Commit Graph

189 Commits (f54b7bf21424da409a824ef7f38736ea00a6066d)

Author SHA1 Message Date
Yaroslav Halchenko 878fa0dedd * Synchronized action.d/iptables-* rules from upstream SVN (closes:
#407561)
* Minor: options renames in the comments to be in sync with upstream
2007-01-19 15:51:11 +00:00
Yaroslav Halchenko 7a1dd9e98c * iptables-multiport is default action to take since Debian kernel arrives
with multiport module. That is to address the fact that most services
  listen on multiple port (for encrypted and non-encrypted connections)
* Added [courierauth] jail (First 2 items are to partially address #407404
2007-01-18 15:41:49 +00:00
Yaroslav Halchenko 85d8604209 removed empty lines 2007-01-04 20:34:41 +00:00
Yaroslav Halchenko 36b1833e31 * Adjusted default log file for postfix to be /var/log/mail.log
(Closes: #404921)
2007-01-04 20:25:45 +00:00
Yaroslav Halchenko e570f14a5d releasing 2007-01-04 19:48:58 +00:00
Yaroslav Halchenko f01c74581d fixed action_ shortcuts
adjusted initd script to be verbose on start if socketfile exists
2007-01-04 19:47:00 +00:00
Yaroslav Halchenko 7fa686a7f2 * New upstream release, which incorporates fixes introduced in 3~pre
non-released versions (which were suggested to the users to overcome
  problems reported in bug reports). In particular attention should be paid
  to upstream changelog entries

  - Several "failregex" and "ignoreregex" are now accepted.
    Creation of rules should be easier now.
  
    This is an alternative solution to 'multiple <HOST>' entries fix,
    which is not applied to this shipped version - pay cautios if upgrading
    from 0.7.5-3~pre?
 
  - Allow comma in action options. The value of the option must
    be escaped with " or '. 
    That allowed to implement requested ability to ban multiple ports
    at once (See 373592). README.Debian and jail.conf adjusted to reflect
    possible use of iptables-mport
  - Now Fail2ban goes in /usr/share/fail2ban instead of
    /usr/lib/fail2ban. This is more compliant with FHS.
    Patch 00_share_insteadof_lib no longer applied
* Refactored installed by debian package jail.conf:
  - Added option banaction which is to incorporate banning agent
    (usually some flavor of iptables rule), which can then be easily
    overriden globally or per section
  
  - Multiple actions are defined as action_* to serve as shortcuts
2007-01-04 18:08:09 +00:00
Yaroslav Halchenko e8ce484c05 reworked init script a bit: waiting on stop and ping instead of status 2007-01-04 17:03:35 +00:00
Yaroslav Halchenko a81dd8b103 boosted version 2007-01-03 16:09:43 +00:00
Yaroslav Halchenko 97ab74de5f * Not applying patch any more for rigid python2.4 - it is default now in
sid/etch
2007-01-03 16:09:01 +00:00
Yaroslav Halchenko 4d5ec804f5 * Added filter ssh-ddos to fight DDOS attacks. Must be used with caution if
there is a possibility of clients accessing through unreliable connection 
  (Closes: #404487)
2006-12-28 07:28:53 +00:00
Yaroslav Halchenko 832a8a4346 * Moved call to dh_pycentral before dh_installinit
* Removed unnecessary call of dh_shlibdeps
2006-12-22 18:56:51 +00:00
Yaroslav Halchenko ebc5c6106f HOSTisized vsftpd regex 2006-12-22 18:39:57 +00:00
Yaroslav Halchenko caf85bf265 * Made fail2ban-server tollerate multiple <HOST> entries in failregex 2006-12-22 18:36:01 +00:00
Yaroslav Halchenko ae96eaa40c made failregex universal for both PAM and native vsftpd logging 2006-12-22 04:54:14 +00:00
