fail2ban/debian/README.Debian

fail2ban for Debian
-------------------

This package is nearly 100% identical to the upstream version. It was
merely packaged to be installed on a Debian system and due to tight
collaboration with upstream author most of the Debian modifications
penetrate into the next upstream.

Currently the main difference with upstream: python libraries are
placed under /usr/share/fail2ban insteadh of /usr/lib/fail2ban to
comply with policy regarding architecture independent resources.

Default behavior:
-----------------

Only handling of ssh files is enabled by default. If you want to use
fail2ban with apache, please enable apache section manually in
/etc/fail2ban.conf.

Troubleshooting:
---------------

Updated failregex:

To resolve the security bug #330827 [1] failregex expressions must
provide a named group (?P<host>...) as a placeholder of the abuser's
host. The naming of the group was introduced to capture possible
future generalizations of failregex to provide even more
information. At a current point, all named groups are considered as
possible locations of the host addresses, but usually you should need
just a single group (?P<host>...)

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330827

Mailing:

As it was reported (bug #329722) you might need to provide a full
e-mail address in fail2ban.conf option MAIL:from to make your mail
server accept that email. I've added @localhost to both MAIL:from and
MAIL:to in the default configuration shipped with Debian. It seems to
work nicely now

See TODO.Debian for more details, as well as the Debian Bug Tracking
system.

Dirty exit:

If firewall rules gets cleaned out before fail2ban exits (like was
happening with firestarter), errors get reported during the exit of
fail2ban, but they are "safe" and can be ignored.

 -- Yaroslav O. Halchenko <debian@onerussian.com>, Thu Oct 20 13:24:56 2005