mirror of https://github.com/fail2ban/fail2ban
64 lines
2.3 KiB
Plaintext
64 lines
2.3 KiB
Plaintext
fail2ban for Debian
|
|
-------------------
|
|
|
|
This package is ~96% identical to the upstream version. Few feature
|
|
could have been added but not yet propagated into upstream
|
|
version. Due to tight collaboration with upstream author most of the
|
|
Debian modifications penetrate into the next upstream.
|
|
|
|
Currently the main difference with upstream: python libraries are
|
|
placed under /usr/share/fail2ban instead of /usr/lib/fail2ban to
|
|
comply with policy regarding architecture independent resources.
|
|
|
|
Default behavior:
|
|
-----------------
|
|
|
|
Only handling of ssh files is enabled by default. If you want to use
|
|
fail2ban with apache, please enable apache section manually in
|
|
/etc/fail2ban.conf or enable section using command line parameter -e
|
|
in /etc/default/fail2ban to avoid conflicts during upgrade of the
|
|
config file.
|
|
|
|
Troubleshooting:
|
|
---------------
|
|
|
|
Updated failregex:
|
|
|
|
To resolve the security bug #330827 [1] failregex expressions must
|
|
provide a named group (?P<host>...) as a placeholder of the abuser's
|
|
host. The naming of the group was introduced to capture possible
|
|
future generalizations of failregex to provide even more
|
|
information. At a current point, all named groups are considered as
|
|
possible locations of the host addresses, but usually you should need
|
|
just a single group (?P<host>...)
|
|
|
|
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330827
|
|
|
|
Mailing:
|
|
|
|
As it was reported (bug #329722) you might need to provide a full
|
|
e-mail address in fail2ban.conf option MAIL:from to make your mail
|
|
server accept that email. I've added @localhost to both MAIL:from and
|
|
MAIL:to in the default configuration shipped with Debian. It seems to
|
|
work nicely now
|
|
|
|
See TODO.Debian for more details, as well as the Debian Bug Tracking
|
|
system.
|
|
|
|
Dirty exit:
|
|
|
|
If firewall rules gets cleaned out before fail2ban exits (like was
|
|
happening with firestarter), errors get reported during the exit of
|
|
fail2ban, but they are "safe" and can be ignored.
|
|
|
|
Ban time:
|
|
|
|
An IP is banned for "bantime" not since the last failed login attempt
|
|
from the IP, but rather since the moment when failed login was
|
|
detected by fail2ban. Thus, if fail2ban gets [re]started, any IP which
|
|
had enough of failed logins within "findtime" will be banned for
|
|
"bantime" since [re]start moment, not since the last failed login
|
|
time.
|
|
|
|
-- Yaroslav O. Halchenko <debian@onerussian.com>, Sun Nov 20 21:44:56 2005
|