Yaroslav Halchenko 2e992c2353 * Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
(Closes: #404060)
2006-12-21 16:54:39 +00:00
Yaroslav Halchenko 14a2a45dbc releasing 2006-12-10 23:56:17 +00:00
Yaroslav Halchenko 762d1a188a * NEWS.Debian confusions - the latest NEWS entry and postinst message were
rephrased (Closes: #402350)
* Added mail-whois-lines action, which emails log lines containing abuser
  IP. Those lines are often required for proper abuse reports sent to the
  Internet providers.  Forwarding of such received emails to the email
  addresses of abuse departments present in the output of whois is a
  tentative solution for semi-automatic abuse reporting (Closes: #358810)
2006-12-10 23:40:04 +00:00
Yaroslav Halchenko bbb9e6f094 * NEWS.Debian confusions - the latest NEWS entry and postinst message
were rephrased (Closes: #402350)
2006-12-09 23:27:39 +00:00
Yaroslav Halchenko ae58ed091a * Removed obsolete patches left from 0.6
* Adjusted wsftpd patch to use <HOST> tag to be in line with the other
  filter definitions
2006-12-08 02:28:07 +00:00
Yaroslav Halchenko 7eac83b12d fresh upstream release 2006-12-08 01:21:42 +00:00
Yaroslav Halchenko 6d3c52a965 slightly corrected description for interpolations/parameters 2006-12-07 23:10:30 +00:00
Yaroslav Halchenko c46b9e0dca * README.Debian describes a bit issue of interpolations vs parameters passed
from jail.{conf,local} into an action or a filter definition (closes:
  #398739)
* Removed Uploaded field from control since I am a DD now. Big thanks to
  Barak Pearlmutter for being the sponsor of my packages for few
  years.
2006-12-07 13:20:51 +00:00
Yaroslav Halchenko 3a738497f8 * Added Suggests on mailx and relevant comments in README.Debian about
invoking mail actions (closes: #396668)
* Removed obsolete entries in TODO and README
* README.Debian describes a bit issue of interpolations vs parameters
  passed from jail.{conf,local} into an action or a filter definition
  (closes: #398739)
* Initial version of postfix filter (closes: #377711)
2006-12-07 04:07:59 +00:00
Yaroslav Halchenko ff491e48fa * Added debian/backports to contain patches necessary for backporting. It
gets used by pbuilder-ssh to create package for backports.org
2006-12-04 13:56:56 +00:00
Yaroslav Halchenko e46346d371 fixed name spoiled by on vaio 2006-11-12 02:20:32 +00:00
Yaroslav Halchenko 953f6c75b9 ready to buzz Barak 2006-11-12 02:18:47 +00:00
Yaroslav Halchenko b9b30341d4 * Cleaned up debian/rules a bit 2006-11-12 02:11:34 +00:00
Yaroslav Halchenko f8a3605c97 * "Clean" target removes generated .pyc files now (Closes: #398146) 2006-11-12 02:02:23 +00:00
Yaroslav Halchenko 97abba906f forgot to boost version 2006-11-11 00:11:59 +00:00
Yaroslav Halchenko 24ada3c63e * Only block new connects by using a new action iptables-new instead of
iptables (Closes: #350746)
* Updated README.Debian to reflect transition over to 0.7 branch and to
  comment on 350746
2006-11-11 00:10:10 +00:00
Yaroslav Halchenko 5cc9bc9ce6 made ~ version to accumulate more fixes before duploading 2006-11-10 15:56:58 +00:00
Yaroslav Halchenko 6a9ed3501a * Reincarnated logrotate configuration (Closes: #397878)
* no logrotation anymore? (Closes: #397878)
2006-11-10 15:54:34 +00:00
Yaroslav Halchenko 28dad3752c * Warning NEWS entry for 0.7.1 was not shown during installation on test
boxes, thus postinst was adjusted accordingly to inform the user about the
  changes in the configuration files since 0.6.
