- Fixed Debian bug #461426

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@667 a942ae1a-1317-0410-a47c-b1dcaea8d605

ChangeLog

@@ -40,7 +40,7 @@ ver. 0.8.2 (2008/??/??) - stable
 - Replaced "echo" with "printf" in actions. Fix #1839673
 - Replaced "reject" with "drop" in shorwall action. Fix
   #1854875
-- Fixed Debian bug #456567, #468477, #462060
+- Fixed Debian bug #456567, #468477, #462060, #461426
 
 ver. 0.8.1 (2007/08/14) - stable
 ----------

MANIFEST

@@ -74,6 +74,7 @@ config/filter.d/sshd-ddos.conf
 config/filter.d/vsftpd.conf
 config/filter.d/webmin-auth.conf
 config/filter.d/wuftpd.conf
+config/filter.d/xinetd-fail.conf
 config/action.d/hostsdeny.conf
 config/action.d/ipfw.conf
 config/action.d/iptables.conf

config/filter.d/xinetd-fail.conf

@@ -0,0 +1,30 @@
+# Fail2Ban configuration file
+#
+# Author: Guido Bozzetto
+#
+# $Revision: 663 $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+# Cfr.: /var/log/(daemon\.|sys)log
+# libwrap => tcp wrappers: hosts.(allow|deny)
+# address => xinetd: deny_from|only_from
+# load => xinetd: max_load (temporary problem)
+#
+
+failregex = xinetd(?:\[\d{1,5}\])?: FAIL: \S+ address from=<HOST>$
+            xinetd(?:\[\d{1,5}\])?: FAIL: \S+ libwrap from=<HOST>$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =