Commit Graph

505 Commits (b523bdc081a53cb96c662d78c846ab94e27e0c5b)

Author SHA1 Message Date
Yaroslav Halchenko 14d609941b monitor syslog not auth.log for wuftpd 2012-07-31 15:59:44 -04:00
Yaroslav Halchenko 23e979a20e Adjusted changelog to reflect changes pulled with the merge 2012-07-31 15:58:15 -04:00
Yaroslav Halchenko d0c5da97a4 Initiated debian changelog entry for 0.8.7-1 2012-07-31 14:04:25 -04:00
Yaroslav Halchenko 25077092e9 adjusted revision 2012-07-20 09:56:36 -04:00
Yaroslav Halchenko b8a8720a49 updated changelog 2012-07-19 17:30:25 -04:00
Yaroslav Halchenko f6137c4def Adjusting the patch new path to report bugs 2012-07-19 14:50:51 -04:00
Yaroslav Halchenko 7dbbc61319 adjusted revision 2012-07-19 14:06:44 -04:00
Yaroslav Halchenko ad6d9760f9 Adjusted url to "local DOS" issue now described in the manual 2012-07-14 11:12:54 -04:00
Yaroslav Halchenko ffd12554e4 changelog entry for 0.8.6~+git69-gb4099da-1 2012-06-06 23:41:10 -04:00
Yaroslav Halchenko 6ad4276a4e DOC: note about way to add comments + pruned not needed authorship line and obsolete $Revision$ 2012-06-04 22:46:59 -04:00
Yaroslav Halchenko 826f53f92d adjusted changelog 2012-02-10 08:20:10 -05:00
Yaroslav Halchenko 7154b3aefd Since we are exiting with non-0 -- all msgs should be failures 2012-02-09 13:03:53 -05:00
Glenn Aaldering 5cac32e038 Making sure that the status command gives the correct exit code when fail2ban is not running. 2012-02-09 18:33:14 +01:00
Yaroslav Halchenko b25dddff31 Added dovecot section to Debian's jail.conf. Thanks to Laurent Léonard (Closes: #655182) 2012-01-08 21:47:18 -05:00
Yaroslav Halchenko 088aa67381 DOC: finalizing changelog 2012-01-07 19:46:42 -05:00
Yaroslav Halchenko 1be14b8470 FIX: added blank build-{arch,indep} to pacify lintian 2012-01-07 18:56:07 -05:00
Yaroslav Halchenko 5701ecb681 FIX: reversed Vcs- fields 2012-01-07 18:54:34 -05:00
Yaroslav Halchenko 2828ad4968 FIX: we are using debian not debian-release branch now 2012-01-07 18:53:13 -05:00
Yaroslav Halchenko 055c3e9323 changelog for xt changes 2012-01-07 15:33:20 -05:00
Yaroslav Halchenko 5c2abe60a1 Added pure-ftpd section to Debian's jail.conf. Thanks to Laurent Léonard (Closes: #654412) 2012-01-05 23:01:11 -05:00
Zbigniew Jędrzejewski-Szmek bc82a68481 DOC: add documentation for xt_recent-echo without root 2012-01-06 00:55:04 +01:00
Zbigniew Jędrzejewski-Szmek de502cf2e4 NF: run as different user (disabled by default) 2012-01-06 00:36:50 +01:00
Yaroslav Halchenko aa4f5cf2b7 BF: adjusted vcs- fields to point to github upstream repo 2011-11-29 09:00:29 -05:00
Yaroslav Halchenko e5ea44b999 Adjusted debian/watch to fetch tarballs from github 2011-11-28 23:01:32 -05:00
Yaroslav Halchenko a27bff08e5 [1efe1bc] Fresh upstream release (Closes: #648324) + boost policy to 3.9.2 2011-11-28 22:54:36 -05:00
Yaroslav Halchenko 9b96a01d3e adjusting email for Cyril to be cyril.jaquier@fail2ban.org 2011-11-18 11:49:34 -05:00
Yaroslav Halchenko 42e6653486 RF: moving manpages tune ups into debian patch
original commit 3389184f41
2011-11-18 11:43:33 -05:00
Yaroslav Halchenko 8f3d54882a manually removed all expansion for SVN keywords to match with master 2011-11-18 10:10:45 -05:00
Yaroslav Halchenko 2b27d83625 changelog for 0.8.5-2 2011-09-23 22:12:27 -04:00
Yaroslav Halchenko a41a8e3dc7 adjusted changelog 2011-07-28 23:22:33 -04:00
Yaroslav Halchenko 72109ef12c Merge branch 'debian' into debian-release
* debian:
  Added a note on diverting logrotate configuration for custom logtarget=SYSLOG (Closes: #631917)
2011-07-28 23:20:39 -04:00
Yaroslav Halchenko 60f459e3c4 Added a note on diverting logrotate configuration for custom logtarget=SYSLOG (Closes: #631917) 2011-07-28 23:20:23 -04:00
Yaroslav Halchenko 584539a2c4 changelog for 0.8.5-1 2011-07-28 23:08:16 -04:00
Yaroslav Halchenko 2ab8e35652 Merge branch 'debian' into debian-release
* debian:
  Set backend to auto and recommends python-gamin (Closes: #524425)
2011-07-28 23:08:03 -04:00
Yaroslav Halchenko 9e3c29659d Set backend to auto and recommends python-gamin (Closes: #524425) 2011-07-28 22:56:33 -04:00
Yaroslav Halchenko 846029d154 untabify the most recent changelog 2011-03-23 17:34:32 -04:00
Yaroslav Halchenko 559c76700d Merge branch 'debian' into debian-release
* debian:
  Added dropbear jail and made formatting of jails consistent (and untabified)
  ENH: Moving gbp.conf under debian/
2011-03-23 17:22:26 -04:00
Yaroslav Halchenko a7632c0d2a Added dropbear jail and made formatting of jails consistent (and untabified) 2011-03-23 17:22:21 -04:00
Yaroslav Halchenko 1d76a032ee ENH: Moving gbp.conf under debian/ 2011-03-23 17:19:54 -04:00
Yaroslav Halchenko 66934d4ed6 changelog entry for 0.8.4+svn20110323-1 2011-03-23 17:19:14 -04:00
Yaroslav Halchenko ba09fae1ac Merge branch 'debian' into debian-release
* debian: (21 commits)
  debian/jail.conf: got 'chain' parameter to be specified for iptables actions (Closes: #515599)
  debian/jail.conf: closing " for protocol specification
  BF: proftpd filter -- if login failed -- count regardless of the reason for failure
  BF: Allow for trailing spaces in proftpd logs
  BF: escaping () in pure-ftpd filter. Thanks Teodor
  BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
  ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
  NF: Adding found on a drive filter.d/dovecot.conf
  ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
  ENH: dropbear filter: see http://bugs.debian.org/546913
  BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs.debian.org/544232
  ENH: adjusted description for sasl jail (Closes: #615952)
  ENH: slight rewordings of the long description (Closes: #588176)
  debian/copyright: updated copyright years
  Boosted policy compliance version to 3.9.1 (no changes seems to be due)
  spellcheck jail.conf. Thanks Christoph Anton Mitterer
  spellcheck debian/jail.conf (Closes: #598206). Thanks Christoph Anton Mitterer
  debian: default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
  default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
  Tai64N stores time in GMT, we need to convert to local time before returning
  ...
2011-03-23 17:04:21 -04:00
Yaroslav Halchenko 086176c4df debian/jail.conf: got 'chain' parameter to be specified for iptables actions (Closes: #515599)
+ trailing whitespaces were removed

