From dce14c59d7c6e76c51cc1602d6d906dcad2e9179 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Fri, 4 Jan 2008 11:47:29 -0500
Subject: [PATCH] BF: fixed silly typo in sshd filter patch and extended vsftpd
 filter patch

---
 debian/patches/00_stronger_failregex.dpatch | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/debian/patches/00_stronger_failregex.dpatch b/debian/patches/00_stronger_failregex.dpatch
index 821a89fc..4a6b0478 100755
--- a/debian/patches/00_stronger_failregex.dpatch
+++ b/debian/patches/00_stronger_failregex.dpatch
@@ -6,26 +6,26 @@
 
 @DPATCH@
 diff -urNad fail2ban~/config/filter.d/sshd.conf fail2ban/config/filter.d/sshd.conf
---- fail2ban~/config/filter.d/sshd.conf	2007-11-06 17:57:04.000000000 -0500
-+++ fail2ban/config/filter.d/sshd.conf	2007-11-07 01:04:17.000000000 -0500
+--- fail2ban~/config/filter.d/sshd.conf	2008-01-04 11:42:10.000000000 -0500
++++ fail2ban/config/filter.d/sshd.conf	2008-01-04 11:44:39.000000000 -0500
 @@ -13,7 +13,7 @@
  #          be used for standard IP/hostname matching.
  # Values:  TEXT
  #
 -failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>
-+failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>(?: port \d*)?(?: ssh\d*)\s*$
++failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
  
  # Option:  ignoreregex
  # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 diff -urNad fail2ban~/config/filter.d/vsftpd.conf fail2ban/config/filter.d/vsftpd.conf
---- fail2ban~/config/filter.d/vsftpd.conf	2007-11-06 17:57:04.000000000 -0500
-+++ fail2ban/config/filter.d/vsftpd.conf	2007-11-07 01:06:31.000000000 -0500
+--- fail2ban~/config/filter.d/vsftpd.conf	2008-01-04 11:42:10.000000000 -0500
++++ fail2ban/config/filter.d/vsftpd.conf	2008-01-04 11:46:48.000000000 -0500
 @@ -13,7 +13,7 @@
  #          be used for standard IP/hostname matching.
  # Values: TEXT
  #
 -failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
-+failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>\s*$
++failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>(?: user=\w*)?\s*$
  
  # Option:  ignoreregex
  # Notes.:  regex to ignore. If this regex matches, the line is ignored.