Menu
▾
▴
fail2ban-commit — Fail2ban commit notification list
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(24) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(31) |
Feb
(17) |
Mar
(14) |
Apr
(5) |
May
(14) |
Jun
(8) |
Jul
(9) |
Aug
(14) |
Sep
(4) |
Oct
(5) |
Nov
(3) |
Dec
(14) |
| 2008 |
Jan
(6) |
Feb
(5) |
Mar
(29) |
Apr
(6) |
May
(12) |
Jun
|
Jul
(5) |
Aug
(7) |
Sep
|
Oct
(5) |
Nov
|
Dec
|
| 2009 |
Jan
(7) |
Feb
(8) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(17) |
Sep
(6) |
Oct
|
Nov
|
Dec
(2) |
| 2010 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
(3) |
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
(10) |
Apr
|
May
(1) |
Jun
(2) |
Jul
(3) |
Aug
(9) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: <yar...@us...> - 2011-09-24 02:28:51
|
Revision: 784
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=784&view=rev
Author: yarikoptic
Date: 2011-09-24 02:28:45 +0000 (Sat, 24 Sep 2011)
Log Message:
-----------
BF: Lock server's executeCmd to prevent racing among iptables calls (Closes: #554162)
Many kudos go to Michael Saavedra for the solution and the patch.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/server/action.py
Modified: branches/FAIL2BAN-0_8/server/action.py
===================================================================
--- branches/FAIL2BAN-0_8/server/action.py 2011-08-07 02:41:08 UTC (rev 783)
+++ branches/FAIL2BAN-0_8/server/action.py 2011-09-24 02:28:45 UTC (rev 784)
@@ -25,11 +25,15 @@
__license__ = "GPL"
import logging, os
+import threading
#from subprocess import call
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban.actions.action")
+# Create a lock for running system commands
+_cmd_lock = threading.Lock()
+
##
# Execute commands.
#
@@ -301,17 +305,21 @@
#@staticmethod
def executeCmd(realCmd):
logSys.debug(realCmd)
- try:
- # The following line gives deadlock with multiple jails
- #retcode = call(realCmd, shell=True)
- retcode = os.system(realCmd)
- if retcode == 0:
- logSys.debug("%s returned successfully" % realCmd)
- return True
- else:
- logSys.error("%s returned %x" % (realCmd, retcode))
- except OSError, e:
- logSys.error("%s failed with %s" % (realCmd, e))
+ _cmd_lock.acquire()
+ try: # Try wrapped within another try needed for python version < 2.5
+ try:
+ # The following line gives deadlock with multiple jails
+ #retcode = call(realCmd, shell=True)
+ retcode = os.system(realCmd)
+ if retcode == 0:
+ logSys.debug("%s returned successfully" % realCmd)
+ return True
+ else:
+ logSys.error("%s returned %x" % (realCmd, retcode))
+ except OSError, e:
+ logSys.error("%s failed with %s" % (realCmd, e))
+ finally:
+ _cmd_lock.release()
return False
executeCmd = staticmethod(executeCmd)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: Craig S. <jac...@gm...> - 2011-08-15 23:32:11
|
Heres a conf for squid. Just thought I'd share. -- - Jackie *"Craig"* Sparks - *"Focus on Solutions not Problems"* Email0: Jac...@gm... http://chunkhost.com/r/getachunk - Support my VPS host sign up now http://www.sparkscomm.com http://sparkscomm.com/wordpress/resume http://www.facebook.com/profile.php?ref=profile&id=100000140654932 https://www.scriptlance.com/cgi-bin/freelancers/feedback.cgi?p=rwtskraps http://twitter.com/#!/skraps_foo http://skraps.pastebin.com -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) mQINBE1kJ5YBEAC1w4t0k7lLyBuikRUSZfvsigSR1IRASTuU5X2o443E/7fPYo/m kwDwc8uqzwCvvuV9ziZgv5+KFZ8eUUrTN1TTc8zu4hMX9xt1l8nBRHYb2jrTBXKF 9Hu85CSN1WKc+FJSFtZgdpi8Vo0jgPgNQS9C/Vndei94O3/PukrE7dn17HISbCw/ svAF/Y1MrwtcV20lZqnEf5RYddvuN86FxM77SyF9PdlSzFuIVMKa2zDSUHRNqWId Y/e+mObf/kJdA0tHaQHwEX4VlX7o504v8Jqnjq1WeiebHp0wKHouSF+Inmift9PK 0MQQkDOG6MFRlK3cWt0LIPGDl31ZlfkTSH21XETEQjKTM5Afmdmv2zHi1z0q5YQY iaUClUSMLzx4gJQg3G/Rfx+VMDRrVW5nkDLMYuce7Fdutw3zVcH5bxs+T6+nqgqL DK1SPmNW6dyxOjkDVs0/5AwOx+1mb0R5u7vFyrTOr7PV4ZpI9ejTwRx0PBptj8pb +f5Vp4B177fvL5clY61MwojIdW+3aobP912PY/ffR9t3uN1bmYoy0tdFHvnhAuxs qA6qEriRp3Oz5xhpSIUKAngsuuQh9dd915LoRFKMsh1PLCGEcPy+sFCGPppFJg79 Df5MeSHBqDhq/ofml2xS9XzYFNAmgzJ1RWBYTe45C/iKu0/rHb+GsDT2iwARAQAB tDNKYWNraWUgQ3JhaWcgU3BhcmtzIDxqYWNraWUuY3JhaWcuc3BhcmtzQGdtYWls LmNvbT6JAjgEEwECACIFAk1kJ5YCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA AAoJEN3TA3S+FcwAMeMP/R5nOm0eLywi1oZkA+NTQctJ9mMhmAgbUJnGvu5vG0YS dQ1NhyJdZ/oKtqZdLtaFv3blenBZIMf45qIhlzm2JXpHXGCoWbPtu9sRnwfA+IQi ohlk8D6i2Gf+NTbp5SJtwUBlkws61isJmN/RbPyS79V7R0RnUW0Uc2y6TpvTx523 7geS3+sVPKuVxnp6Q7SySodv+Tlxy+P/brmANEeGMZAjPMTgqLHg9Js6ZkZ/HrWQ EEZD3W8n/DU1KMOTr96BfDAGEGZZAWS78GQvQy0Jff9g9eNnept+bntpy+i0NTUS mRq+uGGKfzIZudKr066ILaH2YIWf9YBWyrhfnpESmTnv65Uvca4V+b1vzV0wbKl7 UUacuFOn5BdAcVIT9L3IAsOMZWZOmHIB6c28mv3BDT25kS5t+mhzf7t+ppPLb83S 6uYlitgWLrpjgDrY2UFVWbvVxfiN9G4qhS2IOpRpvBQVTN3iTlHQ2keBfCUfOnOd 1cmJtvh57wCKDvjapPrzEjhUDor27HGM6XhaPV7DpSLeUBjZcSmWtoSB/Ff0LTVu ChP2oiaqUWW8QkYayCye6sviCsdW+bfCwA9kBZmNXDM49qC951pmKvOY4bKNSmbk O17BwgRoNDB2BVC7zA29J6I+dzlWydDk1DsxCcNffoeeEkMDcjZEnCVySEv8vStL uQINBE1kJ5YBEADfM60c5yMCZqjb6pbn38RGIjoN9El/GvByX3h5jaWp04eJcc07 VSwetzF3h/q3BL4nVgyUykZr7eOr9TomimgsaWXS+Vf99uXGujQVrXMWU0H5zfhN et+smsP97J+YOVM3tJD30XEJwFRFWU5oTjG/AQml9/1AC4RgEmIauphS/aRo4TG1 yRqqp6XMAnPsWAacPt3eZA/HH4LbLZcxfpC/mx9F/QKM/bMV1TdRHwAIFavw5yl1 CCVxC/YuDyOiczAiZoOS7syUwCfVmVk8HxbI3IqhK31AN2Qviq5fq8iTTR+xkjFK 7XR7UKKuig5vk4AUiZPlVf4OgDCpJAQIU7HEc0Wpfo1WfcVfxkEH2Jl7K1EUACCU oIx2BGGs5x/O1cXx0aHZUfo6kWVUoXKXgJeMFL2KvBn4a+BkzdpI6TLJFiifOkDK ZbwVV/GDn6t1xCqz2gVLK+PDfv4tdD7lKWUN9C1pH5rB3XXI4MtegD/DR/08D8Yw bdF57ZKbruMxdV1Q3eHcFhJFyqs82suygxCfTlBOIoAV0dkTSbVi1bkcBKSh9gk0 k19cFzvO3S72NEwQrZcs0uBhUX3HDhx0eFQtGPEyZl/77e554DDJ3MQUCGeGmFSO w1/7p3lDCAIGtIr4sSLUUyQn7h0RbfFZwBwzZrh9nMmDbhWibJurul3/kQARAQAB iQIfBBgBAgAJBQJNZCeWAhsMAAoJEN3TA3S+FcwAUf8P/2zUCvOOX0viuC3nI0ZR 