Thanks to Christoph Anton Mitterer for the original bugreport raising the
concern and Matthijs Kooijman for giving 'chains parameter' idea
2011-03-23 16:59:39 -04:00
Yaroslav Halchenko 350c5f676b debian/jail.conf: closing " for protocol specification
not sure how it did not have any negative impact before :-/
2011-03-23 16:56:57 -04:00
Yaroslav Halchenko a6bc0e517f ENH: adjusted description for sasl jail (Closes: #615952) 2011-03-23 16:09:00 -04:00
Yaroslav Halchenko 97ac5bd205 ENH: slight rewordings of the long description (Closes: #588176) 2011-03-23 16:00:01 -04:00
Yaroslav Halchenko cfd6cf7b1b debian/copyright: updated copyright years 2011-03-23 15:55:43 -04:00
Yaroslav Halchenko eb5bcdad81 Boosted policy compliance version to 3.9.1 (no changes seems to be due) 2011-03-23 15:55:01 -04:00
Yaroslav Halchenko db6aadfc39 spellcheck debian/jail.conf (Closes: #598206). Thanks Christoph Anton Mitterer 2010-09-27 09:16:34 -04:00
Yaroslav Halchenko 35e43cf650 debian: default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200 2010-09-27 09:11:47 -04:00
Yaroslav Halchenko 95a28f3c65 Merge branch 'debian' into debian-release
* debian:
  adding misc:Depends as advised by lintian
  Adding news about named-refused-udp
  thanks lintian -- tuning up version for elderly NEWS entry
2010-06-28 22:13:37 -04:00
Yaroslav Halchenko baf8cc7eb5 adding misc:Depends as advised by lintian 2010-06-28 22:13:27 -04:00
Yaroslav Halchenko ecb29697e2 Adding news about named-refused-udp 2010-06-28 22:13:15 -04:00
Yaroslav Halchenko 52f37cc159 thanks lintian -- tuning up version for elderly NEWS entry 2010-06-28 22:10:22 -04:00
Yaroslav Halchenko f7bb5e2df4 changelog entry for 0.8.4-3 2010-06-28 21:50:37 -04:00
Yaroslav Halchenko 20c0d92e89 Merge branch 'debian' into debian-release
* debian:
  Replacing word of caution with big fat warning and commenting out named-refused-udp completely (Closes: #583364)
  Adding arno-iptables-firewall (no deprecation of ipmasq per Joey Hess mentioning, which still could be used on lenny systems)
2010-06-28 21:45:56 -04:00
Yaroslav Halchenko 833f60a38a Replacing word of caution with big fat warning and commenting out named-refused-udp completely (Closes: #583364) 2010-06-28 21:45:47 -04:00
Yaroslav Halchenko d1b9e71173 Adding arno-iptables-firewall (no deprecation of ipmasq per Joey Hess mentioning, which still could be used on lenny systems) 2010-05-26 17:58:20 -04:00
Yaroslav Halchenko eb08f17cb2 changelog entry for -2 2010-02-25 00:20:08 -05:00
Yaroslav Halchenko 26c3416793 Merge branch 'debian' into debian-release
* debian:
  BF: --install-layout=deb for setup.py +  python (>= 2.5.4-1~) to fix install with python2.6 (closes: #571213)
2010-02-25 00:16:59 -05:00
Yaroslav Halchenko 3f898d7c05 BF: --install-layout=deb for setup.py + python (>= 2.5.4-1~) to fix install with python2.6 (closes: #571213) 2010-02-25 00:03:22 -05:00
Yaroslav Halchenko d0f32768d6 releasing 0.8.4-1 into Debian 2009-09-11 01:49:04 -04:00
Yaroslav Halchenko 187d6c96a9 changelog entry 2009-09-11 00:53:53 -04:00
Yaroslav Halchenko 3b7e6b6cbc Merge branches 'debian' and 'up/log_examples' into build
* debian:
  actually boosting policy
  BF: use "set logtartet" instead of "reload" while logrotate. Thanks J.M.Roth (Closes: #537773)
  BF: adjusted README.Debian - multiport is default (closes: #545971)

