Merge branch 'upstream' into debian-release

* upstream:
  for 0.8.5 release -- changelog + version
  BF: use addfailregex instead of failregex while processing per-jail "failregex" parameter (Closes: #635830) (LP: #635036)
  BF: use os.path.join to generate full path - fixes includes in configs given local filename
  very minor -- uniform indentation in example
  BF: use standard/reserved example.com instead of mail.com
  ENH: Adding author for dovecot filter and prunning unneeded space in the regexp
pull/23/head
Yaroslav Halchenko 2011-07-28 23:08:08 -04:00
commit d7dd84be01
8 changed files with 62 additions and 24 deletions

View File

@ -4,9 +4,47 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
Fail2Ban (version 0.8.4) 2009/09/07
Fail2Ban (version 0.8.5) 2011/07/28
================================================================================
ver. 0.8.5 (2011/07/28) - stable
----------
- Fix: use addfailregex instead of failregex while processing per-jail
"failregex" parameter (Fixed Debian bug #635830, LP: #635036). Thanks to
Marat Khayrullin for the patch and Daniel T Chen for forwarding to
Debian.
- Fix: use os.path.join to generate full path - fixes includes in configs
given local filename (5 weeks ago) [yarikoptic]
- Fix: allowed for trailing spaces in proftpd logs
- Fix: escaped () in pure-ftpd filter. Thanks to Teodor
- Fix: allowed space in the trailing of failregex for sasl.conf:
see http://bugs.debian.org/573314
- Fix: use /var/run/fail2ban instead of /tmp for temp files in actions:
see http://bugs.debian.org/544232
- Fix: Tai64N stores time in GMT, needed to convert to local time before
returning
- Fix: disabled named-refused-udp jail entirely with a big fat warning
- Fix: added time module. Bug reported in buanzo's blog:
see http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
- Fix: Patch to make log file descriptors cloexec to stop leaking file
descriptors on fork/exec. Thanks to Jonathan Underwood:
see https://bugzilla.redhat.com/show_bug.cgi?id=230191#c24
- Enhancement: added author for dovecot filter and pruned unneeded space
in the regexp
- Enhancement: proftpd filter -- if login failed -- count regardless of the
reason for failure
- Enhancement: added <chain> to action.d/iptables*. Thanks to Matthijs Kooijman:
see http://bugs.debian.org/515599
- Enhancement: added filter.d/dovecot.conf from Martin Waschbuesch
- Enhancement: made filter.d/apache-overflows.conf catch more:
see http://bugs.debian.org/574182
- Enhancement: added dropbear filter from Francis Russell and Zak B. Elep:
see http://bugs.debian.org/546913
- Enhancement: changed default ignoreip to ignore entire loopback zone (/8):
see http://bugs.debian.org/598200
- Minor: spell-checked jail.conf. Thanks to Christoph Anton Mitterer
- Few minor cosmetic changes
ver. 0.8.4 (2009/09/07) - stable
----------
- Check the inode number for rotation in addition to checking the first line of

2
README
View File

@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
Fail2Ban (version 0.8.4) 2009/09/07
Fail2Ban (version 0.8.5) 2011/07/26
================================================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many

View File

@ -43,7 +43,7 @@ class SafeConfigParserWithIncludes(SafeConfigParser):
[INCLUDES]
before = 1.conf
3.conf
3.conf
after = 1.conf
@ -54,8 +54,8 @@ after = 1.conf
the tree.
I wasn't sure what would be the right way to implement generic (aka c++
template) so we could base at any *configparser class... so I will
leave it for the future
template) so we could base at any *configparser class... so I will
leave it for the future
"""
@ -86,7 +86,7 @@ after = 1.conf
if os.path.isabs(newResource):
r = newResource
else:
r = "%s/%s" % (resourceDir, newResource)
r = os.path.join(resourceDir, newResource)
if r in seen:
continue
s = seen + [resource]

View File

@ -120,7 +120,7 @@ class JailReader(ConfigReader):
elif opt == "bantime":
stream.append(["set", self.__name, "bantime", self.__opts[opt]])
elif opt == "failregex":
stream.append(["set", self.__name, "failregex", self.__opts[opt]])
stream.append(["set", self.__name, "addfailregex", self.__opts[opt]])
elif opt == "ignoreregex":
for regex in self.__opts[opt].split('\n'):
# Do not send a command if the rule is empty.