3bXWBobv5Fs0Fb3A6O8DVzXLsNsC3WoHdvqRlxHT4fHuKuDAjOj3XHsqntKe+omC PXSIrHGsKK3va3FnLSRMUqQ45zTXc2rNRW+FYMr0EsIAeBcWK17DbfSBuVJxUx0I Hs9AgJZ+w+YBcNnp0/gKyN7EjETdJJUo2t2zNv7FEf/hLIBFddYL2clxrlRlD+aR 5eQ/BNIJOu+T8jENb3zdbee+aC9ZJ5waFlDSBirFwsDOdJHTxXwZ1fb9YlQBmTNI mERLlI2VBIV5FdANpnsm9kczJiQGLZajfgylEglwJ3TSo4x1CM9Kwmo1XDK39ZV4 7rurtx5/Pzukd9Kyy6v3BLUkA8toE4U3y9TeHCQcC8IfjEJU8qMu1t0H++Yl0ikN sRpY1vfsEVv9txuKVQxXPxD6nZMe8Edhn5SMRtbe2XmM1NKT8WLvjNmd1wWWP6+E Ucx5/kcvxlPmDmmdLqUpTrRcTfs5iwKf3TiQyl4eFNXZs4tXy/Bv5JFTSx5l5PSD nBitamN/G+rYoYmdAvwiW3Cnf2LdYWYH2V3wNeTd1vthg3AeQPB9rhLbvtsjwmIP lZETXNjsVlJRB595j9vDfy8qiUzg93OO3pdKRzr1cxWyyt6uNzGiOPTJiN02lp6a VPd1isDqohZq35dMK3SYoOzH =NjkE -----END PGP PUBLIC KEY BLOCK----- |
|
From: <yar...@us...> - 2011-08-07 02:41:15
|
Revision: 783
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=783&view=rev
Author: yarikoptic
Date: 2011-08-07 02:41:08 +0000 (Sun, 07 Aug 2011)
Log Message:
-----------
BF: Allow for trailing spaces in sasl logs
Modified Paths:
--------------
branches/FAIL2BAN-0_8/config/filter.d/sasl.conf
Modified: branches/FAIL2BAN-0_8/config/filter.d/sasl.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/sasl.conf 2011-07-29 02:31:38 UTC (rev 782)
+++ branches/FAIL2BAN-0_8/config/filter.d/sasl.conf 2011-08-07 02:41:08 UTC (rev 783)
@@ -14,7 +14,7 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
-failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?$
+failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-07-29 02:31:45
|
Revision: 782
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=782&view=rev
Author: yarikoptic
Date: 2011-07-29 02:31:38 +0000 (Fri, 29 Jul 2011)
Log Message:
-----------
Create tag FAIL2BAN-0_8_5
Added Paths:
-----------
tags/FAIL2BAN-0_8_5/
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-07-29 02:31:10
|
Revision: 781
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=781&view=rev
Author: yarikoptic
Date: 2011-07-29 02:31:01 +0000 (Fri, 29 Jul 2011)
Log Message:
-----------
for 0.8.5 release -- changelog + version
Modified Paths:
--------------
branches/FAIL2BAN-0_8/ChangeLog
branches/FAIL2BAN-0_8/README
branches/FAIL2BAN-0_8/common/version.py
Modified: branches/FAIL2BAN-0_8/ChangeLog
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog 2011-07-29 02:08:31 UTC (rev 780)
+++ branches/FAIL2BAN-0_8/ChangeLog 2011-07-29 02:31:01 UTC (rev 781)
@@ -4,9 +4,47 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
-Fail2Ban (version 0.8.4) 2009/09/07
+Fail2Ban (version 0.8.5) 2011/07/28
================================================================================
+ver. 0.8.5 (2011/07/28) - stable
+----------
+- Fix: use addfailregex instead of failregex while processing per-jail
+ "failregex" parameter (Fixed Debian bug #635830, LP: #635036). Thanks to
+ Marat Khayrullin for the patch and Daniel T Chen for forwarding to
+ Debian.
