From fc9b8a887f5549d806e5ab8584fd5f355f440b4d Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Sun, 28 May 2006 03:13:56 +0000
Subject: [PATCH] added proftpd section, adjusted vsftpd patch to dont
 interfer. boosted debian revision

---
 debian/changelog                         |   3 +-
 debian/patches/00_proftpd_section.dpatch | 160 +++++++++++++++++++++++
 debian/patches/00_vsftpd_regexp.dpatch   |  26 +++-
 debian/patches/00list                    |   1 +
 4 files changed, 188 insertions(+), 2 deletions(-)
 create mode 100755 debian/patches/00_proftpd_section.dpatch

diff --git a/debian/changelog b/debian/changelog
index c7bae3a3..d07a6878 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
-fail2ban (0.6.1-6) unstable; urgency=low
+fail2ban (0.6.1-7) unstable; urgency=low
 
   * Removed bashism (arrays) from init.d script to make it POSIX shell
     complient (closes: #368218)
+  * Added new proftpd section
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 22 May 2006 15:37:17 -0400
 
diff --git a/debian/patches/00_proftpd_section.dpatch b/debian/patches/00_proftpd_section.dpatch
new file mode 100755
index 00000000..cd4dd824
--- /dev/null
+++ b/debian/patches/00_proftpd_section.dpatch
@@ -0,0 +1,160 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_proftpd_section.dpatch by  <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: New section for proftpd
+
+@DPATCH@
+
+diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.hostsdeny fail2ban-0.6.1.post/config/fail2ban.conf.hostsdeny
+--- fail2ban-0.6.1.pre/config/fail2ban.conf.hostsdeny	2006-05-27 22:57:03.000000000 -0400
++++ fail2ban-0.6.1.post/config/fail2ban.conf.hostsdeny	2006-05-27 23:01:11.000000000 -0400
+@@ -291,6 +291,47 @@
+ failregex = FAIL LOGIN
+ 
+ 
++[PROFTPD]
++# Option: enabled
++# Notes.: enable monitoring for this section.
++# Values: [true | false] Default: false
++#
++enabled = false
++
++# Option: logfile
++# Notes.: logfile to monitor.
++# Values: FILE Default: /var/log/proftpd/proftpd.log
++# Other.: /var/log/auth.log
++#
++logfile = /var/log/proftpd/proftpd.log
++
++# Option:  port
++# Notes.:  specifies port to monitor
++# Values:  [ NUM | STRING ]  Default: ftp
++#
++port = ftp
++
++# Option: timeregex
++# Notes.: regex to match timestamp in VSFTPD logfile.
++# Values: [Mar 7 17:53:28]
++# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
++#
++timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
++
++# Option: timepattern
++# Notes.: format used in "timeregex" fields definition. Note that '%' must be
++# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
++# Values: TEXT Default: %%b %%d %%H:%%M:%%S
++#
++timepattern = %%b %%d %%H:%%M:%%S
++
++# Option: failregex
++# Notes.: regex to match the password failures messages in the logfile.
++# Values: TEXT Default:
++#
++failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
++
++
+ [SSH]
+ # Option:  enabled
+ # Notes.:  enable monitoring for this section.
+diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.iptables fail2ban-0.6.1.post/config/fail2ban.conf.iptables
+--- fail2ban-0.6.1.pre/config/fail2ban.conf.iptables	2006-05-27 22:57:03.000000000 -0400
++++ fail2ban-0.6.1.post/config/fail2ban.conf.iptables	2006-05-27 23:01:20.000000000 -0400
+@@ -385,6 +385,48 @@
+ #
+ failregex = FAIL LOGIN
+ 
++
++[PROFTPD]
++# Option: enabled
++# Notes.: enable monitoring for this section.
++# Values: [true | false] Default: false
++#
++enabled = false
++
++# Option: logfile
++# Notes.: logfile to monitor.
++# Values: FILE Default: /var/log/proftpd/proftpd.log
++# Other.: /var/log/auth.log
++#
++logfile = /var/log/proftpd/proftpd.log
++
++# Option:  port
++# Notes.:  specifies port to monitor
++# Values:  [ NUM | STRING ]  Default: ftp
++#
++port = ftp
++
++# Option: timeregex
++# Notes.: regex to match timestamp in VSFTPD logfile.
++# Values: [Mar 7 17:53:28]
++# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
++#
++timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
++
++# Option: timepattern
++# Notes.: format used in "timeregex" fields definition. Note that '%' must be
++# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
++# Values: TEXT Default: %%b %%d %%H:%%M:%%S
++#
++timepattern = %%b %%d %%H:%%M:%%S
++
++# Option: failregex
++# Notes.: regex to match the password failures messages in the logfile.
++# Values: TEXT Default:
++#
++failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
++
++
+ [SSH]
+ # Option:  enabled
+ # Notes.:  enable monitoring for this section.
+diff -x '*~' -Naur fail2ban-0.6.1.pre/config/fail2ban.conf.shorewall fail2ban-0.6.1.post/config/fail2ban.conf.shorewall
+--- fail2ban-0.6.1.pre/config/fail2ban.conf.shorewall	2006-05-27 22:57:03.000000000 -0400
++++ fail2ban-0.6.1.post/config/fail2ban.conf.shorewall	2006-05-27 23:00:32.000000000 -0400
+@@ -277,6 +277,45 @@
+ #
+ failregex = FAIL LOGIN
+ 
++[PROFTPD]
++# Option: enabled
++# Notes.: enable monitoring for this section.
++# Values: [true | false] Default: false
++#
++enabled = false
++
++# Option: logfile
++# Notes.: logfile to monitor.
++# Values: FILE Default: /var/log/proftpd/proftpd.log
++# Other.: /var/log/auth.log
++#
++logfile = /var/log/proftpd/proftpd.log
++
++# Option:  port
++# Notes.:  specifies port to monitor
++# Values:  [ NUM | STRING ]  Default: ftp
++#
++port = ftp
++
++# Option: timeregex
++# Notes.: regex to match timestamp in VSFTPD logfile.
++# Values: [Mar 7 17:53:28]
++# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
++#
++timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
++
++# Option: timepattern
++# Notes.: format used in "timeregex" fields definition. Note that '%' must be
++# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
++# Values: TEXT Default: %%b %%d %%H:%%M:%%S
++#
++timepattern = %%b %%d %%H:%%M:%%S
++
++# Option: failregex
++# Notes.: regex to match the password failures messages in the logfile.
++# Values: TEXT Default:
++#
++failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
+ 
+ [SSH]
+ # Option:  enabled
diff --git a/debian/patches/00_vsftpd_regexp.dpatch b/debian/patches/00_vsftpd_regexp.dpatch
index 6217a58e..bcb4f92f 100755
--- a/debian/patches/00_vsftpd_regexp.dpatch
+++ b/debian/patches/00_vsftpd_regexp.dpatch
@@ -16,5 +16,29 @@ diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.iptables fail2ban-0.6.1.fixed
 -failregex = FAIL LOGIN
 +failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
  
