed to stop
return 0 return 0
} }
@ -175,6 +150,16 @@ case "$1" in
do_stop do_stop
case "$?" in case "$?" in
0|1) 0|1)
# now we need actually to wait a bit since it might take time
# for server to react on client's stop request
count=1
while do_status && [ $count -lt 10 ]; do
sleep 1
count=$(($count+1))
done
[ $count -lt 10 ] || log_end_msg 1 # failed to stop
do_start do_start
log_end_msg_wrapper $? 1 log_end_msg_wrapper $? 1
;; ;;
@ -196,17 +181,10 @@ case "$1" in
do_status do_status
case $? in case $? in
0) log_success_msg " $NAME is running" ;; 0) log_success_msg " $NAME is running" ;;
255) 1) log_failure_msg " $NAME is not running but $SOCKFILE exists" ;;
check_socket 3) log_warning_msg " $NAME is not running" ;;
case $? in 4) log_failure_msg " $SOCKFILE not readable, status of $NAME unknown";;
1) log_warning_msg " $NAME is not running" ;; *) report_bug "Unknown status code"
0) log_failure_msg " $NAME is not running but $SOCKFILE exists" ;;
2) log_failure_msg " $SOCKFILE not readable, status of $NAME is unknown";;
3) log_failure_msg " $SOCKFILE exists but not a socket, status of $NAME is unknown";;
*) report_bug "Unknown return code from $NAME:check_socket.";;
esac
;;
*) report_bug "Unknown $NAME status code"
esac esac
;; ;;
*) *)

105
debian/jail.conf vendored
View File

@ -33,69 +33,40 @@ backend = polling
# jail.{conf,local} configuration files. # jail.{conf,local} configuration files.
destemail = root@localhost destemail = root@localhost
# # Default action to take: ban only
# ACTIONS action = iptables[name=%(__name__)s, port=%(port)s]
#
# Default banning action (e.g. iptables, iptables-new, # Following actions can be chosen as an alternatives to the above action.
# iptables-multiport, shorewall, etc) It is used to define # To activate, just copy/paste+uncomment chosen 2 (excluding comments) lines
# action_* variables. Can be overriden globally or per # into jail.local
# section within jail.local file
banaction = iptables-multiport
# Default action to take: ban & send an e-mail with whois report
#
# Action shortcuts. To be used to define action parameter
# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s"]
# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s"]
mail-whois[name=%(__name__)s, dest="%(destemail)s"]
# ban & send an e-mail with whois report and relevant log lines
# to the destemail. # to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s"] # action = iptables[name=%(__name__)s, port=%(port)s]
mail-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s] # mail-whois[name=%(__name__)s, dest=%(destemail)s]
# Choose default action. To change, just override value of 'action' with the # Default action to take: ban & send an e-mail with whois report
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local # and relevant log lines to the destemail.
# globally (section [DEFAULT]) or per specific section # action = iptables[name=%(__name__)s, port=%(port)s]
action = %(action_)s # mail-whois-lines[name=%(__name__)s, dest=%(destemail)s, logpath=%(logpath)s]
# # Next jails corresponds to the standard configuration in Fail2ban 0.6
# JAILS # which was shipped in Debian. Please enable any defined here jail by including
#
# Next jails corresponds to the standard configuration in Fail2ban 0.6 which
# was shipped in Debian. Please enable any defined here jail by including
# #
# [SECTION_NAME] # [SECTION_NAME]
# enabled = true # enabled = true
# #
# in /etc/fail2ban/jail.local. # in /etc/fail2ban/jail.local.
# #
# Optionally you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local
[ssh] [ssh]
enabled = true enabled = true
port = ssh,sftp port = ssh
filter = sshd filter = sshd
logpath = /var/log/auth.log logpath = /var/log/auth.log
maxretry = 6 maxretry = 6
[ssh-ddos]
enabled = false
port = ssh,sftp
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 6
# #
# HTTP servers # HTTP servers
# #
@ -103,25 +74,16 @@ maxretry = 6
[apache] [apache]
enabled = false enabled = false
port = http,https port = http
filter = apache-auth filter = apache-auth
logpath = /var/log/apache*/*access.log logpath = /var/log/apache*/*access.log
maxretry = 6 maxretry = 6
# default action is now multiport, so apache-multiport jail was left
# for compatibility with previous (<0.7.6-2) releases
[apache-multiport]
enabled = false
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*access.log
maxretry = 6
[apache-noscript] [apache-noscript]
enabled = false enabled = false
port = http,https port = http
filter = apache-noscript filter = apache-noscript
logpath = /var/log/apache*/*error.log logpath = /var/log/apache*/*error.log
maxretry = 6 maxretry = 6
@ -133,20 +95,16 @@ maxretry = 6
[vsftpd] [vsftpd]
enabled = false enabled = false
port = ftp,ftp-data,ftps,ftps-data port = ftp
filter = vsftpd filter = vsftpd
logpath = /var/log/vsftpd.log logpath = /var/log/auth.log
# or overwrite it in jails.local to be
# logpath = /var/log/auth.log
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
maxretry = 6 maxretry = 6
[proftpd] [proftpd]
enabled = false enabled = false
port = ftp,ftp-data,ftps,ftps-data port = ftp
filter = proftpd filter = proftpd
logpath = /var/log/proftpd/proftpd.log logpath = /var/log/proftpd/proftpd.log
maxretry = 6 maxretry = 6
@ -155,7 +113,7 @@ maxretry = 6
[wuftpd] [wuftpd]
enabled = false enabled = false
port = ftp,ftp-data,ftps,ftps-data port = ftp
filter = wuftpd filter = wuftpd
logpath = /var/log/auth.log logpath = /var/log/auth.log
maxretry = 6 maxretry = 6
@ -168,35 +126,22 @@ maxretry = 6
[postfix] [postfix]
enabled = false enabled = false
port = smtp,ssmtp port = smtp
filter = postfix filter = postfix
logpath = /var/log/mail.log logpath = /var/log/postfix.log
[couriersmtp] [couriersmtp]
enabled = false enabled = false
port = smtp,ssmtp port = smtp
filter = couriersmtp filter = couriersmtp
logpath = /var/log/mail.log logpath = /var/log/mail.log
#
# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned
#
[courierauth]
enabled = false
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = courierlogin
logpath = /var/log/mail.log
[sasl] [sasl]
enabled = false enabled = false
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s port = smtp
filter = sasl filter = sasl
logpath = /var/log/mail.log logpath = /var/log/mail.log