View File

@ -21,7 +21,7 @@
__author__ = "Cyril Jaquier"
__version__ = "$Revision: 754 $"
__date__ = "$Date: 2009-09-07 21:13:45 +0200 (Mon, 07 Sep 2009) $"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011 Yaroslav Halchenko"
__license__ = "GPL"
version = "0.8.4-SVN"
version = "0.8.5"

View File

@ -1,6 +1,6 @@
# Fail2Ban configuration file for dovcot
#
# Author:
# Author: Martin Waschbuesch
#
# $Revision: $
#
@ -14,7 +14,7 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = .*(?: pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.

View File

@ -45,7 +45,7 @@ backend = auto
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
logpath = /var/log/sshd.log
maxretry = 5
@ -54,7 +54,7 @@ maxretry = 5
enabled = false
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=ProFTPD, dest=you@mail.com]
sendmail-whois[name=ProFTPD, dest=you@example.com]
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
@ -66,7 +66,7 @@ enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=you@mail.com]
sendmail-whois[name=sasl, dest=you@example.com]
logpath = /var/log/mail.log
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
@ -77,7 +77,7 @@ logpath = /var/log/mail.log
enabled = false
filter = sshd
action = hostsdeny
sendmail-whois[name=SSH, dest=you@mail.com]
sendmail-whois[name=SSH, dest=you@example.com]
ignoreregex = for myuser from
logpath = /var/log/sshd.log
@ -101,7 +101,7 @@ maxretry = 6
enabled = false
filter = postfix
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
sendmail[name=Postfix, dest=you@mail.com]
sendmail[name=Postfix, dest=you@example.com]
logpath = /var/log/postfix.log
bantime = 300
@ -112,7 +112,7 @@ bantime = 300
enabled = false
filter = vsftpd
action = sendmail-whois[name=VSFTPD, dest=you@mail.com]
action = sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
@ -124,7 +124,7 @@ bantime = 1800
enabled = false
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=VSFTPD, dest=you@mail.com]
sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
@ -137,7 +137,7 @@ bantime = 1800
enabled = false
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com]
sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
logpath = /var/www/*/logs/access_log
bantime = 172800
maxretry = 1
@ -149,7 +149,7 @@ maxretry = 1
enabled = false
filter = apache-noscript
action = shorewall
sendmail[name=Postfix, dest=you@mail.com]
sendmail[name=Postfix, dest=you@example.com]
logpath = /var/log/apache2/error_log
# Ban attackers that try to use PHP's URL-fopen() functionality
@ -190,7 +190,7 @@ maxretry = 2
enabled = false
filter = sshd
action = ipfw[localhost=192.168.0.1]
sendmail-whois[name="SSH,IPFW", dest=you@mail.com]
sendmail-whois[name="SSH,IPFW", dest=you@example.com]
logpath = /var/log/auth.log
ignoreip = 168.192.0.1
@ -224,7 +224,7 @@ ignoreip = 168.192.0.1
# enabled = false
# filter = named-refused
# action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
# sendmail-whois[name=Named, dest=you@mail.com]
# sendmail-whois[name=Named, dest=you@example.com]
# logpath = /var/log/named/security.log
# ignoreip = 168.192.0.1
@ -235,7 +235,7 @@ ignoreip = 168.192.0.1
enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
sendmail-whois[name=Named, dest=you@mail.com]
sendmail-whois[name=Named, dest=you@example.com]
logpath = /var/log/named/security.log
ignoreip = 168.192.0.1

2
files/nagios/check_fail2ban Normal file → Executable file
View File

@ -99,7 +99,7 @@ elif [ $final_exit -ne "0" ]; then
# put a txt file on your server and describe how to fix the issue, this
# could be attached to the mail.
######################################################################
# mutt -s "FAIL2BAN NOT WORKING" your@email.com < /home/f2ban.txt
# mutt -s "FAIL2BAN NOT WORKING" your@example.com < /home/f2ban.txt
exitstatus=$STATE_CRITICAL
fi