* debian: (21 commits)
debian/jail.conf: got 'chain' parameter to be specified for iptables actions (Closes: #515599)
debian/jail.conf: closing " for protocol specification
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
BF: Allow for trailing spaces in proftpd logs
BF: escaping () in pure-ftpd filter. Thanks Teodor
BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
NF: Adding found on a drive filter.d/dovecot.conf
ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
ENH: dropbear filter: see http://bugs.debian.org/546913
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
ENH: adjusted description for sasl jail (Closes: #615952)
ENH: slight rewordings of the long description (Closes: #588176)
debian/copyright: updated copyright years
Boosted policy compliance version to 3.9.1 (no changes seems to be due)
spellcheck jail.conf. Thanks Christoph Anton Mitterer
spellcheck debian/jail.conf (Closes: #598206). Thanks Christoph Anton Mitterer
debian: default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
Tai64N stores time in GMT, we need to convert to local time before returning
...
+ trailing whitespaces were removed
Thanks to Christoph Anton Mitterer for the original bugreport raising the
concern and Matthijs Kooijman for giving 'chains parameter' idea
* debian:
Replacing word of caution with big fat warning and commenting out named-refused-udp completely (Closes: #583364)
Adding arno-iptables-firewall (no deprecation of ipmasq per Joey Hess mentioning, which still could be used on lenny systems)
* debian:
actually boosting policy
BF: use "set logtartet" instead of "reload" while logrotate. Thanks J.M.Roth (Closes: #537773)
BF: adjusted README.Debian - multiport is default (closes: #545971)
* up/log_examples:
added proftpd examples from wiki
NF: few examples for pure-ftpd
* debian:
BF: thanks lintian -- removing stale /var/run/fail2ban from dirs -- should be created by init script
Thanks lintian for catching a misspell in README.Debian
boosted debhelper compatibility to 5
* up/fixes:
Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557)
BF: Allow for trailing spaces in proftpd logs (closes: #507986)
* up/log_examples:
added sasl example log file
* debian:
Added a comment into Debian-shipped jail.conf about sasl logpath -- it might preferable to monitor warn.log in case of postfix
* up/ipmasq:
BF: removing minor bashism in ipmasq example file (closes: #530078). Thanks Raphael Geissert
* added example for BREAK-IN in ssh
* Syncing current debian revision to FAIL2BAN-0_8@717 of upstream,
since it includes fixes to some forwarded bugs. Total list of
functional changes
- Added actions to report abuse to ISP, DShield and myNetWatchman.
Thanks to Russell Odom.
- Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
- Added new time format. No idea from where it comes...
- Added new regex. Thanks to Tobias Offermann.
- Try to match the regex even if the line does not contain a valid
date/time. Described in Debian #491253. Thanks to Yaroslav
Halchenko.
- Removed "timeregex" and "timepattern" stuff that is not needed
anymore.
- Added date template for Day-Month-Year Hour:Minute:Second
(closes: #491253)
- Added date pattern for Hour:Minute:Second. Thanks to Andreas
Itzchak Rehberg.
- Use current day and month instead of Jan 1st if both are not
available in the log. Thanks to Andreas Itzchak Rehberg.
- Improved pattern. Thanks to Yaroslav Halchenko.
- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
* debian: (23 commits)
Imported Upstream version 0.8.3
- Prepared for 0.8.3.
Adjusted vcs paths
- Prepared for 0.8.3
- Send file if the number of lines is greater or equal and not only equal to the limit.
- Use poll instead of select in asyncore.loop. This should solve the "Unknown error 514". Thanks to Michael Geiger and Klaus Lehmann.
- Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
- Added and changed some logging level and messages.
- Added svn:keywords.
- Added ISO 8601 date/time format.
- Better (correct) fix for ignoreregex in jail.[conf|local].
- Fixed ignoreregex processing in fail2ban-client. Thanks to René Berber.
- Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to Dennis Winter.
- Added svn:keywords.
- Added gssftpd filter. Thanks to Kevin Zembower.
- Changed some log level.
- Fixed "fail2ban-client get <jail> logpath". Bug #1916986.
- Fixed PID file while started in daemon mode. Thanks to Christian Jobic who submitted a similar patch.
- Fixed socket path in redhat and suse init script. Thanks to Jim Wight.