83
debian/patches/00_iptables_NEW.dpatch vendored Executable file
View File

@ -0,0 +1,83 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_iptables_NEW.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.4~/config/action.d/iptables-new.conf fail2ban-0.7.4/config/action.d/iptables-new.conf
--- fail2ban-0.7.4~/config/action.d/iptables-new.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.4/config/action.d/iptables-new.conf 2006-11-10 18:01:27.000000000 -0500
@@ -0,0 +1,72 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Copied from iptables.conf and modified by Yaroslav Halchenko
+# to fullfill the needs of bugreporter dbts#350746.
+#
+# $Revision: 394 $
+#
+
+[Definition]
+
+# Option: fwstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = iptables -N fail2ban-<name>
+ iptables -A fail2ban-<name> -j RETURN
+ iptables -I INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+
+# Option: fwend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = iptables -D INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+ iptables -F fail2ban-<name>
+ iptables -X fail2ban-<name>
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Values: CMD
+#
+actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
+
+# Option: fwban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <failtime> unix timestamp of the last failure
+# <bantime> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+
+# Option: fwunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <bantime> unix timestamp of the ban time
+# <unbantime> unix timestamp of the unban time
+# Values: CMD
+#
+actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option: port
+# Notes.: specifies port to monitor
+# Values: [ NUM | STRING ] Default:
+#
+port = ssh
+
+# Option: protocol
+# Notes.: internally used by config reader for interpolations.
+# Values: [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+