+- Fix: use os.path.join to generate full path - fixes includes in configs
+ given local filename (5 weeks ago) [yarikoptic]
+- Fix: allowed for trailing spaces in proftpd logs
+- Fix: escaped () in pure-ftpd filter. Thanks to Teodor
+- Fix: allowed space in the trailing of failregex for sasl.conf:
+ see http://bugs.debian.org/573314
+- Fix: use /var/run/fail2ban instead of /tmp for temp files in actions:
+ see http://bugs.debian.org/544232
+- Fix: Tai64N stores time in GMT, needed to convert to local time before
+ returning
+- Fix: disabled named-refused-udp jail entirely with a big fat warning
+- Fix: added time module. Bug reported in buanzo's blog:
+ see http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
+- Fix: Patch to make log file descriptors cloexec to stop leaking file
+ descriptors on fork/exec. Thanks to Jonathan Underwood:
+ see https://bugzilla.redhat.com/show_bug.cgi?id=230191#c24
+- Enhancement: added author for dovecot filter and pruned unneeded space
+ in the regexp
+- Enhancement: proftpd filter -- if login failed -- count regardless of the
+ reason for failure
+- Enhancement: added <chain> to action.d/iptables*. Thanks to Matthijs Kooijman:
+ see http://bugs.debian.org/515599
+- Enhancement: added filter.d/dovecot.conf from Martin Waschbuesch
+- Enhancement: made filter.d/apache-overflows.conf catch more:
+ see http://bugs.debian.org/574182
+- Enhancement: added dropbear filter from Francis Russell and Zak B. Elep:
+ see http://bugs.debian.org/546913
+- Enhancement: changed default ignoreip to ignore entire loopback zone (/8):
+ see http://bugs.debian.org/598200
+- Minor: spell-checked jail.conf. Thanks to Christoph Anton Mitterer
+- Few minor cosmetic changes
+
ver. 0.8.4 (2009/09/07) - stable
----------
- Check the inode number for rotation in addition to checking the first line of
Modified: branches/FAIL2BAN-0_8/README
===================================================================
--- branches/FAIL2BAN-0_8/README 2011-07-29 02:08:31 UTC (rev 780)
+++ branches/FAIL2BAN-0_8/README 2011-07-29 02:31:01 UTC (rev 781)
@@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
================================================================================
-Fail2Ban (version 0.8.4) 2009/09/07
+Fail2Ban (version 0.8.5) 2011/07/26
================================================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many
Modified: branches/FAIL2BAN-0_8/common/version.py
===================================================================
--- branches/FAIL2BAN-0_8/common/version.py 2011-07-29 02:08:31 UTC (rev 780)
+++ branches/FAIL2BAN-0_8/common/version.py 2011-07-29 02:31:01 UTC (rev 781)
@@ -21,7 +21,7 @@
__author__ = "Cyril Jaquier"
__version__ = "$Revision$"
__date__ = "$Date$"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011 Yaroslav Halchenko"
__license__ = "GPL"
-version = "0.8.4-SVN"
+version = "0.8.5"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-07-29 02:08:37
|
Revision: 780
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=780&view=rev
Author: yarikoptic
Date: 2011-07-29 02:08:31 +0000 (Fri, 29 Jul 2011)
Log Message:
-----------
BF: use addfailregex instead of failregex while processing per-jail "failregex" parameter (Closes: #635830) (LP: #635036)
patch from Marat Khayrullin received in Ubuntu BTS. Otherwise custom per-jail
failregex forbidded fail2ban from starting
Modified Paths:
--------------
branches/FAIL2BAN-0_8/client/jailreader.py
Modified: branches/FAIL2BAN-0_8/client/jailreader.py
===================================================================
--- branches/FAIL2BAN-0_8/client/jailreader.py 2011-06-27 03:40:16 UTC (rev 779)
+++ branches/FAIL2BAN-0_8/client/jailreader.py 2011-07-29 02:08:31 UTC (rev 780)
@@ -120,7 +120,7 @@
elif opt == "bantime":
stream.append(["set", self.__name, "bantime", self.__opts[opt]])
elif opt == "failregex":
- stream.append(["set", self.__name, "failregex", self.__opts[opt]])
+ stream.append(["set", self.__name, "addfailregex", self.__opts[opt]])
elif opt == "ignoreregex":
for regex in self.__opts[opt].split('\n'):
# Do not send a command if the rule is empty.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-06-27 03:40:22
|
Revision: 779
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=779&view=rev
Author: yarikoptic
Date: 2011-06-27 03:40:16 +0000 (Mon, 27 Jun 2011)