2006-11-06 14:47:59 +00:00
Yaroslav Halchenko 6e1ec60318 put release to unstable 2006-11-06 14:29:56 +00:00
Yaroslav Halchenko b457f61e74 * Added reload/force-reload actions to init script
* Adjusted jail.conf a bit
2006-11-06 14:23:58 +00:00
Yaroslav Halchenko 2e568c08d6 new upstream 2006-11-02 02:04:57 +00:00
Yaroslav Halchenko 4bbea5b41b * Corrected init.d script to properly perform restart due to server delay to
react to client command to stop. Handling of status was adjusted as well
* Added apache-noscript to jail.conf
* Default action does not send emails to be inline with previous (0.6.x)
  behavior
2006-10-30 03:32:29 +00:00
Yaroslav Halchenko 668ef068cf * Fresh upstream: fixed a bug with not handling error producing
actioncheck call
2006-10-23 21:05:32 +00:00
Yaroslav Halchenko 1e4d6dd059 * debian/{rules,control} adjusted to conform all points in recent python
policy changes
* install under /usr/share instead of /usr/lib
2006-10-23 05:07:52 +00:00
Yaroslav Halchenko 6a2aaa4db7 * Adjusted rule to install man pages -- only .1 files since there are also
h2m sources
2006-10-23 04:49:52 +00:00
Yaroslav Halchenko 37d2abc8ea * Currrent snapshot of trunk
* Removed outdated (applied in 0.7.4 or specific for 0.6.?) patches
  from debian/patches
2006-10-23 04:45:34 +00:00
Yaroslav Halchenko 923d2214d9 added wuftpd to both 0.6 and 0.7 2006-10-18 05:15:53 +00:00
Yaroslav Halchenko 4ea2d8c370 few changelog entries 2006-10-02 19:28:23 +00:00
Yaroslav Halchenko a45fadd183 News about the 0.7 release and adjusted init script so it fails to start if not root 2006-10-02 19:03:58 +00:00
Yaroslav Halchenko 641cd14a40 preliminary packaging of 0.7.3 which gets closer to be used widely, i.e.
could be uploaded to experimental
2006-09-29 04:05:50 +00:00
Yaroslav Halchenko 0ae3032ac8 properly assigned to experimental 2006-09-06 13:35:13 +00:00
Yaroslav Halchenko dae225330c added debian specific patches for the new upstream 2006-09-05 15:16:03 +00:00
Yaroslav Halchenko a4899fabf8 Initial minimalistic but working packaging of fail2ban 0.7.1 2006-09-05 06:10:29 +00:00
Yaroslav Halchenko d125070fa4 now changes in this file are managed via dpatch 2006-08-15 22:13:44 +00:00
Yaroslav Halchenko 6e050675a8 adjusted manpage for fail2ban.conf 2006-08-15 21:35:37 +00:00
Yaroslav Halchenko f85af540cf updated timestamp 2006-07-07 00:20:22 +00:00
Yaroslav Halchenko 7fbc1b16a0 adjusted to comply with recent changed of debian python policy 2006-07-06 21:30:53 +00:00
Yaroslav Halchenko 1f3e33e384 added verbosity patch from one of my branches 2006-07-04 03:36:39 +00:00
Yaroslav Halchenko f7064d36c5 fixed empty ip and somewhat fixed locale issue 2006-07-04 03:03:45 +00:00
Yaroslav Halchenko 4309a11968 rm options adjusted, README.Debian to fix 373592 2006-06-14 16:22:43 +00:00
Yaroslav Halchenko 7b93d4ded5 section for saslauthd 2006-05-30 14:19:08 +00:00
Yaroslav Halchenko 2f930dfa76 now apache2 bug gets closed 2006-05-28 03:32:24 +00:00
Yaroslav Halchenko fc9b8a887f added proftpd section, adjusted vsftpd patch to dont interfer. boosted debian revision 2006-05-28 03:13:56 +00:00
Yaroslav Halchenko 1fbcf9a9a5 removed bashism from init.d script 2006-05-22 19:38:51 +00:00
Yaroslav Halchenko 537399dbc9 placed binary-arch target back to comply with the policy 2006-05-16 20:46:27 +00:00
Yaroslav Halchenko ac9362ae5b fixed binary-indep binary-arch separation 2006-05-16 20:28:31 +00:00
Yaroslav Halchenko e801352c78 removed compilation of *.pyc 2006-05-16 20:11:05 +00:00