* up/log_examples:
  added proftpd examples from wiki
  NF: few examples for pure-ftpd
2009-09-10 18:03:32 -04:00
Yaroslav Halchenko efb1f57f62 actually boosting policy 2009-09-10 11:22:48 -04:00
Yaroslav Halchenko 472a7b31ce BF: use "set logtartet" instead of "reload" while logrotate. Thanks J.M.Roth (Closes: #537773) 2009-09-10 11:05:56 -04:00
Yaroslav Halchenko 3dd16eeddf BF: adjusted README.Debian - multiport is default (closes: #545971) 2009-09-10 09:09:01 -04:00
Yaroslav Halchenko 779d377ac5 Merge branch 'debian' into build
* debian:
  actually removing fail2ban installed /var/run/fail2ban while building package
2009-07-09 01:48:49 -04:00
Yaroslav Halchenko d2695899a0 actually removing fail2ban installed /var/run/fail2ban while building package 2009-07-09 01:48:43 -04:00
Yaroslav Halchenko f6861cd5ee Changelog entries 2009-07-09 01:42:48 -04:00
Yaroslav Halchenko fee38e2fc0 Merge branch 'debian' into build
* debian:
  BF: thanks lintian -- removing stale /var/run/fail2ban from dirs -- should be created by init script
  Thanks lintian for catching a misspell in README.Debian
  boosted debhelper compatibility to 5
2009-07-09 01:38:05 -04:00
Yaroslav Halchenko 01a5faf131 BF: thanks lintian -- removing stale /var/run/fail2ban from dirs -- should be created by init script 2009-07-09 01:37:58 -04:00
Yaroslav Halchenko 8de0f450e9 Thanks lintian for catching a misspell in README.Debian 2009-07-09 01:36:46 -04:00
Yaroslav Halchenko 53066981af boosted debhelper compatibility to 5 2009-07-09 01:36:03 -04:00
Yaroslav Halchenko 59223c3513 Very lengthy debian/changelog entry 2009-07-09 01:15:47 -04:00
Yaroslav Halchenko 5f6a30fe9e Merge branches 'up/fixes', 'up/log_examples', 'debian' and 'up/ipmasq' into build
* up/fixes:
  Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557)
  BF: Allow for trailing spaces in proftpd logs (closes: #507986)

* up/log_examples:
  added sasl example log file

* debian:
  Added a comment into Debian-shipped jail.conf about sasl logpath -- it might preferable to monitor warn.log in case of postfix