- [SSH]
+ [PROFTPD]
+ # Option:  enabled
+diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.shorewall fail2ban-0.6.1.fixed/config/fail2ban.conf.shorewall
+--- fail2ban-0.6.1.orig/config/fail2ban.conf.shorewall	2006-03-27 12:56:38.000000000 -0500
++++ fail2ban-0.6.1.fixed/config/fail2ban.conf.shorewall	2006-05-10 13:47:40.000000000 -0400
+@@ -383,7 +383,7 @@
+ # Notes.: regex to match the password failures messages in the logfile.
+ # Values: TEXT Default: Authentication failure|Failed password|Invalid user
+ #
+-failregex = FAIL LOGIN
++failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
+ 
+ [PROFTPD]
+ # Option:  enabled
+diff -rNu fail2ban-0.6.1.orig/config/fail2ban.conf.hostsdeny fail2ban-0.6.1.fixed/config/fail2ban.conf.hostsdeny
+--- fail2ban-0.6.1.orig/config/fail2ban.conf.hostsdeny	2006-03-27 12:56:38.000000000 -0500
++++ fail2ban-0.6.1.fixed/config/fail2ban.conf.hostsdeny	2006-05-10 13:47:40.000000000 -0400
+@@ -383,7 +383,7 @@
+ # Notes.: regex to match the password failures messages in the logfile.
+ # Values: TEXT Default: Authentication failure|Failed password|Invalid user
+ #
+-failregex = FAIL LOGIN
++failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
+ 
+ [PROFTPD]
  # Option:  enabled
diff --git a/debian/patches/00list b/debian/patches/00list
index e8e1b369..068def97 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -1 +1,2 @@
+00_proftpd_section
 00_vsftpd_regexp