- Absorbed some Debian patches. Thanks to Yaroslav Halchenko.

- Renamed actionend to actionstop. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@658 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 22:41:28 +00:00 · 2008-03-04 22:41:28 +00:00 · f0399ca5a4
parent b4de265030
commit f0399ca5a4
21 changed files with 30 additions and 25 deletions
--- a/1
+++ b/1
@ -36,6 +36,7 @@ ver. 0.8.2 (2008/??/??) - stable
 - "reload <jail>" reloads a single jail and the parameters in
  fail2ban.conf.
 - Added Mac OS/X startup script. Thanks to Bill Heaton.
+- Absorbed some Debian patches. Thanks to Yaroslav Halchenko.

 ver. 0.8.1 (2007/08/14) - stable
 ----------
--- a/config/action.d/dummy.conf
+++ b/config/action.d/dummy.conf
@ -14,7 +14,7 @@
 actionstart = touch /tmp/fail2ban.dummy
              echo "<init>" >> /tmp/fail2ban.dummy

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/hostsdeny.conf
+++ b/config/action.d/hostsdeny.conf
@ -13,7 +13,7 @@
 #
 actionstart = 

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/ipfw.conf
+++ b/config/action.d/ipfw.conf
@ -15,7 +15,7 @@
 actionstart = 


-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/iptables-allports.conf
+++ b/config/action.d/iptables-allports.conf
@ -17,7 +17,7 @@ actionstart = iptables -N fail2ban-<name>
              iptables -A fail2ban-<name> -j RETURN
              iptables -I INPUT -p <protocol> -j fail2ban-<name>

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/iptables-multiport.conf
+++ b/config/action.d/iptables-multiport.conf
@ -15,7 +15,7 @@ actionstart = iptables -N fail2ban-<name>
              iptables -A fail2ban-<name> -j RETURN
              iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/iptables-new.conf
+++ b/config/action.d/iptables-new.conf
@ -17,7 +17,7 @@ actionstart = iptables -N fail2ban-<name>
              iptables -A fail2ban-<name> -j RETURN
              iptables -I INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@ -15,7 +15,7 @@ actionstart = iptables -N fail2ban-<name>
              iptables -A fail2ban-<name> -j RETURN
              iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@ -17,7 +17,7 @@ actionstart = echo -en "Hi,\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/mail-whois-lines.conf
+++ b/config/action.d/mail-whois-lines.conf
@ -7,7 +7,7 @@

 [Definition]

-# Option:  fwstart
+# Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
@ -16,7 +16,7 @@ actionstart = echo -en "Hi,\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>

-# Option:  fwend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
@ -25,13 +25,13 @@ actionstop = echo -en "Hi,\n
             Regards,\n
             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>

-# Option:  fwcheck
-# Notes.:  command executed once before each fwban command
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 

-# Option:  fwban
+# Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
@ -50,7 +50,7 @@ actionban = echo -en "Hi,\n
            Regards,\n
            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>

-# Option:  fwunban
+# Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
--- a/config/action.d/mail-whois.conf
+++ b/config/action.d/mail-whois.conf
@ -16,7 +16,7 @@ actionstart = echo -en "Hi,\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/mail.conf
+++ b/config/action.d/mail.conf
@ -16,7 +16,7 @@ actionstart = echo -en "Hi,\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@ -20,7 +20,7 @@ actionstart = echo -en "Subject: [Fail2Ban] <name>: started
              Regards,\n
              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/sendmail-whois-lines.conf
+++ b/config/action.d/sendmail-whois-lines.conf
@ -19,7 +19,7 @@ actionstart = echo -en "Subject: [Fail2Ban] <name>: started
              Regards,\n
              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/sendmail-whois.conf
+++ b/config/action.d/sendmail-whois.conf
@ -19,7 +19,7 @@ actionstart = echo -en "Subject: [Fail2Ban] <name>: started
              Regards,\n
              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/sendmail.conf
+++ b/config/action.d/sendmail.conf
@ -19,7 +19,7 @@ actionstart = echo -en "Subject: [Fail2Ban] <name>: started
              Regards,\n
              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/action.d/shorewall.conf
+++ b/config/action.d/shorewall.conf
@ -13,7 +13,7 @@
 #
 actionstart = 

-# Option:  actionend
+# Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
--- a/config/filter.d/apache-noscript.conf
+++ b/config/filter.d/apache-noscript.conf
@ -14,7 +14,7 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
-failregex = [[]client <HOST>[]] File does not exist: .*(\.php|\.asp)
+failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*(\.php|\.asp|\.exe|\.pl)

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/config/filter.d/proftpd.conf
+++ b/config/filter.d/proftpd.conf
@ -14,8 +14,10 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values: TEXT
 #
-failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
-            \(\S*\[<HOST>\]\) - USER \S+ \(Login failed\): Incorrect password.$
+failregex = \(\S+\[<HOST>\]\): USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$
+            \(\S+\[<HOST>\]\): USER \S+ \(Login failed\): Incorrect password\.$
+            \(\S+\[<HOST>\]\): SECURITY VIOLATION: \S+ login attempted\.$
+            \(\S+\[<HOST>\]\): Maximum login attempts \(\d+\) exceeded$

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@ -28,6 +28,8 @@ failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* fro
            ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
            ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
            ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$
+            ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+            ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/config/filter.d/vsftpd.conf
+++ b/config/filter.d/vsftpd.conf
@ -14,7 +14,7 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values: TEXT
 #
-failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>\s*$
+failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$
            \[.+\] FAIL LOGIN: Client "<HOST>"\s*$

 # Option:  ignoreregex