130
debian/patches/00_mail-whois-lines.dpatch vendored
View File

@ -6,56 +6,82 @@
## DP: abuser IP over the log files ## DP: abuser IP over the log files
@DPATCH@ @DPATCH@
diff -urNad fail2ban-0.7.7~/config/action.d/mail-whois-lines.conf fail2ban-0.7.7/config/action.d/mail-whois-lines.conf diff -urNad fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf fail2ban-0.7.5/config/action.d/mail-whois-lines.conf
--- fail2ban-0.7.7~/config/action.d/mail-whois-lines.conf 2007-01-08 16:40:40.000000000 -0500 --- fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.7/config/action.d/mail-whois-lines.conf 2007-02-08 22:07:12.000000000 -0500 +++ fail2ban-0.7.5/config/action.d/mail-whois-lines.conf 2006-12-10 18:27:46.000000000 -0500
@@ -2,12 +2,12 @@ @@ -0,0 +1,75 @@
# +# Fail2Ban configuration file
# Author: Cyril Jaquier +#
# Modified-By: Yaroslav Halchenko to include grepping on IP over log files +# Author: Cyril Jaquier
-# $Revision: 520 $ +# Modified-By: Yaroslav Halchenko to include grepping on IP over log files
+# $Revision: 254 $ +# $Revision: 254 $
# +#
+
[Definition] +[Definition]
+
-# Option: fwstart +# Option: fwstart
+# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban.
# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD
# Values: CMD +#
# +actionstart = echo -en "Hi,\n
@@ -16,7 +16,7 @@ + The jail <name> has been started successfuly.\n
Regards,\n + Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> + Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
+
-# Option: fwend +# Option: fwend
+# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban
# Notes.: command executed once at the end of Fail2Ban +# Values: CMD
# Values: CMD +#
# +actionstop = echo -en "Hi,\n
@@ -25,13 +25,13 @@ + The jail <name> has been stopped.\n
Regards,\n + Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> + Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
+
-# Option: fwcheck +# Option: fwcheck
-# Notes.: command executed once before each fwban command +# Notes.: command executed once before each fwban command
+# Option: actioncheck +# Values: CMD
+# Notes.: command executed once before each actionban command +#
# Values: CMD +actioncheck =
# +
actioncheck = +# Option: fwban
+# Notes.: command executed when banning an IP. Take care that the
-# Option: fwban +# command is executed with Fail2Ban user rights.
+# Option: actionban +# Tags: <ip> IP address
# Notes.: command executed when banning an IP. Take care that the +# <failures> number of failures
# command is executed with Fail2Ban user rights. +# <failtime> unix timestamp of the last failure
# Tags: <ip> IP address +# <bantime> unix timestamp of the ban time
@@ -50,7 +50,7 @@ +# Values: CMD
Regards,\n +#
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest> +actionban = echo -en "Hi,\n
+ The IP <ip> has just been banned by Fail2Ban after
-# Option: fwunban + <failures> attempts against <name>.\n\n
+# Option: actionunban + Here are more information about <ip>:\n
# Notes.: command executed when unbanning an IP. Take care that the + `whois <ip>`\n\n
# command is executed with Fail2Ban user rights. + Lines containing IP:<ip> in <logpath>\n
# Tags: <ip> IP address + `grep '\<<ip>\>' <logpath>`\n\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
+
+# Option: fwunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <bantime> unix timestamp of the ban time
+# <unbantime> unix timestamp of the unban time
+# Values: CMD
+#
+actionunban =
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destinataire of the mail
+#
+dest = root
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null

84
debian/patches/00_share_insteadof_lib.dpatch vendored Executable file
View File

@ -0,0 +1,84 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_share_insteadof_lib.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.5~/fail2ban-client fail2ban-0.7.5/fail2ban-client
--- fail2ban-0.7.5~/fail2ban-client 2006-12-07 20:59:15.000000000 -0500
+++ fail2ban-0.7.5/fail2ban-client 2006-12-07 20:59:15.000000000 -0500
@@ -30,7 +30,7 @@
# Inserts our own modules path first in the list
# fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
# Now we can import our modules
from common.version import version
diff -urNad fail2ban-0.7.5~/fail2ban-regex fail2ban-0.7.5/fail2ban-regex
--- fail2ban-0.7.5~/fail2ban-regex 2006-11-16 15:59:47.000000000 -0500
+++ fail2ban-0.7.5/fail2ban-regex 2006-12-07 20:59:15.000000000 -0500
@@ -29,7 +29,7 @@
# Inserts our own modules path first in the list
# fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
from common.version import version
from server.filter import Filter
diff -urNad fail2ban-0.7.5~/fail2ban-server fail2ban-0.7.5/fail2ban-server
--- fail2ban-0.7.5~/fail2ban-server 2006-12-07 20:59:15.000000000 -0500
+++ fail2ban-0.7.5/fail2ban-server 2006-12-07 20:59:15.000000000 -0500
@@ -29,7 +29,7 @@
# Inserts our own modules path first in the list
# fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
from common.version import version
from server.server import Server
diff -urNad fail2ban-0.7.5~/fail2ban-testcases fail2ban-0.7.5/fail2ban-testcases
--- fail2ban-0.7.5~/fail2ban-testcases 2006-12-07 20:59:15.000000000 -0500
+++ fail2ban-0.7.5/fail2ban-testcases 2006-12-07 20:59:15.000000000 -0500
@@ -30,7 +30,7 @@
# Inserts our own modules path first in the list
# fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
from common.version import version
from testcases import banmanagertestcase
diff -urNad fail2ban-0.7.5~/setup.cfg fail2ban-0.7.5/setup.cfg
--- fail2ban-0.7.5~/setup.cfg 2006-11-01 16:08:43.000000000 -0500
+++ fail2ban-0.7.5/setup.cfg 2006-12-07 20:59:15.000000000 -0500
@@ -1,5 +1,5 @@
[install]
-install-purelib=/usr/lib/fail2ban
+install-purelib=/usr/share/fail2ban
[sdist]
formats=bztar
diff -urNad fail2ban-0.7.5~/setup.py fail2ban-0.7.5/setup.py
--- fail2ban-0.7.5~/setup.py 2006-12-07 20:59:15.000000000 -0500
+++ fail2ban-0.7.5/setup.py 2006-12-07 21:10:02.000000000 -0500
@@ -84,13 +84,13 @@
[
"fail2ban.py"
],
- "/usr/lib/fail2ban/firewall/":
+ "/usr/share/fail2ban/firewall/":
[
"iptables.py",
"ipfwadm.py",
"ipfw.py"
],
- "/usr/lib/fail2ban/":
+ "/usr/share/fail2ban/":
[
"version.py",
"protocol.py"

6
debian/patches/00list vendored
View File

@ -1,2 +1,6 @@
00_mail-whois-lines X00_rigid_python24
00_share_insteadof_lib
00_iptables_NEW
10_dbts_manpages 10_dbts_manpages
10_wuftpd_section
00_mail-whois-lines

19
debian/patches/01_apache2_other.dpatch vendored Normal file
View File

@ -0,0 +1,19 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 01_apache2_other.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Tiny patch to mention apache2 possibility
@DPATCH@
diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.iptables fail2ban-0.6.1.post/config/fail2ban.conf.iptables
--- fail2ban-0.6.1.pre/config/fail2ban.conf.iptables 2006-05-27 23:23:51.000000000 -0400
+++ fail2ban-0.6.1.post/config/fail2ban.conf.iptables 2006-05-27 23:27:30.000000000 -0400
@@ -270,6 +270,7 @@
# Option: logfile
# Notes.: logfile to monitor.
# Values: FILE
+# Other.: /var/log/apache2/error.log
#
logfile = /var/log/apache/error.log