Yaroslav Halchenko 302c1b1c4b debhelper and dpatch belong to Build-Depends now 2006-05-16 20:08:32 +00:00
Yaroslav Halchenko 9af3da8b57 small clean up 2006-05-16 19:59:38 +00:00
Yaroslav Halchenko 589fb2a217 migrated to using dpatch. fixed vsftpd regexp 2006-05-10 18:01:06 +00:00
Yaroslav Halchenko 4fa38338d7 merged with proposed init.d script from Aaron 2006-04-28 04:13:23 +00:00
Yaroslav Halchenko a3badc1fff small adjustments in copyright and watch 2006-04-25 19:58:36 +00:00
Yaroslav Halchenko 8123a4886a modified maxreinits 2006-03-27 17:56:38 +00:00
Yaroslav Halchenko 73074157ac proper version for Barak 2006-03-20 00:41:27 +00:00
Yaroslav Halchenko 49bf5a991b added fwchain 2006-03-19 23:45:52 +00:00
Yaroslav Halchenko 4fa0eba064 merged with upstream release 0.6.1 2006-03-19 05:20:44 +00:00
Yaroslav Halchenko 49e8d86983 finalized at -8 revision -- now will upgrade to 0.6.1 upstream 2006-03-17 00:38:23 +00:00
Yaroslav Halchenko 193a98c97a rearranging, cleaning up2 2006-03-11 06:02:46 +00:00
Yaroslav Halchenko 7693ede193 rearranging, cleaning up 2006-03-11 06:02:22 +00:00
Yaroslav Halchenko 899c6d54df fixed a typo in failregex for SSH 2006-03-09 20:23:46 +00:00
Yaroslav Halchenko 0321fd4689 added postrm script to clean up the log files 2006-03-05 19:51:01 +00:00
Yaroslav Halchenko b3dd9fd5ab For capitalized nasty log entries of sshd 2006-03-03 21:37:05 +00:00
Yaroslav Halchenko f22d4912c2 Fixed Apache section to point at error.log 2006-02-26 01:04:17 +00:00
Yaroslav Halchenko 5ca08578af ready for Barak"s upload 2006-02-18 01:43:00 +00:00
Yaroslav Halchenko 73f0ed8976 changed ownership of all existing logs 2006-02-16 16:23:05 +00:00
Yaroslav Halchenko b00161f7ec fixed #352053 2006-02-16 15:53:38 +00:00
Yaroslav Halchenko 438e4edfd8 moved dh_python into binary-indep, added another regex for attacks 2006-02-16 15:43:35 +00:00
Yaroslav Halchenko eb4047f85c fixed timeregex for apache 2006-02-10 18:08:01 +00:00
Yaroslav Halchenko 38fa465cae less failures required for Attacks 2006-01-25 15:32:50 +00:00
Yaroslav Halchenko 9cf01b2dac relaxed regex for awstat.pl a bit 2006-01-25 15:12:44 +00:00
Yaroslav Halchenko 27b0bdfd22 added awstats.pl capturer 2006-01-25 14:58:52 +00:00
Yaroslav Halchenko 55d7440fe1 decided to use "interpolations" in the config file to make it more readable 2006-01-15 20:18:39 +00:00
Yaroslav Halchenko a0dfb0f9e6 minor - removed default private networks from safe list 2006-01-15 20:07:07 +00:00
Yaroslav Halchenko 7d9c08bc22 fix for bug #343821: path is not appended but inserted first 2005-12-19 15:50:01 +00:00
Yaroslav Halchenko 1d6d67f95f minor notes 2005-11-21 02:50:08 +00:00
Yaroslav Halchenko 542939e7c7 minor adjustment 2005-11-21 01:48:57 +00:00
Yaroslav Halchenko bd3d510f96 merged with upstream 0.6.0 2005-11-21 01:43:13 +00:00
Yaroslav Halchenko 3e2a09cdf7 fixes race condition bug #339133 2005-11-20 19:53:37 +00:00
Yaroslav Halchenko 8ce3c2c19e fixed init.d script so it doesn"t fail on stop action if fail2ban is not running 2005-11-03 22:18:40 +00:00
Yaroslav Halchenko 6efa9597c9 fixed changelog back to normal... damn -svn-tag-only 2005-10-31 22:08:56 +00:00
Yaroslav Halchenko 909f05351e added localtime config option to MAIL 2005-10-31 22:04:11 +00:00
Yaroslav Halchenko 1e0cb0326e decided to swith to proper debian versioning 2005-10-21 01:22:59 +00:00
Yaroslav Halchenko a1509ae1e4 init.d script fixed 2005-10-21 01:20:17 +00:00
Yaroslav Halchenko f322d7205a Trying to fix it up a bit 2005-10-20 17:46:13 +00:00