github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
fail2ban/debian
History
Yaroslav Halchenko d7dc8f35d1 wrapped with exception handling to avoid crash during pidlock remove -adjusted changelog 2005-10-12 02:13:56 +00:00
..
README.Debian fixed security bug #330827 2005-10-01 06:53:51 +00:00
TODO corrected for proper format of SYSLOG entries 2005-08-19 10:34:03 +00:00
changelog wrapped with exception handling to avoid crash during pidlock remove -adjusted changelog 2005-10-12 02:13:56 +00:00
compat Load fail2ban-0.4.1 into debs/fail2ban/trunk. 2005-07-06 23:10:26 +00:00
control Adjusted description and added logrotate config 2005-08-13 08:31:19 +00:00
copyright fixed address to avoid lintian complains 2005-10-04 06:43:32 +00:00
docs fixed man pages - cross referenced them, placed fail2ban into section 8 2005-08-18 23:40:49 +00:00
logrotate Adjusted description and added logrotate config 2005-08-13 08:31:19 +00:00
postinst added a notification regarding configuration file 2005-10-04 06:36:09 +00:00
rules minor bug 2005-08-19 08:41:52 +00:00
watch merged with upstream. Need to propagate 'Debian' patches into upstream as soon as possible because they lead to conflicts on upgrades 2005-09-09 21:15:41 +00:00

README.Debian 

fail2ban for Debian
-------------------

This package is nearly 100% identical to the upstream version. It was
merely packaged to be installed on a Debian system and due to tight
collaboration with upstream author most of the Debian modifications
penetrate into the next upstream.

Currently the main difference with upstream: python libraries are
placed under /usr/share/fail2ban insteadh of /usr/lib/fail2ban to
comply with policy regarding architecture independent resources.

Default behavior:
-----------------

Only handling of ssh files is enabled by default. If you want to use
fail2ban with apache, please enable apache section manually in
/etc/fail2ban.conf.

Troubleshooting:
---------------

Updated failregex:

To resolve the security bug #330827 [1] failregex expressions must
provide a named group (?P<host>...) as a placeholder of the abuser's
host. The naming of the group was introduced to capture possible
future generalizations of failregex to provide even more
information. At a current point, all named groups are considered as
possible locations of the host addresses, but usually you should need
just a single group (?P<host>...)

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330827

Broken chain:

Currently no checks if an iptables queue generated at the beginning
(fail2ban-http and fail2ban-ssh) exists. So if your firewall resets the iptable
rules -- it is your responsibility to restart fail2ban.  Also you can
augment fwban and fwunban rules and include as first lines full
definitions of fwstart. That is nasty solution and probably it will get
resolved in the future.

Mailing:

As it was reported (bug #329722) you might need to provide a full
e-mail address in fail2ban.conf option MAIL:from to make your mail
server accept that email. I've added @localhost to both MAIL:from and
MAIL:to in the default configuration shipped with Debian. It seems to
work nicely now

See TODO.Debian for more details, as well as the Debian Bug Tracking
system.

 -- Yaroslav O. Halchenko <debian@onerussian.com>, Sat Oct  1 02:47:46 2005