* up/ipmasq:
  BF: removing minor bashism in ipmasq example file (closes: #530078). Thanks Raphael Geissert
2009-07-09 00:58:46 -04:00
Yaroslav Halchenko 6197fb178c Added a comment into Debian-shipped jail.conf about sasl logpath -- it might preferable to monitor warn.log in case of postfix 2009-07-09 00:48:05 -04:00
Yaroslav Halchenko 3114418b1e Merge branch 'debian' into build
* debian:
  Boosted policy to 3.8.2 -- no changed are due
  fixed Vcs-git field
2009-07-09 00:05:13 -04:00
Yaroslav Halchenko 034f07ada6 Boosted policy to 3.8.2 -- no changed are due 2009-07-09 00:05:03 -04:00
Yaroslav Halchenko 8d07aa603e fixed Vcs-git field 2009-07-09 00:00:26 -04:00
Yaroslav Halchenko d47bfd73d6 added changelog entry about BF 2009-02-05 09:54:22 -05:00
Yaroslav Halchenko e5ca2a97b1 BF: added missing semicolon in a logging template for bind within jail.conf (thanks to anonymous on www.debian-administration.org) 2009-02-02 23:03:48 -05:00
Yaroslav Halchenko 84f3a0c413 Merge branch 'debian' into build
* debian:
  BF: added missing semicolon in a logging template for bind within jail.conf
2009-02-02 23:02:35 -05:00
Yaroslav Halchenko 5fe12cc756 BF: added missing semicolon in a logging template for bind within jail.conf 2009-02-02 23:01:17 -05:00
Yaroslav Halchenko 65159d1498 updated changelog 2009-01-18 11:58:31 -05:00
Yaroslav Halchenko 17165182c9 Merge branch 'debian' into build
* debian:
  adjusted description of bantime/findtime in README.Debian (closes: #507771)
2009-01-18 11:57:12 -05:00
Yaroslav Halchenko de98375553 adjusted description of bantime/findtime in README.Debian (closes: #507771) 2009-01-18 11:56:20 -05:00
Yaroslav Halchenko 463564d590 New changelog entry to describe the merge of upstream
* added example for BREAK-IN in ssh
* Syncing current debian revision to FAIL2BAN-0_8@717 of upstream,
  since it includes fixes to some forwarded bugs. Total list of
  functional changes
  - Added actions to report abuse to ISP, DShield and myNetWatchman.
    Thanks to Russell Odom.
  - Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
  - Added new time format. No idea from where it comes...
  - Added new regex. Thanks to Tobias Offermann.
  - Try to match the regex even if the line does not contain a valid
  date/time. Described in Debian #491253. Thanks to Yaroslav
  Halchenko.
  - Removed "timeregex" and "timepattern" stuff that is not needed
  anymore.
  - Added date template for Day-Month-Year Hour:Minute:Second
    (closes: #491253)
  - Added date pattern for Hour:Minute:Second. Thanks to Andreas
    Itzchak Rehberg.
  - Use current day and month instead of Jan 1st if both are not
    available in the log. Thanks to Andreas Itzchak Rehberg.
  - Improved pattern. Thanks to Yaroslav Halchenko.
  - Merged patches from Debian package. Thanks to Yaroslav Halchenko.
2009-01-18 11:42:13 -05:00
Yaroslav Halchenko 196d4c31d8 BF: addressing added bang to ssh log (closes: #512193). Thanks Silvestre Zabala. 2009-01-18 10:41:13 -05:00
Yaroslav Halchenko f868269362 releasing 0.8.3-2 2008-08-06 15:49:34 -04:00
Yaroslav Halchenko 3f577f7fbf BF in apache-noscript.conf - regexp matched in referer (Closes: #492319). Thanks Bernd Zeimetz. 2008-07-25 13:35:19 -04:00
Yaroslav Halchenko 79442fcc7b adjusted changelog due to merges 2008-07-21 10:40:22 -04:00
Yaroslav Halchenko 8cd185ebbb adjusted changelog for 0.8.3-1 2008-07-21 10:29:24 -04:00
Yaroslav Halchenko 122ef9f306 Merge branch 'debian' into build
* debian:
  Boosted policy compliance to 3.8.0 (no changes needed)
2008-07-21 10:25:51 -04:00
Yaroslav Halchenko 8ab68346b1 Boosted policy compliance to 3.8.0 (no changes needed) 2008-07-21 10:25:32 -04:00
Yaroslav Halchenko bf9e991b4a Merge branch 'debian' into build
* debian: (23 commits)
  Imported Upstream version 0.8.3
  - Prepared for 0.8.3.
  Adjusted vcs paths
  - Prepared for 0.8.3
  - Send file if the number of lines is greater or equal and not only equal to the limit.
  - Use poll instead of select in asyncore.loop. This should solve the "Unknown error 514". Thanks to Michael Geiger and Klaus Lehmann.
  - Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
  - Added and changed some logging level and messages.
  - Added svn:keywords.
  - Added ISO 8601 date/time format.
  - Better (correct) fix for ignoreregex in jail.[conf|local].
  - Fixed ignoreregex processing in fail2ban-client. Thanks to René Berber.
  - Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to Dennis Winter.
  - Added svn:keywords.
  - Added gssftpd filter. Thanks to Kevin Zembower.
  - Changed some log level.
  - Fixed "fail2ban-client get <jail> logpath". Bug #1916986.
  - Fixed PID file while started in daemon mode. Thanks to Christian Jobic who submitted a similar patch.
  - Fixed socket path in redhat and suse init script. Thanks to Jim Wight.
  - Create /var/run/fail2ban during install.
  ...

Conflicts:

	ChangeLog
	config/filter.d/gssftpd.conf
	config/filter.d/pam-generic.conf
	debian/changelog
2008-07-21 10:22:06 -04:00
Yaroslav Halchenko a779bfc655 Adjusted vcs paths 2008-07-17 11:21:51 -04:00
Yaroslav Halchenko a355adcbb2 Changelog entries for 0.8.2-3 2008-05-06 11:10:39 -04:00
Yaroslav Halchenko db62370cea Merge branch 'debian' into build
* debian:
  BF: Assure that /var/run/fail2ban exists upon start (LP: #222804, #223706)
2008-05-06 10:45:11 -04:00
Yaroslav Halchenko 32281ed1aa BF: Assure that /var/run/fail2ban exists upon start (LP: #222804, #223706) 2008-05-06 10:43:57 -04:00
Yaroslav Halchenko 9db84ab727 releasing 0.8.2-2 2008-04-07 10:27:03 -04:00
Yaroslav Halchenko 154c46cdac Merge branch 'debian' into build
* debian:
  BF: Recommends whois, which is used in some actions (LP: #213227)
2008-04-07 10:25:37 -04:00
Yaroslav Halchenko 8207f166e1 BF: Recommends whois, which is used in some actions (LP: #213227) 2008-04-07 10:24:09 -04:00
Yaroslav Halchenko 66c0610809 Merge branch 'debian' into build
* debian:
  added dirs file to create /var/run/fail2ban
2008-03-05 23:54:56 -05:00
Yaroslav Halchenko ef9148cff4 added dirs file to create /var/run/fail2ban 2008-03-05 23:54:30 -05:00
Yaroslav Halchenko db3567e37f Merge branch 'debian' into build
* debian:
  CHANGELOG -> ChangeLog in rules
2008-03-05 23:32:54 -05:00
Yaroslav Halchenko 36f90e4622 CHANGELOG -> ChangeLog in rules 2008-03-05 23:32:42 -05:00
Yaroslav Halchenko 9122f3aab0 Releasing 0.8.2-1 2008-03-05 23:31:20 -05:00
Yaroslav Halchenko 21a7928c64 Merge branch 'debian' into build
* debian:
  2 new jails: xinetd-fail, apache-overflows added to jails.conf
  minor: adjusted comment for named jails to come closer to upstream
  BF: apache-* jails -- authentication failures are recorded in *error.log files, thus paths were adjusted
2008-03-05 23:30:41 -05:00
Yaroslav Halchenko eede41f62b Changelog entries for 0.8.2-1 2008-03-05 23:30:31 -05:00
Yaroslav Halchenko a88fd271c4 2 new jails: xinetd-fail, apache-overflows added to jails.conf 2008-03-05 23:29:36 -05:00
Yaroslav Halchenko 5d6d07508d minor: adjusted comment for named jails to come closer to upstream 2008-03-05 23:18:04 -05:00
Yaroslav Halchenko 15ce210cd0 BF: apache-* jails -- authentication failures are recorded in *error.log files, thus paths were adjusted 2008-03-05 23:14:22 -05:00
Yaroslav Halchenko 9ab6db30c7 Merge branch 'debian' into build
* debian: (56 commits)
  Imported upstream version 0.8.2
  debian/watch: switched to git-import-orig
  - Tag for 0.8.2
  - Updated for 0.8.2
  - Updated e-mail
  - Changed homepage and e-mail
  - Updated copyright.
  - readline is now optional in fail2ban-client (not needed in fail2ban-server).
  - Added svn:keywords
  - Fixed Debian bug #461426
  - Fixed Debian bug #462060
  - Fixed Debian bug #468477
  - Fixed Debian bug #456567
  - Added revision.
  - Added "reload <JAIL>"
  - Replaced "reject" with "drop" in shorwall action. Fix #1854875
  - Replaced "echo" with "printf" in actions. Fix #1839673
  - Catch Exception instead of AttributeError.
  - Absorbed some Debian patches. Thanks to Yaroslav Halchenko.
  - Updated.
  ...

Conflicts:

	config/fail2ban.conf
	config/filter.d/proftpd.conf
	config/filter.d/sshd.conf
	man/fail2ban-client.1
	man/fail2ban-server.1
	server/datestrptime.py
	server/server.py
2008-03-05 22:30:10 -05:00
Yaroslav Halchenko 940d7fa430 debian/watch: switched to git-import-orig 2008-03-05 20:18:50 -05:00
Yaroslav Halchenko e43ea8e1b3 releasing -5 2008-02-28 19:52:37 -05:00
Yaroslav Halchenko 0392274daf added 0.8.1-4 changelog entry. 2008-02-09 22:09:50 -05:00
Yaroslav Halchenko b8d97d0983 Merge branches 'debian', 'deb/specifics', 'up/0.9-0.8', 'up/apache_noscript_extend', 'up/ipmasq', 'up/log_examples', 'up/mail_whois_lines', 'up/named_refused_fixed', 'up/pam_generic', 'up/proftpd_fix+extend', 'up/sshd_refused_connect' and 'up/vsftpd_optional_user' into build
* debian:
  Confirms to policy 3.7.3 (no changes)
  Bye Bye dpatch: now everything is handled in git branches
  removing patches from dpatch system since they are in branches now
  added a  comment to README.Debian and to the list of examples for ipmasq example file
  Fixed == bashism (Closes: #464647). Thanks Raphael Geisser

* deb/specifics:
  slight tune ups in upstream sources destined only for debian are kept in this branch

* up/0.9-0.8:

* up/apache_noscript_extend:
  Extended apache-noscript filter with more file extensions and to react to "script not found or unable to stat" log message (closes: #456565). Thanks Tim Connors

* up/ipmasq:
  Added ipmasq rule file to restart fail2ban when iptables are wiped out (closes: #461417). Thanks Guido Bozzetto

* up/log_examples:
  up/log_examples: moved vsftpd log from up/vsftpd_optional_user
  added examples of log lines (for named-refused, pam-generic, sshd) under files/logs for easy testing

* up/mail_whois_lines:
  mail-whois-lines: moved fix for proper names from dpatch

* up/named_refused_fixed:
  named_refused: moved fix for proper config+filters from dpatch

* up/pam_generic:
  added pam-generic from dpatch

* up/proftpd_fix+extend:
  Fix/extension of proftpd failrexes (Closes: #461412). Thanks Guido Bozzetto

* up/sshd_refused_connect:

* up/vsftpd_optional_user:
  up/vsftpd_optional_user: moving examples into up/examples branch
  BF: vsftp anchoring
2008-02-09 22:02:21 -05:00
Yaroslav Halchenko fc3a57b6c1 Confirms to policy 3.7.3 (no changes) 2008-02-08 01:23:34 -05:00
Yaroslav Halchenko 4b2bd7e776 Bye Bye dpatch: now everything is handled in git branches 2008-02-08 00:52:04 -05:00
Yaroslav Halchenko a832ede291 removing patches from dpatch system since they are in branches now 2008-02-08 00:46:00 -05:00
Yaroslav Halchenko 996da9a3f0 added a comment to README.Debian and to the list of examples for ipmasq example file 2008-02-07 23:43:21 -05:00
Yaroslav Halchenko 0da36545d3 Fixed == bashism (Closes: #464647). Thanks Raphael Geisser 2008-02-07 23:43:21 -05:00
Yaroslav Halchenko 24d8b44c2a * Moved iptables into recommends since fail2ban can work without iptables
using some other action (e.g hosts.deny)
2007-11-23 12:50:39 -05:00
Yaroslav Halchenko fa21222c63 * Moved iptables into recommends since fail2ban can work without iptables
using some other action (e.g hosts.deny)
2007-11-23 12:49:15 -05:00
Yaroslav Halchenko ee25282f34 releasing 0.8.1-3 2007-11-23 11:43:41 -05:00
Yaroslav Halchenko 6b913aafa2 Merge branch 'debian' into build: Vcs fields
Conflicts:

	debian/changelog
2007-11-23 11:10:35 -05:00
Yaroslav Halchenko f8b17f3859 * Added Vcs- fields, moved Homepage into source header's field 2007-11-23 11:09:34 -05:00
Yaroslav Halchenko 4b95233acb Merge branches 'debian' and 'up/sshd_refused_connect' into build: NF: refused connect sshd failregex 2007-11-23 09:02:58 -05:00
Yaroslav Halchenko 46cfc2bbd6 added example for "refused connect" 2007-11-23 09:00:08 -05:00
Yaroslav Halchenko d82257b2f2 Merge branch 'debian' into build: BF: no sftp in ssh jails 2007-11-22 14:34:59 -05:00
Yaroslav Halchenko 1cedd8e02b BF: removed sftp from ssh jails 2007-11-22 14:32:17 -05:00
Yaroslav Halchenko 4aa9bca7ca Merge branch 'up/0.9-0.8' into build and provided debian/changelog 2007-11-11 01:21:44 -05:00
Yaroslav Halchenko 2553e2717a * Added force-start action to init script, so it could be forced
to start if previous run crashed and left a socket file. Must to be
  used with caution.
2007-10-18 22:03:37 -04:00
Yaroslav Halchenko 8d9aca4e20 * Fixed named-refused filter. 2007-10-16 17:02:35 -04:00
Yaroslav Halchenko 99dbe90ad2 releasing 2007-10-16 17:02:35 -04:00
Yaroslav Halchenko 413ec5317e first pre-release version of 0.8.1 2007-10-16 17:02:35 -04:00
Yaroslav Halchenko 0012f9ff92 * (NOT RELEASED YET) New upstream release.
Patches absorbed upstream:
    00_daemon_pids.dpatch
    00_iptables_allports.dpatch
    00_vsftp_filter_spaces.dpatch
    00_resolve_all_names.dpatch
    00_HOST_ignoreregex.dpatch
   Patches which needed some tune-up:
    00_ssh_strong_re.dpatch
    00_mail-whois-lines.dpatch
    00_named_refused.dpatch
2007-10-16 17:02:35 -04:00
Yaroslav Halchenko e10a8616b4 fetched fresh upstream 0.8.1 2007-10-16 17:02:35 -04:00
Yaroslav Halchenko 922b5035ea actually we never released pre-release 2007-10-16 17:02:35 -04:00
Yaroslav Halchenko 85b75c77fb * Resolve all "names" which became a part of <HOST>. Previousely only fqdn's
were resolved
2007-08-13 21:13:59 +00:00
Yaroslav Halchenko c5202ce696 * Added optional spaces at the end of failregex for vsftpd. 2007-08-06 01:39:30 +00:00
Yaroslav Halchenko 58ae2a5a75 * Added new time template matching named log entries 2007-07-30 02:31:35 +00:00
Yaroslav Halchenko 95d17ee318 * Adjusted failregex for sshd filter:
- anchored properly at the end of line, and source code has .examples
    files to perform testing of the rules.
  - added new explicit rule for users not in the AllowUsers lists
2007-07-29 17:20:23 +00:00
Yaroslav Halchenko 3aef16b773 * jail.conf has specification of protocol (default to tcp) to be provided to
banaction
2007-07-25 03:47:32 +00:00
Yaroslav Halchenko 990bd15dd5 specified default protocol (tcp) and specified udp for jail for named 2007-07-25 03:46:41 +00:00
Yaroslav Halchenko ac7e1696d4 fixed named filter to account for optional (cache) 2007-07-24 20:04:20 +00:00
Yaroslav Halchenko 14d3ffc6de * Added a filter for named to catch refused/denied queries 2007-07-24 18:10:05 +00:00
Yaroslav Halchenko 2a3d710cad adjusted pam_generic patch in example to catch ftp 2007-07-24 17:25:38 +00:00
Yaroslav Halchenko d63bea24f5 tuned pam_generic to catch some weird log lines 2007-07-21 02:29:45 +00:00
Yaroslav Halchenko a843d0da04 tuned pam_generic to catch some weird log lines 2007-07-21 02:27:30 +00:00
Yaroslav Halchenko f58421eabf * Use /var/run to keep socket file (closes: #425746) 2007-07-05 17:12:17 +00:00
Yaroslav Halchenko a9ecd98ffe Added port param in jail since otherwise -- crashes 2007-06-25 17:08:49 +00:00
Yaroslav Halchenko 2e55bc57c7 * Added a filter pam_generic to catch any login errors.
* Added iptables-allports.
2007-06-25 16:51:05 +00:00
Yaroslav Halchenko bc0806d459 * Moved <HOST> expansion into regex.py (closes: #429263). Thanks James
Andrewartha.
* Added optional regexp entry for process PID in some entries (closes:
  #426050). Thanks Roderick Schertler.
2007-06-21 01:47:02 +00:00
Yaroslav Halchenko cc5ec4dcde releasing 2007-05-16 18:14:13 +00:00
Yaroslav Halchenko e55dfeaf3a untabified last entry 2007-05-15 14:37:09 +00:00
Yaroslav Halchenko cc1ed23b40 * Applied changes submitted by Bernd Zeimetz (thanks Bernd):
- Removed obsolete Build-Depends-Indep on help2man, python-dev
	- Explicit removal of *.pyc files compiled during build
	- Invoke 'python setup.py clean' in clean target, which required also
	  to move python into Build-Depends
* Minor clean up of debian/rules
2007-05-15 14:26:28 +00:00
Yaroslav Halchenko be824f4e00 adjusted to be prerelease of the package 2007-05-10 15:35:43 +00:00
Yaroslav Halchenko c58a100259 * Manually changing the order of debhelper inserted scripts in prerm
(Closes: #422655)
* Removed obsolete hack to have /bin/env invocation of python for
  fail2ban-* scripts
2007-05-10 15:34:09 +00:00
Yaroslav Halchenko e9397ea375 * New stable upstream release 2007-05-05 16:35:58 +00:00
Yaroslav Halchenko 10718c1036 initial upgrade to 0.8.0 2007-05-05 16:17:50 +00:00
Yaroslav Halchenko d15f9d0206 * New upstream release
* Updated copyright to include current year
* Removed patches absorbed upstream
2007-04-20 01:44:43 +00:00
Yaroslav Halchenko 5dcec130f6 adjusted changelog -- releasing finally 2007-03-26 21:53:30 +00:00
Yaroslav Halchenko 7c30a3097b * Applied post-release upstream changes to resolve issues with
- Close opened handlers to log file
 - Fixed "reload" bug
2007-03-26 21:47:10 +00:00
Yaroslav Halchenko dc21820c80 adjusted paths in patches 2007-03-24 22:40:42 +00:00
Yaroslav Halchenko d345865621 * New upstream release
* Applied post-release changes to resolve issues with gamin and not closed
  on reload log file
2007-03-24 22:27:09 +00:00
Yaroslav Halchenko ee3f91176c * New upstream release (included most of the debian-provided patches -- new
filters and actions)
* Refreshed and made verbatim homepage in description
2007-02-09 03:22:15 +00:00
Yaroslav Halchenko a4c15ea883 * NOT RELEASED YET
* Made homepage in description verbatim
2007-02-07 15:25:11 +00:00
Yaroslav Halchenko 936fee7c40 * Use /usr/bin/python interpreter instead of wrapped call to python by
/usr/bin/env
2007-01-19 16:08:10 +00:00
Yaroslav Halchenko 30eb0566bd making it using /usr/bin/python directly 2007-01-19 15:56:21 +00:00
Yaroslav Halchenko f92e887994 minor more changes 2007-01-19 15:53:21 +00:00
Yaroslav Halchenko 878fa0dedd * Synchronized action.d/iptables-* rules from upstream SVN (closes:
#407561)
* Minor: options renames in the comments to be in sync with upstream
2007-01-19 15:51:11 +00:00
Yaroslav Halchenko e3102eb28a had to rename filter for courierauth 2007-01-18 15:52:48 +00:00
Yaroslav Halchenko 7a1dd9e98c * iptables-multiport is default action to take since Debian kernel arrives
with multiport module. That is to address the fact that most services
  listen on multiple port (for encrypted and non-encrypted connections)
* Added [courierauth] jail (First 2 items are to partially address #407404
2007-01-18 15:41:49 +00:00
Yaroslav Halchenko 85d8604209 removed empty lines 2007-01-04 20:34:41 +00:00
Yaroslav Halchenko 36b1833e31 * Adjusted default log file for postfix to be /var/log/mail.log
(Closes: #404921)
2007-01-04 20:25:45 +00:00
Yaroslav Halchenko acfebf3475 adjusted multiport section as promised in changelog 2007-01-04 20:19:58 +00:00
Yaroslav Halchenko e570f14a5d releasing 2007-01-04 19:48:58 +00:00
Yaroslav Halchenko f01c74581d fixed action_ shortcuts
adjusted initd script to be verbose on start if socketfile exists
2007-01-04 19:47:00 +00:00
Yaroslav Halchenko 7fa686a7f2 * New upstream release, which incorporates fixes introduced in 3~pre
non-released versions (which were suggested to the users to overcome
  problems reported in bug reports). In particular attention should be paid
  to upstream changelog entries

  - Several "failregex" and "ignoreregex" are now accepted.
    Creation of rules should be easier now.
  
