mirror of https://github.com/fail2ban/fail2ban
a0dfb0f9e6 | ||
---|---|---|
.. | ||
README.Debian | ||
TODO | ||
changelog | ||
compat | ||
control | ||
copyright | ||
docs | ||
logrotate | ||
postinst | ||
rules | ||
watch |
README.Debian
fail2ban for Debian ------------------- This package is ~96% identical to the upstream version. Few feature could have been added but not yet propagated into upstream version. Due to tight collaboration with upstream author most of the Debian modifications penetrate into the next upstream. Currently the main difference with upstream: python libraries are placed under /usr/share/fail2ban instead of /usr/lib/fail2ban to comply with policy regarding architecture independent resources. Default behavior: ----------------- Only handling of ssh files is enabled by default. If you want to use fail2ban with apache, please enable apache section manually in /etc/fail2ban.conf or enable section using command line parameter -e in /etc/default/fail2ban to avoid conflicts during upgrade of the config file. Troubleshooting: --------------- Updated failregex: To resolve the security bug #330827 [1] failregex expressions must provide a named group (?P<host>...) as a placeholder of the abuser's host. The naming of the group was introduced to capture possible future generalizations of failregex to provide even more information. At a current point, all named groups are considered as possible locations of the host addresses, but usually you should need just a single group (?P<host>...) [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330827 Mailing: As it was reported (bug #329722) you might need to provide a full e-mail address in fail2ban.conf option MAIL:from to make your mail server accept that email. I've added @localhost to both MAIL:from and MAIL:to in the default configuration shipped with Debian. It seems to work nicely now See TODO.Debian for more details, as well as the Debian Bug Tracking system. Dirty exit: If firewall rules gets cleaned out before fail2ban exits (like was happening with firestarter), errors get reported during the exit of fail2ban, but they are "safe" and can be ignored. Ban time: An IP is banned for "bantime" not since the last failed login attempt from the IP, but rather since the moment when failed login was detected by fail2ban. Thus, if fail2ban gets [re]started, any IP which had enough of failed logins within "findtime" will be banned for "bantime" since [re]start moment, not since the last failed login time. -- Yaroslav O. Halchenko <debian@onerussian.com>, Sun Nov 20 21:44:56 2005