Log Message:
-----------
BF: use os.path.join to generate full path - fixes includes in configs given local filename
Modified Paths:
--------------
branches/FAIL2BAN-0_8/client/configparserinc.py
Modified: branches/FAIL2BAN-0_8/client/configparserinc.py
===================================================================
--- branches/FAIL2BAN-0_8/client/configparserinc.py 2011-06-27 03:40:08 UTC (rev 778)
+++ branches/FAIL2BAN-0_8/client/configparserinc.py 2011-06-27 03:40:16 UTC (rev 779)
@@ -86,7 +86,7 @@
if os.path.isabs(newResource):
r = newResource
else:
- r = "%s/%s" % (resourceDir, newResource)
+ r = os.path.join(resourceDir, newResource)
if r in seen:
continue
s = seen + [resource]
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-06-27 03:40:14
|
Revision: 778
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=778&view=rev
Author: yarikoptic
Date: 2011-06-27 03:40:08 +0000 (Mon, 27 Jun 2011)
Log Message:
-----------
very minor -- uniform indentation in example
Modified Paths:
--------------
branches/FAIL2BAN-0_8/client/configparserinc.py
Modified: branches/FAIL2BAN-0_8/client/configparserinc.py
===================================================================
--- branches/FAIL2BAN-0_8/client/configparserinc.py 2011-05-07 03:16:40 UTC (rev 777)
+++ branches/FAIL2BAN-0_8/client/configparserinc.py 2011-06-27 03:40:08 UTC (rev 778)
@@ -43,7 +43,7 @@
[INCLUDES]
before = 1.conf
- 3.conf
+ 3.conf
after = 1.conf
@@ -54,8 +54,8 @@
the tree.
I wasn't sure what would be the right way to implement generic (aka c++
- template) so we could base at any *configparser class... so I will
- leave it for the future
+ template) so we could base at any *configparser class... so I will
+ leave it for the future
"""
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-05-07 03:16:47
|
Revision: 777
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=777&view=rev
Author: yarikoptic
Date: 2011-05-07 03:16:40 +0000 (Sat, 07 May 2011)
Log Message:
-----------
BF: use standard/reserved example.com instead of mail.com
Adapted from fail2ban-0.8.4-examplemail.patch in Fedora:
http://sophie.zarb.org/sources/fail2ban/fail2ban-0.8.4-examplemail.patch
Modified Paths:
--------------
branches/FAIL2BAN-0_8/config/jail.conf
branches/FAIL2BAN-0_8/files/nagios/check_fail2ban
Property Changed:
----------------
branches/FAIL2BAN-0_8/files/nagios/check_fail2ban
Modified: branches/FAIL2BAN-0_8/config/jail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/jail.conf 2011-03-23 21:38:26 UTC (rev 776)
+++ branches/FAIL2BAN-0_8/config/jail.conf 2011-05-07 03:16:40 UTC (rev 777)
@@ -45,7 +45,7 @@
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
- sendmail-whois[name=SSH, des...@ma..., sen...@ma...]
+ sendmail-whois[name=SSH, des...@ex..., sen...@ex...]
logpath = /var/log/sshd.log
maxretry = 5
@@ -54,7 +54,7 @@
enabled = false
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
- sendmail-whois[name=ProFTPD, des...@ma...]
+ sendmail-whois[name=ProFTPD, des...@ex...]
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
@@ -66,7 +66,7 @@
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
- sendmail-whois[name=sasl, des...@ma...]
+ sendmail-whois[name=sasl, des...@ex...]
logpath = /var/log/mail.log
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
@@ -77,7 +77,7 @@
enabled = false
filter = sshd
action = hostsdeny
- sendmail-whois[name=SSH, des...@ma...]
+ sendmail-whois[name=SSH, des...@ex...]
ignoreregex = for myuser from
logpath = /var/log/sshd.log
@@ -101,7 +101,7 @@
enabled = false
filter = postfix
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
- sendmail[name=Postfix, des...@ma...]
+ sendmail[name=Postfix, des...@ex...]
logpath = /var/log/postfix.log
bantime = 300
@@ -112,7 +112,7 @@
enabled = false
filter = vsftpd
-action = sendmail-whois[name=VSFTPD, des...@ma...]
+action = sendmail-whois[name=VSFTPD, des...@ex...]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
@@ -124,7 +124,7 @@
enabled = false
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
- sendmail-whois[name=VSFTPD, des...@ma...]
+ sendmail-whois[name=VSFTPD, des...@ex...]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
@@ -137,7 +137,7 @@
enabled = false
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
- sendmail-buffered[name=BadBots, lines=5, des...@ma...]
+ sendmail-buffered[name=BadBots, lines=5, des...@ex...]
logpath = /var/www/*/logs/access_log
bantime = 172800
maxretry = 1
@@ -149,7 +149,7 @@
enabled = false
filter = apache-noscript
action = shorewall
- sendmail[name=Postfix, des...@ma...]
+ sendmail[name=Postfix, des...@ex...]
logpath = /var/log/apache2/error_log
# Ban attackers that try to use PHP's URL-fopen() functionality
@@ -190,7 +190,7 @@
enabled = false
filter = sshd
action = ipfw[localhost=192.168.0.1]
- sendmail-whois[name="SSH,IPFW", des...@ma...]
+ sendmail-whois[name="SSH,IPFW", des...@ex...]
logpath = /var/log/auth.log
ignoreip = 168.192.0.1
@@ -224,7 +224,7 @@
# enabled = false
# filter = named-refused
# action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
-# sendmail-whois[name=Named, des...@ma...]
+# sendmail-whois[name=Named, des...@ex...]
# logpath = /var/log/named/security.log
# ignoreip = 168.192.0.1
@@ -235,7 +235,7 @@
enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
- sendmail-whois[name=Named, des...@ma...]
+ sendmail-whois[name=Named, des...@ex...]
logpath = /var/log/named/security.log
ignoreip = 168.192.0.1
Modified: branches/FAIL2BAN-0_8/files/nagios/check_fail2ban
===================================================================
--- branches/FAIL2BAN-0_8/files/nagios/check_fail2ban 2011-03-23 21:38:26 UTC (rev 776)
+++ branches/FAIL2BAN-0_8/files/nagios/check_fail2ban 2011-05-07 03:16:40 UTC (rev 777)
@@ -99,7 +99,7 @@
# put a txt file on your server and describe how to fix the issue, this
# could be attached to the mail.
######################################################################
-# mutt -s "FAIL2BAN NOT WORKING" yo...@em... < /home/f2ban.txt
+# mutt -s "FAIL2BAN NOT WORKING" yo...@ex... < /home/f2ban.txt
exitstatus=$STATE_CRITICAL
fi
Property changes on: branches/FAIL2BAN-0_8/files/nagios/check_fail2ban
___________________________________________________________________
Added: svn:executable
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-03-23 21:38:32
|
Revision: 776
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=776&view=rev
Author: yarikoptic
Date: 2011-03-23 21:38:26 +0000 (Wed, 23 Mar 2011)
Log Message:
-----------
ENH: Adding author for dovecot filter and prunning unneeded space in the regexp
Modified Paths:
--------------
branches/FAIL2BAN-0_8/config/filter.d/dovecot.conf
Modified: branches/FAIL2BAN-0_8/config/filter.d/dovecot.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/dovecot.conf 2011-03-23 20:37:19 UTC (rev 775)
+++ branches/FAIL2BAN-0_8/config/filter.d/dovecot.conf 2011-03-23 21:38:26 UTC (rev 776)
@@ -1,6 +1,6 @@
# Fail2Ban configuration file for dovcot
#
-# Author:
+# Author: Martin Waschbuesch
#
# $Revision: $
#
@@ -14,7 +14,7 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
-failregex = .*(?: pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
+failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-03-23 20:37:25
|
Revision: 775
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=775&view=rev
Author: yarikoptic
Date: 2011-03-23 20:37:19 +0000 (Wed, 23 Mar 2011)
Log Message:
-----------
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
Modified Paths:
--------------
branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf
Modified: branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2011-03-23 20:37:10 UTC (rev 774)
+++ branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2011-03-23 20:37:19 UTC (rev 775)
@@ -15,7 +15,7 @@
# Values: TEXT
#
failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+ *$
- \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\. *$
+ \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): .*$
\(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\. *$
\(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-03-23 20:37:16
|
Revision: 774
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=774&view=rev
Author: yarikoptic
Date: 2011-03-23 20:37:10 +0000 (Wed, 23 Mar 2011)
Log Message:
-----------
BF: Allow for trailing spaces in proftpd logs
See http://bugs.debian.org/507986
Modified Paths:
--------------
branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf
Modified: branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2011-03-23 20:37:00 UTC (rev 773)
+++ branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf 2011-03-23 20:37:10 UTC (rev 774)
@@ -14,10 +14,10 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
-failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
- \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
- \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
- \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
+failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+ *$
+ \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\. *$
+ \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\. *$
+ \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-03-23 20:37:06
|
Revision: 773
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=773&view=rev
Author: yarikoptic
Date: 2011-03-23 20:37:00 +0000 (Wed, 23 Mar 2011)
Log Message:
-----------
BF: escaping () in pure-ftpd filter. Thanks Teodor
See http://bugs.debian.org/544744
Modified Paths:
--------------
branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf
Modified: branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf 2011-03-23 20:36:50 UTC (rev 772)
+++ branches/FAIL2BAN-0_8/config/filter.d/pure-ftpd.conf 2011-03-23 20:37:00 UTC (rev 773)
@@ -19,7 +19,7 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
-failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
+failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-03-23 20:36:56
|
Revision: 772
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=772&view=rev
Author: yarikoptic
Date: 2011-03-23 20:36:50 +0000 (Wed, 23 Mar 2011)
Log Message:
-----------
BF: allow space in the trailing of failregex for sasl.conf: see http://bugs.debian.org/573314
Modified Paths:
--------------
branches/FAIL2BAN-0_8/config/filter.d/sasl.conf
Modified: branches/FAIL2BAN-0_8/config/filter.d/sasl.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/sasl.conf 2011-03-23 20:36:41 UTC (rev 771)
+++ branches/FAIL2BAN-0_8/config/filter.d/sasl.conf 2011-03-23 20:36:50 UTC (rev 772)
@@ -14,7 +14,7 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
-failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
+failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-03-23 20:36:47
|
Revision: 771
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=771&view=rev
Author: yarikoptic
Date: 2011-03-23 20:36:41 +0000 (Wed, 23 Mar 2011)
Log Message:
-----------
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
Modified Paths:
--------------
branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf
branches/FAIL2BAN-0_8/config/action.d/iptables-multiport-log.conf
branches/FAIL2BAN-0_8/config/action.d/iptables-multiport.conf
branches/FAIL2BAN-0_8/config/action.d/iptables-new.conf
branches/FAIL2BAN-0_8/config/action.d/iptables.conf
Modified: branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf 2011-03-23 20:36:28 UTC (rev 770)
+++ branches/FAIL2BAN-0_8/config/action.d/iptables-allports.conf 2011-03-23 20:36:41 UTC (rev 771)
@@ -15,13 +15,13 @@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I INPUT -p <protocol> -j fail2ban-<name>
+ iptables -I <chain> -p <protocol> -j fail2ban-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D INPUT -p <protocol> -j fail2ban-<name>
+actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
@@ -29,7 +29,7 @@
# Notes.: command executed once before each actionban command
# Values: CMD
#
-actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
@@ -63,3 +63,8 @@
#
protocol = tcp
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT
Modified: branches/FAIL2BAN-0_8/config/action.d/iptables-multiport-log.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/iptables-multiport-log.conf 2011-03-23 20:36:28 UTC (rev 770)
+++ branches/FAIL2BAN-0_8/config/action.d/iptables-multiport-log.conf 2011-03-23 20:36:41 UTC (rev 771)
@@ -5,7 +5,7 @@
#
# make "fail2ban-<name>" chain to match drop IP
# make "fail2ban-<name>-log" chain to log and drop
-# insert a jump to fail2ban-<name> from -I INPUT if proto/port match
+# insert a jump to fail2ban-<name> from -I <chain> if proto/port match
#
# $Revision$
#
@@ -18,7 +18,7 @@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I INPUT 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+ iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -N fail2ban-<name>-log
iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
iptables -A fail2ban-<name>-log -j DROP
@@ -27,7 +27,7 @@
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -F fail2ban-<name>-log
iptables -X fail2ban-<name>
@@ -76,3 +76,9 @@
# Values: [ tcp | udp | icmp | all ] Default: tcp
#
protocol = tcp
+
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT
Modified: branches/FAIL2BAN-0_8/config/action.d/iptables-multiport.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/iptables-multiport.conf 2011-03-23 20:36:28 UTC (rev 770)
+++ branches/FAIL2BAN-0_8/config/action.d/iptables-multiport.conf 2011-03-23 20:36:41 UTC (rev 771)
@@ -13,13 +13,13 @@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+ iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
@@ -27,7 +27,7 @@
# Notes.: command executed once before each actionban command
# Values: CMD
#
-actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
@@ -67,3 +67,8 @@
#
protocol = tcp
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT
Modified: branches/FAIL2BAN-0_8/config/action.d/iptables-new.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/iptables-new.conf 2011-03-23 20:36:28 UTC (rev 770)
+++ branches/FAIL2BAN-0_8/config/action.d/iptables-new.conf 2011-03-23 20:36:41 UTC (rev 771)
