diff --git a/ChangeLog b/ChangeLog index 613c05a6..3e117667 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,9 +4,47 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ================================================================================ -Fail2Ban (version 0.8.4) 2009/09/07 +Fail2Ban (version 0.8.5) 2011/07/28 ================================================================================ +ver. 0.8.5 (2011/07/28) - stable +---------- +- Fix: use addfailregex instead of failregex while processing per-jail + "failregex" parameter (Fixed Debian bug #635830, LP: #635036). Thanks to + Marat Khayrullin for the patch and Daniel T Chen for forwarding to + Debian. +- Fix: use os.path.join to generate full path - fixes includes in configs + given local filename (5 weeks ago) [yarikoptic] +- Fix: allowed for trailing spaces in proftpd logs +- Fix: escaped () in pure-ftpd filter. Thanks to Teodor +- Fix: allowed space in the trailing of failregex for sasl.conf: + see http://bugs.debian.org/573314 +- Fix: use /var/run/fail2ban instead of /tmp for temp files in actions: + see http://bugs.debian.org/544232 +- Fix: Tai64N stores time in GMT, needed to convert to local time before + returning +- Fix: disabled named-refused-udp jail entirely with a big fat warning +- Fix: added time module. Bug reported in buanzo's blog: + see http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html +- Fix: Patch to make log file descriptors cloexec to stop leaking file + descriptors on fork/exec. Thanks to Jonathan Underwood: + see https://bugzilla.redhat.com/show_bug.cgi?id=230191#c24 +- Enhancement: added author for dovecot filter and pruned unneeded space + in the regexp +- Enhancement: proftpd filter -- if login failed -- count regardless of the + reason for failure +- Enhancement: added to action.d/iptables*. Thanks to Matthijs Kooijman: + see http://bugs.debian.org/515599 +- Enhancement: added filter.d/dovecot.conf from Martin Waschbuesch +- Enhancement: made filter.d/apache-overflows.conf catch more: + see http://bugs.debian.org/574182 +- Enhancement: added dropbear filter from Francis Russell and Zak B. Elep: + see http://bugs.debian.org/546913 +- Enhancement: changed default ignoreip to ignore entire loopback zone (/8): + see http://bugs.debian.org/598200 +- Minor: spell-checked jail.conf. Thanks to Christoph Anton Mitterer +- Few minor cosmetic changes + ver. 0.8.4 (2009/09/07) - stable ---------- - Check the inode number for rotation in addition to checking the first line of diff --git a/README b/README index 9005158e..fb6f3d2b 100644 --- a/README +++ b/README @@ -4,7 +4,7 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ================================================================================ -Fail2Ban (version 0.8.4) 2009/09/07 +Fail2Ban (version 0.8.5) 2011/07/26 ================================================================================ Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many diff --git a/client/configparserinc.py b/client/configparserinc.py index 59253c13..96518008 100644 --- a/client/configparserinc.py +++ b/client/configparserinc.py @@ -43,7 +43,7 @@ class SafeConfigParserWithIncludes(SafeConfigParser): [INCLUDES] before = 1.conf - 3.conf + 3.conf after = 1.conf @@ -54,8 +54,8 @@ after = 1.conf the tree. I wasn't sure what would be the right way to implement generic (aka c++ - template) so we could base at any *configparser class... so I will - leave it for the future + template) so we could base at any *configparser class... so I will + leave it for the future """ @@ -86,7 +86,7 @@ after = 1.conf if os.path.isabs(newResource): r = newResource else: - r = "%s/%s" % (resourceDir, newResource) + r = os.path.join(resourceDir, newResource) if r in seen: continue s = seen + [resource] diff --git a/client/jailreader.py b/client/jailreader.py index c77aad57..74bcfc3e 100644 --- a/client/jailreader.py +++ b/client/jailreader.py @@ -120,7 +120,7 @@ class JailReader(ConfigReader): elif opt == "bantime": stream.append(["set", self.__name, "bantime", self.__opts[opt]]) elif opt == "failregex": - stream.append(["set", self.__name, "failregex", self.__opts[opt]]) + stream.append(["set", self.__name, "addfailregex", self.__opts[opt]]) elif opt == "ignoreregex": for regex in self.