e.g.
Sep 25 12:51:04 myhost kernel: [773580.832329] sshd[25557]: Invalid user pgsql from 91.203.223.206
This fixes the sshd filter on Fedora 15, and probably other filters on
other newish distros too.
* upstream:
for 0.8.5 release -- changelog + version
BF: use addfailregex instead of failregex while processing per-jail "failregex" parameter (Closes: #635830) (LP: #635036)
BF: use os.path.join to generate full path - fixes includes in configs given local filename
very minor -- uniform indentation in example
BF: use standard/reserved example.com instead of mail.com
ENH: Adding author for dovecot filter and prunning unneeded space in the regexp
* commit 'remotes/upstream-repo/tags/FAIL2BAN-0_8_5^':
for 0.8.5 release -- changelog + version
BF: use addfailregex instead of failregex while processing per-jail "failregex" parameter (Closes: #635830) (LP: #635036)
BF: use os.path.join to generate full path - fixes includes in configs given local filename
very minor -- uniform indentation in example
BF: use standard/reserved example.com instead of mail.com
ENH: Adding author for dovecot filter and prunning unneeded space in the regexp
Conflicts:
common/version.py -- my added copyright
* debian: (21 commits)
debian/jail.conf: got 'chain' parameter to be specified for iptables actions (Closes: #515599)
debian/jail.conf: closing " for protocol specification
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
BF: Allow for trailing spaces in proftpd logs
BF: escaping () in pure-ftpd filter. Thanks Teodor
BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
NF: Adding found on a drive filter.d/dovecot.conf
ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
ENH: dropbear filter: see http://bugs.debian.org/546913
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
ENH: adjusted description for sasl jail (Closes: #615952)
ENH: slight rewordings of the long description (Closes: #588176)
debian/copyright: updated copyright years
Boosted policy compliance version to 3.9.1 (no changes seems to be due)
spellcheck jail.conf. Thanks Christoph Anton Mitterer
spellcheck debian/jail.conf (Closes: #598206). Thanks Christoph Anton Mitterer
debian: default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
Tai64N stores time in GMT, we need to convert to local time before returning
...
+ trailing whitespaces were removed
Thanks to Christoph Anton Mitterer for the original bugreport raising the
concern and Matthijs Kooijman for giving 'chains parameter' idea
* commit 'upstream/0.8.4+svn20110323': (37 commits)
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
BF: Allow for trailing spaces in proftpd logs
BF: escaping () in pure-ftpd filter. Thanks Teodor
BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
NF: Adding found on a drive filter.d/dovecot.conf
ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
ENH: dropbear filter: see http://bugs.debian.org/546913
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
spellcheck jail.conf. Thanks Christoph Anton Mitterer
default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
Tai64N stores time in GMT, we need to convert to local time before returning
debug entry for lines ignored due to falling below findtime (v2)
disabling entirely named-refused-udp jail with a big fat warning
added time module. bug reported in buanzo's blog at http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
- Patch to make log file descriptors cloexec to stop leaking file descriptors on fork/exec. Thanks to Jonathan Underwood. https://bugzilla.redhat.com/show_bug.cgi?id=230191#c24
- Changed to SVN version.
- Release 0.8.4.
- Oups... Forgot the ChangeLog...
- Check the inode number for rotation in addition to checking the first line of the file. Thanks to Jonathan Kamens. - Red Hat Bugzilla - Bug 503852 - SF.net Bug #2800279.
...
* upstream-0.8:
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
BF: Allow for trailing spaces in proftpd logs
BF: escaping () in pure-ftpd filter. Thanks Teodor
BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
NF: Adding found on a drive filter.d/dovecot.conf
ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
ENH: dropbear filter: see http://bugs.debian.org/546913
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
It should be robust since /var/run/fail2ban is guaranteed to exist to carry the
socket file, and it will be owned by root (or some other dedicated fail2ban
user) thus avoiding possibility for the exploit
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605
* upstream-0.8:
spellcheck jail.conf. Thanks Christoph Anton Mitterer
default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
Tai64N stores time in GMT, we need to convert to local time before returning
debug entry for lines ignored due to falling below findtime (v2)
disabling entirely named-refused-udp jail with a big fat warning
added time module. bug reported in buanzo's blog at http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
Should have been done long before -- debian/ branch tracks source
releases of fail2ban, and there was 0.8.4 which was at once merged into
debian-release (debian branch + patches/fixes) but not into debian
* commit 'upstream/0.8.4':
Imported Upstream version 0.8.4
- Use 80 columns.
- Fixed maxretry/findtime rate. Many thanks to Christos Psonis. Tracker #2019714.
- Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
- Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100% correct fix but seems to work. Tracker #2500276.
- Changed <HOST> template to be more restrictive. Debian bug #514163.
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953.
- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log (closes: #512193).
- Added missing semi-colon in the bind9 example. Thanks to Yaroslav Halchenko.
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115.
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
- Added CPanel date format. Thanks to David Collins. Tracker #1967610.
- Added nagios script. Thanks to Sebastian Mueller.
- Removed print.
- Removed begin-line anchor for "standard" timestamp. Fixed Debian bug #500824.
- Remove socket file on startup is fail2ban crashed. Thanks to Detlef Reichelt.
Yaroslav Halchenko