@@ -15,13 +15,13 @@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+ iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+actionstop = iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
@@ -29,7 +29,7 @@
# Notes.: command executed once before each actionban command
# Values: CMD
#
-actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
@@ -69,3 +69,8 @@
#
protocol = tcp
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT
Modified: branches/FAIL2BAN-0_8/config/action.d/iptables.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/action.d/iptables.conf 2011-03-23 20:36:28 UTC (rev 770)
+++ branches/FAIL2BAN-0_8/config/action.d/iptables.conf 2011-03-23 20:36:41 UTC (rev 771)
@@ -13,13 +13,13 @@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
+ iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
+actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
@@ -27,7 +27,7 @@
# Notes.: command executed once before each actionban command
# Values: CMD
#
-actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
@@ -67,3 +67,8 @@
#
protocol = tcp
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-03-23 20:36:34
|
Revision: 770
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=770&view=rev
Author: yarikoptic
Date: 2011-03-23 20:36:28 +0000 (Wed, 23 Mar 2011)
Log Message:
-----------
NF: Adding found on a drive filter.d/dovecot.conf
Added Paths:
-----------
branches/FAIL2BAN-0_8/config/filter.d/dovecot.conf
Added: branches/FAIL2BAN-0_8/config/filter.d/dovecot.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/dovecot.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/filter.d/dovecot.conf 2011-03-23 20:36:28 UTC (rev 770)
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file for dovcot
+#
+# Author:
+#
+# $Revision: $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values: TEXT
+#
+failregex = .*(?: pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-03-23 20:36:24
|
Revision: 769
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=769&view=rev
Author: yarikoptic
Date: 2011-03-23 20:36:17 +0000 (Wed, 23 Mar 2011)
Log Message:
-----------
ENH: make filter.d/apache-overflows.conf catch more: see http://bugs.debian.org/574182
Modified Paths:
--------------
branches/FAIL2BAN-0_8/config/filter.d/apache-overflows.conf
Modified: branches/FAIL2BAN-0_8/config/filter.d/apache-overflows.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/apache-overflows.conf 2011-03-23 20:36:08 UTC (rev 768)
+++ branches/FAIL2BAN-0_8/config/filter.d/apache-overflows.conf 2011-03-23 20:36:17 UTC (rev 769)
@@ -11,7 +11,7 @@
# Notes.: Regexp to catch Apache overflow attempts.
# Values: TEXT
#
-failregex = [[]client <HOST>[]] (Invalid method in request|request failed: URI too long|erroneous characters after protocol string)
+failregex = [[]client <HOST>[]] (Invalid (method|URI) in request|request failed: URI too long|erroneous characters after protocol string)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <yar...@us...> - 2011-03-23 20:36:14
|
Revision: 768
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=768&view=rev
Author: yarikoptic
Date: 2011-03-23 20:36:08 +0000 (Wed, 23 Mar 2011)
Log Message:
-----------
ENH: dropbear filter: see http://bugs.debian.org/546913
Added Paths:
-----------
branches/FAIL2BAN-0_8/config/filter.d/dropbear.conf
Added: branches/FAIL2BAN-0_8/config/filter.d/dropbear.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/dropbear.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/filter.d/dropbear.conf 2011-03-23 20:36:08 UTC (rev 768)
@@ -0,0 +1,52 @@
+# Fail2Ban configuration file
+#
+# Author: Francis Russell
+# Zak B. Elep
+#
+# $Revision$
+#
+# More information: http://bugs.debian.org/546913
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = dropbear
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# (?:::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+
+# These match the unmodified dropbear messages. It isn't possible to
+# match the source of the 'exit before auth' messages from dropbear.
+#
+failregex = ^%(__prefix_line)slogin attempt for nonexistent user ('.*' )?from <HOST>:.*\s*$
+ ^%(__prefix_line)sbad password attempt for .+ from <HOST>:.*\s*$
+
+# The only line we need to match with the modified dropbear.
+
+# NOTE: The failregex below is ONLY intended to work with a patched
+# version of Dropbear as described here:
+# http://www.unchartedbackwaters.co.uk/pyblosxom/static/patches
+#
+# The standard Dropbear output doesn't provide enough information to
+# ban all types of attack. The Dropbear patch adds IP address
+# information to the 'exit before auth' message which is always
+# produced for any form of non-successful login. It is that message
+# which this file matches.
+
+# failregex = ^%(__prefix_line)sexit before auth from <HOST>.*\s*$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