54
debian/patches/10_multiple_HOST_regexp.dpatch vendored
View File

@ -1,54 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_multiple_HOST_regexp.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.5~/server/filter.py fail2ban-0.7.5/server/filter.py
--- fail2ban-0.7.5~/server/filter.py 2006-11-26 15:37:31.000000000 -0500
+++ fail2ban-0.7.5/server/filter.py 2006-12-22 13:30:25.000000000 -0500
@@ -170,8 +170,17 @@
self.__failRegex = value
self.__failRegexObj = None
else:
- # Replace "<HOST>" with default regular expression for host.
- regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
+ # Replace "<HOST>"s with regular expression for a hostname,
+ # naming groups hostX where X is a number starting with 1
+ regex = value
+ oldregex = ''; k = 0
+ while ( regex != oldregex ):
+ oldregex = regex
+ k += 1
+ regex = regex.replace("<HOST>",
+ "(?:::f{4,6}:)?(?P<host%d>\S+)" % k,
+ 1)
+
self.__failRegex = regex
self.__failRegexObj = re.compile(regex)
logSys.info("Set failregex = %s" % self.__failRegex)
@@ -435,12 +444,18 @@
+ "this format")
else:
try:
- ipMatch = DNSUtils.textToIp(match.group("host"))
- if ipMatch:
- for ip in ipMatch:
- failList.append([ip, date])
+ allGroups = match.groupdict()
+ hostRe = re.compile('host\d*$')
+ # Select only groups named host\d*
+ hostGroups = filter(lambda x: hostRe.match(x[0]) and x[1],
+ allGroups.iteritems())
+ for hostGroup, hostEntry in hostGroups:
+ ipMatch = DNSUtils.textToIp(hostEntry)
+ if ipMatch:
+ for ip in ipMatch:
+ failList.append([ip, date])
except IndexError:
- logSys.error("There is no 'host' group in the rule. " +
+ logSys.error("There is no 'hostX' group in the rule. " +
"Please correct your configuration.")
return failList

25
debian/patches/10_wuftpd_section.dpatch vendored Executable file
View File

@ -0,0 +1,25 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_wuftpd_section.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.3~/config/filter.d/wuftpd.conf fail2ban-0.7.3/config/filter.d/wuftpd.conf
--- fail2ban-0.7.3~/config/filter.d/wuftpd.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.3/config/filter.d/wuftpd.conf 2006-10-18 01:12:23.000000000 -0400
@@ -0,0 +1,14 @@
+# Fail2Ban configuration file for wuftpd
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision: $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT
+#
+failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>

45
debian/patches/X00_rigid_python24.dpatch vendored Executable file
View File

@ -0,0 +1,45 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## rigid_python2.4.dpatch by <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Due to currently default python2.3 we need to hardcode use of python2.4
## DP: for now
@DPATCH@
diff -Naur fail2ban-0.7.1/fail2ban-client fail2ban-0.7.1.modified/fail2ban-client
--- fail2ban-0.7.1/fail2ban-client 2006-08-23 16:56:23.000000000 -0400
+++ fail2ban-0.7.1.modified/fail2ban-client 2006-09-05 00:58:47.000000000 -0400
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.4
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
diff -Naur fail2ban-0.7.1/fail2ban-server fail2ban-0.7.1.modified/fail2ban-server
--- fail2ban-0.7.1/fail2ban-server 2006-08-23 15:51:26.000000000 -0400
+++ fail2ban-0.7.1.modified/fail2ban-server 2006-09-05 00:58:54.000000000 -0400
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.4
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
diff -Naur fail2ban-0.7.1/fail2ban-testcases fail2ban-0.7.1.modified/fail2ban-testcases
--- fail2ban-0.7.1/fail2ban-testcases 2006-08-20 18:53:15.000000000 -0400
+++ fail2ban-0.7.1.modified/fail2ban-testcases 2006-09-05 00:59:18.000000000 -0400
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.4
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
diff -Naur fail2ban-0.7.1/setup.py fail2ban-0.7.1.modified/setup.py
--- fail2ban-0.7.1/setup.py 2006-08-22 18:09:25.000000000 -0400
+++ fail2ban-0.7.1.modified/setup.py 2006-09-05 00:59:06.000000000 -0400
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.4
# This file is part of Fail2Ban.
#

3
debian/rules vendored
View File

@ -60,13 +60,14 @@ binary-indep: install
dh_installdocs dh_installdocs
dh_installexamples config/jail.conf dh_installexamples config/jail.conf
dh_installlogrotate dh_installlogrotate
dh_pycentral
dh_installinit -- defaults 99 dh_installinit -- defaults 99
dh_installman man/*.1 dh_installman man/*.1
dh_pycentral
dh_link dh_link
dh_compress dh_compress
dh_fixperms dh_fixperms
dh_installdeb dh_installdeb
dh_shlibdeps
dh_gencontrol dh_gencontrol
dh_md5sums dh_md5sums
dh_builddeb dh_builddeb