* debian: (21 commits)
debian/jail.conf: got 'chain' parameter to be specified for iptables actions (Closes: #515599)
debian/jail.conf: closing " for protocol specification
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
BF: Allow for trailing spaces in proftpd logs
BF: escaping () in pure-ftpd filter. Thanks Teodor
BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
NF: Adding found on a drive filter.d/dovecot.conf
ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
ENH: dropbear filter: see http://bugs.debian.org/546913
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
ENH: adjusted description for sasl jail (Closes: #615952)
ENH: slight rewordings of the long description (Closes: #588176)
debian/copyright: updated copyright years
Boosted policy compliance version to 3.9.1 (no changes seems to be due)
spellcheck jail.conf. Thanks Christoph Anton Mitterer
spellcheck debian/jail.conf (Closes: #598206). Thanks Christoph Anton Mitterer
debian: default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
Tai64N stores time in GMT, we need to convert to local time before returning
...
+ trailing whitespaces were removed
Thanks to Christoph Anton Mitterer for the original bugreport raising the
concern and Matthijs Kooijman for giving 'chains parameter' idea
* debian:
Replacing word of caution with big fat warning and commenting out named-refused-udp completely (Closes: #583364)
Adding arno-iptables-firewall (no deprecation of ipmasq per Joey Hess mentioning, which still could be used on lenny systems)
* debian:
actually boosting policy
BF: use "set logtartet" instead of "reload" while logrotate. Thanks J.M.Roth (Closes: #537773)
BF: adjusted README.Debian - multiport is default (closes: #545971)
* up/log_examples:
added proftpd examples from wiki
NF: few examples for pure-ftpd
* debian:
BF: thanks lintian -- removing stale /var/run/fail2ban from dirs -- should be created by init script
Thanks lintian for catching a misspell in README.Debian
boosted debhelper compatibility to 5
* up/fixes:
Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557)
BF: Allow for trailing spaces in proftpd logs (closes: #507986)
* up/log_examples:
added sasl example log file
* debian:
Added a comment into Debian-shipped jail.conf about sasl logpath -- it might preferable to monitor warn.log in case of postfix
* up/ipmasq:
BF: removing minor bashism in ipmasq example file (closes: #530078). Thanks Raphael Geissert
* added example for BREAK-IN in ssh
* Syncing current debian revision to FAIL2BAN-0_8@717 of upstream,
since it includes fixes to some forwarded bugs. Total list of
functional changes
- Added actions to report abuse to ISP, DShield and myNetWatchman.
Thanks to Russell Odom.
- Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
- Added new time format. No idea from where it comes...
- Added new regex. Thanks to Tobias Offermann.
- Try to match the regex even if the line does not contain a valid
date/time. Described in Debian #491253. Thanks to Yaroslav
Halchenko.
- Removed "timeregex" and "timepattern" stuff that is not needed
anymore.
- Added date template for Day-Month-Year Hour:Minute:Second
(closes: #491253)
- Added date pattern for Hour:Minute:Second. Thanks to Andreas
Itzchak Rehberg.
- Use current day and month instead of Jan 1st if both are not
available in the log. Thanks to Andreas Itzchak Rehberg.
- Improved pattern. Thanks to Yaroslav Halchenko.
- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
* debian: (23 commits)
Imported Upstream version 0.8.3
- Prepared for 0.8.3.
Adjusted vcs paths
- Prepared for 0.8.3
- Send file if the number of lines is greater or equal and not only equal to the limit.
- Use poll instead of select in asyncore.loop. This should solve the "Unknown error 514". Thanks to Michael Geiger and Klaus Lehmann.
- Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
- Added and changed some logging level and messages.
- Added svn:keywords.
- Added ISO 8601 date/time format.
- Better (correct) fix for ignoreregex in jail.[conf|local].
- Fixed ignoreregex processing in fail2ban-client. Thanks to René Berber.
- Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to Dennis Winter.
- Added svn:keywords.
- Added gssftpd filter. Thanks to Kevin Zembower.
- Changed some log level.
- Fixed "fail2ban-client get <jail> logpath". Bug #1916986.
- Fixed PID file while started in daemon mode. Thanks to Christian Jobic who submitted a similar patch.
- Fixed socket path in redhat and suse init script. Thanks to Jim Wight.
- Create /var/run/fail2ban during install.
...
Conflicts:
ChangeLog
config/filter.d/gssftpd.conf
config/filter.d/pam-generic.conf
debian/changelog
* debian:
2 new jails: xinetd-fail, apache-overflows added to jails.conf
minor: adjusted comment for named jails to come closer to upstream
BF: apache-* jails -- authentication failures are recorded in *error.log files, thus paths were adjusted
* debian:
Confirms to policy 3.7.3 (no changes)
Bye Bye dpatch: now everything is handled in git branches
removing patches from dpatch system since they are in branches now
added a comment to README.Debian and to the list of examples for ipmasq example file
Fixed == bashism (Closes: #464647). Thanks Raphael Geisser
* deb/specifics:
slight tune ups in upstream sources destined only for debian are kept in this branch
* up/0.9-0.8:
* up/apache_noscript_extend:
Extended apache-noscript filter with more file extensions and to react to "script not found or unable to stat" log message (closes: #456565). Thanks Tim Connors
* up/ipmasq:
Added ipmasq rule file to restart fail2ban when iptables are wiped out (closes: #461417). Thanks Guido Bozzetto
* up/log_examples:
up/log_examples: moved vsftpd log from up/vsftpd_optional_user
added examples of log lines (for named-refused, pam-generic, sshd) under files/logs for easy testing
* up/mail_whois_lines:
mail-whois-lines: moved fix for proper names from dpatch
* up/named_refused_fixed:
named_refused: moved fix for proper config+filters from dpatch
* up/pam_generic:
added pam-generic from dpatch
* up/proftpd_fix+extend:
Fix/extension of proftpd failrexes (Closes: #461412). Thanks Guido Bozzetto
* up/sshd_refused_connect:
* up/vsftpd_optional_user:
up/vsftpd_optional_user: moving examples into up/examples branch
BF: vsftp anchoring
Yaroslav Halchenko