    This is an alternative solution to 'multiple <HOST>' entries fix,
    which is not applied to this shipped version - pay cautios if upgrading
    from 0.7.5-3~pre?
 
  - Allow comma in action options. The value of the option must
    be escaped with " or '. 
    That allowed to implement requested ability to ban multiple ports
    at once (See 373592). README.Debian and jail.conf adjusted to reflect
    possible use of iptables-mport
  - Now Fail2ban goes in /usr/share/fail2ban instead of
    /usr/lib/fail2ban. This is more compliant with FHS.
    Patch 00_share_insteadof_lib no longer applied
* Refactored installed by debian package jail.conf:
  - Added option banaction which is to incorporate banning agent
    (usually some flavor of iptables rule), which can then be easily
    overriden globally or per section
  
  - Multiple actions are defined as action_* to serve as shortcuts
2007-01-04 18:08:09 +00:00
Yaroslav Halchenko e8ce484c05 reworked init script a bit: waiting on stop and ping instead of status 2007-01-04 17:03:35 +00:00
Yaroslav Halchenko a81dd8b103 boosted version 2007-01-03 16:09:43 +00:00
Yaroslav Halchenko 97ab74de5f * Not applying patch any more for rigid python2.4 - it is default now in
sid/etch
2007-01-03 16:09:01 +00:00
Yaroslav Halchenko 4d5ec804f5 * Added filter ssh-ddos to fight DDOS attacks. Must be used with caution if
there is a possibility of clients accessing through unreliable connection 
  (Closes: #404487)
2006-12-28 07:28:53 +00:00
Yaroslav Halchenko 832a8a4346 * Moved call to dh_pycentral before dh_installinit
* Removed unnecessary call of dh_shlibdeps
2006-12-22 18:56:51 +00:00
Yaroslav Halchenko ebc5c6106f HOSTisized vsftpd regex 2006-12-22 18:39:57 +00:00
Yaroslav Halchenko caf85bf265 * Made fail2ban-server tollerate multiple <HOST> entries in failregex 2006-12-22 18:36:01 +00:00
Yaroslav Halchenko ae96eaa40c made failregex universal for both PAM and native vsftpd logging 2006-12-22 04:54:14 +00:00
Yaroslav Halchenko 2e992c2353 * Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
(Closes: #404060)
2006-12-21 16:54:39 +00:00
Yaroslav Halchenko 14a2a45dbc releasing 2006-12-10 23:56:17 +00:00
Yaroslav Halchenko 762d1a188a * NEWS.Debian confusions - the latest NEWS entry and postinst message were
rephrased (Closes: #402350)
* Added mail-whois-lines action, which emails log lines containing abuser
  IP. Those lines are often required for proper abuse reports sent to the
  Internet providers.  Forwarding of such received emails to the email
  addresses of abuse departments present in the output of whois is a
  tentative solution for semi-automatic abuse reporting (Closes: #358810)
2006-12-10 23:40:04 +00:00
Yaroslav Halchenko bbb9e6f094 * NEWS.Debian confusions - the latest NEWS entry and postinst message
were rephrased (Closes: #402350)
2006-12-09 23:27:39 +00:00
Yaroslav Halchenko ae58ed091a * Removed obsolete patches left from 0.6
* Adjusted wsftpd patch to use <HOST> tag to be in line with the other
  filter definitions
2006-12-08 02:28:07 +00:00
Yaroslav Halchenko 1755dc2b0a updated the patch to the most recent release 2006-12-08 02:12:22 +00:00
Yaroslav Halchenko 7eac83b12d fresh upstream release 2006-12-08 01:21:42 +00:00
Yaroslav Halchenko 6d3c52a965 slightly corrected description for interpolations/parameters 2006-12-07 23:10:30 +00:00
Yaroslav Halchenko c46b9e0dca * README.Debian describes a bit issue of interpolations vs parameters passed
from jail.{conf,local} into an action or a filter definition (closes:
  #398739)
* Removed Uploaded field from control since I am a DD now. Big thanks to
  Barak Pearlmutter for being the sponsor of my packages for few
  years.
2006-12-07 13:20:51 +00:00
Yaroslav Halchenko 3a738497f8 * Added Suggests on mailx and relevant comments in README.Debian about
invoking mail actions (closes: #396668)
* Removed obsolete entries in TODO and README
* README.Debian describes a bit issue of interpolations vs parameters
  passed from jail.{conf,local} into an action or a filter definition
  (closes: #398739)
* Initial version of postfix filter (closes: #377711)
2006-12-07 04:07:59 +00:00
Yaroslav Halchenko ff491e48fa * Added debian/backports to contain patches necessary for backporting. It
gets used by pbuilder-ssh to create package for backports.org
2006-12-04 13:56:56 +00:00
Yaroslav Halchenko e46346d371 fixed name spoiled by on vaio 2006-11-12 02:20:32 +00:00