- Create /var/run/fail2ban during install.
...
Conflicts:
ChangeLog
config/filter.d/gssftpd.conf
config/filter.d/pam-generic.conf
debian/changelog
* debian:
2 new jails: xinetd-fail, apache-overflows added to jails.conf
minor: adjusted comment for named jails to come closer to upstream
BF: apache-* jails -- authentication failures are recorded in *error.log files, thus paths were adjusted
* debian:
Confirms to policy 3.7.3 (no changes)
Bye Bye dpatch: now everything is handled in git branches
removing patches from dpatch system since they are in branches now
added a comment to README.Debian and to the list of examples for ipmasq example file
Fixed == bashism (Closes: #464647). Thanks Raphael Geisser
* deb/specifics:
slight tune ups in upstream sources destined only for debian are kept in this branch
* up/0.9-0.8:
* up/apache_noscript_extend:
Extended apache-noscript filter with more file extensions and to react to "script not found or unable to stat" log message (closes: #456565). Thanks Tim Connors
* up/ipmasq:
Added ipmasq rule file to restart fail2ban when iptables are wiped out (closes: #461417). Thanks Guido Bozzetto
* up/log_examples:
up/log_examples: moved vsftpd log from up/vsftpd_optional_user
added examples of log lines (for named-refused, pam-generic, sshd) under files/logs for easy testing
* up/mail_whois_lines:
mail-whois-lines: moved fix for proper names from dpatch
* up/named_refused_fixed:
named_refused: moved fix for proper config+filters from dpatch
* up/pam_generic:
added pam-generic from dpatch
* up/proftpd_fix+extend:
Fix/extension of proftpd failrexes (Closes: #461412). Thanks Guido Bozzetto
* up/sshd_refused_connect:
* up/vsftpd_optional_user:
up/vsftpd_optional_user: moving examples into up/examples branch
BF: vsftp anchoring
- anchored properly at the end of line, and source code has .examples
files to perform testing of the rules.
- added new explicit rule for users not in the AllowUsers lists
- Removed obsolete Build-Depends-Indep on help2man, python-dev
- Explicit removal of *.pyc files compiled during build
- Invoke 'python setup.py clean' in clean target, which required also
to move python into Build-Depends
* Minor clean up of debian/rules
with multiport module. That is to address the fact that most services
listen on multiple port (for encrypted and non-encrypted connections)
* Added [courierauth] jail (First 2 items are to partially address #407404
non-released versions (which were suggested to the users to overcome
problems reported in bug reports). In particular attention should be paid
to upstream changelog entries
- Several "failregex" and "ignoreregex" are now accepted.
Creation of rules should be easier now.
This is an alternative solution to 'multiple <HOST>' entries fix,
which is not applied to this shipped version - pay cautios if upgrading
from 0.7.5-3~pre?
- Allow comma in action options. The value of the option must
be escaped with " or '.
That allowed to implement requested ability to ban multiple ports
at once (See 373592). README.Debian and jail.conf adjusted to reflect
possible use of iptables-mport
- Now Fail2ban goes in /usr/share/fail2ban instead of
/usr/lib/fail2ban. This is more compliant with FHS.
Patch 00_share_insteadof_lib no longer applied
* Refactored installed by debian package jail.conf:
- Added option banaction which is to incorporate banning agent
(usually some flavor of iptables rule), which can then be easily
overriden globally or per section
- Multiple actions are defined as action_* to serve as shortcuts
rephrased (Closes: #402350)
* Added mail-whois-lines action, which emails log lines containing abuser
IP. Those lines are often required for proper abuse reports sent to the
Internet providers. Forwarding of such received emails to the email
addresses of abuse departments present in the output of whois is a
tentative solution for semi-automatic abuse reporting (Closes: #358810)
from jail.{conf,local} into an action or a filter definition (closes:
#398739)
* Removed Uploaded field from control since I am a DD now. Big thanks to
Barak Pearlmutter for being the sponsor of my packages for few
years.
invoking mail actions (closes: #396668)
* Removed obsolete entries in TODO and README
* README.Debian describes a bit issue of interpolations vs parameters
passed from jail.{conf,local} into an action or a filter definition
(closes: #398739)
* Initial version of postfix filter (closes: #377711)