__opts[opt].split('\n'): # Do not send a command if the rule is empty. diff --git a/common/version.py b/common/version.py index d4a53411..b0e16503 100644 --- a/common/version.py +++ b/common/version.py @@ -21,7 +21,7 @@ __author__ = "Cyril Jaquier" __version__ = "$Revision: 754 $" __date__ = "$Date: 2009-09-07 21:13:45 +0200 (Mon, 07 Sep 2009) $" -__copyright__ = "Copyright (c) 2004 Cyril Jaquier" +__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011 Yaroslav Halchenko" __license__ = "GPL" -version = "0.8.4-SVN" +version = "0.8.5" diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf index 5392d3a9..88888ddd 100644 --- a/config/filter.d/dovecot.conf +++ b/config/filter.d/dovecot.conf @@ -1,6 +1,6 @@ # Fail2Ban configuration file for dovcot # -# Author: +# Author: Martin Waschbuesch # # $Revision: $ # @@ -14,7 +14,7 @@ # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # -failregex = .*(?: pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.* +failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.* # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. diff --git a/config/jail.conf b/config/jail.conf index 35164505..4d5f0cce 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -45,7 +45,7 @@ backend = auto enabled = false filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] - sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com] + sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com] logpath = /var/log/sshd.log maxretry = 5 @@ -54,7 +54,7 @@ maxretry = 5 enabled = false filter = proftpd action = iptables[name=ProFTPD, port=ftp, protocol=tcp] - sendmail-whois[name=ProFTPD, dest=you@mail.com] + sendmail-whois[name=ProFTPD, dest=you@example.com] logpath = /var/log/proftpd/proftpd.log maxretry = 6 @@ -66,7 +66,7 @@ enabled = false filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] - sendmail-whois[name=sasl, dest=you@mail.com] + sendmail-whois[name=sasl, dest=you@example.com] logpath = /var/log/mail.log # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is @@ -77,7 +77,7 @@ logpath = /var/log/mail.log enabled = false filter = sshd action = hostsdeny - sendmail-whois[name=SSH, dest=you@mail.com] + sendmail-whois[name=SSH, dest=you@example.com] ignoreregex = for myuser from logpath = /var/log/sshd.log @@ -101,7 +101,7 @@ maxretry = 6 enabled = false filter = postfix action = hostsdeny[file=/not/a/standard/path/hosts.deny] - sendmail[name=Postfix, dest=you@mail.com] + sendmail[name=Postfix, dest=you@example.com] logpath = /var/log/postfix.log bantime = 300 @@ -112,7 +112,7 @@ bantime = 300 enabled = false filter = vsftpd -action = sendmail-whois[name=VSFTPD, dest=you@mail.com] +action = sendmail-whois[name=VSFTPD, dest=you@example.com] logpath = /var/log/vsftpd.log maxretry = 5 bantime = 1800 @@ -124,7 +124,7 @@ bantime = 1800 enabled = false filter = vsftpd action = iptables[name=VSFTPD, port=ftp, protocol=tcp] - sendmail-whois[name=VSFTPD, dest=you@mail.com] + sendmail-whois[name=VSFTPD, dest=you@example.com] logpath = /var/log/vsftpd.log maxretry = 5 bantime = 1800 @@ -137,7 +137,7 @@ bantime = 1800 enabled = false filter = apache-badbots action = iptables-multiport[name=BadBots, port="http,https"] - sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com] + sendmail-buffered[name=BadBots, lines=5, dest=you@example.com] logpath = /var/www/*/logs/access_log bantime = 172800 maxretry = 1 @@ -149,7 +149,7 @@ maxretry = 1 enabled = false filter = apache-noscript action = shorewall - sendmail[name=Postfix, dest=you@mail.com] + sendmail[name=Postfix, dest=you@example.com] logpath = /var/log/apache2/error_log # Ban attackers that try to use PHP's URL-fopen() functionality @@ -190,7 +190,7 @@ maxretry = 2 enabled = false filter = sshd action = ipfw[localhost=192.168.0.1] - sendmail-whois[name="SSH,IPFW", dest=you@mail.com] + sendmail-whois[name="SSH,IPFW", dest=you@example.com] logpath = /var/log/auth.log ignoreip = 168.192.0.1 @@ -224,7 +224,7 @@ ignoreip = 168.192.0.1 # enabled = false # filter = named-refused # action = iptables-multiport[name=Named, port="domain,953", protocol=udp] -# sendmail-whois[name=Named, dest=you@mail.com] +# sendmail-whois[name=Named, dest=you@example.com] # logpath = /var/log/named/security.log # ignoreip = 168.192.0.1 @@ -235,7 +235,7 @@ ignoreip = 168.192.0.1 enabled = false filter = named-refused action = iptables-multiport[name=Named, port="domain,953", protocol=tcp] - sendmail-whois[name=Named, dest=you@mail.com] + sendmail-whois[name=Named, dest=you@example.com] logpath = /var/log/named/security.log ignoreip = 168.192.0.1 diff --git a/files/nagios/check_fail2ban b/files/nagios/check_fail2ban old mode 100644 new mode 100755 index 0b40db53..6afa9d7d --- a/files/nagios/check_fail2ban +++ b/files/nagios/check_fail2ban @@ -99,7 +99,7 @@ elif [ $final_exit -ne "0" ]; then # put a txt file on your server and describe how to fix the issue, this # could be attached to the mail. ###################################################################### -# mutt -s "FAIL2BAN NOT WORKING" your@email.com < /home/f2ban.txt +# mutt -s "FAIL2BAN NOT WORKING" your@example.com < /home/f2ban.txt exitstatus=$STATE_CRITICAL fi